This story originally appeared in Techonomy’s Spring 2019 magazine.

They’re happening all over the country: breakthroughs in criminal cases that went cold decades ago. Last year’s arrest of “Golden State Killer” Joseph DeAngelo — believed to have committed at least a dozen murders and 50 rapes in California in the late 1970s — immediately became the most famous example of a novel approach for using DNA to solve cold cases. To many law enforcement officials, this new method represents a major leap in identifying criminals and getting justice. But to some civil liberties advocates, it’s an infringement on constitutionally protected rights.

It starts with consumer-oriented genealogy databases that allow users to find relatives based on shared segments of DNA. Examples include well-known services like and 23andMe, which perform their own analysis of a user’s saliva to identify their DNA and find other users who are likely related. However, some services, such as GEDmatch or FamilyTreeDNA, allow users to upload their own DNA information and share it with other members to find possible relatives. These sites have been used for years to help people track down family members, like when adopted children look for their biological parents or siblings. They’re promoted as a fun, easy way to learn more about your roots and your family tree. But police, too, can use some of these sites to find people related to suspects, with DNA collected at crime scenes.


Here’s how it works: police process crime scene DNA to produce the kind of data genealogy sites use to match relatives. They create a fake user profile on a service that allows users to upload their own DNA profile, and see if the site registers any possible familial matches.

(Illustration: Melinda Beck)

Let’s say the site identifies someone on the service who is likely a second cousin to the unknown suspect. Police work with genealogy experts who conduct their own public-record research on the identified person to try to reverse-engineer a family tree, looking in particular for second cousins. The resulting list is checked against anything that’s known about the alleged criminal — such as gender, age, and the location of the crimes — in hopes of identifying a likely suspect. Police then use traditional investigative techniques, including testing the suspect’s DNA (often obtained from a discarded item) to see if it matches the crime scene DNA.

Law enforcement experts say this concept is a logical next step in the evolution of using DNA to track criminals. Opponents argue that it violates the U.S. Constitution’s Fourth Amendment protections against unwarranted searches, and also that such use of consumer databases does not comply with accepted standards about informed consent and privacy. Already, a state legislator in Maryland introduced a bill that would have banned the practice, though it did not move forward.


Police have been using DNA to match suspects to crime scene evidence since the 1980s. At first, they had to have a suspect, whose DNA they used to prove the person was at the crime scene. Over time, law enforcement began building databases from these DNA samples. Today the federal government, states, and even municipalities manage databases with millions of DNA profiles. This helped solve certain crimes faster, because crime scene DNA could be matched to a person already in the system, even without a suspect.

Next came broader DNA searching of these same databases. The idea is simple: when a search for an exact match returns no results, a more expansive look can help pinpoint suspects with partial matches — people who are closely related to the criminal. “Familial DNA searching relies on the premise that crime runs in families,” says Rock Harmon, a forensics and law enforcement consultant who spent more than 30 years as a prosecutor in California.  Leads acquired this way have helped police close otherwise unsolved cases. It’s worth noting that all such DNA profiles compared to a crime scene sample are already in offender databases, where they were submitted because they met local, state, or federal criteria for being included (for example, many states require a DNA profile be entered for anyone convicted of certain crimes).

Genealogy searching takes this approach to a whole new level. As consumers use genealogy services, they upload their own DNA information. These are almost always people whose DNA would never be in an offender database — their DNA could normally not be sampled by law enforcement without a warrant. But here they are, purposely sharing their data on a public site.

The question is, do consumers really intend to share their DNA data with police? Genealogy sites run the gamut of friendliness toward law enforcement: 23andMe and, for example, don’t allow users to upload their own DNA data. (That effectively precludes law enforcement use of DNA collected at crime scenes.) Meanwhile, GEDmatch allows users to opt-in to letting law enforcement access their records, and FamilyTreeDNA announced that it’s working closely with the FBI for this kind of search.

Critics of genealogy searching argue that many people don’t understand the gravity of what they are consenting to. “I don’t think most of them consider the fact that they’re subjecting themselves or even their family members to this type of search,” says Charles Sydnor, the Maryland delegate who introduced the state bill to ban law enforcement searches of consumer genealogy databases.

“In submitting our DNA for testing, we give away data that exposes not only our own physical- and mental-health characteristics—but also those of our parents, our grandparents … [and] relatives who haven’t been born.”

Vera Eidelman, ACLU staff attorney

Whether users understand the consent policy or not, there’s an open legal question about whether an individual can relinquish privacy rights for data that also belongs to other people, such as DNA. The American Civil Liberties Union refers to this concept as “networked privacy.” In an op-ed, ACLU Staff Attorney Vera Eidelman wrote, “In submitting our DNA for testing, we give away data that exposes not only our own physical- and mental-health characteristics but also those of our parents, our grandparents … not to mention relatives who haven’t been born yet.”

Opponents of the unregulated use of consumer genealogy sites by law enforcement also complain about the fake user profiles police create to upload DNA data. “There’s such deception there,” says Beth Haroules, a senior staff attorney at the New York Civil Liberties Union.

Critics know they’re fighting an uphill battle. The criminals who have been tracked down this way so far are the worst of the worst — rapists, murderers, even serial killers. In some cases, the consumers whose DNA has identified these suspects say they are proud to have helped. When the very people whose civil liberties may have been violated are themselves champions of the technique, do anyone else’s objections matter?

But going forward, civil liberties advocates hope to see regulations emerge. If this is going to be a tool for law enforcement, Haroules says, “it has to be subject to oversight.”