'Golden State Killer' arrest highlights the risks of public DNA databases

How uploading your genetic data could hurt your kin.
A man walks past the Health Street's rolling DNA-testing truck parked in New York City. (REUTERS/Shannon Stapleton)

On April 24th, Joseph James DeAngelo was arrested on suspicion that he was the "Golden State Killer", a serial murderer who had killed at least a dozen people and raped dozens more during the late 1970s and early 1980s.

When the news was announced, it was unclear what finally broke the case, which had gone cold decades earlier. Patton Oswalt, whose late wife wrote a book about the killer, suggested that her research may have opened up new leads.

Finally, it was announced that police had used DNA from a crime scene and uploaded the sequenced genome onto a site called GEDMatch. GEDMatch is a database of genetic data used by genealogy enthusiasts. Users upload data from other commercial genetics testing services, like 23andMe, and can then find other people related to them. Police were able to find a distant relative of DeAngelo's and used that to narrow in on DeAngelo himself.

Peter Chow-White is a professor of communication at Simon Fraser University and Director of the Genomics and Networks Analysis (GeNA) Lab. (GeNA Lab)
Peter Chow-White
is a professor of communication at Simon Fraser University and Director of the Genomics and Networks Analysis (GeNA) Lab. Speaking on Spark, Chow-White said that genetic data is different than other forms of data because it corresponds to more than just an individual.

"DNA is a network identifier," he said. "It identifies all sorts of people in a family whose privacy and whose civil rights and whose legal rights might be compromised in that type of approach."

The kind of search police did in this case was called a familial search, meaning they used the DNA found at the crime scene to find family members, rather than directly identifying the suspect himself.

"When you start doing things like DNA dragnets, where you just grab a whole bunch of a population and start swabbing all of them to get this, that starts to be an invasion of civil rights and privacy rights. And familial search is along that continuum," Chow- White said.

While databases exist of DNA collected by police, in this case the data was uploaded by users. According to Chow-While, this is a symptom of our lack of understanding of online privacy, especially when it comes to data about our health.

"You need to keep in mind that while the companies offer you a service on the front end, on the back end it's just like any data company," he said. "We're entering into a contract where we're giving away our data to a certain extent.

"Citizens need to see their individual genome data as something they have to be very thoughtful with. It's much, much different than 'liking' or clicking and putting up status updates on social media," he said.

"But we do all this on the same screen now, so there starts to be an equivalence between these things."

While it's not clear if what police did in this case was strictly legal, Chow-White said that in Canada, police wouldn't be able to use a public DNA database in this way. "When databases are made for one purpose, they can't just be repurposed."

"Whether or not it's legal, it certainly doesn't pass the creepy test."


To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.