When she was raped at gunpoint at the Alexandria, Va., pool where she worked in 2016, the 24-year-old lifeguard could describe her attacker only as a thin man she believed was 35 to 40 years old and a little over 6 feet tall.

Three years later, police arrested Jesse Bjerke, after having DNA from the attack analyzed by genealogy researchers who used public databases to link the sample to people in Bjerke’s family — an increasingly common tool for cracking unsolved crimes. Bjerke is also under investigation for a similar rape at a pool in Fairfax County in 2015, according to court documents.

Attorneys for Bjerke, 37, are now seeking to have the DNA evidence thrown out of court, arguing that assembling and testing a genetic profile without a warrant violates the Constitution.

“In no way did Mr. Bjerke ‘knowingly expose’ his DNA profile, his genealogy, his susceptibility to diseases, or his genetic profile to ‘public view’ by leaving his genetic profile in public,” defense attorney Chris Leibig wrote in a motion earlier this month. If picking up the DNA and analyzing it without a warrant is legal, he argued, “nothing stops the government from creating a national database of all person’s genetic data and using the information for any reason at all.”

According to the motion, Alexandria police relied on a company called Parabon, which ran the crime scene DNA through a free genealogy website called GEDmatch.com. It is the same service that police in California used last year to identify a man they say is the infamous Golden State Killer, who terrorized women and couples in the 1970s and ’80s.

Matches were found with cousins on both sides of Bjerke’s family tree. Based on his appearance, and where he lived around the time of the crimes, they concluded Bjerke was the likely culprit.

In January, police began following Bjerke at his home and the hospital where he worked as a nurse. They took beer bottles, soda cans and an apple core from his trash. They tracked him to a Spanish restaurant on King Street in Old Town Alexandria and, after he left, bagged the straws he had used.

The DNA could not be eliminated as a match for the sperm from the rape scene, a forensic analysis found, leading to Bjerke’s indictment and arrest in February. With another warrant, law enforcement again compared his DNA with the semen at the crime scene. The result: a one in 7.2 billion chance it was not his.

While it is legal for police to pick up a discarded item, Leibig argues that extracting a DNA profile from that item requires a warrant — and that the Parabon report would not be enough to support one. He compared it with searching the contents of a lawfully seized cellphone, which the Supreme Court has ruled requires a warrant — as does getting cell-tower data mapping a person’s location.

The motion does not challenge the genealogical investigation. But, according to court papers, Leibig is demanding records from GEDmatch and Parabon for a future challenge on that front.

The office of Alexandria Commonwealth’s Attorney Bryan Porter declined to comment. Prosecutors have until July 3 to file an official response.

The Supreme Court ruled in 2013 that police can take DNA samples from arrested people but has not weighed in on genetic material left on abandoned items.

In 2012, the U.S. Court of Appeals for the 4th Circuit ruled that using a shooting victim’s blood to link him years later to an unrelated murder was an unreasonable search, but one done in good faith and thus allowed as evidence. That DNA was taken from a shirt under the defendant’s hospital bed that had not been abandoned.

“A victim retains a privacy interest in his or her DNA material, even if it is lawfully in police custody,” the court wrote.

But that decision is not binding on any state courts, several of which have come to the opposite conclusion. The Supreme Court in 2015 rejected a challenge from a Maryland man whose sweat was collected from a chair during an interrogation.

“The courts have almost without exception . . . said there’s no expectation of privacy,” said David H. Kaye, a Penn State law professor who studies forensic science. “They have treated the molecules of DNA no differently than say, fingerprints that somebody might leave on the surface at a restaurant.”

The way police have DNA analyzed for identification, he said, is limited enough that it does not raise major privacy concerns.

Other scholars argue that those limits need to be far more defined, given what can now be learned through DNA.

“The amount of information that can be extracted is now much greater,” said Natalie Ram, a professor at the University of Baltimore School of Law. “The fact that we are constantly sloughing off dead skin cells or leaving strands of hair or bits of saliva . . . that’s not really voluntary in any meaningful sense.”

She has not seen a legal challenge specifically to the use of genealogy websites to identify suspects. She expects they will come as the practice becomes more prevalent, but it will be difficult for any defendant to argue his or her privacy was violated by the testing of crime scene evidence against publicly shared data.

Since Bjerke was identified, GEDmatch changed its policies so users must opt to share information with law enforcement. That information, they say, will be used only “to identify a perpetrator of . . . murder, nonnegligent manslaughter, aggravated rape, robbery, or aggravated assault.”

Elizabeth E. Joh, who teaches policing and technology at the University of California at Davis School of Law, said she thinks legislation is needed to establish limits to law enforcement’s use of DNA.

“There’s very little in the way of rules in terms of what’s permitted and what isn’t,” she said. “It’s still relatively new, and the kind of cases that have thus far been solved are the kinds of cases I think most people want to have solved. But that doesn’t answer the question of what the limits should be on what the government can do.”