In April 2018, the California police arrested James DeAngelo, suspected of being the famous 'Golden State Killer' that for 40 years had terrified the population of California. To find it, the researchers went to GEDmatch, a public database in which they are the results of genetic testing companies such as 23andMe or Ancestry and that allow them to find relatives by reverse engineering their family trees.
That discovery caused the use of these genetic databases to be unleashed to help with old and recent investigations, but a court order last week has opened Pandora's box: a detective investigating a case has gained legal access to a base of data from more than a million genetic profiles, and now many fear that not even our genes are safe.
DNA as a police toolRELATED
As they explain in The New York Times, that sentence allowed a Florida detective to access the GEDmatch database and have this researcher search through the 1.3 million user profiles that had deposited their genetic information there.
In sample collection kits such as 23andMe, it is enough to use saliva to complete the test and be informed, for example, of the origin of our ancestors.
Like other services in this area, GEDmatch explains on its website that "it provides requests to compare the results of your DNA tests with those of other people. There are also requests to estimate who your ancestors were." There are many users interested in having one of these tests with the aim of reuniting with lost relatives or seeking their origins, but now this information is exposed.
For the experts, the judicial decision is very dangerous, because both GEDmatch and Ancestry.com or 23andMe (these last two, with many more profiles) had a policy clearly aimed at protecting the privacy of those profiles. For Erin Murphy, a law professor at the University of New York, those policies "have been overturned by a court. It is a sign that no genetic information can be safe."
Privacy loses the battle again
23andMe has 10 million users, and Ancestry has 15 million users. The Golden State Killer case led several US security agencies to take advantage of this method in their reopened or never closed investigations: several were identified in about 70 cases of murder, sexual assault and theft, some of which had not been resolved for five decades. .
James DeAngelo was arrested on suspicion of committing 50 violations and murdering a minimum of 50 people between 1976 and 1986. He was never found … until these DNA tests were used.
In GEDmatch they revealed in May that they changed their policies to try to further protect the privacy of those profiles: they would only give access to those profiles if users had explicitly opted for that option (by default they do not activate that capacity). Only 185,000 of its 1.3 million profiles have this option activated.
Even so, the ruling invalidates these types of company protections, and suddenly makes these databases of millions of users likely to be accessed in a much broader way if a judge considers it appropriate. That worries both users and those who created these services, which are threatened with their livelihood: if users get scared, they will stop using these sites and other new and potential customers will never sign up for them.
Once again this delicate balance between security and privacy is raised, and once again privacy loses.
Sneaky genes: the DNA you donated on a site that informs you of your genealogy is used for criminal investigations in the United States.