THE ETHICS COLUMN
DNA Turns Dangerous
By Jacob M. Appel, MD JD
One of the consequences of being convicted of a felony, or even merely arrested in many states, is that one is required to provide a DNA sample to authorities. These samples are recorded electronically in the Combined DNA Index System (CODIS), a national database that can be used to solve additional crimes. At present, more than 17 million offenders have their DNA stored in this way. What few laypeople realize is that these samples differ fundamentally from those used by genetics researchers or consumer genealogy companies like 23andMe.
CODIS relies on the use of short tandem repeats (STRs). These distinctive, non-coding portions of the genome are highly effective in identifying particular individuals — the equivalent of genetic fingerprints — but they do not code for specific traits. In contrast, most genealogical and medical research databases rely upon full-genome sequencing or aggregates of single-nucleotide polymorphism (SNPs) that do code for expressed genes. Among the advantages of (STRs) is that they can reveal identities while protecting medical privacy. The police can use CODIS to determine whether a suspect visited a crime scene or committed a sexual assault — but not if he is predisposed to develop diabetes or Alzheimer’s disease. Until now.
A rather unsettling paper published by Michael Edge of Stanford University and colleagues in the Proceedings of the National Academy of Sciences last year reported that STR sequences in the CODIS could be correlated with those in other data sets, even if none of the genetic data overlapped directly. It turns out at certain STRs are consistently located close enough to coding sections of the genome that researchers — with enough time and effort — can trace CODIS data back to specific individuals in other data sets and, in theory, then use this data to discover medical information about suspects. Moreover, Yaniv Erlich of the Whitehead Institute for Biomedical Research has shown that these suspects do not need to have uploaded their own DNA to commercial sites for this to prove possible. If relatives upload DNA — possibly kin as distant as third cousins — that may be enough to identify a suspect. Once identified, this suspect’s medical secrets can be unlocked.
Why does this matter? One of the legal and ethical justifications for a wide range of forensic uses for genetic material — from the CODIS to DNA dragnets — is that the privacy risks to innocent suspects are truly minimal. Providing DNA samples to the police, the argument runs, is merely a hassle — unless you’ve committed an unsolved crime. But Edge’s research reveals far more danger in this process. No scientific limitations keep the authorities from using that same DNA sample for predicting health risks; more alarming, hackers could breach that database and reveal the linked results on the Internet.
None of this is reason to abandon forensic databases entirely. Yet existing policies were predicated on certain expectations of privacy. If modern science renders those expectations obsolete, a strong argument exists for revisiting these policies — to reevaluate the ethics of when and why to require such samples in the context of unforeseen and newly-discovered risks. #