[A comprehensive DNA database] would entail but a limited intrusion on individual freedom and privacy while advancing both public safety and racial even-handedness in the criminal justice system and serving as a firewall against far greater intrusions on privacy by law enforcement authorities.– Kaye & Smith[1]
Introduction
Many people have a visceral, negative reaction to the idea of a universal DNA database. Their main concern? That a universal DNA database would grossly invade their privacy.A universal DNA database's benefits in efficiently and effectively solving crimes, exonerating the innocent, and decreasing racial disparities in law enforcement, however, make such a database immensely appealing from a public safety and criminal justice perspective. As of April 2017, the federal DNA database has assisted in more than 358,069 investigations.[2] DNA evidence has exonerated 350 innocents who combined had served 4787 years in prison, sometimes on death row.[3] DNA also enabled law enforcement to identify 149 of the true perpetrators of those crimes, who ‘went on to be convicted of 147 additional violent crimes, including 77 sexual assaults, 35 murders, and 35 other violent crimes while the innocent sat behind bars for their earlier offenses’.[4] A universal DNA database could have prevented those 350 false convictions and 147 later violent crimes.Yet discussions about universal databases are often halted by invasion of privacy concerns. Are those concerns rational? By analysing a universal DNA database's design, the probability that imagined abuses would occur, and the invasive investigative techniques the database could end, this article demonstrates that a universal DNA database might actually improve privacy.Part I briefly introduces current forensic DNA databases. Part II examines how a universal DNA database could be designed to limit its privacy-invasion potential. Part III responds to common privacy-based objections. Finally, Part IV argues that a universal DNA database may even increase privacy by decreasing more invasive investigative techniques, exonerating the innocent, and deterring crime. While constitutional arguments may exist on this topic, space does not allow their consideration here.
Current DNA Databases
DNA databases are already maintained by every state and the federal government. All states require DNA samples to be taken from individuals convicted certain crimes.[5] Twenty-nine states and the federal government even collect DNA from individuals arrested, but not yet convicted, for certain offenses.[6] All states have some process for expunging DNA profiles if a charge is dropped or the individual is acquitted, though most states require individuals to initiate the process.[7] Only 36 per cent of state DNA profiles are incorporated into the national Combined DNA Index System (CODIS) database.[8]After obtaining DNA from an offender or arrestee, law enforcement sends the DNA to an accredited, quality-controlled forensic laboratory.[9] The laboratory then examines the 13 ‘CODIS loci’, also known as ‘CODIS markers’, of the DNA. Combined, the CODIS loci comprise only one millionth of a person's DNA[10] and are ‘no more informative than an ordinary fingerprint’.[11] These ‘noncoding, nonregulatory’[12] snippets of DNA are not ‘even moderately correlated with disease status, physical traits, or behavioral predispositions’.[13] Analysing these portions of an individual's ‘junk’ DNA thus ‘produces a set of numbers that are useful for identification purposes and nothing else’.[14] These numbers become the offender or arrestee's DNA profile.[15] CODIS does not store any personally identifying information with a DNA profile, not even the name of the person who provided the DNA sample or that sample itself.[16] If a DNA sample taken from a crime scene matches a CODIS profile, a public forensic laboratory must contact the other laboratories involved in creating the DNA profile to obtain the suspect's name.[17]In addition to limiting the information stored in DNA databases, current databases also strictly limit access and use of that information. All CODIS computers are ‘located in [a] physically secure space’ and laboratory communications occur over a private network ‘accessible to only criminal justice agencies approved by the FBI’.[18] Generally, access to the databases is strictly limited to criminal justice agencies ‘for law enforcement purposes’,[19] that is, criminal identification only.[20] Criminal defendants may also be given access to samples and analyses connected to their cases.[21] Unauthorized tampering, acquisition, disclosure, or use of DNA profiles is subject to fines and prosecution.[22]
Limiting a Universal DNA Database's Privacy-Invasion Potential
A universal DNA database could be designed very similarly to current DNA databases, none of which have been declared unreasonable invasions of privacy. Only three changes are necessary to create a universal database: (i) include all individuals, not just those convicted or arrested for qualifying offenses; (ii) repeal profile expungement laws; and (iii) better integrate or combine existing databases.As explained above, current databases implement many privacy protections. DNA profiles store only numerical representations of ‘junk’ DNA which can identify an individual, but cannot reveal any information about that person's health, physical appearance, or behavioral predispositions. The DNA profiles are stored in physically secured locations with limited access and the related names are stored separately to prevent tampering and misuse. Finally, database abuses are discouraged through fines, criminal charges, and possible jail time.A universal DNA database can, and should, maintain these privacy protections. Additional protections could also be implemented.Perhaps most importantly, DNA samples could be destroyed immediately after a DNA profile is generated and use of the samples for any other purpose could be criminally sanctioned.[23] This would prevent future testing of the samples for private information such as disease status or behavioral predispositions. Indeed, ‘an instrument could be built that would extract an identifying profile and destroy the sample at the same time’ to ensure that does not happen.[24] If implemented and enforced, a sample destruction policy would help ensure nothing more than a genetic fingerprint is taken from someone's DNA. For this reason, sample destruction has been hailed as not only ‘[t]he best way to mitigate [] privacy concerns’,[25] but perhaps even ‘[t]he solution to the privacy problem’.[26]DNA profiles could also be generated anonymously.[27] Rather than sending a DNA sample to a lab with the related name, the collecting agency could generate a random sample identification number associated with the name and DNA profile. The agency could then send the sample to a certified lab to generate the CODIS profile, and separately send the name to an independent agency holding a ‘master list’ of individuals represented in the database.[28] This system would decrease the likelihood of unauthorized tests occurring and, even if such testing did occur, help ensure the results could not be linked or undesirably disclosed to the DNA’s source. This system also makes the names easier to secure and maintain by (a) making it harder for thieves to steal usable information, and (b) limiting the number of storage locations potentially vulnerable to theft, error, or closure.[29] It may even be feasible to protect the names and profiles from hacking by storing them on offline computers.[30]Additionally:[t]his two-tiered system would afford significant individual privacy protection by ensuring that an administrator of the databank could never access a person's genetic information just by knowing the person's identity. Rather, personal information would only be revealed if that person's DNA matches evidence found at a crime scene.[31]A court order could also be required to obtain that person's name to ‘ensure that law enforcement officers sought an individual's identity for a legitimate reason’.[32] Additional rules could be developed to regulate options when no complete match is found or when information is requested for humanitarian purposes, such as locating a missing child.Training and enforcement programs can also be established to ensure the universal DNA database remains as private and secure as possible. DNA sample collectors, labs, law enforcement, and others involved in creating and using the DNA database can be trained on the importance of keeping the database private and how best to achieve that goal.[33] Agencies and laboratories could be required to meet minimum national privacy and proficiency standards to participate in the creation and use of DNA profiles,[34] and their compliance with the standards could be overseen by an independent review board. Lastly, sanctions for unauthorized testing, use, access, or distribution of DNA samples, DNA profiles, or the list of names could be further developed and enforced by an independent accountability board.[35]Finally, discussions about creating a universal DNA database will likely garner much political attention and contention because abuses of a universal database could affect anyone, not just criminals. Hence, ‘[p]aradoxically, a carefully constructed and administered population-wide data base may offer the greatest privacy protection for all of us’ by forcing ‘the legislative and executive branches to take the greatest care in fashioning and implementing the system so as to protect privacy’.[36]A universal DNA database with the suggested privacy safeguards would be well protected against abuses, manipulation, and theft. While there is a risk some of these privacy protections could be circumvented with considerable effort, ‘we do not normally ban a technology due to the fear that no law can prevent’ its misuse, and in fact we have adopted beneficial technologies that pose significantly greater dangers to privacy than a universal DNA database.[37]
How Much Privacy Would You Lose?—Responding to Concerns
Even with the privacy protections described above, skeptics may still worry about a universal DNA database invading their privacy. This is likely at least partially because DNA has ‘been culturally endowed with a power and significance exceeding that of other medical information’.[38] But ‘[m]uch of this significance is undoubtedly misplaced’.[39] Correcting the common misconception that ‘we are our DNA’ should reduce privacy-based concerns.Nevertheless, some may still have an instinctive aversion to universal DNA databases. This part will respond to some of the most commonly raised privacy objections. One commentator has denounced such concerns as fantasies: ‘As I see it, the scenarios for misuse by the government, insurers, or employers of the [CODIS-loci]-identification profiles in the NDIS and other law enforcement databases border on science fiction’.[40] This part does not go that far. But it should demonstrate that we would not sacrifice as much privacy as many assume through the adoption of a universal database.
Information Stored in CODIS Markers
Some opponents worry that ‘junk’ DNA may not be ‘junk’, and that the fingerprint comparison may therefore be misleading;[41] ‘some markers now thought to be meaningless may be (and have been) found to contain predictive medical information’.[42]Scientists are confident that the CODIS loci do not cause disease, but there are correlations between some loci and disease-causing genes.[43] Even with these correlations, however, the CODIS markers reveal very little about an individual. An entire DNA sample, or at least its coding portions, must be examined to learn anything meaningful about an individual's health or appearance.[44] Indeed, ‘[i]t is unlikely that analysis of DNA profiles will ever reveal a great deal of information’ because the ‘profile represents such a small percentage of a person's genetic code’.[45] Moreover, because the CODIS loci cannot ‘be exploited to produce a valid and useful disease-screening test’,[46] it is unlikely resources would be wasted attempting to find more correlations.CODIS markers also cannot reveal meaningful, private information about an individual's ethnicity or race. It is possible to use a DNA profile ‘to calculate probabilities that someone would be described as Caucasian, African-American, or Hispanic’,[47] but such inferences ‘would not be very accurate’[48] or useful because the probabilities are based on features unrelated to characteristics typically associated with race, like skin color.[49] Regardless, such analysis is unlikely to occur or reveal sensitive information because the DNA source's ‘apparent race would be known’ when the profile was created.[50]Furthermore, even ordinary fingerprints can ‘be correlated with perceived ethnicity or even disease or behavioral characteristics. It is simply that we, as a society, have chosen not to make much of these correlations’.[51] Hence, the fingerprint analogy conveys not only that both fingerprints and CODIS markers are useful identifiers, but also that both cause no more than a miniscule invasion of privacy. Indeed, DNA profiles provide significantly larger benefits than fingerprint databases with little more of a privacy cost.Lastly, some worry a universal DNA database would be used to inadvertently or maliciously determine or disprove familial relationships.[52] Since (in theory) the database would contain a profile of everyone, however, law enforcement would rarely have any need or desire to find a familial match to help identify a crime scene sample.[53] Indeed, if the database was designed with the protections discussed above, such a search may not be possible and, even if possible, would almost certainly require authorization and a court order. Regardless, such searches are unlikely to occur because (a) unauthorized searches would be difficult, (b) familial relationships are more easily tested by obtaining DNA samples directly from the persons of interest, and (c) most family relationships are already public knowledge.
Genetic ‘Surveillance’
Another common concern is that a universal DNA database would subject innocents to lifelong ‘genetic surveillance’.[54] Specifically, opponents argue that a universal database would limit our freedom to go embarrassing places,[55] likely crime scenes,[56] or protests[57] for fear our presence or identity could be discovered through shed DNA.‘Surveillance’ is a misnomer that should be avoided.[58] Our DNA profiles would sit passively in a database, examined only by a computer program searching for matches to crime scene evidence.[59] Nobody would (or could) conduct further tests on the destroyed DNA samples.[60] Nor would our movements be tracked merely because we are in the database (as is everybody). Indeed, it would be both infeasible ‘to reconstruct a person's travels by looking at DNA molecules’[61] and unlikely to be attempted because far easier surveillance methods already exist. Unlike those surveillance methods, DNA profiles cannot reveal anything about a person's movements, relationships, communications, or private characteristics.[62] Thus, a DNA profile would only reveal a person's movements if it matched a crime scene sample and law enforcement obtained a court order for the person's name.Rather than making everyone ‘an automatic suspect during his or her lifetime for any future crime’,[63] a universal DNA database would instead promptly eliminate all but a handful of individuals as suspects for most crimes, protecting those eliminated from unnecessary, invasive police investigation.[64] Additionally, our constitutional rights protect against a universal database being used to suppress dissent.A universal DNA database does not subject us to ‘genetic surveillance’. Nor does it infringe our dignity or limit our autonomy.[65] All a universal database prevents is the ability to hide one's identity from the police—an ability ‘of little practical importance unless we want to commit crimes’.[66]
Database Security
Every electronic database comes with hacking concerns. For universal DNA databases, one raised hypothetical is hackers using the database to identify individuals in witness protection.[67] Part II described various ways a universal database can be protected from hackers and designed to help ensure even hacked information is meaningless. This would especially be true in the hypothetical above if the database was not updated with the witness protection participant's new name. Additionally, as was the case with other privacy concerns, hackers could more easily obtain the information they desire without hacking the database.
Framing Innocents
Skeptics also worry a universal DNA database would lead to more framing.[68] Criminals have already begun planting DNA despite the lack of a universal database, however, to avoid prosecution and conviction.[69] Moreover, several factors could help prevent successful framing attempts. Investigators can be trained to recognize planted DNA and find corroborating evidence before concluding the DNA’s source is the true suspect. Likewise, the requirement that prosecutors prove guilt beyond a reasonable doubt makes successful framing harder, especially if the true criminal also left identifiable DNA at the crime scene. ‘In any event, if the possibility of tampering with or misusing evidence were sufficient to deny its use, there is very little evidence that would ever be admissible’.[70] Framing already occurs, both with DNA and otherwise, so concerns about framing do not justify withholding from law enforcement the gold standard of identification to assist in solving and preventing multitudes of crimes.
False Identification
Some opponents also worry that innocents could be falsely identified as suspects because of errors in the universal database, false matches, or misinterpretations of the implications of finding DNA at a crime scene.[71]Adopting universal standards for laboratories would help minimize the risk of erroneous profiles. And if an innocent is incorrectly identified due to an error, a new DNA sample can be obtained to correct the database and exonerate the falsely identified individual.[72]Similarly, if an innocent's valid profile matches the CODIS loci of a crime scene sample, but the DNA found did not belong to the innocent, a new sample can be taken and examined beyond the CODIS loci, using strict privacy-protecting guidelines, to demonstrate a false match. Such errors are unlikely to occur, however, because there is only a one in one billion chance that ‘two unrelated individuals will have DNA profiles that match at all thirteen loci’[73] and a universal database increases the confidence of matches by ruling out a larger percentage of the population.[74]Finally, the worry that investigators and juries will take DNA evidence as virtually conclusive evidence of guilt, and thus ‘may not look for the real perpetrator or may overlook other important evidence’,[75] also exists for some non-DNA evidence and independent of a DNA database expansion. Regardless, the proper training of investigators, a requirement for additional corroborating evidence to support an indictment, and the reasonable doubt standard of proof can all help prevent an innocent from being convicted based on the concerned false determination of guilt.
Putting the Privacy ‘Invasion’ in Context
Many people believe privacy no longer exists because we can be tracked by our phones and online activity, sensitive information is hackable, and our lives are highly visible through social media. In comparison, a universal DNA database that (a) contains only one millionth of our DNA useful for identification only and (b) employs multiple privacy safeguards cannot be viewed as more than a relatively minimal privacy invasion, especially when its societal value is considered.
How Much Privacy Could You Gain?
Contrary to popular belief, a universal DNA database could actually increase privacy by ending more intrusive investigative techniques, reducing crime, and decreasing false convictions. This part will explain how ‘innocents are far more likely to be burdened by suspicion and false accusation’—and privacy invasions—‘if we lack a comprehensive DNA identification database than if we use one’.[76]
Reducing Retrieval of ‘Abandoned’ DNA
DNA evidence is often unidentifiable because current databases contain profiles for criminals only after they are caught. To help identify DNA, police retrieve ‘abandoned’ DNA of suspects through stalking and trickery because ‘we cannot refrain from leaving our DNA everywhere we go’.[77] Police will, for example, trick suspects into mailing a letter to obtain DNA from the seal,[78] or even more concerningly, will follow suspects until they can obtain DNA from something the suspect has discarded.[79] Both these methods of retrieving abandoned DNA are legal,[80] and neither requires a legal justification.[81]Such techniques are far greater invasions of privacy, and far closer to ‘surveillance’, than automatic computer searches of partial DNA profiles that, contrary to abandoned DNA, cannot be tested for sensitive information. Establishing a universal DNA database would protect individuals from these privacy intrusions by rendering the practice unnecessary.
Reducing Use of Electronic Medical Records as a De Facto Universal Database
Law enforcement also uses electronic medical records as a de facto universal database. For example, law enforcement caught a serial killer by obtaining his daughter's Pap smear.[82]Health care providers may legally disclose a broad array of basic demographic and health information to law enforcement, ‘including name, address, Social Security number, blood type, date of treatment, and a physical description’.[83] Law enforcement can obtain even more information about a patient with a court order, grand jury subpoena, or an administrative request.[84]Using medical records as a de facto universal DNA database provides law enforcement with far more sensitive information than CODIS markers would—sometimes about innocents under no suspicion. A carefully constructed universal DNA database would protect private medical information from such disclosure.
Reducing Invasiveness of Police Investigations
A universal DNA database can also reduce the invasiveness of investigations by ending the need for ‘dragnets’ and ‘familial searching’ to narrow suspect pools.In a dragnet, police ask individuals in certain groups to provide ‘voluntary’ DNA samples to exclude themselves as suspects.[85] Such dragnets are ‘highly inefficient’[86] and ‘entirely ineffective’,[87] but approached individuals are virtually required to submit to the dragnet's hassle to avoid stigmatization.[88]In ‘familial matching’, investigators look for a familial match in a DNA database to unidentified DNA evidence. This practice ‘cast[s] a cloud of suspicion over the entire family unit based on the criminality of one or more family members’,[89] and causes innocents’ privacy to be invaded merely because of their believed familial connection to a suspect. The individuals investigated as a result may not even be related to the true suspect; ‘familial matching’ is based on ‘tenuous or tentative mathematical assumptions’.[90] Familial searching also disproportionately invades the privacy of certain racial and ethnic groups that are disproportionately represented in current databases,[91] ‘exacerbat[ing] disparities … that exist in the criminal justice system’.[92]The invasiveness, ‘inconvenience, humiliation, and expense’[93] of these techniques, and their racial implications, would disappear if a universal DNA database existed.[94] Universal DNA databases are thus a ‘win-win situation’[95]: law enforcement can more efficiently and accurately identify suspects, and innocents are protected from intrusive searches.
Exonerating the Innocent
A universal DNA database can reverse and prevent false convictions, along with the privacy, freedom, and dignity harms caused by false conviction. To the 350 innocents DNA evidence has already exonerated,[96] ‘the value of a DNA database is beyond measure’.[97]
Deterring Crime
Finally, a universal DNA database could increase safety and privacy by deterring crime. ‘DNA is five times as likely to result in identifying the suspect compared to fingerprints’.[98] Increasing the chances criminals will be caught and punished deters[99] first-time crime and prevents serial crimes. Hence, a universal DNA database should be appealing even to those concerned about privacy invasions.
Conclusion
A properly constructed universal DNA database would pose only a minimal invasion of privacy. In return, it would decrease crime, reverse and prevent false conviction, make investigations more effective and efficient, and protect against far more invasive investigative techniques. A universal DNA database should be viewed as a way to protect ourselves and others, not as a ‘Big Brother’ invasion of privacy.