Hacker News new | past | comments | ask | show | jobs | submit login
Relative's DNA from genealogy websites cracked East Area Rapist case (sacbee.com)
383 points by HoppedUpMenace 12 months ago | hide | past | web | favorite | 328 comments

This is a very interesting issue with sending your DNA to sites like 23andme. This means that a police officer can get a warrant to submit a DNA sample to the site, and get back anyone who matches. (Or in this case, their relatives.)

The reason I think it's particularly interesting is that it passes one of the basic tests I have for whether something should be searchable by law enforcement: Do they have a target in mind and a warrant to search for that target? For PRISM and the other things that Snowden warned us about, the answer was no: the government was doing dragnet surveillance of all sorts of data warehouses to find people who fit a profile, without knowing who they're looking for ahead of time. With this, they have to have a DNA sample found at a crime scene, and they're using that combined with a warrant to do a targeted search for people with matching DNA. It just happens to be a website that people send their DNA to, rather than a police database.

So I'm actually inclined to say I think this is ok? But I'm not 100% sure how I feel yet.

EDIT: ok it looks like this was done not necessarily with a warrant, but with the officer just submitting the DNA as if they're a customer of the site. But actually my point still stands if they changed their technique to instead use a warrant and ask the site directly, not hiding that they were police officers... it's just that in this case they didn't even need to because it's so easy to just send others' DNA samples to these sites? It really seems like the lack of a warrant was a technicality here and could have easily gone the other way and still got to the same result.

You should feel upset and scared. Sites like 23andMe are just a small subset of genes and variations of them. The number of false positives due to this limit is significant. In whole database fishing searches by non-experts (ie, police) it will result in false positives every single time.

And also contributing is the increased sensitivity of the DNA amplification methods and lax procedures at most labs. See http://www.sciencemag.org/news/2016/03/forensics-gone-wrong-...

>In 2013, geneticist Michael Coble of the National Institute of Standards and Technology in Gaithersburg, Maryland, set up a hypothetical scenario in which a mix of DNA from several people had been found on a ski mask left at a crime scene after a series of robberies. Coble asked 108 labs across the country to determine whether a separate DNA sample, which he posited had come from a suspect in the robberies, was also part of the mix. Seventy-three of the labs got it wrong, saying the suspect's DNA was part of the mix when, in fact, it was not.

It only allows finding the suspect. A full DNA test is required to be conclusive. I think it is the case here.

Police, judges and lawyers probably don't know the difference between a DNA test and a DNA test. People used to go to jail because they had the same blood type as the criminal.

Right, but the issues with using geneology-resolution DNA to match a specific individual are already understood---you yourself have highlighted them.

A defendant is one expert witness away from undermining a case that relies on that low of a resolution of matching alone. In this case, that data was only used as a pointer to suggest to police that deeper scrutiny of the identified suspect was warranted.

> A defendant is one expert witness away from undermining a case that relies on that low of a resolution of matching alone.

and an uninformed 'jury of your peers' away from a false conviction..

If things were that bad now, the relative whose DNA first came up as a a close match would now be in custody and on her way to a conviction.

To see how things were actually done, RTFA.

DNA-based evidence led to a lot of wrong convictions in the early stages but methods have improved significantly. No judge would send someone to jail because a sample at 23andme matches. But they could issue a warrant to allow a further DNA test of the suspect.

There is significant lag between false convictions and proof of innocence. So, it might seem like a huge improvement but it's far smaller difference than you might think.

What is the difference between a DNA test and a DNA test?

Considering it's their job i'd say they no quite a bit.

The Wikipedia notes the police acquired a sample of the suspect's DNA and confirmed a match to the crime samples

Yes, and they even acquired a second sample after the first came back positive just to confirm.

If anything, I'd expect people to have more concern about the fact that the police in California are allowed to steal your stuff and grab DNA off of it than the risks from them being allowed to submit your DNA to a privately-owned database full of voluntary DNA submissions.

"steal your stuff and grab DNA off of it"

It's not stealing.

First off, if you discard something in the trash you no longer are laying a claim to it and giving it up for the trash handlers.

Secondly, it was established in California v. Greenwood that you don't have a privacy right to trash left out on the public curb for pickup; which obviously implies that you don't have a privacy right to trash placed in a public bin.

I dont think thats a good analogy. a better one is your neighbor discarded trash, and your trash is like your neighbors.

I personally think privacy laws need to be set up right away. I think it should be illegal, even in cases of national security, to infer something from your DNA from others, such as relatives without the use of a warrant.

you should not end up in what is effectively a police line up just because your brother submitted his dna to the public domain. people should not be able to use information about his dna, in any way imaginable to infer anything about you.

Why? That seems like a broad restriction that we don't apply to other things like "Your fingerprints partially match some prints at a crime scene" or "You drive the same car as a suspect." People can and do end up in a police lineup for being the same gender and living in the same apartment complex as a perpetrator; I think that's reasonable, because a lineup isn't a conviction.

There's a world of difference between evidence submittable at a trial and evidence making someone worthy of suspicion and further investigation. I agree the bar on the former should be high; the bar on the latter being low on average leads to faster perpetrator identification and a safer community.

our DNA is private. they should not be able to look at it without a warrant even if someone else slimier to you recklessly throws it in the public domain.

Imagine I could read your mind by reading someone else mind. are you ok with me having access to your private thoughts just because someone gave me access to their mind?

> Imagine I could read your mind by reading someone else mind. are you ok with me having access to your private thoughts just because someone gave me access to their mind?

Even if you and I were parent and child, I don't think there's a reasonable philosophy of ownership on which you could hinge the notion that I can't donate the DNA in my cells to a cause because the pattern of half of the (physically completely independent) DNA in your body has a relationship to my own.

I do think you're touching upon possibly an interesting wrinkle in the way our current philosophy of ownership treats data about groups vs. data about an individual. Similar lines of thought underpin the question of whether your friends are culpable for sending data about themselves to Cambridge Analytica if it allows CA to extrapolate information about you.

However, I currently know of no philosophy of ownership that makes the described scenario bad apart from the general "it's a dick move if you do it on purpose to screw someone else over" (but that hinges on the general category of "Don't screw people over on purpose," not on any concept of joint ownership of data).

To pull another analogy: imagine I had dated a rapist and although I didn't have enough evidence to get him convicted of a crime, I told all my friends he was dangerous and now they won't date him. Is this bad? Quite the opposite; it's the system that is already of necessity in place to protect people from bad actors that the legal system fails to handle.

"our DNA is private."

How does one even come to such a conclusion?

It's the essence of who you are, your uniqueness against every other living thing on the planet. I can see how psychologically compelling that idea is, even though I disagree.

That's going to be bad news for identical twins.

Nah. They've got unique fingerprints. Initial conditions are always unique.

What I mean is: should I be able to stop my identical twin from uploading his DNA to a genealogy site without my consent because we have identical DNA?

Legally, the answer is pretty much "no" right now, and I think it's morally also "no."

What was the analogy? I wasn't giving any analogy, I was giving facts.

Excellent; thank you for the clarification.

I agree that the use of a public genealogy database is problematic but the way in which the police obtained the genetic material is not.

Once a person discards any material as trash in a public space, it's fair game. The police didn't begin doing this sort of thing when DNA tests were invented.

Here is a useful link:


I just used both methods listed to request account closure and deletion of all my data.

I suggest people do the same.

Does anyone know which professions in the US that are government related that the DNA information is preserved? I would surprised if there are not positions which require it. Surely law enforcement is keeping the records on some convicts. Do they even need a warrant to obtain it?

what I am leading up to is I can easily see where it becomes a requirement for others and it might start off with police forces because of the high visibility of abuse issues. From there it is not a big leap to other high visibility groups to include military and eventually everyone gets lumped in for medical safety and such.

It isn't that we need to be scared of what 3rd party sites do, it is that we need to be ahead of the game and limit how government can gain and maintain this information

Each state has a DNA database and there is also and FBI DNA database.

In California, the police can add you to the database (forcibly if needed) if you are arrested for a felony, or if you have a felony record and are arrested for a misdemeanor.

Note that I used the word “arrested,” not “convicted.” SCOCal has ruled that a conviction is not needed. Just an arrest.

All of this came about through two different voter referenda.

I'm not sure it passes the “do they have a target in mind” test. If they had a particular suspect in mind and asked whether that suspect's DNA matched or not, that's one thing. If they indiscriminately look for arbitrary people with matching DNA, then it seems to fit the definition of a common statistical mistake that even has a Wikipedia article: https://en.wikipedia.org/wiki/Prosecutor%27s_fallacy

(Although again, if the match turns out to be a prior suspect rather than a random person, that's another story—see the “defense attorney's fallacy” lower on the page.)

> If they had a particular suspect in mind and asked whether that suspect's DNA matched or not

They do. The suspect is a "John Doe." But the suspect's DNA is the physical sample they have in the rape kit. IANAL, but it sounds like it should pass the criteria for targeted search.

Interesting point - I highly doubt the suspect was a "prior suspect". But in this case I believe investigators were able to find additional evidence after they matched the DNA. So in Bayesian terms, multiple updates (DNA match + location match + suspect appearance match + other physical evidence) were made to their prior.

Additionally, I think investigators tend to act more carefully in a high profile case than in a typical case, so I expect that they possess some additional conclusive evidence.

It doesn't matter if multiple updated positively confirm the suspect as the perpetrator when the first link in the chain (ill-gotten DNA match) is excluded by the court. This guy will walk.

Will he? I believe this novel use of a private DNA database is so novel that there may not be any governing case law on whether it's a violation of privacy.

The scanned individuals opted in for relative matching. The fact those people were relatives of John Doe is publicly-documented knowledge in birth records and not susceptible to a privacy challenge.

We know states are prohibited from storing biometrics (DNA, fingerprints) of law abiding people for law enforcement purposes. Then it follows they are prohibited to outsource the same to third parties.

That's a reasonable train of thought. IANAL, so I don't know if it actually holds water in court.

That's not how it works.

I don’t think it’s a big deal.

Lets assume that instead of DNA evidence, they had a photo of a white van at the scene of the crime.

In that case it would be obvious that the police would search databases for people who own that model of car.

If police would need to have a specific suspect in mind before they start investigations, how would they ever be able to investigate anything?

Car registrations are required. You are allowed a choice of owning a vehicle knowing what it requires. Sample of your DNA and fingerprints is not a requirement when we are born. Thus I find the comparison not adequate.

You're not required to use the page. It's no real difference if your uncle has a white van or a matching DNA in a database.

With GDPR, you should be able to force 23andme to delete your DNA information after you received the results. That's if you're European at least.

But it wasn’t the suspect’s DNA it was his relative’s. Deleting your own information would not be a sufficient privacy measure in this case. It’s increasingly statistically likely that someone you’re a relative of will be in a DNA database, it’s simply not tractable to ask all of them to remove their DNA. And what about when some of these people die, can I take down my late grandma’s DNA.

So to tune the analogy: "A white van was found at the scene. Police have reason to believe the van's owner wasn't driving that day and investigate the owner's son, who is also known to sometimes use that van. That investigation reveals much stronger evidence that the son is the perpetrator."

I see no issues with this chain of investigation. Some tools the police have access to you cannot personally opt out of. That's working as intended.

If I am European and I ask Facebook to remove my data, will they also remove pictures of me which are owned by my family? I doubt it, and that's also the problem with providing consent on these DNA databases - they don't require the consent of all of your relatives.

It's a really tricky question. I'm not at all enthused about the police having rights to collect and store all arrestees' DNA indefinitely for example. On the other hand, it's both commercially risky and wholly impractical to refuse access to the service to law enforcement. You can't have a networked society and expect the police not to use OSINT techniques.

Even if they arrest you for nonsense reasons and release you without filing any charges?

If you're arrested or charged for a felony in California you're obliged to provide a sample, since 2009. I don't know about other jurisdictions. CA apparently has the largest database in the world.

"not" enthused.

Whoops, missed that word. Changes the meaning a bit.

Hmmm. As a consumer, am I allowed to submit someone else's DNA to 23andMe without their consent?

Reminds me of GATACCA where the woman kisses a man and the goes to a booth to submit the DNA to make sure he is a 'good catch'...

Yeah and made me wonder if we'll end up having to daily scrub ourselves in an incinerator...

Do you mean, will you incur any legal penalty for doing so, or just be violating their ToS? I don't believe so but haven't researched it in depth. It'd be tricky to sue because the right of publicity is generally treated as a property interest and you wouldn't necessarily be able to show any economic loss. I'm not an attorney though.

In practical terms, I'm sure it's against the ToS but really the service providers have no way of knowing unless the person has already submitted their DNA and your submission raises a red flag, thus cutting you off from the information you desire. This is interesting from a game-theoretic standpoint in that it might be more secure to give your information to every website and then be the designated owner, but it probably wouldn't shield you from law enforcement getting the same information via subpoena. It's an uphill argument to say that a general right of privacy weighs heavier than the unsolved cases of 10 murders and 50 rapes, a record which will probably be broken again in future.

I don't think DNA testing companies have much incentive to screen potential customers since each person can only submit DNA once without raising another red flag.

A nefarious genetic catalogue company could offer a bounty for people submitting DNA samples and identities.

To be useful, they'd of course need a solution for verifying authenticity of the input data. Otherwise, it's just noise and we already have historical examples of that design failing (such as "informants" handing over people to the US as terror suspects).

>A nefarious genetic catalogue company

Or simply Facebook. Imagine the improvement in advertising accuracy if it could use your DNA as a unique key in its database. Match

Interesting idea, it could even be opt in and explicitly for crime investigation purposes.

Ignoring practical issues with obtaining the sample, I think a good lawyer could probably find a way to sue you for any damages that you caused. As for whether it's a criminal act, I think that it might be a form of assault, maybe.

I know it would violate certain state laws regarding biometric data, but the penalty for violating those laws appears to be civil by and large, not criminal.

> Ignoring practical issues with obtaining the sample

> As for whether it's a criminal act, I think that it might be a form of assault, maybe.

Are you suggesting that using their DNA without their consent is assault, or the taking of it from them? It'd be trivial to take it without contact with them, from e.g. a hair, or their toothbrush, particularly if you live with them.

23andme and ancestry.com use a process which needs more genetic material than is available from hair or toothbrushes. You have to get a fair amount of spit in a tube.

Couldn’t this be seen as identify theft? It is like saying. I am John Doe from Bakers Street except that a complete DNA sample would be even more conclusive (I.e. impossible to accidentally to use to hide one’s identity).

Sounds like they submitted to another, smaller, site.

Yeah. I'm more wondering about the general case, though.

If I were an insurance company, what's to stop me from hiring investigators to go through customers' garbage to find their DNA, analyze it, and then take "appropriate" action?

Genealogy sites have no way of confirming the DNA submitted belongs to the person submitting it. Trash left on the street is considered abandoned property, so fair game for identity thieves and insurers alike. However, unless you know the person lives alone and has had no other guests between trash pickups, you can't be sure the garbage DNA is theirs. More likely an insurer might try to get a sample during a house visit or, stalking out the target at a cafe, or a hairdresser appointment, you name it. Life insurance companies can come to your house and get your EKG already, a swab would be easy.

>Trash left on the street is considered abandoned property.

I wouldn't be so sure of that interpretation. In most places that I've lived, you could be arrested for taking things out of the trash, whether in front of your house, or even if dumped on the side of the road.

No you can't, in the US the case law is extremely clear that trash is fair game. See: California v. Greenwood

That being said, you can't trespass to obtain the trash.

Nope, law is pretty clear on this one: people can take things from trash.

> If I were an insurance company, what's to stop me from hiring investigators to go through customers' garbage to find their DNA, analyze it, and then take "appropriate" action?

Laws against discrimination, such as those for both genetic information and pre-existing conditions that already apply to health insurance in the US. Even if nothing stops you from getting the information, you are prohibited from using it.

You can't use it officially, but if you're sneaky, you can identify potential targets for parallel construction.

If you were an insurance company, what's to stop you from hiring investigators to tail a customer and figure out how many times per week they stop at McDonald's for breakfast?

Weird bit about these types of sites they are quite strict about using your real name, but do not really check your ID (but leaves it to post office I guess).

On a fun side, I wonder what would happen if I submitted dogs or pigs saliva.

They would know, the DNA is different. There are animal DNA matching sites for breeders' use. Dog DNA is especially interesting because their genes are more 'slippery' than those of other species.

Interesting. What does 'slippery' mean in this context?

(answered my own question: mutation rate from generation to generation in dogs is higher on average than in primates. Mechanism is not clear; one hypothesis is that mammals have DNA error correction "machinery" in their cells that is less effective in the canine genome. It's also unclear whether this has any impact on the evolution of dogs in terms of them being somehow more malleable to selective breeding than other species).

Law enforcement used an freemium DNA site: GEDMatch. https://www.theatlantic.com/science/archive/2018/04/golden-s...

I found it intriguing that the EU GDPR explicitly recognizes genetic data as something that it covers under PII - and thus you a have "right to request deletion" of your genomic data, I assume?

"GDPR, in contrast, explicitly recognizes the sensitive nature of genetic data collected in a variety of settings. In Article 9, an adjusted definition of special categories of personal data has been provided that includes genetic data and biometric data, among others." [1]

[1] - https://www.nature.com/articles/s41431-017-0045-7

Which is fine, I suppose, but your relatives don't have to do delete theirs, and the similarity of their DNA to your DNA means that someone could back out, to a certain level of confidence, whether you might be a match based on DNA contributed by them, with the familial relationship obtained and substantiated from other sources (vital statistics, etc.).

This is not new -- I believe there have been at least a couple of arrests made as the result of a suspect's relatives contributing DNA in lieu of actually obtaining one from the suspect directly -- and provided there's consent from the relatives, I can't see much grounds from restraining someone from allowing their own DNA to be used to build a case against someone else. It becomes a bit murkier if you start compelling people to contribute DNA to build a case against a family member, but even there I can see parallels to other types of evidence and it's not a clear slam-dunk to me that it ought to be barred unless the familial relationship is one where testimony would normally be covered by marital confidence or other privilege.

Yep. I do understand re: this not being new - worked in a forensic genetics laboratory, and I tell my family what they give up and expose us to if they contribute to one of these db's.

So caveat emptor as always...but yep I had just wondered in general about "right to delete" with respect to genomic data.

What exactly do you tell them that they're giving up and expose your family to? Kind of an odd thing to mention in a thread about a case where a family member's DNA exposed a criminal.

The problem isn't deleting your DNA. The problem is you cannot delete your relative's DNA. Which is how I've read that they found him. Found a relative match from a 3rd-party, made sure he would have been in the area the years of the rapes, tailed him for a verification DNA sample, made arrest.

If this were to come before the CJEU[1], it would not be clear-cut at all. There was a landmark case where home CCTV was ruled inadmissible in a robbery by virtue of the fact that it included footage of a public road, and the thieves did not consent to the use of their personal data[2], i.e., the recording of their images in public using a home CCTV system.

And the definition of personal data extends to any data that can be linked to you. For example, if a server records a log entry with your name and IP, and the server also records log entries with just the IP, all of the log entries are considered personal data, even for dynamic IPs in some instances[3].

There are some exceptions around criminal justice and the protection of persons and property, however, I still wouldn't be surprised if this DNA evidence were ruled inadmissible in the EU.

[1] Court of Justice of the European Union [2] http://curia.europa.eu/juris/document/document.jsf?docid=160... [3] https://www.whitecase.com/publications/alert/court-confirms-...

Your second link returns not found for me. Do you have another link? Or a name for me to search, please?

Strange, still works for me! Here's the actual ruling: http://curia.europa.eu/juris/document/document.jsf?text=&doc...

Is the metadata that you requested deletion something police in Europe can subpoena?

It sure would seem awful suspicious if someone requested DNA deletion out of the blue. Not convictably-suspicious, but suspicious enough to warrant followup investigation. ;)

> "It really seems like the lack of a warrant was a technicality here and could have easily gone the other way and still got to the same result."

It still might. He's yet to be tried. He's yet to be convicted. It's going to be interesting / crazy to see how the ACLU reacts to this.

Also, in a way, this situation reminds me of the recent FB snafu. That is, access to your friends was granted by you (or me), not them.

The point being, personal privacy isn't so personal anymore.

what is the difference here between a face photo and DNA? I don't really see any. Both are kind of information fingerprint of a person. If police have a photo of a suspect is it ok for them to use image search of FB/Google/etc.?

To me it’s that the evidence didn’t come from the suspect. It’s like being able to recognise me from a photo of a relative on FB - I don’t like the idea of that. I don’t know why, but I don’t.

What's the difference between this case and the fact the unabomber was caught because his brother and sister-in-law recognized his writings?

What's the difference between this case and if the cops post a photo of a suspect and someone says "looks kinda like my co-worker, maybe a close relative" and that co-worker says "oh, that's my brother, we look alike, people mistake us for each other all the time." And then the DNA matches the brother.

That the relatives gave evidence unknowingly and that the DNA service was used quite differently to what it was designed for. A terrible person was caught in a clever, but sleazy way.

The police used GEDMatch which is openly available and it says explicitly it's used for "researcher" and warns users that their genetic information is available to the public and they can't control what the public does with it.

People "unknowingly" give evidence to the police all the time. That's like complaining the police used information that someone blogged about to solve a crime.

The issue as I understand it, is with the broadness of the search, and that the data in question is personal and private. The search did not query for a particular subject. As an analogy, if the police thought the suspect had diabetes, would they be able to subpoena a hospital to list all the diabetics, then consider them all potential perpetrators?

Or, literally, fingerprints.

If the officer submitted the DNA as if they were a customer of the site, I wonder how they complied with the company's sample collection process. You usually have to submit a generous amount of saliva or cheek swabs.

There are sites that don't require a sample, but instead you upload the raw data from a site where you did submit a sample. Gedmatch is one such site. One could construct a file in a compatible format containing DNA data obtained from your own laboratory, upload to gedmatch, and analyse matches. This is how "ancient DNA" samples are uploaded to gedmatch to see how you match against thousand year old human DNA samples.

Could they make a fake saliva sample that has the same consistency as real saliva and whatever other characteristics that the analysis equipment depends on, but contains no DNA (or take a real saliva sample from someone and strip out the DNA), and then but the DNA they want to test into this fake saliva and submit that?

Is this too different from looking up a person's name in Google or Facebook search boxes? In all three scenarios Police are taking advantage of publicly available information written/published by you or about you by others. Police can inspect openly viewable property without a warrant as well. They did not find the killer's DNA in a web site, but blood relatives provided enough triangulation to hone in on a person and get their "abandoned DNA" (maybe cup, cigarette, bloody nose napkin in the trash).

The difference is your name isn't plastered on every object you come in contact with. Your name isn't transferred to other people who come in contact with the same objects as you. Your name doesn't end up in other locations that have nothing to do with you.

The idea I could get arrested because my cousin coughed on a doorknob is terrifying. Everyone has that black sheep in their family. Why should I get harassed by the police every time they or someone they know commits a crime?

Your name is transferred to other relatives (your spouse, children, parents), and it does end up in press, documents, reports, yellow-page type sites, and other locations you haven't touched. Depending on your level of celebrity, it can also get plastered in news and projects you do not come in contact with. In this case though, they narrowed down a suspect, but did not bother him until they had two pieces of abandoned DNA that directly matched the killer. This is not the first time a black sheep has been found, by the DNA of relatives wealthy enough to afford a $100 test (now probably cheaper). The moment they mentioned he has a daughter and granddaughter when they announced the capture yesterday, I knew they probably triangulated him by a relative's DNA. The article today proved it.

That's not what I'm talking about. Your DNA can end up under the fingernails of a murder victim with no connection to you. Your name cannot. There was a Wired article about this the other day:


That's more of an issue with DNA evidence interpretation than a fundamental difference between different types of identifiable information. Your information can definitely end up in a crime scene that you have nothing to do with. If we use the name example, it's happened before as well [1].

[1] https://www.palmcoastobserver.com/article/man-wrongly-arrest...

> seems like the lack of a warrant was a technicality here

Seriously? That's all it takes for you to accept the police doesn't need a warrant? That the warrant is "just a technicality"?

If that were true, we wouldn't need judges to approve warrants. Police has and will abuse their powers without the judge being a filter for their actions. That should never change.

I think that's a non-charitable way of reading what I said. Although I was certainly unclear.

What I mean is, the interesting issue to me is whether it's OK for law enforcement to send a DNA sample and compel ancestry/genomic sites to respond with any matches, even if they do have a warrant. So I misspoke saying it's a technicality, what I really mean is that the issue is interesting to me even if a warrant were provided.

It's interesting that the first use of DNA in a criminal trial, in 1986 in England actually exonerated the prime suspect. http://news.bbc.co.uk/2/hi/programmes/newsnight/8245312.stm

Wow, this whole comment thread is given up acceptance of ambulance-at-the-bottom-of-the-cliff thinking. The real solution would be to make the police accountable so you can trust them, then let them search however they like.

I’d like the first bit without the second bit.

Which is the fundamental problem with data businesses. When you give your data to a 3rd party it is not possible within our legal system to restrict who has access to it.

Does 23andMe's Privacy Policy address this at all?

could they even? They d have to send a letter to all the relatives of each of their customers that their partial genetic information is stored in their computers.

Given the fallibility of DNA testing they may as well be using a divining rod to declare someone a witch. This will be abused to falsely accuse innocent people. Lives will be ruined and the authorities will act like their hands are clean. 23andMe is not a forensics lab. Their techs have no incentive to avoid mistakes with cross contamination. This is just plain dumb.

In this case, sites like 23andMe were only used to generate leads on suspects. Two independent forensic DNA tests were used for evidence of guilt. I agree that DNA testing has flaws, but that's the purpose of the criminal trial. Defendants have due process rights to cross-examine the DNA testing process, present their own testimony, and provide exculpatory evidence.

I think you're confusing an investigation with a trial. This technique seems like a breakthrough for narrowing a list of suspects. But your claim that this would be used as evidence in a trial is unfounded and a bit silly. They have him. They have the DNA of the killer. They can perform their own testing without relying on any online DNA test results at all.

In this case. But what about the next guy who is a false "match" for a rapist and has life turned upside down because of it.

They took samples (probably from a trash can). If it wasn't a match,I'd hope they wouldn't have 'turned his life upside down's anyway.

If DNA tests are so unreliable, how come they are still accepted in court?

Because the public is ignorant of the problems with it and the judiciary likes tools that can win easy convictions. Breathalyzers don't actually measure blood alcohol and there is no credible way they can estimate it to three significant digits but courts allow them too. Polygraphs are pure bullshit but the examiner's word that someone is "lying" is taken as sacrosanct evidence in court.

Polygraphs are not admissable IIRC.

IIRC The Wire had an accurate description of its use as an interogation tool (note I did not say investigative tool).


Not sure about DNA testing.

The other two examples are true. Across the Atlantic polygraphs are regarded as a comedy technology and breathalyser tests are sufficient grounds only for arrest and an actual blood test.

I'm pretty sure most all jurisdictions allow you to request a blood test in lieu of a breathalyser. I assumed it was common knowledge polygraphs were junk, but at least Wikipedia says they're in common use in the U.S. but are considered controversial. I knew polygraphs were banned as a prerequisite for jobs in many areas and that many government jobs had them as part of the interview, but figured it was more of a stress test or hazing. I do think the bar for expert testimony and scientific evidence could use a lot of improvement in the U.S.

In the UK there used to be such a right to refuse the breath test and take a blood test instead. However it was removed.


What the actual fuck? I didn't realise that the UK was so stupid. Is due process dead here?

Polygraphs aren't admissible on this side of the Atlantic as evidence.

I don't know if this is the commenter's intent but isn't there a potential false positive issue with DNA testing?

Something along the lines of if only 0.01 percent of the world's population can match a DNA sequence found that still leaves us with a million matches where I just made up both those numbers.

Fallability which way though? Do you disagree then when death row inmates are exonerated due to DNA testing?

Careful, your bias is showing..

This 'bias' is not necessarily inappropriate because of the inherent asymmetries of DNA evidence - it is statistically more powerful for exoneration than conviction. This is because of the False Positive Problem (similar to the Birthday Problem in probability): if the actual incidence of a phenomenon is lower than the false positive rate of the test, a positive result is likely erroneous even on a highly accurate test.

This is why a strong prior, developed through traditional policework, is necessary to increase the reliability of DNA results - most results obtained through database trawling will be false - and these will be numerous if the database is large enough. It is also part of the reason why exonerations are more robust than identifications.

This particular case may not suffer from these statistical problems, but they are worth keeping in mind, as it sets a precedent.

> Careful, your bias is showing..

That isn't bias but rather an understanding of burden of proof. If you think it is, then you are very fundamentally misinformed about how our society functions.

I was very confused about this. The genealogy website did not probide any information to law enforcement. Instead, law enforcement uploaded DNA from the crime scene to the genealogy website.


...and then the genealogy website provided information to law enforcement by showing profiles of people with similar DNA.

Perhaps that’s the real privacy issue... anyone can find a piece of hair on the sidewalk, send it to a genealogy website, and identify who it might belong to and/or any relatives.

I can see it now: "Hi. We're not actually related, but I believe you may be 2nd or 3rd cousins to someone who left a brand new, pink hairbrush at my B&B."

"So can you come pick this hairbrush up and give it to your cousin?"

So after search by phone number or email on Facebook, we will also have search by DNA. For when you want to get in touch with that mysterious stranger on the subway...

You'd first need to pull a hair from that stranger on the subway though.

Good point - you would have a better chance with someone who works for a food vendor...

You would just need to swab anything they touched.. it might be sufficient.

and sequence it


23andme requires quite a bit of saliva. They could definitely up the requirements to decrease the chance of fraud.

It's trivial to replicate even very small amounts of DNA. They don't actually need very much DNA, they just ask for that much to ensure it will work.

Wouldn't they have to replicate whatever medium it is in as well? For example, if sending in saliva, you'd have to replicate the saliva as well.

No need to replicate saliva. The DNA extraction chemistry wouldn't depend on saliva components.

Good point, and makes it less likely LEAs just sent in the DNA the 'regular' way ...

I wonder how they submitted the DNA

>anyone can find a piece of hair on the sidewalk, send it to a genealogy website, and identify who it might belong to and/or any relatives.

Searching for relatives in such sites, CAN be a privacy issue, but I don't see how your particular example works exactly.

What motivation exactly would have anyone that found a piece of hair, on the sidewalk or elsewhere, to know people with DNA from/similar to that hair's?

Consider this creepy altrnative: You have a drink at a bar. Stranger swabs it, or steals the glass, collects DNA, sends it in, now triangulates who you are from your relatives.

I don't know if it's that easy, but something like this may become possible.

>Consider this creepy altrnative: You have a drink at a bar. Stranger swabs it, or steals the glass, collects DNA, sends it in, now triangulates who you are from your relatives.

Sure, but following you would be much easier.

Why go through all the trouble (AND live an online trace).

> an online trace

Maybe in the future leaked DNA sequence databases will be available, downloadable, and searchable by criminals without a third party. If so, this would actually be less likely to create evidence than following them.

If you are up against someone or a state that wants this info, you can't really stop them. They could get your credit card info from the bar, follow you home, hack your phone, socially engineer anyone around you to find that out.

If they have your paternal relatives and your maternal relatives, that pretty much just leaves you and your siblings, right?

*Unless there are other marriages between your mom's and dad's families

They've probably got your finger prints too as a bonus.

So the issue is 23andMe or similar accepting DNA samples without verifying identify beforehand. As in, they should submit some kind of ID or affidavit that they are the provider of the sample before delivering it.

I agree. My understand was that both parties have to agree for the website to connect them. I'm not sure what specific site this is, but I wouldn't trust a site that just connects me to other people without my consent.

Your consent, or even you being on the website, isn't needed. If enough of your relatives consented, the stalker can have at least a list of your relatives, and try to guess you from there (as the police did in this case)

That's assuming again that my relative accept to share. That's not what I'm talking about. I'm talking about the direct result. In this case, the relative of the killer never agreed to share the data with the police.

> the relative of the killer never agreed to share the data with the police

Not with the police, but they let people who find a related DNA to find them (this is a feature of these websites). Once the police have your DNA, then can find your relatives. You can't control whether your relatives are opted in to this feature or not.

The sites have more privacy controls than that.

But I have no say over my uncle’s privacy controls. If someone finds my hair, and my uncle allows himself to be publicly searchable by DNA, then the person who found the hair knows it belongs to someone associated with my uncle. They can then find him on Facebook and commence further analysis.

It’s the same problem we saw with Cambridge Analytica. Incidental data shared by our friends can reveal information about ourselves when analyzed in bulk or supplemented with additional data.

You don't have a reasonable right to privacy of relations. That's all public record.

This in effect makes my DNA a matter of public record based on the decisions of my relatives (behind some hoops, but in practice it doesn’t seem hard). That seems like a breach of privacy.

Well it's technically your uncle's DNA. Limiting what he can or can't do with it because it also matches yours would then infringe on his rights.

Sure, in the same way my neighbors infringe on my rights to blast music at 4am.

Not the same. Your uncles DNA only establishes he is your uncle. Unless your also saying that your uncle is not free to disclose any information that might be contained in his DNA. For example that he is a white male.

You dont own your relative’s genetics. They can do whatever they want with them. There’s no breach of your privacy because nothing of yours was breached.

But my dna can now be matched to me - That is a breach of privacy today, or at least and end run around legislation that attempts to limit the spread of genetic information.

We should think really carefully about this! My uncle’s right to check out who his long lost cousins could put my genetic information in the hands of a potential employer, insurer, or government. That could be really bad.

This is similar to the Facebook scenario, where it’s not just your privacy you are trading away for whatever benefit, but those of people related or near you.

Are you saying that your uncle also can't post his full medical and psychological history online either?

Not the OP, but until not that long ago there was a social pressure thing of not "advertising" your relatives' history of psychological problems (mostly suicide or time spent inside a psychiatric ward) to outside members of your family, lest those outside members would think you had the potential of having the same issues, too. This is sort of similar to the "uncle" from your example not being free to post "his full medical and psychological history online", I mean, had he done that his family would have certainly retaliated by telling him to remove that information from public knowledge.

Btw, I live in Eastern Europe so I'm talking about stuff I've experienced here, maybe in the States or in Western Europe this behavior changed a long time ago and not only recently.

There's a big difference between your own DNA being publicly hosted and identified, and some DNA that is pretty similar to yours but not the same as yours being posted and identified to someone that is not you.

Why should you have a right to block the later from happening? It's not your own personal information.

I think the difference is much smaller than you think. If someone finds male DNA and my uncle has used this service, and a public photo with my eyes and hair clearly visible in the background on his Facebook page, then suddenly it’s almost as if I registered my DNA in a public registry. It’s the metadata problem all over again, it just takes one or two more public data points to deanonymize it entirely.

since DNA is by nature unalterable, that implies that there is no right to privacy of DNA.

You uncle should have a right to rat you out if he pleases. A mother can turn on his murderous child to the police if she wishes so.

I think the debatible point is consent: i dont think anyone ever consented to their dna being able to be used to incriminate them or anyone else without their express consent.


I had the same thought.

I guess people didn't like that movie. I thought it was great, and a relevant reference.

It needs to be rebooted for modern times.

This is weird af. I don't think anyone truly consents to the use of his dna this way, and its a strange case of privacy violation.

Im actually stunned, I don't yet have an opinion on how this should be handled.

Nor do I. Obviously, I don't want to appear regretful that the killer was found.

I predict that someone in the near future will be saddled with the unenviable task of arguing against the precedent set by this arrest. Good luck to that poor soul.

Given lab on a chips, and public spaces, sequencing would be done trivially anywhere there are sensors.

And given that people shed skin cells and hair regularly, that can be called abandoned property.

Being in a location at a certain place and time could be trivial to determine, no matter how careful you are.

I have a bad feeling this precedent won't be upturned.

There are hundreds of years of precedent saying it's OK to figure out if someone was at a location at a certain place and time. See use of CCTV, eye witness testimony, purchases & receipts, etc...

I would posit that there should be a difference between a potential suspect, and complete dragnet operations collecting everyone through a point.

Sure, if you have a Judge sign off on a search warrant, I have no problem with individuals being searched. But that petition to the court better be public and upon a sworn affidavit upon probable cause.

This case sure doesn't sound like that - instead it sounds like $geneticcorp was providing all analysis to law enforcement by default. Then again, the companies can just claim that's their "free speech" or some such garbage .

> Being in a location at a certain place and time could be trivial to determine, no matter how careful you are.

Well, that would determine that your DNA was there, but as we saw in that case discussed here earlier this week [1] is it a lot easier than most people realize for your DNA to get transferred to things or people who then transfer it to a crime scene, where it can be discovered and thought to be from the criminal.

I spent a while thinking about what one could do to defend against the risk that one's DNA might be falsely found at a crime scene for a crime that occurred when you are home alone. I couldn't think of a good way to prove you were home, but you don't need that. You just need evidence sufficient to raise reasonable doubt.

I came up with two ideas, one that you can do yourself, and one that would involve a startup that provides an alibi service. Not sure if anyone actually needs anything like this yet, but it is an interesting problem to thing about.

(I live alone, and my office switched to work at home a few months ago. I can now easily go several days now where the only people who see me are fast food workers, gas station attendants, and others in retail. Even at the fast food place I visit several times a week, where they remember me sufficiently to say "the usual?" when I walk in, and make the right thing if a say "yes", I doubt that if they were asked if I was there on a particular morning they would not be able to remember. All they could say is a come in 3 or 4 times a week but they wouldn't know which were the days I did not come in...so if somehow I was tied to a crime, I would probably have a very hard time establishing that I was not there).

First the self-hosted version. This is based on the old classic method that people, such as kidnappers, would sometimes use to prove that a hostage was still alive as of a particular date: send a photograph of the hostage holding a major newspaper from that date.

Set up a camera in your home that periodically takes a photo (or maybe a short video) of you standing next to a couple of monitors. One of the monitors displays current prices for several major stocks on exchanges around the world, and exchange rates on several currency exchanges around the world. The other shows several major news sites. After the photo is taken it is hashed and timestamped using a trusted timestamp service [2] (or if you want to do it simpler, just Tweet the hash).

If you ever need to raise doubt about a claim that you were somewhere at a time you claim you were at home, you offer the photo or videos taken near that time. The timestamp for the hash establishes an upper limit for the time that the photo was made. The prices on the stocks and currencies and the headlines on the news sites should allow establishing a lower limit on when it was made. That gives you evidence that you were home between those times.

Could this be faked? Yes. You could take a photo made earlier in next to blank monitors, and then around the time you are committing the crime ssh home and make the system take a photo of the monitors displaying the price and news data, and then Photoshop that into the earlier photo, and upload it.

But if your system is set up to work honestly, I think it would be good enough for reasonable doubt, unless the prosecutor can offer actual evidence that you DID hack it rather than just speculating that you MIGHT have done so.

The startup version, offering an alibi as a service, would just need you to have a webcam and microphone at home. With this service, you periodically initiate a video chat with the service, which it records. You should do the chat from a place where the background is easily recognized and unique. During the chat, the service gives you a random number of 6 digits. You speak the digits, while simultaneously holding up a number of fingers corresponding to those digits. The service saves the video and the random number. Maybe also hold up your phone with it using a GPS or mapping app showing your location.

In fact, the alibi service could probably make the whole client side a smartphone app. Use the smartphone front facing camera instead of a webcam. The app can use the phone GPS to record the location.

If you are worried about privacy issues over the videos of you being uploaded to the alibi service, there could be an option to store everything (video, GPS location) locally or on whatever secure cloud storage you use for your own videos and photos, with just a hash uploaded to the alibi server.

[1] https://news.ycombinator.com/item?id=16903330

[2] https://en.wikipedia.org/wiki/Trusted_timestamping

Fast food restaurants typically have security cameras. Same with gas stations, mini marts, public buildings, private buildings, etc. If you pay with a credit card, you'll have records of your whereabouts during that transaction. If you have a ton of internet activity on a given day that's not proof, but strongly suggests you were home. You have a cell phone that beams your location 24/7. Of course, its not proof you were home when you were using your cell phone at home, but it's highly suggesting you were home at that time.

Depending on the granularity of your utility's records you may be able to provide evidence that you were home based on your energy and water usage. This would probably look less suspicious than if you just happened to follow an elaborate alibi routine every day.

>This is weird af. I don't think anyone truly consents to the use of his dna this way, and its a strange case of privacy violation.

If anyone (a) submits their DNA to such a site, and (b) looks at profiles of people with similar DNA to his found by the site (that is, what the police did in this case according to the comment above) then doesn't matter if they "consent" or not, they should expect that others can do the exact same thing, and be shown matches to their DNA.

This is to a third party DNA. The murderer did not submit his dna, a relative did.

Doesn't that weird you out? The right not to incriminate your family feels breached.

How is this different than the police comparing DNA evidence to samples in their own database? In both cases, the person who provided the DNA did not consent.

For the same reason it is ok to collect felon's fingerprints to compare to crime scenes...the felons have shown they commit crimes.

> the felons have shown they commit crimes

That's not a thing. It's innocent until proven guilty; it's legally impossible to gather evidence because they're guilty to use against them. Hell, innocent people's fingerprints can be, and often are, collected at crime scenes. The police can use innocent people's prints to establish a timeline or figure out what their role was.

People should be at least notified about WHO saw their DNA results, and everyone should be approved on the site. So the police can't just use a pseudonym to search for this stuff.

The stringing bit in that for me is that is this “It wasn’t a matter of if he was coming, it was when,” Ms. Schubert said. Her parents were “not gun people,” she said, but her father bought a firearm. Her mother kept an ice pick under her pillow when she slept.”

How many people have been that scared?

i find it hard to believe that they were so lucky that a "small website that allows you to upload DNA data directly" just happened to have that data.

For an individual, the set of data those websites have on who matches you is around "Your total living relatives out to 6th cousin or so" * a ratio of people willing to use the site's services. That turns out to be a lot of people. And when you correlate that with data on where people live and where they lived at the time of a string of crimes, it turns out to be a lot of data.

Interestingly it wasn’t even his DNA in the database, but a relative’s. It just goes to show that there is nowhere to hide. Even if you stay completely offline, it only takes one relative to log the bulk of your DNA onto the Internet. Metadata strikes again.

Literal metadata (DNA) preempts this guy from striking again.

You usually use obviously beneficial cases to push boundaries. Having your medical insurance pay one of your relatives for their DNA to re-rate you and other relatives or other horror scenarios will follow later down the line, once we've shown willing to give up privacy.

This entire "you share lots of info (DNA) with your relatives, thus they can screw you with it" is a pretty new issue. I doubt we understand the full ramifications, yet, and thus i'd prefer caution instead of the government giving others a green light to screw me in ways i cannot even imagine, yet.

"Family members can screw you via relation" isn't really a new issue. English Common Law generally moved the legal needle on literally being killed or sent to jail for the crimes of a relative thanks to the abolition of "corruption of blood" law, but there are a lot of other ways you can be on the hook for a relative's actions.

One guy I know sent in his dna to ancestry. He was immediately matched with a woman as highly likely to be his sister. He was shocked and they connected. Turns out they are siblings and both adopted at birth. So there’s some upsides to these sites

Nevertheless hopefully ancestry etc would have sensible policies to protect peoples’ privacy unleSs a court order is involved.

There are other downsides, too.

I have a cousin who found out, in his 50s, after his mother and father had passed away, that he was not related to anybody in our family. It crushed him.

My family found an estranged relative from a one off affair in another country through Ancestry's "probably related" tool. It was an incredible experience.

Sample mixups and other mistakes can happen. I know of cases where family history could become exposed through these tests, but if you get results that are unexpected it's worth some follow up to be sure.


This guy gave his parents the gift of divorce.


The guy has a PhD but writes like a BuzzFeed writer.


There's something said about making material accessible to the "everyman" if you want your material to be widely accessed.

(as told to Julia Belluz) means that he didn't write it himself despite the use of first person.

But the DNA matching is just revealing the facts though which is true. Emotionally it is hard, but it's just revealing a fact.

I found an older half-sister I never knew about via genetic testing. We're getting along well enough.

The reporting on exactly how DNA was used to identify the Golden State Killer is still pretty limited.

It sounds like they submitted DNA from GSK crime scenes to a number of genealogical sites and got back one or more familial matches. From that match or matches, they were able to backtrack to a specific suspect.

Once the suspect was identified, they were able to surreptitiously obtain the suspect's DNA, then they directly tested that DNA against GSK DNA samples, and were able to confirm the match.

It hasn't been stated directly, but it seems like there is plenty of still-usable DNA from GSK crime scene evidence, even though it will now be 30+ years old.

He left behind a lot of semen. Rape kits were used in some cases to get his DNA, clothes in others.

The idea of finding suspects based on DNA is not without problems, is it?

It seems like one of the least problematic ways of generating suspects to me - what's the issue compared to, say, eye witness testimony?

Whereas eye-witness testimony is incredibly unreliable, but laypersons typically believe it to be accurate, the opposite is true with DNA forensic evidence. The public generally believes it to be infallible, when in reality it's not always that clear cut.

It should be regarded as another tool in the toolbox, not the be-all and end-all of criminal forensic investigation.

'As he was being arrested, he told officers he had a roast in the oven. They said they would take care of it.'

Humans are an odd bunch.

Arrest isn't conviction, so it's a good thing that officers don't always act like they're putting away a killer (and that the accused don't always act like they're about to be put away for life.)

Arrest isn't conviction, but since the topic here is DNA it's worth noting that in California you can have your DNA taken against your will and put into a database when you get arrested even if you're never convicted or even charged with a crime.

Further, in California and most other states, a 'fetal blood spot' is taken from every newborn and tested for a variety of genetic diseases, and the spot is retained in some state filing cabinet (or refrigerator?) somewhere. See an older comment for details & links:


Just as there was a state proposition (sponsored by the relatives of one of this killer's victims) to expand DNA-testing of criminal suspects, a future policy change could send investigators into those filing cabinets, if the blood DNA isn't too degraded, to do a broad genetic dragnet for criminal suspects (or their relatives).

This would require a warrant, which requires a specific target, not a fishing expedition. The BTK serial killer was caught in similar fashion, police were able to get a warrant for his daughters Pap smear which was stored at a medical facility.


Is that your considered opinion as a legal expert on these matters?

Since proposition 69 (2004), and recently upheld by the Calfornia Supreme Court, California is taking and holding indefinitely DNA for everyone arrested for a felony, even if they're never charged or convicted:


So they get already get 'free look' (no warrant required) at the DNA of anyone alive, via an arrest, even if the charges are ultimately unsupportable. Do you expect a stronger protection would apply against stored records?

Further, the newborn blood spots are already in government custody. There's no essential requirement for any private 3rd party to produce them, against the holder's wishes. Why wouldn't a detective/prosecutor, perhaps emboldened by public opinion or some new Prop-69-like policy, to consider these blood spots 'abandoned' DNA, just like that acquired from this 'Golden State Killer' suspect after surveillance but without a specific warrant?

Is it unlikely that law enforcement would ever get a 'warrant to modern-sequence-all-the-spots', to solve some particularly heinous crime, then retain the data indefinitely, as they already do for other incidental collections? Sure, that sounds to me like a 'general warrant' that should be prohibited by the 4th amendment. But government keeps seeking – and often winning in court! – ever-broader database warrants. (See for example https://www.washingtonpost.com/news/monkey-cage/wp/2016/06/1...)

Even the ~80 yes/no genetic disorders automatically tested for, and thus possibly kept in a digital database afterwards, might be enough 'bits' to narrowly pick a few suspects, or uniquely identify a single suspect, in some cases. Would the CA DOJ need a warrant to have a friend at the CA DPH run a SQL query on a database that may already be online?

Can you find any statement from the California Department of Publish Health that they would only release blood spot data to law enforcement with a warrant?

IANAL but why would HIPPA not apply to these medical records?

IANAL but from a quick review of some online authorities, maybe it'd apply. It might depend on exactly how the relevant agencies are classified – are they a health clinic themselves? The restrictions might be waiveable administratively for a popular cause, or violations might have no consequences when happening between chummy government agencies. (Who'll prosecute, and what effective penalties/remedies could be applied, if a governor/president commands coordination between two agencies under their control?) And given the trends in broad warrants, I'm not sure a future court wouldn't offer a warrant to sequence-all-the-spots and search for hits with some heinous criminals' samples.

HIPPA expires 50 years after a person dies, perhaps in the future these cards will be sequenced and crimes with DNA can be narrowed down to descendants.

Good point! This mass, automatic screening began in the late 1960s, so for any states that have retained most/all spots since then, millions of samples would become available for sequencing, despite any possible HIPPA limitations… right about now.

Is there any way to opt out of this?

There's technically some ability for parents to opt-out of the delivery of the blood spot to the state, by written request before/during the delivery process.

But that's so discouraged, and the normal process is so automatic and hectic, that it's very rare. Few even realize the blood-spot permanent-collection is happening.

There was a proposed bill in 2015 to require signed consent before the collection, but it was defeated. See very end of:


Don't live in California or those other states.

Much as you can opt out of the Second Amendment protection of firearm ownership by moving out of the US.

How is that different than fingerprints which are taken whenever a person is arrested?

Fingerprints are much less likely to be unique.

I don't know if that is true or not, but fingerprints can't (as of yet) show familial connections. I suppose fingerprints could harbor DNA though.

House fires tend to negatively impact the whole community. Not only could such fire spread to other properties, but it would expend fire department resources and quite possibly lower property values in the rest of the neighborhood.

Officers turning off the oven weren't just doing a favor to the killer, but to the whole community.

I’d also rather my house not burn down because I couldn’t turn off the oven.

What's odd about it?

He either was dumb a BS excuse to see if they will let him (perhaps to run for it), or was legitimately worried to have his house burned down.

As for the officers, they either sincerely meant it, or find it a cool phrase to say, conveying "you have other things to worry about now".

I've seen remarkably similar exchanges on tons of arrests in series like Law And Order.

Maybe it's odd that it was reported.

That quote has reminds me of the classic short story: Lamb to the Slaughter [1].

[1] http://www.classicshorts.com/stories/lamb.html

He was worried about his daughter and grandkid maybe?

He will get sued and lose the house likely.

Not really...

The suspect would not want their house to catch fire and police officers have a moral duty to prevent fires in their jurisdiction if they are made aware of a fire hazard they can easily mitigate.

I guess he didn't want his house to burn down

Who said there is no such thing as a free lunch..

Did they eat the roast? Talk about adding insult to injury.

This comment section reads like half the people didn't bother to read the article or even Google the case and somehow think the police are framing an innocent man.

That's part of it. The other part is that it has become a pop-knowledge meme - Reddit & Imgur style - that DNA tests are nearly worthless, are almost never a sound means to convinct someone, and that they mostly just convict innocent people when used by the police. That immediately becomes the go-to parroted premise anytime discussions like these occur, without exception. It's bumper sticker forensic science knowledge.

Well, in the public's defense of being skeptical of "forensic science" has been a range of outright lying[1] to mystical beliefs that look no different than shamanism or voodoo[2].

You should also be aware that the Nation Research Council has done a study[3] on "forensic science" where DNA was the only barely reliable measurement in the entire field.

These are methods the US Justice Department/Police/Judges/Prosecutors routinely uses to destroy innocent lives and trick juries. It's not hard to see how people become skeptical.

I'm not saying this is the case with the capture of the Golden State Killer, but it's not hard to see how the public lost its trust in these institutions we hold to be accountable and make choices.

[1] https://www.washingtonpost.com/local/crime/fbi-overstated-fo...

[2] https://www.scientificamerican.com/article/can-we-trust-crim...

[3] https://www.ncjrs.gov/pdffiles1/nij/grants/228091.pdf

I'm surprised they are being so public about this (they could have downplayed it, even if they didn't go full parallel construction.)

This will potentially cause people to be less willing to use sites like this, and this could have long-term negative public health impact. Plus, it hurts the commercial businesses.

(My DNA is on record with DOD for personnel recovery purposes, as are most military/contractor personnel of the past 15 years or so, but I'm not sure how the actual database works. I suspect in reality it means China, Russia, Israel, and any other competent infosec adversary also has a full copy of this database.)

Will it, though? I would bet most people wouldn't consider "maybe this will expose a murderer in my family" as a realistic possibility, and even among those who would, most probably would be OK with that.

Murderer in my family, probably not, but what if it is "drug crime in my own family" or the more likely "expensive medical disorder which will preclude insurance, employment, dating, etc.". It's still data being used "against" the user or his relatives.

This long article that someone on Twitter sent me is interesting: https://medium.com/matter/23-and-you-66e87553d22c

Those are reasonable extrapolations but are outside the purview of the police's concern. I don't expect they would stop a police chief (let alone a beat-cop) from bragging about a cool new method for narrowing a suspect list, because the benefit to other cops knowing about it outweighs the harm to the companies' bottom lines.

I don't think either of those concerns are really the police's concern. If the public reacts to this news by mistrusting those sites, so be it.

(One could, I suppose, make an argument that the police, for purely selfish reasons, would want as many people as possible to use these sites so would keep mum on this methodology, but that's assuming police act as a coherent unit or organization and are not themselves individuals and citizens with their own red-lines for creepiness).

This kind of screening is extremely fucked up because average people are terrible statistical reasoners. A 99.999% accurate DNA test will find mostly innocent people if applied to a database of tens of millions of people. And even without corroborating evidence, juries will convict on the DNA because average people aren’t wired for this kind of statistical reasoning.

The defense will need expert witnesses to explain why genealogical-resolution matching is unreliable, but any defense attorney worth their salt should have a stable of such witnesses; the difference between "A 100% correlated match between DNA at a crime scene and the suspect's DNA" and "An N% correlation between a suspect's DNA and a suspected relative of the suspect" is pretty clear even to this layperson.

IANAL, but even without the expert witness, defense should be able to throw enough doubt for a criminal case defense with a line of questioning that begins "If the DNA matched to person Q in the DNA database and not to my client, why is person Q not the one being charged with this crime?" Defense can then move from there to the observation that the match to a relative in the database merely narrows the field of subjects to a whole family tree of relatives of the matched individual.

(Note that in this case, the police used the geneology matches as a tool to focus suspect list, not as primary evidence in a murder trial. That's more in the realm of "Looking for everyone in town who buys that brand of cigar" than in the realm of "Your dad's DNA got you sent to prison!!!").

An excerpt from Michelle McNamara's letter to the golden state killer.

The race was yours to win. You were the observer in power, never observed. An initial setback came on September 10, 1984, in a lab at the University of Leicester, when the geneticist Alec Jeffreys developed the first DNA profile. Another came in 1989, when Tim Berners-Lee wrote a proposal for the World Wide Web. People who weren’t even aware of you or your crimes began devising algorithms that could help find you. In 1998, Larry Page and Sergey Brin incorporated their company, Google. Boxes holding your police reports were hauled out, scanned, digitized, and shared. The world hummed with connectivity and speed. Smartphones. Optical-text-recognition technology. Customizable interactive maps. Familial DNA.

I’ve seen photos of the waffle-stomper boot impressions you left in the dirt beneath a teen-age girl’s bedroom on July 17, 1976, in Carmichael, a crude relic from a time when voyeurs had no choice but to physically plant themselves in front of windows. You excelled at the stealth sidle. But your heyday prowess has no value anymore. Your skill set has been phased out. The tables have been turned. Virtual windows are opening all around you. You, the master watcher, are an aging, lumbering target in their crosshairs.

A ski mask won’t help you now.


That's an excellent piece. But let's not forget that the suspect is a former police officer. Assuming he's the right person, he was less of a brilliant tactician than a turncoat who knew knew the system inside out, and who may well have had access to investigative information afterwards. He was fired for shoplifting in 1979, having committed many of these crimes during his tenure as a police officer; it was after that he began killing his victims.


>People who weren’t even aware of you or your crimes began devising algorithms that could help find you. [...] Familial DNA.

The killer left behind 800 megabytes of information[1] at the crime scene in the 1970s. A present day genealogy website had another 800 MB uploaded from a family member. Algorithms found a match.

[1] https://www.google.com/search?q=dna+800+megabytes

What makes Michelle special compared to all these amateur sleuths that thought they were going to solve the case but didn't?

She wrote a good, comprehensive book that is both well-researched and accessible.

So? The police solved the case.

She was married to a famous person.

She was also an able writer, which most people are not.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact