• You are here:
  • Home »
  • Blog »
23andMe, FTDNA and AncestryDNA, the three best DNA tests, all allow you to delete your DNA data

An Online DNA Database Helped Capture the Golden State Killer. Should You Be Worried About the Privacy of your DNA Data?

A decades-long search for the Golden State killer finally led to the arrest of a suspect with the help of an online DNA database. But it raises many questions on how much privacy we are giving up when we use genealogical DNA testing websites like 23andme.com and AncestryDNA.

Police suspect he has raped more than 50 people and killed at least 12. Dozens of bulgaries have also been linked to him. But for over four decades, Joseph James DeAngelo also known as the Golden State Killer, managed to elude investigators.

A break in the case came when one of the investigators got an idea to track down the suspect through his relatives. They obtained his DNA from a discarded item, carried out a genetic test and then uploaded the results to GEDmatch.com, a free website that allows users to upload DNA results and find relatives from their database.

The police then used Ancestry.com to create 25 trees containing thousands of possible relatives all leading to the same great-great-great grandparents. Using the existing profile of the suspect, they finally narrowed down their suspect list to one elderly man living in a suburb in Sacramento, California.

The whole ordeal reads like a novel or an episode of Law and Order. But it has raised a lot of concerns about whether these massive online DNA databases are compromising our genetic privacy or even whether they could be used to track down someone against their wish.

You Don’t Have to Take the Test to Be Identified

An Ancestry Family Tree

A family tree on Ancestry.com. Even if you’ve not taken a DNA test, someone might track you down through your relatives.

The suspected killer and rapist had not submitted his DNA to any genealogical testing website. Yet police were able to track him down through a combination of his relatives’ DNA information plus existing public records.

That’s what is most concerning about these DNA databases. You might say that you won’t give your DNA to any website for the sake of privacy but that doesn’t guarantee that no one can track you down. If enough of your relatives have taken the test, someone with enough time and resources can trace them back to you.

If you’ve taken a test, it’s even easier for someone to uncover your identity.

DNA Websites Privacy Policies

Granted, GEDmatch.com is an open source website so the police didn’t need a subpoena to force the company to reveal familial matches. In fact, the company itself acknowledges the inherent privacy risk when you upload your data to their database. Here is part of their privacy policy:

GEDmatch exists to provide DNA and genealogy tools for comparison and research purposes. It is supported entirely by users, volunteers, and researchers. DNA and Genealogical research, by its very nature, requires the sharing of information. Because of that, users participating in this site should expect that their information will be shared with other users.

Premium websites like 23andMe.com and FamilyTreeDNA.com offer more robust privacy policies. They say they do not share your identity unless compelled by a valid legal order. That means that it’s still possible for law enforcement to use their databases to track you down.

While most these websites let you control how much information such as name and ancestry that’s available for others to see, you have to cede a significant level of privacy if you want to find matches of your own.

That leaves a gap for other people to find you. Even the police can create a fake profile using a relatives DNA data, like they did with GED Match, and find you through it. This way, they don’t even have to get a subpoena.

Should We Panic?

Many states allow the use of familial searches through public DNA databases though with conditions. Only Maryland has expressly banned the use of DNA databases to track down individuals.

However, these laws don’t apply to private online DNA databases like those maintained by 23andMe.com, Ancestry.com and FamilyTreeDNA.com.

So yes, there is some cause for concern.

But overall, it would take a lot of work and time to track someone down. I don’t think companies will start tracking down people on DNA databases. The current privacy protections are enough of a deterrent.

The most important thing is to understand what you are getting into when you take a DNA test. Acknowledge that we are living in a new age where our genetic information might inadvertently fall into the wrong hands.

For most of us, learning about our past and finding new family members is worth giving up a little privacy.

Decide for yourself what you are most comfortable with. If you decide to take a test, use trusted DNA testing websites like 23andMe or AncestryDNA rather than open source ones. You have to pay to use them but in return, you enjoy more privacy.

If you are too uncomfortable with the thought of your DNA information in some Database, not matter how secure, then don’t take a genetic test. Just hope that not too many of your relatives have taken it.

About the Author Charles McKnight

I'm just another amateur genealogist investigating my American-Scots-Irish lineage. I built MyFamilyDNATest.com after buying all of the leading DNA tests to discover everything I could about my family history. Hopefully, this site will save you time and demystify the emerging science of DNA-based genealogy, for your family project.

Leave a Comment: