Why using genetic genealogy to solve crimes could pose problems

Police are using a new type of DNA sleuthing, called genetic genealogy. Already the technique has caught murder and rape suspects in California and Washington. While solving the cases has given cause for celebration, the tactics used in catching the alleged culprits have many privacy and civil rights experts worried.

Closing the Golden State Killer case (SN Online: 4/29/18) and the previously unsolved double murder of a young Canadian couple (SN Online: 5/23/18) involved probing a public online database of people’s DNA and family-tree information called GEDmatch.

In a May 29 opinion piece published in the Annals of Internal Medicine, bioethicist Christine Grady and colleagues argue that police should be more transparent about how they use forensic DNA searches. Meanwhile, law professor Natalie Ram and colleagues go even further in an essay in the June 8 Science, writing that eroding limits on the use of crime-solving technology “threatens our collective civil liberties and opens the door to socially and politically unacceptable genetic surveillance.”

Here are a few key points in the debate:

Why are police using GEDmatch instead of DNA testing companies?

If police wanted to use 23andMe or AncestryDNA to help solve crimes, they would need a clean saliva sample from a potential suspect to send to the company for testing and analysis. But crime scene DNA doesn’t come in that form, so police can’t send DNA to the companies for testing. That’s not the case with the DNA analysis service GEDmatch, to which customers can upload raw DNA data received from testing companies.

“That means the police or law enforcement investigators are equally able, if they have enough DNA to create a sufficiently complete genetic sequence, to upload that to GEDmatch” to find potential suspects, says Ram, of the University of Baltimore School of Law.

Companies like 23andMe and Ancestry also require consent from the person the DNA belongs to before the companies will do testing. That’s, obviously, not possible with crime scene DNA. However, GEDmatch in May changed its terms of service “to explicitly embrace the use of their service by law enforcement,” Ram says.

Could these searches lead to people being investigated needlessly?

Before police tracked the Golden State Killer suspect through GEDmatch, investigators subpoenaed Family Tree DNA for information about a customer whose Y chromosome partially matched DNA from one of the crime scenes. Police then used that information to order a man in an Oregon nursing home to give a DNA sample. He was not a match. 

“Just having DNA match something at the crime scene doesn't mean the person committed the crime,” says Grady, who heads the National Institutes of Health Clinical Center’s Department of Bioethics in Bethesda, Md. “It just means that they were there, or something that they used was there.” Police still have to prove the suspect committed the crime.

If DNA tests are helping to catch criminals, shouldn’t we be all for it?

“Catching criminals is great,” Ram says. “But privacy is also important. Police could solve more crime if they, for instance, could go rifle through anybody’s home at any time for no reason.” But such searches are illegal, because they violate people’s rights to privacy and security against unreasonable search and seizure.

Some people have suggested this type of search could be limited to solving very serious crimes and cold cases. But such limits have been tried before, Ram notes. Over the past decade, some U.S. states have begun allowing the use of police DNA databases for “familial searches.” Such searches may implicate close relatives of people in the police database as suspects in a crime. “States that embraced that technology initially said, ‘we’re only going to use this for really, really serious crimes.’ ” But then Colorado in 2009 convicted its first suspect with this technique — for “a burglary where someone broke into a car and stole about a dollar and a half in change,” Ram says.  

Many people say DNA data should be treated differently than other personal information. “There are things that are unique about genetic data. Most importantly, that it has implications for others,” Grady says. People strive to protect medical information, but medical records reveal things about only an individual. DNA reveals things about relatives, too.

“If I give up my genetic data, you can learn things about people who are related to me that you can't learn from my cholesterol or my blood pressure, or even my psych history,” Grady says. There should be some safeguards, she adds. “No law enforcement agencies have rules or standards about how they use this kind of information.”

Do any laws protect against this type of search?

Because GEDmatch is a public database, privacy protections that govern private companies probably don’t apply. “If people voluntarily put their data on GEDmatch, they’ve given it away,” Grady says. It’s like they've cut their hair and left the hair on the floor. There's no protection for that.” Other laws governing the privacy of genetic and medical information don’t apply genealogical DNA data deposited in public databases.

But Grady believes that could soon change. “I suspect there will be people entertaining new laws in light of the recent uses.”