Report warns of dangers of UK's DNA database

Learn what it was that you had to hide

  • alert
  • submit to reddit

SANS - Survey on application security programs

In addition to "sleepwalking towards a surveillance society" via the ID scheme, the UK is snoozing nearer to a Big Brother state, with the aid of the National DNA database, according to a new report by GeneWatch UK. The Home Office has ruled out adding DNA data to the biometrics to be held on the entire population via the ID scheme, but the data which is being collected for the Police National Database already makes it one of the most substantial DNA databases in the world, it's growing fast, and it's possibly significant that the Home Office has stressed that it can't bind future administrations to keeping DNA out of the National Identity Register.

ID scheme-related research has indicated that the population, while knowing very little about it, supports the idea of everyone's DNA being collected. The police database, however, can grow substantially for quite some time without being compulsory, both because DNA data is a useful crime-fighting tool (hence public support), and because of the growing opportunities for DNA sampling that have been created through a series of legislative changes. Genewatch accepts the usefulness of and need for a database, but argues that it needs to be operated within limits and with adequate safeguards and supervision. 'What have you got to hide?', as they say. Well, one of the things about DNA is you don't necessarily know that. Yet.

There are currently 2 million records in the police database, and this is expected to expand to 5 million following the most recent changes in the law. DNA can be taken from those arrested, and retained permanently even if they're not charged or found guilty, and the collection of scene of crime samples is also a valuable mining area. In the case of arrests, you could see situations where large numbers of demonstrators are arrested then released without charge (this happens fairly often), but have their DNA added to the database anyway. The state of play with scene of crime samples is that they are collected with the consent of the subject, who is given a choice of having the data used for the particular investigation and destroyed afterwards, or having it permanently added to the database. Those involved are generally pleased to cooperate, but GeneWatch warns that they don't understand the full implications of irrevocably committing the sample to the national database.

And there are also examples of pressure, amounting to blackmail, on people to 'volunteer.' During a rape investigation in south London, for example, a Met detective wrote in a letter sent out to the local population: "Consider that the suspect is likely to refuse to provide a voluntary sample; catching him will be far easier if he is the only one." Which is of course true, but one might feel just a little pressured. If one didn't, one might then take "I will be reviewing the circumstances around your refusal and will notify you of my decision" as being somewhat more menacing.

Even without that last bit of menace, area population samples accompanying high-profile investigations will add large number of entries, many of them permanent, to the database.

Errors and false DNA matches have led to miscarriages of justice, and these can create major difficulties for those wrongfully convicted because, like fingerprint evidence, DNA is widely regarded as absolutely conclusive, meaning that those without strong alibi evidence will tend to be presumed guilty. At the moment the DNA database itself can be viewed largely (but not entirely) as a growing suspect list that is mainly used to check samples from new and unsolved crime, but the existing data can be (and has been) used for broader purposes, and the UK practice of retaining the sample as well as the data allows it to be used for further testing for other purposes as the science develops.

We're seeing glimpses of what is possible with familial testing, which establishes links to family members where the suspect's DNA might not be on the database, and although the first instance of this was viewed as a coup, if used widely the procedure would find relatives you didn't know about, and reveal that people weren't related to the people they thought they were. So what have you got to hide? You don't know, and maybe you don't want to know.

Another 'breakthrough' last year involved DNA profiling which was claimed to establish a suspect's origins, based on his DNA, as being from the Caribbean. Police even attempted to drill this down as far as a particular island, although the Florida company which carried out the analysis said that while DNA might be used indicate broad ethnic ancestry, it wasn't possible to say that an individual came from any particular country. This particular instance, however, serves to illustrate what police think DNA can or will be able to do, and the police's view of the database as a resource that can be mined in growing and novel ways.

In the near future mobile scanners, which can generate results in 15 minutes, will come into use, prediction of ethnicity may become feasible, as could predicting health and general appearance. Various studies have claimed to have found genetic links to traits such as homosexuality, aggression, depression or addictive personality, and while GeneWatch notes that none of these studies has stood the test of time, the quest for the criminal gene holds obvious attractions for the forces of law and order. With predictive profiling, says GeneWatch, "a major concern is that the police could misinterpret such DNA evidence as a certainty, whereas the tests can really indicate only a probability."

And although the National Identity Register will not, at least initially, hold DNA records, there are other current and planned DNA databases, and these can be matched across databases by any organisation with the clearance to access them. There has, for example, been discussion of the possibility of profiling DNA at birth and storing this on the individual's NHS electronic health record. This would ultimately produce a complete national database, and given the current government's record on 'balancing' privacy against security, it is by no means inconceivable that the police would be allowed to access such a resource. We can be even less sure about future governments.

GeneWatch recommends the creation of an independent body to govern the use of the database, the destruction of DNA samples after the completion of investigations, an end to the practice of allowing genetic research using the database (the Forensic Science Service, which until the recent addition of private contractors, carried out all the testing is now itself being privatised), and independent research into the effectiveness of database in tackling crime, and the implications of new technologies. It opposes the expansion of the database to include the whole population, warns of the dangers of permanent storage, and calls for a public debate. Well worth reading in full, here. ®

Related links:

UK police fingerprint system collapses
Delete records, or profile the whole UK, says DNA print pioneer
Police to retain DNA records of cleared suspects

3 Big data security analytics techniques

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
prev story


Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.