The Golden State Killer Was Caught Thanks to DNA Analysis — But Is That an Invasion of Privacy?

For four decades, the Golden State Killer instilled fear in people who lived in California after killing 12, raping more than 50, and committing over 100 burglaries during the 1970s-80s across the entire state. He also later became known as the East Area Rapist, Original Nightstalker, Diamond Knot Killer, and Visalia Ransacker.

After 1986, he mysteriously went into retirement. Investigators spent years trying to find out who this serial killer was. They had no luck with criminal DNA databases or crime scene sweeps in hopes of finding fingerprints.

The Golden State Killer was always one step ahead of the police. He taunted them, knowing he was too elusive for them to track down. And for a while, that seemed to be true.

Using genetic genealogy to catch a killer

Back in April of 2018, the Washington Post reported that investigator and DNA expert Paul Holes ⁠turned to genetic genealogy in hopes of finding the killer. He used DNA that was recovered from past crime scenes and used it to track down the killer’s great-great-grandparents.

From there, Holes and his team created 25 family trees, combing through information on thousands of relatives over the generations until they reached the present day. One brand of a family tree led them to a 72-year-old retired man living in the Sacramento suburb of Citrus Heights.

Investigators became interested in this man after learning he was a disgraced cop who’d purchased guns during two moments in time when the Golden State Killer was highly active. After surveilling the suspect, they saw him throw away a tissue he had used. This tissue contained the suspect’s DNA and investigators ran it against the killer’s DNA. They found a match! 

Joseph James DeAngelo was arrested in Citrus Heights on April 24th, 2018.

Investigators used GEDmatch, a genetic genealogy database, to locate a distant relative of the killer

Prior to the breaking news story of law enforcement catching the Golden State Killer, GEDmatch was a fairly obscure place that was home to nearly 1 million DNA enthusiasts. At the time, the site was free to use and made public for anyone to use. If you took a DNA test through popular consumer companies such as 23andMe or Ancestry.com, you could then upload your raw DNA data to GEDmatch. That was how other users searched for their relatives. However, users never saw coming how their private genetic information could so easily be traced by investigators.

The site had lived controversy-free up until then. Shortly after that breaking news story, Wired reported on privacy experts raising concerns about this sudden invasion into people’s personal data.

How would you feel if after all this time you thought you were using a site strictly to find members in your family tree and history to suddenly find any law enforcement agent could get access to your DNA and potentially tie you to a criminal investigation? Because that’s exactly what happened to GEDmatch users at the time. The owners of the site reacted by changing their terms of service which ended up backfiring for them, while hackers exposed even more of their security flaws.

Back in 2019, Wired reported the site found a new owner: Verogen, a San Diego-based company that broke off from the bigger company Illumia, who was known as being the Google of genetic testing. This company’s DNA services were specifically catered to law enforcement. And at first, it wasn’t made clear if these services would be passed onto the terms of service with GEDmatch.

When the original investigators of the Golden State Killer case in 2018 uploaded the DNA of the suspect and used the relative finder tool, they ⁠got a match to a profile on GEDmatch! This match was a distant relative of the killer.

From there, they created all of those family trees that eventually led them to DeAngelo. After this, several other murderers and rapists have been identified in a similar fashion.

Although many cheered when they read the news, the report also triggered a new fear: Does taking a DNA test mean a person is inadvertently allowing law enforcement and other third parties to access and probe their DNA?

While genealogy sites have been used to catch violent criminals, what does that mean for the average person who’s never committed a crime? Is this still an invasion of your privacy?

Your genetic information is the most private thing about you. So, would you be ok giving up your genetic privacy if it meant bringing justice to others? There’s never been a clear answer among customers.

What does this mean for your privacy?

While some genealogists are working with law enforcement, other folks are claiming privacy has been compromised.

And now GEDmatch had made headlines again. Buzzfeed News reported on July 19th, 2020 that the site had a ⁠major security breach. And as of July 24th, 2020 their site still remains completely offline. What resulted from this breach was all of GEDmatch’s user’s permissions being reset, which made their DNA data searchable and their profiles visible to all other users.

Originally, users had to opt-in to allow law enforcement to match their DNA, but due to the breach, all user profiles were made available to matching without the user’s consent or knowledge. Approximately 1.45 million users became visible to law enforcement searches and user’s data, including email addresses, ⁠appears to have been stolen.

Where does your genetic information go once you take a test?

Back in 2019, the president of ⁠FamilyTreeDNA apologized to their customers for failing to disclose that they share DNA data with federal investigators who are working on solving violent crimes, according to the New York Times.

Unlike GEDmatch, which is an open-source site and free for law enforcement to use, the scandal with FamilyTreeDNA was the first time a commercial consumer genetic testing site provided services to police ⁠without a subpoena or warrant.

Other big-name commercial DNA testing sites like 23andMe and Ancestry.com provide information on how they work with law enforcement requests. ⁠23andMe’s policy states “we will closely scrutinize all law enforcement requests and we will only comply with court orders, subpoenas, search warrants, or other requests that we determine are legally valid.”

They have also said “to date” they have not released any of their customers’ information to law enforcement. However, it’s unclear how recent that statement was written into their policy. And according to privacy experts, bioethicists, and entrepreneurs, maintaining privacy of important data is getting harder.

⁠Ancestry.com’s privacy policy states they “do not voluntarily share your information with law enforcement” and claim to not share your genetic information with any insurance companies, employers, or third-party marketers without your express consent. They do however have ⁠a table of information further down in their policy showing circumstances when sharing of your information might occur.

Business Insider did report that your DNA ⁠may not remain private forever. They also reported back in 2018 that these companies have a history of sharing anonymized customer data with private companies, otherwise known as “third parties.” Around that time was when 23andMe announced they were partnering with pharmecutical company GSK (GlaxoSmithKleine) to help develop new drugs. The partnership is planned to last four years.

23andMe’s policy does state their users must opt-in to share their information for research if they wish to do. However, the head of the division of medical ethics at New York University School of Medicine, Dr. Arthur Caplan, told TIME that even though people consent to the company using their information for medical research he’s not sure they really understood what the company meant.

How does Sequencing.com differ from the other DNA testing companies when it comes to privacy?

Never before has genetic testing been so accessible to the everyday consumer. No longer do you need a degree in genetics to understand what makes you, you. DNA testing opens up your world to understanding what your ancestry is or determining your risk for major diseases like cancer, heart disease and Alzheimers. And Sequencing.com only operates to allow customers to use their data however they want, which also means no one but you will have access to your information.

And in case you’re wondering: Sequencing prioritizes user privacy and security, putting the user first and foremost. Founder and CEO of Sequencing.com, Dr. Brandon Colby, M.D. stated “due to our extensive security protocols, we’ve never had a single security breach.

Get started today with your journey to better understand your ancestry and health by checking out the different DNA analysis reports.