It’s a cliché, but it’s true: We’re all one big family. The common ancestor of every European lived only 600 years ago. Between 150,000 and 200,000 years ago Mitochondrial Eve, the most recent matrilineal common ancestor of every human being, was living in Africa. In the last few years millions of people have been spitting into tubes so that private companies can help them find out where they fit on humanity’s family tree. As a result, families have found lost loved ones, and racists have had to tackle reality. What’s not to like?

While many people are enjoying the genealogical research aided by companies such as 23andMe, Ancestry.com, and MyHeritage, they are also unaware that law enforcement is using them as “genetic informants.” In fact, Family Tree DNA has been allowing the Federal Bureau of Investigation (FBI) to submit suspects’ DNA in order to investigate unsolved violent crimes. While catching violent criminals is a laudable goal, this technique raises difficult privacy concerns.

This new investigatory technique made headlines last year when police arrested Joseph James DeAngel, the suspected serial killer and rapist nicknamed the “Golden State Killer.” Police arrested DeAngel after investigators uploaded DNA from a rape kit to the genealogy website GEDMatch. Using the profile to build family trees of the suspect, investigators were able to narrow down a list of suspects, including DeAngel. DNA found in the rape kit matched DNA DeAngel left on his car door’s handle and DNA discarded in his trash.

The Golden State Killer investigation and others like it are sure to prompt lawmakers to tackle a wide range of issues.

Suspects clearly enjoy no expectation of privacy to the evidence they leave at crime scenes. GEDMatch users and other genealogy DNA website customers can’t claim to have a legitimate privacy interest at stake during these kind of investigations. The whole point of these sites is to connect users to distant relatives via DNA. Anyone who looks deep enough into their family tree is bound to find demons as well as angels. Police are on safe legal ground when they upload a suspect’s DNA to a genealogy site, even if doing so violates the site’s terms of service.

People who never submitted DNA to a genealogy site may find it creepy that law enforcement might be able to identify them on a site even if they haven’t submitted DNA. If a private person has a sibling who submits DNA to 23andMe they can’t do anything about the fact that anyone who cares to investigate can uncover quite a bit of information about their ancestry.

For many people, the FBI’s use of Family Tree DNA’s may register on their creepiness radar, though they might not be able to identify the exact nature of the threat. Perhaps there’s an intimacy we attach to our DNA, the transporter of our genetic information that can reveal inheritable diseases as well as personal traits such as eye color and whether you taste soap in cilantro. While it’s always possible to exaggerate the dreadfulness of a hypothetical dystopia, many DNA genealogy site customers may be wondering if law enforcement’s continued use of such sites will eventually lead us to a world where police have put together a family tree of the whole country. We’re nowhere close to such a world, but it’s a world that many want to avoid nonetheless.

What’s to be done? Lawmakers have a few options. Limiting the use of such a technique to the investigations of a narrow category of crimes is one option. Family Tree DNA used to only allow law enforcement access pursuant to a court order. That is no longer their position. Lawmakers could also regulate the use of DNA as part of a larger piece of privacy legislation. Senators are already proposing a range of privacy bills, each of which will be subject to amendment before a vote. Such legislation could include requirements on companies to better inform their customers about use of data.

But legislation always lags behind technology. And privacy legislation could go too far by imposing regulations on companies in such a way that limits competition and innovation.

Genealogists shouldn’t have to become technophobes. They benefit from sites like 23andMe and Family Tree DNA. Lawmakers don’t have to pass regulations for genealogists to take steps to be better informed and for genealogy sites to better protect their users’ information being used for reasons other than research. The news about the FBI using Family Tree DNA’s service is only the latest evidence that we should all perhaps do better due diligence before handing over our sensitive and revealing information.

Matthew Feeney is the director of Cato’s Project on Emerging Technologies, where he works on issues concerning the intersection of new technologies and civil liberties.