Direct-to-consumer genetic testing has gained in popularity significantly in the last few years, with more and more people sending samples of their saliva to be evaluated in order to learn more about their family ancestry or disease risk. Individuals can then upload their genetic information to a variety of public databases that will match them to genetic relatives. While the prospects are exciting, there also has been an emerging trend of law enforcement agencies using these databases to solve crimes and cold cases, raising complex questions about ethics and data access. In a new paper published in Science, bioethicists from Baylor College of Medicine examine these emerging issues.

Framing the conversation around the Golden State Killer case, which recently was solved through access to a genetic genealogy database, the researchers discuss the process taken by law enforcement in finding a match and the subsequent legal and ethical questions that arise not only in this case but also for other public DNA databases and the consumers who use them.

“Is it a violation of the Fourth Amendment for law enforcement to access these data without a warrant? How well are people protected on these sites? And what limits need to be established to control surveillance of genetic information by law enforcement?” asks Dr. Amy McGuire, director of the Center for Medical Ethics and Health Policy at Baylor.

Historically, law enforcement has used DNA testing to solve crimes by comparing a DNA sample taken from a crime scene with samples collected in NDIS, the federal forensic database, which houses the records of convicted, and in some states, accused criminals.

Now, if the DNA found at the crime scene does not match a known record in the national forensic database, law enforcement can use publicly accessible genetic genealogy databases to find family members of a suspect and pursue the lead from there.

Using this method, law enforcement can take a sample of DNA from a crime scene, sequence it, and upload it to a genetic genealogy database using a fake profile to see if it matches with anyone on the database. From there, they can build out a family tree to find the most likely suspect, who they then follow to collect other pieces of DNA to hopefully match to the sample taken from the crime scene.

“While access to both the national forensic database and consumer platforms provides a larger variety of genetic information, many people who submit their samples to genetic genealogy databases do so for their own curiosity, not fully realizing how that information could potentially be used,” McGuire said.

As a result of the increased use in criminal cases, many of these databases have updated their terms of use to address privacy more directly, but people ultimately need to be aware that the information they submit is not limited to their own health or genetic profile, but also may unintentionally give clues related to their genetic relatives, both immediate and distant.

“It is important to realize that our casual use of direct-to-consumer genetic testing services and genealogical websites can have unintended consequences for ourselves and our families,” said Christi Guerrini, assistant professor in the Center for Medical Ethics and Health Policy at Baylor and co-author of the study. “Law enforcement’s use of the genetic information we provide those third parties is just one of the consequences. Even when third parties use the best possible security measures, they cannot guarantee that others won’t be able to access your information and use it, sometimes for unlawful purposes.”

The Supreme Court has, so far, ruled counter to what the public would expect when it comes to access to big data, but McGuire says the policies need to be reevaluated based on public perceptions and concerns.

Other contributors to this work include Natalie Ram with the University of Baltimore School of Law. This work was supported by the National Institutes of Health and the National Human Genome Research Institute.