Police believe that they have nabbed the notorious "Golden State Killer," a man who committed a series of rapes and murders in California in the 1970s and '80s. Their suspect is former police officer Joseph James DeAngelo, age 72, who has lived for many years in Sacramento. DNA evidence played the main role in identifying him.
Investigators retained DNA evidence from the Golden State Killer's crime scenes, but they were not able to match it to any of the convicts' and arrestees' DNA profiles stored in the FBI's Combined DNA Index System. As a workaround, police decided to take advantage of the fact the millions of Americans (including me!) have had their genetic information tested by various commercial companies, often as part of their personal genealogical research.
The main commerical companies all claim that they will not surrender their clients' DNA test results to the police without a proper warrant. So should regular citizens be concerned about how the cops used DNA here?
In this case, probably not. The police reportedly drew on the open-source GEDmatch service, which does not test DNA but allows users searching for relatives to them to upload the results of such tests from other companies. Apparently, a relative or two of DeAngelo had submitted test results to GEDmatch. This familial genetic link led the police to suspect DeAngelo. The police directly connected DeAngelo to the murders and rapes by matching old crime scene DNA to his obtained from some item(s) he had recently discarded in public.
Leaving your DNA results on a publicly accessible website doesn't seem to raise any Fourth Amendment concerns about unreasonable searches or seizures. As the East Bay Times reports:
Lead investigator Paul Holes, a cold case expert and retired Contra Costa County District Attorney inspector, said his team's biggest tool was GEDmatch, a Florida-based website that pools raw genetic profiles that people share publicly. No court order was needed to access that site's large database of genetic blueprints. Other major private DNA ancestral sites said they were not approached by police for this case.
Ars Technica notes an email them from GEDmatch co-founder Curtis Rogers:
"Although we were not approached by law enforcement or anyone else about this case or about the DNA, it has always been GEDmatch's policy to inform users that the database could be used for other uses, as set forth in the Site Policy," he wrote. "While the database was created for genealogical research, it is important that GEDmatch participants understand the possible uses of their DNA, including information of relatives that have committed crimes or were victims of crimes. if you are concerned about non-genealogical uses of your DNA, you should not upload your DNA to the database and/or you should remove DNA that has already been uploaded."
Many courts have ruled, citing cases involving photographs and fingerprints, that we do not have a reasonable expectation of privacy under the Fourth Amendment that the police will not pick up any DNA that we happen to leave in public.
In my case, the police would not need any sort of court order since I have published my genetic test results online for anyone to see. I am no more worried about my genetic privacy than I am about my fingerprint privacy. I don't plan on committing any felonies, but any of my relatives who may be thinking of embarking on a life of crime—you've been warned.