In April 2018, California law enforcement broke the news that they’d solved a long-cold case – that of the Golden State Killer, a serial killer and rapist who committed more than 13 murders and 50 rapes in the ‘70s and ‘80s. It was a major coup for law enforcement to put former police officer Joseph James DeAngelo behind bars (for the murders, at least; the statute of limitations on the rapes had all passed).
DeAngelo was caught by a detective using GEDmatch, a personal genomics website, to compare a 1981 rape kit DNA sample to the company’s database. It found a whole family tree for the as-yet unidentified rapist, including DeAngelo’s daughter, who lived with him and had used the website herself.
The use of a personal DNA website without a warrant raised eyebrows around the country among those concerned with the erosion of privacy. The detective had used the site as any other customer would, hoping to match a DNA sample to unknown relatives.
Since then, GEDmatch has been used to help solve around 70 violent crimes. For instance, the tool was used to identify the perpetrator of a violent assault in Utah.
Recently, GEDmatch has made another move that might be considered ominous: the company has entered into a partnership with Verogen, a technology company that specifically works with the U.S. National DNA Index System (NDIS). NDIS is the system that the FBI uses to catalog DNA collected from crime scenes or during arrests all the way down to the local level.
GEDmatch, which initiated an opt-in program for use with law enforcement after the news about its use in collaring the Golden State Killer, says that the new partnership will beef up privacy protections. Verogen says its input will improve the website’s functionality and customer experience.
“GEDmatch’s terms of service will not change with respect to the use, purposes of processing, and disclosures of user data. The website gives users a choice to opt-in to allow law enforcement to search uploaded files as a tool to solve violent crimes,” the companies said.
However, the New York Times reported in November of 2019 that a Florida detective had obtained a warrant to search the entirety of GEDmatch, including the profiles of users who had not opted in for law enforcement searches
With this in mind, it doesn’t matter how much GEDmatch and Verogen reassure people about their privacy standards, this is a move that ought to concern the public. Not just the customers of GEDmatch, either. For every individual that sends their DNA in to the company, three generations of blood family may be exposed to a detective’s warrantless search.