by Maria Wood

Commercial DNA testing kits from such companies as 23andMe and AncestryDNA have helped millions of Americans uncover their genetic heritage and find long-lost relatives. In some cases, adoptees have even discovered their birth parents through DNA testing.

DNA profiles uploaded to a third-party DNA-testing company, however, have also been used by law enforcement agencies to solve decades-old violent crimes. In a practice known as genetic genealogy, DNA from a crime scene is analyzed and matched to similar DNA found in a DNA registry. While the DNA may not match the suspect who committed the crime, it could match a distant relative of the suspect.

Once law enforcement agents get a hit from a DNA registry, they then build a family tree for that person, identifying people from his or her family who may merit further investigation in a given crime. For instance, a relative of the DNA match who may have been in the area where the crime was committed or have a connection to the victim could warrant closer scrutiny.

That’s how California police caught the alleged Golden State Killer after more than 45 years. The killer committed a series of murders and kidnappings in California, spanning from 1974 to 1986, which had gone unsolved. In 2018, using genetic genealogy, investigators combed through an open, publicly accessible DNA database, GEDMatch. Using DNA from the crime scenes, police found a match to a third cousin of the killer, which led them to Joseph DeAngelo. Once identified, police followed DeAngelo and obtained his actual DNA from his car door and also from a tissue discarded in the trash outside his home. Police charged DeAngelo with the crimes and he now faces 26 counts, including murder and kidnapping. His trial is set for May 2020.

Popularity grows and so do privacy concerns

According to MIT Technology Review, as of 2019, approximately 26 million Americans have shared their DNA with the four leading private DNA testing firms. In two years, the magazine estimates that number could grow to 100 million.

As more people submit their DNA and law enforcement continues to use genetic genealogy to close long-unsolved violent crimes, some experts have raised questions about whether DNA information should be kept private from the government. The concern is that a person who hasn’t submitted DNA to a third-party company may be identified through a relative who has.

Elizabeth Joh, a constitutional law professor at the University of California-Davis School of Law, wrote in a New York Times opinion piece that the issue involves meaningful consent.

“You may decide that the police should use your DNA profile without qualification and may even post your information online with that purpose in mind,” Professor Joh wrote. “But your DNA is also shared in part with your relatives. When you consent to genetic sleuthing, you are also exposing your siblings, parents, cousins, relatives you’ve never met and even future generations of your family. Legitimate consent to the government’s use of an entire family tree should involve more than just a single person clicking ‘yes’ to a website’s terms and conditions.”

Tracey Maclin, a constitutional law professor at Boston University School of Law, whose areas of interest are criminal law and procedure, says when a person voluntarily submits their DNA to a third party, he or she gives up their constitutional right to privacy in that specific instance.

“The Supreme Court of the U.S. has said that when you voluntarily give information to a third party you have no constitutional protection of privacy in that information,” Professor Maclin says. “In other words, you assume the risk that the third party is going to give it to law enforcement, or law enforcement may subpoena the third party. This rule applies even when there is a confidential agreement or an expectation of privacy between the private parties.”

The third-party doctrine

Professor Maclin refers to two U.S. Supreme Court cases— United States v. Miller and Smith v. Maryland—that provided the basis of what is known as the third-party doctrine. The third-party doctrine is a legal standard that says if a person voluntarily hands over information to a third party, that person has forfeited any expectation of privacy under the U.S. Constitution. The Court has held that the third party doctrine does not conflict with the Fourth Amendment, which prohibits unreasonable searches and seizures without probable cause.

The 1976 case of United States v. Miller involved the use of a subpoena instead of a warrant to obtain a suspect’s bank records. The bank complied with the subpoena without notifying its client. The Court upheld the third-party doctrine and ruled in favor of the government.

“The depositor takes the risk, in revealing his affairs to another, that the information will be conveyed by that person to the government,” the U.S. Supreme Court ruled. “This Court has held repeatedly that the Fourth Amendment does not prohibit the obtaining of information revealed to a third party and conveyed by him to government authorities, even if the information is revealed on the assumption that it will be used only for a limited purpose and the confidence placed in the third party will not be betrayed.”

In 1979, the Court again ruled in favor of the government in Smith v. Maryland. The case involved a thief who repeatedly called the woman he robbed to threaten her. Once the police learned the identity of the thief, they had the phone company install a pen register at its offices. A pen register is a device that records all numbers dialed from a particular phone. Through the device, the police were able to determine that the suspect was making the calls.

The suspect sought to have the evidence from the pen register suppressed because it was obtained without a warrant. But the Court decided that when the suspect used his phone, he “voluntarily conveyed numerical information to the telephone company and ‘exposed’ that information to its equipment in the ordinary course of business. In so doing, the petitioner assumed the risk that the company would reveal to police the numbers he dialed.”

Shaking the family tree

The controversy over DNA privacy surfaced again last year when FamilyTreeDNA, a DNA testing lab, announced it had agreed to share DNA data with the FBI. The company struck a deal with the law enforcement agency in 2018 to let it review its bank of DNA samples to identify suspects in unsolved violent crimes.

FamilyTreeDNA noted that the FBI receives no special access to its database and can only view DNA profiles within its system that have similar genetic profiles. Agents log on as any other user would. FBI investigators upload the DNA of an individual and then look for matches in the database.

To prevent the FBI from accessing their DNA, FamilyTreeDNA users were advised that they could reverse the “matching” option on their account setting. With that option disabled, the FBI cannot view their genetic information, but neither can potentially unknown relatives, which is the point of registering with the company.

Two other major DNA testing firms, Ancestry.com and 23andMe, both require a warrant or a subpoena before they permit law enforcement access to their databases.

GEDMatch, the DNA database used in the Golden State Killer case, changed its policies in 2018 in order to make its database less accessible to law enforcement. Users must now click on an option that allows police to review their DNA. According to the company, 200,000 users out of 1.3 million have agreed to make their profiles accessible to law enforcement. However, in November 2019, a judge in Florida issued a warrant that permitted police to override users’ privacy settings, allowing them to search GEDMatch’s entire database.

Should laws be changed?

As the popularity of ancestry testing grows, questions over how much access law enforcement should have will continue.

“Blockbuster investigations, as gratifying as they are, shouldn’t obscure the very real dangers of government access to sensitive information,” wrote ACLU attorney Vera Eidelman in a Washington Post op-ed. “Our legal system should also recognize that just because information isn’t secret doesn’t mean that people don’t have an interest in controlling who can see it.”

The government could pass laws that restrict access to DNA websites, but Professor Maclin doesn’t foresee that happening.

“Why would the government pass a law like that? Many of these crimes would not be solved except for the fact that someone turned in their DNA and they [the police] got familial matches,” Professor Maclin says.

Discussion Questions

  1. What do you think about law enforcement using genetic genealogy to solve cases?
  2. Should the technique of genetic genealogy be used in more types of cases, not just limited to violent crimes? Why or why not?
  3. There were arguments made in the article for protecting privacy and also about the importance of solving cold cases. List the arguments for each. Which argument would you give more weight to and why?
  4. What do you think of all relatives in a family tree—current and future—losing constitutional protections of privacy because one family member submitted their DNA into a registry?

Glossary Words
count: an offense.
genetic genealogy: the use of genetic testing to infer biological relationships between individuals.
probable cause: a reasonable belief in certain facts.
subpoena: a written command to appear before a court to give testimony.
suppress: to exclude evidence from a criminal proceeding.
warrant: a written document from a judge authorizing anything from a search to an arrest to the obligation to pay a fine.

This article originally appeared in the spring 2020 edition of The Legal Eagle.