Joseph James DeAngelo, the 72-year-old former police officer suspected to be the notorious Golden State Killer (aka the Original Night Stalker and the East Area Rapist), was arrested this week.

That’s pretty good news for the California communities terrorized by the Golden State Killer, who committed 51 rapes and 12 murders in California between 1974 and 1986.

But, arguably, the biggest news: For the first time, a commercial genealogy website led to the suspect’s arrest.

That’s raising some ethical questions about how we use that kind of genetic information. Here’s a breakdown of we know, and what we don’t.

What genealogy site did investigators use to identify DeAngelo?

The main tool: a site called GEDmatch. It isn’t quite like 23andMe or Ancestry. It’s a place where people can share their genetic information publicly – which means there are no legal hurdles for the authorities if they want the data. It’s possible investigators also used other genealogy sites to help identify DeAngelo. But the Sacramento County DA’s office isn’t offering specifics. 23andMe, Ancestry.com, and Family Tree DNA all claimed to not be involved, according to BuzzFeed News.

How, exactly, did they use that to track down DeAngelo?

GEDmatch contained genetic information from one of DeAngelo’s relatives, Chief Deputy District Attorney Steve Grippi told The Sacramento Bee. “[Investigators] then followed clues to individuals in the family trees to determine whether they were potential suspects,” the Bee reported. “We found a person that was the right age and lived in this area — and that was Mr. DeAngelo,” said Grippi told The New York Times.

We don’t know what DeAngelo’s relative was hoping to find out from a genetic test. Maybe it was more about their ancestors, or potential medical risks. What they did in the end, though, may have been to help close one of the most notorious serial killer cases in the U.S.

And investigators got DNA from DeAngelo, too?

Yes, but it’s a little sketchy. Investigators set up surveillance around DeAngelo’s home and got what Anne Marie Schubert, the Sacramento district attorney, called “abandoned” DNA samples — genetic material pulled from something DeAngelo discarded. Law enfrocement corroborated this with a second sample, which matched the full DNA profile. “The second sample was astronomical evidence that it was him,” Schubert told The Bee, adding, “There were a whole lot of holy s— moments.”

What does GEDmatch have to say about the whole thing?

GEDmatch claims it wasn’t aware of the investigation: “Although we were not approached by law enforcement or anyone else about this case or about the DNA, it has always been GEDmatch’s policy to inform users that the database could be used for other uses, as set forth in the Site Policy,” according to a statement reported by The Verge. 

“While the database was created for genealogical research, it is important that GEDmatch participants understand the possible uses of their DNA, including identification of relatives that have committed crimes or were victims of crimes.”

Is it legal for a genealogy site to give my information to the police?

Did you read the terms and conditions before you swabbed your cheek? No? Well, let us clue you in: most companies will hand over a customer’s genetic information if law enforcement demands it, and has a warrant.

What are the pros and cons of using these familial databases to identify criminals?

Let’s start with the positive. Doing this catches bad guys. Law enforcement has used familial DNA searches to solve a murder cases in the past. The LA Times names several individuals, including “The Grim Sleeper,” who were apprehended in a similar manner.

“I don’t want to be cavalier about privacy issues,” Robert Green, a medical geneticist and professor at Harvard Medical School, told Buzzfeed. “But if this was a legally approved use of a public database, or a legally issued subpoena or warrant for a private database, and it successfully identified a horrible criminal, I think that’s a really exciting and creative use of genealogical data.”

However, this technique has also led law enforcement down the wrong path.That was what happened to Michael Usry, who, in 2014, was wrongly accused of committing a 1996 murder, according to the LA Times.

What sort of legal regulation is in place to protect my genetic privacy?

In 2013, the U.S. Supreme Court deemed that a suspect’s DNA “…like fingerprinting and photographing, [is] a legitimate police booking procedure that is reasonable under the Fourth Amendment.”

Basically, law enforcement can legally take your DNA without a warrant. Several states, however, have put limits on familial DNA searches. Some, such as Maryland and the District of Columbia, have banned the technique.

At-home DNA tests are becoming cheaper and more easily accessible. And even if you aren’t taking one (DeAngelo didn’t) if relatives are, does that put you at risk? Much like the recent Facebook Cambridge Analytica Scandal, even if you didn’t share your data, a friend might have. It’s easy to imagine a future where everyone knows your genetic code. And you didn’t even willingly contribute.