Comparing decades-old crime scene DNA to profiles on genealogy websites led investigators to relatives of the suspected Golden State Killer — and from them, to the suspect himself, the Sacramento Bee reported. The police used a genealogy website called GEDmatch to crack the case, the Mercury News reported.

The website is a place where people share their full genetic information — entirely in public — so there are no legal hurdles for investigators trying to track someone down. By contrast, private DNA sites like Ancestry and 23andMe tend to be choosier when it comes to complying with police requests.

In a statement to The Verge, GEDmatch said it was not aware of the investigation. “Although we were not approached by law enforcement or anyone else about this case or about the DNA, it has always been GEDmatch’s policy to inform users that the database could be used for other uses, as set forth in the Site Policy,” the statement reads. “While the database was created for genealogical research, it is important that GEDmatch participants understand the possible uses of their DNA, including identification of relatives that have committed crimes or were victims of crimes.”

Also known as the Original Night Stalker and the East Area Rapist, the Golden State Killer is suspected of committing 51 rapes and 12 murders in California between 1974 and 1986. On Tuesday, officers arrested 72-year old Joseph James DeAngelo in Citrus Heights, California in connection with the crimes. The team found him by making a fake profile on a genealogy website, using DNA collected from a Ventura County murder scene 37 years ago, according to the New York Times.

While the investigators didn’t find a perfect hit, they did find close ones — the partial DNA matches of relatives. That eventually led investigators, working with genealogists, to DeAngelo, the Times reports. DeAngelo had lived in areas that matched the locations of the crimes, and when the investigators compared DNA collected from an item DeAngelo threw away to the crime scene DNA, they found a match.

Critics say the practice may violate civil rights

Tracking down suspects via a family member’s DNA is controversial enough when law enforcement does it through its own databases. The FBI’s national genetic database, for example, includes DNA from federal convicts and arrestees who haven’t been convicted, law experts Natalie Ram and Michael Seringhaus explain in Slate. But critics say the practice can expose citizens to additional scrutiny simply because a relative is in a DNA database, potentially posing a violation of their civil rights.

Familial searches have helped law enforcement track down notorious suspects before — like the so-called “Grim Sleeper” and the “Roaming Rapist” in California, according to the LA Times. But the technique has also led law enforcement to innocent people, too — like Michael Usry, who police tracked down through a genealogy study that had been made publicly available. The police later decided he was innocent, and apologized for the inconvenience, the LA Times says.

It wasn’t clear from the paper’s reporting if other DNA repositories were used in conjunction with GEDmatch. Direct-to-consumer genetic testing company 23andMe told The Verge that it didn’t help law enforcement with the case. “Broadly speaking, it’s our policy to resist law enforcement inquiries to protect customer privacy,” a spokesperson for 23andMe said in an emailed statement. “23andMe has never given customer information to law enforcement officials.”

Ancestry.com also denied being in contact with law enforcement about the case. “Ancestry advocates for its members’ privacy and will not share any information with law enforcement unless compelled to by valid legal process,” a company spokesperson said in a statement emailed to The Verge. The company publishes such requests in their yearly transparency reports. Helix and National Geographic did not immediately respond to requests for comment.

Asked whether law enforcement could have used 23andMe data that had been sold to another company, a 23andMe spokesperson answered, simply, “No.”

Additional reporting provided by Elizabeth Lopatto and Russell Brandom.

Update April 27th, 7:05PM ET: Added information from the New York Times about the DNA used in the investigation.

Update April 27th, 9:05AM ET: Added information from the Mercury News about which ancestry website investigators used, and with statement from GEDmatch.

Correction: An earlier version of this piece stated that open databases like WikiTree and YHRD could have been used to identify DeAngelo. In fact, neither project makes identifiable genetic data available to the public. The Verge regrets the error.