From Bioethics Briefings
Law Enforcement and Genetic Data
- Law enforcement has collected and stored a limited amount of information from DNA from arrestees and convicted criminals in forensic databases, such as CODIS, for many years.
- These forensic databases cover a limited part of the population.
- Law enforcement is increasingly turning to other sources of DNA for investigations.
- Millions of people have obtained direct-to-consumer (DTC) genetic tests, which often generate large amounts of genetic data and which millions have shared, often in identified form, with other people.
- DTC genetic testing expands the power of forensic searches because these results contain more data than CODIS and typically represent different parts of the population.
- Law enforcement can also obtain DNA data from health care providers and researchers.
Framing the Issue
DNA has been a powerful crime-solving tool for decades, but law enforcement’s ability to harness it for investigative purposes has grown immensely in recent years. This is due primarily to the massive amount of genetic data now housed in government-run, public, and private databases as well as the emergence of new techniques to exploit these vast resources. In the United States, for example, state and federal law enforcement databases (containing forensic profiles of over 18.5 million individuals) and public and private databases (containing genetic data of tens of millions of patients, consumers, and research participants) collectively provide law enforcement with potential access to enough genetic information to link an unknown DNA sample, either directly or through relatives, to a large segment of the country.
Law enforcement access to personal or family genetic information is not without consequence. These uses may affect individuals’ willingness to undergo health care testing or participate in research, fears that may be most pronounced among populations that have been overrepresented in the criminal justice system. Discouraging individuals in these groups from obtaining genetic testing could exacerbate existing health disparities and stifle scientific research. Yet neither the collection of genetic samples nor their analysis or use by law enforcement has been subject to significant regulation in the U.S. What limits, if any, should be placed on law enforcement’s access to DNA data from DTC companies, health care providers, and researchers?
History of DNA Use for Law Enforcement
Since 1994, the U.S. Department of Justice has maintained a nationwide forensic DNA database known as the Combined DNA Index System (CODIS). Today, the federal government and all 50 states, as well as the District of Columbia, contribute profiles to CODIS. The ever-growing database, which now contains the forensic DNA profiles of over 18.5 million people who have been either arrested for or convicted of various crimes, has assisted in over 540,000 investigations.
The Supreme Court officially cleared the way for the expansion of forensic databases in 2013 when it held, in Maryland v. King, that collection of DNA from arrestees is, “like fingerprinting and photographing, a legitimate police booking procedure that is reasonable under the Fourth Amendment.” In response, federal, state, and local level governments are expanding forensic databases across the country, in some cases even creating “shadow” databases to house profiles not eligible for upload into CODIS, such as those of people who are merely stopped on suspicion of having committed a crime (the so-called “stop-and-spit” and “swab-and-go” practices) or those obtained “surreptitiously” (without a person’s knowledge or consent). These collection practices mean that government-run forensic DNA databases contain a disproportionately large number of people who are young, nonwhite, and of low-socioeconomic status.
More than 50 countries have forensic DNA databases for law enforcement use, the largest of which are in China, the U.S., and the U.K. Despite the trend toward expansion of such databases, they have faced successful legal challenges in some jurisdictions. The European Court of Human Rights, for example, concluded that the indefinite retention of biospecimens and data violates human rights, leading the U.K. and other countries to impose strict limits on storage.
Recent Developments That Have Changed the Landscape
Law enforcement is increasingly turning to public and private sources of genetic information, which collectively contain much more genetic information, and from a broader segment of the population, than forensic DNA databases. Genetic testing has become commonplace in health care and research, and millions of Americans have undergone testing with direct-to-consumer genetic testing companies and submitted raw genetic data to third-party interpretation services and open-access databases.
In most jurisdictions in the U.S., a subpoena is currently all that law enforcement needs to compel most third parties to disclose genetic information in their possession. This includes genetic information contained in patients’ medical records, which is permitted in certain circumstances under an exemption of the U.S. Health Insurance Portability and Accountability Act (HIPAA). Subpoenas typically only require law enforcement to demonstrate that the data sought are relevant to an investigation, making them much easier to obtain than traditional warrants based on probable cause.
The Golden State Killer Case and Genetic Genealogy
The use of public and private databases by law enforcement entered the public spotlight with the arrest of Joseph DeAngelo in 2018, a white, middle-class ex-police officer ultimately convicted of being the infamous Golden State Killer, a serial murderer and rapist who terrorized California throughout the 1970s and 1980s. After decades of dead ends, including failed searches of CODIS, police were able to track down DeAngelo by matching crime scene DNA with one of his distant relatives who had contributed data to GEDmatch, a publicly accessible genealogy database. Law enforcement was able to do so, without a court order, by essentially posing as a typical consumer interested in genealogy.
In the wake of the Golden State Killer case, this technique, now commonly referred to as forensic or investigative genetic genealogy, has been used by law enforcement in hundreds of cold cases, generating leads in numerous cases, dozens of arrests, and multiple convictions (as well as one exoneration). Investigators have since broadened their efforts beyond public databases like GEDmatch. In early 2019, it was revealed that, unbeknownst to its users, FamilyTreeDNA had voluntarily been providing the Federal Bureau of Investigation with access to its services. After public backlash, both GEDmatch and FamilyTreeDNA subsequently modified their policies to limit access by providing consumers a choice about whether they want data they submitted used for law enforcement matching.
Although these policy changes have reduced the usefulness of these tools, these data remain a valuable target for law enforcement. If (as in the past), police are willing to pose as consumers or are able to obtain warrants granting access to the information of all users, entire databases could continue be at their disposal. Indeed, in 2019 trial courts in Florida and Pennsylvania issued search warrants to explore the entire databases of GEDmatch (regardless of whether consumers opted out) and Ancestry.com (which does not allow its service to be used in this way by law enforcement). Ancestry has rigorously opposed the request in a case that some commentators believe could make its way to the Supreme Court, illustrating the evolving legal landscape surrounding law enforcement access to genetic information.
State and federal agencies are currently implementing new technologies, such as Rapid DNA, portable devices that could move forensic DNA testing out of accredited laboratories and into police stations and perhaps even squad cars. They are also experimenting with new uses of genetic information, such as DNA phenotyping, which is used to generate virtual “sketches” that purport to predict the appearance of suspects and victims based on their DNA. Emerging technologies such as these raise unique privacy and ethical concerns and must be subject to the appropriate level of oversight.
Ethical Issues and Proposals to Address Them
A major ethical problem with current government forensic databases is their biased representation of the population, which includes mainly people of color who are young and of low-socioeconomic status. While law enforcement use particularly of DTC data could be seen as a welcome counterbalance to this bias, since DTC customers are predominately white and more affluent, some questions remain. Millions of people have pursued DTC genetic testing specifically in order to find relatives, in the process revealing information about themselves and their relatives. These family members have no power to prevent information about them from being revealed to others, including purported relatives. Moreover, many studies report that some people do not want the government to have access to DNA data about them. Many people, however, endorse the use of these data to identify potential criminals.
Thus, the ethical question is how to balance the society’s interest in finding criminals with individuals’ interest in pursuing genetic testing, especially since some of this information can be obtained without their personal knowledge or consent. One possible solution is to make it more difficult for law enforcement to gain access to genetic data held by third parties (e.g., requiring a warrant as opposed to a subpoena) or to impose other restrictions, such as limiting use of genetic data from DTC, health and research tests to investigating specific kinds of serious crimes. Another option is to create a universal forensic database, which would contain a limited DNA profile (devoid of medical or health information, similar to the limited DNA profiles currently contained in CODIS) of every person in the country. This database would need to be coupled with even more stringent procedural requirements and safeguards, but the limits are more likely to be effective since the system would contain the profiles of lawmakers and their families as well. It would also be necessary to ban law enforcement access to DTC, health, and research data, thereby allowing people to pursue testing without fear.
This chapter was supported in part by 5RM1 HG009034-04.
James W. Hazel, PhD, JD, is a Postdoctoral Research Fellow at the Center for Genetic Privacy and Identity in Community Settings (GetPreCiSe) and the Center for Biomedical Ethics and Society, Vanderbilt University Medical Center.
Ellen Wright Clayton, MD, JD, is the Craig Weaver Professor of Pediatrics and Professor of Health Policy at the Center for Biomedical Ethics and Society and Co-Principal Investigator, Center for Genetic Privacy and Identity in Community Settings, Vanderbilt University Medical Center; and Professor, Vanderbilt University Law School. Clayton is a Hastings Center fellow.
45% of our work is supported by individual donors like you. Support our work.
- U.S. Department of Justice, Interim Policy on Forensic Genetic Genealogical DNA Analysis and Searching (2019)
- National College of State Legislatures, Forensic Science Laws Database (2014)
- Maryland v. King, 559 U.S. 435 (2013).
- Hazel, James W, Christopher Slobogin. “'A World of Difference?': Law Enforcement, Genetic Data and the Fourth Amendment.” Duke Law Journal, no. 70 (2021): 705-773.
- Murphy E, Jun H. Tong. “The Racial Composition of Forensic DNA Databases.” California Law Review, no. 108 (2020):1847-1911.
- Berkman, Benjamin E, Wynter K Miller, and Christine Grady. "Is It Ethical to Use Genealogy Data to Solve Crimes?" Annals of Internal Medicine 169, no. 5 (2018): 333-34.
- Hazel, James W, Ellen Wright Clayton, Bradley A Malin, and Christopher Slobogin. "Is It Time for a Universal Genetic Forensic Database?" Science 362, no. 6417 (2018): 898-900.
- Ram, Natalie, Christi J Guerrini, and Amy L McGuire. "Genealogy Databases and the Future of Criminal Investigation." Science 360, no. 6393 (2018): 1078-79.
- Mark Rothstein, JD
- Eric T. Juengst, PhD