Shostack + Friends Blog Archive


DNA Dragnets and Criminal Signaling

In responding to my comments about Truro’s DNA dragnet, with a fascinating discussion of signaling, Eric Rescorla writes:

Even if they’re not the perp, they may have other reasons not to have their DNA collected–for instance they’ve committed another crime that their DNA might match to. (The police say they’re only going to use the information for this particular crime, but criminals don’t typically trust the police).

There are numerous good reasons not to believe the police about this, not restricted to criminals. They include the rise of data aggregation businesses, such as Choicepoint. Choicepoint “somehow” obtained not only the Mexican voter lists, but the blood types of most everyone on it, in violation of Mexican law. This is not a new phenomenon: A great many hospitals, insurance companies, and test labs send data, by default, to the Medical Information Bureau.

The police are unlikely to be experts in writing privacy contracts, and so its likely that their agreement with a lab will not result in the lab doing what the police claim. Similarly, errors on the part of either the police or the lab are uncorrectable. If there are other genetic privacy issues (such as the true identity of a father), then that might come out. One may have a predilection towards a disease, and be keeping that private. Or you may not want to know. Once you hand over a DNA sample for testing, its impossible to get it back.