This is a very interesting issue with sending your DNA to sites like 23andme. This means that a police officer can get a warrant to submit a DNA sample to the site, and get back anyone who matches. (Or in this case, their relatives.)
The reason I think it's particularly interesting is that it passes one of the basic tests I have for whether something should be searchable by law enforcement: Do they have a target in mind and a warrant to search for that target? For PRISM and the other things that Snowden warned us about, the answer was no: the government was doing dragnet surveillance of all sorts of data warehouses to find people who fit a profile, without knowing who they're looking for ahead of time. With this, they have to have a DNA sample found at a crime scene, and they're using that combined with a warrant to do a targeted search for people with matching DNA. It just happens to be a website that people send their DNA to, rather than a police database.
So I'm actually inclined to say I think this is ok? But I'm not 100% sure how I feel yet.
EDIT: ok it looks like this was done not necessarily with a warrant, but with the officer just submitting the DNA as if they're a customer of the site. But actually my point still stands if they changed their technique to instead use a warrant and ask the site directly, not hiding that they were police officers... it's just that in this case they didn't even need to because it's so easy to just send others' DNA samples to these sites? It really seems like the lack of a warrant was a technicality here and could have easily gone the other way and still got to the same result.
You should feel upset and scared. Sites like 23andMe are just a small subset of genes and variations of them. The number of false positives due to this limit is significant. In whole database fishing searches by non-experts (ie, police) it will result in false positives every single time.
>In 2013, geneticist Michael Coble of the National Institute of Standards and Technology in Gaithersburg, Maryland, set up a hypothetical scenario in which a mix of DNA from several people had been found on a ski mask left at a crime scene after a series of robberies. Coble asked 108 labs across the country to determine whether a separate DNA sample, which he posited had come from a suspect in the robberies, was also part of the mix. Seventy-three of the labs got it wrong, saying the suspect's DNA was part of the mix when, in fact, it was not.
Police, judges and lawyers probably don't know the difference between a DNA test and a DNA test. People used to go to jail because they had the same blood type as the criminal.
Right, but the issues with using geneology-resolution DNA to match a specific individual are already understood---you yourself have highlighted them.
A defendant is one expert witness away from undermining a case that relies on that low of a resolution of matching alone. In this case, that data was only used as a pointer to suggest to police that deeper scrutiny of the identified suspect was warranted.
DNA-based evidence led to a lot of wrong convictions in the early stages but methods have improved significantly. No judge would send someone to jail because a sample at 23andme matches. But they could issue a warrant to allow a further DNA test of the suspect.
There is significant lag between false convictions and proof of innocence. So, it might seem like a huge improvement but it's far smaller difference than you might think.
If anything, I'd expect people to have more concern about the fact that the police in California are allowed to steal your stuff and grab DNA off of it than the risks from them being allowed to submit your DNA to a privately-owned database full of voluntary DNA submissions.
First off, if you discard something in the trash you no longer are laying a claim to it and giving it up for the trash handlers.
Secondly, it was established in California v. Greenwood that you don't have a privacy right to trash left out on the public curb for pickup; which obviously implies that you don't have a privacy right to trash placed in a public bin.
I dont think thats a good analogy. a better one is your neighbor discarded trash, and your trash is like your neighbors.
I personally think privacy laws need to be set up right away. I think it should be illegal, even in cases of national security, to infer something from your DNA from others, such as relatives without the use of a warrant.
you should not end up in what is effectively a police line up just because your brother submitted his dna to the public domain. people should not be able to use information about his dna, in any way imaginable to infer anything about you.
Why? That seems like a broad restriction that we don't apply to other things like "Your fingerprints partially match some prints at a crime scene" or "You drive the same car as a suspect." People can and do end up in a police lineup for being the same gender and living in the same apartment complex as a perpetrator; I think that's reasonable, because a lineup isn't a conviction.
There's a world of difference between evidence submittable at a trial and evidence making someone worthy of suspicion and further investigation. I agree the bar on the former should be high; the bar on the latter being low on average leads to faster perpetrator identification and a safer community.
our DNA is private. they should not be able to look at it without a warrant even if someone else slimier to you recklessly throws it in the public domain.
Imagine I could read your mind by reading someone else mind. are you ok with me having access to your private thoughts just because someone gave me access to their mind?
> Imagine I could read your mind by reading someone else mind. are you ok with me having access to your private thoughts just because someone gave me access to their mind?
Even if you and I were parent and child, I don't think there's a reasonable philosophy of ownership on which you could hinge the notion that I can't donate the DNA in my cells to a cause because the pattern of half of the (physically completely independent) DNA in your body has a relationship to my own.
I do think you're touching upon possibly an interesting wrinkle in the way our current philosophy of ownership treats data about groups vs. data about an individual. Similar lines of thought underpin the question of whether your friends are culpable for sending data about themselves to Cambridge Analytica if it allows CA to extrapolate information about you.
However, I currently know of no philosophy of ownership that makes the described scenario bad apart from the general "it's a dick move if you do it on purpose to screw someone else over" (but that hinges on the general category of "Don't screw people over on purpose," not on any concept of joint ownership of data).
To pull another analogy: imagine I had dated a rapist and although I didn't have enough evidence to get him convicted of a crime, I told all my friends he was dangerous and now they won't date him. Is this bad? Quite the opposite; it's the system that is already of necessity in place to protect people from bad actors that the legal system fails to handle.
It's the essence of who you are, your uniqueness against every other living thing on the planet.
I can see how psychologically compelling that idea is, even though I disagree.
What I mean is: should I be able to stop my identical twin from uploading his DNA to a genealogy site without my consent because we have identical DNA?
Legally, the answer is pretty much "no" right now, and I think it's morally also "no."
I agree that the use of a public genealogy database is problematic but the way in which the police obtained the genetic material is not.
Once a person discards any material as trash in a public space, it's fair game. The police didn't begin doing this sort of thing when DNA tests were invented.
Does anyone know which professions in the US that are government related that the DNA information is preserved? I would surprised if there are not positions which require it. Surely law enforcement is keeping the records on some convicts. Do they even need a warrant to obtain it?
what I am leading up to is I can easily see where it becomes a requirement for others and it might start off with police forces because of the high visibility of abuse issues. From there it is not a big leap to other high visibility groups to include military and eventually everyone gets lumped in for medical safety and such.
It isn't that we need to be scared of what 3rd party sites do, it is that we need to be ahead of the game and limit how government can gain and maintain this information
Each state has a DNA database and there is also and FBI DNA database.
In California, the police can add you to the database (forcibly if needed) if you are arrested for a felony, or if you have a felony record and are arrested for a misdemeanor.
Note that I used the word “arrested,” not “convicted.” SCOCal has ruled that a conviction is not needed. Just an arrest.
All of this came about through two different voter referenda.
I'm not sure it passes the “do they have a target in mind” test. If they had a particular suspect in mind and asked whether that suspect's DNA matched or not, that's one thing. If they indiscriminately look for arbitrary people with matching DNA, then it seems to fit the definition of a common statistical mistake that even has a Wikipedia article: https://en.wikipedia.org/wiki/Prosecutor%27s_fallacy
(Although again, if the match turns out to be a prior suspect rather than a random person, that's another story—see the “defense attorney's fallacy” lower on the page.)
> If they had a particular suspect in mind and asked whether that suspect's DNA matched or not
They do. The suspect is a "John Doe." But the suspect's DNA is the physical sample they have in the rape kit. IANAL, but it sounds like it should pass the criteria for targeted search.
Interesting point - I highly doubt the suspect was a "prior suspect". But in this case I believe investigators were able to find additional evidence after they matched the DNA. So in Bayesian terms, multiple updates (DNA match + location match + suspect appearance match + other physical evidence) were made to their prior.
Additionally, I think investigators tend to act more carefully in a high profile case than in a typical case, so I expect that they possess some additional conclusive evidence.
It doesn't matter if multiple updated positively confirm the suspect as the perpetrator when the first link in the chain (ill-gotten DNA match) is excluded by the court. This guy will walk.
Will he? I believe this novel use of a private DNA database is so novel that there may not be any governing case law on whether it's a violation of privacy.
The scanned individuals opted in for relative matching. The fact those people were relatives of John Doe is publicly-documented knowledge in birth records and not susceptible to a privacy challenge.
We know states are prohibited from storing biometrics (DNA, fingerprints) of law abiding people for law enforcement purposes. Then it follows they are prohibited to outsource the same to third parties.
Car registrations are required. You are allowed a choice of owning a vehicle knowing what it requires. Sample of your DNA and fingerprints is not a requirement when we are born.
Thus I find the comparison not adequate.
But it wasn’t the suspect’s DNA it was his relative’s. Deleting your own information would not be a sufficient privacy measure in this case. It’s increasingly statistically likely that someone you’re a relative of will be in a DNA database, it’s simply not tractable to ask all of them to remove their DNA. And what about when some of these people die, can I take down my late grandma’s DNA.
So to tune the analogy: "A white van was found at the scene. Police have reason to believe the van's owner wasn't driving that day and investigate the owner's son, who is also known to sometimes use that van. That investigation reveals much stronger evidence that the son is the perpetrator."
I see no issues with this chain of investigation. Some tools the police have access to you cannot personally opt out of. That's working as intended.
If I am European and I ask Facebook to remove my data, will they also remove pictures of me which are owned by my family? I doubt it, and that's also the problem with providing consent on these DNA databases - they don't require the consent of all of your relatives.
It's a really tricky question. I'm not at all enthused about the police having rights to collect and store all arrestees' DNA indefinitely for example. On the other hand, it's both commercially risky and wholly impractical to refuse access to the service to law enforcement. You can't have a networked society and expect the police not to use OSINT techniques.
If you're arrested or charged for a felony in California you're obliged to provide a sample, since 2009. I don't know about other jurisdictions. CA apparently has the largest database in the world.
Do you mean, will you incur any legal penalty for doing so, or just be violating their ToS? I don't believe so but haven't researched it in depth. It'd be tricky to sue because the right of publicity is generally treated as a property interest and you wouldn't necessarily be able to show any economic loss. I'm not an attorney though.
In practical terms, I'm sure it's against the ToS but really the service providers have no way of knowing unless the person has already submitted their DNA and your submission raises a red flag, thus cutting you off from the information you desire. This is interesting from a game-theoretic standpoint in that it might be more secure to give your information to every website and then be the designated owner, but it probably wouldn't shield you from law enforcement getting the same information via subpoena. It's an uphill argument to say that a general right of privacy weighs heavier than the unsolved cases of 10 murders and 50 rapes, a record which will probably be broken again in future.
I don't think DNA testing companies have much incentive to screen potential customers since each person can only submit DNA once without raising another red flag.
To be useful, they'd of course need a solution for verifying authenticity of the input data. Otherwise, it's just noise and we already have historical examples of that design failing (such as "informants" handing over people to the US as terror suspects).
Ignoring practical issues with obtaining the sample, I think a good lawyer could probably find a way to sue you for any damages that you caused. As for whether it's a criminal act, I think that it might be a form of assault, maybe.
I know it would violate certain state laws regarding biometric data, but the penalty for violating those laws appears to be civil by and large, not criminal.
> Ignoring practical issues with obtaining the sample
> As for whether it's a criminal act, I think that it might be a form of assault, maybe.
Are you suggesting that using their DNA without their consent is assault, or the taking of it from them? It'd be trivial to take it without contact with them, from e.g. a hair, or their toothbrush, particularly if you live with them.
23andme and ancestry.com use a process which needs more genetic material than is available from hair or toothbrushes. You have to get a fair amount of spit in a tube.
Couldn’t this be seen as identify theft? It is like saying. I am John Doe from Bakers Street except that a complete DNA sample would be even more conclusive (I.e. impossible to accidentally to use to hide one’s identity).
Yeah. I'm more wondering about the general case, though.
If I were an insurance company, what's to stop me from hiring investigators to go through customers' garbage to find their DNA, analyze it, and then take "appropriate" action?
Genealogy sites have no way of confirming the DNA submitted belongs to the person submitting it. Trash left on the street is considered abandoned property, so fair game for identity thieves and insurers alike. However, unless you know the person lives alone and has had no other guests between trash pickups, you can't be sure the garbage DNA is theirs. More likely an insurer might try to get a sample during a house visit or, stalking out the target at a cafe, or a hairdresser appointment, you name it. Life insurance companies can come to your house and get your EKG already, a swab would be easy.
>Trash left on the street is considered abandoned property.
I wouldn't be so sure of that interpretation. In most places that I've lived, you could be arrested for taking things out of the trash, whether in front of your house, or even if dumped on the side of the road.
> If I were an insurance company, what's to stop me from hiring investigators to go through customers' garbage to find their DNA, analyze it, and then take "appropriate" action?
Laws against discrimination, such as those for both genetic information and pre-existing conditions that already apply to health insurance in the US. Even if nothing stops you from getting the information, you are prohibited from using it.
If you were an insurance company, what's to stop you from hiring investigators to tail a customer and figure out how many times per week they stop at McDonald's for breakfast?
Weird bit about these types of sites they are quite strict about using your real name, but do not really check your ID (but leaves it to post office I guess).
On a fun side, I wonder what would happen if I submitted dogs or pigs saliva.
They would know, the DNA is different. There are animal DNA matching sites for breeders' use. Dog DNA is especially interesting because their genes are more 'slippery' than those of other species.
(answered my own question: mutation rate from generation to generation in dogs is higher on average than in primates. Mechanism is not clear; one hypothesis is that mammals have DNA error correction "machinery" in their cells that is less effective in the canine genome. It's also unclear whether this has any impact on the evolution of dogs in terms of them being somehow more malleable to selective breeding than other species).
I found it intriguing that the EU GDPR explicitly recognizes genetic data as something that it covers under PII - and thus you a have "right to request deletion" of your genomic data, I assume?
"GDPR, in contrast, explicitly recognizes the sensitive nature of genetic data collected in a variety of settings. In Article 9, an adjusted definition of special categories of personal data has been provided that includes genetic data and biometric data, among others." [1]
Which is fine, I suppose, but your relatives don't have to do delete theirs, and the similarity of their DNA to your DNA means that someone could back out, to a certain level of confidence, whether you might be a match based on DNA contributed by them, with the familial relationship obtained and substantiated from other sources (vital statistics, etc.).
This is not new -- I believe there have been at least a couple of arrests made as the result of a suspect's relatives contributing DNA in lieu of actually obtaining one from the suspect directly -- and provided there's consent from the relatives, I can't see much grounds from restraining someone from allowing their own DNA to be used to build a case against someone else. It becomes a bit murkier if you start compelling people to contribute DNA to build a case against a family member, but even there I can see parallels to other types of evidence and it's not a clear slam-dunk to me that it ought to be barred unless the familial relationship is one where testimony would normally be covered by marital confidence or other privilege.
Yep. I do understand re: this not being new - worked in a forensic genetics laboratory, and I tell my family what they give up and expose us to if they contribute to one of these db's.
So caveat emptor as always...but yep I had just wondered in general about "right to delete" with respect to genomic data.
What exactly do you tell them that they're giving up and expose your family to? Kind of an odd thing to mention in a thread about a case where a family member's DNA exposed a criminal.
The problem isn't deleting your DNA. The problem is you cannot delete your relative's DNA. Which is how I've read that they found him. Found a relative match from a 3rd-party, made sure he would have been in the area the years of the rapes, tailed him for a verification DNA sample, made arrest.
If this were to come before the CJEU[1], it would not be clear-cut at all. There was a landmark case where home CCTV was ruled inadmissible in a robbery by virtue of the fact that it included footage of a public road, and the thieves did not consent to the use of their personal data[2], i.e., the recording of their images in public using a home CCTV system.
And the definition of personal data extends to any data that can be linked to you. For example, if a server records a log entry with your name and IP, and the server also records log entries with just the IP, all of the log entries are considered personal data, even for dynamic IPs in some instances[3].
There are some exceptions around criminal justice and the protection of persons and property, however, I still wouldn't be surprised if this DNA evidence were ruled inadmissible in the EU.
Is the metadata that you requested deletion something police in Europe can subpoena?
It sure would seem awful suspicious if someone requested DNA deletion out of the blue. Not convictably-suspicious, but suspicious enough to warrant followup investigation. ;)
what is the difference here between a face photo and DNA? I don't really see any. Both are kind of information fingerprint of a person. If police have a photo of a suspect is it ok for them to use image search of FB/Google/etc.?
To me it’s that the evidence didn’t come from the suspect. It’s like being able to recognise me from a photo of a relative on FB - I don’t like the idea of that. I don’t know why, but I don’t.
What's the difference between this case and the fact the unabomber was caught because his brother and sister-in-law recognized his writings?
What's the difference between this case and if the cops post a photo of a suspect and someone says "looks kinda like my co-worker, maybe a close relative" and that co-worker says "oh, that's my brother, we look alike, people mistake us for each other all the time." And then the DNA matches the brother.
That the relatives gave evidence unknowingly and that the DNA service was used quite differently to what it was designed for. A terrible person was caught in a clever, but sleazy way.
The police used GEDMatch which is openly available and it says explicitly it's used for "researcher" and warns users that their genetic information is available to the public and they can't control what the public does with it.
People "unknowingly" give evidence to the police all the time. That's like complaining the police used information that someone blogged about to solve a crime.
The issue as I understand it, is with the broadness of the search, and that the data in question is personal and private. The search did not query for a particular subject. As an analogy, if the police thought the suspect had diabetes, would they be able to subpoena a hospital to list all the diabetics, then consider them all potential perpetrators?
If the officer submitted the DNA as if they were a customer of the site, I wonder how they complied with the company's sample collection process. You usually have to submit a generous amount of saliva or cheek swabs.
There are sites that don't require a sample, but instead you upload the raw data from a site where you did submit a sample. Gedmatch is one such site. One could construct a file in a compatible format containing DNA data obtained from your own laboratory, upload to gedmatch, and analyse matches. This is how "ancient DNA" samples are uploaded to gedmatch to see how you match against thousand year old human DNA samples.
Could they make a fake saliva sample that has the same consistency as real saliva and whatever other characteristics that the analysis equipment depends on, but contains no DNA (or take a real saliva sample from someone and strip out the DNA), and then but the DNA they want to test into this fake saliva and submit that?
Is this too different from looking up a person's name in Google or Facebook search boxes? In all three scenarios Police are taking advantage of publicly available information written/published by you or about you by others. Police can inspect openly viewable property without a warrant as well. They did not find the killer's DNA in a web site, but blood relatives provided enough triangulation to hone in on a person and get their "abandoned DNA" (maybe cup, cigarette, bloody nose napkin in the trash).
The difference is your name isn't plastered on every object you come in contact with. Your name isn't transferred to other people who come in contact with the same objects as you. Your name doesn't end up in other locations that have nothing to do with you.
The idea I could get arrested because my cousin coughed on a doorknob is terrifying. Everyone has that black sheep in their family. Why should I get harassed by the police every time they or someone they know commits a crime?
Your name is transferred to other relatives (your spouse, children, parents), and it does end up in press, documents, reports, yellow-page type sites, and other locations you haven't touched. Depending on your level of celebrity, it can also get plastered in news and projects you do not come in contact with. In this case though, they narrowed down a suspect, but did not bother him until they had two pieces of abandoned DNA that directly matched the killer. This is not the first time a black sheep has been found, by the DNA of relatives wealthy enough to afford a $100 test (now probably cheaper). The moment they mentioned he has a daughter and granddaughter when they announced the capture yesterday, I knew they probably triangulated him by a relative's DNA. The article today proved it.
That's not what I'm talking about. Your DNA can end up under the fingernails of a murder victim with no connection to you. Your name cannot. There was a Wired article about this the other day:
That's more of an issue with DNA evidence interpretation than a fundamental difference between different types of identifiable information. Your information can definitely end up in a crime scene that you have nothing to do with. If we use the name example, it's happened before as well [1].
> seems like the lack of a warrant was a technicality here
Seriously? That's all it takes for you to accept the police doesn't need a warrant? That the warrant is "just a technicality"?
If that were true, we wouldn't need judges to approve warrants. Police has and will abuse their powers without the judge being a filter for their actions. That should never change.
I think that's a non-charitable way of reading what I said. Although I was certainly unclear.
What I mean is, the interesting issue to me is whether it's OK for law enforcement to send a DNA sample and compel ancestry/genomic sites to respond with any matches, even if they do have a warrant. So I misspoke saying it's a technicality, what I really mean is that the issue is interesting to me even if a warrant were provided.
Wow, this whole comment thread is given up acceptance of ambulance-at-the-bottom-of-the-cliff thinking. The real solution would be to make the police accountable so you can trust them, then let them search however they like.
Which is the fundamental problem with data businesses. When you give your data to a 3rd party it is not possible within our legal system to restrict who has access to it.
could they even? They d have to send a letter to all the relatives of each of their customers that their partial genetic information is stored in their computers.
Given the fallibility of DNA testing they may as well be using a divining rod to declare someone a witch. This will be abused to falsely accuse innocent people. Lives will be ruined and the authorities will act like their hands are clean. 23andMe is not a forensics lab. Their techs have no incentive to avoid mistakes with cross contamination. This is just plain dumb.
In this case, sites like 23andMe were only used to generate leads on suspects. Two independent forensic DNA tests were used for evidence of guilt. I agree that DNA testing has flaws, but that's the purpose of the criminal trial. Defendants have due process rights to cross-examine the DNA testing process, present their own testimony, and provide exculpatory evidence.
I think you're confusing an investigation with a trial. This technique seems like a breakthrough for narrowing a list of suspects. But your claim that this would be used as evidence in a trial is unfounded and a bit silly. They have him. They have the DNA of the killer. They can perform their own testing without relying on any online DNA test results at all.
Because the public is ignorant of the problems with it and the judiciary likes tools that can win easy convictions. Breathalyzers don't actually measure blood alcohol and there is no credible way they can estimate it to three significant digits but courts allow them too. Polygraphs are pure bullshit but the examiner's word that someone is "lying" is taken as sacrosanct evidence in court.
The other two examples are true. Across the Atlantic polygraphs are regarded as a comedy technology and breathalyser tests are sufficient grounds only for arrest and an actual blood test.
I'm pretty sure most all jurisdictions allow you to request a blood test in lieu of a breathalyser. I assumed it was common knowledge polygraphs were junk, but at least Wikipedia says they're in common use in the U.S. but are considered controversial. I knew polygraphs were banned as a prerequisite for jobs in many areas and that many government jobs had them as part of the interview, but figured it was more of a stress test or hazing. I do think the bar for expert testimony and scientific evidence could use a lot of improvement in the U.S.
I don't know if this is the commenter's intent but isn't there a potential false positive issue with DNA testing?
Something along the lines of if only 0.01 percent of the world's population can match a DNA sequence found that still leaves us with a million matches where I just made up both those numbers.
This 'bias' is not necessarily inappropriate because of the inherent asymmetries of DNA evidence - it is statistically more powerful for exoneration than conviction. This is because of the False Positive Problem (similar to the Birthday Problem in probability): if the actual incidence of a phenomenon is lower than the false positive rate of the test, a positive result is likely erroneous even on a highly accurate test.
This is why a strong prior, developed through traditional policework, is necessary to increase the reliability of DNA results - most results obtained through database trawling will be false - and these will be numerous if the database is large enough. It is also part of the reason why exonerations are more robust than identifications.
This particular case may not suffer from these statistical problems, but they are worth keeping in mind, as it sets a precedent.
That isn't bias but rather an understanding of burden of proof. If you think it is, then you are very fundamentally misinformed about how our society functions.
I was very confused about this. The genealogy website did not probide any information to law enforcement. Instead, law enforcement uploaded DNA from the crime scene to the genealogy website.
...and then the genealogy website provided information to law enforcement by showing profiles of people with similar DNA.
Perhaps that’s the real privacy issue... anyone can find a piece of hair on the sidewalk, send it to a genealogy website, and identify who it might belong to and/or any relatives.
I can see it now: "Hi. We're not actually related, but I believe you may be 2nd or 3rd cousins to someone who left a brand new, pink hairbrush at my B&B."
So after search by phone number or email on Facebook, we will also have search by DNA. For when you want to get in touch with that mysterious stranger on the subway...
>anyone can find a piece of hair on the sidewalk, send it to a genealogy website, and identify who it might belong to and/or any relatives.
Searching for relatives in such sites, CAN be a privacy issue, but I don't see how your particular example works exactly.
What motivation exactly would have anyone that found a piece of hair, on the sidewalk or elsewhere, to know people with DNA from/similar to that hair's?
Consider this creepy altrnative: You have a drink at a bar. Stranger swabs it, or steals the glass, collects DNA, sends it in, now triangulates who you are from your relatives.
I don't know if it's that easy, but something like this may become possible.
>Consider this creepy altrnative: You have a drink at a bar. Stranger swabs it, or steals the glass, collects DNA, sends it in, now triangulates who you are from your relatives.
Sure, but following you would be much easier.
Why go through all the trouble (AND live an online trace).
Maybe in the future leaked DNA sequence databases will be available, downloadable, and searchable by criminals without a third party. If so, this would actually be less likely to create evidence than following them.
If you are up against someone or a state that wants this info, you can't really stop them. They could get your credit card info from the bar, follow you home, hack your phone, socially engineer anyone around you to find that out.
So the issue is 23andMe or similar accepting DNA samples without verifying identify beforehand. As in, they should submit some kind of ID or affidavit that they are the provider of the sample before delivering it.
I agree. My understand was that both parties have to agree for the website to connect them. I'm not sure what specific site this is, but I wouldn't trust a site that just connects me to other people without my consent.
Your consent, or even you being on the website, isn't needed. If enough of your relatives consented, the stalker can have at least a list of your relatives, and try to guess you from there (as the police did in this case)
That's assuming again that my relative accept to share. That's not what I'm talking about. I'm talking about the direct result. In this case, the relative of the killer never agreed to share the data with the police.
> the relative of the killer never agreed to share the data with the police
Not with the police, but they let people who find a related DNA to find them (this is a feature of these websites). Once the police have your DNA, then can find your relatives. You can't control whether your relatives are opted in to this feature or not.
But I have no say over my uncle’s privacy controls. If someone finds my hair, and my uncle allows himself to be publicly searchable by DNA, then the person who found the hair knows it belongs to someone associated with my uncle. They can then find him on Facebook and commence further analysis.
It’s the same problem we saw with Cambridge Analytica. Incidental data shared by our friends can reveal information about ourselves when analyzed in bulk or supplemented with additional data.
This in effect makes my DNA a matter of public record based on the decisions of my relatives (behind some hoops, but in practice it doesn’t seem hard). That seems like a breach of privacy.
Not the same. Your uncles DNA only establishes he is your uncle. Unless your also saying that your uncle is not free to disclose any information that might be contained in his DNA. For example that he is a white male.
You dont own your relative’s genetics. They can do whatever they want with them. There’s no breach of your privacy because nothing of yours was breached.
But my dna can now be matched to me - That is a breach of privacy today, or at least and end run around legislation that attempts to limit the spread of genetic information.
We should think really carefully about this! My uncle’s right to check out who his long lost cousins could put my genetic information in the hands of a potential employer, insurer, or government. That could be really bad.
This is similar to the Facebook scenario, where it’s not just your privacy you are trading away for whatever benefit, but those of people related or near you.
Not the OP, but until not that long ago there was a social pressure thing of not "advertising" your relatives' history of psychological problems (mostly suicide or time spent inside a psychiatric ward) to outside members of your family, lest those outside members would think you had the potential of having the same issues, too. This is sort of similar to the "uncle" from your example not being free to post "his full medical and psychological history online", I mean, had he done that his family would have certainly retaliated by telling him to remove that information from public knowledge.
Btw, I live in Eastern Europe so I'm talking about stuff I've experienced here, maybe in the States or in Western Europe this behavior changed a long time ago and not only recently.
There's a big difference between your own DNA being publicly hosted and identified, and some DNA that is pretty similar to yours but not the same as yours being posted and identified to someone that is not you.
Why should you have a right to block the later from happening? It's not your own personal information.
I think the difference is much smaller than you think. If someone finds male DNA and my uncle has used this service, and a public photo with my eyes and hair clearly visible in the background on his Facebook page, then suddenly it’s almost as if I registered my DNA in a public registry. It’s the metadata problem all over again, it just takes one or two more public data points to deanonymize it entirely.
You uncle should have a right to rat you out if he pleases. A mother can turn on his murderous child to the police if she wishes so.
I think the debatible point is consent: i dont think anyone ever consented to their dna being able to be used to incriminate them or anyone else without their express consent.
Nor do I. Obviously, I don't want to appear regretful that the killer was found.
I predict that someone in the near future will be saddled with the unenviable task of arguing against the precedent set by this arrest. Good luck to that poor soul.
There are hundreds of years of precedent saying it's OK to figure out if someone was at a location at a certain place and time. See use of CCTV, eye witness testimony, purchases & receipts, etc...
I would posit that there should be a difference between a potential suspect, and complete dragnet operations collecting everyone through a point.
Sure, if you have a Judge sign off on a search warrant, I have no problem with individuals being searched. But that petition to the court better be public and upon a sworn affidavit upon probable cause.
This case sure doesn't sound like that - instead it sounds like $geneticcorp was providing all analysis to law enforcement by default. Then again, the companies can just claim that's their "free speech" or some such garbage
.
> Being in a location at a certain place and time could be trivial to determine, no matter how careful you are.
Well, that would determine that your DNA was there, but as we saw in that case discussed here earlier this week [1] is it a lot easier than most people realize for your DNA to get transferred to things or people who then transfer it to a crime scene, where it can be discovered and thought to be from the criminal.
I spent a while thinking about what one could do to defend against the risk that one's DNA might be falsely found at a crime scene for a crime that occurred when you are home alone. I couldn't think of a good way to prove you were home, but you don't need that. You just need evidence sufficient to raise reasonable doubt.
I came up with two ideas, one that you can do yourself, and one that would involve a startup that provides an alibi service. Not sure if anyone actually needs anything like this yet, but it is an interesting problem to thing about.
(I live alone, and my office switched to work at home a few months ago. I can now easily go several days now where the only people who see me are fast food workers, gas station attendants, and others in retail. Even at the fast food place I visit several times a week, where they remember me sufficiently to say "the usual?" when I walk in, and make the right thing if a say "yes", I doubt that if they were asked if I was there on a particular morning they would not be able to remember. All they could say is a come in 3 or 4 times a week but they wouldn't know which were the days I did not come in...so if somehow I was tied to a crime, I would probably have a very hard time establishing that I was not there).
First the self-hosted version. This is based on the old classic method that people, such as kidnappers, would sometimes use to prove that a hostage was still alive as of a particular date: send a photograph of the hostage holding a major newspaper from that date.
Set up a camera in your home that periodically takes a photo (or maybe a short video) of you standing next to a couple of monitors. One of the monitors displays current prices for several major stocks on exchanges around the world, and exchange rates on several currency exchanges around the world. The other shows several major news sites. After the photo is taken it is hashed and timestamped using a trusted timestamp service [2] (or if you want to do it simpler, just Tweet the hash).
If you ever need to raise doubt about a claim that you were somewhere at a time you claim you were at home, you offer the photo or videos taken near that time. The timestamp for the hash establishes an upper limit for the time that the photo was made. The prices on the stocks and currencies and the headlines on the news sites should allow establishing a lower limit on when it was made. That gives you evidence that you were home between those times.
Could this be faked? Yes. You could take a photo made earlier in next to blank monitors, and then around the time you are committing the crime ssh home and make the system take a photo of the monitors displaying the price and news data, and then Photoshop that into the earlier photo, and upload it.
But if your system is set up to work honestly, I think it would be good enough for reasonable doubt, unless the prosecutor can offer actual evidence that you DID hack it rather than just speculating that you MIGHT have done so.
The startup version, offering an alibi as a service, would just need you to have a webcam and microphone at home. With this service, you periodically initiate a video chat with the service, which it records. You should do the chat from a place where the background is easily recognized and unique. During the chat, the service gives you a random number of 6 digits. You speak the digits, while simultaneously holding up a number of fingers corresponding to those digits. The service saves the video and the random number. Maybe also hold up your phone with it using a GPS or mapping app showing your location.
In fact, the alibi service could probably make the whole client side a smartphone app. Use the smartphone front facing camera instead of a webcam. The app can use the phone GPS to record the location.
If you are worried about privacy issues over the videos of you being uploaded to the alibi service, there could be an option to store everything (video, GPS location) locally or on whatever secure cloud storage you use for your own videos and photos, with just a hash uploaded to the alibi server.
Fast food restaurants typically have security cameras. Same with gas stations, mini marts, public buildings, private buildings, etc. If you pay with a credit card, you'll have records of your whereabouts during that transaction. If you have a ton of internet activity on a given day that's not proof, but strongly suggests you were home. You have a cell phone that beams your location 24/7. Of course, its not proof you were home when you were using your cell phone at home, but it's highly suggesting you were home at that time.
Depending on the granularity of your utility's records you may be able to provide evidence that you were home based on your energy and water usage. This would probably look less suspicious than if you just happened to follow an elaborate alibi routine every day.
>This is weird af. I don't think anyone truly consents to the use of his dna this way, and its a strange case of privacy violation.
If anyone (a) submits their DNA to such a site, and (b) looks at profiles of people with similar DNA to his found by the site (that is, what the police did in this case according to the comment above) then doesn't matter if they "consent" or not, they should expect that others can do the exact same thing, and be shown matches to their DNA.
How is this different than the police comparing DNA evidence to samples in their own database? In both cases, the person who provided the DNA did not consent.
That's not a thing. It's innocent until proven guilty; it's legally impossible to gather evidence because they're guilty to use against them. Hell, innocent people's fingerprints can be, and often are, collected at crime scenes. The police can use innocent people's prints to establish a timeline or figure out what their role was.
People should be at least notified about WHO saw their DNA results, and everyone should be approved on the site. So the police can't just use a pseudonym to search for this stuff.
The stringing bit in that for me is that is this “It wasn’t a matter of if he was coming, it was when,” Ms. Schubert said. Her parents were “not gun people,” she said, but her father bought a firearm. Her mother kept an ice pick under her pillow when she slept.”
For an individual, the set of data those websites have on who matches you is around "Your total living relatives out to 6th cousin or so" * a ratio of people willing to use the site's services. That turns out to be a lot of people. And when you correlate that with data on where people live and where they lived at the time of a string of crimes, it turns out to be a lot of data.
Interestingly it wasn’t even his DNA in the database, but a relative’s. It just goes to show that there is nowhere to hide. Even if you stay completely offline, it only takes one relative to log the bulk of your DNA onto the Internet. Metadata strikes again.
You usually use obviously beneficial cases to push boundaries. Having your medical insurance pay one of your relatives for their DNA to re-rate you and other relatives or other horror scenarios will follow later down the line, once we've shown willing to give up privacy.
This entire "you share lots of info (DNA) with your relatives, thus they can screw you with it" is a pretty new issue. I doubt we understand the full ramifications, yet, and thus i'd prefer caution instead of the government giving others a green light to screw me in ways i cannot even imagine, yet.
"Family members can screw you via relation" isn't really a new issue. English Common Law generally moved the legal needle on literally being killed or sent to jail for the crimes of a relative thanks to the abolition of "corruption of blood" law, but there are a lot of other ways you can be on the hook for a relative's actions.
One guy I know sent in his dna to ancestry. He was immediately matched with a woman as highly likely to be his sister. He was shocked and they connected. Turns out they are siblings and both adopted at birth. So there’s some upsides to these sites
Nevertheless hopefully ancestry etc would have sensible policies to protect peoples’ privacy unleSs a court order is involved.
I have a cousin who found out, in his 50s, after his mother and father had passed away, that he was not related to anybody in our family. It crushed him.
My family found an estranged relative from a one off affair in another country through Ancestry's "probably related" tool. It was an incredible experience.
Sample mixups and other mistakes can happen. I know of cases where family history could become exposed through these tests, but if you get results that are unexpected it's worth some follow up to be sure.
The reporting on exactly how DNA was used to identify the Golden State Killer is still pretty limited.
It sounds like they submitted DNA from GSK crime scenes to a number of genealogical sites and got back one or more familial matches. From that match or matches, they were able to backtrack to a specific suspect.
Once the suspect was identified, they were able to surreptitiously obtain the suspect's DNA, then they directly tested that DNA against GSK DNA samples, and were able to confirm the match.
It hasn't been stated directly, but it seems like there is plenty of still-usable DNA from GSK crime scene evidence, even though it will now be 30+ years old.
Whereas eye-witness testimony is incredibly unreliable, but laypersons typically believe it to be accurate, the opposite is true with DNA forensic evidence. The public generally believes it to be infallible, when in reality it's not always that clear cut.
It should be regarded as another tool in the toolbox, not the be-all and end-all of criminal forensic investigation.
Arrest isn't conviction, so it's a good thing that officers don't always act like they're putting away a killer (and that the accused don't always act like they're about to be put away for life.)
Arrest isn't conviction, but since the topic here is DNA it's worth noting that in California you can have your DNA taken against your will and put into a database when you get arrested even if you're never convicted or even charged with a crime.
Further, in California and most other states, a 'fetal blood spot' is taken from every newborn and tested for a variety of genetic diseases, and the spot is retained in some state filing cabinet (or refrigerator?) somewhere. See an older comment for details & links:
Just as there was a state proposition (sponsored by the relatives of one of this killer's victims) to expand DNA-testing of criminal suspects, a future policy change could send investigators into those filing cabinets, if the blood DNA isn't too degraded, to do a broad genetic dragnet for criminal suspects (or their relatives).
This would require a warrant, which requires a specific target, not a fishing expedition. The BTK serial killer was caught in similar fashion, police were able to get a warrant for his daughters Pap smear which was stored at a medical facility.
Is that your considered opinion as a legal expert on these matters?
Since proposition 69 (2004), and recently upheld by the Calfornia Supreme Court, California is taking and holding indefinitely DNA for everyone arrested for a felony, even if they're never charged or convicted:
So they get already get 'free look' (no warrant required) at the DNA of anyone alive, via an arrest, even if the charges are ultimately unsupportable. Do you expect a stronger protection would apply against stored records?
Further, the newborn blood spots are already in government custody. There's no essential requirement for any private 3rd party to produce them, against the holder's wishes. Why wouldn't a detective/prosecutor, perhaps emboldened by public opinion or some new Prop-69-like policy, to consider these blood spots 'abandoned' DNA, just like that acquired from this 'Golden State Killer' suspect after surveillance but without a specific warrant?
Is it unlikely that law enforcement would ever get a 'warrant to modern-sequence-all-the-spots', to solve some particularly heinous crime, then retain the data indefinitely, as they already do for other incidental collections? Sure, that sounds to me like a 'general warrant' that should be prohibited by the 4th amendment. But government keeps seeking – and often winning in court! – ever-broader database warrants. (See for example https://www.washingtonpost.com/news/monkey-cage/wp/2016/06/1...)
Even the ~80 yes/no genetic disorders automatically tested for, and thus possibly kept in a digital database afterwards, might be enough 'bits' to narrowly pick a few suspects, or uniquely identify a single suspect, in some cases. Would the CA DOJ need a warrant to have a friend at the CA DPH run a SQL query on a database that may already be online?
Can you find any statement from the California Department of Publish Health that they would only release blood spot data to law enforcement with a warrant?
IANAL but from a quick review of some online authorities, maybe it'd apply. It might depend on exactly how the relevant agencies are classified – are they a health clinic themselves? The restrictions might be waiveable administratively for a popular cause, or violations might have no consequences when happening between chummy government agencies. (Who'll prosecute, and what effective penalties/remedies could be applied, if a governor/president commands coordination between two agencies under their control?) And given the trends in broad warrants, I'm not sure a future court wouldn't offer a warrant to sequence-all-the-spots and search for hits with some heinous criminals' samples.
HIPPA expires 50 years after a person dies, perhaps in the future these cards will be sequenced and crimes with DNA can be narrowed down to descendants.
Good point! This mass, automatic screening began in the late 1960s, so for any states that have retained most/all spots since then, millions of samples would become available for sequencing, despite any possible HIPPA limitations… right about now.
There's technically some ability for parents to opt-out of the delivery of the blood spot to the state, by written request before/during the delivery process.
But that's so discouraged, and the normal process is so automatic and hectic, that it's very rare. Few even realize the blood-spot permanent-collection is happening.
There was a proposed bill in 2015 to require signed consent before the collection, but it was defeated. See very end of:
House fires tend to negatively impact the whole community. Not only could such fire spread to other properties, but it would expend fire department resources and quite possibly lower property values in the rest of the neighborhood.
Officers turning off the oven weren't just doing a favor to the killer, but to the whole community.
The suspect would not want their house to catch fire and police officers have a moral duty to prevent fires in their jurisdiction if they are made aware of a fire hazard they can easily mitigate.
This comment section reads like half the people didn't bother to read the article or even Google the case and somehow think the police are framing an innocent man.
That's part of it. The other part is that it has become a pop-knowledge meme - Reddit & Imgur style - that DNA tests are nearly worthless, are almost never a sound means to convinct someone, and that they mostly just convict innocent people when used by the police. That immediately becomes the go-to parroted premise anytime discussions like these occur, without exception. It's bumper sticker forensic science knowledge.
Well, in the public's defense of being skeptical of "forensic science" has been a range of outright lying[1] to mystical beliefs that look no different than shamanism or voodoo[2].
You should also be aware that the Nation Research Council has done a study[3] on "forensic science" where DNA was the only barely reliable measurement in the entire field.
These are methods the US Justice Department/Police/Judges/Prosecutors routinely uses to destroy innocent lives and trick juries. It's not hard to see how people become skeptical.
I'm not saying this is the case with the capture of the Golden State Killer, but it's not hard to see how the public lost its trust in these institutions we hold to be accountable and make choices.
I'm surprised they are being so public about this (they could have downplayed it, even if they didn't go full parallel construction.)
This will potentially cause people to be less willing to use sites like this, and this could have long-term negative public health impact. Plus, it hurts the commercial businesses.
(My DNA is on record with DOD for personnel recovery purposes, as are most military/contractor personnel of the past 15 years or so, but I'm not sure how the actual database works. I suspect in reality it means China, Russia, Israel, and any other competent infosec adversary also has a full copy of this database.)
Will it, though? I would bet most people wouldn't consider "maybe this will expose a murderer in my family" as a realistic possibility, and even among those who would, most probably would be OK with that.
Murderer in my family, probably not, but what if it is "drug crime in my own family" or the more likely "expensive medical disorder which will preclude insurance, employment, dating, etc.". It's still data being used "against" the user or his relatives.
Those are reasonable extrapolations but are outside the purview of the police's concern. I don't expect they would stop a police chief (let alone a beat-cop) from bragging about a cool new method for narrowing a suspect list, because the benefit to other cops knowing about it outweighs the harm to the companies' bottom lines.
I don't think either of those concerns are really the police's concern. If the public reacts to this news by mistrusting those sites, so be it.
(One could, I suppose, make an argument that the police, for purely selfish reasons, would want as many people as possible to use these sites so would keep mum on this methodology, but that's assuming police act as a coherent unit or organization and are not themselves individuals and citizens with their own red-lines for creepiness).
This kind of screening is extremely fucked up because average people are terrible statistical reasoners. A 99.999% accurate DNA test will find mostly innocent people if applied to a database of tens of millions of people. And even without corroborating evidence, juries will convict on the DNA because average people aren’t wired for this kind of statistical reasoning.
The defense will need expert witnesses to explain why genealogical-resolution matching is unreliable, but any defense attorney worth their salt should have a stable of such witnesses; the difference between "A 100% correlated match between DNA at a crime scene and the suspect's DNA" and "An N% correlation between a suspect's DNA and a suspected relative of the suspect" is pretty clear even to this layperson.
IANAL, but even without the expert witness, defense should be able to throw enough doubt for a criminal case defense with a line of questioning that begins "If the DNA matched to person Q in the DNA database and not to my client, why is person Q not the one being charged with this crime?" Defense can then move from there to the observation that the match to a relative in the database merely narrows the field of subjects to a whole family tree of relatives of the matched individual.
(Note that in this case, the police used the geneology matches as a tool to focus suspect list, not as primary evidence in a murder trial. That's more in the realm of "Looking for everyone in town who buys that brand of cigar" than in the realm of "Your dad's DNA got you sent to prison!!!").
An excerpt from Michelle McNamara's letter to the golden state killer.
The race was yours to win. You were the observer in power, never observed. An initial setback came on September 10, 1984, in a lab at the University of Leicester, when the geneticist Alec Jeffreys developed the first DNA profile. Another came in 1989, when Tim Berners-Lee wrote a proposal for the World Wide Web. People who weren’t even aware of you or your crimes began devising algorithms that could help find you. In 1998, Larry Page and Sergey Brin incorporated their company, Google. Boxes holding your police reports were hauled out, scanned, digitized, and shared. The world hummed with connectivity and speed. Smartphones. Optical-text-recognition technology. Customizable interactive maps. Familial DNA.
I’ve seen photos of the waffle-stomper boot impressions you left in the dirt beneath a teen-age girl’s bedroom on July 17, 1976, in Carmichael, a crude relic from a time when voyeurs had no choice but to physically plant themselves in front of windows. You excelled at the stealth sidle. But your heyday prowess has no value anymore. Your skill set has been phased out. The tables have been turned. Virtual windows are opening all around you. You, the master watcher, are an aging, lumbering target in their crosshairs.
That's an excellent piece. But let's not forget that the suspect is a former police officer. Assuming he's the right person, he was less of a brilliant tactician than a turncoat who knew knew the system inside out, and who may well have had access to investigative information afterwards. He was fired for shoplifting in 1979, having committed many of these crimes during his tenure as a police officer; it was after that he began killing his victims.
>People who weren’t even aware of you or your crimes began devising algorithms that could help find you. [...] Familial DNA.
The killer left behind 800 megabytes of information[1] at the crime scene in the 1970s. A present day genealogy website had another 800 MB uploaded from a family member. Algorithms found a match.
I did 23 and Me but under a fake name. It correctly identified me as a 1st cousin with my cousin, whom I had no idea had already taken the test as well. It was very very spooky, and I can see how useful this would be for law enforcement. At some point in the future, you can drastically limit the number of people to search for based on DNA to a single family tree, if enough people submit their own DNA. It's scary.
It's exactly like your contact list. Facebook doesn't need you to give them your phone number. They just need 1 out of your 500 contacts to upload their entire contacts list so that they get your phone number. The law of numbers is completely against you and your privacy is already violated completely because one of your friends did it to you.
To what extent the bone marrow donor databases are subject to the same risk of police fishing expeditions? Do they hold full DNA profile, or just the fragments relevant to immunocompatibility?
Unlike ancestry websites, the purpose of bone marrow database is not to connect users to relatives. Police don't have the ability to send crime scene data into the bone marrow registry and get back "here's the subject's siblings." I don't even think you're allowed to meet someone you're matched with and donate bone marrow to; for at least several years, if not forever.
The police literally uses the website as designed: "here's DNA; get back known close relatives."
"Lead investigator Paul Holes, a cold case expert and retired Contra Costa County District Attorney inspector, said his team’s biggest tool was GEDmatch, a Florida-based website that pools raw genetic profiles that people share publicly. No court order was needed to access that site’s large database of genetic blueprints. Other major private DNA ancestral sites said they were not approached by police for this case."
GED Match describes itself as such - "GEDmatch provides DNA and genealogical analysis tools for amateur and professional researchers and genealogists."
I've been saying this for years. DNA sites are a goldmine for unresolved cold cases ( rape, murder, missing persons ) where DNA is available.
In the past, if there was a rape in a city, the cops couldn't force everyone in the city to give their DNA to find the rapist. Now, everyone in the city is paying to give their DNA to DNA sites. All cops had to do is submit the DNA of cold cases to these sites and see if they get a match of any kind ( cousins, siblings, parents or the suspect themselves ).
This is pretty huge. I'm wondering if it is from something like YSearch [1] where you can just put in any-old Haplotype and see results or if it is from one of the larger, well known firms like 23AndMe or Ancestry.com.
Does anyone have any more information on this? How do the police get access to DNA from genealogical databases? Do they need a warrant for a specific persons DNA? Do the police check for matches or does the company?
This is more than that: it wasnt his dna, it was one of his relatives dna on the site that got him found.
Im guessing that any relative has a right to divulge his dna and rat out a blood relative in a situation like this, but I doubt people actually consent to that use when they are looking at a genealogy site.
http://abc7news.com/dna-that-cracked-golden-state-killer-cas... This article states that the main DNA sites and Ancestry.com didn't release the information, so I'm curious about where it came from as well. Though it does say they'll comply with 'valid legal requests' it also says they weren't contacted.
There are public databases that allow you to specify your DNA haploids and will show you matches. I linked to one in another comment. They likely used that specific site, although there are other sites that provide the same functionality.
They didn't match evidence to a person directly. They matched evidence to a DNA database to find the person. That sounds like the same thing, but it's not.
There was no warrant. The DNA database company did not know they were participating in a law enforcement case. There could be other people (unlikely but possible) that matched but weren't on file anywhere. People will start viewing such evidence as "Science!" instead of evidence like all the rest.
Finally, if this okay, we have an economics question. It cost the cops 40 or 50 bucks to catch a serial killer. Well-spent money in my book. But what if they could catch people for 10 bucks? Or a dollar? What if they could automatically collect samples and run them without any manual effort?
If this happens -- and I see no reason that it won't -- it won't be just serial killers. It'll be parking violations, trespassers, urban graffiti artists -- anybody that can leave DNA. And who's got the money to fight something like this over a traffic ticket if they get it wrong? People will just pay up or go to prison.
It's continuing the destruction of our human-powered, adversarial, community-approved justice system, replacing it with automation and faux certainty. Catching evil killers is awesome, but the rest of it doesn't seem like such a good future for my kids or grand-kids.
>Lead investigator Paul Holes, a cold case expert and retired Contra Costa County District Attorney inspector, said his team’s biggest tool was GEDmatch, a Florida-based website that pools raw genetic profiles that people share publicly. No court order was needed to access that site’s large database of genetic blueprints. Other major private DNA ancestral sites said they were not approached by police for this case.
>"“GEDmatch exists to provide DNA and genealogy tools for comparison and research purposes,” the site states on its policy page. “It is supported entirely by users, volunteers, and researchers. DNA and Genealogical research, by its very nature, requires the sharing of information. Because of that, users participating in this site should expect that their information will be shared with other users.”
>“If you require absolute security, please do not upload your data to GEDmatch. If you have already uploaded it, please delete it,” it continues. “While the results presented on this site are intended solely for genealogical research, we are unable to guarantee that users will not find other uses.”
> And who's got the money to fight something like this over a traffic ticket if they get it wrong? People will just pay up or go to prison.
I don't know for you but I known many people who just fought their ticket just because they knew the cops wouldn't show up in court. Some of them did do the infraction too... You just multiplied the number of offense in an incredible way and believe they will have more time to fight them in court? Don't think so...
Also, if you leave enough DNA while doing any of theses activities, well you are doing something pretty wrong...
Great to see justice in this case. On the flip side, privacy treasure trove's like this may become a tool for targeting non-criminals, for example classified cases targeting anonymous political activists or similar. It's no longer their own opsec activists need to worry about. It's all so very Gattaca.
You mean, like a database of patient records compiled by a hospital? No, most countries have laws on how those medical records can and can't be used.
A database of DNA of felons collected by police departments where the DNA is also tested for genetic conditions? Barring any specific laws preventing that specific scenario, I don't see why that would be illegal.
Let us the police collect this data and ask everyone who is honest person to add their DNA to it. I have no problem adding my DNA to such resource but when this data is obtained without my knowledge or permission it is the same as stealing.
>Lead investigator Paul Holes, a cold case expert and retired Contra Costa County District Attorney inspector, said his team’s biggest tool was GEDmatch, a Florida-based website that pools raw genetic profiles that people share publicly. No court order was needed to access that site’s large database of genetic blueprints. Other major private DNA ancestral sites said they were not approached by police for this case.
>"“GEDmatch exists to provide DNA and genealogy tools for comparison and research purposes,” the site states on its policy page. “It is supported entirely by users, volunteers, and researchers. DNA and Genealogical research, by its very nature, requires the sharing of information. Because of that, users participating in this site should expect that their information will be shared with other users.”
>“If you require absolute security, please do not upload your data to GEDmatch. If you have already uploaded it, please delete it,” it continues. “While the results presented on this site are intended solely for genealogical research, we are unable to guarantee that users will not find other uses.”
I guess they produced export which is similar or exact format to the exports of one of the popular sites and imported it. For example 23andme currently has DNA day promotion which lets you import ancestry exports. Seems a bit shady to me.
Some states have banned familial searching. I took a genomics class and the guest speaker was a forensic scientist, he explained the pros and cons. Clearly getting these serial criminals off the street has some benifit.
Its been done before. One of the first was the "Grim Sleeper" case with an arrest in 2010. In that case they used the police database though (california has dna of all felons.)
https://en.wikipedia.org/wiki/Grim_Sleeper
"Police had found no exact match between DNA found at the crime scenes and any of the profiles in California's DNA profile database, so they searched the database for stored profiles that demonstrated sufficient similarity to allow police to infer a familial relationship. They found similar DNA belonging to Franklin's son, Christopher, who had been convicted of a felony weapons charge. According to Los Angeles District Attorney Steve Cooley, detectives then used a piece of discarded pizza with Franklin's DNA to make the link. One Los Angeles undercover police officer pretended to be a waiter at a restaurant where the suspect ate. He collected dishes, silverware, glasses, and pizza crusts to obtain DNA.[20] The identification was used to arrest Franklin after his DNA was obtained and deemed a match.[21] Saliva found on the victims established a DNA match linking Franklin to the deaths"
I do hope the prosecutor is being careful about representing the strength of DNA evidence as this person was found through a fishing expedition via a DNA database.
However, if the DNA evidence is the sole evidence against the accused and the accused was picked out of a large database of DNA profiles, the odds of the match being made at random may be increased, and less damaging to the defendant. The odds in this scenario do not relate to the odds of being guilty, they relate to the odds of being picked at random.
RTA. The relative match was used to narrow the suspect list and focus the investigation. I don't know the prosecutor is even going to bring up the ancestry DNA in the trial, and I doubt they will given the much more accurate direct DNA match they were able to acquire after staking out the suspect's home.
Your reply, "I don't know the prosecutor is even going to bring up the ancestry DNA in the trial", exactly reflects my concern. Are you asserting that the DNA search and the "much more accurate DNA match" are statistically independent or that their dependence (overlapping genetic markers) is not relevant?
P.S. Regarding your "RTA" ... from the Hacker News guidelines at the bottom of the page, I quote: "Please don't insinuate that someone hasn't read an article."
I don't know about the statistical independence of the DNA search and the match on separately-collected DNA directly from the suspect (once a suspect was found via the DNA search), but I think it's a little irrelevant; as long as existing laws aren't broken, I understand the court to generally not care how police became aware of evidence of a crime. Consider the oft-maligned "Stopped for a broken tail-light but there were drugs in the car" scenario. If the defendant goes to trial for the drug possession, the broken tail-light doesn't enter into the trial as evidence (mention of it may enter if someone asks the arresting officer why they chose to stop the defendant).
Bringing the analogy around to this case: if a DNA relative match narrowed the field of suspects to the relatives of match candidate X, then the police still need evidence tying relative Y directly to the crime. In this case, they subsequently investigated Y and found such evidence. Should the initial scan of a DNA database for candidate X have been illegal? I think that's an open question. I personally don't think it should be.
I don't see this anywhere: This is most likely not statistically significant. A DNA match might be 99.99% accurate, but when you try to match based on a database of a million people, you're going to get a few false positives. I really hope the police have some more evidence to go on, because otherwise it sounds like they just arrested an innocent person.
DNA wasn't the only evidence police had. 3 pieces of additional information: 1) his history in the Sacramento area, 2) he served in the Navy and law enforcement which fitted the profile police were looking for, and 3) police sketches matched a photo of his from the 70s.
edit: In addition to the physical evidence gathered from suspect's house that could be linked to the crime scenes. This isn't public information yet.
Served in the Navy and law enforcement in Sacramento area isn't that large a set. Something isn't being reported correctly.
This seems more like they got his DNA, and then backfilled the correlations.
While it may have worked in this case, it's more than a little worrying because it changes the police from "finding the correct suspect" to "justifying the DNA identified suspect".
And we already have a case in California where the police let the DNA guide them to the wrong person.
This seems more like they got his DNA, and then backfilled the correlations.
This is always a concern with any investigation or analytical work. I'm curious to find out which other suspects they looked at after the initial DNA lead, and how they went about eliminating other suspects. But keep in mind the public isn't yet privy to all the physical evidence that were collected at the crime scenes.
> But keep in mind the public isn't yet privy to all the physical evidence that were collected at the crime scenes.
Agreed. They almost certainly have more evidence than they ever released to the public.
And, hopefully, they'll find concrete evidence at the house of the man they arrested. Apparently the Golden State Killer took some "souvenirs" from some of the victims and finding those would be very significant.
Lots of people in the DNA databases are relatives to someone who lived in Sacramento.
The lead came from the police searching through DNA databases which identified some set of relatives who were suspicious, but they later obtained the DNA from the suspect himself which was an exact match to what was gathered from crime scenes.
Actually all of that, together, make him a suspect. Any of it might not, but all of it does. Each piece of evidence reduces the likelihood of coincidence. Now that they have the suspect in custody they should be able to do a one-on-one test with the old DNA and confirm their suspicions to a reasonable degree of certainty, assuming they do their jobs well.
But yes, good luck explaining that math to a jury.
Previous to the East Area Rapist, the suspect lived 200 miles away, in the next town over, when the Visalia Ransacker terrorized the neighborhood with over 100 bizarre break-ins. He would break into women's houses and ransack them and only take things of little value while using leaving things of value in sight.
It has long been suspected for a long time the Visalia Ransacker moved to Sacramento to become the East Area Rapist, but there's no conclusive proof (at least yet). There was no DNA taken in the Ransacker cases. The MO and suspect were very similar, it seemed that the East Area Rapist was an escalation of the Ransacker's activities.
The suspect just happened to leave the Visalia area and move to the Sacramento area at exactly the same time the Visalia Ransacker stopped his criminal spree and the East Area Rapist started his in Sacramento.
THEN the suspect was fired from the police force at exactly the same time the East Area Rapist moved his location over 600 miles away from Northern California to Southern California. It's not currently known (to the public at least) where the suspect's whereabouts were from the time he was fired from the police force (in 1979 IIRC) and from the time he took a job at Save Mart back in the Sacramento area in the early 90s.
The crimes in Northern California were conclusively proven to the crimes in Southern California through DNA evidence, unlike the Visalia Ransacker crimes.
There's more... The East Area Rapist mentioned the name Bonnie in one of his attacks http://www.coldcase-earons.com/36.php "After the rape, (HAP: he laid his head on the pillow next to her) and began sobbing "I hate you. I hate you. I hate you Bonnie." (HAP: The victim was not certain that he was saying "Bonnie," but that's what it sounded like)." The suspect, at one point in his life, was engaged to a woman named Bonnie. Bonnie Jean Colwell.
Heh, the math will never even get brought up in the trial. They'll just talk about DNA matches and everybody on the jury will think this guy is scientifically proven to be guilty.
Its not like they just found a statistically matching DNA sample and went "Lock him up, boys!". They found that not only does his DNA match, but he also lived in all of the areas where the crimes were committed, and the crime sprees in a particular area would change around the time that he relocated. He also had experience in the Navy and as a Police officer, which have been long suspected by investigators before this due to some of the behaviors exhibited by the killer. He also apparently has a unique biomarker in his sperm that matches the killer's DNA, futher reducing the chances of a random person matching.
It's not like police & detectives haven't dealt with false positives for the past, oh, all of human history. Each bit of information produces a list of suspects; each list of suspects is compared for the union. If more than one suspect remains, further information is pursued.
Once you have a solid lead it's pretty easy to build a case, especially considering they have mountains of evidence saved from the >60 crimes committed.
I recall reading that you are correct. DNA was originally used as confirming evidence for a case that already had a suspect. They'd identify a suspect the traditional way and then do a DNA test to confirm it. In that scenario it's pretty good evidence. To take a crime scene sample and compare it against the entire population is bound to turn up several near matches. At that point you're up against a common tendency to see things as corroborating the case. Add in the recent discovery that people leave their DNA all over the place and others can leave it in their fingerprints and the value of this approach is very low. One would hope even though they identified him via DNA that they can make a solid case without it now that they know where to look. But I fear the cornerstone of the evidence is going to be the DNA.
I want to know what DNA they got from the Golden State Killer, and how they know that it was his. The guy that they arrested was a police officer during the period where the killing was going on, in an era before DNA tests existed. Did they take DNA from a sample that was accidentally contaminated by a police officer at the scene, and conclude that the DNA belonged to said police officer?
It sounds like they had semen or saliva from an old rape kit which has been in storage for decades from a GSK rape victim (http://www.nj.com/data/2018/04/how_a_nj_pathologist_may_have...), they sequenced it, uploaded it to the genealogy website, got a hit on one of his relatives, investigated that person's relatives until they noticed one guy fit the GSK profile perfectly (law enforcement training, trouble with the law, right age and height, lived in the right place) and then staked him out until they got a discarded soda can or cigarette butt he tossed or which was in his garbage can (remember, if you put your garbage can out on the street, anyone is allowed to take it!), but the first sample was too degraded for a match and they had to get a second one, which then matched perfectly.
Any guesses as to which genealogy website was used? All the services I'm aware of (23andme, Ancestry.com) require that each customer provide their saliva sample.
Note that some services will allow you to upload a spreadsheet of SNPs which you got from another testing service. If the police had access to a non-commercial lab, say a state-run lab in California which can sequence a similar set of SNPs, then they could upload the results to those sites. For instance, FamilyTreeDNA allows raw data uploads, as does MyHeritage, and the non-commercial site gedmatch.com.
Edit: or of course they could have sent a saliva sample to one of the genealogy sites, assuming they had enough to part with some, and it was in suitable condition to work with the site's test equipment.
> Edit: or of course they could have sent a saliva sample to one of the genealogy sites, assuming they had enough to part with some, and it was in suitable condition to work with the site's test equipment.
That's unlikely without special arrangements. Have you ever done a 23andMe sample? The tube requires a lot of saliva. My understanding it's vastly more saliva than they need and the main reason is to make it impossible to surreptitiously collect enough saliva to genotype someone without their cooperation via 23andMe etc.
Here are the specifics on uploading DNA from third-parties for two of the mentioned DNA geneology sites:
MyHeritage.com[1]:
> "The MyHeritage DNA test enables you to get unique matches to users who have only tested with MyHeritage, as well as matches with users who uploaded their results to MyHeritage from other providers. Thanks to MyHeritage’s wide international reach and availability in more than 40 languages, you will have a greater chance of being matched with relatives who live in other countries. You will also receive a comprehensive ethnicity analysis on MyHeritage, drawing from the largest pool of possible ethnicities in the industry."
"When you transfer, for free, you will receive a list of your autosomal matches from our database and have access to our Family Finder – Matrix. The Matrix feature allows you to select and compare the autosomal DNA relationship between up to ten of your matches at one time."
Please note that you can only transfer the following file versions:
In the first press conference the Sacramento police chief said they had DNA evidence lying in stuff that was already in an evidence room that they did not realize until recently, the chief was an advocate for more genetic testing at the state level. The killer did not work for the Sacramento police, ever.
He raped nearly (or possibly more than) 50 women in an era before DNA analysis was a thing that criminals knew to plan for. He left samples on lots of clothes, bed furnishings, cups, bottles, etc. If even one of those samples was intact and survived to this day, it would be enough to match against. Such a match would be strong evidence of his role in the crimes, considering that he was never part of the investigative teams for any of these attacks.
* there was enough genetic evidence at several of the original crime scenes to establish one particular person was involved
* after this suspect came to their attention, apparently via DNA on genealogy sites, they surveilled his home and collected additional 'left-behind' DNA – perhaps from his trash, or a haircut, etc? – to confirm a match with the older crime-scene evidence
damn ... so the guy is going to jail based just on the data obtained from the website?
What if the "match" is not correct?
This should scare a lot of people away from these family tree websites. One day you might have FBI knocking on your door for being a close match to some killer somewhere.
Hang on, am I'm missing something - guy is a suspect, they have yet to find proof he is the Killer and he has been arrested based on a second attempt of trying to match the DNA after the first was inconclusive. Why does the article read like they found the killer?
The evidence sounds pretty damning to me. I'm curious why you think it's wholly inconclusive
>Investigators then obtained what Anne Marie Schubert, the Sacramento district attorney, called “abandoned” DNA samples from Mr. DeAngelo. “You leave your DNA in a place that is a public domain,” she said.
>The test result confirmed the match to more than 10 murders in California. Ms. Schubert’s office then obtained a second sample and came back with the same positive result, matching the full DNA profile.
The first discarded item could have come from a blood relative, i.e., his kids, or been intermingled with his wife's DNA, which could have yielded an inconclusive match (i.e., similar to the killer but not an exact match). They already knew that someone in the house was related to the killer--for their purposes, they needed an exact match.
The reason I think it's particularly interesting is that it passes one of the basic tests I have for whether something should be searchable by law enforcement: Do they have a target in mind and a warrant to search for that target? For PRISM and the other things that Snowden warned us about, the answer was no: the government was doing dragnet surveillance of all sorts of data warehouses to find people who fit a profile, without knowing who they're looking for ahead of time. With this, they have to have a DNA sample found at a crime scene, and they're using that combined with a warrant to do a targeted search for people with matching DNA. It just happens to be a website that people send their DNA to, rather than a police database.
So I'm actually inclined to say I think this is ok? But I'm not 100% sure how I feel yet.
EDIT: ok it looks like this was done not necessarily with a warrant, but with the officer just submitting the DNA as if they're a customer of the site. But actually my point still stands if they changed their technique to instead use a warrant and ask the site directly, not hiding that they were police officers... it's just that in this case they didn't even need to because it's so easy to just send others' DNA samples to these sites? It really seems like the lack of a warrant was a technicality here and could have easily gone the other way and still got to the same result.