For police officers around the country, the genetic profiles that 20 million people have uploaded to consumer DNA sites represent a tantalizing resource that could be used to solve cases both new and cold. But for years, the vast majority of the data have been off-limits to investigators. The two largest sites, Ancestry.com and 23andMe, have long pledged to keep their users’ genetic information private, and a smaller one, GEDmatch, severely restricted police access to its records this year.
Last week, however, a Florida detective announced at a police convention that he had obtained a warrant to search GEDmatch’s database of nearly 1 million users. Legal experts said that this appeared to be the first time a judge had approved such a warrant, and the development could have profound implications for genetic privacy.
“That’s a huge game-changer,” said Erin Murphy, a law professor at New York University. “The company made a decision to keep law enforcement out, and that’s been overridden by a court. It’s a signal that no genetic information can be safe.”
DNA policy experts said the development was likely to encourage other agencies to request similar search warrants from 23andMe, which has 10 million users, and Ancestry.com, which has 15 million. If that comes to pass, the Florida judge’s decision will affect not only the users of these sites but also huge swaths of the population, including those who have never taken a DNA test. That’s because this emerging forensic technique makes it possible to identify a DNA profile even through distant family relationships.
Using public genealogy sites to crack cold cases had its breakthrough moment in April 2018, when California police used GEDmatch to identify a man they believe is the Golden State Killer, Joseph James DeAngelo.
After his arrest, dozens of law enforcement agencies around the country rushed to apply the method to their own cases. Investigators have since used genetic genealogy to identify suspects and victims in more than 70 cases of murder, sexual assault and burglary, ranging from five decades to just a few months old.
Most users of genealogy services have uploaded their genetic information in order to find relatives, learn about ancestors and get insights into their health — not anticipating that police might one day search for killers and rapists in their family trees. After a revolt by a group of prominent genealogists, GEDmatch changed its policies in May. It required law enforcement agents to identify themselves when searching its database, and it gave them access only to the profiles of users who had explicitly opted in to such queries.
Like many others in law enforcement, Detective Michael Fields of the Orlando Police Department was disappointed by GEDmatch’s policy shift. He had used the site last year to identify a suspect in a 2001 murder.
In July, to solve the case of a serial rapist, Fields asked a judge in the Ninth Judicial Circuit Court of Florida to approve a warrant that would let him override the privacy settings of GEDmatch’s users and search the site’s full database of 1.2 million users. After Judge Patricia Strowbridge agreed, Fields said in an interview, the site complied within 24 hours.
DNA policy experts said they would closely watch public response to news of the warrant. “I have no question in my mind that if the public isn’t outraged by this, they will go to the mother lode: the 15-million person Ancestry database,” Murphy said. “Why play in the peanuts when you can go to the big show?”