In 2016, a woman in San Francisco was subjected to the intrusive process of a rape kit after suffering from domestic violence and sexual assault. She hoped that the kit’s collected sample would provide evidence against her assailant but never expected that law enforcement would use it against her.
The woman’s DNA sample was incorporated into the San Francisco Police Department’s database, and five years later, the police used this DNA to identify the woman as the suspect in a burglary case. The woman’s lawyer described this as “the ultimate betrayal and revictimization at the hands of authorities and people that she sought help and protection from.” Upon learning about the origin of the genetic sample, the district attorney dropped the case. The woman is now planning to sue the city, but one lawsuit is not enough to protect against similar invasions of privacy. Likewise, policy changes at the local level will not provide sufficient protection against these constitutional violations. Instead, the federal government must restrict law enforcement’s DNA collection, storage, and usage across the country.
Under the DNA Identification Act of 1994, only genetic samples from specific categories of people can be included in the National DNA Index System. These include convicts, arrestees, detainees, unidentified human remains, and missing persons and their relatives. A person whose data is in this database can petition for expungement if their conviction has been overturned or their charges dropped. Although there are strict privacy protections at the federal level, state and local databases are not subject to these same regulations. As the San Francisco case demonstrates, these databases sometimes include samples collected from victims of sexual assault.
Many of these databases include data collected from genetic and ancestry testing services. Although large companies like 23andMe and Ancestry.com have restricted government access to their data, lesser-known companies like GEDmatch and FamilyTreeDNA allow their data to be used by law enforcement. These companies technically give their customers the choice to enable law enforcement to access their data, but because customers are automatically opted in, many give up their data without understanding the gravity of their choice.
Supreme Court jurisprudence suggests that collection of DNA samples should be unconstitutional per the Fourth Amendment, which protects “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.” In the 1976 case United States v. Miller, the Supreme Court established the third-party doctrine, which states that individuals who surrender their information to a third party like a bank or internet service provider have “no reasonable expectation of privacy” under the Fourth Amendment. In the majority opinion, Justice Lewis F. Powell argued that bank records contain information forfeited to a financial institution and thus could not be defined as “private papers” protected by the Fourth Amendment.
In the 2017 case Carpenter v. United States, the Supreme Court limited the scope of the third-party doctrine, ruling that it does not apply to cell phone records indicating a person’s location. Writing for the majority, Chief Justice John Roberts acknowledged that reasonable expectations of privacy have transformed in the digital age, which makes precedent on this issue unreliable. Roberts argued that tracking locations through cell phone records is certainly intrusive enough to violate expectations of privacy, especially because cell phone users are often unaware of their providers’ data collection practices. Under Chief Justice Roberts’s logic, collecting DNA samples from genetic tracking services should also be found unconstitutional. A person’s DNA is more intimately personal than their location, and samples are often collected without the subject’s explicit consent.
One of the most common arguments in favor of genetic forensics is its ability to deter future crimes. Supporters argue that people will be less likely to commit minor crimes if they know that conviction for these crimes could put them in genetic databases and, in turn, connect them to future crimes. A 2020 study from the Manhattan Institute concluded that adding people convicted of violent felonies to DNA databases reduces recidivism by 17 percent over five years. However, this effect can only function if the databases are restricted to criminals. The DNA from the rape kit in San Francisco should never have been included in a database, as she was the victim, not the perpetrator, of a crime. If victims of sexual assault are made aware that the government can gain access to their genetic information when they report these crimes, these victims will be even further disincentivized to come forward with allegations. According to the Rape, Abuse, and Incest National Network, only 31 out of every 100 sexual assaults are reported. Given this dismal statistic, society needs to be encouraging women to report assaults, not discouraging them. Victims of sexual assault and domestic violence should not have to choose between reporting a crime and maintaining their privacy.
The use of genetic genealogy further complicates the issue. This controversial practice occurs when law enforcement finds a DNA sample of a criminal’s family member and uses it to identify a suspect. The most prominent example of this technique was the identification of the Golden State Killer in 2018, who raped and killed women from 1976 to 1979. Police finally determined the culprit when they discovered a partial match for the DNA found at the crime scene within a sample on GEDmatch. They then narrowed their search to this person’s relatives and identified Joseph James DeAngelo as the Golden State Killer. Though some hailed this as an impressive achievement of genetic forensics, others saw it as a dangerous violation of DeAngelo’s right to privacy and Fourth Amendment protections.
Even more egregious abuses of genetic genealogy have taken place in recent years. In Georgia in 2018, two detectives came up to Eleanor Holmes outside her house and asked for her DNA. They explained that they were attempting to identify human remains found in Florida that they suspected were related to her. Holmes consented and allowed the detectives to swab her cheek. Days later, she discovered that these detectives had lied to her: They were not actually identifying remains but rather trying to build a case against her son by matching his DNA to a sample found at a crime scene. Holmes felt betrayed by these police officers and believed that she was not informed enough to be able to consent to the sample collection. The lack of informed consent in this situation illustrates that, without strict regulations on genetic data collection, law enforcement will violate citizens’ privacy rights.
In 2021, Montana and Maryland became the first two states to pass laws restricting and regulating the use of genetic genealogy by law enforcement agencies. In Maryland, the new legislation allows the tactic to only be used in investigations of serious crimes like murder and rape, requires a judge’s signoff, and limits the investigators to using only genealogy websites that follow specific privacy policies. The Montana law is even more restrictive: Investigators must be issued a search warrant before obtaining search results from a consumer DNA database unless the information is from a consumer who has previously waived their right to privacy. These laws offer a roadmap for other states looking to safeguard the use of genetic data by law enforcement.
Although these new state laws are a step in the right direction, they are not enough to adequately protect our reasonable expectation of privacy. These laws focus primarily on the use of DNA samples. However, one of the biggest threats to our fundamental privacy rights comes from the very fact that law enforcement collects these samples in the first place. Congress must introduce legislation requiring state and local governments to adopt similar standards to those of the DNA Identification Act of 1994. Additionally, genetic genealogy should be more heavily regulated to prevent any possible abuse by law enforcement. At a minimum, the government should pass nationwide restrictions akin to those in the Maryland and Montana laws. If the federal government fails to act, no one in the country can be confident that their genetic data is not being stored somewhere in a government database.