Should DNA be used by police without consent?

In 1976, a killer was stalking the streets of Sacramento County, California. Over the next decade he would terrorise the community, murder 12 people and rape nearly 50 women and girls in a string of crimes that went unsolved for more than 40 years.

Then, in April this year, police uploaded DNA data taken from the crime scene to a genealogy website called GEDmatch.

They got a hit.

The DNA matched relatives of 72-year-old Joseph James DeAngelo, an ex-cop, who has now been charged as the suspected “Golden State killer”. While roundly welcomed, the result had a mixed reception from genealogy enthusiasts.

“I’ll volunteer to give my DNA and out any of my cousins who may be rapist/murderers,” wrote one on a Facebook page, quoted by the New York Times.

But a troubled GEDmatch client said, “My relatives consented for their data to be used for genealogy but not for criminal investigations.”

Those concerns feature prominently in a new commentary, published in the journal Annals of Internal Medicine. Written by a team led by bioethicist Benjamin Berkman from the US National Institutes of Health, it raises deep questions about the ethics of using genealogy DNA data to solve crime.

“Despite the popularity of online genealogy services, it is unclear whether users of these sites understand that their genetic data are available to criminal investigators,” the authors write.

The home-DNA testing kit 23andMe was one of Amazon’s top five sellers in last November’s Black Friday sales. From a sample of spit it will reveal your risk of Alzheimer’s and whether your ancestors are Manchurian or Iberian. Buried deep inside its privacy policy, which runs to more than 9000 words, it does, in fact, say it may be legally compelled to hand data to police.

The researchers, however, note some providers don’t mention this and, even when they do, it is doubtful many users internalise or even read it – none too surprising given all those words.

But it’s a worry because, as the Golden State Killer case makes clear, it is not just the user but their relatives who may be subject to criminal investigation. Properly informed consent is critical, too, because once your saliva is dropped into the laboratory inbox your grasp on genetic privacy gets very tenuous indeed.

US courts have already allowed police to test DNA from discarded cigarette butts and stray hairs, which fall under the so-called “abandonment doctrine”. Citizens have no reasonable expectation of privacy in relation to “abandoned materials,” a description, the authors say, that applies equally to your spit.

Moreover, police who upload crime DNA data to a site such as GEDmatch probably aren’t conducting a “search” under the terms of the US Fourth Amendment. They are not, therefore, subject to constitutional demands that searches be reasonable, conducted with a warrant and based on probable cause. Fishing expeditions get the green light, it seems.

The discomforting fact is that when police genealogy searches link DNA back to its owner, multiple risks arise. Some of those are long-standing. If employers or insurers get access to a person’s genetically encoded medical conditions, discrimination could come next.

But there are big questions, too, about just how reliable those data are in catching crooks. In the dystopian thriller Gattaca, Detective Hugo is cautious when the DNA of protagonist Vincent Freeman is found at several crime scenes. “[M]any perfectly innocent citizens have left specimens at as many crime scenes,” he says. “Maybe he’s just unlucky,”

That kind of scenario might not only implicate innocent individuals but, the researchers write, wrongly target entire communities should creeping biases lead to racial profiling. In 2007 in Germany, Romani “gypsies” were pursued for two years before it was discovered the cotton swab used at a crime scene was contaminated by a factory worker during production.

According to Jane Tiller, from the Public Health Genomics program at Monash University in Melbourne, Australia, it is unclear whether DNA data submitted by Australians to the US labs of companies such as 23andMe could be accessed by law enforcement.

“There would, in theory, be the potential for the Australian government to access that data but it would require an agreement between the Australian and US governments,” she says.

The issue of ownership is also contentious.

“Who owns DNA data in Australia is a fraught question that isn’t clearly answered under Australian regulations,” she says.

“We have rights to privacy, confidentiality and consent. We don’t have the right to sell or profit from our own personal DNA or to transfer property ownership rights from our own DNA to someone else.”

Even the rights we do hold have limits. For DNA held in Australian laboratories, says Tiller, privacy and consent may be overridden to retrieve data under a court order.

Australian law, it seems, is a laggard, but the technology is anything but, making a speedy resolution to regulatory doubts all the more urgent.

Last year a team led by Craig Venter, one of the first scientists to sequence the human genome in 2001, created a machine-learning algorithm the researchers claim can produce a facial image from a person’s DNA alone. A genetic mug shot no less. Should that technique be perfected, face matching technology, such as that rolled out last year by the Australian government, could relegate genealogy database searches to the museum.

It could also spawn many imitators of Gattaca’s Vincent. He obsessively cleans his keyboard and work station to remove even a single strand of hair that might reveal his true genetic identify. Should we find ourselves in such a new world order, don’t be surprised if Vincent’s device of choice, a miniature vacuum cleaner, ends up as an Amazon top seller.