Over the last few years the police have been using the large commercial DNA databases to help them find criminals. The highest profile case was their use of DNA to find the Golden State Killer (1970’s and 1980’s murders; captured in 2018). They did that by running a DNA sample against GEDMatch, one of the smaller DNA databases.
They don’t need to find an exact match. Even if they find a cousin or other relative, it dramatically reduces the pool of suspects from a few billion to maybe a couple hundred.
What they usually do not have is an exact match (although that would be helpful).
Privacy advocates are concerned that currently, law enforcement can just ask some of the DNA providers “hey, I got me some DNA, can you see if you have any close matches”. It does not require a court order – no judicial review.
Some DNA services, like GEDMatch, are very helpful and don’t need no stinkin’ warrant. Other services, like 23 and Me, want a warrant.
In either case, if there is a warrant, then the data is available. In the case of the Golden State Killer, some distant relative got tested which dramatically narrowed down the pool of suspects and bingo, they caught the guy.
This year two states enacted laws regarding the use of DNA searches by law enforcement.
Two very different states.
After the use of the database for catching crooks – sometimes very bad crooks – a couple of the services said that the police could only search against users who opted in to that kind of use.
Of course, the default is that you are opted in automatically, so probably 3 people in the world know there is option to opt out and one of them chose that option, assuming he could find out where that option was.
To make things more interesting, GEDMatch was recently acquired by a crime scene DNA company.
What is real is that the technique works. Nevada police recently used the database to identify a victim and a murder trial started last month for a man identified through GEDMatch.
Utah introduced a bill banning the practice entirely. Washington state considered requiring law enforcement to get court orders. Neither of these are law yet.
Montana did pass a law and requires the police to get a warrant. The challenge in getting a warrant is that the police have no idea whether the DNA is in any given database, making it hard to get a judge to sign on the dotted line.
Maryland now requires a judge’s order. They also limit the use to murder, kidnapping and human trafficking. And, they also have some additional requirements.
This is still early in the lawmaking sausage-grinding process, so expect a fair number of variations as the sausage (law) is being made. Ultimately, we will strike the right balance. In the meantime it is still pretty much the wild west. Credit: The Verge