The untold story of how the Golden State Killer was found: A covert operation and private DNA

Investigators used covert searches of private DNA-tracing companies to track down relatives of the killer


By Paige St. John
Los Angeles Times

SACRAMENTO, Calif. — The dramatic arrest in 2018 of Joseph James DeAngelo Jr. was all the more astounding because of how detectives said they caught the elusive Golden State Killer — by harnessing genetic technology already in use by millions of consumers to trace their family trees.

But the DNA-matching effort that caught one of America’s most notorious serial killers was more extensive than previously disclosed and involved covert searches of private DNA housed by two for-profit companies despite privacy policies, according to interviews and court discovery records accessed by the Los Angeles Times.

Defendant Joseph James DeAngelo looks on in the courtroom during the third day of victim impact statements at the Gordon D. Schaber Sacramento County Courthouse on Aug. 20, 2020, in Sacramento, California.
Defendant Joseph James DeAngelo looks on in the courtroom during the third day of victim impact statements at the Gordon D. Schaber Sacramento County Courthouse on Aug. 20, 2020, in Sacramento, California. (Santiago Mejia/POOL/AFP via Getty Images/TNS)

The revelations are likely to heighten debate about genetic privacy and the self-policing models of testing companies, as well as law enforcement access.

The original version of events omitted not only the involvement of private databases, but also the access to sensitive information the companies had told users law enforcement could see only if “required” or presented with a “lawful request.”

One prosecutor described the public understanding of the arrest as a “false impression,” according to a letter the prosecutor wrote to the FBI.

Investigators and prosecutors said the investigation relied on genetic information voluntarily made public, though with little reason to suspect it might incriminate members of their families in crimes. The actual investigation was broader and more invasive, conducted without a warrant, and appeared to violate the privacy policy of at least one DNA company.

When DeAngelo was arrested, prosecutors would say only that they had used family tree searches to find relatives of the killer and, from there, identified DeAngelo. Shortly after, a detective confirmed the investigative team had uploaded semen from a rape kit to develop a fresh DNA profile that was then uploaded to GEDmatch, an open-source platform frequently used by members of the public to trace their heritage.

What prosecutors did not disclose is that genetic material from the rape kit was first sent to FamilyTreeDNA, which created a DNA profile and allowed law enforcement to set up a fake account to search for matching customers. When that produced only distant leads, a civilian geneticist working with investigators uploaded the forensic profile on MyHeritage. It was the MyHeritage search that identified the close relative who helped break the case.

Both companies denied involvement at the time.

But in late 2019, FamilyTreeDNA’s chief executive acknowledged giving the FBI access in 2017 without knowing the case being investigated. He said he did not believe it violated the company’s terms of service, which warned that it “may be required” to release personal information in response to a “lawful request by public authorities.”

Those terms were later changed to alert customers that law enforcement had access to the database.

MyHeritage’s privacy policy at the time stated that personal information “would only be released if required by law.” A corporate executive said the policy “did not explicitly” address such unprecedented police access. “It is possible that the civilian geneticist thought she was not violating our terms of service,” Vice President of Marketing Aaron Godfrey said.

Nevertheless, the search was not sanctioned, and MyHeritage has since revised its policies to make it clear that “such investigations are prohibited,” Godfrey said.

Not disclosing that private consumer data were used in the investigation “perpetuates a fraudulent impression of all the methods implemented to identify Joseph DeAngelo,” Cheryl Temple, chief assistant district attorney for Ventura County, wrote in a January 2019 letter to the FBI. Even DeAngelo’s defense lawyers stood to be kept in the dark about how he was identified, she wrote.

In a recent interview, Temple said she was confident that the case against DeAngelo — who pleaded guilty to 26 counts of murder and kidnapping and admitted to violent crimes against 61 other people — was handled ethically and properly. The issue she raised with the FBI dealt instead with the need for transparency heading into trial.

“I have no concern whatsoever about the legality of anything that was done in the case,” Temple said. “I don’t think anybody has any question whatsoever about how the case was solved.”

Even before these new revelations, the use of consumer databases to catch this serial killer sparked ethical debates as it unleashed a wave of efforts by other cold case teams across the U.S. to use similar means to identify violent criminals. As a result, most major consumer genealogical database companies created barriers against law enforcement access, the U.S. Justice Department adopted interim restrictions for the use of such databases, and Maryland considered legislation to limit law enforcement’s use of them.

DeAngelo, 75, pleaded guilty before going to trial. He is serving 26 life sentences in a California prison. And the legality of investigative genealogy, still relatively new, has not faced serious legal challenges. It is perceived in law enforcement circles as a vital tool for solving even current crimes, but regulations and legislation have not yet caught up.

In most DNA-derived cases going to trial, prosecutors contend that the databases police use are like street informants whose identity can remain hidden. Meanwhile, some companies, such as Ancestry.com, say they have successfully fought efforts by law enforcement to obtain court orders to access their databases.

But FamilyTreeDNA says it will work with law enforcement if an investigation involves a violent crime, denying access to data only if a private subscriber to its database has specifically opted out.

Some legal and privacy experts are concerned that the race to use genealogical databases will have serious consequences, including eroding privacy protections and broadening police power. There have also been instances of the wrong people being arrested and taken to jail — including a twin in California. In Texas, police met GEDmatch’s new search guidelines by classifying a case as a sexual assault but filed only burglary charges after an arrest.

The technology has also led to the conviction of other violent criminals, including the NorCal Rapist, who sexually assaulted more than 10 women in the 1990s.

Those involved in the DeAngelo investigation said the use of the databases was invaluable. They argued against the need for oversight, such as a warrant or subpoena.

The use of family genes in the DeAngelo case was begun by an investigator working with DNA fragments left from a subset of his crimes, the rapes in Northern California.

Paul Holes was chief of forensics for the district attorney’s office in Contra Costa County, one of half a dozen Northern California counties where the East Area Rapist struck from 1976 to 1979, assaulting nearly 50 women and girls. In 2017, Holes used DNA from one of the few surviving rape kits to develop a Y-chromosome profile, found a partial match on a free website called Ysearch.org, and with the FBI obtained a federal grand jury subpoena to require Ysearch’s parent company, Gene by Gene, which also owns FamilyTreeDNA, to release information on that account holder.

The search led Holes and agents from Orange County to an elderly man in a nursing home in Oregon, but he turned out to be an exceedingly distant relation — with no shared ancestor for 900 years. After that, Holes said, federal agents in Northern California lost interest, and funding for more DNA ventures dried up. But an FBI lawyer in Los Angeles was “all in.”

“He said, ‘Paul, I believe in the DNA, and that the DNA is going to solve this case,’” Holes said.

Because consumer DNA had never before been used by law enforcement that way, Holes said, FBI L.A. Division Counsel Steve Kramer vetted the legality of what they were about to do with an attorney at the U.S. Department of Justice and a federal judge. Media officers for the FBI in Los Angeles and Washington, D.C., declined to make Kramer available for an interview. The agency provided no response for this story.

“We were entirely confident that it would pass legal muster,” Holes said. “But we understood that there could be a fallout in terms of public perception.”

Holes and Kramer canvassed counties that still had rape kits from the Golden State Killer crimes and found one still sealed in Ventura County, from the 1980 rape and murder of Charlene Smith and her husband, Lyman Smith. Temple said Ventura County Dist. Atty. Greg Totten approved of conducting a genetic investigation.

According to county records, Steve Rhods, a Ventura County district attorney’s office investigator, secured written consent from the Ventura County and city homicide divisions for what he called a “genetic genealogy” investigation, records show. Rhods told them that DNA extracted from the killer’s semen would be sent to two labs, one at a university and the other a commercial lab connected to FamilyTreeDNA.

The chief executive of FamilyTreeDNA, Rhods wrote to the Ventura homicide bureaus in December 2017, “is being very cooperative working with the FBI in order to generate and search his company’s database.”

Court discovery records show the FamilyTreeDNA data profile was then compared by computer with the profiles of the company’s 2 million other customers. The law enforcement team was provided a list of the close matches, including names and other personal information account holders made disclosable. A similar comparison was performed on GEDmatch.com.

These secret searches provided only lists of third cousins, Holes confirmed.

Then in February 2018, a civilian genealogy expert helping the team announced that she had, on her own, uploaded the FBI’s forensic DNA to another consumer ancestry company, MyHeritage, and found a much closer match. A summary of the investigation written by the Ventura County district attorney’s office notes that this search violated MyHeritage’s privacy policies.

That expert, Barbara Rae-Venter, was already helping law enforcement agencies investigate the murders of four females whose skeletons were found in barrels at Bear Brook State Park in New Hampshire. The four turned out to be the victims of a California drifter. Unreleased court records show Rae-Venter was given access to the passwords and logins of the FBI’s fake account on FamilyTreeDNA. She also had independently uploaded the forensic DNA to GEDmatch. Holes had also done the same.

Holes said Rae-Venter’s actions on her own “put us a step closer, and I know Kramer didn’t seem to be overly concerned from a legal standpoint at all.”

Rae-Venter said she used her personal account on MyHeritage and did not notify the company. She said her actions were approved by Kramer at the FBI. “He said if we’re going to solve this case, we need better matches,” Rae-Venter said. “In his opinion, law enforcement is entitled to go where the public goes.”

MyHeritage said it first learned of the FBI search when Rae-Venter emailed the company Dec. 6 to alert it of the coming Los Angeles Times story.

The prosecutor in Ventura County likened the DNA sleuthing to an undercover agent walking into a bookstore and buying a book, something any other customer could do. Temple said law enforcement agencies are making use only of public access.

The second cousins discovered by Rae-Venter’s surreptitious search created a narrow pool of suspects whom investigators code-named the “Wright” family.

A month later, the FBI visited one of those cousins, an Orange County woman, to ask for her DNA. Her brother had became the prime murder suspect. That woman’s genetic information cleared her brother but told Rae-Venter the killer was related through the women on the family trees that authorities were building on yet another consumer genealogy site, Ancestry.com.

Only six male cousins were possible fits. An FBI search of California driver‘s license records showed that only one of those six men had blue eyes that fit the profile Rae-Venter said she had built: DeAngelo.

After 10 days of surveillance that included police enlisting the help of a garbage truck driver to snatch DNA-bearing items from his trash can, DeAngelo was arrested.

Months after the arrest, the FBI sought to keep the involvement of FamilyTreeDNA and MyHeritage secret, even from DeAngelo’s lawyers. The federal agency invoked a legal privilege that protects the names of confidential sources. According to court discovery records reviewed by The Times, Holes told investigators preparing the criminal case against DeAngelo that that was why he was not allowed to divulge their identities.

Holes said the FBI’s instructions put him in an uncomfortable position, but he abided.

Rae-Venter also said she encountered efforts to revise the account of how DeAngelo was captured when she was asked to omit references to the “match lists” — names of genetic relatives to the killer — she had seen during the investigation. At news conferences later, her active role in the investigation was revised and diminished to advisory capacity only, and credit for narrowing the search to DeAngelo was given instead to staff in the Sacramento district attorney’s office.

Chief Deputy District Attorney Stephen Grippi on Dec. 7 repeated the Sacramento agency’s belief that the DeAngelo investigation “was lawful in every manner.” Grippi said the DNA investigation had been examined by DeAngelo’s public defenders, and “none raised any constitutional claims that would undermine the integrity of the investigation.”

Rae-Venter expressed worry that revelation of FamilyTreeDNA’s involvement will again create a backlash against a technology she said is vital to law enforcement, when there is no such privacy debate about adoptees and the children of sperm donors using the same methods to find their parents — though those searches don’t involve government agencies.

Gay Hardwick, who was repeatedly raped by DeAngelo while her future husband was tied up, said she was concerned that the investigators’ tactics could have given the serial killer’s defense team grounds for appeal had he not pleaded guilty.

“Maybe I’m gullible, old-fashioned, whatever,” she said. “I just see how this could have opened the case to multiple appeals lasting the rest of our lives.”

Jennifer Carole, whose father’s and stepmother’s murders had yielded the crime scene evidence that identified DeAngelo, was unconvinced the arrest merited the larger erosion of privacy.

“DNA should not be something one Googles,” Carole said. “Any time you are using a DNA service, it should be between you and the service.... If you make a conscious decision to share, that’s fine, but it shouldn’t therefore implicate your relatives.”

But Debbi Domingo McMullan, whose mother, Cheri, was raped and beaten to death by DeAngelo in 1981, had no such reservations. After his arrest, she encouraged consumers to give law enforcement access to their DNA to help solve other crimes.

“Laws weren’t broken, but practices were bent. Still, investigation by nature — it always has tended to include a little bit of deception,” said McMullan, who believes that justice prevailed.

In the end, she said, “the truth is what’s important.”

©2020 Los Angeles Times. Visit at latimes.com. Distributed by Tribune Content Agency, LLC.

McClatchy-Tribune News Service

Recommended for you

Copyright © 2021 Police1. All rights reserved.