A fierce controversy has arisen in recent days on the legality and appropriateness of law enforcement using private consumer genetic genealogy databases where the consumer paid for the test and had an expectation of privacy.
While many are outraged at this dramatic policy change, there are also individuals who wish to assist law enforcement agencies in apprehending criminals and identifying missing persons through genetic genealogy. Given this dichotomy in preferences, the following concepts are offered as technical recommendations for how a genetic genealogy Laboratory could assist law enforcement while honoring the privacy and preferences of those who do not want to participate.
- Complete Separation of Databases. The Law Enforcement Assistance Genetic Database (LEAGD) should be a completely different physical database and database instance from any consumer-based genealogy database with no linkages between the two.
- This separation is important not only for security and consumer trust, but also because law enforcement are going to want more and different search tools going forward than would be appropriate for the consumer database.
- Earnest effort must be made to remove / disable any existing Law Enforcement user accounts and kits that currently exist in the consumer database.
- The DNA contributors whose results may have contributed to a criminal arrest need to be protected from identification and potential retribution by the criminal.
- Some criminals can and will get themselves tested as ‘consumers’ after apprehension so as to find out how they were identified and prepare legal defense.
- Separating out the LEAGD from the consumer database is one layer of defense for the DNA contributor. Another layer of that defense may be anonymizing the consumer database kit while retaining the valid contributor identity within LEAGD for law enforcement use.
- Transfer Items. Once LEAGD is established, existing LABORATORY customers could OPT-IN to transfer their genetic information into the LEAGD.
- A transfer fee to the LABORATORY may be in order.
- Genetic match lists and shared DNA segment data are not part of the transfer, only the participant’s allele values.
- User-submitted Family trees (Gedcom files) could be transferred at the user’s option as each user is entitled to their view of who their relatives are, albeit, there could be mistakes in their genealogy files.
- A separate matching process should occur in the LEAGD to establish Y, MtDNA, and Autosomal DNA match lists there.
- No matching from the consumer database should be generated much less be accessible from the LEAGD, even at a System Administrator level.
- Shared autosomal DNA segment details probably are not needed in the LEAGD database.
- Transfer Identity and Intent Confirmation
Authority to transfer a consumer kit would require an identity and intent confirmation process by the LABORATORY STAFF which would assure that the DNA physically comes from the user making this choice.
- User signs / affirms an online Terms of Transfer which includes notice that they will not be able to search the LEAGD themselves or use it for genealogical research.
- The transferring user submits a current photograph of themselves (selfie) holding a piece of paper on which they have hand-written, signed and dated the statement: “I [full name] wish to transfer my personal DNA results into the [LABORATORY]’s Law Enforcement databases.” along with a copy of their government-issued identification card.
- The name on the user registration and identification card and other details must be confirmed by a staff member, so the confirmation cannot be instantaneous.
Law Enforcement Users
Law enforcement users of LEAGD should have their identity and law enforcement credentials regularly confirmed by LABORATORY staff.
- Credentials need to expire after an appropriate interval (e.g. annually).
- Law enforcement use and billing may be subscription based, sample based, or a combination of the two. So the LEAGD needs data integration to the billing system of the LABORATORY.
- Appropriate Technical Certification in genetic genealogy expertise for LEAGD users is needed at some point. Likewise tracking of the expiration of that certification.
- Access authorization paperwork for LEAGD users should be signed, scanned, and stored as auditable and reproducible documents.
- The parent law enforcement agency has to agree to notify the LABORATORY of any change in the status of the user such as termination, suspension, or leave of absence in which the law enforcement user’s LEAGD account should be disabled. In such event, it should be clear which entity is responsible for deactivating the account (LABORATORY or the law enforcement agency itself).
Law enforcement submitted samples and data need to have meta data attributes tracked which consumer databases lack such as:
- Type of Legal Case (Missing Person, Common Criminal, Terrorism).
- Case Jurisdiction and Case Number
- Some cases may have multiple samples so the traditional single-identifier per kit is probably not sufficient.
- Some cases involving serial offenders may also have multiple case numbers in one or more jurisdictions, so a many-to-many database architecture is warranted.
- Case Mergers and Separations – as DNA samples initially thought to represent different cases and suspects may turn out to be about the same case (and vice-versa), the case numbering system needs to adeptly handle and track mergers and separations of samples and data elements to specific Case Numbers.
- Expiration Date of Searchability and Matching on the Sample
- An automated expiration software agent has to be written and implemented to remove the matches and data of expired kits on a daily basis.
- Scanned copy of Court Order or Legal Authorization for the collection and processing of the DNA sample.
- Meta data attributes of legal authorization reflecting things like Gag Orders, Sealed Indictments, etc.
- Search Flags / Filters reflecting any limitations on searchability due to jurisdiction (State, National, EU) or geography; Other Limitations on searchability and matching (e.g. involves a suspect who may be inside law enforcement)
- Chain of Custody / Activity Log to be used in support of challenges to the authenticity of evidence.
- Search Filters / Restrictions
Law enforcement agencies will likely want the ability to restrict searchability permissions on their own samples to a) a single user; b) a single agency; c) a single state; d) a single country; e) global public.
- Tracking Architecture
Due Process and Disclosure Tracking Architecture needs to be built into the LEAGD so that it can accommodate and accurately track legal due process information elements like notification to defense attorneys, quashing of subpoena, etc. In other words, a Legal database needs to be designed for Legal Challenges.