Prosecutors in the Golden State Killer case, which pioneered the use of forensic genealogyJae C. Hong / AP

This summer should have been a triumphant time for genealogy and forensics. It marked a year since a genealogist had helped law enforcement track down the man suspected of being the notorious Golden State Killer, and in the ensuing months genealogists had helped police identify suspects in more than 40 other cases. In June, such work led to its first conviction. In July, the first exoneration.

And yet, it was also a summer of controversy. Police officers were uploading crime-scene DNA to genealogical databases without any formal oversight, and prominent genealogists disagreed bitterly on how far they should be let in. The debate became so toxic that genealogy groups on Facebook banned any discussion of law enforcement. Decades-old accusations—unrelated to genealogy—were dragged up to discredit vocal members. People were blocked. Friendships ended. At a genealogy conference in June, the different sides ignored each other from opposite ends of the bar.

The immediate cause of the fracture was a series of decisions by GEDmatch, the genealogy site best known for helping ID the suspected Golden State Killer. GEDmatch does not offer DNA tests itself, but it allows anyone to upload results from companies such as 23andMe or Ancestry or, as it turns out, forensic labs. At one point, the site secretly allowed police to upload DNA from the scene of a violent assault—following a personal appeal from the detective to one of GEDmatch’s co-founders.

This was in violation of the site’s own terms of service, which restricted law enforcement’s use to cases of homicide and sexual assault. When this decision became public, the backlash was so intense that GEDmatch made an abrupt policy change: All users were now by default excluded from law-enforcement searches unless they explicitly chose to opt in. So few users have opted in their profiles—currently 163,000 out of 1.3 million DNA uploads—GEDmatch has become only marginally useful in many criminal cases.

This single episode managed to inflame the fears of people on all sides of the law-enforcement debate. It showed the flimsiness of privacy protection by terms of service. It showed that police could push to expand the types of crimes investigated. It showed that access to DNA databases, for genealogists on criminal cases, could easily and abruptly be taken away.

But these fears had all been simmering for a long time, too, ever since the Golden State Killer case ripped open the possibility of solving crimes through genealogy.

Genetic genealogists—who use consumer DNA tests to build family trees—had been a close-knit community. Many began as volunteers. The tools they use were created by volunteers. GEDmatch was originally created by volunteers. None of it was meant for criminal investigations. As the genealogist Shannon Christmas puts it, “It was built for finding ancestors. It was built for reuniting families, and now it is being used essentially to get families to put their members in jail.”

Genealogists have suddenly had to contend with the much higher stakes of their work, and genealogy databases have had to make up the rules as they go, scrambling to deal with backlash. “Everybody’s clamoring for guidance—law enforcement, the companies, genealogists,” says Blaine Bettinger, who writes the blog The Genetic Genealogist. The investigations have raced ahead—until very recently—without any guidelines.

Using genealogy to identify a suspect is not so different from, say, looking for the birth parents of an adoptee. The process begins with a DNA sample, uploaded to a database like GEDmatch. In most cases, the only matches will be distant cousins, but skilled genealogists are able to map out family trees by cross-referencing shared bits of DNA with public records, obituaries, and social-media profiles. In criminal cases, law enforcement may also contact family members for information or additional DNA to narrow down possible hits. “There’s a lot of follow-up that has to take place,” says CeCe Moore, the chief genetic genealogist for Parabon NanoLabs, whose team has made about 70 identifications for law enforcement since it formed after the arrest of the Golden State Killer suspect.

Early on, genealogists settled on a tentative status quo for consulting GEDmatch’s consumer DNA profiles in criminal cases: Law enforcement could use the site, but only for homicides and sexual assaults, as spelled out in its new terms of service.

Then, another genealogy site entered the story. In January 2019, BuzzFeed reported that FamilyTreeDNA had quietly changed its terms of service after it began working with the FBI—unbeknownst to any of its customers. Like GEDmatch, FamilyTreeDNA allows users who tested with other companies to upload their DNA profiles. (23andMe and AncestryDNA do not allow uploads of results from other companies, and they have resisted law-enforcement collaboration.)

The news angered some genealogists, not because they objected to law-enforcement use but because the company acted in secret. Over the next several months, FamilyTreeDNA changed its story about how it came to work with the FBI. In March, CEO Bennett Greenspan told Forensic Magazine that he himself did not know how long FBI had been using FamilyTreeDNA. He became aware, he claimed, when the company discovered strangely formatted uploads in late 2018. “When they first started using it? I don’t know,” he said. In August, after the initial furor had settled down, Greenspan admitted to The Wall Street Journal that he had been aware of the FBI’s uploads. In fact, after the bureau approached FamilyTreeDNA about the uploads, he had personally approved them in August 2018.

(The FBI declined to comment. FamilyTreeDNA confirmed the Journal’s reporting, but a spokesperson declined to explain the changing story.)

Meanwhile, FamilyTreeDNA was trying to retrofit a website made for connecting family members to allow for sensitive, criminal investigations. It had to create a way for users to opt out of law-enforcement searches if they wished. (Less than 2 percent have thus far.) It had to change its matching system to prevent suspects—or very close family members—from being tipped off if they matched a crime-scene sample.

Users were also suddenly finding distant matches that seemed to come from crime-scene DNA, based on the username, profile photo, or contact information. In June, for example, a profile showed up on FamilyTreeDNA with the description “rootless hair” from an “unknown victim.” The case turned out to come from Barbara Rae-Venter, the genealogist best known for helping investigators in the Golden State Killer case,  and its appearance on FamilyTreeDNA stirred up speculation. Law-enforcement investigations clearly needed to be more discreet.

In July, FamilyTreeDNA made a series of changes to law-enforcement profiles, restricting profile photos and an “about me” section.  “I should have been more sensitive about the description and how it would be viewed by the FamilyTreeDNA match,” Rae-Venter said in a statement. A spokesperson for FamilyTreeDNA added, “It’s not easy to address new issues head-on, and it requires a commitment to constant reevaluation and refinement of existing policy.”

Meanwhile, FamilyTreeDNA is leaning into law-enforcement work as a business. It released an ad starring Ed Smart—the father of the kidnapping victim Elizabeth Smart—exhorting people to upload their DNA profiles to FamilyTreeDNA to help solve crimes. In August, the company raised its price for law enforcement, from $100 to $700 per DNA-profile upload. And just last week, the company hired Rae-Venter as the director of its new investigative genetic-genealogy team.

In May, news trickled out that GEDmatch had made an exemption to its terms of service, allowing a detective in Utah to upload DNA from a case that was neither a murder nor a sexual assault. The instance followed a similar pattern as with FamilyTreeDNA and the FBI: A personal appeal from law enforcement to one individual running a site. A violation of terms of service. A disclosure only after the fact.

Curtis Rogers, the GEDmatch co-founder who had allowed the upload, says he saw the case as an attempted murder. “I said, ‘Well look, he didn’t kill her but came within inches of it. Okay, I’ll let it go this one time,’” he says. A small but vocal group of genealogists became incensed, though. The uproar got Rogers to make a change he says he had been long considering—opting out every GEDmatch member by default. Of course, that just caused another uproar.

“The community exploded. Things got really, really ugly within hours,” says Margaret Press, a co-founder of the volunteer DNA Doe Project, which uses GEDmatch and FamilyTreeDNA to trace unidentified bodies. GEDmatch’s decision to opt out all users from crime-related searches erased most of the matches for Does the nonprofit was trying to identify, and it’s still hampering the project’s work. The conversations got so heated because GEDmatch had become so indispensable.

Meanwhile, forensic genealogy was turning into a growing business. In addition to Parabon and FamilyTreeDNA, several smaller companies have sprung up to offer lab and genealogy work. “There are a lot of genealogists now hanging out their shingles and offering their services,” says Press. Law-enforcement agencies, for their part, are trying to navigate a world entirely new to them. There are no exams and no credentials specific to forensic genealogy. “It’s extremely difficult for law enforcement to know” about qualifications, says Moore.  

Genealogists also worried that others who break the rules or do not know what they’re doing could spark even more public outcry—and ultimately hurt the field. Earlier this year, genealogists came across a profile on GEDmatch matching an unidentified murder victim known as El Dorado Jane Doe, uploaded using an email address linked to an investigator on a true-crime TV show. The profile—since deleted—was not marked as law enforcement, which meant it could be matched with users who had never opted into law-enforcement matching. This is against GEDmatch’s terms of service, but the site has no automated way to catch these uploads.

For Rogers, who started GEDmatch in retirement and is now 81, the questions about law enforcement have been a big headache. He didn’t get into this field to answer difficult questions balancing about privacy and public safety. He was just interested in family history. “I wish it had never happened,” he says. “I think it’s just a big distraction for genealogy.”

Meanwhile, interest in genealogy from law enforcement has only intensified. At the International Symposium on Human Identification held last week in Palm Springs, California, genealogists were leading sessions and workshops every day. On Tuesday, Ted Hunt, a senior adviser in the Department of Justice, took the stage to announce interim guidelines for federal investigators using genealogy. The guidelines cover a number issues: They restrict the use of genealogy to cases involving violent crimes and attempted violent crimes in which other leads have been exhausted, and require law-enforcement officials to identify themselves as such.

Because these are DOJ guidelines, they only cover federal or federally funded investigations. They do not apply to the vast majority of investigations, conducted by state and local agencies all over the country. Next month, genealogists, bioethics, and direct-to-consumer DNA companies are convening at Cold Spring Harbor Laboratory’s Banbury Center, for a meeting coordinated by Yaniv Erlich, the chief scientific officer of the DNA-testing company MyHeritage, and Amy Lynn McGuire, a bioethicist at Baylor College of Medicine, to discuss the ethics of forensic genealogy.

It’s been a fractious year and a half, but this is still a new field. Figuring out the rules of engagement will take time. As Hunt put it during his talk in Palm Springs, “We’re writing on a blank slate.”

We want to hear what you think about this article. Submit a letter to the editor or write to letters@theatlantic.com.