Rights and Wrongs: The Golden State Killer and Genetic Investigations

Listen & Download

After 87 victims, 53 separate crime scenes, and multiple investigations spanning over four decades, the Golden State Killer was finally brought to justice this past August when he was sentenced to life in prison without the possibility of parole. The key piece of evidence that led investigators to the serial burglar, rapist, and murderer was not a traditional smoking gun, but rather genetic evidence sourced through a public genealogy database. While the positive uses of such investigative techniques are clear, what implications does this new era of genetic detective work have on the wider criminal justice system?

How does this technology work? Are privacy rights at risk? Should there be limits on this new field of DNA forensics as it pertains to criminal investigations? Reflecting the contentious nature of the topic, there are differing answers to all of these questions from public defenders and prosecutors alike. Join us for a thoughtful discussion as we explore the case of the Golden State Killer and the evolving legal landscape of open-source genetic forensics.


Arthur Rizer, Resident Senior Fellow and Director of Criminal Justice & Civil Liberties, R Street Institute

Nila Bala, Resident Senior Fellow and Associate Director of Criminal Justice & Civil Liberties, R Street Institute


Teleforum calls are open to all dues paying members of the Federalist Society. To become a member, sign up on our website. As a member, you should receive email announcements of upcoming Teleforum calls which contain the conference call phone number. If you are not receiving those email announcements, please contact us at 202-822-8138.  

Event Transcript




Dean Reuter:  Welcome to Teleforum, a podcast of The Federalist Society's practice groups. I’m Dean Reuter, Vice President, General Counsel, and Director of Practice Groups at The Federalist Society. For exclusive access to live recordings of practice group teleforum calls, become a Federalist Society member today at fedsoc.org.



Nick Marr:  Welcome to The Federalist Society’s Teleforum conference call as this afternoon, September 14, 2020 we have an interesting topic at hand. We’re going to cover “Rights and Wrongs: The Golden State Killer and Genetic Investigations.” My name is Nick Marr. I’m Assistant Director of Practice Groups at The Federalist Society.


And as always, please note that expressions of opinion on today’s call are those of the experts.


And we’re fortunate to have with us this afternoon, Arthur Rizer. He’s the resident senior fellow and Director of Criminal Justice and Civil Liberties at R Street Institute -- and Nila Bala, the Resident Senior Fellow and Associate Director of Criminal Justice and Civil Liberties at the R Street Institute. So after -- we’re going to have a bit of a moderated conversation today. And after Arthur goes first and gives some background, we’ll have some questions and back and forth. And then at about 3:15 we’ll open it up to audience questions, so be thinking of those and have them in mind for when we get to that portion of the call.


Okay. And to begin, Arthur, I’ll ask you the first question. Can you just give us some background? Who is the Golden State Killer? What’s genetic investigation? How does it work? Just take it away. The floor is yours.


Arthur Riza:  Yeah. So let me just start off by just explaining like who we’re talking about. I think that’s important. Ultimately, the Constitution in the United States and the way that police conduct themselves should be the same across the board, but in reality we know that’s not really true. When we have really heinous crimes, as we were citing, we’ve always been a little more willing to bend on what we consider appropriate as it comes to investigations.


We have our lines in the sand. We have the Poisonous Tree doctrine and such. But the heinousness of this particular set of crimes I think really did have an impact on how this kind of played out across the country. If this would have been a simple -- a car theft where they had DNA for some bizarre reason, I don’t think we would see the same earnestness by many on my side of the aisle and the other side of the aisle to kind of accept this.


So it’s important to kind of give some background on who we’re talking about. The Golden State Killer is Joseph DeAngelo. He committed about 120 burglaries, 50 rapes, and 13 murders between 1973 and 1986, and he really did get away with all of it. He was employed as a police officer in the ‘70s, so he had a certain amount of savviness when it came to investigations. And then later on as a mechanic in six counties where he committed his crimes -- and he used his knowledge of being a police officer and his know how of his community in order to get away with it.


After numerous unsuccessful investigations over 40 years, officers turned to DNA evidence in late 2017 after creating an electronic DNA profile from genetic material they found in one of the rape kits. So officers uploaded their data into GEDmatch, an open source genetic database created from profiles of customers from DNA sites like 23&Me and such. So one of the takeaways you can walk away from this is know that when you put your DNA into those databases, you’re giving something up. Think about that.


A partial match to a distant relative was found on that site and allowed officers to create a family tree of over 1,000 people. And then they spent several months eliminating suspects until DeAngelo discarded personal items. They collected his DNA, and they matched that to the kit sample. And he was then arrested.


So think about what I started: 120 burglaries, 50 first degree rapes, 13 murders. You can see that the set up really gives us the lens of how we’re going to talk about the rest of this case and this legal issue. And Nila, who I work with, is just really, I would say, one of the foremost experts on looking at that balance between technology, privacy and safety. And that’s really the three things we’re trying to balance here, right?


We’re trying to balance our individual privacy over things that belong to us, our DNA. We’re trying to balance public safety. This is an individual who was a murderer and a rapist, a terrible human being. And that’s just what we know about, by the way. It could be worse. He did plead to most of his cases, but we don’t even know if all of -- there’s evidence that that isn’t even all the cases. And of course, we’re balancing this idea of how technology is going to be used. So that’s kind of a setup for what we’re going to be talking about.


Nick Marr:  So I’ll send the second question over to Nila. Could you explain a bit about how genetic genealogy works to solve crimes and to solve these crimes that we’re talking about today?


Nila Bala:  Absolutely. Thank you guys so much for having me. So if there is DNA that’s collected at the site of a crime, typically what law enforcement will immediately do is run it through state and national databases. And if you’ve ever heard of CODIS, that’s what we’re talking about here. So when that happens, sometimes a match doesn’t come back, right?


I mean, CODIS is a pretty robust system. It has 18 million profiles but only profiles of people who’ve generally been arrested or convicted. And so it’s very possible that an individual doesn’t come up with a match in CODIS, and so that often ends up as what we call a cold case. Their DNA’s just sitting somewhere, and that’s what happened with the Golden State Killer. Even though those cases happened primarily in the ‘70s and ‘80s, they couldn’t find a match to the DNA that was collected at those crime scenes. And so they just had to wait.


What genetic genealogy does is it harnesses these open source public databases to provide law enforcement far more DNA in terms of the information they can look at to compare it to the DNA they collected at a crime scene. So again, typically how this works is on the back end a person sends their saliva to a site like 23&Me or Ancestry.com, which just to be clear are not open source databases. But they get back a raw DNA file, which they can then upload to these open source databases that Arthur mentioned, like GEDmatch or FamilyTreeDNA.


These sites were originally created for people to find long-lost relatives. So you could upload your DNA, and hopefully you’d get a match back. And you’d find an uncle or a cousin that you didn’t know you had. But another way that law enforcement realized they could use this is, if they uploaded that raw DNA from the crime scene that they couldn’t find a match through traditional channels like CODIS into the same open source database and basically created a profile without the actual person who this DNA belongs to, they might find a match. And with the Golden State Killer case, it was, again, a very partial match -- a great-great-grandparent or something like that -- and then traditional genealogy at work.


So you have to build out a family tree and use traditional detective techniques to try to figure out who it could have been in terms of the age or location. And then mistakes can be made, I should mention, because you are guessing to some extent who it could be. So even with the Golden State Killer, initially the wrong individual was identified.


The last step to kind of sealing the deal is to try to get discarded DNA from the individual that you think is actually responsible and see if it matches the DNA that you originally collected from the crime scene. And that’s kind of in a nutshell how forensic genetic genealogy works.


Nick Marr:  So law enforcement, police, have many tools that they can use. Why is this one important? I’ll ask either one of you, Arthur or Nila.


Arthur Rizer:  Yeah. So real briefly, the reason it’s so important -- because, I mean, when you think about how this case was solved, it was a cold case, and it was frozen in a locker buried in the bottom of a freezer. This was not coming out. We were not going to solve this case.


So this allows you to almost go back in time and create a new set of facts associated to this case. It’s actually amazing. It’s like when we first started doing fingerprinting index and officers had been collecting certain amounts of fingerprints for years back in the ‘20s. And they were able to match them up using the index, and they were able to solve a series of cases.


So this has incredible potential to solve some cases because you don’t need to have a direct match to the individual. So you don’t need -- DeAngelo didn’t put his DNA up on the website. One of his relatives did. So like my sister has done 23&Me. They would potentially be able to match my DNA through that sibling relationship.


And if they were looking for me for a crime because they had my DNA, they would be able to match that. So it is an incredible tool simply because it allows you to go back and relook at cases that were dead. And that right there is just in itself incredible. Scary but incredible.


Nila Bala:  Yeah. I’ll just add that GEDmatch and FamilyTreeDNA have DNA profiles from individuals that, again—this may be obvious—but are different from the profiles in CODIS, right? Quite a few scholars have commented that CODIS is racial skewed towards having more Black and brown individuals in its database because we know they are more likely to be arrested and accused of crime and convicted. So in contrast, GEDmatch actually I would say skews towards white Americans.


One study a couple years ago found that 60 percent of white Americans can be identified through GEDmatch, meaning some relative—again, it could be a distant relative—has already uploaded their information to these open source databases. And through, again, genealogy techniques, you can actually identify now almost two-thirds of white Americans. So it just opened up a much larger pool of individuals, which is kind of what Arthur was alluding to as well.


Nick Marr:  Yeah. So this obviously changes a lot. What are the kinds of concerns that have arisen with genetic genealogy websites being used in this way?


Nila Bala:  Yeah. I’m happy to take a first stab at that. I think there are two major concerns that I can pinpoint, and I just want to echo Arthur that, in a case like the Golden State Killer, when you’re weighing privacy and public safety, it feels very reasonable to say public safety, given the nature of the crimes, the number of the crimes that DeAngelo committed, definitely weighs in favor of using this technique. The problem is right now we don’t really have any guidelines that make clear to law enforcement or the government when these techniques should be used.


And privacy is incredibly important, too, of course. Privacy is a necessary human value. It allows you to have a functioning civic society. It allows us to have a private space where we can develop our own identities and flourish. It is the basis of the Fourth Amendment, so certainly important enough for our founders to enshrine in our Constitution.


But two major concerns of using these open source databases in this way, the first is that, when you upload your information, there’s a consent that you expect it perhaps to be used in a certain way. And one could argue the use of law enforcement in this technology is not necessarily what people expected when they uploaded their profiles. I will say that since the Golden State Killer case there have been quite a few changes to both of the websites I mentioned, which are, I would say, kind of the top two open source databases.


GEDmatch has switched over from I would say like an opt-out policy to an opt-in policy, meaning individuals now have to say they are willing to have law enforcement look at their profile. That being said, if you have uploaded your information and you haven’t logged in in a while, then it might just be there as an opt-out feature. FamilyTree has gone the other direction where the default is law enforcement can look at your profile unless you say you don’t want them to. So I think both of these sites have recognized that users should be involved in consenting to a use that they expect.


But I will say the second concern I have is that you’re also consenting on behalf of a lot of other people when you upload your information. So even if you expect that your information can be used by law enforcement officers in this way, you are consenting on behalf of third cousins that have never even uploaded their information to the site because DNA is linked to families. So you could be consenting for a lot of other people that don’t expect that. So those are two of the concerns I would identify.


Arthur Rizer:  Yeah. Two more concerns that I think are important is, one, this is an incredibly useful tool. But if it’s abused, we could see a rollback by the courts. And what I mean by that is if the court finds that there’s an aura of improbability around this type of testing, they could, like they did in U.S. v. Scheffer in 1988 -- dealing with polygraphs. So I’m not comparing polygraphs to this. All right? There’s a total difference in the scientific method testing between these two.


But you saw the court just kind of throw out this entire area that we can use. But if we get it wrong enough times, you can see the court doing that. So that leads me to my second point is this is really high-tech type of stuff. In the Golden State Killer case, the individual who did the testing had a PhD in biology, had experience working in this type of area, and there was a high degree of care.


But many departments don’t have that. You have individuals who don’t have a ton of experience doing these types of tests. And human error can really have a very damning effect.


But think about it. When you have human error in an identity type of case—you know, this person saw you, but you weren’t really there—you can argue in court misidentification. It really comes down to the jury and circumstantial evidence, whether you were there, the time, whether they could have saw you, how dark it was, yada, yada, yada -- all the stuff we learn in trial lab. But when it comes to DNA, man, if your DNA matches, the juries going to believe you. You are going to go to prison.


So it is incredibly important that we have the right individuals doing these tests. And in many counties across this country, they just can’t afford to have the cream of the crop testing, so they look to other types of places. There was a documentary done that many of this testing is done in these roving labs that are basically on wheels. And you can have misidentifications.


In early 2000, the Houston police department was routinely misinterpreting DNA evidence, leading to false convictions for rape and murder. Think about that. That is just crazy to me. And I think many people should be really weary about that. The most famous case is a 16-year-old Josiah Sutton. He was falsely imprisoned for four years based on faulty DNA evidence. And that’s just human error.


What about all the cases that we know where we have officials falsifying records because they want a conviction? The Fred Zain case -- if anybody doesn’t know who that is, look it up. Fred Zain, Z-A-I-N. I mean, this was a guy who operated in West Virginia for years and years and years, and you can trace hundreds and hundreds of false convictions back to him. He was literally making up data as it related to criminal convictions. There’s as many as 180 wrongful convictions associated to this guy and triple that amount of cases that he was involved in. And just as a cherry on top, after he left West Virginia, he got -- after he was discredited, he went to Texas and was a forensic investigator there afterwards, which is just bizarre that we didn’t pick that up.


But you think about -- you add all these things together and then just how believability -- I mean, in the prosecutorial world we call it the CSI effect because juries, when they hear the word “DNA” are trained to think, “Oh, this is absolute. There is no way that this is wrong.” So it is just a nail in the coffin. And when we get it wrong, we can end up falsely convicting people. So that’s another area that we should be very weary about.


Nick Marr:  So before we go and talk about the law, the current law, what the law could be, some solutions, maybe a little bit of more background on this technical stuff. First, who actually does this genetic work? You mentioned that there’s a lot of room for human error, and this one guy who was doing it is very well-trained. So Arthur, if you could talk a little bit about who actually does this work? And then Nila, if you could explain a little bit about how this is different from regular genetic testing that we’ve had around for a while? So Arthur, I’ll give it to you first.


Arthur Rizer:  Yeah. That’s actually one of the issues is that we don’t know who exactly is doing the DNA testing within these private companies. They don’t have to release all that. So here’s a perfect example. My sister and I both did one of those 23&Me, and we ended up with a pretty different genetic background, even though we have the same parents. And we’re pretty sure we have the same parents. And I think that was kind of an awakening about how accurate these are.


So when it comes to the private actors, we don’t know a lot. We don’t actually know. You know, I can tell you that I think the vast majority is automated. It happens through computers, and their testing is something -- say, you basically plug in the sample and it spits out a reading. And it uploads it to its database.


As it relates to the government side of things, there are -- a lot of counties actually have contracts with different organizations that will do this type of testing for them. The FBI obviously has a very robust testing system. And every state patrol that I know of has a testing sensor that they can test things for serious crimes.


So this is really something done by the police. However, many times these things are triggered by defense attorneys who think that their client is innocent, and so they want to start poking around the DNA files. And obviously, prosecutors have that duty as well to ensure if they have probable cause or they have reason to believe an individual may be innocent -- they have the moral and the legal duty to start poking around. But that’s in a nutshell who’s doing these tests and how it’s getting done.


Nila Bala:  Yeah. That’s absolutely right. I’ll just say that there are a couple places we can think of that human error could be introduced, and Arthur’s mentioned a few of them. The first is the initial DNA collection that ends up creating this cold case. There’s also a subsequent DNA collection once you’ve identified a suspect, and then you wait for them to discard some DNA publicly, like a cup that they drank from, something like that. And then, of course, there’s actually inputting the DNA you find -- the processing of it.


So there’s a couple of different points where human error can be introduced. And those aren’t necessarily unique to forensic genetic genealogy. Those are also points of error in sort of your more traditional crime solving techniques with DNA. The difference with using genetic genealogy I’ll say -- there’s a few things.


One is CODIS was never created to identify full genetic genomes. It was really identified as it was created as a crime solving database, and it’s a government database for that purpose. And so it uses just identifying a part of the DNA—what’s called non-coding, meaning you can’t tell from what’s in CODIS if a person has a certain hair color or if they have a certain eye color or a certain health attribute. It’s really just to identify the person—versus 23&Me, and sites like it, that do far more genetic testing and give you far more information.


So the raw DNA files that people are uploading into sites like GEDmatch use a technique called single nucleotide polymorphisms, or SNP. And the problem with this is that you’ve potentially revealed quite a bit more genetic information. And that’s actually one of the issues with this technology, not just that you’re identifying people—and of course, there can be human error—but that the information that you’re providing is quite vast.


And right now, we’re kind of just relying on the good graces and civic mindedness of law enforcement to necessarily delete a profile that they create on behalf of somebody in one of these databases and ensure that this person’s DNA isn’t just on this site for perpetuity. Or a third party might even be able to acquire it for some not so benign means. I mean, just in July of this year, there were two breaches to GEDmatch by hackers.


And so DNA isn’t like your credit card number if it gets hacked. You can’t just change your DNA if something goes wrong. And so we just need to be really careful about how we go about doing these processes and in which cases we use this technology.


Nick Marr:  So let’s talk a little bit about -- based on these concerns that we’ve raised, but also it’s potentially -- or it is a really powerful tool. So I guess we can start with are there any laws in place that already govern this process? And I’ll open that up to either one of you.


Arthur Rizer:  Laws, I would say Nila’s more up to date on this. I would say not really. There are -- most state patrol and Department of Justice have internal guidelines about how this information is supposed to be used. And I was actually heartened when I read it getting ready for this that the focus is on privacy and on liberty, and I thought that was good.


I was a prosecutor at DOJ. Most of the stuff that DOJ does is focused on ensuring that there’s success in the courtroom for prosecution. So it was heartening for me to see that genetic privacy was something at the top of their list of concerns. I don’t know if there’s -- I do remember last year some state’s legislatures looking at passing laws on this.


But really, the body that’s been kind of maintaining this is the Supreme Court, and they are really behind the times. I mean, there’s only really one major case, Maryland v. King, that really kind of has any type of genetic privacy rulings. And they basically said that an officer can take a DNA swab from the mouth on arrest. And it’s interesting that that was a split Court. It was 4-5 -- excuse me, 5-4 with Kennedy siding with the -- excuse me, Scalia siding with the dissentors. So it was kind of a split across ideological lines on what they were going to allow.


Nila Bala:  Yeah. That’s right. One of the issues right now is we don’t have a lot of guidance, either from state legislatures or from courts about exactly how this technology should be used. This previous legislative session—so I’m talking about for most states the spring session in 2020—there were four states that did introduce bills to try to either ban this technology or regulate it in some way or to allow it but in very specific circumstances or with a valid legal process. The four states were Utah, Maryland, New York, and Washington state. But none of those bills actually went all the way through, probably at least partly due to COVID-19 and a lot of legislative sessions shutting down early and really focusing their concerns on pandemic relief.


There’s also been an interim policy that the DOJ released, and this was pretty much exactly a year ago now, September 2019. And it kind of cautioned law enforcement departments to really use this technology as a last resort when they had really extinguished all other crime solving techniques. And so yeah. There really is a void right now in terms of guidance as to, again, what sense this new technique should be used for, whether there should be some kind of warrant process or a legal process through which a third party is reviewing instances in which law enforcement wants to use this technology, and also guidance for these open source databases and companies to help tell them and guide them in terms of how users should be informed and should have informed consent that the information they upload could be used in this way.


Nick Marr:  Interesting. What has the Supreme Court said on this topic or similar topics, if anything, and are there any cases that we should be looking out for as regards to this topic?


Arthur Rizer:  Yeah. I think I jumped the gun on that question a little bit. There isn’t a lot. The most parallel things that we can look at are things specifically related to DNA collection. And that was Maryland v. King 2013. And that’s the most relevant case we have. And what that case said was that an officer can collect DNA from an individual who’s been arrested and compare it against databases that are related to unsolved crimes, cold cases, and rape kits and such.


I will say, though, that one thing that is true that many people get confused about is, even in the case of DeAngelo, the Golden State Killer, the police were using this to build a case in order to get a warrant in order to go arrest Mr. DeAngelo. And actually, part of that warrant said they were allowed to collect his DNA. So the investigation was built obviously on these tools, but then they went back to old-fashioned -- getting a warrant from an Article III judge saying they had probable cause to believe that he was the individual they were looking for. Here’s the evidence that we have. And there was a dispassionate judge that looked at that evidence and made that decision.


So that still is a very important caveat. When I first read about some of these, it made it seem like all you need to do was do this match, and then magically the government would come and grab your DNA. They actually still go through the normal process when they have enough probable cause to believe that you’re the person they’re looking for.


Nila Bala:  I’ll just add -- and this isn’t a Supreme Court case that appears on face perfectly on point but does kind of tell us something about the direction that courts might go in the future to sort of contemplate this technology. And that’s Carpenter, which was a cellphone case. So again, it’s not about DNA, but what was interesting about the Carpenter case is that it took a way that we had thought about the Fourth Amendment for a long time and sort of shifted it, which was that -- the idea was that, if you did something in public on the public thoroughfares, on the road, you didn’t really have an expectation of privacy to that information.


If the state happened to observe you doing something publicly, then you had given up your right to privacy. And what Carpenter kind of explored was just the amalgamation of information that people now -- and I should say the government now has access to is really different just because of technology. And so, yes, if I saw you in one place at one time, that’s one piece of information that maybe you don’t have an expectation of privacy to. But with cellphones pinging off of towers and looking at months of that information, now we’re looking at a very different picture where I can learn quite a bit about you and your movements and your patterns and your habits.


And that’s why the Court said, well, this actually is an infringement of the Fourth Amendment. And in some ways, this technology might be similar where, yes, you are uploading your DNA to this open source database. And in a way, you’ve exposed yourself and your DNA, and you’ve knowingly done that. But the amount and scope of information you’re providing and also the way that it’s being used in a way that you didn’t initially contemplate is different than maybe what you initially thought.


So DNA might be in that category of new technologies that our previous Fourth Amendment jurisprudence just doesn’t do a really great job of capturing people’s expectations of privacy around. And this may be an area where courts revisit and say, “How can we fashion the doctrine to really respond to and take into account how people really think about their privacy?”


Nick Marr:  That’s very interesting. Kind of in keeping with this and also drawing on our discussion a few minutes ago about the different concerns and also potential solutions -- and Nila, you might want to take the first crack at this -- what are the kinds of concerns that arise and also problems with -- or potential full regulation of these private companies that are doing the testing? And Arthur mentioned that there are different people at these places.


We don’t know much about how they’re doing it. What are the kinds of concerns there, if any, and then what are some kinds of solutions? And then how do you think courts or different legislatures might think about these issues?


Nila Bala:  Yeah. That’s a great question. Right now, genetic genealogy in sort of the forensic realm has been described as the wild, wild West because there aren’t a lot of rules and a lot of guidance for these companies. And so it’s often up to the founders of these companies to kind of make it up as they go along. And I’ll give you a really concrete example.


So when GEDmatch first realized that their technology could be used in this way, Curtis Rogers, who was the owner and founder at that time, made clear that he wanted the technology to only be used to solve the most violent of crimes, so specifically like murders and rapes. And that’s kind of where he drew the line. But what happened was he was contacted by law enforcement in Utah after an assault had taken place at a Mormon meetinghouse, and they really wanted to use the GEDmatch technology for this assault.


And previously, again, GEDmatch had been very clear that that was not an offense that they wanted to have that technology used for. They only wanted it for the most grave and heinous of crimes. But he relented. Curtis Rodgers relented and allowed the technology to be used. And there was definitely an outcry, and I think the reason was because the users at that time had been sort of primed and told that their information could be used by law enforcement but only in, again, these two categories of cases. And then suddenly, things were changed on them. That line shifted, and that line shifted because of one gentleman’s decision to -- the founder in this case -- to allow that to shift.


So that’s kind of tricky when there’s so much power that these private entities hold to keep shifting guidelines. And actually, one of the reasons I think GEDmatch switched over to an opt in policy was because of the backlash from this incident that I’m describing where users really wanted to know that their information would be used by law enforcement and actively say yes to participating in that process. So I think where the government could really step in and provide some guidance is to make clear that users need to have informed consent, be educated about when and how they’re information’s going to be used.


They may, in fact, make it very clear that this technique should be confined only to certain violent crimes, that there needs to be some sort of Fourth Amendment-esque process in place like obtaining a warrant. Because right now, if you look at every step of the process, you don’t necessarily have -- you don’t have to get a warrant because when they identified, for example, DeAngelo as a potential suspect in the Golden State Killer case, they just -- the law enforcement officers just waited for him to discard some DNA publicly, which you are allowed to pick up as law enforcement. It’s trash, essentially.


So there isn’t a process to govern the fact that law enforcement had created a profile and put it on this open source database and nothing that regulated whether they should delete it at some point, how to protect that person’s information. And so those are some of the things we could think about shaping and I think some of the things that states have contemplated, like I mentioned the four states that have introduced bills -- kind of contemplate creating some guidelines and some guardrails for this technology.


Nick Marr:  Arthur, do you have anything to add on this point?


Arthur Rizer:  No, I think Nila hit a homerun on that one. I think that’s exactly how we should be thinking about it. And I think that -- I do -- as Nila talked about at DOJ guidance memo, that was something they sent to their prosecutors. And it specifically talked about the dangers that could come, meaning losing the ability to use these tools if they were abused.


They also specifically said that, if there’s not some type of procedural safeguards, they didn’t want federal prosecutors using these DNA matching methods, which, again, I took as they didn’t have to do this. They did it because they thought it was the right thing to do as the government body. So that was an example of the government actually limiting themselves, which is rare in these days and age.


Nick Marr:  Are there any courts -- maybe lower courts looking at this now, or should we expect it soon in the future, later in the future? What do you think?


Nila Bala:  I think it’s going to come up -- yeah.


Arthur Rizer:  There are definitely cases that are rolling.


Nila Bala:  Go ahead.


Arthur Rizer:  Yeah. There’s cases that are rolling using this stuff. So these are things that are going to work their way up. And we’re going to -- I would say within the next year or two we’re going to see a direct case challenging the constitutionality of these cases. And the thing about the Golden State Killer case is that he pled guilty in order not to get the death penalty. So we’re not going to see that case probably come up from any type of appeal because of waiving his rights. But I think that we’ll see definitely other cases as time goes on.


Nila Bala:  Yeah. I’ll just say that it has come up a few times but not really been resolved and certainly just been in lower courts. One interesting case was in November. A Florida judge actually allowed all of GEDmatch to be searched, even those profiles who hadn’t necessarily opted in to wanting law enforcement to be able to see their profiles. So there’s definitely some interesting cases where the state has wanted to expand the use of this technology or use it in a way that currently GEDmatch doesn’t allow.


GEDmatch was recently, I should also mention, acquired by a company called Verogen. This was I want to say in December of last year. And Verogen has been in the business of working directly with law enforcement even before acquiring GEDmatch. So if anything, I would see -- I would guess and anticipate that we’ll see even more collaboration between some of these private companies and the law enforcement groups because, now, GEDmatch is owned by a company that has very specifically said publicly that they believe this technology can and should be used in this way.


Nick Marr:  Interesting. Okay. Now, for the audience, we’ll open it up for audience questions here in a second. In order to do that, we’ll all hear a prompt in a moment indicating that the floor mode has been turned on. After that, to request the floor, please press star and then pound on your telephone keypad. Again, that’s star and then pound on your telephone keypad to request the floor. We’ll answer questions -- take the questions in the order in which they’re received.


To give our audience a minute to line up here with any questions they might have, I’ll ask another question. And it’s a little bit outside the scope, so you don’t have to take it. But I see some similarities between this, what we’re talking about with law enforcement company cooperation, and the kind of issue that came up a few years ago with Apple and a terrorist investigation and how the DOJ has been handling that. So I don’t know if either of you want to speak about kind of the similarities. Maybe this whole body of law might kind of develop in a similar way or a different way based on differences.


Arthur Rizer:  Yeah. So I’ve written a little bit about that situation with Apple. And it quickly became just a pissing match between the FBI and Apple over whether or not they were going to unlock phones or whatever. I think a couple of things are important in that case is that, one, Apple actually sent engineers out to help, in San Bernardino, with unlocking that phone. They were trying to help.


What Apple was not willing to do was create backdoors in their software in order to make it easy for the government to do. So yeah. There were similarities in the sense that there’s this intersection between privacy, law enforcement, and safety. But Apple, since then, has been actively resisting the government pressure in order to create backdoors and such. So similarities but pretty different in the sense of how the companies have responded.


Nick Marr:  Interesting. Again --


Nila Bala:  Yeah. I agree with Arthur on that. Sorry, go ahead.


Nick Marr:  Oh, I was just going to give another announcement to our audience. We don’t have any questions in the queue right now, so wide open if you press star and then pound on your telephone keypad. You could get right to the front here. Oh, and we have one now.


Caller 1:  Hi, I just wondered -- I didn’t hear anyone talking so much about the differences between testimonial and sort of non-testimonial evidence. You brought up the cellphone, which has a lot of sort of personal data, which is not like a fingerprint. It’s sort of things you said or did, which that seems to be quite different. Whereas the DNA evidence seems much more like a fingerprint, something that isn’t your private information in the sense of your thoughts or your actions. It’s just something that’s unique to you as a person. I wondered if you could talk a little bit about that. Thanks.


Arthur Rizer:  Yeah. So what this gentleman is talking about is, if something’s testimonial, meaning that it has to come from your brain in essence, there has been a higher standard placed upon the government’s ability to get that, to the point of there are even some First  Amendment cases that say that you’re not only breaching the Fourth Amendment but you’re breaching the First Amendment when you start to reach into people’s minds and such. But DNA evidence has been clearly ruled not to be testimonial. It is the same as fingerprints in the sense that it is something the government gathers from you.


The interesting thing is that before some of these cases, because it’s something the government would grab from you, like blood from a car accident or whatever, they have been -- the courts have been usually more protective because it was actually taking something from your body. But that seems -- after the Maryland v. King case it seems that that’s kind of fallen by the wayside. They truly are looking at this. If you are arrested, they’re allowed to take this from you.


When it comes to actually invading your body in some way, like taking blood or something, there is a higher threshold in those cases. But that’s a great observation that this is not considered testimonial in a sense that you are giving something up that comes from your inner mind.


Nick Marr:  Nila, anything to add?


Nila Bala:  No, I think Arthur pretty much covered it. I will say one interesting thing that differentiates fingerprints from DNA is that, with fingerprints, at least you know generally when you’re touching something and you’re leaving it behind. But with DNA, you can discard DNA from your skin and from your hair without even knowing. So that’s one argument scholars have made that we should be even more protective of DNA and genetic material when compared to fingerprints and the way that people discard it.


But I completely agree with the legal analysis that it wouldn’t be considered testimonial. I don’t think courts have come to that conclusion. So Crawford and the Confrontation Clause and all that probably wouldn’t apply. That being said, I think there have been some attempts, like I mentioned, in lower courts to try to challenge the way that genetic genealogy has been done in particular cases and try to make this argument akin to the Carpenter case that I mentioned earlier that this is not something that was contemplated with the Fourth Amendment.


And yes, on its face there is no warrant requirement for any part of the genetic genealogy process. But maybe there should be because of the large amount of information, the scope of information, the unexpected nature in which this information’s being used. So that argument has been tried I believe in a Virginia court last year. So we’ll see. We’ll see what happens as courts contemplate this and try to take the former Fourth Amendment doctrine in and make it relevant to this scenario.


Nick Marr:  Interesting. Okay. We’ll go to our next caller now. We’ve got two questions in the queue. You have the floor.


Caller 2:  Yeah. Hi, thank you for this discussion. It’s very interesting. I guess I was interested in hearing some comments on Carpenter -- the holding in Carpenter it seems to be -- one of the holdings in Carpenter that says that when looking at Fourth Amendment rights and privacy rights that the Court was going to look at whether or not a fundamental balance between the individual and government would be altered by new technology, and they were going to say we’re going to judge new technologies by not altering that balance that existed at the time of the Founding. I’m wondering if you think that might be some kind of guide to answering some of these genetic privacy question.


And secondly, as far as GEDmatch and consent goes, it seems to me that, unless you uploaded your own personal genetic data to those databases, there is no consent by a third party or a family member. And how does that play into your thoughts on this Fourth Amendment analysis?


Arthur Rizer:  I’ll take a first stab at it. I think -- great question. I think the first thing I’ll say is one of the big differences between this and Carpenter and such is Carpenter really revolved around what the government had to do to get a warrant. And what they’re doing in these cases, they’re building a case in order to get a warrant.


And it’s clear there’s so much precedent out there whether you like it or not -- the agents -- I was a federal prosecutor. I would send agents out all the time to go pick up garbage. They hated it, but they did it because we needed it. And we mainly looking for paraphernalia as related to drug dispersions.


So what happens here is they actually still go get a warrant, so that does short-circuit that analysis a little bit. So you’d have to go further back in time, and the question would be when is a warrant necessary? When would you have to get a warrant? And we -- if we’re thinking about this as fingerprinting, we run fingerprints through databases all the time. So if it’s a little messier than a straight analysis, it gets a little more complex. And that’s my comments on that, but good question.


Nila Bala:  Yeah. No, it’s a great question. And I think the language and sort of the dicta that you’re pointing to in Carpenter does signal that the Court might be willing to think about the third party consent doctrine, essentially the fact that if you share something with a third party, you’ve lost your rights to privacy over it in a different way. The Court did say in Carpenter that the unique nature of cellphone location records means that just because the information is held by a third party does not overcome the user’s claim to Fourth Amendment protection because they do have a legitimate expectation of privacy in these weeks and weeks of physical movements.


So even when a user does upload their information to this third party, in this case GEDmatch, does it overcome their claim to all Fourth Amendment protections when that information is used in a different way, in an unexpected way and given, again, just the scope of DNA itself? I mean, that’s the question, right? So I think you’re right to ask it. It’s the same argument that -- I mentioned that Virginia case that happened. It’s the same argument that the defense attorneys tried to make in that Virginia case.


This was Jesse -- and I don’t know how to say his last name -- the defendant’s last name. I think its Bjerke, B-J-E-R-K-E in case you want to look it up. It’s a 2016 rape case where they used a public genealogy database to track him down as the suspect. And the judge rejected this Carpenter-esque argument saying that a warrant should be needed or some third-party process should be needed to review the fact that his DNA was obtained and used and kind of went back to our normal Fourth Amendment doctrine that, hey, he abandoned his DNA, and so the police’s use of it did not reveal any private or personal information other than his identity as a suspect in this case.


So far, as we’ve seen, courts have not been willing to kind of make the analogy and make the argument. And I think your point that you brought up that, hey, there are these fourth parties essentially who really haven’t consented to this use of their DNA is a really good one. And to me -- Arthur was the prosecutor and a former law enforcement officer. And I didn’t mention this at the onset of the call, but my background is as a former public defender. So my inclination is to say, well, it really would be important to have some sort of magistrate or judge process throughout this sort of three-step process that I described in the beginning of how genetic genealogy works and make sure that we’re comfortable with the way law enforcement is doing it.


And there’s so many little things that if we could have some oversight or some guidelines it could really make a big difference. And I’ll give you one really quick example. When you go on GEDmatch, you have a choice of four different options as to how you want your profile to be viewed: whether you want it for private use only where it would function essentially as a one-way mirror -- like you could lookout and see if you get any matches but nobody could see you. And right now, there isn’t a rule that law enforcement has to check that box. The other three boxes are for research use, for public use but opt out of law enforcement, and for public use opt in to law enforcement.


And so if law enforcement chooses the fourth option, the public use opt in, then that means everyone else on GEDmatch can see that person’s profile and also make connections to all their family members. And they haven’t necessarily consented to that, right, because they’re not even the ones who have uploaded their own information. So there’s like small things like that where I think if we had guidelines it could really make a big difference in helping to protect fourth parties that you mentioned in your question.


Nick Marr:  Okay. Great. We’ve got one question left, and then we’ll try to wrap it up here. We’re coming up on 3:30, so we’ll go to our final questioner.


Caller 3:  Thank you very much. I really appreciate the questioner before me and Nila’s answer because you knocked out 95 percent of my questions with the two. I’m curious, though, because Arthur said that he felt fingerprinting was very, very similar to this. And I would argue on the other side and say that it’s completely different.


Because in the fingerprint situation, you’ve already got the permission, and you’ve uploaded it into a database similar to CODIS. In this case, that’s not what’s happened. You have fourth parties that have come in and put it into a database, and then law enforcement are now matching against that database without consent. And I think Carpenter strongly suggested that when Carpenter actually gave consent with his phone that CSLI theoretically was authorized. However, because it was held by a third party and Carpenter didn’t like it that that was covered under the Fourth Amendment because there was so much data that could be available so that there was a cause.


In this case, there’s an awful lot there, plus you don’t have a consent. Can you both address that? It seems to me that the Golden State Killer could have actually easily gotten off, I guess, if he had not pled guilty just based on that.


Arthur Rizer:  Yeah. I would say that’s -- I’m sure everybody here who’s a defense attorney and prosecutor can attest that we like to think that justice is blind and justice reigns in this vacuum. But in reality, I don’t agree with that last statement. I think that the heinousness of this crime I think kind of set the tone for how this was going to be treated. That’s just my personal opinion. The world will never know.


But what I was saying is that I think that the way that the courts so far have been analyzing this is through the fingerprinting regime. I personally believe that this is different, and that’s why I think legislatures need to quickly start to talk about what the differences is and how we need to view those differences because your absolutely right. I mean, I think that fingerprinting is the closest thing that we can look to.


However, you’re right. There’s this other person who inputted their data. I mean, the best analogy that I could think of would be the twin who has -- of course, twins don’t have identical fingerprints. So that doesn’t even work. But you get my gist of how your fingerprints can be left without you knowing it or something to that effect, which can’t actually happen.


So that was a bad example. But my point is that this is the way that courts have been looking at this thus far, and I think if we don’t do something -- if the legislative body doesn’t do anything, that’s the way it’s going to keep pushing, especially looking at how the Court we have right now is made up.


Nila Bala:  Yeah. I’ll just say that I think the person who asked this question really hit on the heart of the issue. And my personal feeling is that when we’re shaping laws and policies we shouldn’t just look to the most heinous case or the most grave case, the Golden State Killer case in this instance, but we should look to other ways that this technology could be used and fashion something that really balances privacy and safety overall. Because I think after the Golden State Killer case was solved in this manner, you didn’t see a large outcry from privacy advocates or scholars kind of articulating the concerns that the individual who just asked the question articulated because everyone was just glad that this cold case had been solved.


And it really was one of the worst serial killers and rapists that was out there a few decades ago. But the flip side is that we know 80 percent of state dockets are misdemeanors. And right now, this technology is not being used in those cases because there is still a pretty significant cost and process involved. And the way that most local and state governments have used this technology is they don’t have the ability in-house to do the genetic genealogy matching because it’s not just the uploading of the raw DNA, which, by the way, might be just partial.

Like you might just have a fragment of DNA.


So they generally are contracting with a company called Parabon, which does the work of actually putting the DNA, figuring out the matches, creating a family tree the old-fashioned way, and providing law enforcement with some ideas of who the suspect could be. And one of the most famous women who works with Parabon now and worked on the Golden State Killer case, I believe, is CeCe Moore. So if you’re interested in learning more, feel free to Google Parabon and CeCe Moore. You can read lots about it.


But right now we don’t, like you were saying, have any ways to regulate and make sure fourth parties are protected. So my position is not that we should get rid of this technology or not use it. I think it’s incredibly powerful crime fighting technology and crime solving technology. But we just need more guidelines and information. There needs to be more of an educational campaign so that I at least have some awareness as Joe Shmoe on the street that this could happen.


And I think right now most individuals don’t realize that, that their Aunt Betty could be uploading their information essentially to this open source database. And it could result in this kind of thing happening.


So my sort of position is don’t throw it all out. I think it’s powerful. I think if we use it in the right cases with the right guidance we could kind of fashion a middle ground that’s fair and reasonable.


Nick Marr:  Great. Thanks very much. And since we’re almost up on 3:30, I’ll offer a chance for any closing remarks that you, Arthur or Nila, might want to offer before we close out this afternoon.


Arthur Rizer:  I have a hard break at 3:30, so I will let Nila have the closing remarks. But I’m just honored to be able to speak and what an engaging topic and great questions. So thank you for letting me speak today. I really appreciate it.


Nick Marr:  Great. Thanks, Arthur.


Nila Bala:  Yes, thank you so much to The Federalist Society and to all the individuals who submitted questions. They really were very thoughtful, and I appreciate that. I’m just hopeful that whether the guidance comes from courts or it comes from state and local legislative bodies that we start to get more guidance and more information about how this technology can be used. I think it’s really exciting and really interesting technology.


And in the last two years since the Golden State Killer case was solved, there have been close to I think 120 cases solved in this way. And every subsequent case has brought up some more interesting and new issues. And I think, like all new technology, it’s something we should not sort of cloak with infallibility that, hey, it’s DNA, and, hey, it’s technology. We should educate ourselves and try to understand it. And I think -- and try to fashion guidelines that really think about the core of the Fourth Amendment and people’s legitimate reasonable expectations of privacy and help balance these two concerns, which will always be concerns in the justice system of privacy and public safety in a way that we, as the American public, feel comfortable and good about. I’ll just leave it with that.


Nick Marr:  Great. On behalf of The Federalist Society, I want to thank you, Nila, and Arthur who had to leave us early, for the benefit of your valuable time and expertise today discussing this issue. And to the audience, thank you for calling in. Thank you for your questions. We welcome listener feedback by email at [email protected]. And keep an eye on our website and your emails for announcements about upcoming Teleforum calls. So thank you all for joining us this afternoon. We are adjourned.




Dean Reuter:  Thank you for listening to this episode of Teleforum, a podcast of The Federalist Society’s practice groups. For more information about The Federalist Society, the practice groups, and to become a Federalist Society member, please visit our website at fedsoc.org