Questions of Genome Privacy and Protection

In April 2018, law enforcement officials announced the arrest of a suspect in the Golden State Killer case (New York Times ). Shortly after the announcement, those same law enforcement officers explained that detectives had used a public forensic genealogy web site to help identify the killer.

What does it mean when a law enforcement agency accesses a public genetic genealogy database to search for a suspect in a crime?


written by: Michele arduengo, promega



To crack the case, the detectives did not use the DNA testing services you might be more familiar with from their advertising: 23andMe or AncestryDNA. In the Golden State Killer case, the detectives used a public database, called GEDmatch (Ars Technica ). GEDmatch is a privately run, free, open-source web site.The opening page of GEDmatch is a web form asking people to register to use the services of the web site, which are offered as both free and premium options, though those services are not described. However, the web site has a link to a privacy policy in which GEDmatch clearly states that it accepts “DNA obtained and authorized by law enforcement to either: (1) identify a perpetrator of a violent crime against another individual; or (2) identify remains of a deceased individual”. This means that anyone uploading their genomic DNA information to the GEDmatch site is also making it available to any kind of DNA match search that law enforcement might be running through the site.

In the Golden State Killer case, the investigators uploaded DNA from crime scenes and looked for matches with DNA voluntarily uploaded by users of GEDmatch (Ars Technica). The investigators used a technique called familial DNA searching to identify people potentially related to the Golden State Killer. One Science News article reports that investigators found a genetic link to the killer’s great-great-grandfather, and they began following the entire family tree to uncover the suspect that was identified (Science News). After narrowing their search to the current suspect, investigators staked out his movements and collected an item (not disclosed) that the suspect they were following had discarded. Investigators obtained a DNA sample from the item and found a match to the DNA obtained from the crime scenes. This result was significant progress on a cold case.

No warrant was required to use this database where individuals had voluntarily uploaded genetic information. But, all of the individuals who had any similarities to the genetic information that the investigators had uploaded were essentially subject to the criminal investigation. The use of familial searching has raised many questions, and the protection of privacy of genetic data is an issue that has yet to be resolved.

As our world becomes smaller, people looking for lost familial connections or seeking to better understand their genetic inheritance are increasingly turning to public genome sequencing services, often with little or no understanding about what a person’s genome actually reveals, if their genetic information will or will not be kept private, or the potential for misuse of the information. Right now only one law, the Genetic Information Nondiscrimination Act of 2008 (GINA), specifically prohibits insurance companies and employers from discriminating against a person based on genetic information. That law is part of the Affordable Healthcare Act and is often a target for repeal. All other uses genetic information by any party (educators, law enforcement, life insurers, banks) are fair play.

The Golden State Killer case has brought much of the discussion about the protection of genetic data into the main stream. This year’s International Symposium on Human Genetics will include a panel discussion about the Golden State Killer case and the ethical and privacy questions it raises.