by Beau P. Sperry, Megan Allyse & Richard R. Sharp
Biometric surveillance is rapidly becoming an integral component of national security policy and practice. Biometric surveillance can include fingerprinting, facial and voice recognition, and iris scans. In 2002, in response to the September 11th attacks, the United States passed the Enhanced Border Security and Visa Entry Reform Act, which requires visa applicants to submit ten fingerprints to a national security database. Japan has been collecting fingerprints from its visitors since 2007 and many European nations are following suit, including the United Kingdom. Singapore began fingerprinting visitors in 2016, while the United Arab Emirates has gone a step further and now collects iris scans. Across the globe, national biometric databases are expanding, such as India’s Aadhaar program, which has gathered fingerprints and iris scans on more than one billion Indian citizens.
In recent years, countries like Kuwait have expanded biometric surveillance to include genetic data. In 2015, the Kuwaiti government enacted a law mandating the collection and retention of DNA samples from all citizens, residents, and travelers to Kuwait. The law was passed in response to a suicide bombing at a Shia mosque in Kuwait City that killed twenty-seven individuals and wounded 227 more. The goal of the law is to support national efforts to identify terrorists and to provide a resource for the identification of human remains in the aftermath of a major terrorist attack. Such laws signal increasing awareness of the potential utility of DNA analysis in national surveillance and security activities.
Unlike other identification methods, DNA provides a unique, unalterable, and easily obtained means of identification: even a small buccal swab can provide identifiable DNA for years. These features make DNA a powerful tool in efforts to identify persons of interest. In the US, the FBI’s Combined DNA Index System (CODIS) contains twelve million DNA profiles from convicted felons, arrested persons, and individuals accused of crimes. The US Department of Defense also maintains a database of over one million DNA samples for use in identifying the remains of armed forces members.
Increasingly, there is precedent for using large DNA databases, including databases created for non-surveillance purposes, in criminal investigations. Both the Danish and Swedish governments have allowed law enforcement officials to access genetic data contained in research databases for use in criminal. Although examples of such uses are not common, the extent to which DNA databases have been used for law enforcement purposes is unknown, since most databases do not require that contributors to research collections be informed about secondary uses of their biological specimens or genetic data.
Critics of mandatory collection of “genetic fingerprints” for biometric surveillance worry that laws like the one in Kuwait go too far. A 2012 report by the Electronic Freedom Foundation argued that “DNA presents privacy issues different from those involved in other biometrics collection … [since] it can contain information about a persons’ entire genetic make-up, including gender, familial relationships, … race, health, disease history and predisposition to disease”. Other critics, such as Sarah Leah Whitson, Middle East Director of Human Rights Watch, have described genetic fingerprinting as “a massive infringement on human rights” due to the scope of private health information collected and the potential for its misuse. In contemporary political climates where concerns about national security increasingly predominate, these and other concerns about individual privacy may be insufficient to dissuade legislators from pursuing DNA-based biometric surveillance.
In striking a balance between the promotion of national security and the protection of personal privacy, policymakers may find it useful to seek help from two groups of experts who have wrestled with the balance between individual privacy and public benefit for years: human geneticists and bioethicists. To limit privacy-related threats, DNA-based biosurveillance systems should not include large portions of an individual’s genome or retain biological materials that could be used to conduct such analyses in the future. Instead, a minimally necessary subset of genetic data should be collected and stored. Such a dataset would allow for the identification of persons of interest but would not be capable of producing additional insights into the medical or biological characteristics of the individual from whom the sample was collected. Genome scientists can contribute to DNA-based biosurveillance by clarifying the levels of personal identifiability that are achievable using various methods of DNA analysis and amounts of genetic information. Determining the smallest amount of genetic variation needed to accurately identify an individual in a large population database would eliminate many of the privacy concerns associated with such policies.
There are other threats to personal privacy and public safety, however. Biometric surveillance databases include large volumes of digital information, whose security can be compromised and the data misused. Governments looking to implement DNA-based biosurveillance programs will need to develop robust security protocols to ensure the privacy and well being of their citizens. Bioethicists can help policymakers to mitigate these dangers, drawing on their considerable experience examining issues of privacy in DNA biobanking and electronic health records. Bioethicists, economists, and national security experts should also collaborate to determine if compulsory DNA collection is a worthwhile undertaking given the lack of demonstrated efficacy and high social and economic costs associated with such programs. If there is strong public consensus for implementing DNA-based biosurveillance, then experts from the bioethics and scientific communities should be enlisted to develop protocols that can help contain the costs of such a program.
One of the most effective measures in genetic research has been the inclusion of public consultation and engagement in the process of creating large DNA databases. Many studies have shown that individuals view genetic information, rightly or wrongly, as more sensitive than other types of personal information. Given these heightened concerns, governments should present clear reasons for compelling its visitors and citizens to provide DNA samples for biometric surveillance, including a description of the circumstances in which such information would be used and by whom. Public engagement could help inform the development of an ethically robust policy for DNA-based biosurveillance that preserves individual privacy while aggressively protecting against threats to national security. Without such a dialogue, DNA-based biosurveillance may extoll a heavy cost in reducing our personal privacy, with implications for all of us.