Computers, Privacy & the Constitution

The Privacy Threat of Law Enforcement Use of Genetic Databases

-- By TerryWong - 13 Mar 2020


For around $100, you can spit in a tube, send your sample to a testing center, and receive ancestry and trait information generated from your genetic code within days. The only other cost is giving up nearly total control and privacy to your genetic information. Despite the substantial—and increasing—potential of DNA to reveal deeply personal insight into the biological makeup of an individual, tens of millions of individuals have been allured by direct-to-consumer (DTC) genetic testing (GT) companies into thinking that this is a fair deal or forced by the government to do so as an arrest procedure. These practices have resulted in the establishment of extensive genetic databases that when created or exploited by law enforcement leads to serious threats to and violations of individual privacy, justifying the need for increased protections.

Genetic Information Databases

In the age of big data, technological advances have provided for the rapid, widespread, and low-cost collection, testing, and storage of genetic information. Similar to the digitization of other health records, the electronic storage and processing of genetic information has also made remote access and searching quick and convenient.

In the private sector, these capabilities have given rise to a rapidly expanding industry of DTC GT, estimated to reach around 100 million people by 2021. Consumers benefit by learning about their ancestry and genealogy as well as medical predispositions to debilitating conditions. These informational insights, however, are not sheltered from law enforcement. While consumers are giving their genetic codes to commercial entities, they should not be automatically forced into also making them available to further law enforcement investigations.

The government has also taken on its own initiative to create genetic databases by freely collecting and keeping the DNA of individuals arrested of crimes—whether or not they are subsequently convicted—as well as non-US citizens detained at the border. This practice has been endorsed by the Supreme Court in Maryland v. King (2013) and the Ninth Circuit in Haskell v. Harris (2014), under justifications that it is essentially no different from collecting fingerprints. It was determined to be valid under standard arrest procedure and required no warrants. Beyond exemplifying the failure of the Fourth Amendment to effectively protect individual privacy, the legal treatment of genetic information should be reconsidered in light of privacy threats arising from the indefinite storage and novel uses of genetic information extending beyond simple identification.

Consequences of Government Access

The current legal treatment of genetic information is misguided because this information is substantially different from other types—i.e., biometrics—routinely collected and exploited by law enforcement. The combination of genetic information’s characteristics of informational richness, perceived sensitivity, and immutability both substantially increases its value and its accompanying privacy risks. As private and public entities capitalize on novel methods of capturing genetic insight, proper protections must be put in place to limit violations of individual genetic privacy.

Currently, genetic databases are primarily used by law enforcement to search for persons of interest in furtherance of criminal investigations. At first glance, this practice appears largely similar to searching fingerprint databases, but it is actually functionally different in a number of ways. The government is able to access much larger portions of the population through commercial DTC GT companies—an occurrence of which is absent with other types of biometrics, as there are few incentives for their largescale collection by private companies. The ability of DNA to reveal insight into the genetic makeup of relatives also significantly expands the pool of individuals implicated in searches of genetic databases. For example, the government has engaged in the practice of familial searching in which one DNA sample is used to identify family members.

These circumstances make it so individuals associated with genetic databases—whether through private sector or government collection—could in a sense be forced to serve as genetic informants, unwittingly having their information used to further criminal investigations. This is especially problematic with familial searching, as one family member could be used to further an investigation against their relatives without their consent. Additionally, further privacy threats to family members could be created by one individual’s DNA subjecting an entire family to becoming suspects or targets of a criminal investigation. If left unchecked, the potential of DNA to reveal insight into both the sample’s owner and their relatives, in combination with the rapidly expanding nature of the DTC GT industry, could further result in genetic databases effectively approaching a government-accessible, population-wide registry.

The potential for the government to expand its use of DNA beyond identification purposes also creates substantial privacy threats. The fields of behavioral genomics and predictive modeling are advancing with technological developments to the point that their use by governments is no longer an abstract idea limited to science fiction movies like Gattaca. For example, a court in Italy previously reduced a jail sentencing partly due to the defendant having genes linked to violent behavior, allegedly affecting his culpability. Instances of similar use have also arisen in the context of criminal investigations. Privacy protections are needed so genetic profiles are not used for additional law enforcement actions, such as preventative detention or protective custody.


While some federal laws recognize genetic information’s potential of misuse and the need for greater privacy protections, the laws are largely outdated or not sufficiently tailored to threats arising in technological contexts. For example, the Genetic Information Nondiscrimination Act (GINA) provides heightened protections to prohibit discrimination, but is largely limited to health insurers and employers. Additionally, the Health Insurance Portability and Accountability Act (HIPAA), while primarily directed at medical insurance underwriting, contains some privacy protections and limitations on the transfer and access to protected health information (PHI), including genetic information. However, neither act extends to DTC GT companies, leaving the door open for law enforcement to survey their genetic databases. As such, the need for genetic privacy protections must be properly recognized, and legislation should be passed to limit law enforcement’s access and use of genetic databases.

You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.


Webs Webs

r1 - 13 Mar 2020 - 21:16:21 - TerryWong
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM