Hostname: page-component-586b7cd67f-r5fsc Total loading time: 0 Render date: 2024-11-27T22:54:57.207Z Has data issue: false hasContentIssue false
  • English
  • Français

Statutory Frameworks for Regulating Information Flows: Drawing Lessons for the DNA Data Banks from other Government Data Systems

Published online by Cambridge University Press:  01 January 2021

David Lazer  and
Viktor Mayer-Schönberger
Get access Rights & Permissions [Opens in a new window]

Extract

The above bit string encodes personal information about one of the authors of this essay. Of course, without rules to decode the bit string, it is impossible to say whether it is genetic information, weight, age, fingerprint, religion, etc. Layered on top of that technical decoding process is a social decoding process – how sensitive is this information? How useful is it to the government for various purposes? The objective of this paper is to offer some key lessons for the regulation of genetic information collected by the state for law enforcement purposes. In the first part of the paper, we discuss two fundamental principles of informational privacy theory. Utilizing these, we then examine the statutory regimes that have emerged for the regulation of the information that the government collects in three different domains – fingerprints, department of motor vehicle (DMV) records, and tax records. In the third and final part we use the results of our analysis as analogies for similar regulatory challenges in the regulation of genetic information collected for law enforcement purposes, and make some tentative recommendations.

Type
Symposium
Information
Journal of Law, Medicine & Ethics , Volume 34 , Issue 2 , Summer 2006 , pp. 366 - 374
Copyright
Copyright © American Society of Law, Medicine and Ethics 2006

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Mayer-Schönberger, V. and Lazer, D., “The Governing of Government Information,” in Mayer-Schönberger, V. and Lazer, D., eds., From Egov to Igov: Governance in the 21st Century, book manuscript, forthcoming, 2006.Google Scholar
Mayer-Schönberger, V., “Generational Development of Data Protection in Europe,” in Agre, P. and Rotenberg, M., eds., Technology and Privacy: The New Landscape (Cambridge, MA: MIT Press, 1997): 219241.Google Scholar
Miller, A., The Assault on Privacy (Ann Arbor, MI: University of Michigan Press, 1971).Google Scholar
Schwartz, P. M., “Privacy and Participation: Personal Information and Public Sector Regulation in the United States,” Iowa Law Review 80 (1995): 553618; for a discussion of the (theoretically limited) debate in the United States, see Cate, F. H., Privacy in the Information Age (Washington, DC: Brookings, 1997): 19–30.Google Scholar
Organization for Economic Cooperation and Development, “Guidelines on the Protection of Privacy and Transborder Flow of Personal Data,” 1980, available at <http://www.oecd.org/document/18/0,2340,en_2649_34255_1815186_1_1_1_1,00.html> (last visited March 8, 2006); see also Mayer-Schönberger, V., “Strands of Privacy: DNA Databases, Informational Privacy, and the OECD Guidelines,” in Lazer, D., ed., DNA and the Criminal Justice System: The Technology of Justice (Cambridge, MA: MIT Press, 2004): 225243.Google Scholar
For an assessment in light of European Union legislative activities see Mayer-Schönberger, V., “Operator, Please Give Me Information: The European Union Directive on Data Protection in Telecommunications,” in Gillett, S. E. and Vogelsang, I., eds., Competition, Regulation, and Convergence (Mahwah, NJ: Lawrence Erlbaum, 1999): 121136.Google Scholar
Cole, S., “Fingerprint Identification and the Criminal Justice System: Historical Lessons for the DNA Debate,” in Lazer, D., ed., DNA and the Criminal Justice System: The Technology of Justice (Cambridge, MA: MIT Press, 2004): 6390.Google Scholar
Seltzer, W. and Anderson, M., “The Dark Side of Numbers: The Role of Population Data Systems in Human Rights Abuses,” Social Research 68 (2001): 481513.Google Scholar
Cole, S., Suspect Identities (Cambridge, MA: Harvard University Press, 2002).Google Scholar
This is in keeping with a statutory requirement that the FBI shall “Conduct the acquisition, collection, exchange, classification and preservation of fingerprints and identification records from criminal justice and other governmental agencies, including fingerprints voluntarily submitted by individuals for personal identification purposes…” 28 CFR 0.85 (b).Google Scholar
CJIS website, About CJIS, at <http://www.fbi.gov/hq/cjisd/about.htm> (last visited March 2, 2006). Bureau of Justice Statistics, Use and Management of Criminal History Record Information: A Comprehensive Report, 2001 Update, at 44, note 65.+(last+visited+March+2,+2006).+Bureau+of+Justice+Statistics,+Use+and+Management+of+Criminal+History+Record+Information:+A+Comprehensive+Report,+2001+Update,+at+44,+note+65.>Google Scholar
J. Laryle of the FBI CJIS division, available at <http://fingerprint.nist.gov/standard/presentations/IAFISoverview_Feb_2005.pdf> (last visited March 9, 2006).+(last+visited+March+9,+2006).>Google Scholar
N.J. Stat. § 53:1–15 (2005).Google Scholar
N.J.S.2C:20–11.Google Scholar
N.J.S.2C:34–1.Google Scholar
N.J. Stat. § 53:1–14 (2005).CrossRefGoogle Scholar
ORS § 137.074 (2003); ORS § 181.511 (2003).Google Scholar
Supra note 12.Google Scholar
Barton, S. J., Survey of State Criminal History Information Systems, 2001, Criminal Justice Information Policy series, NCJ 200343, (Washington, DC: U.S. Department of Justice, Bureau of Justice Statistics, October 2002): at table 1.Google Scholar
For example, the FBI reports that between June 1, 2001, and May 31, 2002, most fingerprints submitted for processing were for non-criminal justice background checks, whereas a similar study in 1993 indicated that only 9 percent of fingerprints submitted for non-criminal purposes. Barton, S. J., Survey of State Criminal History Information Systems, 2001, Criminal Justice Information Policy series, NCJ 200343 (Washington, DC: U.S. Department of Justice, Bureau of Justice Statistics, October 2002): at 9 (internal citations omitted).Google Scholar
N.J. Stat. § 40A:14–9 (2005).Google Scholar
N.J. Stat. § 45:22–3 (2005).Google Scholar
N.J. Stat. § 49:3–56 (2005).Google Scholar
Ore. Admission Rule 4.15 (2004).Google Scholar
ORS § 677.265 (2003).Google Scholar
Supra note 12.Google Scholar
Supra note 19, at 10.Google Scholar
It is difficult to conceive of how criminal fingerprints might widely be used for other purposes at this time; although the point of the principles is to limit unanticipated future uses of personal data.Google Scholar
Some of the statutes do require retention of records in Oregon; others do not touch on the issue of retention.Google Scholar
Notably, however, we could find no case where the prosecution used a match against the Non-Criminal Database.Google Scholar
Loving, B., “DMV Secrecy: Stalking and Suppression of Speech Rights,” CommLaw Conspectus 4, 203 (1996). Although, oddly, DPPA still allows access to the DMV data by private detectives.Google Scholar
P.L. 103–322, § 300002(a), 108 Stat. 2094 (codified as amended at 18 USCS §§ 2721–25).Google Scholar
Other information includes zip code and “information on vehicular accidents, driving violations, and driver's status,” and this information is not covered by the DPPA.Google Scholar
18 USCS § 2725 (3) & (4). It is unclear why medical and disability information are listed twice.Google Scholar
18 USCS § 2721 (b) (1).Google Scholar
18 USCS § 2721 (b) (4).Google Scholar
18 USCS § 2721 (b) (3).Google Scholar
Id.Google Scholar
18 USCS § 2721 (b) (2).Google Scholar
18 USCS § 2721 (b) (14).Google Scholar
P.L. 104–294, Title VI, § 604(b)(46), 110 Stat. 3509; Oct. 9, 1999.Google Scholar
106 P.L. 69 § 350 (c) & (d).Google Scholar
Miller v. Image Data LLC, 91 Fed. Appx. 122 (10th Cir. 2004).Google Scholar
Id., at 126, note 6.Google Scholar
Id., at 126 (citing 18 USCS § 2721 (b) (1) (“Driver's license information may be sold for “use by any government agency…or any private person or entity acting on behalf of a Federal, State, or local agency in carrying out its functions…” and holding that “the permitted uses of DMV information are not limited to the prevention of financial fraud, but include the present and potential applications of Image Data's True ID (R) technology.”)Google Scholar
Tax return information is defined to include not only all the information on a tax return itself, but also the content of any written determination or investigation file of the IRS, as well as the existence or nature of any agreement, settlement, or disposition of such investigation. 26 USCS § 6103 (b) (2).Google Scholar
This history is drawn from Darby, J. J., “Section IV: Confidentiality and the Law of Taxation,” American Journal of Comparative Law 46 (1998), at 577.CrossRefGoogle Scholar
26 USCS § 6103.Google Scholar
26 USCS § 6103 (h).Google Scholar
26 USCS § 6103 (i) (1) (A).Google Scholar
26 USCS § 6103 (i) (3).Google Scholar
26 USCS § 6103 (i) (7).Google Scholar
26 USCS § 6103 (f) (1).Google Scholar
26 USCS § 6103 (g).Google Scholar
26 USCS § 7217.Google Scholar
We will adopt the convention that “database” refers to digitized set of profiles, and “data bank” refers to the system that encompasses both physical samples and profiles. We would view the stored samples (essentially the DNA molecule) as searchable data in the sense that for a given individual in the database, one can specify a search that pulls the physical sample and extracts from it genetic information. One may view the physical samples as analogous to paper records that have been placed in storage. Such records are searchable, but at greater expense than digitized information.Google Scholar
All statistics regarding state database statutes are drawn from the grid developed, in part based on consultation with one of the authors, by the American Society of Law, Medicine & Ethics, based on research by S. Axelrad. See Survey of DNA Database Statutes at <http://www.aslme.org/dna_04/grid/statute_grid.html> (last visited March 9, 2006).+(last+visited+March+9,+2006).>Google Scholar
For official FBI statistics, see NDIS Statistics, at <http://www.fbi.gov/hq/lab/codis/clickmap.htm> (last visited March 20, 2006). Note that there are more profiles that are ineligible for a national search that are available for state or local searches.+(last+visited+March+20,+2006).+Note+that+there+are+more+profiles+that+are+ineligible+for+a+national+search+that+are+available+for+state+or+local+searches.>Google Scholar
The federal statute authorizing the creation of the national system does impose certain policy restrictions on states that participate in the national database e.g., a prohibition on research. Also, the federal statute prohibits searching voluntary samples against the national database, and federal rules currently prohibit familial searching of the national database.Google Scholar
To date, familial searching has been used more aggressively in the UK than the US. There has only been one publicized case of familial searching in the US – in the case of the murder of Deborah Sykes, where a near miss in the database led investigators to Willard Brown. R. Willing, “Suspects Get Snared by a Relative's DNA,” USA Today, June 7, 2005, at 1.Google Scholar
Our understanding is that even Wisconsin has not destroyed any samples.Google Scholar
Note that it is debatable that acceptable quality control procedures could not be implemented without indefinite sample retention.Google Scholar
Burkert, H., “Freedom of Information and Electronic Government,” in Mayer-Schönberger, V. and Lazer, D., eds., From Egov to Igov: Governance in the 21st Century, book manuscript, forthcoming in 2006.Google Scholar
Williams, R. and Johnson, P., “Inclusiveness, Effectiveness and Intrusiveness: Issues in the Developing Uses of DNA Profiling in Support of Criminal Investigations,” Journal of Law Medicine & Ethics 33, no. 3 (2005): 545558.Google Scholar