Schneier on Security

"Harmless synthetic DNA" ...

Why does this phrase not give me a warm, fuzzy, more secure feeling?

The term "DNA" is likely referring not to a true form of DNA but some other uniquely-identifiable substance. Much like chemical tags in explosives, I'd guess.

That was my guess, too. Kind of like the taggants in explosives.

On the contrary, I expect that the DNA is real strands of deoxyribonucleic acid, synthesized on the same machines gene-splicers use. Its base sequence wouldn't have to resemble that of biological DNA, but would probably consist of a customer-unique pseudorandom middle bracketed by systemwide end sequences. The end sequences would be used with the polymerase chain reaction to allow amplification and detection of a single molecule.

That's just my guess, worth what you paid for it.

Rich Gibbs, why would it? DNA is ultimately just another polymer. I can't imagine that it could sink into the nucleus of a few cells and replace the existing DNA (for one thing, cells themselves are hardened against random crap entering the nucleus).

Its usefulness here is that DNA strands can be artificially produced to make an extremely tiny but uniquely identifiable imprint.

I presume that a small segment of the DNA would match some natural human DNA, so that it would "stick", but the remainder of the chain would be some customer-specific sequence.

The part I don't quite get is how you prevent the spray from being set off by normal activity. Is it like an ADT burglar alarm, where you turn it on and off, and if motion is detected when the alarm is on, it sprays? That would be a real bummer in my house...my kids (and I) frequently open the door while the alarm is still on, which is rude, but has few cleanup consequences :-) I find it kind of silly to want to use this technology to protect children from attackers (a motivation for it cited in the article). It seems like it would only be useful for locations that have two distinct states: humans expected to be present/humans not expected to be present. Museums after hours?

What happens if the burglar goes out another way, say via a window? Would you have to have a Sentry station at every possible ingress/egress point? That does not sound practical.

It seems that this type of "tagging" could have all sorts of problems associated with it.

Won't the criminals just wear gloves and masks (i.e. no exposed skin). In this case, the criminal may only have "casual" skin exposure to the tagging substance if they came in contact while removing their gloves, etc.

If this form of tagging becomes popular, won't the tagging substance eventually be "everywhere". To counteract this ubiquity problem, every "discharge" of the tagging substance would need to be made somehow unique to separate different instances of the substance (i.e. unique identifiers in the tagging substance itself?), which may make it more expensive since each substance "canister" would have to be unique.

Also, what about casual, or secondary contact with the discharged tagging substance. Such as a passerby stepping in or brushing against the tagging substance on an object, or even unknowingly the contaminated criminal, then tracking it who knows where "contaminating" literally hundreds of others in the process. This is more problematic since those contaminated through casual contact would likely be in the physical vicinity of the crime, making them out as more likely suspects.

"However, the harmless synthetic DNA contained in the powder sinks into the skin..."

Would this qualify as an ingestible substance? Would FDA approval be required to use it in this country?

Chauncy, you eat DNA every day, all day; it's in every bit of plant and animal tissue.

Besides, it isn't being sold as food or a drug, so why would the FDA be involved?

hmm - why spend the time and $ building custom dna strands. DNA is relatively fragile and could be denatured if not cared for. Plastic Taggants are more practical and could be picked up with a simple magnification. Trying to find the "right" dna in a messy liquid seems kind of impractical. Plus the additional work of identifying. By the way the Tv shows where they just stick the DNA sample in a computer and it spits out the Code... thats not how it works in the real world. Somebody has to do alot of messy error-prone work to do it right

... because this "harmless synthetic DNA" contained in the powder sinks into the skin and makes you transform into a werewolf on a full moon.

"What happens if the burglar goes out another way, say via a window? Would you have to have a Sentry station at every possible ingress/egress point? That does not sound practical."

Agreed. It might make sense for situations where there is a closed location where the criminal has to be: a bank vault, for example. I could imagine this being used to mark the money bundle tellers are instructed to give criminals, or ransom payments.

Why does this sound like a Smart Water redux?

A quick review of http://www.schneier.com/blog/archives/2005/02/...

"... The idea is for me to paint this stuff on my valuables as proof of ownership. I think a better idea would be for me to paint it on your valuables, and then call the police. ..."

Did I miss something here? Granted, the powder would be at least visible, but um, all over the cops, their shoes, their cars ...

Without his knowledge, borrow the clothes of your brother-in-law, commit a burglary, return the clothes, and call a tip hotline. Since you are not a suspect, the cops will never check your skin. Spend much of the next week swimming, just in case.

Now even criminals have a reason to exfoliate... ...I mean, it does say that it can be removed by heavy scrubbing.

@Andy B

it seemed like it meant the powder can be removed by heavy scrubbing, not the DNA tags.

It still seems to me that some cameras would do a better job (and probably be cheaper).

And, if you're really paranoid, why not some landmines? (ok, just kidding here, but it's a possibility)

As pointed out by Eric and Brad, there are some fundamental flaws in ascertaining that the target individual, and only the target individual gets tagged. But you have the wonderful buzzwords like "unique identifier" available with which to sell it.

Sounds like a great marketing opportunity. Corporate America will eat it up, as long as the buying public doesn't figure out the fatal flaws too soon.

"And, if you're really paranoid, why not some landmines?"

Or a spring-loaded boxing glove.

"Or a spring-loaded boxing glove."

I've always wanted one of those.

"I've always wanted one of those."

Sorry, couldn't resist following the pattern.

"Sorry, couldn't resist following the pattern."

Everybody say "Ho!". Oh wait, is it off-topic?

"And, if you're really paranoid, why not some landmines?"

Why not buy the DNA-spraying machine and fill it with plain baby powder? If white powder can paralyze government offices, it ought to be able to frighten a thief into leaving.

In the UK, its country of origin, this stuff would most likely fall under the Medicines Act because of its biological nature and the fact that it's designed to penetrate the skin. So it's likely to need to jump quite a few regulatory hurdles - providing that someone spots that they are applicable.

More worrying is the danger of false positives. It will be detectable with standard forensic DNA tests that use PCR. That means that it can be detected in minute quantities, theoretically as little as one molecule. And please remember that PCR is NOT quantitive, you can't tell how much DNA you started with.

The spray will cover the target with billions of molecules. Thousands, possibly millions of these will transfer to things the target is in contact with. These objects will then transfer themselves to subsequent contactees of these objects. How long the contact chain is for detectable quantities to be transfered to an innocent third party is a matter for conjecture.

There's little risk that Granny is going away for armed robbery because of this. But what if someone with a criminal record for burglary innocently picks up some DNA on the sixth transfer. Will the police investigate properly or will he be charged and convicted because the police "have DNA evidence"?

Oh, and Tim Murray - "DNA is ultimately just another polymer". Similarly ricin is just another polymer, so is Cobra venom, so are many very very dangerous things. This stuff is probably safe, barring an allergic reaction on behalf of some people exposed to it, but the "just a polymer" argument is specious.

I also meant to say:

Anyone who wants a spring loaded boxing glove, just write out an order, address it to "Acme" and drop it off at your nearest postbox. The delivery van will be along in a few seconds. I hear that there's a special on - order six and get a set of rocket powered roller skates free.

This is very good idea IMHO :)

The DNA could be made from a synthetic source and does not have to be a natural occuring sequence.DNA is just a chain of nuclaic acids after all.

It has to use PCR (which can be quantifiable )but it doesnt have to be detecatble by normal forensic scientist even though it's using forensic techniques.

and i belive would only be used as a secondary ID for the criminal along with CCTV and other techniques