The Golden State Killer and Genetic Genealogy

Question

I wanted to offer a few thoughts to connect two recent posts in G2G, as I believe that they have mutually interacting implications:

• Article: DNA genealogy helps solve a serial rapist/murderer case.
• Transfer Ancestry DNA to 23andme to get 4 free reports

Regarding the 1st post, we now know how DNA genealogy was used to help solve the case. The lead investigator behind the recent arrest in the "Golden State Killer" case was reported, by The Mercury News, to have utilized GEDmatch:

Lead investigator Paul Holes, a cold case expert and retired Contra Costa County District Attorney inspector, said his team’s biggest tool was GEDmatch, a Florida-based website that pools raw genetic profiles that people share publicly. No court order was needed to access that site’s large database of genetic blueprints. Other major private DNA ancestral sites said they were not approached by police for this case.

There has not yet been a public response by GEDmatch. I am very curious to hear their take on this use of the platform. And I genuinely believe that their response may create challenges for those who desire to utilize genetic genealogy. In addition, this site's linking to GEDmatch or other genetic results is something that the WikiTree will have to re-evaluate, as there are serious ethical issues around the creation and use of police or state DNA databases, and the question of whether these tools which we employ are by their nature extensions of those databases. 

The 2nd post may seem unconnected, however there is a real and pertinent relationship here: the exchange of information and data. In an ideal world, we could take one DNA test and compare those results with every other database. 23andMe's recent DNA day offer to analyze the data of Ancestry DNA customers had elicited hopes that it might provide a means of inter-database matching. This was a disappointment for many.

Now, given the recent news surrounding the "Golden State Killer", I think that 23andMe's reluctance to offer matching for any imported kits is going to be cemented. This was their comment regarding access by law enforcement:

Detectives could not have simply taken the East Area Rapist DNA profile they had from crime scenes — including crimes in Contra Costa, Alameda and Santa Clara counties — signed up for a service and entered that profile, the 23andMe spokesman said.

“We only process saliva in our lab and there has to be enough to fill a test tube,” the spokesman said. “Our platform is only available to our customers, and does not support the comparison of genetic data processed by any third party to genetic profiles within our database.”

If they offer the ability to import data to compare against other kits, then they are opening up their database to law enforcement access. That could kill any enthusiasm for other family members spitting in a tube. 

However, even the current import option is problematic in light of the recent news, since their DNA family report discloses the number of people who match as close relatives the imported DNA data file. If law enforcement were able to upload a suspect kit and it reports that close relatives are known on the service, they could obtain a warrant to compel 23andMe's cooperation. It is possible that revelations such as this will force 23andMe to terminate the program in order to ensure customer confidence. 

Given the intense competition, it seems unlikely that these companies will provide direct database interoperability, as it would be the only solution to maintain the necessary confidence of consumers. Moreover, limiting the incentive to populate an initial database using imported data could limit new DNA genealogy startups. 

Finally, I suspect that WikiTree, as it links together family connections with identifiers of genetic data may face a drop in participation with the public nature of the data. Perhaps greater privacy considerations need to be taken by the administrators of this site, with steps taken to allow the incorporation of this data without making such data completely public. One approach might be obfuscating kit numbers through hashing methods. 

This also raises questions about what we must tell others whom we recruit to take a test. As Blaine Bettinger, a.k.a. the Genetic Genealogist, wrote today:

[...] Do test-takers consent to this use when they provide a DNA sample or upload to a database? How will it affect our ability to recruit new test-takers when we *must* disclose to them that their DNA could be used to implicate family members in crimes?

Unfortunately, these decisions are being made for us rather than with us, and this is one of my major concerns. Where is the discussion in the community? Where is the informed consent when we upload to genealogical databases? I understand that YOU may be completely fine with your DNA being used to incriminate your criminal relatives, but why should YOUR consent be the deciding factor? Shouldn't everyone who uploads have the ability  make that decision? If so, can they so decide now, or is this being done on the sly? How do we engage in conversation before these decisions are all made for the community? Why has there been absolutely NO discussion of the possible negative outcomes?!?

I'd love to hear my fellow WikiTree volunteers' thoughts on the effect of the current situations and how we as a community ought respond.

Comments

I too see as JN Murphy there being lots of new problems with this. I also see a conspiracy theory here too. Now this is way out there but...... What if nefarious individuals obtain your DNA and plant it that in turn leads to a false arrest and conviction. Ancestry states one of the risks about consenting to research projects is in the transport of your DNA to 3rd party research facility and that it can be lost or stolen. They indicate your DNA is not marked with any identifying information. I definitely like the idea of "obfuscating kit numbers through hashing methods".

While it is a good thing they caught this guy, I also agree with Blaine Bettinger that we should be informed and given a choice when our DNA is requested and we should have the choice to release it. 

I also feel strongly that FamilyWiki provide a reference to and disclose DNA is public and accessible by anyone including law enforcement and insurance companies when it refers you to upload your DNA to GEDmatch and get a GEDmatch ID. 

Lots to ponder here. 

 

---

We urgently need an international DNA Data Base to assist police in solving crime.

Answer 1

Law enforcement used this service exactly as it was intended to be used: submit a file with DNA information and search for matching relatives. They found one and then found or developed a family tree, which subsequently revealed a suspect.

People do this every day.

And if this was somehow a problem here because people may not want to reveal murderers and rapists in their family, then it was always a problem because other secrets have long been revealed, such as the identity of birth parents.

Personally, I don't have a problem with any of this and I suspect few people do. Most testers are hung up more on DNA being used by insurance companies, but this would be unrealistic in this scenario.

Comments

Gedmatch.com does actually say:
"While the results presented on this site are intended solely for genealogical research, we are unable to guarantee that users will not find other uses. If you find the possibility unacceptable, please remove your data from this site." 

---

I don't have a problem with law enforcement using this data to catch a murder or rapist, but that is not the only use law enforcement can have for it.   But the real problem, and this situation highlights the problem, is the use of our DNA by insurance companies to rate or deny insurance.

And that is a serious problem

---

What law enforcement did here would not help an insurance company much.

Let's say they identified someone with the BRCA gene and got them to upload their DNA to Gedmatch. They could then look for relatives with matching segments on that chromosome. The problem, of course, is that a gene is not found only on one of a pair of chromosomes but both chromosomes. This wouldn't prove anything.

Even if they attempted to use that data, they would then have to identify you and prove it was you. In this case, all law enforcement did is identify a potential suspect and then obtained DNA from him for proper evidence, with the chain of custody intact.

I think the real danger with insurance companies is that with the cost of testing coming down, they'll just ask for you to submit a sample for their own tests.

---

It is not about law enforcement helping insurance companies or such, but the availability of one's personal DNA and just as bad, metadata to insurance companies.

 

And the problem is not via GEDMATCH, as insurance companies can't trace the individual via GEDMATCH, but I and you have a GEDMATCH ID which can be traced backwards. Haven't you heard there is no privacy on the internet? And that includes me and you posting on wikitree.

FYI, none of this personally effects me. My over 75 years of age, on Medicare and Tricare, as is my spouse.

I am simply trying to caution the public as to the dangers they face.

I have had fun with genealogical genealogy, testing SNP's and such, to be honest , though testing auDNA at 23andme, FTDNA and putting it on GEDMATCH..I've only found a few cousins, and cousins who knew less than I did about respective sides of the tree.

I have posted this before and frequently. It is my opinion that 23andme should be held at arms length, as they admit in their privacy statement that they share data with partners and affiliates, but don't sell to "third parties". Added to their questionability is their attempts at obtaining information that only insurance companies are interested in (either as an individual or to build a metadata base) such as lifestyle and family traits.

As always caveat emptor

---

This the next step of a long debate about how technology fits into our life. Thank you for your insights.

This is hardly a new debate, as you can see from a Guardian article ( https://www.theguardian.com/uk-news/2016/jun/07/killer-dna-evidence-genetic-profiling-criminal-investigation ). The UK established their first national DNA database in 1995.  UK legislation was passed in 2012 that provided for the eventual destruction DNA profiles of people who were not convicted of a crime.  

Restricting the use of DNA sharing sites will slow down, but hardly stop this police use of DNA  investigation. States like Ohio routinely collect DNA samples from people arrested on felony charges. https://www.brennancenter.org/blog/just-facts-many-americans-have-criminal-records-college-diplomas tells us  “Nearly half of black males and almost 40 percent of white males are arrested by the age 23.”  

With a large enough sample population, even when they can’t find the suspect, police are able to identify 3^rd and 4^th cousins using only their evolving DNA data bases. It is hardly an insurmountable hurdle for police, using public records, to go from 3^rd & 4^th cousins to identifying plausible suspects.  

Whether you approve or disapprove, this DNA “progress” is only a subset of what is happening. Facial recognition technology has been used to identify suspects & will only become more effective in the future; my computer logs me in using facial identification. Fingerprints are used to identify you as you pass through Customs & Border Protection to enter the USA today and to open your iPhone. Video cameras proliferate; my neighbor’s doorbell gathers images of everyone approaching his house, my daughter’s pet camera transmits cute video strips of her dog – as well as of any intruder. Technology marches on. 

Once a technology has been invented, it can’t be un-invented. Our challenge is to balance the rights of the general public to be safe against the rights of the individual not to have the state intrude into our lives. 

I suspect that this will be a very long debate.

---

GD. Some serial killer always has to go and ruin it for the rest of us.

---

How does it ruin us for the rest of us?.Doesn't ruin it for me. Are you an employee of a testing company, that's the only way I can think of this event ruining for you.

---

Chuckled - thanks Tannis.

Appreciate your using humor to make the point  that as a result of this fewer might get DNA testing - fewer might upload their data - so it will slow things down for the dedicated DNA genealogist..

That said, it is my sense that DNA genealogy has picked up dramatcally in the past two years. I expect this will only be a minor hick-up - not a serious setbback.

---

Hehehe, Thanks Jim!

I completely agree with you.

---

I wish I could up vote the humor,I do think it escapes some.

Answer 2

I have also been thinking about the implications of this usage of DNA in public databases.

1) I do not have a problem with law enforcement using publicly available tools to catch awful criminals.  In addition to DNA, we know they use CCTV video, sketch artists, voice prints etc.  I think using DNA in this particular case is totally valid.

2) What would this mean in an abusive government situation? If for some reason DNA was to be used to round up government dissidents, for example, I would want the ability to stop sharing my DNA, and I might regret sharing it in the first place.  I believe gedmatch addresses this in that at any time you can remove your data from the database.  Can gedmatch be trusted to *actually* delete the data?  I hope, but of course entrusting *any* data to *any* entity carries some risk, and that risk should be weighed against ones own fears and paranoias.

If I had a relative that committed those crimes, I would want them caught. If I was living in North Korea, and the govt wanted to not only punish the dissidents, but anyone related to them, then it would give me pause.

As "Interesting" as current times are, I am not yet fearful of what might be done with my DNA.  Maybe I am naive.  But if my community was being terrorized by a serial offender and law enforcement had no clues aside from geography and DNA, I would be towards the front of the line for cheek swabs to eliminate myself from suspicion, even if it cast suspicion on someone in my family. So by extension, I would have not problem with my gedmatch DNA being used in this way.  But it might be nice to have them get a warrant, and have a disclaimer on the gedmatch, that they are subject to search warrants, and other public usage.

Answer 3

We live in an Orwellian world. Simple fact. It has been inevitable since the emergence of a computer driven, online society. If the masses have the ability to share information with one another it logically follows that "big brother" is going to eavesdrop and make use of the data. Sometimes that use is going to make we the masses uncomfortable and/or pissed off.

From what I understand, in this case the police made intelligent and legitimate use of freely shared information for a good cause. No invasion of privacy occurred, unlike the breach of privacy that Zuckerberg admitted Facebook took part in, which I think should be of far greater concern to everyone.

I think there will be a paraniodal knee-jerk reaction in some circles to this event. Then I hope cooler heads will step forward with ideas that both protect the privacy of the innocent while still enabling controlled, monitored and common sense use of information by law enforcement.

But I'll admit candidly that I wander in the lands of the idealists sometimes.

Comments

I don't question what the police did in this case is illegal; the questions here are whether it is desirable, whether it is something that our collaborators (e.g. those providing DNA samples or family tree information) have consented to, and whether there are any actions  which we as genealogists and as a community ought undertake in order to mitigate negative outcomes that may result. 

As I have pointed out, DNA testing companies have already taken certain steps to avoid this; they may take additional steps. 

Such negative outcomes that affect genealogists more broadly could, for instance, include the willingness of others to share their DNA samples, family tree information, or historical documents with us. Have the genealogists who have collected this data or contributed their cousin's kits to GEDmatch provided the opportunity for fully informed consent to genuinely be provided?

I should add that you have another set of assumptions acting here: that the police are acting in truth and righteousness; that this is "for a good cause". Moreover, only knowing what we have been told, we cannot know that "No invasion of privacy occurred". That is, they are not engaging in morally questionable behaviour such as framing a particular suspect. 

Answer 4

One thing I’ve realized over my life.  Human beings are both 1. the most kind, giving, good AND 2. the most evil, jealous, selfish entities in existence.  And in most cases, these are not mutually exclusive per person.    Most people are both of these.  Most people care a lot, but in general, they care mostly about what is theirs and their own, and that generally always over-rides helping others.  Heck, forget helping others, most people can’t even refrain from simply  being constantly rude to others in public, on the roads, staring at handicapped people, etc. So that said, you may be giving your DNA to 1., who may use it for 2.  Note the blue cross, equifax, retailer, etc. information breaches, which are mostly found to be leaked from within.