Schneier on Security
A blog covering security and security technology.
« Kent Robbery |
| Quantum Computing Just Got More Bizarre »
February 28, 2006
DNA Surveillance in the UK
Wholesale surveillance from the UK:
About 4,000 men working and living in South Croydon are being asked to voluntarily give their DNA as part of the hunt for a teenage model's killer.
Well, sort of voluntarily:
"It is an entirely voluntary process. None of those DNA samples or finger prints will be used to check out any other unsolved crimes.
"Obviously if someone does refuse then each case will be reviewed on its own merits.
Did the detective chief inspector just threaten those 4,000 men? Sure seems that way to me.
Posted on February 28, 2006 at 7:31 AM
• 61 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
There was an interesting programme on civil liberties on Channel 4 last night. Appearently DNA testing is standard practise for anyone arrested, those DNA results (and finger prints) remain on file for ever. The example given was a young man who had come forward as a witness to a crime, due to an oversite his name was swapped with the suspects and he was therefore arrested. Despite the mistake being noticed straight away his DNA remains on file.
There are over 20,000 innocent individuals samples now on file.
"Did the detective chief inspector just threaten those 4,000 men?"
No of course not. The detective was merely reminding the 4,000 that their existence was proof that they are guilty. I mean really now, surely the crime wasn't due to the failure of the criminal system. It was societies fault and therefore all of its members are guilty.
Lou the troll
I wonder why police haven't tried this with other types of search. Why not simply ask all residents in a certain region to voluntarily allow police to enter their homes and look for clues? Or ask for voluntary wiretaps to see if criminality is mentioned on the phone after the fact? Is it just that DNA testing is less resource-intensive for the police than these other things, or are people somehow more willing to give up their rights for DNA testing than for house searches and the like?
What was that program called? I'm keen to see the media's angle on Privacy.
RE: The issue, Interestingly this came up today in a work discussion today, as I stated that I would, under no circumstances, submit voluntarily to a DNA test. People at the office were totally gobsmacked that I'd refuse.
The paper report this morning, said that if you didn't submit voluntarily, then the Officers would visit you at home and 'ask some pretty hard questions'.
DNA Dragnets have been conducted in Germany, France, and the US among other countries. Peer dynamics often play a role. "He didn't give a sample, we're not sure if we can trust him anymore..."
Last year, police conducted a DNA dragnet in Turo, Mass. US to find a person who left some DNA evidence at a murder. Some interesting developments in that case. A match was found eventually. But it was of a ex-con whose location, record, etc. could have made him a candidate for DNA sampling as a suspect for reason, rather than going for the general public.
Among issues raised by the sampling is the retention of the samples and the data. e.g.; If there's no match to the specific case's DNA, are the sample & its data, are they expunged. Or do they go into permanment storage.
"Did the detective chief inspector just threaten those 4,000 men?"
Errm no. "reviewed on its own merits" I take that to mean, if we would have had to investigate them without using DNA we will. If we wouldn't have investigated them then we won't. That in my (unparanoid) view is a reasonable interpretation.
"Is it just that DNA testing is less resource-intensive for the police than these other things"
Yes - see previous reply. I think they are trying to make their lives easier.
Having said that would I submit - No! I don't trust them not to keep the data, again quoting "There are over 20,000 innocent individuals samples now on file." That is the issue - they keep the data once you are arrested, whether charged or not! Let alone found guilty!!!!
The first case like this was way back in 1987 in a double rape and murder case in the UK--5,000 men were asked to give DNA, and the one guy who didn't, Colin Pitchfork (really!), turned out to be the killer. The DNA dragnet in Germany about five years ago was the largest--16,000 people to find the killer of an 11-year-old girl (again successfully).
Blair Shelton of Ann Arbor, MI, successfully sued to get his DNA sample back after a DNA dragnet in 1995.
My brother was "caught up" in one of these, a fairly media-intensive case in Truro, Cape Cod, Massachusetts. A very high profile murder happened, and the Truro police / Mass state police asked every adult male in Truro to "volunteer" a DNA sample. Of course, the same veiled threat was made about what happens if you don't. On my advice, he declined. It turns out they already had the killer's DNA sample, he had volunteered it some time ago (he was a casual worker at the house, who was already a suspect; the police just hadn't gotten around to clearing the multi-month backlog of DNA testing).
I watched this on the BBC news last night and the interviewee representing the police maintained that the DNA records of the people eliminated from the enquiry would be destroyed.
The Truro case Andrew mentions points out a weakness of these broad dragnets, irrespective of impact on privacy -- some enforcement/security/investigations agencies are overwhelmed by information already, so how much does dragging in more information really help?
A Reno man who voluntarily submitted DNA evidence to support his claim of innocence in a robbery case could not later prohibit the same sample from being used to convict him of a separate murder charge, the state Supreme Court ruled Thursday.
It seems that the Police are promising that the samples collected will not enter the national database.
This is in contrast to the samples that are taken from all individuals who are arrested as suspects to a crime, even those who are subsequently released without charge.
The problem is, does anybody believe them?
@David Sparkes: yeah, right. The UK government said that before, and it turned out not to be true... and more than once.
The truth is that every piece of DNA put in the UK police database will stay there, because it makes police work much easier, or so they think. Nevermind that accuracy gets lower and lower...
"The problem is, does anybody believe them?"
Don't give a sample, and you don't have to believe or trust them at their word.
What about inbred rednecks like me from the mid west? All of our DNA is practically identical.
I know I'm wrong in believing this, but I thought DNA was used as evidence and not proof of guilt. If you have a camera taking pictures of me stabbing someone, then that's the evidence. The DNA just proves the camera was right. I know that when the cops find a good fingerprint and run it through the fingerprint database, they get hundreds of matches. How accurate is DNA? If there's a sample of everybody, how many matches show up? I know some parts of DNA don't change, but after a cell divides there are "mistakes" in copying.
"I watched this on the BBC news last night and the interviewee representing the police maintained that the DNA records of the people eliminated from the enquiry would be destroyed."
What he meant was that the SAMPLES would be destroyed. The digitized record of the DNA would of course be kept on file.
There are two classes of people in the UK, and in the US. The one is all those the police can safely arrest, who can thus safely be fingerprinted and sampled for DNA. The other class is too important for the police to arrest, so the arrests are never recorded and their fingerprints and DNA will never be on file.
This is why the police require people to carry identification: so that they can tell which class the individual is in, and thus they can know what body of law applies.
It's worth remembering that Cary Mullis, the inventor of the polymerase chain reaction that made DNA replication ('amplification') practical, had said that something like 24 points of comparison would be necessary to be sufficient evidence to convict a suspect with scientific confidence.
Current forensic practice uses about a handful of points of comparison. They can get away with this so long as a tiny portion of people have their DNA on file. However, as they expand the database to include as many as they can get, this level of 'matching' will be as error prone as fingerprint matching. The police will eventually (if not already) get multiple 'matches', so they get to decide which of the 'matches' they like best, which is probably the guy with the poorest alibi.
By the way, the DNA evidence advocates will spin out astronomical probabilities against error, but ask yourself how they could possible validate these claims. This issue makes them spit and sputter.
I would never consent to a DNA test such as this. Not only because it is, in my opinion, a horrible violation of privacy, but also because my DNA might be used not only against me, but against any number of members of my family as well. I don't believe I have the right to expose them to this sort of 'voluntary' search, even if I were willing to submit to it myself.
DNA is inherited from both your parents. Even if you have the same parents as your sibling, the DNA that you get from your mother and the DNA that you get from your father are chosen on a roughly even basis for 43 chromosomes, each of which gets half of the father, and half of the mother. With one exception - the Y chromosome comes only from the father. So, you have a one in 2^43 chance of having the exact same DNA as your sibling.
The exception to the rule is that of an identical twin, where a single fertilised egg splits during mitosis and becomes two individuals. In that case, the DNA is the same.
Fraternal twins have the usual 1:2^43 chance of having the same DNA as each other.
Okay, the mathematics might be slightly off, and I am pulling the number 43 out of badly remembered high-school biology, so I'm probably wrong there, too. But the point is, you do not have the same DNA as your siblings, and you have even less chance of having the same DNA as anyone else in your red neck of the woods - no matter how many loops there are in your family tree.
As for fingerprints matching hundreds of people, no, I think that generally doesn't happen for the "good prints" you describe.
There seems to be a recurring problem with these situations, namely, a misunderstanding of the benefits of freedom versus the benefits of highly efficient law enforcement.
What is one of the most famous essays or books (treatise, etc.) on the theme of presumed innocence of an individual? Who wrote the most convincingly in this area? Jefferson? Bastiat? Hayek?
@jammit DNA is not accurate in itself. People are using severall genetic markers each having lots of variant in the population. The combination of the information at the different markers makes it a unique signature. It is easy to choose the markers so that the probability of finding to identical signature among two unrelated individuals is less than 1/(population size).
Not quite. In somatic cells there are 2 non-identical copies of each chromosome.
There are 23 of such chromosome pairs and a small bit of DNA not located in chromosomes, mitochondrial(sp?) DNA (mtDNA).
Y chromosome, found only in males and is obviously inherited from the father, mtDNA is always from mother.
All other chromosome pairs always have one chromosome from the father and one from the mother, (whose genomes too have 2 different copies of each chromosome) so each chromosome pair has 4 possible combinations available. That's 4^23 chance of having DNA identical to sibling. In fact it's even less, because of possible chromosome crossingover.
"5,000 men were asked to give DNA, and the one guy who didn't turned out to be the killer.".....or, the one guy who didn't was convicted for the killing...hopefully the evidence against him was really, really solid. I'm getting this nasty scenario in my head: one innocent guy stands up for his privacy, police figure he must be the guilty one so they drum up "evidence," jury buys it, and everybody says hey, looky there, mass dna screening works.
I personally would have absolutely no problem submitting my DNA sample to the police in a particular investigation.
First, however, to eliminate any legal ambiguity over the use of this particular sample, I'd like the chief of police, the mayor, and all of the members of the city council to sign an "EULA" for my DNA:
"I, [party of the first part], agree to provide a sample of my DNA material to [party of the second part]. For the purposes of this document, "sample" shall include the physical material provided to [party of the second part] as well as any physical or electronic copy, facsimile, or representation of the original material provided to [party of the second part], in whole or in part. This sample is provided only under the following terms and conditions.
"This DNA is provided specifically for the current investigation of the [murder, rape, etc.] of [specific victim, list of victims] and is not intended for any other purpose, including storage of a time greater than the necessary period to compare this sample with [evidence tag number of sample(s) with which the comparison will be performed], dissemination, translation, or submission, in whole or in part, to outside authority without prior written authorization of [party of the first part].
"In the event authorization is provided by [party of the first part] to any outside authority, said outside authority shall be bound by the conditions of this contract, and said authority shall be regarded as a agent of [party of the second part].
"The sample comes with no warranty, implied or otherwise.
"In the event analysis of this sample leads the district attorney's office, the police department, or any other state, federal, or international agency to indentify [party of the first part] as a suspect or charge [party of the first part] with the [murder, rape, etc.] of [specific victim, list of victims, or partial subset of list of victims from above], or in the event of unauthorized use of sample by any party, [party of the first part] agrees to amend preceeding storage clause above to include storage of sample. Said storage clause shall be amended (a) in the event of authorized use of sample: for the duration of [party of the first part]'s trial, in the event [party of the first part] is found not guilty, or, in the event [party of the first part] is found to be guilty, sample shall be stored together with [evidence tag number of all samples gathered during investigation] for a minimum period of time equal to the duration of the sentence of [party of the first part] or until such a time as [party of the first part] is found not guilty on appeal or otherwise exonorated of said conviction, whichever is less. (b) in the event of unauthorized use of sample: for the duration of any legal or civil proceedings initiated by [party of the first part] or any other party concerning sample, or 5 years, whichever is more.
"[party of the second part] agrees to allow [party of the first part] or any authorized agent of [party of the first part], access to all records concerning the storage and analysis of sample, or any facsimile, duplicate, or electronic or other representation of sample, within a period of time no greater than 2 weeks of request of said records when such a request is provided to [party of the second part] or any agent of [party of the second part] in writing or in person.
"Any use of this sample outside of the bounds of this contract by [party of the second part], any authorized agent of [party of the second part], or any person, authorized or otherwise, who gains access to said sample, through any action or inaction of [party of the second part] shall be regarded as a breach of this contract.
"Any violation of any of the terms or conditions of this contract shall result in a minimum of the following:
"I. [party of the second part] agrees to pay to [party of the first part] (or to the estate of [party of the first part], should [party of the first part] be deceased) a sum of $10,000,000 USD within 7 days of discovery of said violation. This sum shall be paid irrespective of any results of such misuse. If said payment is not recieved within 7 days, a $20,000 per day late fee shall be charged. If payment is not recieved within 30 days, said late fee shall be amended to $100,000 per day.
"II. If [party of the second part] fails to meet the penalty described in I., above, within a period of 180 days of discovery of said violation, then the following agents of [party of the second part] agree to be held equally liable for said payment, together with any fees: [list of mayor, chief of police, city council members].
How long does the PCR test take? ISTR that PCR is pretty fast, in the order of hours.
How about having some of the "volunteers" monitor the progress of the samples in this lab, and their subsequent destruction in an incinerator?
If digital processing is required, I'd also insist in a non-networked computer be used for that, preferably a laptop so that it can also be fed to the incinerator.
recieved != received.
God I hate when I do that. "'I' before 'E' except after 'C'..."
My concern is what if a criminal hacks the dna database that has my record? I don't mean he changes my record to be the same as the crime, but what if he changes the crime record to be the same as mine? Then I have no proof I didn't do it! And do you think I would be allowed to subpoena computer security records? HA!
> what if a criminal hacks the dna database that has my record?
That's a violation of my EULA.
> do you think I would be allowed to supoena computer security records?
Failure to provide records in a timely fashion is also in violation of my EULA. :)
I was going to comment directly on the ins and outs of DNA fingerprinting. But i will be breif.
Currently we only look at enough loci to make the probablity of a "collision" 1 in 3 million *if* you are european! It can be much less for other races ie asian and a bit more for african populations. Some states in the US are adding loci to there fingerprints and others use all the loci avalible.
There are other genetic markers we can use, like SNPs. But we don't yet.
Bottom line. DNA fingerprinting is designed with a small list of suspects in mind. Without motive, and a aliby there *should* be no case.
The hardest part is good old contanimation (no not the lab type, the have negative/postive controls). On the tv shows they find a hair in a car etc.... That only works if the suspect claims to have *never* been in the car... so when its a friend of the family or something this won't work. Basicaly PCR is too sensitive sometimes.
long story short. Current DNA fingerprinting is not designed for national databases
If this ("voluntary" submission of evidence) were to happen in the US, doesn't the Fifth Amendment apply? I'm not required to incriminate myself.
I'm not a biologist or even a biology amateur. However, I did see a presentation by the technical director of a private firm that does many criminal and civil DNA tests in the U.S.
Human DNA contains certain "long repeat regions" which appear to be a different length in each individual. DNA is compared by determining the length of each LRR. In the standard method used by U.S. law enforcement, 13 LRRs are compared between the two test samples and to the likelihood of that event happening by chance given the testee's ethnic group.
Very little is known about the LRR distribution among humans, or whether patterns resulting from the laboratory methods used may skew the data. There just haven't been any sufficiently large-scale studies. Relying on the subject's ethnic group raises a huge red flag for me: so little is known about the biology of race, you'd think they'd pick a few more data points so they could eliminate that parameter.
I'm certainly not saying DNA evidence is worthless. It's much better than eyewitnesses, who have repeatedly been shown to be unreliable. However, saying the chance of a DNA mismatch is "1 in 3 million" is not all that different from saying an encryption algorithm would take 100 million years to break via a keyspace search when cryptanalysis yields a much easier attack. DNA testing performs admirably in the average case, but security is all about pessimistic scenarios.
Michael Ash enquired "Is it just that DNA testing is less resource-intensive for the police than these other things, or are people somehow more willing to give up their rights for DNA testing than for house searches and the like?"
It's new. The same thing has already been tried for house-to-house searches in or before Roman times, I imagine, and by now we have woken up to the trick in that theatre.
This is new, so maybe we won't notice if they phrase the same question in a different context. Standard police tactic. Works every time. Just read the papers for proof.
"Don't give a sample, and you don't have to believe or trust them at their word."
Unless they 'review your case on its own merits, charge you, then extract a sample under force which goes into the growing archive of samples-of-charged-suspects-never-to-be-deleted.
Re the speculation on odds of tests matching the wrong individual, looking at your arguments it seems to me that some of you are imagining that we can each have a different value for each of our chromosomes?
Remember that chimpanzees have 98% the same DNA as humans ... so two humans DNA must be very close to 100% similar .. perhaps 99.7%? (I'm guessing, but the actual statistical figure has been publicissed recently..)
Doesn't leave an awful lot of variable DNA to compare, and as someone mentioned, the number of markers used is actually much much less than the amount of variable DNA.
DNA markers are much more like binary than a fingerprint is .. points of similarity are imho much more constrained than for a fingerprint characteristic, meaning they should be requiring many more points of similarity to make a match. imh-lay-o
In response to the last poster my understanding is that those high similarity figures you quote are for gene similarity, or perhaps coding regions and the DNA identification uses these long repeating regions that don't code.
So wikipedia suggests those 1 in 3million numbers you have been throwing around are just BS. For the 13 loci used in the US any two people have a 1 in a quintillion chance of matching. The number of *some* false match in a large database is much larger.
As it happens, I was just providing an elimination DNA sample - to see if any of my DNA is present on a piece of clothing from a suspected attacker. According to the PC handling the case, there are three classes of DNA sample in NZ: elimination (what I did), evidentiary (obtained by warrant), and DNA database.
Of these, the DNA database sample remains on file - but, if they find a match against a database entry, a fresh evidentiary sample must be obtained (via warrant) in order to get something admissable in court.
So, that seems to alleviate the weak match and degrading sample accuracy issues.
@Daniel Feldman: We do know the distribution of the variants of LRR (we usually call them microsatelites). I don't get your point with the comparison with encryption... The computation of the probability is exact given the distribution of the microsatelites alleles. There is no alternative way nor bypass...
And if their is a doubt, we can always add markers.
@g3: the variability between to humans is enought for this purpose.
just to put some numbers... Say we use 10 markers each having 10 variants (alleles). One individual bears 2 of the variants for each markers because you recieved each chromosome from your mother and from your father. So for one markers you have 55 combinations (for those who are not familiar, with 3 alleles you could be 11 12 13 22 23 33). Thus for the 10 markers we have 55^10 combinations which is near 2.5E17... Of course the probability of being identical to a reference sample is not 1/2.5E17 because each allele has its own frequency and thus some combinations are more likely to be seen than some others.
I am thinking about this stuff quite often, and I am decided to bite and fight before giving away the most intimate, private, personal thing in the world: the blueprint of my individual self.
Because it tells too much about me.
Or makes people think it tells x about me (x being something they don't like), even when it doesn't.
With the large DNA databases and research already in existence, statistical profiles, algorithms and software will be developed to put any person under some "DNA class" that sticks forever. Like the "yellow star" they did attach to the jewish.
"Dear Jury, profile 3448, typical for murderers, matches 9.998%. Of course he's done it. Your choice must be the electrical chair."
"See, Molly, This guy has 9167, clearly a cancer candidate. We cannot issue that insurance policy to him. Now you learn what automated answers are for; you don't want to invent some kind words each time we have to steer clear of bad publicity."
"Lady Smith, we are so sorry but you match profile 13: extremely high probability of pregnancy. Get it, this job is not for you. Well, your IQ is under 110 anyway."
"Mr. President, the new tax for people with mexican data points in their DNA helps us a lot to fund border security. BTW, here is the list of people who are likely to care for their freedom too much, and the camps are ready, too."
"With the large DNA databases and research already in existence, statistical profiles, algorithms and software will be developed to put any person under some 'DNA class' that sticks forever."
I presume that everyone has seen the movie "Gattica."
Maybe Pat Calahan is right, and we need a legal framework that guarantees, and allows to scrutinize, that the sample and any records about it are destroyed immediately after the boolean test outcome "matches" or "does not match".
Let's say I'd like to volunteer because I want some murderer to be found quickly. Without the framework I'd have to reject.
But now I can take the lab girl to a place of my choice, check that her test equipment has no recording capabilities, give my sample, watch her doing the work and signing that my sample does not match, finally burn the sample and whatever chemicals or stuff she used.
Sadly, this won't happen for two reasons:
1) The government does not need to conform to my policy because they are in power and can do whatever they want to me.
2) I can't trust them because they lie to me all the time. And because of 1), too.
> 1) The government does not need to conform to my policy because
> they are in power and can do whatever they want to me.
This is an exaggeration, at least in the U.S. Although there is legitimate concern that some of our privacies and freedoms as U.S. citizens are being slowly eroded, we're certainly nothing like, say, Iraq under Saddam.
> 2) I can't trust them because they lie to me all the time.
Irrespective of the truth of this statement, this is fixable. The problem with trusting "them" (the government) is that it is a nebulous body, which makes it difficult for an individual to enforce trust.
In other words, the nebulous "they" can lie to me, because when they are discovered, I have a difficult if not impossible time extracting compensation.
So you force a liability (which is the point of my II. above). If you're going to agree to some transaction with the government, and you can't control the consequences of the transaction, you can at least control the liability of those consequences.
In my (admittedly tongue-in-cheek) EULA I agreed to give a DNA sample for a specific purpose, denied use for any other purpose, enforced an audit policy, and outlined specific consequences of a violation of the agreement. I then added a forced liability on individuals -> "they" (the government) can choose to violate my contract, and they can choose to ignore my penalty, but if I don't get paid by the city or state, I'm coming after the mayor, city council, and chief of police, who have been so kind as to accept the liability.
"I presume that everyone has seen the movie "Gattica.""
Some of us have even seen "Gattaca" Bruce. ;-)
(I correct only because they deliberately limited the letters in the name to GATC)
@ Pat Calahan:
"In other words, the nebulous "they" can lie to me, because when they are discovered, I have a difficult if not impossible time extracting compensation."
People and organizations can lie to me for several reasons:
1) When there is no law (or contract valid under that law) that would allow me to demand compensation. Advertisements and political parties lie all the time, everybody knows it, nobody cares, and nobody believes one could do something against. In france, as far as I know, most of the law is not even applicable to the president.
2) When the law or contract exists in theory, but will not be applied. Who would really kill Enron or the Republicans for their delicts? There is the practice of jurisdiction (think of precedence cases), clauses of "insignificance" or "disproportionality" (germany has such for actions in constitutional court), judges who are not willing to interfere with the established system (be it loyalty, ideology or corruption), and if all else fails the government may be able to change the laws retroactively. Like the european commission is working so hard to retroactively make all those illegally granted software patents legal.
3) Even if I might successfully sue the authorities to compensate me, their indebted budgets would never allow actual payment of sufficient money to protect myself from the assassins of some future dictator. Would it be enough to constantly maintain my own sovereign state with secret services, ABC weapons etc to protect me from the combined forces of the USA?
4) Even if there was, I would need to KNOW that my data was not destroyed. But commercial data thieves or secret authorities won't tell me. Why should they?
In germany there was an incident where a cellphone left a digital trace some kilometers from an attempted attack against a railroad. The BKA (federated authority of criminal investigation) observed the owner and two inmates (who had been recorded at a peaceful demonstration against war) for years, bugged their rooms and cars, and told their employers, neighbors and anyone else they were suspected terrorists. One day they assaulted the house with a SWAT team while the men were sleeping, and searched them and the house.
They were innocent, but noone went back to the employers, neighbours etc and told them for rehabilitation. Without the tv report these guys would have been ruined forever. And the rest of the people learned that you NEED to hide from the state.
Data collection, processing and broadcasting are mighty weapons. Corporations and authorities hurt and domineer us with them since the begin of history. Now those weapons multiply their impact every year. We need protection, but unfortunately the only ones capable to provide protection are also those that we weed to be protected from.
We are far from "gatacca" because of technical limitations. Atomic constituant of the DNA are called bases (there are four of them, ATCG). Gene length varies dramatically from one to another. I think one of the longuest is 2000000 bases long. Sequencing requires fragments around 1000 bases. And if you considere a larger region, you'll need overlapping fragment to reconstruct the sequence. So if you considere a gene measuring 20000 bases, you'll need more than 20 fragments. Some fragments depending of their (unknown) sequence are almost impossible to sequence (e.g. presence of CA repeat) or require very fine adjustments (note the s). If my memory is correct, there is up to 30000 genes, and many of them are still putative (recognised by informatic tools only) and many have unknown function. Thus, as of today, fully sequencing lots of individuals seems untractable (unfortunately for the study of genetic diseases).
However, this is not an argument to let people do silly things with others dna :-)
I'm sure insurance company would support the genetic testing of a few predisposition genes...
DNA sequencing speed is increasing on an exponential curve similar to Moore's Law, so we might not be as far from Gattaca as you think...
Do any of you people worried about this have your fingerprints on file with the police ?
I do. The problems this causes for me is that if I am involved in a crime I can be identified if I leave prints. That and only that.
So what's the idea here ? You all pissed this might put a dent in your plans for a rape spree ? If you carry out a suicide bombing your parents will find out it was you ?
The problem you have is that, I am a bent copper. Now that I have your finger prints on file, I can make a set of rubber gloves with your finger prints, put on a mask and go and rape your girlfriend. Now they will find your fingerprints and blame you, so I will get off scot free. If you hadn't stored your fingerprints then I wouldn't have the evidence to plant and wouldn't have done it.
Tank; why do you want to help people rape your girlfriend. You are sick.
To those trying to have a civilised debate and listening in; sorry.. it just annoys me when the "open up and trust us" people start accusing others of being criminals.
As to the EULA -- it may contracutally limit what the collecting agency does with the sample, but what happens when the agency is subpoenaed by someone else before the sample destroyed? There'd always be a window for this to happen, and as someone pointed out, judges aren't buying the "I only donated DNA for this one case" argument.
To those trying to have a civilised debate and listening in; sorry.. it just annoys me when the "open up and trust us" people start accusing others of being criminals.
BentCopper at March 5, 2006 03:39 PM
So you thought you'd talk some completely flawed fantasy based shite as an anti-dote ?
Neither finger prints nor bent cops are something new in fact you've probably got a hundred years worth of cases to work with. So you'd look a whole lot less ridiculous if you just pointed to the rate of that occurring versus the security benefit that recording fingerprints and DNA provides. Start with finding one.
And don't bitch to me about suggesting you're criminals. If there was a 2nd reason for you to be all worried about this which isn't based on paranoid fantasy then let's go with that. Right after someone mentions what it is.
I agree with tank. The only people who have anything to worry about are criminals. I go so far as advocating the DNA typeing of every baby born. THAT would be a rather powerful crime fighting tool.
Tank, sometimes I wonder if you're being obtuse simply to encourage a flamewar.
> If there was a 2nd reason for you to be all worried about this which
> isn't based on paranoid fantasy then let's go with that.
Are you saying is that in order for me to have a legitimate claim to worry, somewhere there has to have been a case of misuse of DNA data? That without a definite case of misuse to refer to, I'm being fantastically paranoid?
That's plainly idiotic. If we approached everything that way, we'd never close a barn door until the cow got out.
As I stated, I don't have a problem with a legitimate law enforcement agency asking me for a sample to clear me off of a suspect list. What I find objectional is for that agency to then store, disseminate, or otherwise provide *other* access to my sample for some other purpose. Currently, I have *no* method to prevent misuse of my DNA sample if I give it up, and *no* recourse if my sample is misused.
In order for me to be confident that things aren't being misused, I want to know specifically what my sample will be used for, I want to be able to audit their processes if I so desire, and I want there to be a penalty if misuse is discovered. In what way are these unreasonable requests? This is pretty standard base policy for any sort of secure system: access control, audit, and revocation.
I will reasonably assume that it is very unlikely that a law enforcement community will falsify my test results in order to "pin the crime" on somebody. Sure, there are examples of this occuring but for the most part individual cops are (I believe) decent people trying to do their job.
However, I will *not* assume that my sample can be stored indefinitely for any purpose without a much higher likelihood of misuse. I'll trust N cops involved with investigation X, not ALL cops involved with all investigations (not to mention all of the administrative, technical, etc. staff who may gain access to the database).
Of course this whole discussion becomes meaningless when they start taking DNA samples at birth.
Last year a truck driver was killed when a yob threw a brick from a motorway bridge in surrey and it hit his cab. The Yob was eventually caught by familial profiling - a DNA sample found at the scene was traced back to a family member who had already had a sample on file. As far as I know the family member was found innocent. The Police kept the records anyway - they have been allowed to since 2004
The whole argument about profiling individualls by DNA (ie. the movie GATTCA) is not relevant any more. After finishing the great human DNA mapping project (and some other DNA research) most scientists understand that what they should realy map is whole processes - types of proteins and hormons built by the DNA, amounts, timings, shut off signals to DNA and more. They estimate the complexity and diffrence between humans (including identical twins) is many orders of magnitude greater than 'just' mapping the DNA.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.