In a fit of anger, William Leslie Arnold murdered his parents in 1958 in Nebraska. He escaped jail in 1967, was never caught, and died a free man in 2010 under the alias John Vincent Damon. His story was only recently uncovered by a US marshal using forensic genetic genealogy (FGG).
How this case was solved is fascinating, because the US marshal did not have a sample of Arnold/Damon’s DNA. Instead, he asked Arnold’s brother, James, to provide a one, apparently driving 5 hours to obtain it himself. Two years later, Arnold/Damon’s son tested for genealogical purposes and matched James Arnold as a nephew.
This seeming success story belies a host of ethical and legal problems, with this case in particular and with FGG more broadly. That’s because (1) this case was not eligible for an FGG investigation, (2) it was apparently solved in a database that forbids forensic cases, and (3) this “back door” into unauthorized databases may be common practice.
This Case Did Not Qualify for Forensic Genetic Genealogy
Unquestionably, FGG has the power to do great good by bringing violent criminals to justice and making us all safer. It also poses serious privacy risks. For that reason, the US Department of Justice published an interim policy in 2019 outlining when and how FGG can be used in the United States.
The document states (pp 4–5; footnotes as in the original):
Investigative agencies may initiate the process of considering the use of FGGS when a case involves an unsolved violent crime15 and the candidate forensic sample16 is from a putative perpetrator,17 or when a case involves what is reasonably believed by investigators to be the unidentified remains of a suspected homicide victim (‘unidentified human remains’). In addition, the prosecutor, as defined in footnote twenty of this interim policy, may authorize the investigative use of FGGS for violent crimes or attempts to commit violent crimes other than homicide or sexual offenses (while observing and complying with all requirements of this interim policy) when the circumstances surrounding the criminal act(s) present a substantial and ongoing threat to public safety or national security. Before an investigative agency may attempt to use FGGS, the forensic profile derived from the candidate forensic sample must have been uploaded to CODIS, and subsequent CODIS searches must have failed to produce a probative and confirmed DNA match.
Let’s parse those requirements.
- The DoJ defines violent crime as “any homicide or sex crime, including a homicide investigation during which FGGS is used in an attempt to identify the remains of a suspected homicide victim” (footnote 15). This was not an unsolved violent crime; the murder was solved in 1958. This was a jailbreak. The DoJ policy does not allow FGG for jailbreaks.
- The same footnote goes on to state that an unsolved violent crime “also includes other serious crimes and criminal offenses designated by a [genetic genealogy] service for which investigative use of its service by law enforcement has been authorized by that service.” The three largest genetic genealogy databases expressly forbid law enforcement using their services. (See below.) Even the databases that permit forensic uses do not allow for non-violent jailbreak investigations.
- This case did not “present a substantial and ongoing threat to public safety or national security.” Arnold escaped more than five decades ago and lived a quiet life afterwards. He’s been dead for more than a decade. He posed no threat.
- The candidate forensic sample in this case was not from the putative perpetrator. It was from his brother, who was innocent.
- The forensic profile from the perpetrator’s sample was not uploaded to CODIS before the attempt to use FGG, because the forensic profile did not exist.
The US Marshals Service is a division within the Department of Justice and thus subject to the FGG policy. The policy was in full effect when the marshal took over the case in 2020. This case should never have used forensic genetic genealogy in the first place.
This Case Apparently Used an Unauthorized Database
The US Marshal Service hasn’t disclosed which genealogy database they used, but it’s clear from context that the database did not permit FGG. Why do I say this?
First, The Guardian writes, “According to CeCe Moore, genetic genealogist at Parabon Nanolabs, the case is unusual in the sense that law enforcement … are not usually able to access large, commercial genealogy services.”
They were not usually able to access the database(s), but apparently they did this time.
The Guardian also writes:
The big three commercial genealogy databases – AncestryDNA, 23andMe and MyHeritage – do not permit law enforcement to put crime scene or unidentified remains DNA into their system under their terms of service. But if a family member – in this case Arnold’s brother – permits it, a search run through the 40m DNA signatures in the commercial database can return a “hit” in hours.”
There is no single genetic genealogy database with 40 million DNA signatures, but when you add up the sizes of the big three (23+ million, 13+ million, and 7+ million, respectively), you get a little more than 40 million. GEDmatch and FamilyTreeDNA, which both collaborate with law enforcement, have fewer than 2 million users each. Again, context suggests the marshal used one or more databases that does not permit FGG.
If I had to guess, I’d say they used all three. AncestryDNA has the largest database by far, with the best tools for identifying unknown family. 23andMe is the second largest and, as a health company, often has matches the other companies don’t. Uploading to MyHeritage is a cost-effective way of finding even more unique matches. Plus, the latter two have some features that AncestryDNA does not. If I were working this case and were willing to skirt the rules, that’s what I would do.
Finally, The Guardian quotes Moore saying “What makes this case unique is they’re using a living person’s DNA to fish for this escapee or his family through shared DNA … There was nothing to stop them using the large databases because the younger brother was willing to put his DNA in the databases and allowing law enforcement to access them.”
Except one thing stopping them was the DoJ policy. As we’ve already seen, this case was not eligible for FGG because it violated multiple stipulations.
Another thing stopping them is the policies of the big three databases.
- Ancestry: “To provide our Users with the greatest protection under the law, we … do not allow law enforcement to use Ancestry’s services to investigate crimes or to identify human remains.”
- 23andMe: “By using the Services or creating an account, you represent, warrant and agree that: …. You will not use the Services for any investigative forensic genealogy uses.”
- MyHeritage: “Using the DNA Services for law enforcement purposes, forensic examinations, criminal investigations, “cold case” investigations, identification of unknown deceased people, location of relatives of deceased people using cadaver DNA, and/or all similar purposes, is strictly prohibited.”
None of these terms have an “unless the younger brother is willing” exception. FGG was not allowed in these databases. Period.
This Is the Tip of the Iceberg
Recently, someone—I’ll call them “Pat”—on Facebook asked about an email they’d received from a genealogist with Othram asking “to share your AncestryDNA matches with me” for a forensic case. The email said, “You might have also been contacted by the previous research teams about this case. You are a distant DNA match on FamilyTree DNA (sic) to an unidentified remains case that I am working on.”
(I am not sharing the screenshot or linking to the original post to protect “Pat’s” privacy. Select quotes are shared here under the fair use doctrine of US copyright law for the purposes of criticism, comment, and reporting.)
Recall that AncestryDNA does “not allow law enforcement to use Ancestry’s services to investigate crimes or to identify human remains.” There is no “unless someone else gives you access” clause.
Asking for access to AncestryDNA match lists appears to be standard practice; the genealogist assumed that colleagues had already contacted “Pat.” We have every reason to believe that Parabon does this, too, as their lead genealogist claims “There was nothing to stop them using the large databases” this way. (See above.)
This, too, violates the DoJ policy, which requires that “Investigative agencies shall identify themselves as law enforcement to [genetic genealogy] services and enter and search FGG profiles only in those [genetic genealogy] services that provide explicit notice to their service users and the public that law enforcement may use their service sites to investigate crimes or to identify unidentified human remains.” (p. 6) Per the DoJ policy, FGG profiles include reference samples (footnote 11), which are samples from known sources (footnote 7). “Pat’s” kit would thus serve as a reference sample.
One could argue that Othram and Parabon are private corporations acting on behalf of law enforcement rather than law enforcement per se and therefore not subject to the DoJ policy or the database terms. What a dangerous precedent to set! By that logic, law enforcement can get around all of the strictures associated with FGG (or anything else, for that matter) by simply subcontracting the dirty work to for-profit companies.
How did Othram’s genealogists know that “Pat” was in AncestryDNA’s database in the first place? Is FamilyTreeDNA telling FGG practitioners where their regular customers originally tested? Or did Othram have access to other kits at AncestryDNA that led them to “Pat?”
We Need to Hear From the Big Three
At the moment, more than 40 million unsuspecting customers in the big three databases are being exposed to forensic investigations without their knowledge or consent. That needs to change. I’ve reached out to all three companies for comment and will post their replies here.
I asked AncestryDNA to confirm whether law enforcement and/or their subcontractors are violating the Terms of Service. Their response was: “Ancestry is not a public DNA database; we do not voluntarily cooperate with law enforcement and are not involved with these cases. We take any allegation of a user’s misconduct on our platform seriously.” That speaks more to the wordsmith skills of their corporate lawyers than transparency. While I applaud the proper use of a semicolon, I would prefer that they answer my question and take action to protect their 23 million users.
23andMe’s response was equally vague. “Regarding law enforcement, respect for customer privacy is paramount at 23andMe. As such, we do not work with law enforcement agencies. More specifically, 23andMe will exercise any available legal measures to object to a law enforcement request. To date, we have not released any individual user data to law enforcement.” They have not responded to a follow-up question about law enforcement using their database without asking.
Updates to This Post
- 24 May 2023 — added response from 23andMe