The trouble with using DNA matches to nab criminals

The arrest of the Golden State Killer, a serial criminal, was made possible through advances in DNA technology and commercial forensic genealogy. While effective in solving crimes, the use of public genetic information raises serious privacy concerns, potentially harming innocent relatives and uncovering unwanted private information.

This article was first published in The Mint. You can read the original at this link.


From 1974 to 1986, residents of California were terrorized by the Golden State Killer, a serial criminal who committed 13 murders, 50 rapes and more than 100 burglaries in the state. Law enforcement agencies struggled to identify the perpetrator and were not even sure that all these crimes had been committed by the same person. He was called the Visalia Ransacker, the East Area Rapist and the Original Night Stalker, depending on where and what crime he had committed. In 1981, after a brutal double murder in Goleta, there was a hiatus in his criminal activities until 1986, when he raped and murdered Janelle Lisa Cruz at her home in Irvine. Then, just as suddenly as it had started, it stopped.

For three decades, despite the best efforts of investigators to identify the perpetrator of these crimes, he evaded detection. It was not till 2001, when advances in forensic technologies made it possible, that the police were finally able to conclude that the Original Night Stalker and the East Area Rapist were one and the same person. A decade later, they were able to link the Goleta double murder to the same criminal. It was not until 2018 that investigators were able to positively identify Joseph James DeAngelo, a former police officer and Vietnam war veteran, as the perpetrator of all these crimes.

What was it that had changed to make it possible for investigators to identify him after all these years?

In the first place, DNA technology has been advancing steadily over the past two decades, allowing forensic investigators to correlate the evidence collected from the scenes of his many crimes and identify them all as the work of a single person. However, even then, there was no way to reliably identify him. That was only possible far more recently, with the growth in popularity of commercial forensic genealogy.

Forensic genealogy services allow users to trace their lineage. Users submit tissue samples, usually saliva or a cheek swab, to these services, which then generate genetic profiles from them. The profiles are then uploaded onto GEDmatch, a public aggregator that correlates information from various sites to throw up matches. With the growing interest in these services over the last few years, GEDmatch is now able to locate distant relatives and map extensive family trees. What this also means is that it offers investigators a large pool of identifiable genetic information, against which they can match evidence recovered from crime scenes to help identify the perpetrators. This was how the Golden State Killer was finally arrested, 30 years after committing his last offence.

As effective as it is, the use of commercial genealogy services in this manner raises serious questions. Identification almost always takes place indirectly, because some distant relative innocently uploaded genetic information without intending for it to be used in this manner. As a result, the use of public genetic information ends up with innocent people— who almost always have nothing to do with the crime itself—getting embroiled in an investigation and serving as witnesses to the whereabouts of the suspect.

In the process, the investigation often uncovers private information about them that they did not want to know in the first place, such as the fact that they are related to criminals, or that their parents are not biological, or that they were conceived through adulterous or incestuous relationships. Often, law enforcement agencies threaten them with the public disclosure of such information to push them into cooperating more satisfactorily.

Other relatives, who have not submitted genetic information, also find themselves swept up in the investigation. Once investigators have genetically identified the suspect’s relatives, their first job is to build up exhaustive family trees, turning everyone on those trees into suspects until otherwise eliminated. Very often, the harm visited upon these innocent relatives through the process of such investigations is excessive and far greater than what the perpetrator suffers. We need to ask ourselves whether these sort of incursions into the privacy of innocent bystanders is acceptable, regardless of how heinous the crime is that we are trying to solve.

While forensic genealogy is not yet a thing in India, we will have to contend with issues such as this once the DNA Technology (Use and Application) Regulation Bill, 2019, is enacted into law. While the express intention of this legislation is to establish DNA data banks to make it easier to identify offenders and suspects, given the US experience of what happens to genetic information when it is used in this manner, it is more than likely that the process will inflict significant harm on innocent relatives who have nothing whatsoever to do with the crime itself. Given how harrowing criminal investigation processes can be in this country, the fact that we might suddenly find ourselves dragged into an investigation just because we are remotely related to some criminal seems terrifying.

We will need to give these issues serious thought before the law is finally enacted. Given the number of sources from which genetic information is expected to be aggregated into this database, citizens could find themselves swept up in an investigation whether or not they had anything to do with the criminals who committed the crime. Our current draft law does not seem to have considered these second-order consequences.

But it should.