The arrest of a suspected serial killer and notorious rapist in California using DNA and a public genealogy website has been hailed as a triumph of ingenuity by law enforcement.
But the method used to hunt down the "Golden State Killer" has also raised privacy issues and some ethical concerns.
"What if you become uninsurable because of a genetic test?" said Joseph Turow, a professor at the Annenberg School for Communication at the University of Pennsylvania.
And, he asked, what about your relatives? Could they also be denied health insurance because of a genetic predisposition to some malady?
"DNA is part of a larger issue of 'How do we profile people in the 21st century?'" Turow said. "Face and voice and genes—they are all part of this idea about parts of the human body as identifiers."
Joseph James DeAngelo, 72, a former policeman, was arrested outside his California home last week after investigators tracked him down by plugging crime scene DNA into an open-source genealogy database.
They found a DNA match with distant ancestors, traced the family tree to DeAngelo and arrested him after collecting his DNA from a "discarded item."
It was the culmination of a 40-year manhunt for the man blamed for 12 murders and more than 50 rapes between 1976 and 1986 in central, northern and southern California.
The FBI maintains a database containing the DNA of millions of convicted criminals, but DeAngelo did not have a felony conviction and his DNA was not on file—forcing the police to turn to public genealogy sites to find a match.
Finding a balance
The collection of intimate personal data is by no means restricted to genealogy services such as Ancestry.com, 23andMe or GEDmatch, the one used to track down DeAngelo.
Amazon, Facebook, Google and other companies also collect vast amounts of private information about their millions of users.
Michael Copps, who served as a commissioner on the Federal Communications Commission (FCC) from 2001-2011, said a "privacy framework that gives consumers control over their own data" is needed.
"For years, companies have failed to adequately protect our personal data, and our weak privacy laws have paved the way for this to happen," Copps said in an article in USA Today.
"It's high time to put consumer privacy ahead of corporate greed," Copps said. "Companies across the board must be required to get express consent from their users prior to sharing their data."
Many companies require a court order before handing over information about their users to the authorities.
GEDmatch, following the arrest of DeAngelo, said it had not been aware that investigators were using the site to try to track him down.
It also noted that its policy statement says it is "unable to guarantee that users will not find other uses" for the DNA uploaded to the site.
Ken Birman, a professor in the computer science department at Cornell University, said the answer is finding a balance between privacy and the needs of law enforcement.
"On the one hand, we absolutely must defend against criminals and terrorists," Birman said.
"And this means that law enforcement should have legal ways to take full advantage of the technical tools that exist, including DNA databases of all kinds.
"But at the same time, we also need to protect ourselves against abuse by individuals or companies that might seek to misuse personal data in ways that could harm us as individuals, or even through things that can be learned about our relatives," he said.
Like Turow, Birman said consequences could include "unfair health insurance pricing, discrimination in the workplace, or other kinds of intrusive behaviors."
"At the end of the day, what I think we can all see is that there needs to be a balance between the right to privacy," he said, "versus the societal need to protect the social fabric."
"Where threats to safety arise, that has to include a way to give law enforcement the tools to track down violent killers and rapists like the Golden State Killer," he added.
Birman said the way surveillance of telephone calls is handled by law enforcement could provide a model.
"We solved this by appointing judges to keep an eye on the police," he said. "Those judges don't allow law enforcement to violate privacy without a good reason.
"But with 'probable cause,' the police actually can carry out wiretaps, plant bugs, monitor our emails, track us as we move around, or even compare our DNA with DNA from crime victims," he said.
"This is a good model, and one that has worked for decades, and we need to extend it to cover all the new technologies too," Birman said.
Explore further: Genealogy site didn't know it was used to seek serial killer