Mountain View, California, USA - August 15, 2016: Google sign on one of the Google buildings. Google is an American multinational corporation specializing in Internet services and products. (Photo Credit: Benny Marty/

The serial rapist had attacked three women in their own homes, and despite attempts to hide his tracks with antiseptic wipes and other means, he had left a DNA trail. There was just once catch: the DNA didn’t match anybody in any database, including the national Combined DNA Index System, or CODIS.

Investigators knew they had a serial offender, but how were they to zero in on a dangerous criminal that had only grown more emboldened over several years?

Google search history—particularly a record of who was searching for the address where the rapist struck—was the crucial lead that ultimately led to an arrest and pending charges against John E. Kurtz, according to the arrest affidavit acquired by Forensic Magazine.

Kurtz, 43, a Pennsylvania prison guard, was arrested Dec. 18 and charged with multiple felony counts for three incidents: the kidnapping and rapes of two women, and the attempted kidnapping of a third woman.

The attempted kidnapping occurred in Shamokin in 2012. The second alleged incident was perpetrated the night of July 20, 2016 in Turbot. The third was April 23, 2017 in Jackson. All three home invasions involved masks, zip-ties, blindfolds and gags.

The three incidents, which occurred in the early morning hours, all yielded DNA. In the attempted kidnapping and rape from 2012, touch DNA from the tape ends of a blue rag that was used as a blindfold was collected. The July 2016 kidnapping and rape resulted in a DNA profile sequenced from swabs from the rape kit—despite the assailant’s wiping the victim’s body down with an antiseptic wipe. And in the final April 2017 attack, more swabs yielded the same genetic profile—despite the rapist’s attempts to “douche” the woman, according to the arrest affidavit.

But the unknown rapist was not in CODIS or any other DNA databases.


The Pennsylvania State Police hit on a high-tech way to get on the trail of their suspect.

They sought a search warrant for all the Google searches of the address where he struck on July 20, 2016. They sought “all historical information related to Google search queries of (the victim) and her residence” for the week leading up to the attack, according to the arrest affidavit. A Pennsylvania judge approved the search warrant on Sept. 14, 2016.

Pennsylvania courts declined state “right-to-know” requests for the search warrant order served on Google, saying there was no such public record available. The denials appeared to indicate the records are currently sealed, especially since Kurtz’s preliminary hearing is scheduled for next Tuesday. A call to Kurtz’s attorney was not immediately returned.

Google responded to the search warrant on Nov. 29—but in 2017, more than a year later and after the third attack in April 2017.

The results: an unknown individual used Google to search the address on July 19, 2016, just four hours before the kidnapping and rape, according to the affidavit. The IP address was provided.

The trooper then conducted a public records check on the American Registry for Internet Numbers, which led to the host of the IP address: PenTeleData. That was on Dec. 9, 2017.

Two days after that, another judge issued a court order to PenTeleData to turn over the user, subscriber, billing records and other information.

Three days later, PenTeleData provided the name, address and account information: John E. Kurtz of Shamokin—a prison guard.


That same day, the Pennsylvania State Police detectives interviewed some Pennsylvania Department of Corrections personnel about Kurtz. The investigators learned that Kurtz had training on the use of restraints similar to zip ties. They also learned that Kurtz would know about work hours of other corrections personnel—a vital link since the second victim (whose address had been Google searched) was the wife of Kurtz’s coworker.

“An Officer at SCI Coal Township, including Kurtz, would be aware of (the victim’s) husband’s work schedule,” they write.

The detectives found out that Kurtz was not working at any of the times of the three attacks, according to the affidavit.

The Pennsylvania troopers then obtained a court order to track and trace Kurtz’s cellphone the next day. They then conducted a 24-hour surveillance starting that day, following him around the Shamokin and Coal Township areas.

Kurtz smoked and then discarded two USA Gold cigarette butts: one in the parking lot of the Wal-Mart in Coal Township, and another from his car window as he was driving on State Highway 61 northbound.

The following day, the two butts were tested.

It matched the DNA from the three crime scenes and victims, according to the affidavit.

“The probability of randomly selecting a related individual exhibiting this combination of DNA types is approximately 1 in 1.3 octillion from the Caucasian population,” the affidavit states.

Kurtz was taken into custody the day after the DNA test results, just before 6 a.m., at the prison where he worked.


Google did not respond to multiple requests for comment on this story.

However, multiple news accounts have shown that they contend legal requests for users’ information. Last March, Google fought a search warrant issued by a Minnesota judge to find anyone who had searched the name of a financial crime victim whose identity had been stolen to obtain a line of credit at the victim’s credit union. However, no update to the case has been reported by local or national media.

Google’s “Transparency Report,” which it releases periodically to show how government has requested data, shows a steady increase in user data requests. From January to June 2017, the company reports 48,941 user data disclosure requests—a modest uptick from the prior six months’ total of 45,550. However, both those periods are roughly four times the 12,500 reported in the second half of 2009.