Can Police Use Consumer DNA Databases Like Ancestry and 23andMe?

If you have ever spit into a tube to learn your ethnicity or find a long-lost cousin, you may be wondering whether the police can tap into that same genetic data to identify a suspect — possibly even you or a relative. The short answer is yes, investigators have used consumer DNA data to crack cases, but not in the way most people imagine, and not with equal access to every company. This is a fast-moving area where company policy, terms of service, and a patchwork of new state laws matter as much as the Constitution.

How police actually use consumer DNA: forensic genetic genealogy

The technique is called forensic genetic genealogy (FGG). Police start with an unknown DNA sample from a crime scene — say, from an old rape or murder kit. They convert it into the kind of data file a consumer test produces, then upload it to a genealogy database to look for partial matches: people who share enough DNA to be relatives, like second or third cousins. Genealogists then build family trees from those matches, combining them with public records (birth, marriage, obituaries, social media) to narrow down to a single person. Finally, police collect a fresh, direct sample from that suspect — often from a discarded coffee cup or cigarette — and run a traditional one-to-one DNA comparison to confirm.

The landmark example is the Golden State Killer case. In 2018, California investigators identified Joseph James DeAngelo by uploading crime-scene DNA to GEDmatch, a free, open genealogy site, and tracing distant relatives. Since then, FGG has been used to solve hundreds of cold cases and to identify unknown human remains.

Not all databases are the same

This is the most important practical point. The big-name companies most people use are the least open to police:

• Ancestry and 23andMe have long stated they do not voluntarily give law enforcement access to their databases and require a valid legal demand (a warrant, subpoena, or court order) before disclosing any customer's data. They publish transparency reports and say they push back on overbroad requests. Their databases are also not designed to let an outside user upload a raw crime-scene file and search against everyone.
• GEDmatch and FamilyTreeDNA are the sites that have actually powered most FGG cases. GEDmatch lets users upload raw DNA files from any company, which is exactly what makes it useful to investigators. After public backlash, GEDmatch switched to an opt-in model: by default, your kit is hidden from law-enforcement matching unless you affirmatively choose to participate. FamilyTreeDNA adopted similar opt-out/opt-in controls.

So when people ask, "Can police use a DNA database like Ancestry?" the honest answer is: police generally cannot freely browse Ancestry or 23andMe, but they can and do use sites that allow third-party uploads — and they can try to compel any company with a warrant.

Where the Fourth Amendment fits in

The Fourth Amendment protects against unreasonable searches and seizures, but its reach over genetic genealogy is unsettled. A few threads matter:

• Your own DNA on arrest. In Maryland v. King (2013), the Supreme Court allowed police to take a cheek-swab DNA sample from people arrested for serious crimes, treating it like fingerprinting during booking. That is a separate government database (CODIS), not a consumer site, but it shows courts often view identity-DNA collection as reasonable.
• The third-party doctrine. Traditionally, information you voluntarily hand to a company gets little Fourth Amendment protection. But Carpenter v. United States (2018) carved out an exception for sensitive, revealing digital records (there, cell-site location data), signaling that courts may treat deeply personal data differently. Whether DNA you uploaded to a genealogy site is "voluntarily shared" and unprotected, or so sensitive it deserves warrant protection, is an open question that lower courts are still working through.
• Searching the whole database. In 2019, a Florida detective obtained a warrant to search all of GEDmatch, including users who had opted out — a development that alarmed privacy advocates because it showed opt-in promises can be overridden by a judge's order.

The relative problem: your DNA exposes your family

The feature that makes FGG powerful is also its biggest privacy concern. Because you share large amounts of DNA with relatives, your decision to test can expose family members who never consented and never spit in a tube. A second cousin's upload can be enough to put investigators on your trail. Researchers have estimated that a database covering even a small fraction of a population can generate a usable match for most people of that ancestry. In other words, you cannot fully control your genetic privacy on your own, because it is partly held by your relatives.

This cuts both ways. It is why the technique solves cold cases — and why innocent people have occasionally been investigated, or briefly suspected, because a relative's DNA pointed in their direction before confirmation testing cleared them.

New laws and shifting ground

Because the Constitution is murky here, states have started legislating. Maryland and Montana passed some of the first laws regulating forensic genetic genealogy — Maryland's law is especially strict, generally limiting FGG to serious violent crimes, requiring judicial authorization, and restricting which databases police may use. Other states are considering similar rules, and the U.S. Department of Justice has an interim policy limiting federal FGG to violent crimes and unidentified remains. Expect more change, not less.

The corporate landscape is also unstable. 23andMe filed for bankruptcy in 2025, raising alarms about what happens to millions of customers' genetic data when a company is sold — including whether a buyer could change the privacy promises that kept police out. If you have an account, this is a reason to review your settings and consider deleting your data.

What you can actually do

• Check your privacy settings. On GEDmatch and FamilyTreeDNA, confirm whether you are opted in or out of law-enforcement matching. On Ancestry and 23andMe, review data-sharing and consider downloading and then deleting your raw data.
• Think before uploading raw files. Uploading your DNA to an open third-party site is what makes it searchable. You can keep results within a company that does not allow open uploads.
• Remember it is not just your choice. Talk with relatives, because their uploads affect you and yours affect them.
• If you are contacted by police about DNA, you keep your ordinary rights: you can decline to answer questions and invoke the right to remain silent, and you do not have to consent to giving a fresh sample without a warrant. Police may still lawfully collect DNA you abandon in public, like a discarded cup, so be aware that "abandoned" DNA is treated differently.

This is general legal information, not legal advice. The law on genetic privacy varies significantly by state and is changing quickly. If you are facing an investigation or have specific concerns, talk to a qualified attorney in your state.