Skip to content
Naked Security Naked Security

DNA in genealogy database leads to arrest of suspected serial killer

If one of your relatives uploads their DNA data, much of yours goes with it.

California police on Tuesday arrested a 72-year-old man accused of committing more than 50 rapes, 12 murders and more than 120 burglaries across the state over the 70s and 80s: old cases that they believe they’ve finally cracked with new technology, in the form of online genealogy databases.
The suspect, arrested on six counts of first-degree murder, is Sacramento resident Joseph James DeAngelo, a former police officer and retired mechanic who lives in a cul-de-sac not far from the scene of the first murder.
Anne Marie Schubert, the Sacramento district attorney, said during a press conference that investigators surveilled DeAngelo and managed to collect samples of what she called his “abandoned” DNA:

You leave your DNA in a place that is a public domain.

She didn’t elaborate on how DeAngelo left his DNA behind. It could have been saliva left on a restaurant dish or on a discarded beer can, cigarette or tissue, the Mercury News suggested.
Investigators had collected and stored DNA samples from the crime scenes over the years. They ran the genetic profile through an online genealogy database and found it matched with what turned out to be distant relatives—third and fourth cousins—of whoever left their DNA at the crime scenes. In fact, it matched with DNA left at 10 crime scenes.
However they got DeAngelo’s “abandoned” DNA, investigators then compared it with the crime scene samples—twice.
According to the New York Times, the online genealogy database GEDmatch said in a statement on Friday that it’s aware that its database was the one used to crack the case.
The case poses privacy questions. Namely, we don’t have to spit into a tube and submit it to a genealogy database to have it made public. Because we share much of our DNA with relatives, all it takes is one of them to submit their DNA, thus making much of our own genetic information available to the police without our knowledge or consent.
On average, we share 50% of our single nucleotide polymorphisms (SNPs) — that’s what forms our genetic fingerprint — with a sibling, 25% with a half sibling, 12.5% with a first cousin and 3.1% with a second cousin.
The Mercury News quoted Andrea Roth, assistant professor of law at UC Berkeley Boalt School of Law and an expert on the use of forensic science in criminal trials:

When you put your information into a database voluntarily, and law enforcement has access to it, you may be unwittingly exposing your relatives — some you know, some you don’t know — to scrutiny by law enforcement. Even though they may have done nothing wrong.

The Mercury News describes GEDmatch as a “no-frills,” open-source version of sites such as 23andMe and AncestryDNA, which extract genetic profiles from saliva that customers send in a tube by mail. GEDmatch doesn’t extract DNA samples, but it does enable users to voluntarily share their genetic profiles for free.

Anybody can access the 900,000 DNA profiles on GEDmatch’s public database, which is built up by users submitting the DNA files they get from commercial DNA testing companies such as 23andme.
That means that investigators didn’t need a warrant to search for matches on DeAngelo’s DNA.
In fact, GEDmatch operator Curtis Rogers said in his statement that the company was unaware that investigators were using the site to search for the Golden State Killer:

We understand that the GEDmatch database was used to help identify the Golden State Killer. Although we were not approached by law enforcement or anyone else about this case or about the DNA, it has always been GEDmatch’s policy to inform users that the database could be used for other uses, as set forth in the Site Policy … While the database was created for genealogical research, it is important that GEDmatch participants understand the possible uses of their DNA, including identification of relatives that have committed crimes or were victims of crimes.

The statement said that those who are concerned about non-genealogical uses of their DNA shouldn’t upload it to the database, “and/or you should remove DNA that has already been uploaded.”
Getting a match with the database’s records helped investigators to first locate distant relatives of DeAngelo—third and fourth cousins. The DNA matches eventually led to DeAngelo himself. Steve Grippi, the assistant chief in the Sacramento district attorney’s office:

We found a person that was the right age and lived in this area — and that was Mr. DeAngelo.

Investigators say that DeAngelo’s DNA matches more than 10 of the California murders. The serial killer and serial murder was known as the Golden State Killer. He was also referred to as the East Area Rapist, the Original Night Stalker, the Diamond Knot Killer and the Visalia Ransacker. The killer was known for being sadistic: he started by attacking single women and then progressed to attacking and murdering couples, repeatedly raping the women over the course of hours as their partners witnessed it, tied up, nearby, and bludgeoning the women and their partners to death with objects including firewood or pipes.
Investigators who’ve spent years working on the case are, understandably, “ecstatic” at the sudden breakthrough, as the Times puts it.
DeAngelo was due to appear in court on Friday.


I find the details of the couples rapes/murders to be in poor taste in this article. Interesting people with tech and genetic information does not mean you should give them nightmares.


My understanding was they first submitted the killer’s DNA to GEDMatch and from the results they identified the distant relatives of DeAngelo you mentioned. Eventually they narrowed it down to Joseph DeAngelo and then obtained some “abandoned” DNA to confirm a match with the killer. Can anyone verify that is correct?


There’s an update to the Golden State Killer Wiki that says as much, cited from The Washington Post – they matched his great-great-great-grandparents and traced their family tree downward.


I think you may have this about-face. From what I read, he had left his DNA at the crime scene, which was used to look up in the online database. When they found a match, they had found their suspect. Then they obtained a specimen of his DNA to verify the theory.


Does this support the claim made by some that an official DNA database containing details of all Earthicans is worth having if it could be an aid to solving crimes. Thus, would an official DNA database help to deter crimes. Or would folks, especially crooks, be more likely to wear latex gloves all day. Further, would such a repository help to deter spitting in public places, including spitting gum in public areas. Indeed, when police robo-K9 units patrol urban areas, will the metal mutts be useful in making convictions based on analysis of DNA residue on the ground. Or is this getting a bit too Ray Bradbury-esque.


You are correct, all earthlings should be tagged/sampled for identification for ease of managing them. This way we can also rate them according to potential for skills, violence, compliancy, breading quality. We can design viruses for specific DNA types to prevent procreation of undesirables as selected by the managements preferences. And yes DNA samples will be a requirement for a work/benefit permit.


This raises an ethical question about consent. If I upload my DNA fingerprint to a genealogy database, then I have consented to its use. I should have read the privacy policy, and should know that my genetic information might get used for other things, or shared with law enforcement.
The problem is, that my relatives have not consented, but could be identified from my DNA.
This is very similar to the current Facebook privacy issue. When Dr Aleksandr Kogan (of Cambridge analytica) went to the Cambridge university ethics committee with his plans to harvest personality profiles both from user’s who installed his app on facebook AND their friends, the committee turned him down. He would have consent from the users, but not their friends, who should not be unwilling participants.
In the case of genetic privacy, even more distant relatives could be affected, so the loss of privacy is more extreme.


The loss of privacy of this rapist and murderer. When your relatives start raping and murdering or blowing things up, I suggest you stop being concerned about their privacy rights.


That’s like saying it is fine for law enforcement to raid any house without a warrant or even a reason, as long as in the end it turns out a criminal lived there. That’s not how it works and it’s not how it should work.


I get that privacy is an issue, but how about no raping or murdering? Seems to be the larger issue at hand.


Well, why do we not have everyone’s DNA and Fingerprints on record without reason? Why do we not have 24/7 audio and video surveillance on everyone everywhere? Crime would certainly decrease if everyone was watched all the time. But because privacy is important we don’t want to live like that. And because people in power could abuse this. In this case, a killer was caught because of it. But in other cases innocent people may get harassed, framed, or who knows what.


public database … investigators didn’t need a warrant to search for matches on DeAngelo’s DNA
Not trying to shoot the messenger, but this seems legally contradictory to the teen charged with hacking when he rifled through a FOI website
Isn’t it also good for the gander?
I _think_ I understand the privacy implications here**…but uploaded to a public database is public. I’m glad this worked out how it did.
** I won’t pretend to preconceive all the extended ramifications.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!