You are using an outdated browser.
Please upgrade your browser
and improve your visit to our site.

How the Supreme Court Could Rewrite the Rules for DNA Searches

The arrest of the alleged Golden State Killer and a case currently before the court both raise questions about Fourth Amendment rights in the digital age.

Joseph James DeAngelo, the suspected Golden State Killer, was arraigned on April 27. (Justin Sullivan/Getty Images)

Several years ago, the Supreme Court considered the case of Alonzo Jay King Jr. Arrested in an assault in Maryland, he ended up being charged and convicted in an unsolved rape case after a sample of his DNA, which police collected while booking him, returned a match in a statewide database. King, who had been sentenced to life in prison, argued that the Maryland law allowing the warrantless, suspicionless collection of his DNA violated the Fourth Amendment.

The justices narrowly ruled against him, drawing a sharp dissent from Justice Antonin Scalia, who criticized invasive genetic searches of people who would still be legally innocent. “Perhaps the construction of such a genetic panopticon is wise,” he wrote, joined by justices Ruth Bader Ginsburg, Sonia Sotomayor, and Elena Kagan from the court’s left. “But I doubt that the proud men who wrote the charter of our liberties would have been so eager to open their mouths for royal inspection.”

Six years later, it turns out the American people may have built that genetic panopticon themselves, one self-swab at a time. California police used a commercial genealogy database to find the man they say is the Golden State Killer, a serial murderer and rapist who had eluded them for decades. Now, an imminent Supreme Court ruling could rewrite how law enforcement uses these DNA searches.

California law enforcement had long been stumped about the identity of the man who committed at least a dozen murders and more than 50 rapes in a spree of terror across the state in the 1970s and 1980s. That changed when investigators used a DNA sample from one of the crime scenes—“a never-touched DNA sample from a 37-year-old murder in Ventura County that was sitting in a freezer,” The New York Times reported—and submitted it to GEDmatch.

The popular, no-frills site is run by two men in Florida and does not perform its own tests. Instead, it allows users to upload and compare DNA profiles created by other services, such as Ancestry and 23andMe. This open-source system allowed investigators to avoid the need for a warrant, which genealogy services typically demand before handing over genetic information.

Police submitted the sample to the website and performed what’s known as a familial DNA search. Since it’s unlikely that suspects would furnish their own DNA to a private company, investigators instead tried to find near-matches among family members to narrow down the circle of suspects. Officers then obtained a surreptitious second sample from their suspect to confirm the match. That, in turn, led to the arrest of 72-year-old ex-cop Joseph DeAngelo last Thursday.

Legal experts said that the break in a decades-old murder case showed the potential value for genetic searches when resolving long-cold cases or tracking down suspects for major crimes. At the same time, the episode highlights the limits of current legal protections when it comes to Americans’ genetic information.

“There is a tendency in such cases to minimize the privacy costs because the gains are so great,” Sonia Suter, a George Washington University law professor who specializes in bioethics, told me. “The values of privacy are always more amorphous and easily discounted against concrete benefits of catching killers and rapists.”

Like fingerprints in an earlier age, finding a DNA match is now considered the gold standard for criminal prosecutions in America. But the Golden State Killer case puts new attention on how samples are used and obtained in addition to what they tell us. “This isn’t really a DNA story,” Elizabeth Joh, a UC Davis law professor who studies the Fourth Amendment and technology, told me. “It’s a story about data.”

She added that the case underscored how Americans may not realize how new technologies can be used against them. “Do you realize, for example, that when you upload your DNA, you’re potentially becoming a genetic informant on the rest of your family?” she explained. “And then if that’s the case, what if you’re the person who didn’t personally upload the DNA, but you discover that your family member has done that?”

The Supreme Court is wrestling with similarly thorny questions about digital privacy in Carpenter v. United States, which hinges on whether police can check a cell phone’s whereabouts without first obtaining a warrant. The Justice Department argues that people no longer have a reasonable expectation of privacy when they store their data on a third party’s systems. Digital-privacy advocates say that approach doesn’t make sense in a world where people have little choice but to keep all sorts of personal content, from emails to texts to work documents, on distant servers owned by tech giants like Amazon, Google, and Apple.

Whatever decision the justices reach in Carpenter will almost certainly be a landmark ruling on how to apply the Fourth Amendment’s protections in the digital world. That includes genealogy databases, which can contain a wealth of deeply personal information about one’s ancestry and medical conditions. Handling such sensitive information creates additional challenges when it comes to balancing the individual right to privacy with the state’s interest in combating crime.

Some questions are more novel. While the justices wrestle with third-party privacy rights this term, familial searches could force them to consider a fourth-party problem of sorts in the future. “If you’re upset that your brother has uploaded his DNA to a commercial DNA database,” Joh offered as a hypothetical, “you don’t really have any legal rights to complain if the police decide, for example, to collect that DNA or to analyze it or take a look at it.”

Legal experts said that privacy measures like HIPAA, the federal law that protects patient privacy in medical situations, wouldn’t automatically apply for genealogy databases—even the ones that use submitted DNA samples to check for potential genetic illnesses. Suter said that the lack of clarity about when and how a person’s DNA profile can be used by companies raises ethical concerns.

“One can’t expect the ordinary user of such sites, particularly when they were first being set up, to appreciate the nature of the privacy risks,” she told me. “It’s possible for police to use these databases and to follow up on several partial matches, subjecting a great many people to police inquiries simply because of genetic relatedness.”

DNA databases are nothing new for law enforcement. The FBI established the United States’ national database, commonly known as CODIS, in 1994. Federal and state law-enforcement agencies can use it to check samples they acquire against convicted prisoners, missing persons, and forensic sites across the country. By its nature, the database largely consists of samples taken from people who brush against the criminal-justice system in one form or another.

Commercial DNA database operate on an even greater scale by comparison. 23andMe claims to have more than five million customers, two million of whom had been genotyped as of last April. Ancestry said it surpassed the five-million mark for genetic tests last August. This offers a deeper genetic pool for law enforcement agencies than may otherwise be available.

It also expands the circle of innocent people who could be caught up in the search. In the Golden State Killer case, for example, investigators first used what they had found during a familial search to persuade a judge last year to authorize a warrant for DNA testing against a 73-year-old man in an Oregon nursing home. The man, who is in poor health, turned out not to be a match for the serial killer’s sample.

The incident raises questions about what steps should be taken to regulate the practice. “This [technique] is unquestionably going to become more and more common, so the real question is how states ought to get ahead of this in terms of placing reasonable rules on what law enforcement agencies should do before they collect this material,” Joh said.

State and federal lawmakers have broad discretion when crafting laws to regulate DNA searches, if they choose to exercise it. “They can impose penalties for the use of one’s DNA without one’s consent in cases like this, or they could prohibit the police from conducting these kinds of searches,” she noted. Suter pointed to a precedent in Maryland, which banned familial searches in 2008 out of fears that it would be applied in a racially disproportionate manner.

Ironically, it was Maryland’s policy of warrantless DNA searches in jails that prompted Justice Antonin Scalia, who died in 2016, to express his concerns about building a “genetic panopticon” of sorts six years ago. Thanks to Americans’ eagerness to learn more about their roots, his former colleagues on the court may be revisiting the subject soon.