In 1981, a woman was found murdered in a roadside ditch in Ohio. The police believed she had been killed just hours earlier, but it took them 37 years to discover her name. On 12 April 2018, she was formally identified as 21-year-old Marcia King. The breakthrough was made thanks to the DNA Doe Project, a non-profit organisation founded by two volunteer forensic genealogists, Colleen Fitzpatrick and Margaret Press.
The DNA retained from King’s autopsy had degraded, but they were able to extract enough information to create a profile similar to those generated by commercial testing sites such as 23andme or Ancestry.com. They uploaded this information to GEDMatch.com, a database that allows users to share their DNA profiles and search for genealogical matches, where they identified one of King’s living relatives.
GEDMatch made the news again in late April, when police revealed they had identified a new suspect in the hunt for the Golden State Killer, who murdered at least 12 people and raped at least 50 in California between 1974 and 1986. Investigators used DNA extracted at the crime scenes to identify around a dozen of the killer’s distant relatives on GEDMatch. This led them eventually to Joseph James DeAngelo, a 72-year-old former police officer. He was arrested on 24 April, after police surreptitiously tested the DNA on an item he had discarded and found it matched the killer.
These cases reveal the dramatic potential for commercial DNA testing sites to revive dormant crime or missing persons investigations, but they also raise profound questions over genetic privacy. “There’s no doubt there are going to be many more cases like this. The door is open, that’s it,” genealogist Colleen Fitzpatrick told me.
Ancestry.com and 23andme say that they won’t grant governments access to their customers’ information without a court order. But this still gives the police considerable access to genetic information that is otherwise unavailable.
In 2014, US detectives investigating a fatal stabbing subpoenaed Ancestry.com to access the personal information of a user whose DNA was a close match to that found at the crime scene. Suspicion for the murder quickly fell on the user’s son, Michael Usry, a film-maker who had worked on violent horror movies. Usry submitted to DNA testing and spent a month wondering if he might suddenly be arrested, until the results proved his innocence.
It is no coincidence that the Golden State detectives and the DNA Doe Project both used GEDMatch. The site has just under a million users and operates differently from larger databases. In place of a long, legalistic privacy policy it states that “DNA and genealogical research, by its very nature, requires the sharing of information. Because of that, users participating in this site should expect that their information will be shared with other users.”
It warns of the dangers of identity theft and credit fraud and suggests that anyone who requires “absolute privacy and security” should not use the site.
Although British detectives are not thought to have ever used GEDMatch, one lawyer told me that since the information is already publicly available, there is no obvious legal barrier to them doing so in the future.
GEDMatch now faces significantly greater scrutiny. Initiatives such as the DNA Doe Project know that if stricter regulation is imposed, or if users begin withdrawing information, their cold-case work will become more difficult.
For now, however, the project welcomes the renewed public debate over genetic privacy. “The best outcome here is that people become aware of what can happen to their data on the internet, whether it’s their DNA or pictures of their grandchildren,” said genealogist Margaret Press.
The media attention has not hurt GEDMatch. Its co-founder, Curtis Rogers, told me that although user figures fell when detectives first revealed they had accessed the site (it was news to him, too), the numbers soon resumed their steady rise.
This article appears in the 10 May 2018 issue of the New Statesman, Israel vs Iran