Maryland and Montana recently became the first states in the nation to pass laws restricting the use of DNA databases by law enforcement to solve crimes. The strategy, also known as genetic genealogy, has been used to find dozens of people accused of violent crimes, including the Golden State Killer, but brings genetic privacy concerns.
The laws target consumer DNA databases, which allow people to upload and use their genetic information to connect with family members. In recent years, law enforcement officials have begun to use the databases to track down suspects: they can upload DNA found at a crime scene and use matches with relatives to narrow their pool of suspects and, in some cases, locate the alleged criminal.
Maryland Legislation requires now law enforcement to get a judge’s approval before using this technique, and limits it to crimes such as murder, kidnapping, and human trafficking. It also says that investigators can only use databases that explicitly tell users that their information can be used to investigate crimes. in Montana, law enforcement would need a warrant before they can use a DNA database unless the users waive the right to privacy.
The laws are an important step toward more robust standards for genetic privacy, Natalie Ram, a law professor at the University of Maryland, said. told The New York Times. After genetic genealogy was used to identify the Golden State Killer in 2018, experts and privacy advocates noted that people who upload their information to genetic databases may not know it could be used for a criminal investigation. All family members of people who upload information can also be unintentionally dragged into that net. It is also not limited to immediate family members: a study found that a database of about 1.3 million people could theoretically be used to identify about 60 percent of people of European ancestry in the United States.
In response to these concerns, the databases GEDmatch — which was used to identify the Golden State Killer — and FamilyTreeDNA changed their terms to allow only law enforcement officers to use data from users who opted in to those searches. But the opt-in settings are enabled by default. In December 2019, GEDmatch was acquired by a crime scene DNA company, making its relationship with law enforcement more explicit and frustrating for genealogists who didn’t want the service used for those purposes.
As it stands, the new genetic genealogy laws in Maryland and Montana may not be enough incentive for companies like GEDmatch and FamilyTreeDNA to change their existing user consent policies. The companies told The New York Times that they have no plans to make changes at this time. Other companies, such as Ancestry and 23andMe, are already asking for a warrant before police officers can search their databases.
Utah and Washington state legislators also proposed rules restricting the use of genetic genealogy: A Utah legislator introduced a bill in early 2020 prohibit the practice completely, and Washington State legislators considered require law enforcement to get court orders to use genetic databases.
Meanwhile, the police continue to use the technique to investigate crimes. Nevada detectives recently used GEDmatch to identify a victim and restart the investigation into his death in 1991, and a murder case started last month for a man identified through GEDmatch.