The creation of a nationwide DNA database containing DNA
from every citizen pursuant to a mandated collection is not sound policy. DNA is unique in the fact that it is
arguably impossible to de-identify,
thus it is quite distinct from general medical records, financial records,
government records, and educational records that can, and are, de-identified on
a regular basis. Thus, DNA requires
additional protections. Moreover,
like the prior mentioned records, and to a greater extent, DNA or genetic
information has been granted a variety of protections from congressional acts
and agency rules. This has led to
an expectation that our DNA is deserving of privacy protections. The fact that it is so valuable to
research or law enforcement does not outweigh individual privacy considerations
of DNA information; therefore a National DNA database is not sound policy.
Privacy Protections
There
are many laws in place to protect the information that is found in our
DNA. The following is a
non-exhaustive list of laws and regulations addressing the privacy concerns
surrounding DNA and Genetic information.
This blog post will not discuss at depth the implications of these laws
and regulations related to a National DNA database. The explanation of these laws is to make the point that
these laws have helped to create an expectation of privacy regarding our DNA
and genetic information. Therefore,
creating a DNA database is not sound policy because it would violate our
reasonable expectation privacy concerning our DNA and genetic information. Thus under the Katz test a
DNA database should be a violation of our privacy.
Genetic
Information Nondiscrimination Act (GINA) was passed by congress in 2008 to prevent genetic discrimination
against individuals in employment and health insurance.
Health
Insurance Portability and Accountability Act (HIPAA) was passed in 1996 to protect medical records and other health
information. HIPAA applies to health
plans, health care clearing houses, and health care providers.
The
Freedom of Information Act (FOIA)
was passed in 1967 to allow citizens to access public government documents,
however FOIA does not contain a specific exemption for genetic information,
however it does exempt
information that clearly constitutes an unwarranted invasion of personal
privacy. The National Institute of
Health (NIH) is the primary agency in charge of Bio-medical and health-related
research. NIH operates a research
facility and also is charged with distributing funds to other research entities
like universities. NIH has promulgated a data sharing policy
to address the concerns surrounding DNA and genetic information privacy.
As
stated above this is not an exhaustive list of law and regulations that support
a sense that our DNA and genetic information is private, but shows how the
government has taken steps to ensure that our DNA is protected.
Privacy Concerns
The
privacy concerns of a Nation wide DNA database are many. Some likely concerns include: how will
the information be collected; how long will the DNA be stored; who will have
access to the database, and what can they access it for; and how will the
administrators of the database ensure that the information is accurate.
Mandated
collection of DNA from every citizen is in opposition of the values expressed
in the fourth amendment, namely, freedom from unreasonable searches and
seizures. The DNA collection of
honest, law-abiding citizens would no doubt be an abhorrent practice to the
founders of this country. Along
with the constitution, the government has taken steps to protect our privacy as
evident from the sample of laws mentioned above. The result of passing such laws gives Americans the
impression that they are justified in expecting privacy when it comes to their
genetic information. Surely anyone
who understands the significance of DNA and how it can be used would at least
have some reservations about handing it over to anyone, including the
government.
There
is a practice that is being used by law enforcement all over the world called
DNA dragnets. DNA dragnets are
when police enter an area where a crime (typically a murder or rape) has
occurred and ask for volunteer DNA samples from all persons in the suspected
class. Canadian police in a remote
town recently engaged in the largest DNA dragnet in Canadian
history. The practice of DNA
dragneting is not technically a mandated collection of DNA but some have argued
that it amounts to such because refusing to give a DNA can spark suspicion that
can lead to a search warrant being
issued. This happened in a
2003 rape and murder in Louisiana where an individual refused to provide DNA
and the police obtained a warrant to collect his DNA, the case went to the appellate
court and the court found the warrant was not supported by probably cause. For a summary on DNA dragnet click here.
One
of the main areas of concern regarding DNA collection practices by law
enforcement centers around when the collection can take place. Some have argued that collection upon
arrest is inappropriate because of the presumption of innocence. Some have
argued that it should only be done upon conviction. However, recent court cases show a trend toward allowing DNA
collection at earlier and earlier times.
For a discussion on these recent cases click here.
Another
concern about DNA databases is the retention of the information. Most states have enacted evidence laws
to specify under what circumstances DNA can be collected, how long it is preserved,
and rules addressing other concerns.
These laws deal specifically with DNA collected as part of criminal
investigations. A Federal DNA
database, if created, would clearly need its own set of rules addressing
privacy concerns.
One
other concern about DNA collection by law enforcement is the effectiveness of
mass DNA collection. Time, money,
and efficiency have all been called into question particularly with respect to
DNA dragnets.
The
access and use of a Federal DNA database is another valid concern. DNA can be used to uncover so much
information about us; this is what makes it so useful to research and yet
potentially harmful to our privacy.
A perfect illustration of this occurred in the Grand Canyon, in
1998. Seem strange? In 1998 the Havasupai Tribe and Arizona
State University undertook to link a type II diabetes epidemic within the
isolated tribe to their genetic makeup.
The research did not provide any evidence of a connection between
diabetes and the tribe’s genes.
However, the researchers retained the information gathered and used it
for several other research endeavors that the Tribe was not
aware of. The tribe sued
Arizona State University in state court under several theories arguing that ASU
invaded their privacy.
This
case illustrates the very real potential for violations of privacy in the use
of DNA. While it is not likely
that the researchers acted with malicious intent to harm the tribe, their
actions were offensive to the tribe.
This type of invasion of individual privacy could easily happen to
anyone if the government created a national DNA database,
Conclusion
The
risk of abuse, whether by use of DNA beyond the scope of consent, or by law
enforcement in an manner that would violate our constitutional rights would be
increased if the government created a national database containing the DNA from
all Americans. Along with each individual’s
own sense of personal privacy, the government has passed laws protecting our
genetic information that has increased our awareness of the need for privacy
concerning our DNA. A reviewing court
could easily find that under Katz v United States, the creation of a
nation-wide database would violate our privacy. This supports the position that
the government should not create a National Database because the collection and
use of our DNA would de in direct conflict with our privacy and laws designed
to protect it.
DNA collection in the criminal context is appropriately guarded by the 4th Amendment. In my opinion, Maryland v. King did not overstep bounds because it authorized collection only from convicted criminals. In deciding whether such criminal laws make sense, courts consider the "weight of the governmental interests and privacy considerations to be balanced in determining constitutionality under the Fourth Amendment.” (People v. Buza) In this way, collection of DNA in the criminal context seems to merit the risk to privacy for the sake of the public good. Remember also that DNA profiling isn’t just used to convict criminals—it is also used wisely to exonerate people who are innocent.
ReplyDeleteHowever, somehow DNA collection in the criminal context has evolved to collecting information from a much wider group of (innocent) people. A law that can require collection from just anyone definitely seems to overstep constitutional bounds. Even if consent were required in order for an individual to participate in such a database, most people would likely still be concerned, given the highly private nature of the information and the risk of data breaches and abuse.
Furthermore, a DNA profile is one thing--it provides (relatively) little information about someone. But to store samples of DNA is a much riskier endeavor. DNA profiles are not based on the whole sequence of someone’s DNA, but a DNA sample provides access to the full picture. The sample contains information that can reveal a person's ethnicity or how susceptible they are to disease, etc. In this way, the risk of a data breach is potentially high. DNA is a highly informative biometric. Unlike fingerprints, which can simply identify an individual, DNA profiles and, even more so, DNA samples provide access to highly private information.
Finally, the incidence of DNA databases is rising in other countries--therefore, the potential for cooperation and sharing of data between international police forces would increase.
In sum, I think a DNA database storing profiles of innocent people or, even worse, samples of DNA infringes upon privacy rights in a way that is not outweighed by social benefits such as the prevention of crime.
I agree with Mike that a national DNA database would not be sound public policy. Because of the large amounts of information, some of it potentially sensitive, that can be gleaned from DNA, it should not be collected absent some compelling justification. One of the dangers with DNA collection is that new discoveries are still being made as to what information can be gleaned from a person’s DNA. Twenty-five years ago, the concept of a gene marker for obesity, or being an early riser, or a thrill seeker were outside the general public knowledge of what could be ascertained from DNA (no doubt geneticists in a lab were doing research and may have known this). Today, we have a better understanding of how much information is contained in DNA, but there is probably much more that will be learned in the future. To base a policy on the collection of a substance we are still learning about could lead to unforeseen consequences.
ReplyDeleteIn cases of criminal convictions, the compelling interest of solving crimes would justify its use, but to cast the net of DNA collection across the entire population (or even to arrestees) would impermissibly invade on numerous privacy concerns. I would disagree with extending the collection of DNA to the arrest phase (as in Maryland v. King) because that would involve collecting DNA on those innocent of any crime. DNA is not merely the twenty-first century version of a fingerprint. Fingerprints can only identify, granted the system they are entered into also records other information such as height, weight, eye color, etc. There is much more information that can be taken from DNA. Because so much more information is at stake, DNA should only be collected if someone is actually convicted of the crime.
[comment length exceeds limit: part 1 of 2]
ReplyDeleteI agree with the general privacy concerns expressed by Mike, Angela and Laura regarding a national DNA database of samples collected from every citizen, and the Fourth Amendment implications in particular. A mandatory national database of anything seems problematic from a privacy standpoint, and I have similar concerns about mandatory databases owned by individual states as well. Whereas discussion on this topic is often framed in the context of use-cases in criminal law being extending to the population at large in terms of DNA sample collection, as the preamble to the question indicates, some of the more concerning privacy aspects of a national DNA registry might be inadvertently coming to fruition through the beneficial practice of collecting dried blood spots for newborn screening.
Many states have implemented mandatory newborn screening programs that do not require parental consent and make it difficult to opt out of those programs and difficult to request the destruction of these specimens after the results are available. Additionally, as this article ( http://www.newsweek.com/2014/08/01/whos-keeping-your-data-safe-dna-banks-261136.html ) describes, the dried blood spot specimen are preserved, and are available for secondary use like research. Additionally, programs like the American College of Medical Genetics’ Newborn Screening Translational Research Network ( https://www.nbstrn.org ) could allow for sharing data, while virtual repositories in some participating states could also allow access to the actual dried blood spots in certain cases, in addition to the data.
For example, Utah’s newborn screening program (see summary here: http://www.babysfirsttest.org/newborn-screening/states/utah ) mandates newborn screening without parental consent. The only allowed exception applies “…in the case where parents object on the grounds that they are members of a specified, well-recognized religious organization whose teachings are contrary to the tests required…” (Utah Code § 26-10-6). Under this narrow exception, an atheist or a person belonging to a non-mainstream religious sect, or a person who belongs to a non-organized religion (e.g. traditional African religions, Native American religions, majority of sects within Hinduism), who objects to neonatal testing for their child in Utah may not have any recourse. Since there is a strong correlation between indigenous beliefs in those religions and the race and national origin of the believers, the language of this exception could have broader implications in terms of protected classes like religion, race, national origin and color. Whereas the determination of actual harm could be fact-specific, depending on how the exceptions are actually granted/refused, the language of the exception itself appears “inherently suspect,” deserving strict scrutiny.
This comment has been removed by the author.
ReplyDelete[comment length exceeds limit: part 2 of 2]
ReplyDeleteWhy does the above analysis matter? Although neonatal testing is clearly beneficial to the child, and in Utah, the identifying information is removed from the blood spot card and maintained separately for about 22 years so that it “cannot be connected to the identity of the child” (presumably due to the removal of direct identifiers) without parental consent, the blood spot itself is available for secondary use. Additionally, Utah’s opt-out approach makes it difficult to have these specimens destroyed since the process involves filling out and submitting a form, along with a copy of the child’s birth certificate and a copy of the parent’s driver license, state-issued identification card or passport to the Newborn Screening Program office. In practice, how many parents would follow through this process to have those specimens destroyed, particularly during the period following child birth, where caring for an infant can take up a significant amount of their time and energy?
The practical implications of this statute is that in Utah, the child of a person whose beliefs are not aligned with an umbrella of a “well-recognized religious organization,” would be disproportionately subject to DNA collection and retention by the state, and indeed anyone who does not have the knowledge or the time to complete request for the destruction of the dried blood spot specimen (almost everyone) process may simply be submitting their child’s DNA to the state where it could be used for purposes other than the initial screen. As Mike noted in his blog post, a DNA sample is inherently not de-identifiable, so even the practice of maintaining direct identifiers separately from the specimen before making it available to researchers, while sound in principle, probably does not protect privacy. Whereas these state-based practices do not rise to the level of a National DNA Database today, absent statutes that would prevent the creation of a national DNA database in the future (at what point would a DNA database analog of a Driver License Compact that enables data-sharing across states come into existence) and also federally mandate a uniform and accessible consent and opt-out process for the secondary use of dried blood spot specimens collected during neonatal screening, state databases like the one in Utah might pose risks to privacy. Therefore, I believe that not only is a National DNA Database unsound policy but State DNA databases in their current form, are probably not that much better.
From my perspective, there needs to be a discussion about the substantive difference between having a person's fingerprint or otherwise identifiable information in a database. As Angela points out, stored DNA has the potential to perform desirable functions. The same cost benefit analysis that we do with other databases and actions that infringe on privacy should also be applied to DNA databases. If there are benefits associated with DNA databases that outweigh our privacy concerns, then I would be in favor of a DNA database. I imagine, however, that the risks that Vik points out may be too great to justify such a database, especially when there may be viable alternatives to achieve the same goals.
ReplyDeleteEven if a person voluntarily submitted their DNA to a database outside the criminal context, the same concerns we identified about consent within the context of ISP's and browsers are even more salient within the context of DNA. I doubt that a layperson (or even an educated person) could understand the practical risks and implications of a DNA database in such a way to make obtaining consent feasible or streamlined.
This comment has been removed by the author.
ReplyDeleteI agree with the general notion that collecting DNA on a wide scale creates constitutional issues with regard to the Fourth Amendment. I agree with Mike that DNA dragnets are problematic. However, a DNA data base could be used to locate people that might be guilty of a crime--such as getting the DNA from siblings as in CA, where the DNA of a suspect is unavailable--it also could be utilized to rule out potential suspects. The gathering of such DNA is incredibly troublesome, from (as Vik pointed out) gathering it at birth, to secretly collecting it from a local restaurant, the question remains whether or not there should be a uniform rule in the collection of our DNA. I find it troublesome that there doesn't seem to be a concrete standard for when gathering DNA is warranted under the Fourth Amendment. Although I can see the desire to gather the DNA at a crime scene from every person there; gathering data from every single person does seem to evade the any requirement for probable cause.
ReplyDeleteMoreover, there is a concern that officers will overstep--such as in the King case--the probable cause requirement where a person declines to voluntary give their DNA. One could make the argument that the collection of DNA upon arrest is not really any different than a fingerprint used to identify a person. This same logic could be used in the future as technology becomes more advance and DNA results appear instantly. To justify the need to take the DNA of everyone at a crime scene officers can claim they need to make sure they are taking into custody the correct people.