In Dr. Edge’s paper, he warned that it was possible to create fake profiles to identify people with genetic variants associated with Alzheimer’s and other diseases.
“If something is just a geeky genealogist messing around, there is no concern,” Dr. Larkin said. But it becomes a problem, she said, if users are trying to find people who all share a particular genetic mutation or trait, as Dr. Edge cautioned. Such information could be abused by insurance companies, pharmaceutical companies or others, she said.
The breach also reinforced something that genealogists have been saying for years: Mixing genealogy and law enforcement is messy, even when you try to draw clear lines. Until two years ago, the primary DNA databases that law enforcement used for investigations were maintained by the F.B.I. and the police. That changed with the Golden State Killer case in 2018.
As police departments rushed to reinvestigate cold cases, GEDmatch, which at the time was run by two family history hobbyists as a sort of passion project, tried to serve two audiences: genealogists who simply wanted to trace their family tree and law enforcement officials who wanted to know if a murder or a rapist was hiding in one of its branches. Amid a backlash, GEDmatch changed its policy in May 2019 so that only users who explicitly opted to help law enforcement would show up in police searches. Still, there is little regulation around how the authorities can use GEDmatch and other genealogy databases, so it’s largely up to the companies and their users to police themselves.
And as the breach demonstrated, users’ wishes could be quickly overridden.
For some users, the reason for keeping their profiles private is philosophical. Even if helping law enforcement could mean helping catch a killer, they do not want their genetic information used to incriminate their relatives. Others, like Carolynn ni Lochlainn, a genealogist from Huntington, N.Y., keep their profiles private because they worry the data will be improperly used to arrest innocent people.
“I work with a lot of Black clients and cousins, and I was most angered by the inexcusable risk at which they were placed,” Ms. ni Lochlainn, said.
Colleen Fitzpatrick, the founder of Identifinders International, which applies forensic genealogy techniques toward identifying unclaimed remains and suspects in crimes, oversees a team that relies heavily on GEDmatch.