I recently presented a paper on Forensic genomics: kin privacy, driftnets and other open questions (co-authored with Lucia Bianchi, Pietro Liò and Douwe Korff) at WPES 2008, the Workshop for Privacy in the Electronic Society of ACM CCS, the ACM Computer and Communication Security conference. Pietro and I also gave a related talk here at the Computer Laboratory in Cambridge.
While genetics is concerned with the observation of specific sections of DNA, genomics is about studying the entire genome of an organism, something that has only become practically possible in recent years. In forensic genetics, which is the technology behind the large national DNA databases being built in several countries including notably UK and USA (Wallace’s outstanding article lucidly exposes many significant issues), investigators compare scene-of-crime samples with database samples by checking if they match, but only on a very small number of specific locations in the genome (e.g. 13 locations according to the CODIS rules). In our paper we explore what might change when forensic analysis moves from genetics to genomics over the next few decades. This is a problem that can only be meaningfully approached from a multi-disciplinary viewpoint and indeed our combined backgrounds cover computer security, bioinformatics and law.
(Image from Wikimedia commons, in turn from NIST.)
Sequencing the first human genome (2003) cost 2.7 billion dollars and took 13 years. The US’s National Human Genome Research Institute has offered over 20 M$ worth of grants towards the goal of driving the cost of whole-genome sequencing down to a thousand dollars. This will enable personalized genomic medicine (e.g. predicting genetic risk of contracting specific diseases) but will also open up a number of ethical and privacy-related problems. Eugenetic abortions, genomic pre-screening as precondition for healthcare (or even just dating…), (mis)use of genomic data for purposes other than that for which it was collected and so forth. In various jurisdictions there exists legislation (such as the recent GINA in the US) that attempts to protect citizens from some of the possible abuses; but how strongly is it enforced? And is it enough? In the forensic context, is the DNA analysis procedure as infallible as we are led to believe? There are many subtleties associated with the interpretation of statistical results; when even professional statisticians disagree, how are the poor jurors expected to reach a fair verdict? Another subtle issue is kin privacy: if the scene-of-crime sample, compared with everyone in the database, partially matches Alice, this may be used as a hint to investigate all her relatives, who aren’t even in the database; indeed, some 1980s murders were recently solved in this way. “This raises compelling policy questions about the balance between collective security and individual privacy” [Bieber, Brenner, Lazer, 2006]. Should a democracy allow such a “driftnet” approach of suspecting and investigating all the innocents in order to catch the guilty?
This is a paper of questions rather than one of solutions. We believe an informed public debate is needed before the expected transition from genetics to genomics takes place. We want to stimulate discussion and therefore we invite you to read the paper, make up your mind and support what you believe are the right answers.
@ Frank,
My first concern with forensics is the legal test for what is and is not allowed under a warrent less search.
Obviously it varies a great deal from jurisdiction to jurisdiction, (which brings up another issue) but in essence revolves around what constitutes “plain sight”.
Most agencies with statutory powers are pushing as hard as possible to weaken plain sight to the point it is effectivly meaningless.
In the “digital domain” it has been argued if it’s on a hard disk in any way shape or form it’s fair game, even if protected by passwords or rudimentry encryption (as in PKzip and early MS Word docs etc).
For instance in the UK the current political incumbarents are quite keen to make medical records available to all and sundry with only token limitations at best, and have tried some very heavy handed tactics when concerned individuals have objected to their medical records being put onto UK DoH mandated systems (as one of at least 20,000 people who had my records lost, even though I had expressly said I did not want them on the systems I feel agrived at the tactics used to my detriment).
Likewise if you have ever signed a private health care policy you have effectevly waived all privacy rights not just to medical but financial or any other records an associated organisation might wish to view either with or without notifing you (ie effectivly open access to all and sundry)…
When known to an individual these points alone might discorage them from having DNA tests over and above any fear about the colapsing of the probability bubble.
They might decide that perhaps (as in those with children who wished to avoide the MRSA jab) to go to another country within say the EU (on an E111/112) and have the testing performed there, thus seeking to put the test results outside of the jurisdiction they reside in.
Which brings me onto my second concern, jurisdictional differences and cross jurisdiction legislation.
In some countries the “public view” criteria are considerably weaker than others, in the past this was of little concern as cross jurisdictional legislation was effectivly weak.
However in Europe the “European arrest warrant” has started a trend where by the weakest link jurisdiction can be used to effect bypass local jurisdiction limitations.
As an example the fairly well publisied case (due to Cheri Blairs involvment) of land held legaly in Turkish Northan Cypress by a UK couple. A Greek Cypriot business man resident in the UK who owned the land prior to 73 obtained a ludicrous judgment in a Greek Cypriot court, then used legislation to try and gain enforcment against the UK couple in a UK court (and nearly succeded).
I suspect that it will not be long before such tactics are used with DNA results, finacial records etc.
Thirdly I have real problems with the actual forensic analysis of DNA.
Several years ago I identified a weakness in the testing procedure that would enable a person with undergraduate skill level to effectivly contaminate a crime scene with another persons DNA.
On trying to gain expert verification of this weakness I was treated initially as though I was trying to “kill the goose that lays the golden eggs”. Then I was treated with ridicule, and eventually warned off. It was only a couple of years later that a researcher in Australia blew the lid off via ABC that anybody started to address the testing weakness (and it appears that most labs doing testing in the UK do not take the precautionary measures due to cost etc).
Over and above the three issues highlighted above are several other concerns that I have relating to the use of DNA testing. All of which relate to the way it is currently carried out.
I feel that addressing these issues is a nescasary early step on the path to solving the issues you have highlighted.
@ Clive (1):
your comments do a great job of highlighting how this complex issue can only be meaningfully discussed by adopting an interdisciplinary viewpoint. We won’t get anywhere if we consider only the technical privacy issues (anonymization, database encryption, hashing etc etc) without also looking at the system interactions with international law and the actual wet_science/biology/genomics involved.
Thanks for contributing to the debate. More discussion and awareness is just what we all need.
It appears they the ECHR agrees that keeping the DNA of inocent people on the “Criminal DNA DB” is a breach of human rights.
This sounds like one small step in the right direction, however I’m sure the UK Gov will find a way around it again…
I congratulate you all on an excellent paper.
At the end of your paper you rightly call for a public discussion of these issues. I agree with you, but I have found it difficult to get medical lawyers and bioethicists to even begin to think about the statistical and probabilistic problems you address in your paper. For example, last year in a “workshop” at the Centre of Social Ethics and Policy, University of Manchester, called to discuss the future direct and developments in medical jurisprudence, I made the suggestion that probability and stats will come to play an even more important role than it does today, and that, as in the 18th contrary, jurisprudence will be increasingly influenced by these disciplines and will, as before, influence them. All the Centre’s medical law and ethics professors were present, plus other academic staff and postgrad students, but none of them accepted the possibility of any influence or change on medical jurisprudence from the direction I identified. Indeed, one medical law prof did not believe an English judge would be able to understand or be interested in the finer points of probability theory. There is a possibility she is correct, but that is in itself a problem.
@ Keith Tayler,
“Indeed, one medical law prof did not believe an English judge would be able to understand or be interested in the finer points of probability theory. There is a possibility she is correct, but that is in itself a problem.”
This is indeeed a very sereious and significant problem.
Judges are trained in law which contains a small degree of logic but little else to connect it to the scientific disiplin.
On the face of it, it is also unreasonable to expect either the judicuary or legislature to become experts in any or all scientific fields.
Which is the current view and hence the way things are with “expert witnessess” who effectivly present what would otherwise br “hearsay” as “evidence”.
As has been noted by several scandels with regards to “expert witness” statments it is a difficult area at best whilst also being a moving target.
In an area I work in (comms) there is European legislation about what can and cannot be sold and to whom and how. Unfortunatly the UK implementation via SI’s is at best ambiguous and referes back to the EU Directive which is likewise ambiguous in terms and definitions on things as simple as what constitutes “manufacture” as a process or entaty.
As has been seen this has alowed Civil Servants that are clearly and publicly failing in their duties to use the legislation in a way it was never intended to be use and to effectivly tell the judge things they know to be untrue.
Unfotunatly the judge has no way of determining which expert witness is telling the truth and which is not. It comes down to “credability” and on that score the judge will almost invariably side with the “establishment” (to frequently incorrectly).
This is an extreamly detrimental situation especialy when some cases are effectivly held away from the public view (Official Secrets / NatSec, Family law, Sex Offenses, etc).
Further judges are alowing the civil servants to missuse other “new legislation” such as the gateway protocols for “bad charecter refrences”.
This weakens the public trust in the law and it is something that is overdue to be corrected.
As has been noted on many occasions “justice has to be seen to be done” which means it must be comprehensable and explainable not just to the “tribunal of law” and “tribunal of truth” (if there is one) but to all who participate in the procedings or have an interest in them.
Evidentuary burden is difficult at the best of times and needs to be crystal clear for a valid judgment to be obtained.
What we do about it is a question that has not even crossed the horizon with the legislature who’s current focus appears to be “justice on the cheep” preferably with defendents unable to defend themselves at public cost.
And this alone is against the interests of justice where you have the state with (effectivly) unlimited resources prosecuting those with little or no resources and therfore ability to defend themselves.
Therefor I suspect the law proffesor is correct the judicery and legislature will collectivly put their heads in the sand and fail to address the issue before it damages the judicuary or legislature beyond measure.
I agree. The situation is not helped by the failure of bioethicists who fail to move outside their comfort zone. I do not believe it is possible to do bioethics in any meaningful sense without an understanding of probability and stats., and that means an understanding of all the theories, not just those that are now in fashion.