Old and busted: Social credit scores. New Big Brother hotness: 23 And, er … We! The identification and capture of the Golden State Killer by law enforcement as former police officer Joseph James DeAngelo prompted great rejoicing and no small degree of amazement. Perhaps the nation’s worst serial rapist-murderer had eluded identification for more than four decades, let alone capture. His crime spree had ended thirty years ago, or so they believe; investigators weren’t even sure the perp was still alive.

So how did they find him? A tip? Well, yeah, sort of:

Authorities used genealogical websites to track down the suspected serial killer known as the “Golden States Killer,” sources told ABC News, describing it as a long, painstaking process.

Investigators used DNA from one of the crime scenes and compared it to what’s available on genealogy websites to find a family tree for the suspect, sources said.

Officials then worked their way down that family tree until they found Joseph James DeAngelo, a 72-year-old former police officer.

Police placed DeAngelo under surveillance and later obtained his DNA from an item officers collected. It was confirmed as a match.

It’s an impressive performance by law enforcement, without a doubt. The resolution of this case testifies to their commitment for justice on behalf of the victims and their families. They used every last resource they could to find DeAngelo and to at least end his potential threat to his and other communities. And with his capture, it’s easy to imagine that they will start connecting dots to other unsolved crimes between 1986 and the present, because serial rapists and murderers almost never just stop.

However, the case raises significant questions about our willingness to make our private information public and the manner in which government can manipulate it. It’s an extension of the debate over Facebook’s use of consumer data for profit. Facebook users willingly and freely enter their personal information into a public database for free and third parties of all different kinds get access to it for advertising purposes … among other projects, as we have discovered. Thus far, though, the only law-enforcement implications have been the perusal of displayed information on users’ own pages rather than data-mining in the Cambridge Analytica/Team Obama sense.

This case crosses that boundary, at least in concept. Police have long had DNA exemplars from Golden State Killer/East Side Rapist/Original Night Stalker cases; it’s how they linked the crimes back to one individual, years ago. What appears to have taken place is a kind of data mining of public information in consumer-DNA and genealogical databases to find people closely related enough to that DNA profile to look at their families for potential suspects. That made one or more members of DeAngelo’s family an unwitting informant. Perhaps that was a choice he/she would have made anyway — one would certainly hope so — but that choice was taken out of their hands.

Normally, law enforcement would need a warrant to seek out that kind of data if it wasn’t offered willingly. Of course, the unwitting tipster in this case chose to make their DNA information public in these genealogical databases in the first place, has have many, many others. This has created a powerful and perhaps dangerous tool for government to use, thanks to our own curiosity and the commercialization of our private data. In this case, it was used to apprehend a monster, but who will it be used to find in the future? And for what purpose?

Again, this is not meant to take anything away from investigators who found a despicable monster after his victims had suffered for decades. As far as is known now, they broke no laws in accessing information that people published willingly. But it’s worth asking ourselves if we are becoming so eager to be entertained by own data that we’re not creating Big Brother by accident, and whose power will almost assuredly not be used by accident.

Update: The company by which law enforcement made the match issued a statement earlier today which reminds users to read that agreement more carefully:

“We understand that the GEDmatch database was used to help identify the Golden State Killer,” he said. “Although we were not approached by law enforcement or anyone else about this case or about the DNA, it has always been GEDmatch’s policy to inform users that the database could be used for other uses, as set forth in the Site Policy … While the database was created for genealogical research, it is important that GEDmatch participants understand the possible uses of their DNA, including identification of relatives that have committed crimes or were victims of crimes.”

Rogers continues to say if anyone had concerns that their profiles might be used for “non-genealogical uses” they should remove it from the site or not upload it in the first place. He provided an email address to delete profiles.

The Mercury News also notes that other sites do require court orders for law-enforcement access:

But it was GEDmatch, a database mostly used by people curious about missing relatives or patching together family trees, that provided the large pool of profiles that investigators needed, Holes said. Over the years, investigators had collected DNA profiles of the Golden State Killer, but they got no hits on criminal DNA databases, so they needed another bank of profiles to compare to.

Major companies, such as 23andMe and Ancestry, do not allow law enforcement to access their DNA profiles unless they get a court order. So, investigators went to the free, open source website where people knowingly share their raw DNA profiles, often obtained from the larger companies to broaden their searches.

No matter what, caveat emptor applies.