In 2016, a rape survivor voluntarily provided her DNA to San Francisco law enforcement officers so that her attacker might be brought to justice. Five years later, the sample she provided led police to connect her to an unrelated burglary, according to San Francisco district attorney Chesa Boudin. The woman faced a felony property charge, but Boudin dropped the case, saying the use of her DNA was a violation of her Fourth Amendment right against unreasonable searches and seizures.
The incident could deter survivors of sexual assault from coming forward if they think their DNA could be used to implicate them in a future crime. It also raises legal and ethical questions about the broader law enforcement use of genetic evidence. “We should encourage survivors to come forward—not collect evidence to use against them in the future. This practice treats victims like evidence, not human beings,” Boudin said in a February 14 statement.
More than 300,000 people were raped or sexually assaulted in 2020, according to the Department of Justice’s 2020 Criminal Victimization Report. Yet less than 23 percent of those assaults were reported to police, down nearly 34 percent from 2019. Many survivors are also reluctant to undergo a forensic exam, also known as a rape kit, out of fear or shame. During the exam, a nurse collects biological evidence that may contain DNA from the assailant, such as blood, hair, saliva, and skin cells. Survivors may also be asked to provide a sample of their own DNA as a reference to determine if genetic material found at the crime scene belongs to them or someone else.
“Sexual assault victims subject themselves to this very invasive exam for one purpose, and that is to identify their assailant,” says Camille Cooper, vice president of public policy at RAINN, the Rape, Abuse & Incest National Network, a nonprofit that aims to prevent sexual assault and help survivors. “Any use of their DNA for any other purpose is wholly inappropriate and unethical.”
And yet, there’s currently no uniform practice regarding what crime labs do with reference DNA samples after testing. Federal law does prohibit police from uploading victims’ DNA profiles to a national database known as the Combined DNA Index System, or CODIS, which is maintained by the FBI. CODIS is used to link violent crimes like homicides and sexual assaults to known offenders and has strict rules for what kind of profiles can be submitted. It contains DNA collected from crime scenes, from people arrested for or convicted of felonies, and to a lesser extent, from unidentified remains. People who are released from custody or found not guilty can petition to have their information removed from CODIS.
But some local police departments operate their own DNA databases outside the purview of CODIS. Most states don’t have laws limiting the kinds of DNA samples that can be stored in them. “Police departments around the country have, over time, developed these separate databases that are largely unregulated,” says Andrea Roth, a law professor at the University of California, Berkeley who specializes in forensic science and has researched these databases.
Most PopularThe End of Airbnb in New YorkBusiness
In 2019, the New York City Police Department came under fire by civil liberties advocates for amassing a database of more than 82,000 DNA profiles of people who were not only convicted of crimes, but also simply arrested or questioned, including minors. Police departments in Connecticut, California, Florida, and Maryland have built up similar internal databases, sometimes referred to as “shadow” DNA databases.
“They are filled with a hodgepodge of stuff that doesn't otherwise qualify for CODIS,” Roth says, including DNA from victims, autopsies, and suspects whose DNA was collected surreptitiously from discarded trash. Police sometimes ask people who are questioned or suspected of crimes but never arrested to submit to a DNA swab. If you consent, your DNA could go into one of these databases. Investigators also routinely collect “elimination samples”—DNA samples from individuals not involved in an alleged crime—to rule them out as suspects.
Roth says even if you never plan to commit a crime, there’s reason to be concerned about your DNA ending up in one of these databases. For instance, you could be implicated in a crime because of DNA transfer, the passage of DNA to objects and other people. And in some states, through a controversial technique called familial searching, your sample could be used to incriminate a close family member. Roth imagines even more questionable law enforcement uses, such as using DNA to learn the identities of protestors who gathered in a particular area.
When contacted by WIRED earlier this week, a spokesperson for the San Francisco Police Department said he was unable to comment on whether the department’s database contains the DNA profiles of other sexual assault survivors. But yesterday, The San Francisco Chronicle and USA Today both reported that on February 18, the department had ended a policy allowing DNA from sexual assault survivors to be used for unrelated investigations. In a February 16 statement, San Francisco chief of police William Scott had said the department would immediately begin reviewing its practices, even though he had been told the department's DNA collection policies were legally vetted and conform with state and national forensic standards. “We must never create disincentives for crime victims to cooperate with police, and if it’s true that DNA collected from a rape or sexual assault victim has been used by SFPD to identify and apprehend that person as a suspect in another crime, I’m committed to ending the practice,” he said.
Scott added that it was possible the suspect was identified “through a DNA hit in a non-victim DNA database," but that the questions raised by Boudin’s office were concerning enough to order an internal review.
In a February 22 letter, representative Adam Schiff (D-CA) asked FBI director Christopher Wray to investigate whether the department violated any federal laws by storing a sexual assault survivor’s DNA profile in a database to later use to investigate another crime. Schiff said he is also exploring “legislative remedies to this potential violation of law.”
Most PopularThe End of Airbnb in New YorkBusiness
Right now, there are no national laws prohibiting the establishment of internal police databases or restricting the kinds of DNA samples that can go into them. “The technology keeps changing and the science keeps changing, and the laws need to keep changing as well,” says Mark Rothstein, founding director of the Institute for Bioethics, Health Policy, and Law at the University of Louisville School of Medicine.
The main genetic privacy law in the United States is known as GINA, short for the Genetic Information Nondiscrimination Act. It was passed in 2008, long before DNA technology became ubiquitous. It prohibits discrimination by employers and health insurers on the basis of a person’s genetic information, but it doesn’t provide protections against many other potential uses of this data.
Privacy advocates have been calling for more oversight as another source of DNA data has taken off: genealogy databases, which contain the profiles of people who take consumer genetic tests to learn more about their ancestry. Two databases in particular—GEDmatch and FamilyTreeDNA—explicitly allow law enforcement searches for a narrow set of violent crimes, including murders and sexual assaults.
The process works like this: Police upload unknown DNA collected from a crime scene to such databases, and that DNA can be linked to family members already in the database. From there, police work with genealogists to establish how the unknown person might be related to people in the database, build out a family tree, and narrow down a list of suspects. After the Golden State Killer was identified this way in 2018, the use of genealogy databases to solve violent crimes, especially cold cases, has exploded. The technique, known as forensic genetic genealogy, has since solved more than 200 cases.
Like “shadow” DNA databases, genealogy databases remain largely unregulated, although some states are stepping up to address these legal gaps. Last year, Maryland and Montana became the first states to pass laws that restrict law enforcement use of genealogy databases. The Montana law requires police to first obtain a search warrant before using a genealogy database, while the more comprehensive Maryland law limits the types of crimes that these databases can be used for. In October, California passed the Genetic Information Privacy Act, which restricts the type of data collected by direct-to-consumer DNA testing companies such as 23andMe, Ancestry, and FamilyTreeDNA.
The public outcry from lawmakers, legal experts, and victim advocates could help speed new laws, or at least new local policies, that dictate what police can and can’t do with DNA evidence. After public pushback, in 2020 the New York City police department began expunging profiles from its database of more than 82,000 people.
Rothstein says that police should have limited use of DNA specimens collected from a sexual assault survivor—that officers should only be able to use such DNA to investigate that particular crime. He hopes the San Francisco case will spur states to enact laws that prohibit the misuse of DNA samples provided for a rape kit. “DNA is a very powerful tool, and it's tempting to use it for anything that might produce leads,” Rothstein says. “But there are points where we need to say no.”
More Great WIRED Stories📩 The latest on tech, science, and more: Get our newsletters!How Telegram became the anti-FacebookA new trick lets AI see in 3DLooks like folding phones are here to stayWomen in tech have been pulling a “second shift”Can super-fast battery charging fix the electric car?👁️ Explore AI like never before with our new database💻 Upgrade your work game with our Gear team’s favorite laptops, keyboards, typing alternatives, and noise-canceling headphones