Security And Privacy Experts On Controversial Court Ruling Allows Police To Plunder DNA Database For Investigations

By   ISBuzz Team
Writer , Information Security Buzz | Nov 08, 2019 05:40 am PST

A judge has approved a warrant for law enforcement to access the database of DNA profiler GEDmatch, a landmark ruling which may have serious privacy implications.

DNA matches could provide the answers to criminal investigations gone cold; however, the question of whether the police should have access to the extremely sensitive DNA information of the masses in the quest for the few has raised a series of ethical and privacy complications.

Commenting on the ruling are the following security professionals:

Notify of
3 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Javvad Malik
Javvad Malik , Security Awareness Advocate
November 11, 2019 12:53 pm

This case can prove to be a double-edged sword. On one hand, having access to DNA data can be very beneficial, on the other hand, this does not bode well from a privacy perspective.

This is one of those issues which does not sit as black or white, but rather considered from a risk perspective. Much like how major tech companies like Google, Microsoft, and others, companies should only release information upon receiving a valid legal request. In addition, publishing a transparency report detailing the number of law enforcement requests annually would also be beneficial.

Ultimately, this does become a decision for individuals who use such services. Whenever one gives up personal data including DNA, the assumption should be made that the data can be accessed by law enforcement, if not today, some time in the future. And make their decisions to use such services accordingly.

Last edited 4 years ago by Javvad Malik
Paul Bischoff
Paul Bischoff , Privacy Advocate
November 11, 2019 12:50 pm

Genetic data is woefully under-protected by US privacy laws like HIPAA. HIPAA only applies to healthcare entities like hospitals, insurers, and pharmacies. GINA prevents discrimination based on genetic information but doesn\’t protect privacy. Ancestry, 23andMe, and GEDmatch aren\’t covered by HIPAA. The US needs a law like HIPAA to prevent all genetic databases from becoming police databases. People have a right to access health information related to their genealogy without fearing for their privacy and the privacy of their family members.

Last edited 4 years ago by Paul Bischoff
Brian Higgins
Brian Higgins , Security Specialist
November 8, 2019 1:45 pm

It might be reassuring for those using similar services in the UK to know that it would be highly unlikely that similar access would be granted here. Law Enforcement must make a very strong case for the granting of Warrants by the UK Judiciary. In cases such as these they must be able to justify necessity, proportionality and also satisfy the Court that they have sufficient processes in place to manage and mitigate any collateral intrusion their investigations may cause. This means that, rather than gaining access to an entire database and being allowed to data-mine its contents at will, it is more likely that UK officers would have to identify the specific information they required and rely upon the host to provide it.

Last edited 4 years ago by Brian Higgins

Recent Posts

Would love your thoughts, please comment.x