|
P R O C E E D I N G S
Professor George Trubow CHAIRPERSON ABRAHAMSON: Unless any of the Commissioners want to say anything at this point, we will move into our agenda and call on Professor George Trubow, Director of the Center for Information Technology and Privacy Law at John Marshall Law School. You have in your packet of materials Professor Trubow's resume. He is well known and speaks widely on the law of information technology. Chris says you were suggested to us by the American Bar Association. George thinks I suggested him. MR. TRUBOW: Thank you. Thank you very much, Justice Abrahamson, Committee members. I'm pleased to be here today to discuss DNA in connection with identification, specifically regarding privacy issues in connection with it, which is what I understood the focus to be when Chris Asplen called to ask me to participate. I also want to thank Chris and the Commission for putting me up front on the agenda. I've got to get back home for some other obligations that I have undertaken, and I appreciate being able to get in and out early. I'm going to restrict my -- I don't have a written statement for you. I didn't get notice of it until fairly close to the time of being here, and I was busily engaged in this other project that I have to deliver on Monday. So my statement is going to be oral and we can depend on the transcript. But my perception was what would be most important would be I could summarize very briefly my opinions in connection with DNA and privacy issues, as identified, and the discussion would probably be more meaningful to you, and I'd be pleased to respond to any questions that you might have in connection with the opinions I share with you. As you could tell from my resume, my opinions are based upon about 30 years experience in analyzing and developing law and policy in connection with personal information, information systems, and privacy. Before I tell you my opinions with respect to three specific questions, let me make some definitional notes regarding terms that I am going to use. The definitions I am going to give are, I think, of generally conventional wisdom and I don't expect there is anything that's going to be new there, but I want you to understand the context of my comments when I use those words of art. First of all, at the very basic level, an identifier is anything which identifies a particular individual, and I categorize identifiers essentially of two types. One type is biometrics and biometrics identifiers describe physical characteristics of a data subject, and they are such things as fingerprints, iris scan, the configuration of face and ears, voice. All of these physical attributes are biometrics identifiers and indeed link directly to a data subject. The other group of identifiers I refer to as behavioral, and these are kinds of identifiers that describe a person in terms of his behavior and what he does. For instance, I would classify his behavior as such things as name and address, occupation, the information in connection with a person's behavior as he exhibits it by transactions in which he engages and a whole variety of things like that, the property he owns, whatever. I'm going to be discussing identifiers in connection with personal information and I define personal information as any information which can be referred to an identifiable individual. What's important about that definition is that it's not the content of information that makes it personal, it's its reference and if it describes an identifiable individual, then I consider that information personal. Confidentiality is a word that is used frequently and often not enough, and confidentiality refers to information and if information is confidential, it means that that information can be viewed or accessed by only specific individuals for specific reasons. Of course, privacy may be one reason that information is confidential. There may be other reasons for information to be confidential, state security might be one, financial confidentiality, a variety of reasons. Public information, on the other hand, is information which is available to anybody for any reason. If it's public information, then there are no constraints on its distribution or on access to it. Privacy is a characteristics of individuals. It describes individuals. I summarize it by saying privacy really involves the personal rights one has to exclusive territory and as all of you, I think, know, privacy is not an absolute concept and the individual's rights to exclusive territory and to control information about him or herself depends upon the circumstance. It's very, very case oriented in terms of the values that lead us to decide whether or not, under any particular set of circumstances, an individual is entitled to raise a privilege of privacy. Security is another word that's frequently used, and that refers to information systems, and if an information system is secure, and that usually happens by technology or those kinds of protocols, it means that information in that system is protected from unauthorized access, alteration, or destruction. Security implements protocols of confidentiality. So that if information is confidential, then security protocols assure that the information in that system will be available only to those people and under those circumstances described in the protocol. When we talk about personal privacy, then the way they all fit together is that system security assures that confidentiality constraints will be observed, and this, in turn, protects personal privacy when the constraint on access is privacy. With that as the background, then let me turn to three questions which I believed, in the brief discussion I had with Chris, were responsive to my role here. What I will do is pose those questions and answer them and that will pretty much complete my statement. Then I'm ready to talk with the members about whatever issues you may want to raise. The first question, and I'm couching this in law enforcement terms, as law enforcement agencies being the actors involved here, question number one, is it okay to collect, for identification purposes, DNA samples from everyone arrested? My answer to that question is yes; that it's okay to collect, for ID purposes, DNA samples from everyone arrested. Second question. Is it okay to keep the DNA code -- that is, the translation into understandable integers or letters, the identifying code -- is it okay to keep the DNA code for ID purposes on record indefinitely? My answer to that is yes. The third question. Is it okay to keep a DNA sample for ID purposes indefinitely? My answer to that question is yes. Now, there may be policy reasons for limiting any of the answers that I have given in terms of, for instance, if a DNA sample kept for an inordinately long time loses its credibility, well, then it doesn't make much sense to keep it. But my point is so long as a DNA sample is viable, my opinion is that it's okay to keep it indefinitely. Is it okay to take DNA samples from arrestees? Now, it may be because of public policy reasons, public response, perception, a decision might be made we're not going to take it from very arrestee, we're only going to take it from certain kinds of arrestees or we're only going to collect it after someone has been convicted or whatever the limitations may be. I simply want to make it clear that from my perspective, my opinion is that it's okay to collect DNA from anyone arrested. I know David Kaye, later on, is going to present a fairly thorough paper regarding legal issues in connection with taking DNA. But essentially that's my opinion on those questions and I've said what I have to say. CHAIRPERSON ABRAHAMSON: What do you mean by okay? MR. TRUBOW: Okay is a summary, Justice Abrahamson, of my perception of law and policy; that the legal constraints are not such nor are the policy constraints such as to make my answer yes infeasible. There's a little wiggle room in there. COMMISSIONER REINSTEIN: What happens if the defendant who is arrested is later not charged, acquitted, case dismissed against him, do you think that -- what should happen to the sample at that point? MR. TRUBOW: This is largely a question of public policy with respect to, number one, the record itself of those events and, number two, the ID file; that is, the identification of that particular individual. Those are separate questions and basically not interdependent. For instance, I have an FBI file that was started when I applied to be a lawyer and had fingerprints taken for the purpose of finding whether I had any criminal record and having had my fingerprints taken, an FBI ident number is assigned to me and there is an identification file on me in the sense of these are the fingerprints of George B. Trubow, and that stands alone, without any reference to any other sort of record that may be in the Federal Government. Now, to get to your specific question. If someone has been arrested and decisions are made not to charge him, the question that is raised, as a policy matter, is whether or not there is reason to expunge that record or to seal it, out of deference to the individual. It may be that the record will be expunged or sealed, whatever device may be used, but yet the identifying file will remain; that is, the fingerprint or the DNA code identifying that person could be maintained an ID file for future reference, if it ever became necessary to examine identity and to discover whether or not any sources of DNA on file indeed were the same sources as were produced by new DNA evidence or other biometrics identifiers. Is that helpful? COMMISSIONER REINSTEIN: Yes, it is. But to remind me, David Ware, in Great Britain, has said that when somebody is arrested, that they then delete that person's profile from their database. DIRECTOR ASPLEN: Yes. I believe if that person is ultimately exonerated or not charged, that they are taken out of the database, as I understand it. David Coffman, I see in the back there, he would probably have a better idea of that than I. Is that correct? MR. COFFMAN: Yes. The policy is that if they're arrested, the samples are taken and analyzed and then once they're exonerated, if they're exonerated, then the sample is removed. DIRECTOR ASPLEN: Thank you. COMMISSIONER DAVIS: The sample or the record of the sample? MR. COFFMAN: The sample and the record, I believe. But the sample is searched a lot of times before the case ever goes to trial. COMMISSIONER SMITH: I wonder, in your opinion, whether it's okay to do those things, to take and analyze and save from somebody who is arrestable, but whom you do not arrest. MR. TRUBOW: My opinion goes to arresting someone, because I believe if the legal process is invoked -- that is, if a police officer decides to invoke that process by arresting someone, well, then I believe that identification can be taken at that time. Indeed, I would insist it must be taken at that time, to be sure that you can guarantee the identity of the person whom you have taken into custody. I think that's important. COMMISSIONER DAVIS: Let me ask a question. The reference to fingerprints, the person is arrested, they're routinely fingerprinted. Now, those fingerprints, they're not expunged later if the person is not charged or is exonerated. Those fingerprints remain in an ID file, that's my understanding. Is that correct in England, as well? I would assume it would be correct. Now, from my perspective, as a person who tries to identify unidentified bodies, those files are invaluable. We use fingerprint files as part of our identification procedure in aircraft crashes. It doesn't matter they have been fingerprinted because they've been arrested or because it was a civilian fingerprint. A fingerprint is a fingerprint. It's an ID file. It's extremely valuable from the public service. If we have a similar program set up for DNA, where the DNA records are kept as ID records, similar to fingerprints, I don't see what the public harm is and I can see what the public good is, at least from my perspective. That brings up another question I would ask. We are concerned about the privacy and the misuse of DNA in these arrestee situations. Actually, in the ID file, DNA as an ID file item, we're concerned about misuse of that. Do we have a track record that shows that there is a consistent misuse of the fingerprint ID files? I think not and I think the same thing applies to DNA. I don't think there will ever be a misuse and if there is, it would probably be a minor glitch and would be taken care of. I know the FBI does not like their fingerprint or their reports, so-called rap sheets, they don't like those spread all over the landscape and I don't see them being spread all over the landscape. But it seems to me that we're talking about setting up DNA as a totally separate ID entity, with some peculiar basis of it, whereas if you can identify somebody with a fingerprint or whether you can identify them with a DNA record, identity is identity. The real question is, is there a potential for misuse to the harm of innocent people of the DNA that is on file in an ID record. I'm not talking about any other type of record, just the ID record, analogous to the fingerprints. I would like to see that addressed by someone who knows what's going on, because if there is a misuse that is peculiar to the DNA, what is it? MR. TRUBOW: Let me comment on that. First of all, generally, with respect to the tenor of what you said, I'm in agreement with that and all of my positions that I gave you in those three questions, all of the, of course, were conditioned upon DNA being used for identification purposes. Now, the thing that makes DNA more sensitive is that when you're dealing with a fingerprint, the only information that you get from the fingerprint is the fingerprint itself. But as we knowledge, DNA, which is a composite of genetic information, may transmit additional information other than the ID information; are these two samples from the same source. Now, what I understand to be the latest technology, the STR technology, which uses a more limited series of strands, in fact, doesn't have as much genetic material in the profile as prior techniques and doesn't give as much information in terms of predictability regarding somebody's health or whatever else. This primarily has been the context, I believe, of people's concerns about DNA, that don't travel with a thumbprint, as you know. If you've got my thumbprint, you don't know if I'm susceptible to heart problems or not. But if you get a look at the right part of my DNA, you may get information about that. But to whatever extent DNA sample is used, and the extent I'm talking about is how much you need in order to make a positive identification, if it is used only for ID purposes, then whatever other information may be available there would only be the result of misuse, as you have pointed out, and I would trust our protocols that should be applied to the agencies that maintain that information are such as to make it clear that they don't distribute that information. I'd make this final comment. In fact, my own opinion is that law enforcement agencies are extremely protective of information they have. They don't like to spread information they've got. Even when they're supposed to, sometimes it's tough to get it from them. So that ethic has been there for a long, long time, and the experience I've had with law enforcement has not indicated that, as a matter of policy, they're making information available in circumstances where it ought not be. CHAIRPERSON ABRAHAMSON: Sheriff Kennard. COMMISSIONER KENNARD: Professor, your three questions put you at direct odds with the ACLU. I don't know if you're aware of that. But we had a presentation and we have in our packet a paper that came from Barry Steinhardt. He is suggesting that we, the Commission, take exactly the opposite stand that you have taken, especially in regard to keeping of the sample. I guess if there is any suggestions you could give us, and I read from his page, his comment, "In light of the absence of Federal uniform national laws protecting the confidentiality of genetic information and providing relief from genetic discrimination, it is essential that the Commission make recommendations that limit the possibilities for the abuse of genetic information." You have touched on that already and I guess what we, the Commission, ask from you and other presenters is if there is any recommendations, other than what you've already said, that we in law enforcement have no propensity for using this other than for identification purposes. I have no intentions of releasing any of this type of data to anybody. And you're absolutely right; I'm hard-pressed to release information to anybody unless I absolutely have to. So we in the Commission I think are struggling or need information that would let us make that decision or recommendation to the Attorney General in regards to, just as you suggest, because I couldn't agree more with your three answers of we need them, let's keep them, and I'm inclined to want to take a sample from every arrestee when they come through my jail. So if there is anything that you could recommend to this Commission in regards to assisting us in making these recommendations, we would sure appreciate it. MR. TRUBOW: We have, I think, a lot of examples of access protocols to databases themselves in the criminal history record environment and essentially what your recommendations ought to be, I believe, is that DNA ID records are to be used only for ID purposes under the direction and supervision of the law enforcement authority that possesses that DNA record, and that the DNA information is to be distributed to nobody else for any other reason than identification. And if it's required to be distributed to anybody else as a result of court order or something like that, then that order should carry with it a restriction against secondary disclosures, anybody passing that information on to third parties. And the particular protocols that will be put in place in any particular department will be those kinds of things to assure the technology and the procedures that are followed to be sure that nobody who is not authorized, for ID purposes, to examine the DNA file, in fact, examines it. COMMISSIONER BASHINSKI: Can I ask one question? Back to your earlier discussion about information that's in DNA that isn't in fingerprints, and I'll give you a fact pattern. You search a DNA databank with four RFLP probes and you find seven out of eight of the bands in a person's sample match a crime scene sample, which is a very strong indication that the source of the sample is a close relative of the individual that is actually in the data bank. What use, if any, would be appropriate for that information when the individual who, quote-unquote, would match the sample is not in the data bank? MR. TRUBOW: My answer to that would be it falls in the area of investigative information, which law enforcement authorities use for rounding up suspects whenever they have a crime and not an identified suspect. I think as you all know, there are a variety of techniques they use to try to identify who might be in a suspect pool, questioning people to find who do you know and who else might have had access to the victim, bla, bla, bla, bla, bla. And if indeed you collect a DNA sample which indicates that though you do not have a perfect match, it appears that this is the blood line of somebody you do have in your file, my expectation is that your suspect list has been increased and that law enforcement will examine people in that blood line to discover whether or not they have access and all the kinds of things that they examine. COMMISSIONER BASHINSKI: Would you think that the restraints or constraints that are there, in addition to the use of the material for identification only, would then include that the only DNA information that be in the file would be that which is of value for identification purposes? Because I think that's where there is a big misunderstanding in the public at large, because the actual information that we have in these files really doesn't give you medical information, even now with regard to the RFLP or with STRs. That if that were a formal requirement in every state's laws, would you think that would be an adequate additional safeguard? MR. TRUBOW: Yes. I believe that that would be a useful additional safeguard and I also agree with you that a lot of the concern and worry stems from, number one, a misapprehension as to the extent of the information contained in a DNA ID sample and then, number two, concerns in segments of the population about the reliability of the government and whether or not the government indeed can be trusted to properly protect that information. In those instances, I tend to comment that in terms of government action, at least we have a Constitution and if we're talking about the private world, we have very little protections at all. But nevertheless, that doesn't mean that many, many people are not concerned about the reliability of government. COMMISSIONER ADAMS: Could I put a slightly different spin on a comment that you made? You seem to imply that older technologies, like, I assume, RFLP technologies, had more DNA information and, therefore, had the potential of relating to health issues, whereas the newer technologies, STRs, look at smaller bits of DNA and, therefore, do not hold out to be a health identifier. When, in fact, forensic laboratories, something that we've all be very sensitive about, forensic laboratories have, from their very beginnings, stayed away from any health-related identifiers with all the technologies that we've used to date. MR. TRUBOW: I hasten to point out that I am not an expert on DNA technology and just as I -- I don't know how to fix a computer, but, boy, I know a lot about law and policy in connection with what it is computers can do. So I do not mean to imply that what's there now, in fact, is a big resource of personal health information, but that is what the concern of the public is that, indeed, it may disclose information that would encourage an employer not to hire him or an insurance company not to ensure him or her should that information be used for other than ID purposes. CHAIRPERSON ABRAHAMSON: Maybe that's the distinction between the first two comments and the third as to samples, because the sample would, right? And the other two would not, is that right? COMMISSIONER SMITH: It seems to be like holding onto the finger to take the sample. It does seem like a different type of thing. COMMISSIONER REINSTEIN: Professor Trubow, at the last meeting that we had, I'm going to play Phil Reilly here, since he's not here today, and I agree with you as far as the identification issues. But the issue is the sample and one of our recommendations is an infusion of money to maybe have private laboratories clear up some of the backlog. So the samples will not always be with law enforcement. One of the things, I think, that Dr. Reilly talked about at our last meeting was that, let's say, Cellmark Laboratories does thousands of these and then the profile is put into CODIS, but they retain the samples, and let's say five years later, three years later, Mutual of New York buys Cellmark Laboratories or whatever their parent company is, if there is one, and, Lisa, you probably know. And if Mutual of New York buys that, do they own the samples and shouldn't there be something that Congress does that there has to be some legislation to protect those samples, because otherwise can't they then do anything that they want to with those samples since they own them? MR. TRUBOW: I think that the answer to all the questions you put is yes. The possibility exists and indeed the law should be precise. When, for research purposes or similar purposes, information is disclosed, a lot of times, we -- but now we're more in the department of looking at an information database than we are an ID database. But one question, we had the protocols that we were putting in place when we were developing guidelines regarding access to criminal history record information, we recognized that it often would be the case that researchers would want criminal history record information for the purpose of doing recidivism studies and whatever else might be useful with respect to predicting or understanding human behavior in connection with crime and delinquency. We required that research user agreements be executed and the most important aspect of those were to make it clear to the researcher they were to use that information only for the purpose of conducting this research. It was not to be disclosed to anybody in individually identifiable form. Now, the one kicker you pointed to is that in the case of DNA, you're giving a sample to somebody and they have the ability to retain some of that. I think it should be made clear that that would be a violation of criminal sanctions to do that and samples should be destroyed or returned to law enforcement authorities. COMMISSIONER BASHINSKI: The other issue, too, is what information do you provide with the sample and if you're providing coding samples, which certainly we would do if we were ever to send a sample out, there would be no identifying information that that testing laboratory would ever see that would connect that sample with an individual. Again, these are the kind of prescriptions you would put into your legislation that would constrain the law enforcement agency as to what it could and should release and what it has to retain. MR. TRUBOW: And let me add another point on the business of the samples. An important utility to a sample is to deal with the march of technology and, of course, I'm most familiar with it in the information environment and what's happened in the electronic digital world, where the technology advances at such a dizzying rate we can hardly keep and every day there is a new revelation of some new thing that can be done using digital electronic technology. Although that technology with respect to DNA has advanced much more slowly than that, nevertheless it has advanced and I am in no position to predict what, in fact, we may learn as a result of the human genome project and its ultimate completion. So it may be that new technologies will make it easier to classify or will classify in different ways DNA samples and I think it's important that a sample be there for the new technology to be applied to that sample, and the DNA code index can then be updated and revised. Also, in the event there should be some challenge with respect to the validity of the DNA code as a result of the testing process, it can be done once again. I believe those are important reasons to keep hold of that sample, for ID purposes and under strict protocols of confidentiality. CHAIRPERSON ABRAHAMSON: Michael Smith. COMMISSIONER SMITH: This is a question really for information. Is it possible that if you send the DNA sample out, one of the things you're sending out are the 13 STRs. So in a sense, you are identifying the sample, because a sample can't be unidentified. You don't send a piece of paper that translates the 13 STRs into the record that does relate the 13 STRs to some other than things like name. But it's different from other kinds of things that can be anonymized. DNA, almost by definition, can't be. COMMISSIONER BASHINSKI: It's like a blind code. You need to be able to read the code. You need a reference. Otherwise, it's meaningless. For example, if I found it -- if I have this -- take it further. I have DNA information. I'm searching in the data bank and I get a hit, but I don't have the name of the individual. It means nothing. If I don't have access to the name of the individual that matches my sample, it means nothing. COMMISSIONER SMITH: It's actually as to the name then. COMMISSIONER BASHINSKI: Right, because that's what puts it together with the person. MR. TRUBOW: The DNA code itself is not personal information until it becomes linked with an identifiable individual and that linkage, in this case, would be somebody's name. COMMISSIONER BASHINSKI: Exactly. MR. TRUBOW: Or possibly a number assigned to him. COMMISSIONER BASHINSKI: Or a fingerprint or whatever other thing you're going to use to latch on to that person. MR. TRUBOW: Probably what it be would be a name. COMMISSIONER KENNARD: And I would put a little caution on that because as we have problems now, we have -- and it's the undocumented citizens that come across and we make those arrests and there are ten or 15 different names with a set of fingerprints and there may be five or ten or 15 different names with a DNA sample, too. COMMISSIONER BASHINSKI: But you link -- what you do is you link -- COMMISSIONER KENNARD: We link -- COMMISSIONER BASHINSKI: -- the names to the fingerprints. COMMISSIONER KENNARD: -- the fingerprint with the name and -- COMMISSIONER BASHINSKI: To the person. COMMISSIONER KENNARD: And there may be five or ten different names with the same thing. So how do we -- you're right. MR. TRUBOW: I recall -- you may all be aware that one of the current fad crimes, the thing that's happening a lot today is identity fraud or theft of identity, and I recall being at a meeting once with the first individual, a person named Shaw, who had been the subject of a significant identity theft scenario. He had spent a lot of personal money and a lot of time finally tracking down the person who had stolen his identity and he was facing him in the courtroom and the person said to Mr. Shaw, "You prove I'm not who I say I am." Because that individual had every bit of documentary evidence that Shaw could produce, a birth certificate. There is a tendency to believe a birth certificate as some sort of protected information. You can get a birth certificate on anybody. But people tend to assume if I've got a birth certificate in my hand, then it's mine. Well, I can get one on you and carry it around, and so on and so on. The point was, the one thing that Shaw needed was the biometrics identifier, because one thing he had the other guy didn't have was his fingerprints and his DNA. I'm also one of those, therefore, who believes that in terms of social benefit, there is a lot to be protected from having good biometrics databases and DNA, and I think it's important one. CHAIRPERSON ABRAHAMSON: Chris Asplen has a question. DIRECTOR ASPLEN: Professor, one of the things that the working group on the legal issues identified initially at its last meeting, where we began to address this particular issue, was the comparison between the forensic identity database and the medical databases. The thought was to kind of try to put the forensic database in the context of the medical databases. The initial discussions were that the concerns about a malicious use of the database are much more legitimate, if you will, in the context of a medical database than a forensic database. Number one, because of the ability, the technological ability to misuse the information, but also the motive. There seems to be more motive and more opportunity on the part of the medical databases. Are you comfortable with that characterization? MR. TRUBOW: If I understand by that that you mean that the forensic databases are more secure, I absolutely agree. Medical databases, until recently, were so easy to get hold of. They hang them up on the end of a patient's bed and the only person who can't see the record is the patient. And the medical profession, though it has sharp confidentiality requirements, when it comes to the details of record-keeping, doesn't have a really bright history. So in that context, I think you're absolutely right, Chris. DIRECTOR ASPLEN: Thank you. CHAIRPERSON ABRAHAMSON: Norm. COMMISSIONER GAHN: Just to follow up a little bit what Chris said. I've always personally felt that my genetic code is in more jeopardy of being misused every time I get my annual physical or, in the local drug store, have my cholesterol checked. I'm not concerned at all about the law enforcement uses of it. But I think that's a concern that I would think the public would be more worried about is what -- and I think we talked -- spoke at our last meeting and since that time I did have a physical and I did ask my doctor, what do you do with my blood that you draw, and I got the answer that we got, didn't know, or where does it go after you test for my cholesterol and can anyone buy that, and no one has these answers. And I think there are more really legitimate concerns for the public out there as opposed to what the law enforcement will do with that sample. MT. TRUBOW: You're absolutely right. Again, we have a constitution dealing with government. We don't have anything dealing with the private sector. And even though there are confidentiality constraints, which you pointed out, I think, is an excellent example of the fact that the confidentiality constraint generally simply means the doctor will not himself tell somebody some medical information he knows about a patient, but with respect to records and documents in connection with that person, oh, it's a much different picture. And you're absolutely right; they take a lot of blood. COMMISSIONER DAVIS: Let me comment a little bit about the medical use of blood and fluids from people. Most laboratories, they destroy it, because otherwise they'd drown in a sea of blood. In fact, that's one of our main concerns when we have somebody that we receive from a hospital, is getting the original samples that were drawn when the person first came in for toxicology purposes, because by the time they die, that evidence is lost in the dead body. But the caution I would put on the Commission is that in our desire to protect law enforcement derived samples from misuse, that we don't push for legislation that's going to throw sand in the gears of the medical profession and the hospitals and laboratories of the United States. That happens, where one agency, with blinders, looking only at its only little problems, gets a law passed and lo and behold, that law has got a zinger in it that affects other people and other agencies. I've seen this happen. So we should be very clear that whatever we address in this particular Commission along these lines are not so global that they are going to get into fields of medicine. We shouldn't be involved in that. We don't know anything about that. It's not our job to start telling hospital laboratories how to do their business or the medical profession how to do theirs. I'd just add that as a caveat here, that we don't come up with some recommendations that are going to, in the long run, impact negatively upon other professions. COMMISSIONER SANDERS: Would you not think that we should be allowed to use that as an argument, though, when people say that there's a mistrust of government or law enforcement and they're concerned with misuse? I mean, it would seem to me a logical explanation would be that you should be much more concerned with what happens with your blood when you go to a medical physical than when you get arrested. That seems logical to me. COMMISSIONER DAVIS: That's a good argument. For those who would argue that we should not do DNA testing for ID purposes, we keep pulling out all these other things. Of course, that applies to so many things that I see government doing. They focus in on this and in the meantime everything else is -- COMMISSIONER SANDERS: Of course, we might be telling them what they should be thinking about doing so that they get better information, too. DIRECTOR ASPLEN: And I don't think that Professor Smith signed on for the responsibility of trying to address the, I think, substantially more complex issues of the medical databases. We did talk about it, I think, purely in a context of that comparison, not as a foray into specifically substantively dealing with the kind of issues that you're talking about. COMMISSIONER SMITH: It does link in this way; that is, because of the -- whether it's convicted offenders or arrestees who haven't yet been exonerated or whatever else, there are limits in the way we've been constructing the databases of identity that are available DNA technology to law enforcement. Let me just say it strikes me as raising the question. If the citizenry is far better protected against misuse of an identity database by law enforcement than by hospitals, then it would be okay or maybe better for there to be essentially a universal ID DNA database that's available to law enforcement, because their protection against abuse would be better than the protections now afforded to what essentially a universal DNA database in the hands of the medical profession. MR. TRUBOW: If that's a question directed to me, I believe that it's unnecessary for law enforcement to have complete DNA profiles. But I believe that it is very necessary for the potential misuse of DNA profiles in the private sector to be examined by somebody. I can easily appreciate it's not the charge of this particular Commission, which seems to be very focused and very limited, and I would think that your comments with respect to keeping focused on this Commission are well taken. On the other hand, putting on my hat as a citizen, I kind of think, boy, I wish the Surgeon General or somebody else would have a commission to look into this question in a broader context. Employment relationships, as well as medical relationships, insurance relationships and things like that, because the potential for misuse is so broad. And I'm unable to say that it has not happened. CHAIRPERSON ABRAHAMSON: Jan. COMMISSIONER BASHINSKI: This is back to your question of do we have examples of misuse. It may be it's for the legal group. But every state that has a databank has a law that governs it. Has there been a review of all those laws and have they been found wanting with regard to the sorts of restrictions that we're discussing here? If so, obviously that needs to be addressed. The answers that I'm hearing, at least with regard to the law that I'm aware of in my state, has laws, criminal penalties for misuse and very tightly constrained uses and CODIS itself, which is the force of some national law, also controls most of those agencies. Do you have that information from your committee? COMMISSIONER SMITH: No. COMMISSIONER BASHINSKI: Have you reviewed them? COMMISSIONER SMITH: We're suggesting that we don't know -- we don't have examples of misuse by law enforcement. MR. TRUBOW: I would expect that the laws that would be needed are not on the books. That is, laws that would make it clear that any samples of blood or other tissue material taken for medical purposes not to be used for any purpose beyond the medical purpose, this kind of business, secondary use and that, because here we're not talking about regulating a DNA database that has been established. The example that was brought up is he gives some blood in the routine annual physical that he gets. The doctor gives him a report with respect to what the blood test shows about him, but he doesn't know whether or not a DNA profile was also developed as a result of that and sent to somebody else. COMMISSIONER BASHINSKI: My specific question was with regard to the laws governing databases; are we concerned about the state of the law in that area, because if we are, that would be something that we should be dealing with. I don't know if you've reviewed those. MR. TRUBOW: No, I have not. CHAIRPERSON ABRAHAMSON: Dawn, state your name, and why don't you come to a microphone, please. MS. HERKENHAM: Hi. I'm Dawn Herkenham. I work for the New York State Police, but I was formally with the FBI. While there, I did quite a bit of research on state DNA database laws and as you all know, all 50 states have database laws. Well over half of them have very restrictive provisions on who may access this data. In fact, I think that half copy verbatim the language in the Federal DNA Identification Act of 1994 that restricts access of both DNA records and the DNA samples themselves for primarily law enforcement identification purposes. There are probably, I'd say, a handful, certainly less than ten state statutes that were enacted very early on, in, say, the late 1980s, maybe 1990 and 1991, that don't have these restrictive provisions. So less than ten of the 50. Also, I'd mention that a number of the state statutes also specifically provide that only markers used for law enforcement identification purposes can be included in the database. So that not any markers that would reveal genetic predisposition to disease or medical condition could be included. CHAIRPERSON ABRAHAMSON: Dawn, do you have this in writing? MS. HERKENHAM: Almost. CHAIRPERSON ABRAHAMSON: Soon. MS. HERKENHAM: When I left the FBI, I took it with me. As you may know, a number of states have been amending their statutes to expand the number of offenses that they include, and I know just recently Texas expanded their statute. So I am in the process of updating it. But I had hoped to make it available to Chris at this meeting and I'm hoping in the next two weeks I'll have that finished. But it's a summary of the state laws. CHAIRPERSON ABRAHAMSON: Thank you very much. COMMISSIONER DAVIS: Isn't much of this already included in the ACLU handout? I think it's all covered in here. DIRECTOR ASPLEN: I think that pertains to the medical. That's not state database. Those are the other ones. Those are the other genetic privacy statutes, not the forensic database. CHAIRPERSON ABRAHAMSON: Chris can ask one more, but then I wanted to introduce our invited guests, and, although we're going to run a bit late, we'll see if any of them have any questions. We have another two or three, five minutes. Chris. DIRECTOR ASPLEN: Thank you. If I could just ask one more question that's come up in a couple of different contexts and I think addresses the issue of the potential abuses. When we talk about taking DNA from arrestees, one of the potential abuses that comes up is the potential for targeting particular groups and racial profiling. And because there is a disproportionate number of minorities in the database system, couldn't law enforcement, as they've been accused of, profiling and targeting in New Jersey, for example, for stops along the highway, there is a concern that that would be done for the purpose of getting individuals' DNA. What are your thoughts on that particular dynamic? MR. TRUBOW: My thoughts are that what you're describing, Chris, would be misbehavior by a law enforcement agency and that same misbehavior would lead to fingerprints being collected. The problem is not in collecting the ID. The problem is in the improper behavior on the part of the law enforcement agency in targeting for that first confrontation or arrest. DIRECTOR ASPLEN: Thank you. CHAIRPERSON ABRAHAMSON: I'm going to ask our invited guests to just stand, so everyone can see them and get acquainted. There's David Coffman, who has already been talking, and he's from the Florida Department of Law Enforcement. Thank you. Dr. Pamela Collins, from Eastern Kentucky University College of Law Enforcement. David Kaye, Professor of Law at Arizona State. Kathryn Scarborough, Dr. Scarborough, Eastern Kentucky University. Robert Spagnoletti, from the U.S. Attorney's Office. And we've met George. Do any of our invited guests have a question? DIRECTOR ASPLEN: And, Professor Berger, we did mention you before you arrived. I already explained how fortunate we are to have you here and for you to take some of your free time out to help us out. CHAIRPERSON ABRAHAMSON: Any other questions from the Commission? MR. TRUBOW: Thank you. Chris, if I can be helpful in editing the transcript, I'll be pleased to do that. CHAIRPERSON ABRAHAMSON: Thank you very much. DIRECTOR ASPLEN: Thank you, sir. Have a safe trip back. [Applause.] CHAIRPERSON ABRAHAMSON: We are now scheduled for a break until 10:45. So we're running just about on time. [Recess.]
| |||||||