|
|
GENETIC TREASURE TROVES, NO SEARCH WARRANT REQUIRED
Right now, government authorities and police are using legal loopholes to target and surveil citizens using third party databases containing genomic information.
A just released study set to be published in the Southern California Law Review details how Fourth Amendment rights are currently being circumvented, in what some have termed a “DNA Dystopia.”
The study’s authors also outline how technology might offer better privacy protections for Americans, re-establishing and preserving their Constitutional rights.
1970’s “Third Party” Loophole Blown Wide Open by New Millennium Realities
The new study, “Familial Searches, The Fourth Amendment, and Genomic Control,” was conducted by researchers from the University of Maryland and University of Illinois.
It lays out the extraordinary powers that authorities have gained by using 1970’s era legal precedents, together with the extraordinary level of information that can now be leveraged via genetic information.
The Fourth Amendment enshrines “[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.” This protection generally requires that the government obtain a warrant, supported by probable cause, before performing a search that is intended to discover criminal conduct. But the Fourth Amendment, by its own terms, only regulates the government’s ability to conduct “searches” and “seizures.” If the conduct at issue does not constitute a “search” or “seizure,” Fourth Amendment scrutiny simply does not apply. To determine whether a “search” has occurred, courts use the “reasonable expectation of privacy” standard originated Katz v. United States. Under this standard, a “search” occurs when the government seek[s] to examine a place, thing, or information in which an individual has an “expectation of privacy . . . that society is prepared to recognize as reasonable.”
In a pair of cases in the 1970s, however, the Supreme Court appeared to carve out from the “reasonable expectation of privacy” standard any information an individual shares with a third party, from whom law enforcement subsequently obtains that information.
In the case of genomic data, third party genomic service providers, such as GEDmatch and FamilyTreeDNA have become popular for people who want to learn about their family lineage and histories, as well as investigating possible genetic medical predispositions or ailments.
The study notes that police have increasingly exploited the third party loophole to access these databases.
A subject need not have personally even contributed a genetic sample to one of these genomic services. Due to the nature of human DNA, information contributed by relatives is often just as useful to snooping authorities:
With a sample from an unknown suspect in hand, police can use data from these services to accomplish long-range familial matching against every database participant—that is, to find the closest genomic relative and, often, surveil them.
Under a classic reading of the Fourth Amendment’s “third party doctrine,” none of this would be a “search” for which a warrant is required.
The authors observe that the 1970’s legal “third party” fourth amendment loophole never envisioned the comprehensive nature of DNA information, nor the modern reality of the way people now store their information via internet cloud services and app providers.
They say that those modern realities have led courts to set some limits on “third party” access:
The “third party” doctrine does (and has) posed difficulties in a
modern age, when much of our information is not tucked away on parchment in writing desks, but rather is on the internet, in e-mails, DMs, texts. These forms of communication and inquiry are, as a matter of technological necessity, shared with third parties like ISPs, platforms, and other service providers.
The Supreme Court has only recently begun to grapple with these realities, curtailing the broadest interpretations of the “third party” doctrine. Most significantly, in Carpenter v. United States [2018], the Court held that government access to a week’s worth of an individual’s historical cell phone location data—data that is compiled and held by cell phone companies—amounts to a search subject to the Fourth Amendment, and typically requires a warrant. In other words, cell phone location data is data in which an individual may maintain a reasonable expectation of privacy against warrantless government access and use.
DNA Offers Unprecedented Data and Surveillance Power
The advance of genomic understanding analysis, paired with practices of genomic service providers, who often require service users to upload and store their genomic information, has created unprecedented power for authorities, according to the new study.
That power includes the ability to take DNA from a crime scene, and run it against third party databases, to find family trees of individuals that can be surveilled, to locate and identify possible suspects of crimes.
In other words, even if individuals never contributed their DNA to a genomic service, or committed no crime, they may find themselves surveilled by police, in a DNA “dragnet.”
The problem is compounded by the fact that even if companies try to limit access of their data to authorities, police can and have posed as mere consumers looking for family tree data, easily circumventing company privacy protections.
New Technological Protections Suggested
The study researchers say that as it stands now, consumers who want to avail themselves of powerful genomic knowledge about themselves have little choice but to cede their information to genomic service providers:
“Users who wish to know about what their genomes say about their health, physical traits, ancestry, parentage, or genomic relatives have consequently had little choice but to use services that possess physical control over their genomic data. There’s been no other game in town.”
Instead of having genomic data primarily and indefinitely reside with third parties, the authors conclude their study with an outline of technological alternatives.
Acknowledging that some of their research is focused on developing technological alternatives that would vest more control and privacy with consumers, the researchers outline a model of privileged and temporary data access:
“One easy-to-understand strategy aims to ‘bring the computation to the data.’ DTC genomic services have traditionally placed genomic data at the site of computation. For instance, 23andMe performs tests within its own server system. But smaller sizes of genotype data like those generated from ‘SNP chips,’ combined with advances in software platforms, make it increasingly feasible to carry out genomic tests elsewhere. For instance, DTC users typically download their data from 23andMe and upload it to GEDmatch. It is increasingly feasible for users to download both the data and the code for a computation and execute the computation within a trusted user environment.
“The technology largely operates around a trusted platform—akin to that deployed on most smartphones—to allow users local control over their data. Users could, for example, have their genome sequenced by a commodity DNA services company (one that does not permanently store client sequences) and then deposit the resulting genomic data on a trusted device, like a smartphone. Software on that device would then sequester the genomic data in a trusted environment from the device’s other applications.”
If authorities currently enjoy a loophole to access vast amounts of third party stored data, which is a virtual necessity for consumers to avail themselves of many common internet age services, then consumers must also have the right to seek greater privacy protections over their data.
Encryption, decentralized blockchain and crypto powered solutions for identity and data control, and data access and storage models like the one suggested by the study authors, are all tools that may rebalance the privacy rights of citizens, in a time when courts remain woefully out of step with modern technological practices.
The full study can be viewed here.