Your DNA is not your own: How the Golden State Killer hunt reveals the limits of medical privacy

California investigators recently used a public genetic database to help identify an individual suspected to be one of the state's most infamous serial killers—but legal experts and bioethicists say the move raises privacy and ethical questions as DNA websites grow in popularity.

A long process

The law enforcement effort was part of a decades-long investigation into a string of rapes and homicides that occurred in California's Orange, Sacramento, Santa Barbara, and Ventura counties from 1974 through 1986—a case known as the Golden State Killer. The case had gone cold years ago, but the New York Times reports that investigators recently uncovered a well-preserved DNA sample from one of the crime scenes, and in recent years technology has advanced to enable scientists to identify people—and their relatives—by small variations in their genetic codes.

Sacramento County Chief Deputy District Attorney Steve Grippi said investigators compared the new DNA sample to those collected by various websites, including consumer genealogy website GEDmatch. GEDmatch allows users to upload their genetic information to a searchable online database that they can use to build out family trees and locate family members who generally have similar genetic traits.

That feature enabled investigators to find a relative of the suspect online, and use that person's family tree to narrow down the search, according to the Sacramento County DA's office. Grippi said investigators were able to use the DNA data, along with records of address and age, to identify Joseph James DeAngelo as a suspect for the crimes. DeAngelo was arrested Tuesday and charged with two murders. He is expected to face charges in 12 homicides, according to the Sacramento Bee. DeAngelo also could face rape charges.

Legal questions

While law enforcement personnel have used DNA information to crack cases in the past, legal experts and bioethicists said the use of a nonstate-owned DNA database like GEDmatch raises questions, the Wall Street Journal reports.

The experts noted that users who upload their own genetic information to genealogy websites like GEDmatch also essentially are sharing information about family members who might not have consented to the data sharing.

Steve Mercer, chief attorney for the forensic division of the Maryland Office of the Public Defender, said, "People who submit DNA for ancestors testing are unwittingly becoming genetic informants on their innocent family." He said such individuals "have fewer privacy protections than convicted offenders whose DNA is contained in regulated databanks."

Erin Murphy, a law professor at New York University and expert on DNA searches, said, "Suppose you are worried about genetic privacy. ... If your sibling or parent or child engaged in this activity online, they are compromising your family for generations." Murphy also said the way California investigators went about comparing the data raise questions. According to the Times, investigators created a profile on GEDmatch, which would have prompted them to check a box certifying the DNA being uploaded was either their own or belonged to someone for whom they served as legal guardian, or that they had "obtained authorization" to upload the sample.

GEDmatch in a notice posted Friday said the company was "not approached by law enforcement or anyone else about this case or about the DNA." Blaine Bettinger, a lawyer affiliated with GEDmatch, said the website's "purpose was to make these connections and to find these relatives. It was not intended to be used by law enforcement to identify suspects of crimes."

However, Bettinger said the investigators' use does not technically violate the site's policy. In the notice, GEDmatch clarified, "While the database was created for genealogical research, it is important that GEDmatch participants understand the possible uses of their DNA, including identification of relatives that have committed crimes or were victims of crimes." GEDmatch urged anyone concerned about sharing such data not to upload their DNA, and if they already had, to contact the company to delete the information.

Arthur Caplan, director of the Division of Medical Ethics at New York University's School of Medicine, said, "People don't realize that unlike most medical tests where you find out information, it isn't just about you," adding, "We have the assumption that all of our medical information is private and yet the new world of genetics is in corporate hands." Caplan continued, "The ability of third parties, the police, or others to see that data is not clear."

Bioethicts generally agreed that there needs to be wider discussion about how law enforcement access such DNA databases and the extent to which they could target minorities. However, Murphy said she believes this is likely a rare case. She said, "Using a database of this kind will generate an extraordinary number of leads, and running them all down using both nongenetic and genetic information requires a lot of police power," adding, "So I doubt it will be run of the mill any time soon" (Kolata/Murphy, New York Times, 4/27; Hernandez et al., Wall Street Journal, 4/28; Stanton/Lillis, Sacramento Bee, 4/27; Baker, "Vitals," Axios, 4/27; May, USA Today, 4/27).

Here are 8 clinical technologies that could transform health care delivery

Our new report explores the clinical technology pipeline to help health care leaders become more conversant in the major vectors of innovation, leading applications of new technologies, and the business implications for established providers. Read on to unpack the new innovation agenda.

Download Now


Next in the Daily Briefing

Moody's finds that hospital margins hit a 10-year low. Here's our take.

Read now