The head of the Hamburg Institute for Legal Medicine, Klaus Püschel, has called for the DNA of everybody in Germany – including tourists – to be collected and stored. As a story in the German news magazine Der Spiegel (Google Translate version) reported, Püschel wants this because:

“Then we can clear up crimes much faster and much better, because we can tell from whom every clue at a crime scene comes.”

This isn’t the first time that such a call has been made. Back in 2002, the inventor of DNA fingerprinting, Professor Sir Alec Jeffreys, said that collecting and storing everyone’s DNA would be the fairest system:

“If we’re all on the database, we’re all in exactly the same boat – the issue of discrimination disappears.”

Jeffreys was concerned about the fact that the genetic fingerprints – special regions of the DNA that can be used to identify people with a high degree of accuracy – of those suspected of crimes but later cleared were still being stored by the UK authorities. He believed this was discriminatory.

His idea of creating a DNA database for the entire population was not taken up, and the retention of the DNA profiles for millions of innocent citizens remained a serious problem in the UK. The battle to end the practice was taken to the European Court of Human Rights (ECHR), where the UK government lost. The ECHR judges ruled that keeping the DNA fingerprints of two innocent men “could not be regarded as necessary in a democratic society”. As a result, the UK brought in new rules that enable those not convicted of crimes to have their DNA fingerprints deleted. But the UK’s DNA database remains relatively large. In 2016, there were nearly 6 million records held – almost a tenth of the UK population. For comparison, the National DNA Index in the US has around 15 million DNA profiles – about 5% of the national population.

The proposal to create a DNA database of the complete German population is unlikely to come to fruition because of the country’s long-standing concerns about privacy. More concrete plans in Kuwait have already been watered-down for the same reason. Last year, Kuwait announced that it intended to collect the DNA of everyone in the country – including visitors – but this idea has now been scaled back.

The Kuwaiti authorities have not released any details of what precautions they will be taking to hold the DNA fingerprints safely, but Püschel has laid out his suggestions. Der Spiegel reports:

“According to the lawyer, the data should be stored in a completely safe place, ‘deep down in a mine’, and also completely protected against hacker attacks. Several judges should watch over access to the data, which are only to be disclosed in clearly defined cases, such as abduction, rape, murder and homicide.”

Hamburg’s data protection commissioner, Johannes Caspar, is not impressed. Despite the precautions Püschel would want to see, Caspar says that storing the genetic data of everyone is neither compatible with the presumption of innocence nor with the principle of proportionality. But Püschel insists the DNA fingerprint is “just a number”:

“There is nothing about our personality, no one knows what eye color you have or whether you have gray hair, they’re just like lottery numbers.”

He’s right: DNA fingerprints are just like hash codes – a unique but meaningless distillation of a much larger data set. That makes them easy to obtain – you only need to look at certain regions of DNA – and very cheap to store as digital data. But soon it will be feasible to sequence the entire human genome, not just the fingerprint, and to store the gigabyte or so of digital data that results (the human genome has around three billion chemical “letters”, using a quaternary rather than binary encoding system.)

The total cost of obtaining the first nearly-complete sequence of human DNA was around $750 million. Since then, sequencing costs have been falling dramatically – faster than Moore’s Law. Today, a person’s DNA can be sequenced for around $1000, and companies say they can get that down to $100 soon. It won’t be long before a full read-out of your DNA costs less then a simple blood test, and can be carried out using a portable device smaller than a smartphone.

Once that happens, the police will no longer need to keep tissue samples taken from people, along with the DNA fingerprint: they will simply sequence the entire DNA, which will be more accurate, and allow for matches in cases where the DNA found on a crime scene is partial or degraded. There will be pressure to do that because it will be much cheaper and safer to store petabytes of DNA data than to preserve millions of bulky and perishable physical samples.

Similarly, it will also become possible to sequence and store everyone’s DNA as part of their medical records. That would give doctors important insights into every person’s genetic and thus physical make-up. The benefits are clear. But as Rick Falkvinge noted last year, if genetic information has been obtained for medical purposes, the temptation to use it for solving crimes is almost irresistible for the authorities.

Once this happened, Püschel’s dream of a complete DNA database that could be used to solve crimes would be realized, but without the safeguards he recommends. It would not simply be the meaningless hash of DNA data, but the complete data set. That would not only reveal your eye color, and whether you have gray hair, but also some predispositions to medical conditions you might have. That could be deeply problematic. For example, imagine if opponents could point to genetic traits associated with a likelihood of physical or mental health problems in the DNA of top politicians or CEOs of major companies. Similarly, possessing the genetic code of everyone would also allow them to be cross-referenced to prove – or disprove – paternity and maternity. Discovering hitherto secret biological relationships in this way might make some people open to blackmail, or lead to marital breakdowns and suicides.

Another troubling possibility is that evidence could be faked. If somebody’s DNA sequence were available, it would be straightforward to synthesize strands of it, and then to plant them at the scene of a crime to be found by forensic teams. Because DNA matching is so precise, it would be very hard to convince the courts that the person concerned had not been physically present.

Finally, there are even more futuristic and sinister possibilities if full DNA sequences can be analyzed. For example, it would be possible to create genetically targeted bio-weapons that only work against the DNA of one person in particular, while leaving everyone else unharmed. To investigators, the illness or death of one person would simply seem to be due to an unknown factor, or just chance. The same technique could also be deployed for high-tech genocide by creating biological weapons that only affect a particular ethnic group sharing common genetic traits.

The central problem here is not the sequencing of people’s DNA, which is certain to become more common as costs plummet, but the creation of centralized stores of genetic data, for example by the police or as part of the medical system. As we know, there is no such thing as a secure database – even if it is airgapped, bribery and corruption of those with authorized access to it will always make it vulnerable. It may not be possible, or even desirable, to stop everyone’s complete genome being sequenced, but we must ensure that it is only ever stored in a distributed form that limits the harm when the most personal digital data of all – DNA – starts to leak, as it inevitably will.



[Privacy News Online]