Timeline of Investigative Genetic Genealogy

This post is updated as events transpire.

This post lists key events in the evolution of “investigative genetic genealogy”, the application of genetic genealogy techniques to criminal investigations.  It is not meant to be a list of “solved” cases (that’s available here) nor a discussion of pros and cons.  Rather, the intent is to track the progression of the field and its impacts on the industry and genetic privacy.  Feel free to suggest additional entries in the comments.


The Timeline

  • 2017 — The DNA Doe Project was founded by Dr Margaret Press and Dr Colleen Fitzpatrick to apply genetic genealogy methods, especially atDNA, to the identification of unknown bodies.
  • 10 April 2018 — The DNA Doe Project identifies the Ohio murder victim “Buckskin Girl” as Marcia L. King from Arkansas.  She had been strangled in 1981.
  • 24 April 2018 — The Golden State Killer, a brutal rapist and murderer who had escaped justice for for more than 30 years, was arrested after Barbara Rae-Venter identified him through genetic genealogy.  Days later it was revealed that GEDmatch database had been used without their knowledge.  Not until December 2020 did the world learn that FamilyTreeDNA’s parent company had collaborated with the FBI as early as 2017 and that Rae-Venter had also used MyHeritage’s database without their knowledge.
  • 1 May 2018 — FamilyTreeDNA’s parent company acknowledged that they had complied with a federal subpoena to identify one of their yDNA customers in March 2017.  Buzzfeed later discovered that the subpoena was related to the Golden State Killer case.
  • 8 May 2018 — Parabon NanoLabs announced a new Genetic Genealogy Service headed by CeCe Moore.  Within 9 days, they had uploaded about 100 DNA profiles to GEDmatch.
  • 24 May 2018 — GEDmatch changed their Terms of Service to specify that investigations of violent crimes, defined as homicide and sexual assault, were allowed, as were law enforcement attempts to identify unknown deceased remains.
  • 7 December 2018 — A man was arrested for burglary in Texas with the help of Parabon.  He has not been accused of a violent crime, meaning that his case apparently violated GEDmatch’s Terms of Service at the time.
  • January 2019 — Melinde Lutz Byrne becomes a Consulting Forensic Genealogist for Bode Technology.
  • 31 January 2019 — We learned that FamilyTreeDNA had granted the FBI access to their database of more than a million customers.  That access began as early as Fall 2018, in contravention of their Terms of Service.  FTDNA changed their Terms of Service in December 2018 to allow law enforcement to use their database, but they failed to notify their customers, as required by that very same contract.
  • 8 February 2019 — Anne Wojcicki, CEO of 23andMe, discusses the slow-down in the market, saying “My hypothesis is that you have some of the effect from Facebook, people concerned about privacy, you had Golden State killer and so people pause.”
  • 15 February 2019 — We learned that FTDNA had formed a financial partnership with Bode Technology for forensic investigations.
  • 12 March 2019 — In response to backlash from the earlier Terms of Service controversy, FTDNA introduced an opt-out system for law-enforcement matching.  However, they automatically opted in the majority of their customers by default.
  • 14 May 2019 — We learned that the owner of GEDmatch had personally granted permission for Parabon to use the database to investigate an assault, although the Terms of Service at the time only allowed homicide and sexual assault investigations.
  • 19 May 2019 — GEDmatch implemented a new opt-in system for law enforcement matching.  All DNA kits were automatically opted out, and users could choose to make their kits available to law enforcement agents. The default setting for new uploads, however, is to be opted in; the description does not state that the kit will be exposed to law enforcement. GEDmatch also expanded their definition of allowable crimes from homicide and sexual assault to “murder, nonnegligent manslaughter, aggravated rape, robbery, or aggravated assault.”
  • 22 June 2019 — Yours truly analyzed database growth and showed that the decline in rate correlates to the publication of the Golden State Killer case.
  • 24 September 2019 — The US Department of Justice issued an interim policy for forensic genetic genealogy investigations that specified such searches could proceed “only in those [genetic genealogy] services that provide explicit notice to their service users and the public that law enforcement may use their service sites to investigate crimes or to identify unidentified human remains” (page 6).
  • 27 September 2019 — FTDNA announced that it had hired Barbara Rae-Venter, who solved the Golden State Killer case, to lead a new in-house Genetic Genealogy Unit.
  • 18 October 2019 — Othram announces a forensic genealogy service for law enforcement.  The team includes Anthony Lukas Redgrave and Lee Bingham Redgrave.
  • 5 November 2019 — We learn that GEDmatch was served and complied with a warrant in June or July to provide matching data for users who had not opted in to law enforcement matching.
  • 7 November 2019 — 23andMe issued a statement saying that they “would use every legal remedy possible” to challenge a warrant were they to be served one.
  • 8 November 2019 — AncestryDNA announced that they would “seek to narrow the scope of any compelled disclosure, or even eliminate it entirely.”
  • 12 November 2019 — Melinde Lutz Byrne becomes the Director of Forensic Genealogy at Bode Technology.
  • 9 December 2019 — GEDmatch announced that they had sold their operations to Verogen, a company that manufactures and sells forensic lab equipment.
  • 22 February 2020 — NBC News reported that Orlando Detective Fields (the same detective behind the GEDMatch warrant) lied to family members in a murder investigation to obtain DNA samples.
  • 19 July 2020 — GEDmatch was hacked, taking the site down and setting the entire database to be available for universal matching, regardless of the users’ settings or applicable law in their home jurisdictions.  Although GEDmatch claimed to have fixed the problem, another privacy breach happened the next day.  On the 21st, MyHeritage users experienced a phishing attempt that may have been related to the GEDmatch hack.
  • 8 December 2020 — Groundbreaking investigative reporting from the Los Angeles Times reveals that FamilyTreeDNA (and/or its parent company) was collaborating with the FBI on the Golden State Killer case as early as 2017 and that the genetic genealogist working on the case uploaded his DNA file to MyHeritage without that company’s knowledge.  His closest match was there.
  • December 2020 — GEDmatch debuted their GEDmatch Pro portal to upload law enforcement (including Doe) cases. Kits uploaded through the portal are then matched to opt-in kits in the main database. The fees charged for uploads have not been publicly disclosed.
  • 7 January 2021 — FamilyTreeDNA and its parent company, Gene by Gene, both merged with a small, Australian pharmacogenetics company called myDNA.  As myDNA has no background in genetic genealogy, what this means for family historians—and for law enforcement applications—is not clear.
  • 11 January 2021 — GEDmatch once again changed their Terms of Service.  Although they claim “Your opt-in and opt-out settings remain unchanged,” they surreptitiously redefined what “opt out” means.  Previously, opt-out kits were not visible to Doe investigations (unidentified bodies); now they are.  Even if the Doe was murdered, these kits are no longer considered violent crime cases under the new Terms of Service.  The slope gets slipperier.
  • 17 January 2021 — (on or about)  Some users from outside the USA reported that DNA kits they had deleted from GEDmatch were back in the system and available to matching.  GEDmatch apparently explained to one user, who’d deleted the kits more than a year ago, “We had an issue with restoring kits from the eu/unknown server recently.”  As of the 19th, the problem seems to be fixed, but GEDmatch has not issued a public explanation or apology.
  • May 2021 — The state of Maryland passed a new law restricting the use of forensic genetic genealogy.

9 thoughts on “Timeline of Investigative Genetic Genealogy”

  1. I don’t know why anyone on this planet thinks they have any privacy in this day and age. My genealogy was progressing. WAS progressing. Our 140+ year old brick wall will likely remain a brick wall. If my mother is identified as a relation to a criminal you can bet your booties I’ll help any way I can. In the meantime our DNA matches are drying up. How can anyone think being on social media is safer than using GEDMatch?

    1. The drying-up of matches is one of my biggest concerns. Trust is a critical element in DNA testing, and if consumers don’t feel that they can trust the industry, they’ll spend their disposable income elsewhere.

  2. Hi,
    I am concerned about this, as well. The Golden State Killer was known as the East Area Rapist in the 70’s and hit very close to home multiple times. He was caught only a mile from my brother’s home. I was happy he was caught, but I still have that ethical dilemma about my invasion of privacy. My dna is on Gedmatch, Ancestry, 23&me, and My Heritage. If I try to remove my dna from Gedmatch, will it still remain in the database for use? I love genealogy and want to continue with my tree, but I just don’t know how to proceed. Any guidance would be appreciated. This is such an ethical dilemma for me.
    Thank you.

    1. The site policy at GEDmatch says “When a registered GEDmatch user deletes or requests deletion of Raw Data, Genealogy Data, and/or profile information, copies of that information stored in an archive copy will be deleted upon storage of an updated archive copy, no later than 30 days after the user request.” In my experience, the kit in the main database is deleted immediately, and this policy says that any backups will be deleted within 30 days. Sadly, I no longer trust that opting out or even setting a kit to research will protect us from warrants.

      As for how to proceed, there’s no one-size-fits-all recommendation. It depends on your level of comfort with “off-label” uses of your data and which companies are most vulnerable. 23andMe and Ancestry are the safest, both because they don’t allow uploads and because they have publicly declared that they will try to limit the scope of any warrant for genetic data. MyHeritage forbids law-enforcement investigations in their database, but I don’t know how they’d stop an unethical investigator from uploading against the Terms of Service. On the other hand, they’re probably not vulnerable to US warrants, given that they’re in Israel.

  3. With no formal chain of custody for consumer-level DNA kits, how could the information be deemed valuable / trustworthy by courts or law enforcement ?

    There is no identification verification for the dna submitted – we can put any name we choose on our file, many use aliases, initial or false/anonymous names.

    And honestly – if my DNA being out there somehow leads to the closure of a case, I am thrilled for that.

    1. Chain of custody comes into play when they do CODIS testing of the suspect. Prior to that, they’re using the exact same techniques proven to work for unknown parentage cases. They don’t need chain of custody for that.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.