William & Mary Law Review


Hillary L. Kody


In April 2018, police officers arrested Joseph James DeAngelo. DeAngelo, the officers claimed, was the “Golden State Killer,” a man who committed dozens of murders and over fifty sexual assaults in California in the 1970s and 1980s. The Golden State Killer had long eluded police, even though his DNA profile linked him to dozens of violent crimes. While law enforcement officials from several jurisdictions in California had collected his DNA from crime scenes, the Golden State Killer’s crimes predated modern DNA analysis. Police found little use for the profile without a suspect’s profile to compare to it.

Nearly forty years later, the break in the case that ultimately implicated DeAngelo came when officers ran the Golden State Killer’s DNA profile through an online genealogical DNA database, GEDMatch, and located a familial match—one of DeAngelo’s third cousins. Police traced DeAngelo through his family tree, eventually narrowing in on DeAngelo specifically. Police then obtained DeAngelo’s actual DNA sample by search warrant, and confirmed that DeAngelo and the Golden State Killer are one and the same.

DeAngelo’s apprehension and subsequent examples of police using similar tactics to solve cold cases—including the NorCal Rapist—spurred a national debate on DNA and privacy. Direct-to-consumer DNA services, such as 23andMe and AncestryDNA, have dramatically expanded in recent years. Over seven million at-home DNA kits were sold in 2017 alone. As of April 2018, more than fifteen million people have undergone direct-to-consumer DNA testing. Some scientists predict that 60 percent of Americans of European descent have a familial match as close as a third cousin in a commercial DNA database.

Based on these statistics and the recent success tracking down the Golden State Killer and NorCal Rapist, police will likely see third-party DNA and ancestry databases as a valuable resource to assist in closing cold cases. Law enforcement agencies across the country have thousands of unsolved cases involving DNA with no suspect profile to conduct a comparison. But what are the Fourth Amendment implications of passing a perpetrator’s DNA profile through an ancestry database or compelling a third-party company to do so? Is such a process considered a search or does it otherwise implicate an expectation of privacy sufficient to trigger the warrant requirement of the Fourth Amendment? If this process constitutes a search, could an individual challenge the search of a family member’s DNA profile if it eventually implicates them? This Note will address these questions.

In Part I, this Note will provide an overview of DNA and its use in criminal investigations and prosecutions. Part II will survey both the Supreme Court’s third-party doctrine, including the Court’s recent decision Carpenter v. United States, and the evolution of the Fourth Amendment “standing” doctrine. Part III will compare DNA and cell-site location information, which the Court analyzed in Carpenter, concluding that individuals have an expectation of privacy in their own DNA profile even when shared with a third party. In Part IV, this Note will push the concept of standing, arguing that the nature of DNA—specifically the interconnectedness of DNA among family members—should allow a related individual to challenge the legality of a search of his familial DNA. Part V will address counterarguments.