Practice with national-level exam (FACT, FACT Plus, NET, CUET, etc.) mocks, learn from structured notes, and get your doubts solved in one place.
The forensic-identification paradigm shift triggered by a single 2018 case: the Golden State Killer case (a 44-year cold serial-murder + serial-rape case solved through genealogical comparison of crime-scene DNA against the GEDmatch direct-to-consumer database, the Joseph James DeAngelo arrest April 2018), the technical workflow (the Verogen ForenSeq Kintelligence kit, the FamilyTreeDNA + GEDmatch + Ancestry + 23andMe consumer database landscape, the genetic genealogist's family-tree reconstruction methodology), the GEDmatch May 2019 policy reversal requiring opt-in consent for law-enforcement queries, and the 2020 to present global casework arc + the UK + Australia + Canada + India policy debates this paradigm has triggered.
Last updated:
On 24 April 2018, retired police officer Joseph James DeAngelo was arrested at his Sacramento home and charged with multiple counts of murder. DeAngelo was identified as the Golden State Killer, a serial offender responsible for at least 13 murders, more than 50 rapes, and over 100 residential burglaries across California between 1974 and 1986. The case had defeated investigators for four decades. The technique that finally cracked it was not a conventional DNA database query. It was investigative genetic genealogy.
Law enforcement had held a full DNA profile of the Golden State Killer since the early 1990s, recovered from biological evidence at crime scenes. That profile had been searched repeatedly against the FBI's Combined DNA Index System (CODIS) and had produced no match. CODIS contains profiles from convicted offenders and arrestees; the Golden State Killer had never been convicted of a qualifying offence. The break came when the crime-scene profile was uploaded to GEDmatch, a publicly accessible genealogy database populated by consumers who had uploaded their own direct-to-consumer (DTC) genetic test results for ancestry research.
The GEDmatch search returned partial matches: individuals who shared enough segments of genetic material with the unknown profile to suggest they were relatives of the unknown person, probably at the level of second or third cousin. From those partial matches, a team of genetic genealogists built family trees, narrowed the candidate pool using conventional genealogical records (birth certificates, census data, obituaries), applied demographic constraints (age, sex, known California residence), and eventually identified a shortlist of one: Joseph James DeAngelo. A discarded coffee cup provided his DNA, confirming the match to the crime-scene profile. The arrest followed.
The Golden State Killer case did not just solve a cold case. It introduced a new forensic identification paradigm and triggered a global policy debate about consent, privacy, and the governance of genealogy databases.
The power of investigative genetic genealogy lies not in a single database hit but in a multi-step analytical process that combines genetic partial-match statistics with traditional genealogical research.
The starting point is a DNA profile from the crime scene. In the Golden State Killer investigation, the technology used was single nucleotide polymorphism (SNP) genotyping, not STR profiling. CODIS profiles are built from 20 STR loci, which are optimised for database matching between forensic samples and reference profiles in the convicted-offender index, but STR profiles are not comparable across consumer DTC databases. Consumer DTC tests (AncestryDNA, 23andMe, MyHeritage, FamilyTreeDNA) genotype hundreds of thousands of SNPs across the genome, producing what is called a raw data file or an array file. Investigative genetic genealogy requires the crime-scene sample to be genotyped for the same SNP array format.
Verogen's ForenSeq Kintelligence kit, launched in 2020, was designed specifically for this purpose: it targets approximately 10,000 SNPs selected to be informative for kinship inference without requiring the full consumer array format. The kit can be run from the same low-quality, degraded samples that are standard in forensic casework. Earlier applications of the technique, including the Golden State Killer case, used modified consumer microarray protocols adapted to work with extracted crime-scene DNA and processed through genome-sequencing or array-typing workflows not originally designed for forensic use.
Once a SNP profile is available, it is uploaded to a genealogy database in the standard GEDCOM or raw-data format. GEDmatch, at the time of the Golden State Killer investigation, was publicly accessible: any profile uploaded would be compared against all other profiles in the database, and results were visible to all users. The system returned a ranked list of matches by estimated degree of relationship, based on the amount of shared DNA across all chromosomes measured in centimorgans (cM). A first-degree relative (parent, sibling, child) shares approximately 2,550 cM; a second-degree relative (grandparent, aunt, half-sibling) shares approximately 1,700 cM; a third-degree relative (first cousin) shares approximately 850 cM. The crime-scene profile's closest matches in GEDmatch were estimated third cousins, meaning they shared a set of great-great-grandparents with the unknown person.
From those third-cousin matches, the genetic genealogist (in the Golden State Killer case, Barbara Rae-Venter, who had previously used the same technique to identify a victim in a 1981 unidentified-remains case) built upward-and-downward family trees: tracing the matched individuals' lineages up to shared common ancestors, then tracing all descendants of those ancestors forward in time to identify anyone who fit the demographic profile of the Golden State Killer (male, Californian, born approximately 1940 to 1950). The tree-building used publicly available genealogical records: US census data, vital records (birth, marriage, death), newspaper obituaries, genealogy databases such as Ancestry.com, and social media profiles. After months of work, the candidate list narrowed to a small number of individuals. DeAngelo, whose age, location, and absence from CODIS matched the profile, emerged as the primary candidate.
The discarded coffee cup is a critical detail. Once DeAngelo was identified as a candidate, investigators did not arrest him on the basis of the genealogical analysis alone. They collected his discarded DNA covertly from a cup he left at a public place, generated a standard forensic STR profile, and confirmed a match against the Golden State Killer crime-scene STR profile before making the arrest. The genealogical analysis was intelligence, not evidence. The forensic confirmation was the evidentiary foundation.
The four major consumer databases were built for ancestry research, not law enforcement. How they handle law-enforcement access has become one of the most consequential policy questions in forensic science.
The four principal consumer genomic databases hold different volumes of data and have adopted different policies on law-enforcement access.
AncestryDNA, operated by Ancestry.com (now privately held, previously NASDAQ: ACOM), held approximately 22 million customers' genetic profiles by 2024, making it the largest consumer genomic database in the world. Ancestry's terms of service and privacy policy have consistently prohibited law-enforcement access to its database without a valid court order (subpoena, search warrant, or court-ordered production). Ancestry does not voluntarily respond to law-enforcement requests and has not made its database available for investigative genetic genealogy searches. Its raw data files are nonetheless widely uploaded to GEDmatch by users who have tested at Ancestry.
23andMe, listed on NASDAQ in 2021 and facing significant financial difficulties by 2024 (filing for Chapter 11 bankruptcy protection in March 2025), held approximately 15 million customer profiles. Its policy mirrored Ancestry's: no voluntary law-enforcement access, production only on receipt of valid legal process. The company's 2023 data breach, which exposed partial genetic data for approximately 7 million customers through credential-stuffing attacks, raised further concerns about the data-security context in which forensic genetic databases operate.
FamilyTreeDNA, operated by Gene by Gene Ltd. (Houston, Texas), held approximately 3 million profiles by 2024. FamilyTreeDNA controversially disclosed in January 2019 that it had been voluntarily cooperating with FBI requests since 2018, allowing law-enforcement queries of its database without customer knowledge or consent. Following public backlash, the company introduced an opt-out mechanism allowing customers to exclude their profiles from law-enforcement matching, and later revised this to an opt-in requirement.
GEDmatch, founded in 2010 by Curtis Rogers and John Olson as a free, openly accessible tool for genealogists to cross-compare results across different testing companies, was the platform used in the Golden State Killer case. At the time, its default setting allowed all uploaded profiles to be matched against all others, including by law-enforcement users who uploaded profiles. By May 2019, GEDmatch's database held approximately 1.2 million profiles.
The Golden State Killer's arrest triggered a consent debate that fundamentally changed how GEDmatch operates, and the platform's subsequent acquisition by a forensic genomics company created a new set of conflicts.
Before the Golden State Killer case became public, law enforcement had been using GEDmatch's open database without the knowledge of GEDmatch's founders or most of its users. The arrest announcement in April 2018 disclosed that GEDmatch had been the discovery mechanism, prompting an immediate reaction from the genealogy community and privacy advocates.
The core consent objection was that GEDmatch users had uploaded their profiles to find relatives and understand their ancestry, not to contribute to a forensic database. When a user uploads their profile, they expose not just their own genetic information but information about every biological relative, including those who never consented to any genetic testing at all. A third-cousin match exposes the shared great-great-grandparents' lineage and all descendants of that lineage: potentially hundreds of living relatives who never chose to participate.
In May 2019, GEDmatch changed its default policy from opt-out to opt-in for law-enforcement matching. Under the new policy, a profile was accessible for law-enforcement queries only if the owner had affirmatively opted in to that use. This reduced the database available to law enforcement from approximately 1.2 million profiles to approximately 185,000 profiles within weeks, a reduction of about 85 per cent. The practical impact on investigative genetic genealogy was significant: the probability of finding a partial match at the third-cousin level in a database of 185,000 is substantially lower than in a database of 1.2 million.
In December 2019, GEDmatch was acquired by Verogen, Inc., a San Diego-based company that had been founded in 2017 as a spin-off from Illumina with a specific focus on forensic genomics, producing the ForenSeq suite of sequencing kits used in forensic DNA laboratories. Verogen's acquisition of GEDmatch created a vertically integrated pathway from forensic sample genotyping (ForenSeq Kintelligence) to database search (GEDmatch) within a single commercial entity, raising governance questions that had not existed when GEDmatch was an independent, volunteer-run genealogy tool. The opt-in policy was retained following the acquisition. In 2023, Verogen was itself acquired by QIAGEN, a global life sciences company.
What began in California in 2018 has spread to cold-case units across the English-speaking world, with each jurisdiction developing its own consent and legality framework.
The success of the Golden State Killer case immediately prompted law-enforcement agencies in the United States to apply investigative genetic genealogy to other cold cases. By 2024, the Parabon NanoLabs Snapshot Investigative Genetic Genealogy service, which became the primary commercial provider of IGG casework after the Golden State Killer case, reported having contributed to more than 300 solved violent crime cold cases in the United States, including the 1979 murder of Cathy Cesnik (a victim later connected to the Netflix documentary "The Keepers") and a series of unsolved rape-murders dating to the 1970s and 1980s across multiple states.
In Australia, Queensland Police announced in 2020 that it would seek approval to use investigative genetic genealogy for a small number of priority cold cases, with oversight from the Office of the Information Commissioner and a requirement for ministerial approval in each case. The Australian Institute of Criminology published a research paper in 2022 examining the legal framework and concluding that existing Australian law did not clearly prohibit IGG but that specific legislative authority would be preferable to relying on existing judicial interpretations of search powers.
In the United Kingdom, the Forensic Science Regulator published initial guidance on investigative genetic genealogy in 2023, noting that the technique could potentially be used in serious crime investigations but that it would require a careful legal framework. The Human Tissue Act 2004 and associated regulations govern forensic DNA analysis, and the Biometrics Commissioner has oversight of DNA database use. The National DNA Database (NDNAD) contains profiles from individuals arrested for recordable offences, but IGG by definition involves searching outside NDNAD. The Home Office commissioned a review of the legal framework in 2024.
In Canada, the Privacy Commissioner of Canada published a guidance note in 2022 acknowledging that Canadian law enforcement had begun to explore IGG but that its use raised significant issues under the Privacy Act and PIPEDA (Personal Information Protection and Electronic Documents Act). No specific IGG legislation had been enacted by 2025.
In India, the DNA Technology (Use and Regulation) Bill, which had been introduced in the Lok Sabha in 2019 but not passed into law by 2025, would establish a statutory framework for DNA profiling in criminal investigations. The Bill's provisions focus on STR-based national DNA databases rather than SNP-based genealogy search, and it does not address investigative genetic genealogy specifically. However, the Bharatiya Sakshya Adhiniyam 2023's broad admissibility provisions for scientific evidence would likely permit a court to receive IGG-derived evidence if the methodology could be validated and the expert's credentials established.
| Jurisdiction | IGG legal status (2025) | Database governance | Oversight mechanism |
|---|---|---|---|
| United States (federal) | Permitted for violent crimes with FBI approval under DOJ 2021 policy | GEDmatch (opt-in), FamilyTreeDNA (opt-in), no mandatory national framework | DOJ policy; Maryland and Utah state statutes; CODIS rules separate |
| United Kingdom | No specific statute; FSR 2023 guidance pending legislative framework | GEDmatch accessible; NDNAD is STR-only; no IGG database framework | Forensic Science Regulator; Biometrics Commissioner; Home Office review |
| Australia | No specific statute; ministerial approval required per case in Queensland | GEDmatch accessible; no national IGG database policy | State and territory information commissioners; AISC oversight |
| Canada |
The deepest ethical problem in investigative genetic genealogy is that it makes every person who has ever tested a de facto participant in a forensic database, without their knowledge.
The consent problem in investigative genetic genealogy is structural. When a person tests with a consumer DTC company and uploads their raw data to GEDmatch (or FamilyTreeDNA), they expose genetic information about all of their biological relatives, including relatives who have never consented to any genetic testing. A person sharing third-cousin-level DNA with the unknown crime-scene profile shares common ancestors with that profile, and those common ancestors had many other descendants, all of whom are affected by the search without their knowledge or consent.
Researchers at the University of California San Francisco (Erlich et al., Science 2018) estimated that, given the population coverage of US DTC databases by 2017 to 2018, approximately 60 per cent of US individuals of Northern European descent had at least one identifiable third-cousin or closer match in consumer databases, and that a query against a database of 1.3 million individuals would have a 90 per cent probability of returning a third-degree relative or closer. At current database sizes and growth rates, effective universal coverage of the US white population may have been achieved, meaning that for most crime scenes where the offender is of Northern European ancestry, a genealogical path to identification likely exists in consumer databases.
The European Union's General Data Protection Regulation (GDPR) classifies genetic data as a special category of personal data (Article 9), subject to enhanced protections. Processing genetic data for law enforcement purposes requires a specific legal basis under Article 10, which in practice means a specific provision in national law. Germany's Strafprozessordnung provides such a basis for conventional forensic DNA analysis but does not explicitly address IGG. The European Data Protection Board has not yet issued specific guidance on IGG.
India's Digital Personal Data Protection Act 2023 classifies genetic data as sensitive personal data under the draft Data Protection Rules (expected in 2025). Its processing for any purpose requires specific consent, and the law-enforcement exemptions in the Act are narrowly defined. Without specific legislation, IGG-based evidence in Indian criminal proceedings would face significant data-protection challenges even where a court was otherwise willing to admit it under the Bharatiya Sakshya Adhiniyam 2023.
Investigative genetic genealogy is a powerful investigative intelligence tool, not a primary forensic identification technique, and treating it as the latter has led to wrongful scrutiny of innocent individuals.
The most important operational distinction in investigative genetic genealogy is between identification and confirmation. IGG narrows an investigative candidate pool; it does not establish identity. The Golden State Killer's arrest was made possible by IGG, but the evidentiary basis for arrest and prosecution was the conventional STR match between the discarded coffee cup sample and the crime-scene profile. IGG produced a name; conventional forensic DNA produced the proof.
This distinction matters because IGG can produce false leads. Family trees contain errors: incorrect paternity attributions, undisclosed adoptions, donor-conceived individuals, and data entry mistakes in genealogical records all introduce errors into the tree-building process. A genetic genealogist who incorrectly builds a branch of a family tree because a genealogical record is wrong, or because a reported relationship is not the biological relationship, can direct investigators toward an innocent person. At least one publicly reported case (the 2018 investigation of William Earl Talbott II for the 1987 murder of a Canadian couple, a case that did result in conviction) involved initial scrutiny of the suspect's relatives before the correct branch was identified.
Quality assurance in IGG requires that genetic genealogists document their tree-building methodology, record the sources used for each generational step, apply demographic constraints systematically, and acknowledge uncertainty at each branch where the genealogical record is incomplete. Professional organisations including the International Society of Genetic Genealogy (ISOGG) and the Association of Professional Genealogists have developed codes of conduct for forensic genealogy work. The DNA Saves Lives Protecting America Act framework in the United States requires that laboratories conducting IGG hold AABB or equivalent accreditation and that genetic genealogists meet defined competency standards.
The Golden State Killer was identified through investigative genetic genealogy because:
Test yourself on Fingerprint Sciences with free, timed mocks.
Practice Fingerprint Sciences questions| No specific statute; Privacy Commissioner guidance notes concerns |
| No Canadian genealogy database policy |
| Privacy Commissioner of Canada; PIPEDA framework |
| India | No statute; DNA Technology Bill not enacted; BSA 2023 broad admissibility | No Indian consumer genealogy database of scale; international databases technically accessible | Court-by-court admissibility assessment; NABL accreditation framework does not address IGG |