Modern police work or invasion of privacy?

NOTE: This article was initially posted in June 2019 and has been updated with new and current information.

The Maryland legislature passed a new law in 2021 that further regulates how law enforcement uses commercial DNA databases to identify suspects. With this new law, Maryland joins Utah and Montana as the only states to limit police use of these databases. In 1994, the Maryland legislature passed the Maryland DNA Collection Act which authorized police to gather DNA evidence for certain criminal investigations. The Act was expanded in 2008 to included more crimes but also limited law enforcement from using State databases to search for relatives of a suspect, or familial matches. Maryland is the only state with such a limitation of state run databases.

Maryland’s new law will take effect in October 2021 and bars law enforcement from using commercial DNA databases to look for familial connections. Law enforcement will be required to exhaust all other avenues of identification and then make application to a judge. Police will also have to obtain consent from a person not suspected of a crime before comparing that person’s DNA to commercial databases. 

 

         _________________________________________________________________________________

 

In March 2019, Florida police identified a suspect in a 1998 cold case murder after a man submitted his fingerprints for a job application. Law enforcement had submitted unknown fingerprints from the murder scene to a National database. As fingerprints from crime scenes, criminal arrests, clearance, and background checks are submitted to the database they are checked against the fingerprints on file. Matches are then reported back to the submitting police departments.

Fingerprints

As detailed my blog, “National” Record Checks? there is not a national database of criminal records. There is, however, a database of fingerprints that matches to criminal records of individuals.  Maintained by the FBI and begun in 1924, the database contains the world’s largest database of fingerprints and associated criminal history. Up until 1999, the system was based on the manual collection, submission, and examination. Police would ink up a person’s fingers, roll out the prints on a card, and submit the card to the FBI. There, technicians would painstakingly, individually, examine the prints under magnification and check against known crimes or suspects. After which the cards were filed. When the system became digital it was possible to check the submitted prints against the entirety of the database. Unknown prints found at crime scenes could then been matched against previously submitted prints and suspects developed. If you have ever been fingerprinted your prints are stored in the system and checked against other submissions thousands of time a day. 

The Florida case happened that way. In 1998, police submitted latent prints collected from the murder site. For twenty years every fingerprint submitted to the FBI was checked against the 1998 submission. The killer had avoided being fingerprinted for two decades.

Familial DNA

DNA testing was first developed for use in paternity identification.  Police in England first used DNA in a criminal case in 1986. The first DNA conviction in the U.S. came in 1987. As with any new forensic test, court admissibility was tested early on. Over the years DNA identification has been accepted and the process of collecting and identifying made more efficient. What used to take weeks now only takes days.

In 2018, police and the FBI captured a man suspected of being a serial rapist and murderer in a multitude of cases from forty years ago. The case was broken through the use of DNA. The suspect himself was smart enough not to have his DNA logged into any DNA databases. Smart detectives realized that outside of justice system DNA databases there is a plethora of information being collected by private entities. Ancestral research companies provide DNA collection kits, which allow people to submit their DNA for comparison to other samples in hopes of finding family matches. You guessed it. The profiles are stored in databases so that they can be pinged during searches.

Checking crime scene DNA against public sources of DNA, police were able to get a familial match. That match narrowed the pool of suspects down to one family.  This method has been tagged as “genetic genealogy”.  After the familial match, through traditional police work, detectives were able to identify a suspect. 

Genetic genealogy also works to identify the victims of violent crimes. In 2019, Anne Arundel County Police identified the remains of a man who had been discovered in a trashcan during the construction of Marley Station Mall in 1985. Roger Kelso was believed to have been killed in the 1960s and buried in the woods where the mall would eventually be constructed. Police compared the victim’s DNA to samples in public databases to form the familial match. The long cold case is now active.

The same methods were used to identify the remains of a woman and children found buried in barrels in the woods of Allenstown, New Hampshire in 1985. Although law enforcement had long ago associated the victims to serial killer Terry Rasmussen they had never identified the victims. By using genetic genealogy police in 2019 were able to finally identify the victims as Marlyse Honeychurch and her daughters Sarah McWaters and Marie Vaughn.

As you can imagine privacy watchdogs are all over the issue of law enforcement having access to private sector databases.

Genetic privacy

Ancestry and 23andMe are the largest consumer testing providers. Both companies have policies in place that prevents law enforcement from having direct access to the databases. However, customers of both companies, hoping to grow their family tree, can upload their personal results to public databases. This is where law enforcement has access to the DNA results. Ancestral DNA companies are working to find balances. While they do not want to allow complete access to databases for misdemeanor crimes, companies do allow access for violent crimes. As law enforcement finds success they will rely more on these DNA databases.

Opponents of this kind of police work feel that the use of relatives DNA on public databases constitute unwarranted searches and thus illegal under the Fourth Amendment. State legislatures are paying attention as Maryland and a few others have had bills introduced to bar police from using relatives DNA to track criminals.

Fingerprints, DNA, facial, hair, optical, these are all methods of identifying humans as individuals. All were new sciences at one time. All have made their way through the world’s courts as legal ways of making identifications. They are most certainly other scientific discoveries that will be added to the list. The question is and always has been, Where does the privacy of individuals get compromised in the name of justice?

What we give up for convenience

If you think about it, who is the culprit in the multitude of personal data breaches? The hackers? The companies that failed to protect the data? Or is it ourselves for uploading our personal data in the first place? This really isn’t a proper question because we aren’t the culprits. But the point is that we, ourselves, allow more and more data to be collected by mega corporations. Sometimes it is innocuous as registering on a web site or app, which we cannot always avoid because in order to do business in the digital world we have to. What I mean by allow is two pronged. One, we are not outspoken enough about the Google’s and Facebook’s of the digital world collecting data. Facebook has seen a little backlash recently, but people will continue over sharing every detail of their life. But that’s the really big picture. 

Second, and more specific to personal security, is what we allow by making choices to upload or share personal data. We do this by plugging in the new smart TV without learning about its capabilities and without changing the settings. Or by installing the multitude of other appliances, cameras, digital assistants that we bring into our homes and plug and play. Anything you can talk to on demand and receive a response has to be listening all the time. Creepy? We will allow apps to track our location so that when we are in certain stores or near certain locations we receive notifications. As with listening, these apps aren’t waiting for you to arrive at a certain location, they are tracking and storing your every move until you arrive at the specific location.

How much privacy are we willing to give up?

Last month police and the FBI captured a man suspected of being a serial rapist and murderer in a multitude of cases from forty years ago. The case was broken through the use of DNA. The suspect himself was smart enough not to have his DNA logged into any DNA databases. Smart detectives realized that outside of justice system DNA databases there is a plethora of information being collected by private entities. Ancestral research companies provide DNA collection kits, which allow people to submit their DNA for comparison to other samples in hopes of finding family matches. You guessed it, the profiles are stored in databases so that they can be pinged during searches.

Checking crime scene DNA against public sources of DNA, police were able to get a familial match. That match narrowed the pool of suspects down to one family. Then through traditional police work detectives were able to identify a suspect. As you can imagine privacy watchdogs are all over the issue of law enforcement having access to private sector databases.

For some time Amazon has been offering package delivery inside of your home. Utilizing an Amazon smart lock, with the customer’s permission and knowledge, delivery personnel can unlock your door and drop the package inside. Of course, you are alerted each step of the process. Amazon recently announced package delivery to your vehicle. Currently the service is only offered to owners of GM and Volvo vehicles in certain cities.  The privacy we give for convenience. We allow cleaning and pet sitting services into our vacant homes but more than likely we have met the workers performing the services. I’m sure Amazon does a fantastic job vetting it’s employees. The point is we are giving complete strangers access to our homes and vehicles. We are then shocked and surprised when something bad happens. 

Check yourself

As with corporations and social media we gladly share and upload personal data, even our current location and DNA profiles. Trusting souls that we humans are we don’t cry foul until there is a breach or government overreach. Even though we are the ones that probably share a little too much.

You can’t always avoid uploading data or providing data through registrations. What you can do is be aware of what and to whom you are sharing. Monitor your financial accounts and pay attention to announcements of breaches. You may not be directly affected, but your other accounts may have been compromised through third party links to the breach victim.

Just as we are told to change smoke detector batteries at Daylight Saving Time, maybe we should get in the habit of doing online security checks every time there is a breach announcement.

Please see the blog archive for other posts relating to privacy.

There’s been a breach May 2018

How secure are apps? April 2018

One born every minute February 2018

Are you being watched? February 2018

Cleaning up your online presence September 2017

Public WiFi for dummies July 2017

Keys to the vault August 2015