Balancing privacy and security

DNA as seen during gel electrophoresis (Source: Wikimedia Commons)

South Africa has a serious problem with crime and DNA profiling offers a real chance to do something about it by providing accurate and reliable evidence. There is currently a push to bring in a legal framework to deal with this issue and, as I’ve stated previously, I support the DNA Bill and signed the petition. However, it’s important not to lose sight that these advances come at a trade-off between security and privacy. The DNA Project itself has noted opinions on both side of the spectrum; from a piece from the US that suggests a mandatory DNA database would be ideal to a comment from someone who refused to sign the petition because arrestees are innocent until proven guilty. I think the South African DNA Bill has done a good job of trying to balance privacy and security but I do want to warn against the dangers of sacrificing privacy for security.

The argument for more DNA collection proceeds along the following lines. Crimes and criminals are bad and need to be stopped. DNA evidence is perhaps the strongest kind we have and collecting and matching it is relatively easy. This takes us to where we sit with the DNA bill, we will sacrifice the privacy of those arrested (since the arrest should be due to probably cause) and/or convicted to better protect society. Some would extend this and say if the evidence is so useful then it would make sense to profile everyone as the markers used do not contain any personal information and are only going to be used to settle criminal cases. It sounds reasonable, no drawbacks and huge benefits. Who other than the criminals would object? I have in fact heard the very words, “If you have nothing to hide then it shouldn’t be a problem.” I see things the other way though, if one has nothing to hide then no one should be violating one’s privacy.

To borrow a quote from Terry Pratchett:

Cheery was aware that Commander Vimes didn’t like the phrase ‘The innocent have nothing to fear’, believing the innocent had everything to fear, mostly from the guilty but in the longer term even more from those who say things like ‘The innocent have nothing to fear’.

The first reason we should err on the side of privacy is our own incomplete knowledge. One of the requirements of the markers used in DNA profiling is that they must not reveal any information, other than sex, about the person. This is by design, to protect people’s privacy, particularly those who are not convicted of a crime and will have very little information linked on other databases. However, we have to admit that we do not yet fully understand the human genome and all the associations that do exists. That means there is a small risk that in the future we will find that the markers we use may actually be linked to some other trait that will impact on our privacy. It’s not a reason to avoid DNA profiling but it should be a reason to be reluctant to extending DNA profiling to innocent members of the public.

A greater danger to privacy is actually posed during the collection of samples for DNA fingerprinting. In the early stages the biological material contains the person’s full genetic complement, including information relevant both to them and their family concerning appearance, parentage, ancestry and disease risks. These samples are meant to be destroyed after a specified time has elapsed but, let’s be honest, things do not always proceed according to plan. We can not completely eliminate the risk that, either accidentally or deliberately, it is possible for these samples, or the information contained therein, to make it’s way into the wrong hands.

People have been framing others for years but, knowing how reliable DNA is, imagine how much more devastating it would be if someone’s DNA were detected at a crime scene. This could happen in many ways. The analysis results could be deliberately doctored. If we’re on a database, it would be simple to synthesise DNA that would give a perfect match to the person you wanted to frame. A sample could go missing and be used to seed a crime scene.

It would, of course, be wonderful if such claims could be dismissed out of hand or diverted by pointing out there will be laws regulating the DNA database. Those laws are meaningless. There are laws against rape but the very fact that we need a DNA database shows that laws alone accomplish nothing. We can’t even hold on the comfort that those law breakers are criminals and access to the database will be exclusively to those properly vetted and in the police services. Let us not forget that the former president of Interpol and former national commissioner of the South African Police Service, Jackie Selebi, was found guilty of corruption. It also is important to note that just recently a member of the intelligence services, with the highest security clearance, has been accused of masterminding a cash-in-transit heist. He’s also just one of around 500 policemen facing charges including fraud and murder! Corruption exists, and in South Africa it appears to exist at every level of government and the police services.

South African police dragging a man behind their vehicle. (Source: The Guardian)

If we move our scope beyond the DNA database itself we find there is a bigger issue at stake, the normalisation of this loss of privacy. As the DNA Project noted when discussing the DNA database versus privacy:

Suddenly that argument [Taking DNA of the accused as a violation of privacy] does not make sense as this is exactly what we all do, and we do it willingly – submit our fingerprints to the various South African Government databases.

Not only do we give our fingerprints but we accept being databased for ID books, for driver’s licenses and, more recently, we have to be RICA’d to have a cellphone number. The problem, as you should see, is that this is seen as totally normal and acceptable. It might surprise some people to learn that there are countries without mandatory, or even without any, identity cards. Once these systems are in place it becomes increasingly difficult to get back our privacy.

These systems are meant to provide security but there is definitely a point where the gains in security are just not worth the cost of our privacy. I would say the US has gone past that point and we should be careful not to follow in their footsteps. At the moment it’s been revealed that not only is the government pushing to monitor internet connections but are already monitoring all mobile and land-line telephone calls and are collecting certain internet communications data through PRISM. (The Director of National Intelligence has has released a fact sheet to correct errors in the media reports on PRISM) To get privacy back there is going to be a long, hard struggle.

At times this may be harmless but we would be naive to think that will always be the case. The law is not always aligned with what is or isn’t ethical. To allow these incursions into our privacy means that we must not only trust our current government but all future ones. That seems to me a very dangerous gamble. Totalitarian regimes dream of having all their subjects info to quash dissent and here we are giving it voluntarily.

We need to ask ourselves why governments should have that information? Are they really that much more deserving to monitor everything than any other organisation or citizen? I don’t think so. Whether elected democratically or not they are not necessarily any more likely to be right than anyone else. Nor can I see any reason why I should trust my information to them more readily than to Bob who lives down the street. Governments hold power due to historical contingencies but are not intrinsically more suited to the task then anybody else.

So, in conclusion, I think we need to be very cautious about giving up our privacy. Once it’s out there it’s very difficult to take back and we don’t know what we will learn in the future or who will have access to that data. Safeguards are vital but we can’t trust them to be enough. Until we live in a utopia with no crime, no immorality and free from corruption I think our privacy is worth letting a few criminals slip through. Indeed, if we lived in such a world where we could safely entrust our information to government the very act would be unnecessary.


3 thoughts on “Balancing privacy and security

  1. Pingback: Worthwhile reading | Evidence & Reason

  2. Pingback: Falling nations | Evidence & Reason

  3. Pingback: Two years, still going strong | Evidence & Reason

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s