DNA that Cracked the ‘Golden State Killer’ Case came from Genealogy Websites

According to officials, DNA from genealogy websites led to the arrest of the suspected “Golden State Killer,” Joseph James DeAngelo. Following the news, Ancestry websites 23andMe and Ancestry.com quickly released statements on the findings, saying mainly that they do not know if their services aided in the arrest of DeAngelo or not.

Investigators knew the killer only through a string of DNA recorded at several of the dozen murder scenes. A spokesman for the Sacramento County Sheriff’s Department said officials had struggled for years to figure out whom that DNA belonged to. Recently, they tapped genealogical databases that the public uses to search for relatives and ancestors.

You can read more and watch a video from KGO-TV about this news at: http://abc7ne.ws/2HtOr2B and a somewhat different view of the same story, including a different video, on the WSLS News web site at http://bit.ly/2JuzVEl.


I have tested with FTDNA, but that article raises alarm bells with me. Does that mean that certain authorities can just dig into out genealogical DNA results, without a by-your-leave?! I live in England, but if it could happen in the USA, it could happen anywhere, I presume. Can you put my mind at rest here, please, Dick?


    —> Does that mean that certain authorities can just dig into out genealogical DNA results, without a by-your-leave?

    The law enforcement authorities can see the same things that you and I can see. If you can compare your DNA to others who use a DNA comparison service, law enforcement can see the same things that you see. Anyone else also can see the same thing.

    In all the DNA comparison services that I have ever used, I could see another person’s DNA information but could not see identifying information for the other person. I could never see their name, address, or anything else that identifies the other person. I suspect the same is true of all the other DNA services. (If I am wrong, would someone please post a comment here and tell me which DNA service does reveal that information?)

    The one difference with law enforcement, at least in the United States, is that once law enforcement finds a match or a near match to someone’s DNA information, the law enforcement officers can obtain a court order asking the DNA matching service to provide identifying information to those officers. Private individuals and corporations cannot do that.

    For more details, see the article I published last year, Your Genealogy Research Could Land Your DNA Results in a Criminal Investigation, at: https://blog.eogn.com/2017/11/07/your-genealogy-research-could-land-your-dna-results-in-a-criminal-investigation/


    All the major companies were contacted by the reporters and researchers of the UK Daily Mail article** and the only company used to ID the badguy was GedMatch. I have never joined GedMatch inspite of having 5 tests with FamilyTreeDNA since 2010. FTDNA have great privacy policies and options for sharing. FTDNA now meets the high standard for data privacy introduced by the new European data protection law known as the General Data Protection Regulation (GDPR).


    If you have not committed a crime, this should not worry you. If someone related to you has done something vile enough that law enforcement is trying to track them via DNA, you should be delighted and proud to help them find their suspect. In this instance, they caught a horrible person who is likely a rapist and murderer. I applaud all those who helped solve this cold case and bring closure to those still suffering from these crimes.


    I do not like these last comments very much, and this kind of “holier-than-thou” attitude. The majority of people, even if they haven’t even as much as got a parking ticket themselves, might well have relatives, in fact, cousins that they don’t yet know, who might have committed a slight misdemeanour. Of course it is very unlikely that this investigation is going to intrude on many peoples DNA contacts on Gedmatch, but it will already have affected the people who seem to be related, DNA-wise, to the killer. These people put their results onto Gedmatch in all good faith, and now their privacy has been violated. If the police can’t catch somebody without resorting to these base tactics, then I suggest that the police need to look at their limitations and improve themselves.


Actually, this may be a bit unsettling. I’ve been told that, once you submit your DNA to Ancestry, it *owns* your DNA forever. Stopping serial killers is a wonderful thing–but could this trend extends into other areas?


Saw a blurb on one of the network news channels this morning that said law enforcement used GEDmatch. Did not mention any other DNA testing companies/sites.


    This gets worse, and I am on Gedmatch. We can only see possible matches to us, Dick, we can’t look at whosever DNA we might just be curious about, whereas the authorities seem to b able too.


    My assumption (let me repeat that word: ASSUMPTION) is that the authorities entered the DNA information from DNA samples found at a crime scene and then looked for matches to that specific DNA.

    I don’t believe they have any capability to simply search EVERYONE’s DNA on GedMatch.


Wasn’t this Gedmatch.com they used? Emails there but you know this registering.


Gedmatch lists the email of potential matches. Others allow you to attempt to contact potential matches without divulging contact information, but, obviously, that could lead to a contact and exchange of information.


I was expecting to read something this morning about this on your blog Dick. I am a resident of Sacramento County and was a teenage girl when the “East Area Rapist” was active in our community. These series of rapes and 2 murders lasted for 2 years in our area. It was a scary time. While it’s great that they caught the suspect, it definitely causes concern for all of us who have our DNA available through any of the services that provide it. It’s just another way our privacy is being whittled away, with cell phones, credit cards, debit cards and the like. Of course we all know this. The fact that he continued to live and work in our community all these years and seemed to stop his deviant behavior some time in the 1980’s is shocking. I assumed perhaps (hopefully) he was dead, or in prison with no connection being made to our community. It will be interesting as law enforcement and local news continue to reveal more details about the case. Thanks for a great blog. I look forward to it each morning.


Whether it is called “ownership” or “licensing” is a technical specific. The fact is that Ancestry had control enough that it was able to turn it over to a 3rd party without the knowledge or consent of the donor. In this case, I think we’re all glad to see a serial killer off the streets but the possibilities are still cause for unease.


    Duncan, I do not believe Ancestry turned over any data. They may have done the original testing, but the owner or admistrator of that data had to physically download the data. It then had to go through a process of being uploaded to Gedmatch, and the person had to agree to their policies.
    If I had a relative who did these heinous acts, I would be happy to share my DNA if it helped. That’s my personal feeling and all the rest of you may have your own views too.


*Law Enforcement Used GedMatch only*
Text link version:
——Scroll down to the end of the article, linked above, if you want to view the stock photos and adverts by the dailymail


gedmatch.com put the following on their website today:
“April 27, 2018 We understand that the GEDmatch database was used to help identify the Golden State Killer. Although we were not approached by law enforcement or anyone else about this case or about the DNA, it has always been GEDmatch�s policy to inform users that the database could be used for other uses, as set forth in the Site Policy ( linked to the login page and https://www.gedmatch.com/policy.php). While the database was created for genealogical research, it is important that GEDmatch participants understand the possible uses of their DNA, including identification of relatives that have committed crimes or were victims of crimes. If you are concerned about non-genealogical uses of your DNA, you should not upload your DNA to the database and/or you should remove DNA that has already been uploaded. “


The Boston Globe “Stat news” section a couple of days ago had an interesting article about this. Here’s a link: https://www.statnews.com/2018/04/26/genealogy-golden-state-killer-privacy/

This explains how they could have entered DNA info without having had a saliva sample for analysis. By the way, one fascinating feature on gedmatch is the opportunity to match contemporary DNA to ancient DNA, going back many thousands of years. The information on the ancient DNA must also have been obtained without a saliva sample.

Also, the feature “User Lookup” on gedmatch can provide a great deal of information
about a kit, such as full name, email address, gedcom, etc. if the user included that information. I think for those with privacy concerns, using a pseudonym and not including a gedcom might be a good idea.


    Re: “This explains how they could have entered DNA info without having had a saliva sample for analysis.” Did not find an explanation of what DNA data they started with to create a file that could be added to Gedmatch.com. Does anyone know if the data used to determine if a male is the father of a child can be used to create a file to add to Gedmatch.com? My research has not found a way to do that.


Apparently old DNA can sometimes be sequenced by a lab so that the data can be entered into GEDmatch. It has been used successfully for a couple of years by the DNA Doe Project to identify John or Jane Does and locate their families.

Liked by 1 person

Not scary at all, unless you have an unknown felonious past or close relative who does. The authorities uploaded DNA from their unknown suspect to the GEDmatch database, and just like the rest of us looking for cousins they found the closest matches (cousins or siblings or uncles or parents, etc) of their suspect DNA. Based on strength of match triangulated and figured out who they had in common, and used that to narrow down to possible suspects. The thing they have access to that we don’t is a lot more information about living people, which is likely how they ID’d their suspect from the possibilities produced from DNA matching. They can’t see your full DNA, just comparisons, just like the rest of us.

It’s good to be wary, but this one isn’t surprising to me. In fact, I’m thinking, what took them so long? Glad they got their guy, and yes my DNA is on GEDmatch.


One has to consider other positive uses of the DNA databases:

CASE SOLVED – Marcia L. K,

April 10, 2018 — Troy, OH
Today we announce that Marcia L King of Arkansas has been identified as the Miami County Jane Doe who became known as the Buckskin Girl. She was twenty-one years of age at the time of her death. The DNA confirmation was made on Monday, April 9, 2018 by the Miami Valley Regional Crime Lab. The Miami County Coroner, Dr William Ginn, will issue the death certificate.

The scientific assistance that finally led to the victim’s identification was conducted by the DNA Doe Project, a nonprofit organization recently created to apply genetic genealogy tools to the identification of unknown persons. The victim’s DNA was obtained from a blood sample that had been in storage since 1981; it was processed using advanced DNA techniques, and uploaded to a public genealogy database. The DNA Doe Project was founded in 2017 by Colleen Fitzpatrick and Margaret Press. The Miami County Jane Doe case was accepted as one of the first cases for the project. The DNA Doe Project relies on genetic genealogy tools similar to those used by genealogists for analyzing DNA results normally provided by direct-to-consumer testing companies.


I uploaded my ancestry DNA file to several competing sites including GEDmatch last year. Without revealing this specific information on which site my DNA resided, a professional genealogist (I engaged for non DNA work), was able to locate my DNA results on GEDmatch. He found we were 4th cousins. I was surprised, that he found me on GEDmatch. How he did it and if it is common practice, i don’t know. Possibly my name and/or city are given on a match. But since we working together on a genealogy project, I let it go and welcomed the information.


Yes, DNA was used to help find a bad person and send him to jail. That’s a good thing. But, DNA testing can also be used to clear an innocent person and get him (her) out of jail. Here’s a link: https://www.innocenceproject.org. This should be a comforting thought.


All of us are leaving our DNA around as we walk through the world. If you are that paranoid about it, don’t drop cigarette butts, used tissues, and don’t discard hairs that fall from your head, or anything else that leaves your body, etc. etc.. Items like these all have your DNA and can be sequenced. Some ethnic groups have ancient taboos against leaving body parts around, yet they don’t seem worried about using bathrooms.


Maybe a follow-up article pointing out that it was GEDMatch is in order? So many people in the genealogy world are still freaking out thinking it was AncestryDNA or 23andMe.

You submit your DNA to a voluntary, public database, you gotta acknowledge this might happen. Shouldn’t surprise anyone.


Leave a Reply to Sue C Cancel reply

Name and email address are required. Your email address will not be published.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <s> <strike> <strong> 

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: