Police Use Genealogy Site To Locate Murder Suspect They'd Been Hunting For More Than 30 Years
from the new-tech,-new-tools dept
DNA isn't the perfect forensic tool, but it's slightly preferable to the body of junk science prosecutors use to lock people up. It's ability to pinpoint individuals is overstated, and the possibility of contamination makes it just as easy to lock up innocent people as garbage theories like bite mark matching.
In terms of process of elimination, it's still a go-to for prosecutors. The rise of affordable DNA testing has provided a wealth of evidence to law enforcement. Investigators are no longer limited to samples they've taken from arrestees. Databases full of DNA info are within reach 24 hours a day -- and all law enforcement needs is an account and a few bucks to start tracking down DNA matches from members of the public who've never been arrested.
Investigators used DNA from crime scenes that had been stored all these years and plugged the genetic profile of the suspected assailant into an online genealogy database. One such service, GEDmatch, said in a statement on Friday that law enforcement officials had used its database to crack the case. Officers found distant relatives of Mr. DeAngelo’s and, despite his years of eluding the authorities, traced their DNA to his front door.
“We found a person that was the right age and lived in this area — and that was Mr. DeAngelo,” said Steve Grippi, the assistant chief in the Sacramento district attorney’s office.
This "search" may possibly close the books on at least ten unsolved murders featuring the same suspect DNA. The process involved, however, raises questions. But customers of companies like GEDmatch and 23andMe probably won't like the answers. Any ethical questions they may have about companies sharing DNA info with law enforcement is likely covered by the terms of service. Customers looking to the Bill of Rights may be disappointed to discover the courts have little positive to say about Fourth Amendment protections for third party records.
Adding your DNA to these databases makes this info publicly-available. If everyone's DNA was siloed off from everyone else's, genealogy services would be completely useless. It's expected your DNA info will be shared with others. If "others" includes law enforcement, the terms of service have that eventuality covered. Even if other uses of your DNA weren't specified, there's nothing illegal about law enforcement agencies creating accounts to submit DNA for matches. If there's a Constitutional challenge, the third party doctrine likely eliminates anything remaining for the court to consider once it gets past the obvious hurdle: DNA-matching services match DNA. Complete strangers are able to "access" DNA info of others without creating privacy issues.
GEDmatch's response to all of this? If you don't want your DNA to end up in the hands of law enforcement, delete your account. This isn't exactly customer-friendly, but it reflects the reality of participating in a service that offers DNA matching. Even if a company refuses to hand over info voluntarily, it probably wouldn't take more than a subpoena to knock it loose. As long as law enforcement is using the system like a customer would -- that is, simply submitting DNA for a match -- the only problems it poses are at the far end of the ethical spectrum. If it's doing anything else -- like asking companies to notify them if certain DNA samples are submitted -- then there are problems. But as long as it's not inserting itself into the supply chain, there's really no privacy invasion occurring.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: dna, evidence, garden state killer, joseph deangelo, privacy
Companies: gedmatch
Reader Comments
The First Word
“...then don't murder people. Don't commit violent crimes, don't do things that screw up other people's lives, and the police won't care about your DNA.
It really is that simple, and it astounds me that people seem to think that this is somehow a bad thing.
Subscribe: RSS
View by: Time | Thread
Too soon?
[ link to this | view in chronology ]
2018: "Check out this website I just submitted the blueprint of my body to so I can see who I'm related to and anyone else can find out about me too!"
[ link to this | view in chronology ]
It wouldn't help against law enforcement...
[ link to this | view in chronology ]
Re: It wouldn't help against law enforcement...
[ link to this | view in chronology ]
Re: Re: It wouldn't help against law enforcement...
If such a website had no servers, or any presence in the United States, HIPAA would never apply to them, as severs there are not in the United States do not have to obey US laws. If a company has no presence in the USA, they are not subject to US laws.
This is also why SESTA will never work. Websites with presence in the United States are not subject to this law.
[ link to this | view in chronology ]
Re: Re: Re: It wouldn't help against law enforcement...
[ link to this | view in chronology ]
Re: Re: Re: Re: It wouldn't help against law enforcement...
Just being right isn't enough when it comes to copyrights. Even the law doesn't matter as Kim didn't commit a criminal act. Civil, quite possibly. But FBI doesn't care. Grab the cash, that's the new FBI.
[ link to this | view in chronology ]
No HIPAA problems at all
Now, if you submitted your blood at the Dr's office to have your cholesterol checked, and the lab company took it upon themselves to divert a few drops to put you in a genealogy DB, THAT would be a massive HIPAA violation.
[ link to this | view in chronology ]
Re: It wouldn't help against law enforcement...
[ link to this | view in chronology ]
Not guilty yet
[ link to this | view in chronology ]
Re: Not guilty yet
[ link to this | view in chronology ]
Re: Re: Not guilty yet
[ link to this | view in chronology ]
Re: Re: Re: Not guilty yet
> a judgement on 'the preponderance of [published]
> evidence' - that's for the courts and a judge & jury of
> his peers.
No, we can make judgments about this just like we do with a million other things in our lives everyday.
What we the public can't do is punish someone based on our judgment. Only the state can do that after a finding of guilty beyond a reasonable doubt.
[ link to this | view in chronology ]
Re: Not guilty yet
California law changed between 1976 and 1980. The 1980 murder carries the death penalty while the 1976 one does not.
The 1980 murder would be life without parole, but the 1976 murder would be life, with the possibility of parole after 7 1/2 years.
[ link to this | view in chronology ]
Re: Re: Not guilty yet
[ link to this | view in chronology ]
Re: Re: Re: Not guilty yet
[ link to this | view in chronology ]
Re: Re: Re: Not guilty yet
[ link to this | view in chronology ]
Server level databases, like MySQL, Oracle, MsSQL, and others have one flaw. They do not have logging.
And if sites have redundant servers in multiple locations, the database have to be exposed to the Internet for all those servers that need to access it to work.
This means that law enforcement can get around that "pesky" Fourth Amendment. LEOs and prosecutors can piss on the fourth amendment by doing this, and the site admins will never detect their presence, on account of these server level databases having no logging function.
[ link to this | view in chronology ]
Re:
It's a free website and police simply used it as any regular user would.
[ link to this | view in chronology ]
Re:
Where do you get your conspiracy theories from, as just about every bit of server software supports logging, it's an essential debugging tool.
[ link to this | view in chronology ]
Re:
- I suppose that could be true if they do not secure their network.
"Server level databases, like MySQL, Oracle, MsSQL, and others have one flaw. They do not have logging."
- Logging is a configurable parameter in Oracle, the others idk.
"And if sites have redundant servers in multiple locations, the database have to be exposed to the Internet for all those servers that need to access it to work."
Not necessarily. There are many high availability architectures out there, you should look at them - cool stuff.
[ link to this | view in chronology ]
Re:
Or... they just walk in with a warrant.
"on account of these server level databases having no logging function."
https://dev.mysql.com/doc/refman/8.0/en/query-log.html
LOL. You Trollin brah? Yeah... you Trollin.
[ link to this | view in chronology ]
Re:
Without logging, you can't perform checks on various performance metrics.
Learn about what you are speaking of before you vomit words into the world.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
> terms should state - is this your own sample? Otherwise
> its a fishing expedition.
The entire purpose for which these sites exist is so that people can go on 'fishing expeditions'.
[ link to this | view in chronology ]
Doesn't it seem like the cops may now be federal felons?
Doesn't it seem like making a fake profile and submitting a 3rd pry DNA sample would be a violation of the site/services' EULA? Like at least ten times worse than offering Microsoft recovery CD's?
Maybe a hundred times worse?
[ link to this | view in chronology ]
Again glossing over a crucial difference:
That doesn't work since the persons entering data concerning myself aren't myself.
Like with Facebook relying on others for tagging my face even if I don't have an account, the answer isn't "if you are worried about the Stasi collecting information about you, just don't give them any".
[ link to this | view in chronology ]
Re: Again glossing over a crucial difference:
[ link to this | view in chronology ]
"Delete your account"
It was stated earlier in the text, but just to be clear, the suspect did not have an account on that site. A family member did.
So, IMHO, there are some privacy issues here. It was probably all legal—which, like with NSA's data collection, is the issue.
[ link to this | view in chronology ]
The capability of dna testing to prove a match is over rated while its ability to prove a mismatch is under rated. TV shows do nothing to counter this mis understanding.
[ link to this | view in chronology ]
Re:
DNA is very accurate. Generally, 99.9% Trying to compare a DNA test to a cheap Roadside drug test is laughable. Now using DNA for an Ancestry Test. That may have some mixed results. Depends on the company. I was watching one where they were testing with triplets and a couple of them the results were not quite the same. The DNA is correct, but the results from that were off. Some of the other company's were dead on with all 3 of the triplets.
[ link to this | view in chronology ]
Re: Re:
It is obvious where this is going
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
1) Ancestry website says their crappy software has a match
2) Probable cause
3) Obtain sample for the real test
4) ???
5) profit!
[ link to this | view in chronology ]
Re: Re:
Meaning it could be 7,600,000 other people (0.1% of the population)? That doesn't sound accurate at all.
[ link to this | view in chronology ]
Re: Re: Re:
It's actually much, much better than 99.9%. It depends in part on how rare the various markers are, but the average accuracy is better than 1 in a billion (this document is over 10 years old, so it's probably better now) and, according to the FBI, up to 1 in 108 trillion (and in one case, purportedly 1 in 930 sextillion).
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
https://www.theguardian.com/world/2017/dec/13/chinese-authorities-collecting-dna-residents-x injiang
But even without a national government mandated DNA collection policy like China, the USA will eventually have a de facto national DNA database, compiled through secondary sources, as this serial-killer story demonstrates that system in its infancy.
[ link to this | view in chronology ]
Re:
http://www.cnn.com/2010/HEALTH/02/04/baby.dna.government/index.html
[ link to this | view in chronology ]
Re: Jurasic China...
[ link to this | view in chronology ]
Re: Re: Jurasic China...
haterz gonna hate
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
In fact, it is likely what we have here, as the search only found a DNA match for a family member. So they likely developed a narrow suspect pool, and got a warrant for some DNA swabs. That got them the accused.
I actually think its a great process, using data that is by its nature accessible to the public.
[ link to this | view in chronology ]
Re: Re:
I suspect the investigators did not attempt to get a warrant to obtain DeAngelo's DNA because they did not have probable cause. Otherwise, they could have obtained a warrant and still used subterfuge to obtain the DNA to avoid tipping him off. They had previously obtained DNA from another individual that was identified via relations to someone in GEDmatch. It has not been said publicly whether that sample was obtained by permission, warrant, or just subterfuge. A warrant was obtained last year for a 73 year man in Oregon City who was not capable of giving permission. I doubt that warrant was proper as it was based on a close relative in the Ysearch database having that rare genetic marker. Given that only 189,000 individuals were represented in the database, there was no guarantee that any relative was the killer.
Maybe obtaining DNA without permission or a warrant is justified in this case but where is the line drawn when a familial search can only narrow the suspect pool down to several, dozens, or hundreds? Matches to close relatives will still narrow the suspects to a handful. Consider that advances in DNA testing technology will make such tests yet even cheaper and faster in the future. What level of crime will justify such familial searches? Under current California law, familial searches can only be done to find suspects "of major violent crimes in which the public faces safety risks and in which all other investigative avenues have proven fruitless". Other states are less restrictive. I wonder how long sites such as Ysearch.org and GEDmatch will continue to exist when users realize that it is not only law enforcement that can upload someone's DNA file and find relatives. What is to prevent anyone from using 23 and Me or AncestryDNA to get DNA results of a target individual. All you need is saliva.
[ link to this | view in chronology ]
like a customer would is submitted *your* dna for a match.
Submitting other people's DNA for matches without their consent could (and should, imho) easily be something that is not allowed by the terms of service.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Not that they can really prevent it if the person is lying, but they shouldn't be intentionally allowing any random joe blow doing searches on people without their consent. What happened here should not be "using the system like a customer would", it should be "this is allowed because it's a valid law enforcement investigation and here is our proof of such"
[ link to this | view in chronology ]
...then don't murder people. Don't commit violent crimes, don't do things that screw up other people's lives, and the police won't care about your DNA.
It really is that simple, and it astounds me that people seem to think that this is somehow a bad thing.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
(But no technology is infallible, eg DNA can be planted or contaminated by a third party. Even a "99.9% accurate" technology should be corroborated by independent evidence.)
[ link to this | view in chronology ]
Re:
https://www.techdirt.com/articles/20180424/06201439696/innocent-man-charged-with-murder-because -his-dna-was-found-fingernails-victim-whom-he-had-never-met.shtml
They may be 99.9...% sure that it's your DNA, but that doesn't translate into being 99.9...% sure that you actually did the crime. And that's dangerous.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
They may be, but I'm not ....
Recent medical article claimed there is much more dna in cells than previously known, are they looking at that also?
[ link to this | view in chronology ]
Re:
In the US, with ample other procedural protections and generally reasonable laws, this may prove to be an overall net benefit to society. But even here it is not that simple and worthy of close scrutiny. Even here we can expect the occasional false positive match. And remember that even when the match is legitimate it may not mean that person committed the crime.
In a country with more restrictive laws, something like this could be used to make it easier for the government to commit human rights violations and track the populous.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
In fact, I actually give a fuck (but perhaps not quite such a big one) that even the actual murderer be found guilty through due process and not trial by social media. Not for their own benefit, but for the benefit of society as a whole, for if we cannot rely upon proper due process for one person, how can rely upon it for ourselves. (Yeah, fantasy, I know - there is already a lot of evidence of cops, prosecutors, jurors and judges being willing to put aside due process for-the-win!)
[ link to this | view in chronology ]
Re: Re: Re:
The evidentiary standards for believing someone is guilty, as a private individual uninvolved with the case, are completely different from the standards for convicting him in a court of law.
There's nothing wrong with, for example, thinking that OJ Simpson committed murder even though a jury found otherwise. There's not even necessarily a contradiction there; it's entirely consistent to believe that he's probably guilty but that the jury made the correct decision based on the facts presented in the trial.
The court of public opinion has different standards than a court of law. And it should.
[ link to this | view in chronology ]