chevron-down Created with Sketch Beta.

GPSolo eReport

GPSolo eReport Article Archives

Regulating Forensic Genetic Genealogy: Balancing Privacy Concerns with the Needs of Law Enforcement in a Time of Consumer DNA Testing Services

Devinder S Hans

Summary

  • The U.S. Department of Justice was the first to regulate law enforcement use of consumer DNA testing services, issuing an interim regulation on September 2, 2019.
  • The U.S. Department of Justice Interim Policy on Forensic Genetic Genealogical DNA Analysis and Searching provided the first comprehensive guidance to law enforcement on the use of forensic genetic genealogy (FGG).
  • Forensic genetic genealogy is a valuable tool but it has new privacy issues. The government and the public are slowly determining how to protect privacy concerns while accommodating law enforcement needs.
Regulating Forensic Genetic Genealogy: Balancing Privacy Concerns with the Needs of Law Enforcement in a Time of Consumer DNA Testing Services
thianchai sitthikongsak via Getty Images

Jump to:

Forensic genetic genealogy (FGG), also called investigative genetic genealogy, combines DNA analysis, conventional genealogy, traditional law enforcement investigation, and direct-to-consumer DNA testing services. It gained prominence in 2018 when it led to the arrest of Joseph James DeAngelo Jr., the so-called Golden State Killer, for 13 murders and kidnappings committed in the 1970s and 1980s.

Since then, it’s been employed in hundreds of cases to solve crimes, exonerate the innocent, and identify unidentified remains. In 2019 alone it helped to:

  • exonerate Christopher Tapp, wrongly convicted of murder, by identifying a suspect that matched the crime scene DNA,
  • identify a suspect in the 1971 strangulation of Rita Curran, Vermont’s oldest cold-case murder, and
  • identify the remains of Joseph Henry Loveless, murdered in 1916 and whose remains were recovered from a remote cave in eastern Idaho in 1979 and 1991.

As its use by law enforcement has increased, federal and state authorities, as well as consumer DNA testing services themselves, have started to develop regulations to control the process.

DNA Databases Help to Identify Individuals and Their Relatives

Genetically, all human beings are 99.9 percent identical (identical twins are 100 percent identical). The remaining 0.1 percent both defines our relative difference and reveals our shared lineages. It can reveal information about a person’s identity, genealogy, and certain physical characteristics such as height and hair color.

To greatly simplify the science, DNA analysis consists of comparing specific locations (markers) on DNA in a sample to comparable markers in a database. An identification search results in a probability that the target sample matches a record in the database. A familial search results in a percentage of similarity indicating a common genetic lineage, with greater similarity indicating a closer relative.

The Combined DNA Index System (CODIS) of the Federal Bureau of Investigation (FBI), developed in the 1990s, initially included 13 markers (expanded to 20 since 2017). These markers were selected because they have a wide range of variation and therefore are useful to identify a match for a target record.

Although not designed for it, the CODIS markers can be used for familial searching. These searches generate a ranked list of potential matches for further investigation. The results contain false positives, and a true relative match may not be the top-ranked entry. Most notably, familial DNA testing was used by Los Angeles police in 2010 to find the serial murderer known as the Grim Sleeper (Lonnie David Franklin Jr.). He was identified through his son, who had been arrested for felony weapons possession, and an investigation that led to the collection of his DNA from a discarded pizza crust.

FBI policy prohibits using its CODIS database with the intent of uncovering a familial match. However, many states allow such searches of their state-level DNA databases, including Arkansas, California, Colorado, Florida, Michigan, Texas, Utah, Virginia, Wisconsin, and Wyoming. In contrast, Maryland and the District of Columbia specifically prohibit familial searching because of concerns that such searches would target people of color, who are disproportionately represented in their databases.

While familial searching works with CODIS, those markers are designed to identify individuals. Genealogical DNA testing, on the other hand, involves using different technologies and examining a greater portion of the DNA. Because of differences in the testing, law enforcement usually outsources DNA sample processing. The outside labs will commonly also upload the generated genetic profiles to consumer genetic services and investigate any detected familial relationships through traditional genealogical methods.

Regulations Are Beginning to Emerge

The U.S. Department of Justice (DOJ) was the first to regulate law enforcement use of consumer DNA testing services, issuing an interim regulation on September 2, 2019. Montana and Maryland enacted the first state laws in 2021, and other states have followed since then.

The U.S. Department of Justice

The DOJ’s Interim Policy on Forensic Genetic Genealogical DNA Analysis and Searching provided the first comprehensive guidance to law enforcement on the use of FGG. The policy applies to the DOJ as well as federal, state, local, and tribal agencies where DOJ funding is used to conduct FGG.

Use of FGG is generally limited to the following:

  • The investigation involves an unsolved violent crime (murder or sex crime). However, violent crime is also defined to include any other serious crimes a consumer DNA service designates for law enforcement use of their databases. FGG may also be used for other violent crimes where there is “a substantial and ongoing threat to public safety or national security.”
  • The DNA sample is from the potential suspect or an unidentified victim.
  • CODIS searches have failed to produce a confirmed match.
  • Reasonable investigative leads to solve the case or identify the remains have already been pursued.
  • If applicable, the case information has been entered into the National Missing and Unidentified Persons System (NamUs) and the Violent Criminal Apprehension Program (ViCAP) databases.

The policy requires agreement of both the prosecutor and the investigative agency and consultation with a designated official at the CODIS laboratory. Additionally, agencies must identify themselves as law enforcement and may only use direct-to-consumer DNA services that provide explicit notice that their service may be used by law enforcement.

State Regulations

Montana and Maryland were the first to regulate law enforcement use of forensic genealogy. Montana’s statute is short and simple. It requires a search warrant based on probable cause to conduct genealogy searches of government or consumer DNA databases. A warrant is also required for identification searches of consumer databases unless the consumer has waived his or her privacy.

Maryland’s statute is much more comprehensive and similar to the DOJ’s interim policy. The statute requires judicial authorization to perform searches and limits searches to specify types of crimes, such as murder, rape, and criminal acts that present “a substantial and ongoing threat to public safety or national security.”

Maryland also requires that:

  • Other investigation has already been attempted (unless there is a threat to public safety or national security).
  • The DNA sample was collected at a crime scene or from a person/item/location connected to a crime; or, for unidentified remains, the sample is from a suspected murder victim.
  • The use of state and federal DNA databases failed to identify a suspect.
  • The consumer DNA database provided explicit notice, and received user consent, that law enforcement may use its service.

Other states have approached regulations from a slightly different angle. Hawaii, Kentucky, and Wyoming require consumer DNA testing services not to disclose consumer genetic data to law enforcement except when required by court order or subpoena or with the consumer’s prior express consent.

Direct-to-Consumer DNA Testing Services

DNA testing services have split in their approaches, with 23andMe and Ancestry being more restrictive, while FamilyTreeDNA is much more permissive and GEDmatch takes its own path.

  • 23andMe and Ancestry promise to protect user privacy against government access unless required to do so by legal process.
  • FamilyTreeDNA allows law enforcement to use their service to identify the remains of any deceased individual or the perpetrator of a homicide, sexual assault, or abduction. To be excluded from these searches, users must affirmatively opt out.
  • GEDmatch requires users to choose a privacy option to either opt in or opt out of law enforcement searches, with new profiles opted in by default. Searches are limited to identifying the remains of any deceased individual or the perpetrator of a violent crime (defined as murder, nonnegligent manslaughter, aggravated rape, robbery, or aggravated assault).

Conclusion

Forensic genetic genealogy is a valuable tool but also presents new privacy issues, as do direct-to-consumer DNA testing services themselves. How to protect legitimate privacy concerns while accommodating law enforcement needs is slowly being determined in government and by the public.

    Author