The march to mandatory, nationwide DNA databases picks up pace around the world

Posted on Apr 3, 2019 by Glyn Moody
Share Tweet Plus

DNA is without doubt one of the new frontiers for privacy – and for the loss of it. As we wrote last year, genetic privacy is becoming a thing of the past thanks to relatives using DNA testing services. Drawing on this new pool of genetic data, police forces are starting to apply big data techniques to DNA sequences in order to resolve cases – sometimes long-standing ones. Given this power of DNA to pinpoint criminals, it’s no surprise that there have been calls for everyone’s DNA to be collected and stored permanently in order to facilitate the fight against crime. That’s been feasible for a while, but so far no government has gone ahead and created a mandatory nationawide DNA database. In 2016, Kuwait announced plans to require DNA from every citizen and visitor, but later backtracked on the idea. Now Kenya says it wants to try:

Last month, the Kenya Parliament passed a seriously concerning amendment to the country’s national ID law, making Kenya home to the most privacy-invasive national ID system in the world. The rebranded, National Integrated Identity Management System (NIIMS) now requires all Kenyans, immigrants, and refugees to turn over their DNA, GPS coordinates of their residential address, retina scans, iris pattern, voice waves, and earlobe geometry before being issued critical identification documents.

As the article on Mozilla’s blog indicates, not content with gathering DNA, the new law will also require people to provide their “earlobe geometry”. That’s an extreme requirement of such limited utility – how often will it be used? – that it seems likely the politicians drafting this law just threw in every biometric they could find, and never mind whether it was sensible or useful. An ID card is indispensable in Kenya: without it, an individual cannot vote, purchase property, access higher education, obtain employment, access credit, or use public health services. That means people will have little choice about whether to hand over this extremely personal data.

The Mozilla blog post points out some serious problems with this proposal. It conflicts with Kenya’s new Data Protection Bill that is working its way through the legislative system. A centralized database of valuable personal information creates huge security vulnerabilities. Moreover, once biometric data is exfiltrated by criminals or state actors – as will inevitably happen at some point – it cannot be changed, for obvious reasons. There’s the concern that the data will be used for surveillance purposes, adversely affecting freedom in the country. And finally, there’s a local twist in that there are many dozens of ethnic identities in Kenya – more than one hundred, according to some definitions. As a result, ethnic identity is highly politicized, which means the information contained on the centralized biometric database could be abused by politicians to target rival ethnicities.

Although Kenya’s plans for a mandatory DNA database seem the most extreme, Rwanda too is aiming to collect genetic samples from all of the country’s 12 million citizens. That’s particularly troubling given the ethnic rivalry between Tutsi and Hutu peoples that resulted in hundreds of thousands of the Tutsi population being slaughtered during the Rwandan genocide. But it’s not just in Africa that there’s pressure to bring in DNA databases for people who have not committed any crime. Arizona is also mulling a mandatory DNA database:

In Arizona this week, a state legislator named David Livingston stirred a controversy about DNA that may be a portent of privacy nightmares to come. A law he proposed would have forced many residents to give samples of their DNA to a state database, to be stored with their name and Social Security number.

The scope of the proposed database has now been scaled back, but the impetus to have one is clearly there. It is likely to spread thanks to a new generation of small, quick and low-cost DNA sequencers that can be installed in police stations and run by officers, as this New York Times story explains:

in early 2017, the police booking station in Bensalem became the first in the country to install a Rapid DNA machine, which provides results in 90 minutes, and which police can operate themselves. Since then, a growing number of law enforcement agencies across the country — in Houston, Utah, Delaware – have begun operating similar machines and analyzing DNA on their own.

Consent is needed to take samples for sequencing, but amazingly, 90% give it when requested: “Asked why so many people would consent to give DNA, [the director of public safety for the Bensalem police] said: “I have no idea. But criminals do stupid things.” The availability of machines that can be operated by the police is likely to encourage novel uses for DNA sequences. For example, in Dallas, sex workers are being asked to provide their DNA for a rather gruesome reason: they are much more likely to be victims of murder – 60 to 100 times more frequently than for other women. Police are worried about unidentifiable dead bodies that turn up by the side of the highway. Providing the DNA would allow sex workers’ bodies to be identified more easily – helpful for the police, but only a minor consolation for victims.

As an article in The Atlantic on the topic notes, although the motives behind collecting sex workers’ DNA pre-emptively seem legitimate, it’s clearly something that the people involved may have qualms about. Handing over your DNA to the police is giving them the perfect way to track you. It potentially provides highly personal information about your origins and health conditions. And the nature of inheritance means that you are also handing over partial information about close and even distant relatives.

One of the most troubling aspects of this situation is the fact that DNA is increasingly being gathered without proper debate. And yet the privacy implications of this move are serious, and will become more so as sequencers are developed that are smaller, easier to operate, and cheaper. The day when police officers will carry pocket-sized systems capable of analyzing DNA in a few minutes out on the street, and then checking results against multiple national and even international databases, is not far off.

Featured image by US Air Force.

About Glyn Moody

Glyn Moody is a freelance journalist who writes and speaks about privacy, surveillance, digital rights, open source, copyright, patents and general policy issues involving digital technology. He started covering the business use of the Internet in 1994, and wrote the first mainstream feature about Linux, which appeared in Wired in August 1997. His book, "Rebel Code," is the first and only detailed history of the rise of open source, while his subsequent work, "The Digital Code of Life," explores bioinformatics - the intersection of computing with genomics.

VPN Service