Police Are Getting DNA Data From People Who Think They Opted Out

Forensic genetic genealogists skirted GEDmatch privacy rules by searching users who explicitly opted out of sharing DNA with law enforcement.

SANTA ANA, CA - JUNE 08: The DNA kit genetic genealogist CeCe Moore used to trace Kayla Tovo's family tree which led to finding her biological mother. ///ADDITIONAL INFORMATION: babyalphabeta.XXXX ?ê 6/8/15 ?ê LEONARD ORTIZ, ORANGE COUNTY REGISTER - 06.Slug goes here.lo.jpg -- Back in November 1987, a newborn wrapped in an old blanket was found near a dumpster at an Alpha Beta supermarket in Anaheim. She was dubbed Baby Alpha Beta in news stories. Orangewood Children's Home later renamed her Baby Noel. She was soon adopted and grew up in a happy home in Orange County. She joined the military out of high school, was wounded and disabled in Afghanistan, and is now medically retired at the age of 26. Kayla Tovo never really wanted to find out about her birth mother until she had her son, who turns 6 this month. But still she waited. Then last year, she started her search and, aided by a DNA expert Cece Moore located her birth family. (Photo by Leonard Ortiz/Digital First Media/Orange County Register via Getty Images)
The DNA kit genetic genealogist CeCe Moore used to help a woman find her biological mother on June 8, 2015. Photo: MediaNews Group via Getty Images

CeCe Moore, an actress and director-turned-genetic genealogist, stood behind a lectern at New Jersey’s Ramapo College in late July. Propelled onto the national stage by the popular PBS show “Finding Your Roots,” Moore was delivering the keynote address for the inaugural conference of forensic genetic genealogists at Ramapo, one of only two institutions of higher education in the U.S. that offer instruction in the field. It was a new era, Moore told the audience, a turning point for solving crime, and they were in on the ground floor. “We’ve created this tool that can accomplish so much,” she said.

Genealogists like Moore hunt for relatives and build family trees just as traditional genealogists do, but with a twist: They work with law enforcement agencies and use commercial DNA databases to search for people who can help them identify unknown human remains or perpetrators who left DNA at a crime scene.

The field exploded in 2018 after the arrest of Joseph James DeAngelo as the notorious Golden State Killer, responsible for more than a dozen murders across California. DNA evidence collected from a 1980 double murder was analyzed and uploaded to a commercial database; a hit to a distant relative helped a genetic genealogist build an elaborate family tree that ultimately coalesced on DeAngelo. Since then, hundreds of cold cases have been solved using the technique. Moore, among the field’s biggest evangelists, boasts of having personally helped close more than 200 cases.

The practice is not without controversy. It involves combing through the genetic information of hundreds of thousands of innocent people in search of a perpetrator. And its practitioners operate without meaningful guardrails, save for “interim” guidance published by the Department of Justice in 2019.

The last five years have been like the “Wild West,” Moore acknowledged, but she was proud to be among the founding members of the Investigative Genetic Genealogy Accreditation Board, which is developing professional standards for practitioners. “With this incredibly powerful tool comes immense responsibility,” she solemnly told the audience. The practice relies on public trust to convince people not only to upload their private genetic information to commercial databases, but also to allow police to rifle through that information. If you’re doing something you wouldn’t want blasted on the front page of the New York Times, Moore said, you should probably rethink what you’re doing. “If we lose public trust, we will lose this tool.”

Despite those words of caution, Moore is one of several high-profile genetic genealogists who exploited a loophole in a commercial database called GEDmatch, allowing them to search the DNA of individuals who explicitly opted out of sharing their genetic information with police.

The loophole, which a source demonstrated for The Intercept, allows genealogists working with police to manipulate search fields within a DNA comparison tool to trick the system into showing opted-out profiles. In records of communications reviewed by The Intercept, Moore and two other forensic genetic genealogists discussed the loophole and how to trigger it. In a separate communication, one of the genealogists described hiding the fact that her organization had made an identification using an opted-out profile.

The communications are a disturbing example of how genetic genealogists and their law enforcement partners, in their zeal to close criminal cases, skirt privacy rules put in place by DNA database companies to protect their customers. How common these practices are remains unknown, in part because police and prosecutors have fought to keep details of genetic investigations from being turned over to criminal defendants. As commercial DNA databases grow, and the use of forensic genetic genealogy as a crime-fighting tool expands, experts say the genetic privacy of millions of Americans is in jeopardy.

Moore did not respond to The Intercept’s requests for comment.

“If we can’t trust these practitioners, we certainly cannot trust law enforcement.”

To Tiffany Roy, a DNA expert and lawyer, the fact that genetic genealogists have accessed private profiles — while simultaneously preaching about ethics — is troubling. “If we can’t trust these practitioners, we certainly cannot trust law enforcement,” she said. “These investigations have serious consequences; they involve people who have never been suspected of a crime.” At the very least, law enforcement actors should have a warrant to conduct a genetic genealogy search, she said. “Anything less is a serious violation of privacy.”

MEGYN KELLY TODAY -- Pictured: (l-r) CeCe Moore and Megyn Kelly on Tuesday, August 14, 2018 -- (Photo by: Zach Pagano/NBCU Photo Bank/NBCUniversal via Getty Images via Getty Images)

CeCe Moore appears as a guest on “Megyn Kelly Today” on Aug. 14, 2018.

Photo: Zach Pagano/NBCU Photo Bank/NBCUniversal via Getty Images

The Wild West

Forensic genetic genealogy evolved from the direct-to-consumer DNA testing craze that took hold roughly a decade ago. Companies like 23andMe and Ancestry offered DNA analysis and a database where results could be uploaded and searched against millions of other profiles, offering consumers a powerful new tool to dig into their heritage through genetics.

It wasn’t long before entrepreneurial genealogists realized this information could also be used to solve criminal cases, especially those that had gone cold. While the arrest of the Golden State Killer captured national attention, it was not the first case solved by forensic genetic genealogy. Two weeks earlier, genetic genealogists Margaret Press and Colleen Fitzpatrick joined officials in Ohio to announce that “groundbreaking work” had allowed authorities to identify a young woman whose body was found by the side of a road back in 1981. Formerly known as “Buckskin Girl” for the handmade pullover she wore, Marcia King was given her name back through genetic genealogy. “Everyone said it couldn’t be done,” Press said.

The type of consumer DNA information used in forensic genetic genealogy is far different from that uploaded to the Combined DNA Index System, or CODIS, a decades-old network administered by the FBI. The DNA entered in CODIS comes from individuals convicted of or arrested for serious crimes and is often referred to as “junk” DNA: short pieces of unique genetic code that don’t carry any individual health or trait information. “It’s not telling us how the person looks. It’s not telling us about their heritage or their phenotypic traits,” Roy said. “It’s a string of numbers, like a telephone number.”

In contrast, the DNA testing offered by direct-to-consumer companies is “as sensitive as it gets,” Roy said. “It tells you about your origins. It tells you about your relatives and your parentage, and it tells you about your disease propensity.” And it has serious reach: While CODIS searches the DNA of people already identified by the criminal justice system, the commercial databases have the potential to search through the DNA of everyone else.

Individuals can upload their test results to any number of databases; at present, there are five main commercial portals. Ancestry and 23andMe are the biggest players in the field, with databases containing roughly 23 million and 14 million profiles. Individuals must test with the companies to gain access to their databases; neither allow DNA results obtained from a different testing service. Both Ancestry and 23andMe forbid police, and the genetic genealogists who work with them, from accessing their data for crime-fighting purposes. “We do not allow law enforcement to use Ancestry’s service to investigate crimes or to identify human remains” absent a valid court order, Ancestry’s privacy policy notes. The two companies provide regular transparency reports documenting law enforcement requests for user information.

MyHeritage, home to some 7 million DNA profiles, similarly bars law enforcement searches, but it does allow individuals to upload DNA results obtained from other sources.

And then there are FamilyTreeDNA and GEDmatch, which grant police access but give users the choice of opting in or out. Both allow anyone to upload their DNA results and have upward of 1.8 million profiles. But neither company routinely publicizes the number of customers who have opted in, said Leah Larkin, a veteran genetic genealogist and privacy advocate from California. Larkin writes about issues in the field — including forensic genetic genealogy, which she does not practice — on her website the DNA Geek. Larkin estimates that roughly 700,000 GEDmatch profiles are opted in. She suspects that even more are opted in on FamilyTreeDNA; opting in is the default for the company’s U.S. customers and “it’s not obvious how to opt out.”

But even opting out of law enforcement searches doesn’t guarantee that a profile won’t be accessed: A loophole in GEDmatch offers users working with law enforcement agencies a back door to accessing protected profiles. A source showed The Intercept how to exploit the loophole; it was not an obvious weakness or one that could be triggered mistakenly. Rather, it was a back door that required experience with the platform’s various tools to open.

GEDmatch’s parent company, Verogen, did not respond to a request for comment.

CITRUS HEIGHTS, CA - APRIL 25:  Law enforcement officials leave the home of accused rapist and killer Joseph James DeAngelo on April 24, 2018 in Citrus Heights, California. Sacramento District Attorney Anne Marie Schubert was joined by law enforcement officials from across California to announce the arrest of 72 year-old Joseph James DeAngelo who is believed to be the the East Area Rapist, also known as the Golden State Killer, who killed at least 12, raped over 45 people and burglarized hundreds of homes throughout California in the 1970s and 1980s.  (Photo by Justin Sullivan/Getty Images)

Law enforcement officials leave the home of accused serial killer Joseph James DeAngelo in Citrus Heights, Calif., on April 24, 2018.

Photo: Justin Sullivan/Getty Images

An Open Secret

In forensic genetic genealogy circles, the GEDmatch loophole had long been an open secret, sources told The Intercept, one that finally surfaced publicly during the Ramapo College conference in late July.

Roy, the DNA expert, was giving a presentation titled “In the Hot Seat,” a primer for genealogists on what to expect if called to testify in a criminal case. There was a clear and simple theme: “Do not lie,” Roy said. “The minute you’re caught in a lie is the minute that it’s going to be difficult for people to use your work.”

As part of the session, David Gurney, a professor of law and society at Ramapo and director of the college’s nascent Investigative Genetic Genealogy Center, joined Roy for a mock questioning of Cairenn Binder, a genealogist who heads up the center’s certificate program.

Gurney, simulating direct examination, walked Binder through a series of friendly questions. Did she have access to DNA evidence or genetic code during her investigations? No, she replied. Could she see everyone who’d uploaded DNA to the databases? No, she said, only those who’d opted in to law enforcement searches.

Roy, playing the part of opposing counsel, was pointed in her cross-examination: Was Binder aware of the GEDmatch loophole? And had she used it? Yes, Binder said. “How many times?” Roy asked.

“A handful,” Binder replied. “Maybe up to a dozen.”

Binder’s answers quickly made their way into a private Facebook group for genetic genealogy enthusiasts, prompting a response from the DNA Doe Project, a volunteer-driven organization led by Press, one of the women who identified the Buckskin Girl. Before joining Ramapo College, Binder had worked for the DNA Doe Project.

In a statement posted to the Facebook group, Pam Lauritzen, the project’s communications director, said the loophole was an artifact of changes GEDmatch implemented in 2019, when it made opting out the default for all profiles. “While we knew that the intent of the change was to make opted-out users unavailable, some volunteers with the DNA Doe Project continued to use the reports that allowed access to profiles that were opted out,” she wrote. That use was neither “encouraged nor discouraged,” she continued. Still, she claimed the access was somehow “in compliance” with GEDmatch’s terms of service — which at the time promised that DNA uploaded for law enforcement purposes would only be matched with customers who’d opted in — and that the loophole was closed “years ago.”

It was a curious statement, particularly given that Press, the group’s co-founder, was among the genealogists who discussed the GEDmatch loophole in communications reviewed by The Intercept. In 2020, she described the DNA Doe Project using an opted-out profile to make an identification — and devising a way to keep that quiet.

Press referred The Intercept’s questions to the DNA Doe Project, which declined to comment.

In July 2020, GEDmatch was hacked, which resulted in all 1.45 million profiles then contained in the database to be briefly opted in to law enforcement matching; at the time, BuzzFeed News reported, just 280,000 profiles had opted in. GEDmatch was taken offline “until such time that we can be absolutely sure that user data is protected against potential attacks,” Verogen wrote on Facebook.

In the wake of the hack, a genetic genealogist named Joan Hanlon was asked by Verogen to beta test a new version of the site. According to records of a conversation reviewed by The Intercept, Press and Moore, the featured speaker at the Ramapo conference, discussed with Hanlon their tricks to access opted-out profiles and whether the new website had plugged all backdoor access. It hadn’t. It’s unclear if anyone told Verogen; as of this month, the back door was still open.

Hanlon did not respond to The Intercept’s requests for comment.

In January 2021, GEDmatch changed its terms of service to opt everyone in for searches involving unidentified human remains, making the back door irrelevant for genealogists who only worked on Doe cases, but not those working with authorities to identify perpetrators of violent crimes.

Undisclosed Methods

Exploitation of the GEDmatch loophole isn’t the only example of genetic genealogists and their law enforcement partners playing fast and loose with the rules.

Law enforcement officers have used genetic genealogy to solve crimes that aren’t eligible for genetic investigation per company terms of service and Justice Department guidelines, which say the practice should be reserved for violent crimes like rape and murder only when all other “reasonable” avenues of investigation have failed. In May, CNN reported on a U.S. marshal who used genetic genealogy to solve a decades-old prison break in Nebraska. There is no prison break exception to the eligibility rules, Larkin noted in a post on her website. “This case should never have used forensic genetic genealogy in the first place.”

“This case should never have used forensic genetic genealogy in the first place.”

A month later, Larkin wrote about another violation, this time in a California case. The FBI and the Riverside County Regional Cold Case Homicide Team had identified the victim of a 1996 homicide using the MyHeritage database — an explicit violation of the company’s terms of service, which make clear that using the database for law enforcement purposes is “strictly prohibited” absent a court order.

“The case presents an example of ‘noble cause bias,’” Larkin wrote, “in which the investigators seem to feel that their objective is so worthy that they can break the rules in place to protect others.”

MyHeritage did not respond to a request for comment. The Riverside County Sheriff’s Office referred questions to the Riverside district attorney’s office, which declined to comment on an ongoing investigation. The FBI also declined to comment.

Violations have even come from inside the DNA testing companies. Back in 2019, GEDmatch co-founder Curtis Rogers unilaterally made an exception to the terms of service, without notifying the site’s users, to allow police to search for someone suspected of assault in Utah. It was a tough call, Rogers told BuzzFeed News, but the case in question “was as close to a homicide as you can get.”

It appears that violations have also spread to Ancestry, which prohibits the use of its DNA data for law enforcement purposes unless the company is legally compelled to provide access. Genetic genealogists told The Intercept that they are aware of examples in which genealogists working with police have provided AncestryDNA testing kits to the possible relatives of suspects — what’s known as “target testing” — or asked customers for access to preexisting accounts as a way to unlock the off-limits data.

A spokesperson for Ancestry did not answer The Intercept’s questions about efforts to unlock DNA data for law enforcement purposes via a third party. Instead, in a statement, the company reiterated its commitment to maintaining the privacy of its users. “Protecting our customers’ privacy and being good stewards of their data is Ancestry’s highest priority,” it read. The company did not respond to follow-up questions.

As it turns out, the genetic genealogy work in the Golden State Killer case was also questionable: The break that led to DeAngelo came after genealogist Barbara Rae-Venter uploaded DNA from the double murder to MyHeritage, according to the Los Angeles Times. Rae-Venter told the Times that she didn’t notify the company about what she was doing but that her actions were approved by Steve Kramer, the FBI’s Los Angeles division counsel at the time. “In his opinion, law enforcement is entitled to go where the public goes,” Rae-Venter told the paper.

Just how prevalent these practices are may never fully be known, in part because police and prosecutors regularly seek to shield genetic investigations from being vetted in court. They argue that what they obtain from forensic genetic genealogy is merely a tip, like information provided by an informant, and is exempt from disclosure to criminal defendants.

That’s exactly what’s happening in Idaho, where Bryan Kohberger is awaiting trial for the 2022 murder of four university students. For months, the state failed to disclose that it had used forensic genetic genealogy to identify Kohberger as a suspect. A probable cause statement methodically laying out the evidence that led cops to his door conspicuously omitted any mention of genetic genealogy. Kohberger’s defense team has asked to see documents related to the genealogy work as it prepares for an October trial, but the state has refused, saying the defense has no right to any information about the genetic genealogy it used to crack the case.

Prosecutors said it was the FBI that did the genetic genealogy work, and few records were created in the process, leaving little to turn over. But the state also argued that it couldn’t turn over information because the family tree the FBI created was extensive — including “the names and personal information of … hundreds of innocent relatives” — and the privacy of those individuals needed to be maintained. According to the state, it shouldn’t even have to say which genetic database — or databases — it used.

Kohberger’s attorneys argue that the state’s position is preposterous and keeps them from ensuring that the work undertaken to find Kohberger was above board. “It would appear that the state is acknowledging that the companies are providing personal information to the state and that those companies and the government would suffer if the public were to realize it,” one of Kohberger’s attorneys wrote. “The statement by the government implies that the databases searched may be ones that law enforcement is specifically barred from, which explains why they do not want to disclose their methods.”

A hearing on the issue is scheduled for August 18.

LITTLETON, CO - JUNE 27: Patrick Meeker show his family tree on Ancestry.com, June 24, 2016. Meeker used Ancestry.com's DNA test to track down his birth parents. (Photo by RJ Sangosti/The Denver Post via Getty Images)

An AncestryDNA user points to his family tree on Ancestry.com on June 24, 2016.

Photo: RJ Sangosti/The Denver Post via Getty Images

“A Search of All of Us”

Natalie Ram, a law professor at the University of Maryland Carey School of Law and an expert in genetic privacy, believes forensic genetic genealogy is a giant fishing expedition that fails the particularity requirement of the Fourth Amendment: that law enforcement searches be targeted and based on individualized suspicion. Finding a match to crime scene DNA by searching through millions of genetic profiles is the opposite of targeted. Forensic genetic genealogy, according to Ram, “is fundamentally a search of all of us every time they do it.”

While proponents of forensic genetic genealogy say the individuals they’re searching have willingly uploaded their genetic information and opted in to law enforcement access, Ram and others aren’t so sure that’s the case, even when practitioners adhere to terms of service. If the consent is truly informed and voluntary, “then I think that it would be ethical, lawful, permissible for law enforcement to use that DNA … to identify those individuals who did the volunteering,” Ram said. But that’s not who is being identified in these cases. Instead, it’s relatives — and sometimes very distant relatives. “Our genetic associations are involuntary. They’re profoundly involuntary. They’re involuntary in a way that almost nothing else is. And they’re also immutable,” she said. “I can estrange myself from my family and my siblings and deprive them of information about what I’m doing in my life. And yet their DNA is informative on me.”

Jennifer Lynch, general counsel at the Electronic Frontier Foundation, agrees. “We’re putting other people’s privacy on the line when we’re trying to upload our own genetic information,” she said. “You can’t consent for another person. And there’s just not an argument that you have consented for your genetic information to be in a database when it’s your brother who’s uploaded the information, or when it’s somebody you don’t even know who is related to you.”

Related

Orange County Prosecutors Operate “Vast, Secretive” Genetic Surveillance Program

To date, efforts to rein in the practice as a violation of the Fourth Amendment have presented some problems. A person whose arrest was built on a foundation of genetic genealogy, for example, might have been harmed by the genealogical fishing expedition but lack standing to bring a case; in the strictest sense, it wasn’t their DNA that was searched. In contrast, a third cousin whose DNA was used to identify a suspect could have standing to bring a suit, but they might be hard-pressed to prove they were harmed by the search.

If police are getting hits to suspects by violating companies’ terms of service — using databases that bar police searching — that “raises some serious Fourth Amendment questions” because no expectation of privacy has been waived, Ram said. Of course, ferreting out such violations would require that the information be disclosed in court, which isn’t happening.

At present, the only real regulators of the practice are the database owners: private companies that can change hands or terms of service with little notice. GEDmatch, which has at least once bent its terms to accommodate police, was started by two genealogy hobbyists and then sold to the biotech company Verogen, which in turn was acquired last winter by another biotech company, Qiagen. Experts like Ram and Lynch worry about the implications of so much sensitive information held in for-profit hands — and readily exploited by police. The “platforms right now are the most powerful regulators we have for most Americans,” Ram said. Police regulate “after a fashion, in a fashion, by what they do. They tell us what they’re willing to do by what they actually do,” she added. “But by the way, that’s like law enforcement making rules for itself, so not exactly a diverse group of stakeholders.”

For now, Ram said, the best way to regulate forensic genetic genealogy is by statute. In 2021, Maryland lawmakers passed a comprehensive law to restrain the practice. It requires police to obtain a warrant before conducting a genetic genealogy search — certifying that the case is an eligible violent felony and that all other reasonable avenues of investigation have failed — and notify the court before gathering DNA evidence to confirm the suspect identified via genetic genealogy is, in fact, the likely perpetrator. Currently, police use surreptitious methods to collect DNA without judicial oversight: mining a person’s garbage, for example, for items expected to contain biological evidence. In the Golden State Killer case, DeAngelo was implicated by DNA on a discarded tissue.

The Maryland law also requires police to obtain consent from any third party whose DNA might help solve a crime. In the Kohberger case, police searched his parents’ garbage, collecting trash with DNA on it that the lab believed belonged to Kohberger’s father. In a notorious Florida case, police lied to a suspect’s parents to get a DNA sample from the mother, telling her they were trying to identify a person found dead whom they believed was her relative. Those methods are barred under the Maryland law.

Montana and Utah have also passed laws governing forensic genetic genealogy, though neither is as strict as Maryland’s.

MyHeritage UK Ltd. DNA kits are displayed for sale at the 2017 RootsTech Conference in Salt Lake City, Utah, U.S., on Thursday, Feb. 9, 2017. The four-day conference is a genealogy event focused on discovering and sharing family connections across generations through technology. Photographer: George Frey/Bloomberg via Getty Images

MyHeritage DNA kits are displayed at the RootsTech conference in Salt Lake City on Feb. 9, 2017.

Photo: George Frey/Bloomberg via Getty Images

Solving Crime Before It Happens

The rise of direct-to-consumer DNA testing and forensic genetic genealogy raises another issue: the looming reality of a de facto national DNA database that can identify large swaths of the U.S. population, regardless of whether those individuals have uploaded their genetic information. In 2018, researchers led by the former chief science officer at MyHeritage predicted that a database of roughly 3 million people could identify nearly 100 percent of U.S. citizens of European descent. “Such a database scale is foreseeable for some third-party websites in the near future,” they concluded.

“All of a sudden, we have a national DNA database, and we didn’t ever have any kind of debate about whether we wanted that in our society.”

“All of a sudden, we have a national DNA database,” said Lynch, “and we didn’t ever have any kind of debate about whether we wanted that in our society.” A national database in “private hands,” she added.

By the time people started worrying about this as a policy issue, it was “too late,” Moore said during her address at the Ramapo conference. “By the time the vast majority of the public learned about genetic genealogy, we’d been quietly building this incredibly powerful tool for human identification behind the scenes,” she said. “People sort of laughed, like, ‘Oh, hobbyists … you do your genealogy, you do your adoption,’ and we were allowed to build this tool without interference.”

Moore advocated for involving forensic genetic genealogy earlier in the investigative process. Doing so, she argued, could focus police on guilty parties more quickly and save innocent people from needless law enforcement scrutiny. In fact, she told the audience, she believes that forensic genetic genealogy can help to eradicate crime. “We can stop criminals in their tracks,” she said. “I really believe we can stop serial killers from existing, stop serial rapists from existing.”

“We are an army. We can do this! So repeat after me,” Moore said, before leading the audience in a chant. “No more serial killers!”

Update: August 18, 2023, 3:55 p.m. ET
After this article was published, Margaret Press, founder of the DNA Doe Project, released a statement in response to The Intercept’s findings. Press acknowledged that between May 2019 and January 2021, the organization’s leadership and volunteers made use of GEDmatch tools that provided access to DNA profiles that were opted out of law enforcement searches, which she described as “a bug in the software.” Press stated:

We have always been committed to abide by the Terms of Service for the databases we used, and take our responsibility to our law enforcement and medical examiner partner agencies extremely seriously. In hindsight, it’s clear we failed to consider the critically important need for the public to be able to trust that their DNA data will only be shared and used with their permission and under the restrictions they choose. We should have reported these bugs to GEDmatch and stopped using the affected reports until the bugs were fixed. Instead, on that first day when we found that all of the profiles were set to opt-out, I discouraged our team from reporting them at all. I now know I was wrong and I regret my words and actions.

Join The Conversation