GEDmatch came under the spotlight in 2018 after it was revealed that California police used its database to identify the Golden State Killer, who killed a dozen people in the '70s and '80s and was accused of over 50 rapes, through his relatives. It also came to light that cops have been using it to solve other cases, including decades-old cold ones. As a response to the backlash it got, GEDmatch changed its policy so that law enforcement can only use it to look for suspects in "murder, nonnegligent manslaughter, aggravated rape, robbery or aggravated assault" cases.

More importantly, its new policy only allows authorities to search for GEDmatch users who make their information available to the police. Users literally have to opt in -- their profiles are set to opt out by default. Company co-founder Curtis Rogers said only 185,000 users chose to opt in, but Fields' warrant allowed him to access all 1.3 million users' information. The detective said the service complied with the warrant within 24 hours, and while he hasn't made an arrest yet, he has already found some leads.

DNA policy experts are now worried that this development will encourage law enforcement to secure warrants for much larger databases. GEDmatch is smaller than its peers, since it doesn't offer its own testing kits: users have to upload their own DNA information in order to find relatives through its website. Meanwhile, 23andMe and Ancestry.com, which both sell their own testing kits, have 10 million and 15 million users, respectively. Since those databases allow authorities to identify DNA profiles even through distant family relationships, a lot more people than actual users could be affected.

Update: 23andMe has posted its stance on protecting data, part of which reads: