Recently, a genealogy service provided law enforcement with the information they needed to locate a murder suspect they'd been hunting for over forty years. GEDMatch admitted it was the service investigators used to find a familial match to DNA samples it had taken from crime scenes. This revelation led people to question how private their DNA data was when shared with genealogy services. The answer is, of course, not very, what with the purpose of these services being the matching of DNA info from thousands or millions of unrelated individuals.
Police created a fake account to submit the sample they had and received matches that allowed them to narrow down the list of suspects. This was combined with lots of other regular police work -- combing public records and obituaries for living relatives near the locations the crimes occurred -- to gradually hone in on Joseph James DeAngelo, who is believed to have murdered twelve people and committed at least 51 rapes.
But there was more to this than the DNA search at GEDMatch. Investigators had also used a service called FamilyTreeDNA to look for possible matches. The public database maintained by the company apparently helped investigators narrow down the list of suspects. Peter Aldhous of Buzzfeed has more details.
From DNA collected from crime scenes, [investigator Paul] Holes knew 67 genetic markers on the killer’s Y chromosome. Every three months or so, he would check in Ysearch for matches. The subpoena was made when a profile containing just 12 genetic markers — including one that’s unusual among men of Western European ancestry — matched with the killer’s sample.
This subpoena demanded customer information for the person who had submitted matching DNA. Investigators were able to obtain payment info which led them to someone researching their family tree. This led to another sample -- and another dead end. The woman's father had a sample taken by investigators but the test cleared him of suspicion.
That subpoenas can be used to pierce the minimum of privacy given to customers by companies should come as no surprise. These have been used for years to demand subscriber info from service providers in both civil and criminal cases.
That being said, people may now approach DNA services a bit more cautiously. While companies may offer some assurances about personal info being protected, the nature of the business is sharing DNA markers and allowing your personal DNA structure to be matched against submissions by complete strangers… which will also include law enforcement investigators.
Any service that requires payment and personal info will be approached by law enforcement. In most cases, a warrant won't be needed. The Third Party Doctrine lowers protections for customers, making warrants mostly unnecessary. While some companies may push back more than others when law enforcement demands info, in most cases the government will get what it's seeking.
Our IP Address: