Earlier this year, a 72-year-old former police officer named Joseph D’Angelo was arrested for a spate of rapes and murders attributed to the elusive Golden State Killer between 1976 and 1986. D’Angelo’s arrest has raised profound questions about ethical uses of DNA and how popular DNA testing and genealogical services can be used or misused without the user’s knowledge. Maria Armoudian speaks to Ellen Wright Clayton, Mark Rothstein, and Dennis McNevin about how DNA and other private data can be used and misused in law enforcement, healthcare and employment.
Ellen Wright Clayton is a Professor of Law at the Vanderbilt University School of Law.
Mark Rothstein is Chair of Law and Medicine and is the Founding Director of the Institute for Bioethics, Health Policy and Law at the University of Louisville School of Medicine.
Dennis McNevin is a Professor of Forensic Genetics in the Centre for Forensic Science at the University of Technology Sydney.
What prompted this particular panel was the news story about using DNA to track down the alleged Golden State Killer. And I thought that this opened up a whole range of implications both in the legal area, but also in the medical area, and the idea of discrimination based on DNA, and privacy concerns. I thought we should start with the use of DNA in law enforcement and see if we can understand how these are done. Dennis McNevin can you start us on this?
Dennis McNevin: The traditional use of DNA for forensic investigations has involved simply looking at genetic markers that are good at identifying people. They have no other value, they tell us a very little about the individual. And if there is a match between crime scene evidence and an individual that is either on a database or a suspect, then that is very strong evidence linking an individual to the crime scene. However, that is not always the case and quite often there is no match and that lead will go nowhere otherwise. And so there is a big push to try and extract more information from that DNA to tell us more about the person who left that DNA behind. And obviously with the Golden State Killer we have seen instances where the DNA that has been retrieved from a crime scene has been used to tell us more about the donor of that DNA, and in this particular instance it has involved uploading genealogy directly to consumer websites where relatives have been identified.
Mark Rothstein, I wonder if you might want to add to this.
Mark Rothstein: Well, there has always been an interest in expanding the capabilities of DNA forensics and we saw very recently how that might be done through indirect and familial searches. And in a case like the Golden State Killer all of us were pleased from a law enforcement standpoint that the possible perpetrator of these crimes was finally brought to justice after such a long period of time. But my concern is with the implications of this and how it might be extended to other cases, and I don’t think there has been adequate discussion of the due process and the privacy interests that we all have in balancing law enforcement with the rights of citizens.
Now I understand what actually happened in this case is that the law enforcement officers actually went into one of the genealogy databases and uploaded the DNA, and I think it was GEDmatch in particular which is founded by volunteers in trying to help people build their family trees, and that they were able to track down this killer based on DNA that his family members might have uploaded. What actually happened? Is this an accurate portrayal of what happened and what does that mean Mark Rothstein?
MR: Well I think that is a pretty fair summary. My understanding is that actually the link was made to DNA that was posted by a seventy-three-year-old man in Oregon who turned out to be his third or fourth cousin. And when that individual consented, they got his DNA and then they went through the family tree basically and developed a list of possible suspects. There is a second level of concern here and that is once they focussed on [Joseph] D’Angelo they obtained DNA from some unspoken unidentified refuse that he put out. It could have been a cigarette butt, a used chewing gum, or a variety of things that he discarded. And then the police tested that and they were able to get a complete match with the crime scene evidence. So I mean there are a whole series of concerns in terms of, not so much the legality, but the implications and the policy that we need to consider.
Well let’s start going through some of these implications. Ellen Wright Clayton let’s bring you in, why don’t you start us out down this line of implications?
Ellen Wright Clayton: Well one of the things about this case is that when you post your DNA it obviously implicates all of your biological relatives and that was how the match was made here. And so one question that you can ask is ‘Should you be able to post your DNA this way?’ In other genealogic databases you actually have to get permission from the person who was identified or who the match is made to see if they are willing to be in contact with you. What they did in this database was they put their DNA up there with a name and then you could easily trace the family from that. But one of the questions from a family perspective is should one family member be able to control what another family member does. And this is something that is both ethically and legally fairly problematic to say that because I don’t want you to identify me you can’t do with your DNA what you want. Now I think the ethical question you can ask is, is it appropriate to make a database like this where you don’t protect the identity of the person and so then it becomes fair game to identify everybody downstream.
It is a fascinating development with these genealogy databases because of exactly what you said, which is that should I not want my DNA shared but a relative has shared their DNA then I am automatically shared in some ways, is that correct Ellen?
EWC: That is correct and I will say there is nothing new about this. I mean there was a case many years ago in Sweden where the Swedish Prime Minister was killed and the perpetrator was identified by exactly this kind of familial tracing, in this case using a newborn blood spot. So there is nothing new about familial tracing, it is just that so many people are putting out so much identified DNA that the law enforcement can go after.
Dennis McNevin what would you add?
DM: I would support Ellen’s comment that there is nothing new about this. Familial searching has been occurring not just in genealogy DNA databases but also in criminal DNA databases where police are able to search against records of people who have been convicted and charged with a crime of a certain level of seriousness, and because of the high incidence of recidivism, some leads have been generated this way. I guess the other thing that we need to consider is that DNA is just one form of intelligence that leads police to suspects. So really social media is one of the first ports of call for forensic investigators these days. Facebook, Snapchat, Instagram, all those things leave a digital trace of your history and there probably is a lot more information about individuals on their Facebook pages than is attainable, at the moment anyway, from DNA and I guess we have to look at DNA as just another form of information about people. Now there is something that people hold sacrosanct about DNA, it is a little bit of a sacred cow, people do consider DNA to be off limits. However, the reality is that there is probably a lot more information about people on social media and people seem to be a little less concerned about police investigating Facebook pages, for example, to look at potential suspects and where relatives and social connections could just as easily be established.
Mark Rothstein would you agree with that assessment?
MR: I think that is right. Today people are putting all sorts of information about themselves, and by implication their loved ones, online in many cases for anyone to see. And in a case like this, the GEDmatch had this disclaimer on their website that said this is accessible to anyone and if you are not comfortable with that you shouldn’t put it up or you should take it down. Well the fact of the matter is that these sorts of warnings and disclaimers and consents people rarely read, they just sort of click through. We have become numb to these kinds of notices on the internet and I am afraid without much forethought. And this case, I think from an ethics and policy standpoint, is very important because it puts the issues right out in front of us and we would be wise to not just move on to the next item in the news cycle and spend some time trying to figure out how we want to balance the interests of society with the law enforcement.
I think there are other issues in addition to law enforcement – mistakes for example, but also some things that Ellen Wright Clayton has written about in terms of discrimination based on DNA, and also the issue of the possibility of DNA surveillance. Let’s start to break down what some of these worst-case scenarios might be and what we might think about in terms of prevention. Ellen Wright Clayton, now before we get into these concerns that you have raised I thought we could talk about that survey you did of these companies and what you have found about these companies who include the DNA of people who share other people’s DNA without consent. Can you walk us through what you have found on these various websites?
EWC: Well it is nothing short of amazing. We went through ninety privacy policies for direct to consumer companies, and although some of them are actually pretty strong, namely the ones you would think of, others of them simply say nothing, and then it turns out that more than half of the websites are actually for surreptitious testing to look at things like proving infidelity or proving lack of parentage, other things of that nature which are really designed to be very disruptive. First of all, obviously the person whose DNA is being stolen or submitted surreptitiously has no control over what is going on and the people who are doing the submitting have no earthly idea of what is going to happen to that DNA and what the results are going to be. So it really is the wild west out there. I think before we go on to the discrimination issue, I do want to make a point here that, at least in the United States, forensic DNA databases broadly overrepresent minorities and mostly minority males, and so there is not a chance in the world that Mr. D’Angelo a white former cop would have been in those forensic databases. And so there is an interesting thing here, at least in terms of a justice or discrimination concern, is that the only way they could have found him is by going through a genealogy database, which, by the way, are largely populated by people who are of Northern European ancestry. So I think that there is something really interesting here about the fact that the only way they could have caught him was by going through a genealogy database because our forensic databases wouldn’t have had him.
Now you talked about how this DNA can be misused and in particular with things like making sure you are covered medically and making sure you can have work. What about those issues?
EWC: I want to pick up on a comment that Dennis made earlier. We have some laws that are not very good that at least address that in the context of access to healthcare and access to work. Actually, Obamacare sort of solved that problem in the US, at least with regard to access to healthcare in a major way. But what I find interesting is that I would rather lose my DNA before a whole host of other information. If I lost my electronic medical record, if my finances got hacked, those things are much more worrisome to me than if someone were able to get my DNA sequence.
Before you go on Ellen, why is it that you are not as concerned about your DNA as you are about medical records given what might be able to be done with your DNA?
EWC: Because frankly what is in my medical records says more about me as I am as a product of genetics and environment and many other things than my DNA sequence ever will.
DM: I support what Ellen says one hundred percent there. Look I think we should be equally concerned about what is in the digital sphere as we are our DNA. I mean there is so much information, mobile phones are tracking devices, as Mark commented earlier people are becoming numb to consent to the fine print and just press consent on apps all the time. We allow Google and Facebook to track our locations and every time we make an automatic withdrawal of cash from an auto teller that is logging information about us, every time we go through an automatic road toll that is logging information about us. I mean there is a lot of information in the digital sphere that has to be protected just as much as DNA in my opinion.
Are all of these types of data, whether they are coming from DNA or whether they are coming from your social media, all of those types of things, are they all stored in law enforcement databases today?
DM: No, they are not. The only things that are stored in law enforcement databases, in Australia anyway, are DNA and fingerprints. The legal principle here is that if you are convicted of a crime and you achieve a level of a certain seriousness then you sacrifice the right to the privacy over your DNA and your fingerprints. So that information is stored on a database against your will. Now that only applies to that information, other digital information is not stored by law enforcement databases. However, that is not to say that warrants can’t be issued to access that information if there are fair and reasonable grounds for police investigators to think that that is a reasonable avenue of investigation.
Mark Rothstein what about the US?
MR: Well US law enforcement does not routinely collect all of the ancillary matters that they could through the internet. They have fingerprints and for some individuals a DNA sample, and the question I think that we need to answer in the US, as well as everywhere else, is in an information-rich era, how much do we want the government and law enforcements who routinely without a warrant, without a probable cause compile about individuals? Do we want the government to be able to aggregate, in a sort of a big data sense, all these diverse things that are where we have been and what we spend our money on and what books we have ordered and who our friends are, to try to get a picture of us for whatever purposes it might be used. I think the recent scandal if you will with Facebook is another rude shock to many of us that it is hard to even fathom the range of nefarious purposes that composite information can be used, and it is going to get really out of hand unless we get our arms wrapped around it.
What are some of the ways that this information, whether it is harvested from our DNA, from our family’s DNA, from our Facebook page, from our telephones, what are the protective ethical policies that we can advance to protect what we consider generally as a fundamental right. Ellen would you like to start?
EWC: I think first of all, we need to think about putting controls on what the government does when they use this data and I think that we ought to consider what kinds of prior permission like warrants or other things that they need to access these data. And frankly one problem in the US is that our courts have been much more permissive about when you can collect DNA information from people than has been the case around the world. So I think those are important issues. The other thing that I think is really important is that we need to be really serious about what the big data tech companies are collecting and how they are distributing it for use by other people. Because frankly in some ways Facebook and Google have much more information about me than the federal government does and their control of how it is used is absolutely not transparent to me or to anyone else. And I think that we need to think not only about what the government is doing but also about what data aggregators are doing with all these data.
DM: One thing we can do is instigate a process of what is called sequential unmasking, and that is where we only look at the information that is relevant to the purpose at hand. So for a forensic investigation, if you are extracting a DNA profile then we don’t sequence the whole genome of an individual because that is too much information, it is also too expensive to do anyway on a routine basis. Most of the DNA sequence is irrelevant for the purposes of forensic investigation. So we would first look at only those genetic markers that might provide a DNA match, if a match occurs there is no need to go any further as we are led to a suspect. If there is no match, then we only look at a few more genetic markers that might tell us about what that person looks like, their hair colour, their eye colour for example, perhaps their genetic ancestry which would give us another lead. In this way we sequentially release information from the genome and don’t look at the rest of it, we purposely don’t analyse the rest of the DNA data, and that is perhaps one protection that we could put in place to ensure that there is some level of genetic privacy.
I think it was your work Dennis McNevin that looked at sort of a comparative protection of genetic information, I think you said Australia deems it as sensitive and the European Union does as well but the US does not. What do we know about the level of protection there?
DM: Well I can’t comment on the US, but the problem in Australia and Europe and many parts of the world is that the legislation is largely silent about the use of DNA. The Netherlands has specific legislation that dictates exactly what DNA can be used for and forensic investigations, and the highest court in France also in 2014 issued a ruling about the use of DNA for forensic purposes. But otherwise around the world there is very little that has been said legally. The problem here is that technology has run ahead of the law and the law has got to catch up. I guess this is probably going to play out in the courts in terms of test cases but it is a frontier which is largely unknown legally and I think we need to watch this space to see what happens in the courts.
MR: Well I would like to talk about just one concrete thing that I think would be very helpful. The law has developed in the US that once an individual abandons an item, let’s say chewing gum or something, then anyone who picks it up can do whatever they want with it including DNA testing, and I think this is a great source of mischief in the United States. As Ellen talked earlier about some of these rather sleazy websites that will do any DNA testing on any object that you send in as long as you send the money, it is used for purposes that are extrajudicial. In the UK legislation was enacted that bans non-consensual genetic testing and I think that would be something that we ought to look at in the US. In the years to come not only will we be able to send a chewing gum sample or a child’s lollipop to a laboratory with new hand-held technology using nanopores we might actually be able to do it ourselves, and I think that what we don’t want to have is a nation of people who are willy-nilly doing testing of family members and others.
Final words Ellen Wright Clayton?
EWC: I think this has been a wonderful conversation and it just really shows we are trying to figure out how to move forward as individuals in a big data society and these exactly are the kinds of conversations that we need to be having.
This interview was originally aired on the Scholars’ Circle. To access our archive of episodes and download this interview click here.