Saturday 18 May 2019

Civil Liberties vs The Greater Good

It's been a year since Law Enforcement Matching (LEM)* has resulted in the identification of suspects in at least 50 cases of violent crime in the US. [1] The power of genetic genealogy techniques to solve these crimes is truly amazing and is a real game-changer for law enforcement (LE), not just in cold cases but in active cases where the perpetrator is still at large and may offend again. [2,3]

But against this are the growing concerns about infringement of civil liberties, in particular lack of informed consent and intrusive police procedures which may unfairly target innocent people. These are legitimate concerns and need to be addressed. [4,5,6]

Previously I have suggested a very cautious, conservative approach to law enforcement use of the genetic genealogy databases. [7] In this post, I'll take a broader look at the overall Benefit Risk Ratio of Law Enforcement Matching and explore how this can be further improved by appropriate Risk Minimisation.

The potential Benefits of Law Enforcement Matching are many:
  1. It helps solve "cold cases" of violent crime where the victim has been killed or raped or both. This can bring closure to the families involved and save a huge amount of time and money for LE, thus allowing limited police resources to be used more efficiently.
  2. It can help solve "active investigations" where the rapist or killer is still at large, and thus helps remove violent criminals from the streets, potentially preventing further violent crime and loss of life. [2,3]
  3. It is the certainty of being caught rather than the severity of the penalty that stops criminals from committing crimes in the first place. The advent of LEM has created the possibility that many criminals will now think twice before committing a crime because of the very high risk of being caught using LEM.
  4. By reducing the risk from active violent criminals and by serving as a deterrent, it makes the society we live in a safer place.

These are the Benefits. What are the Risks?
  1. LEM is being undertaken without the express Informed Consent of a sizeable number of people within the genetic genealogy databases (possibly the majority). This is because some of them are deceased, some people have not read the revised Terms, and some kits are managed by other people who are making the decisions for them. And there are probably other reasons also.
  2. The recent Utah case [2,3] illustrated that Gedmatch was in breach of its own Terms. [4,5] Gedmatch argued that this action was justified, given the violent circumstances of the case concerned. Others have argued that this is a slippery slope [5] and that soon non-violent crimes will be the target for LEM. This raises fears of inappropriate and intrusive police action and an increased risk of inappropriate or wrongful targeting, and even wrongful conviction.
  3. Some people have moral objections to the death penalty and would not like to see their DNA being used to identify criminals whose punishment would be death.
  4. If LEM is not carried out with appropriate oversight and safeguards, there is a risk that it will be "shut down", thus depriving society of a very powerful tool for crime detection and prevention, and denying future generations the potential benefits that it may provide. Update: as of Sunday 19th May 2019 (the day after this post was written), everyone in the Gedmatch database has been automatically opted-out of LEM. A process will be instituted in the next week or so to allow people to actively opt back in.
  5. LEM does not guarantee anonymity of the "passive genetic informants". Brandy Jennings will always be known as the woman who helped convict her cousin. Her name is out there. Forever. This puts her at risk of revenge attacks, unwanted media intrusion and public scrutiny (like this blog post).

If LEM is to survive and thrive, there needs to be a process of Risk Minimisation in order to optimise the Benefit Risk Ratio. So how do we minimise each of the Risks identified above?

Let's take a look at Informed Consent  The first important point to make is that the requirement for Informed Consent is not absolute. In medicine, if someone arrives unconscious at the Emergency Department and needs an urgent blood transfusion to save their life, the doctor can order for such an infusion to be given without the patient's consent. And in most circumstances the patient will thank them for saving their life. But there are exceptions - if the patient later turns out to be a Jehovah's Witness then they may be very upset by this course of action and may attempt to sue the hospital. However, if it can be shown that the doctor "acted in good faith" and provided a reasonable standard of care, then he should get off the hook.

So this raises the question: is the requirement for Informed Consent absolutely essential in the situation where a murderer may kill someone again unless they are caught quickly? My gut feeling in this case is: go ahead and catch the murderer. The requirement for Informed Consent is not absolute in this case. Not to proceed in this fashion risks another murder ... and how would you explain to the victim's family that you did not catch the killer when you could have, because of concerns over Informed Consent? Would they buy your explanation? Would they agree that "Mum had no option but to lose her life because Informed Consent wasn't obtained?" I don't think they would agree with that line of logic. Rather they would say: you should have found some way around it. You should have made it happen. You should have found some solution.

And that is where we now stand: how do we find a solution to this issue? who determines if the Right to Informed Consent is absolute under these circumstances? 

In the UK, Biometric and Forensic Ethics Group (BFEG) is discussing the application of LEM to policing in Britain, following the receipt of many enquiries. In the minutes of their September meeting, they made the following statement:
The BFEG cautioned against using this approach in the UK. Asides from the issues of incompatibility of testing carried out in an unaccredited environment, the ethical issues of using DNA profiles provided for genealogy purposes were considerable.
Whilst this statement clearly recognises the ethical issues involved, it does not suggest any means by which they might be resolved. One also wonders to what extent the BFEG were sufficiently informed about the way that LEM operates in practice such that a comprehensive evaluation of the Benefit Risk Ratio could be made. There is also the consideration that LEM may not be as urgently required in the UK (for example) as it might be in other jurisdictions due to the relatively lower rate of violent crimes and the relative greater potency of the national forensic database.

The second risk described above is the risk of inappropriate or wrongful targeting. Gedmatch breached their Terms of Service. And they did so for justifiable reasons. And many people will agree with those reasons and the subsequent actions, and many will not. The remedy is quite simple: change the Terms, apologise to the customers, move forward. Most people will be happy with that. Some won't.

However, it does raise some very important questions. First off: who is the Gatekeeper? 

Who decides whether or not LE can use the database? Should it be a single person (as in the case of Gedmatch)? or should it be a group of people, a committee perhaps? But then who decides who sits on such a Committee? Should I be on the Committee? Should I make decisions for what the FBI can and cannot do? Do I have the requisite skills and experience? Who does?

In the UK, should the BFEG decide on which cases can make use of the commercial DTC databases and which cannot? Do they have the requisite skills and experience?

In the US, does the FBI have a Committee that decides what cases can and cannot be progressed? Does Parabon? Does Bode? Are the terms under which such committees operate transparent? If not, how do we know if they are reasonable? And one final question: are the workings of such committees overseen by an appropriate authority? 

Who gatekeeps the Gatekeeper?

Thus there is a need for a clearly defined process with appropriate stops and checks. And there is a need for transparency so that public confidence can be attained and legitimate fears and concerns can be minimised. I would feel a lot safer if there were processes in place that would help minimise the risk of inappropriate use of the databases. It would also take the burden off the CEOs of Gedmatch and FTDNA (and the other commercial companies).

Which brings us to the risk of inappropriate or wrongful targeting. This has always been a problem with police forces everywhere. Often they get it right, but often they get it wrong. And sometimes they plant evidence to get the conviction they desire. We've all seen it in the movies.

There have been several cases where genetic genealogy has been used to target the wrong person. People often say: DNA doesn't lie. But what these cases have shown is that it can certainly be misread, misinterpreted, misunderstood and misconstrued. It can lead you on a wild goose chase, barking up the wrong tree. And that can cause harm. Michael Usry suffered the distress of unnecessary police intrusion, anxiety while waiting for the DNA results that could potentially convict him, and potential damage to his career and reputation despite being exonerated. His name is out there. Forever.

Here's another consideration: if you are a police officer, and you are certain that someone has committed a crime but there isn't enough evidence to convict him, just plant some of his DNA at the crime scene. Or at any appropriate crime scene for that matter. Frame him with his own DNA. Put him behind bars, where he deserves to be. The new technology allows this. [8] It may even have been done in the past when only standard forensic DNA tests were available. Has a movie been made about that?

The Innocence Project has had 350 exonerations to date - 20 of them were on death row. So clearly there is a risk of wrongful conviction and the death penalty. It may be a small risk, but IT IS THERE. And it needs to be minimised. 

But is this more a problem of the criminal justice system than the actual use of LEM itself? Yes, it is. LEM doesn't kill people, people kill people. But the context within which LEM is applied needs to be taken into consideration. In those jurisdictions where the death penalty is not enforced, LEM will not result in deaths due to wrongful conviction (unless the innocent convict is killed in prison). But in those jurisdictions where the death penalty is enforced, then there is a definite risk of wrongful death. How can such a risk be minimised?

Furthermore, we need to think beyond the English-speaking world. Most commercial DNA tests have been done by people in the US, followed by smaller percentages in the UK, Ireland, Canada, Australia and New Zealand. LEM is more likely to be successful in the US, less likely in the other English-speaking countries, and much less likely anywhere else ... with some rare exceptions. Sweden, for example, has had a large proportion of its population tested. Iceland has had practically the entire population tested. Kuwait tried to test the entire population but their efforts were overturned by their Supreme Court. China has surreptitiously tested 50 million people (i.e. no informed consent) and has used the data to send members of the Uighur minority to "Re-education Camps". 

To what extent are we responsible for this?

Who is looking after the planet?

The last Risk identified above is the loss of anonymity for "passive genetic informants". The Brandy Jennings case was cited. Her name appears on a Search Warrant that was obtained by the Press under Freedom of Information legislation and was made public. This exposes her to revenge attacks as well as unwanted Press intrusion and public scrutiny (like this blog post). 

The Take Home Message is: by allowing your DNA to be used for LEM, you risk being named in the newspaper and on TV. Does that give you pause for thought? It does me.

This is definitely a risk and it definitely needs to be minimised. But is this more an issue relating to the nature and culture of how the Press reports than the actual use of LEM itself? Yes, it is. And again, the context within which LEM is practiced is all important. What is a risk in one country may not be a risk in another. And this emphasises the need for a global perspective in relation to LEM and the context in which it is practised.

How could this Risk of loss of anonymity be minimised? Well, it would have been nice if the names of the "passive genetic informants" had been redacted. Should someone have done this? Who is responsible for safeguarding the anonymity of the "passive genetic informant"? Does anyone know? Someone should change the Policies and Procedures of the FBI and other relevant LE authorities such that safeguards are put in place to minimise the risk of loss of anonymity and such that Privacy for those in the commercial database can be optimised.

It is only by minimising the risks associated with LEM that the Benefit Risk Ratio for its continued use remains optimal. And this helps safeguard the future viability of this incredibly powerful tool that holds the promise of making society a safer place for this generation and the ones to follow.

Maurice Gleeson
May 2019

* LEM, Law Enforcement Matching refers to the use of the genetic genealogy databases (e.g. Gedmatch, FTDNA) by law enforcement officials to help identify perpetrators of crimes, usually "cold cases" involving rape or murder.
[7] Maurice Gleeson: My input to FTDNA's Citizen Panel ...
[8] DNA Evidence Can Be Fabricated, Scientists Show (NY Times, 2009) ...