Fri, 28 Nov 2008

ECHR judgment in S. and Marper v. United Kingdom to be delivered next week

The European Court of Human Rights will deliver its Grand Chamber judgment in the case S. and Marper v. United Kingdom at 11 am next Thursday. S. and Marper v. UK is viewed as a test case about whether the UK is breaching human rights by retaining DNA samples and profiles, and fingerprints of unconvicted innocent people. The hearing of this case by is available to watch online. Last week, Vernon Coaker, Home Office minister responded in a Parliamentary debate that 'The [DNA retention] guidelines will need to be reviewed in the light of the outcome of the S and Marper case'.


4 December 2008

The European Court of Human Rights will deliver its Grand Chamber judgment in the case of S. and Marper v. the United Kingdom (application nos. 30562/04 and 30566/04) in a public hearing on Thursday 4 December 2008 at 11 a.m. (local time) in the Human Rights Building, Strasbourg.

The press release and the text of the judgment will be available after the hearing on the Court’s Internet site (

S. and Marper v. the United Kingdom

The applicants S. and Michael Marper, were born in 1989 and 1963. They are both British nationals who live in Sheffield (the United Kingdom).

The case concerns the retention by the authorities of the applicants’ fingerprints, cellular samples and DNA profiles after criminal proceedings against them were terminated by an acquittal or were discontinued.

On 19 January 2001 S. was arrested and charged with attempted robbery. His fingerprints and DNA samples were taken. He was acquitted on 14 June 2001. Mr Marper was arrested on 13 March 2001, charged with harassing his partner. His fingerprints and DNA samples were also taken. The charges were dropped following reconciliation with his partner and the case against him was discontinued on 14 June 2001.

Both applicants unsuccessfully requested that their fingerprints, DNA samples and profiles be destroyed.

The applicants complain about the retention of their fingerprints, DNA samples and profiles after an acquittal or discontinuance of criminal proceedings. They are concerned in particular about possible current and future uses of those data. They further contend that the retention casts suspicion on people who have been acquitted or discharged of crimes and that they should be treated in the same way as the rest of the unconvicted population. They rely on Articles 8 (right to respect for private life) and 14 (prohibition of discrimination) of the European Convention on Human Rights.

The applications were lodged with the European Court of Human Rights on 16 August 2004 and declared admissible on 16 January 2007. The Chamber to which the case was assigned decided to relinquish jurisdiction to the Grand Chamber on 10 July 20071. The Grand Chamber held a public hearing in the case on 27 February 2008.

The European Court of Human Rights was set up in Strasbourg by the Council of Europe Member States in 1959 to deal with alleged violations of the 1950 European Convention on Human Rights.

1 Under Article 30 of the Convention, where a case pending before a Chamber raises a serious question affecting the interpretation of the Convention or the protocols thereto, or where the resolution of a question before the Chamber might have a result inconsistent with a judgment previously delivered by the Court, the Chamber may, at any time before it has rendered its judgment, relinquish jurisdiction in favour of the Grand Chamber, unless one of the parties to the case objects.

websiteblogblog archivenews feedfeedback

Damian Green's data now owned by the police

From theory to personal experience in a week.

As reported on this blog, only a week ago in a Commons debate on the Counter Terrorism Bill, shadow immigration officer Damian Green when summing up the DNA retention guidelines expressed: 'It is interesting that when a person's data are entered on to the PNC, they are owned by the police.' Damian Green was arrested yesterday as part of a police investigation into official information leaks from the Home Office, apparently by counter-terrorism police "on suspicion of conspiring to commit misconduct in a public office and aiding and abetting, counselling or procuring misconduct in a public office." Nothing to do with terrorism.

The Met released the following statement:

The investigation into the alleged leak of confidential government material followed the receipt by the Metropolitan Police Service (MPS) of a complaint from the Cabinet Office.

The decision to make today's arrest was taken solely by the MPS without any ministerial knowledge or approval."

And Damian Green today read:

I was astonished to have spent more than nine hours today under arrest for doing my job.

I emphatically deny I have done anything wrong.

I have many times made public information that the government wanted to keep secret, information that the public has a right to know.

In a democracy, opposition politicians have a duty to hold the Government to account. I was elected to the House of Commons precisely to do that and I certainly intend to continue doing so.

Such a police raid on an opposition MP is unprecedented in the UK. It has not been said whether he had DNA samples (and fingerprints, palm prints and mug shots) taken when he was processed.

UPDATE: Statement released on Home Office leaks by the Permanent Secretary, David Normington. (via Marc Vallee)

websiteblogblog archivenews feedfeedback

Sun, 23 Nov 2008

MPs realise it's exceptional for innocents to get their DNA removed from the NDNAD and vote not to do anything about it

Parliament overturned by 277 votes to 209 a Lords amendment to the Counter Terrorism Bill 2008 which aimed 'to try to spark a national debate about the retention of samples and to inform the public about what information is being held on them'. Several MPs told stories of their constituents fighting the system in attempting to get their DNA off the National DNA Database (NDNAD). Reading through the several interventions, I find surprising how poorly briefed many MPs are on this very serious issue affecting millions of individuals in the UK.

House of Commons debates, Wednesday, 19 November 2008 - Counter-Terrorism Bill

Damian Green (Shadow Minister, Home Affairs; Ashford, Conservative)
[...] The changes are necessary because of the worrying nature of the guidelines under which we operate. They are produced for the police, and go under the spectacularly opaque title "Retention guidelines for nominal records of the police national computer", which could almost have been designed to stop anyone finding out what the guidelines are for the use of DNA—a rather important term that the document carefully refuses to mention in its title. Frankly, the guidelines are draconian. They state:

"Chief Officers have the discretion to authorise the deletion of any specific data entry on the PNC 'owned' by them."

It is interesting that when a person's data are entered on to the PNC, they are owned by the police. The guidelines continue:

"They are also responsible for the authorisation of the destruction of DNA and fingerprints associated with that specific entry. It is suggested that this discretion should only be exercised in exceptional cases."

According to the guidelines, the discretion to destroy the information will rarely be exercised, which in itself is enough to raise eyebrows. The guidelines later state:

"In the first instance applicants should be sent a letter informing them that the samples and associated PNC record are lawfully held and that their request for deletion/destruction is refused".

Therefore, the standard guideline is, "Just say no, you can't have your records deleted." The last paragraph of this part of the guidelines states:

"It is not recommended that any proactive exercise is undertaken to determine potentially exceptional cases".

The police are therefore being told in their guidelines first that everything must be exceptional, and secondly that their first and standard response should be to say no. Indeed, elsewhere in the guidelines—I shall not detain the House by reading this out—is the standard template letter of refusal, in case the police cannot work out how to write a refusal letter. On top of that, they are instructed not to make any effort to tell people what they can do or what criteria they might have to fulfil to get their records out of the system. That approach is not satisfactory.

Compounding that, an example is given for those who want to know what an "exceptional case" is. It is the only such example in a 236-page document of what might be an exception. I shall quote it in full:

"For example, where a dead body is found in a multi-occupancy dwelling and the cause of death is not immediately obvious. All the occupants are arrested on suspicion of murder pending the outcome of a post mortem. All arrested persons are detained at the local police station and samples taken. It later transpires that the deceased person died of natural causes. No offence therefore exists, and all persons are released from custody."

That is the only example given in the guidelines of an allowable exception. The House will recognise that that is an absurdity and that the guidelines are clearly not an acceptable way in which to proceed.

This is a good summing up of the current situation (follow these links for a flowchart of the whole process and more details on getting off the NDNAD), but let's take a step back. These guidelines are issued by the Association of Chief of Police Officers (ACPO), a private company (hence not subject to the Freedom of Information Act). Should guidelines affecting so many individuals so intimately be decided by a private company behind closed doors?

Keith Vaz (Leicester East, Labour)
I do not disagree with anything that the hon. and learned Gentleman says. We do need a proper system, and the present system is totally inadequate. At the very least, if we had letters in reply to reasonable requests, providing information to the person who has asked for his or her profile to be removed, I could understand it. As it is, this is the first time that I have heard the guidelines as they were read out by the hon. Member for Ashford. I did not realise that although everyone is told that they have the right to have their DNA removed, it is only in very, very exceptional circumstances that it will be so removed. [emphasis added.] I am minded to vote for the Opposition's amendment, unless the Minister gives a clear sign to the House that the Government will radically alter the current guidelines on removal.

These retention guidelines replaced the 'ACPO General Rules for Criminal Record Weeding on Police Systems' on 2006-03-31 (according to the intro of version 1.3). They are the document describing what the Police are doing with our DNA. If you take out the cover page, blank pages, acknowledgment and the long lists offences, it's only 14 pages long of principles, guidelines, letter examples and flowcharts. (Most of the 236 pages, as mentioned above by Damian Green, is taken by Appendix 3, three long lists of offences.)

How come an MP attending a debate on amendments concerning the NDNAD has not read these 14 pages or been briefed about them? This is even more surprising for Keith Vaz considering he is the Chairman of the Home Affairs Committee and this Committee issued only last May a report including recommendations specifically about retention of the DNA profiles of innocents.

David Jones (Shadow Minister, Wales; Clwyd West, Conservative)
[...] In response to my request, I received a letter from the chief constable of North Wales police. The letter broadly followed the template that my hon. Friend the Member for Ashford mentioned—template A in appendix 2 to the ACPO guidelines. It followed the guidelines almost word for word, except that at one particular juncture the chief constable decided to ski off-piste. He said:

"The Criminal Justice and Police Act 2001 amended the Police and Criminal Evidence Act 1984, providing the police in England and Wales with the power to retain DNA samples and fingerprints, relating to persons following acquittal at court or other discontinuance of a case.

I must admit to being personally surprised by this decision and I am not sure parliament fully understood the implications of its decision. However, the Act is clear enough and I am bound to act by its provisions."

In other words, it would appear that the chief constable of North Wales police decided to enter the debate about the retention of DNA ahead of the House. He clearly thinks that the current legislation is nonsense. His letter continued:

"If I were to exercise my discretion in this case, then I would have to exercise my discretion in similar cases, thus it would not be a rarity."

There is, therefore, almost no circumstance in which a chief constable will exercise that discretion, which is a lamentable state of affairs. Clearly, the present arrangements are opaque and unsatisfactory.

Section 82 of the CJA 2001 amends PACE 1984 so that 'samples may be retained after they have fulfilled the purposes for which they were taken'. It is not an obligation and chiefs of police forces can legally exercise their discretion in each case. Now the ACPO guidelines effectively give them a framework where exercising their discretion should be done only exceptionally: 'They have the discretion in exceptional circumstances, to authorise the deletion of any conviction, penalty notice for disorder, acquittal or arrest histories, "owned" by them'. Chiefs of Police for England and Wales forces exercised their discretion on average 222 times per year over 2005-2007.

Vernon Coaker (Minister of State (Policing, Crime & Security), Home Office; Gedling, Labour)
[...] The text of the amendment would require the Secretary of State to issue guidance relevant to all agencies holding DNA and fingerprint samples on the operation of their retention, use and destruction of fingerprints and samples. Let me say why the guidelines contained in the amendment are unnecessary. The rights of individuals from whom fingerprints and samples are taken by the police under PACE or under the Terrorism Act 2000 are already contained in guidance, including PACE codes C and D, the ACPO retention guidelines for nominal records on the police national computer, and guidance on subject access requests. However, let me say to my right hon. Friend and other hon. Members that I admit there is work to be done to publicise those rights more widely.

I undertake to work with the police to bring together the current guidelines covering the matters raised in the amendment, and to publish them more widely. The guidelines will need to be reviewed in the light of the outcome of the S and Marper case, and a PACE review is currently under way. However, I give my right hon. Friend an undertaking to ensure that the points that he and others have made are fed into the PACE guidelines review, so that we can improve the process.

Publicising the existing guidelines - especially among MPs - would be a good thing, but what is being asked by many including a majority of Lords, the NDNAD Ethics Group, the Human Genetics Commission, the Nuffield Bioethics Council, GeneWatch UK and Justice is a public debate with one possible outcome being to ensure that DNA profiles of innocents are not retained on the crime-related intelligence database that is the NDNAD.


Coincidentally, on the very same day, the Metropolitan Police Service Special Crime Directorate 12 (SCD12) issued version .2 of its 'Exceptional Case Requests - Consideration for the Removal of DNA, Fingerprints and PNC Records'. As its previous version (issued on 2008-06-27), these guidelines closely follow the ACPO ones. Slightly more interesting is the 'Roles and Responsibilities' section:

The Exceptional Cases Unit will process any request by preparing a report for the Commander for Operational Information, Intelligence and Learning for their consideration. This report will consist of information supplied by the applicant and the officer in charge of the case [or in some circumstances, the Criminal Justice Unit Manager]. The Association of Chief Police Officers [ACPO] designated Criminal Records Office will be contacted for their advice and recommendation.

So in the case of the MPS, the ACRO - an offshoot of a private company - will be consulted as to whether the case is exceptional enough that they don't feel they can refuse deletion.

If the decision to delete has been made, the Exceptional Cases Unit will contact the respective departments and agencies to ensure that the DNA, fingerprints and PNC records are deleted / destroyed accordingly. The Exceptional Cases Unit will send a response to the applicant notifying them of the decision of the Commander for Operational Information, Intelligence and Learning on behalf of the Commissioner. [...]

This is still very far from the process map SCD12 promised me. Which 'respective departments and agencies'? Does that include the private labs holding the DNA samples? How is the deletion of electronic records and destruction of physical samples tracked? etc. This still doesn't give much confidence that, in the few cases where the chief of police exercise his or her discretion, the samples and records are always properly removed.


There's more hope of progress and change in the retention of DNA material being pushed by institutions such as the European Court of Human Rights, the NDNAD Ethics Group, the Human Genetics Commission and other bioethics and human rights organisation than by either Parliament or the Police.

websiteblogblog archivenews feedfeedback

Tue, 11 Nov 2008

The Human Genetics Commission's NDNAD and PACE review consultations

As mentioned last week, the Human Genetics Commission (HGC) ran a consultation to seek further views on the National DNA Database and on the issues highlighted by its Citizens Inquiry. The aim is to inform the development of the HGCs own conclusions and advice to Government. In the meantime, to have a better understanding of some of the issues associated with such a massive database retaining our most intimate information, here are some of the submissions:

You still have a couple weeks, until 2008-11-28, to respond to another consultation - this one from the Home Office - that includes some questions concerning Police taking our DNA, among other plans of police powers' increases: PACE review: government proposals in response to the review of the police and criminal evidence act 1984. The proposal introduces creating spaces to detain individuals in busy areas:

10.19 The problem is particularly acute in busy urban areas or major shopping areas. The volumes of suspected offenders means that the efficiency of custody throughput is severely impacted, often with people suspected of high volume, low level offences. A potential solution is to enable the police to make use of short term holding facilities (STHF) located in shopping centres or town centres. The STHF would be secure accommodation but would not equate to the standard cell design. The main function would be to confirm the identity of the suspect and process the person by reporting for summons/ charging by post, a penalty notice or other disposal. Persons detained would be subject to detention up to a maximum period of 4 hours to enable fingerprinting, photographing and DNA sampling. The STHF would not be considered suitable where an investigation was required and the use of such a facility would be subject to strict criteria on type of offence, age or other potential vulnerability of the person.

Dr Helen Wallace, Director of GeneWatch UK warned in a GeneWatch's response, "There are major safety issues with collecting DNA outside of police stations. Police powers to use 'reasonable force' to pull out someone's hair should not be exercised outside a place of safety. Expanding numbers of non-police staff also increase the likelihood that criminals will infiltrate the system and obtain the DNA of vulnerable persons whose identity needs to be protected".

A summary of responses will be published by the Home Office on its PACE Review update page.

It's unclear how much effect responses to these many consultations do have, but as these are rare occasions when the public at large are invited to voice concerns you may want to take the time to go through the 60-page document and write to the Home Office. The number of responses generally positive or negative may be as important as the detailed content of the responses.

websiteblogblog archivenews feedfeedback

Sun, 09 Nov 2008

Network operators and security theatre

I initially failed the security test of a network operator because I don't know my age!

I just called my mobile network operator to order a Porting Authorisation Code (PAC) from a phone, registered with this account, with the SIM I wanted the PAC for. I have been with this network operator since it started operating. After being asked, and successfully answering, questions such as two letters of the security password, my name, my date of birth (that, I remember by heart), the name of my family member using this SIM, the customer service representative then proceeded to ask for my age. I explained I needed to calculate it as it changes every year and I don't do birthdays, and after some rapid mental arithmetics gave her the requested number. This however didn't satisfy her as she considered that everyone must know their own age. She went on to volunteer that she does know her age, of course - though she didn't reveal it to me! That meant she had to ask me further security questions. It took a little while for her to figure out what other 'security' questions she could ask: how do I pay our bill, what's my sort code, what's the bank's name... I answered these as fast as she fired them.

Eventually she was satisfied enough to accept to send me a PAC to the registered address for the account (SMS to the phone was not possible). A PAC has a lifetime of 30 days starting from the request time, not from when it is received by the customer. If it is not used during this short window, nothing happens; the accounts remain with the original network as if nothing had ever been requested. I.e., the risks for sending a PAC to an address registered with the account is nil.

When/if the National Identity Register becomes a reality I expect all network operators to interface to it so their customer representatives can ask ever more detailed and intrusive questions.

websiteblogblog archivenews feedfeedback

Fri, 07 Nov 2008

Human Genetics Commission's NDNAD consultation

The Human Genetics Commission ran a consultation to seek further views on the National DNA Database and on the issues highlighted by its Citizens Inquiry. The responses are to inform the development of the HGCs own conclusions and advice to Government. This consultation finishes today. Below are my answers.

1. What information should be given to people when a DNA sample is taken following their arrest?

When a DNA sample is taken following an arrest, individuals should be fully informed of at least:

a/ all the allowed uses of their DNA samples and profile (profile matching, criminal proceedings, research projects, etc.)
The current restriction that the bioinformation is to be used only for purposes related to the prevention or detection of crime, the investigation of an offence or the conduct of a prosecution is so broad that it can easily be interpreted to allow uses that have not much to do with criminal justice.

b/ details of the data controllers for the NDNAD and the lab holding the samples - so the sampled individuals know who they can send data subject access requests to.

c/ the retention periods for the samples and profile.

d/ the procedure to attempt to have their profile deleted and samples destroyed.

As this information is complex, will often be communicated at a time when concerned individuals will likely be vulnerable and will mostly be useful later than at time of arrest, it should be provided in written form in a short leaflet. A summary, including uses, should be communicated verbally before the samples are taken.

2. In what way should the National DNA Database be populated?

To be able to answer this question it has to be made clear what is the role of the NDNAD.

The NDNAD should be considered for what it is: a crime-related intelligence database. This position has been stated by both the NDNAD Ethics Group (in its first annual report) and the Human Genetics Commission (in the findings the Citizens’ Inquiry into the Forensic Use of DNA and the NDNAD), however the NPIA claims that "The NDNAD is not a criminal records database. It holds very little information about a subject's identity - only their name, date of birth, sex and ethnic appearance. Inclusion on the DNA database does not signify a criminal record, and there is no personal cost or disadvantage by being on it" (in an FOIA response).

The current criteria for collection (sampling all CJ arrestees suspected of committing a recordable offence) and retention of bioinformation (forever) are not proportionate. (It is interesting to note that the retention period is unclear as conflicting, and confusing, statements have been issued ranging from the first time the individual reaches 100-year old, to the time of his death, to no limit; the latter being the most commonly mentioned).

For investigatory purpose, the police should be able to take DNA samples only from individuals who are charged, after they have been charged.

For elimination purpose, on a voluntary basis exclusively with revocable informed consent, the police should be able to take DNA samples from victims and witnesses on the express condition that no DNA profile is stored on the NDNAD and that the DNA samples and profiles are destroyed preferably after their use and at the latest at the end of the investigation for which they have been taken.

3. What, if any, profiles, other than those relating to individuals convicted of a criminal offence, should be retained indefinitely (or for periods of many years) on the NDNAD?

Retention period of DNA profiles should be limited as to not criminalise innocents. An additional risk is that the NDNAD holds information on the conviction status of individuals and this may be inaccurate (personal example). A further risk is that the data held in the NDNAD may be leaked through for example illegal access or transfer to organisations with even less safeguards (such as information sharing with other countries).

DNA profiles of individuals who have been charged should be retained for a limited period. The retention period should by default end when the sentence has been spent. This period could be extended for serious criminal offences for a limited time, possibly by a judge, in cases where for the offence committed there's a high repeat offending rate. The retention period must be proportionate to the offence and the sentence.

It is not proportionate to retain the DNA profile of volunteers. When samples are volunteered, as explained in the response to question 2, they should be destroyed preferably after their use and at the latest at the end of the investigation for which they have been taken. There should not be the need to upload the profile of such samples; if an exceptional need does occur then retention of the profile should at the longest be for the duration of the investigation for which they have been volunteered.

Crime scene profiles should be retained for as long as the crime has not be solved and there is no limitation.

4. In what circumstances, and for what reasons, should DNA be retained from individuals whose profiles are recorded on the database?

DNA samples contain so much of an individual's intimate genetic information that it is essential to limit the retention period to prevent future misuse when technological and scientific progress in DNA analysis happens. Once a profile has been uploaded to the NDNAD, the samples should be destroyed. My understanding is that to be admissible in court another DNA sample is always taken from individuals being prosecuted making it even less justifiable to retain DNA samples.

5. What evidence would be required to demonstrate the ‘forensic utility’ of the NDNAD?

It is difficult to establish an effectiveness criteria as the NDNAD is only one of many tools used by the Police. One way to demonstrate the ‘forensic utility’ of the NDNAD would be to show that it increases the likelihood of convicting criminals while either reducing or not increasing the chances of misidentifying innocents as suspects or even worse resulting in miscarriages of justice.

To keep retaining DNA profiles and samples of innocents, evidence must be shown that retaining DNA profiles and samples of innocents makes a significant difference in detecting and prosecuting criminals.

The retention of DNA from crime scenes appear to have a much better 'forensic utility' than the retention of DNA from individuals. The Home Office explained: "Evaluation of the Programme has shown that the number of matches obtained from the Database (and the likelihood of identifying the person who committed the crime) is 'driven' primarily by the number of crime scene profiles loaded onto the Database". Helen Wallace provides further analysis of the data available and concludes that "the success of the Database is determined largely by the number of DNA profiles collected from crime scenes, not from individuals".

A much larger public debate needs to take place.

6. What will be the likely social impact of maintaining the database at current levels or expanding it substantially?

The expansion of the NDNAD is not proportionate.

Too many DNA profiles of innocents are already on the NDNAD: 14 to 21% of the individuals sampled by the England and Wales forces are innocents. This victimises innocents and is a breach of privacy.

The bias of having an over-representation in the NDNAD of individuals from some minorities (e.g., black males) compared to other groups is not acceptable. It shows likely prejudice by the Police (as they're the ones deciding when to take DNA samples) and it further criminalises the over-represented communities.

Experience has shown that the police - and the labs they employ - can't be trusted to limit their use of our bioinformation to those that are appropriate: leaks from supposedly secure and restricted databases such as the PNC are known to have happened, and it was revealed in FOIA requests obtained by the Observer and Genewatch that there already are likely illegal uses of the retained DNA by one of the processing labs used by the police.

A criminal database on which it is too easy to get on, with bias and from which it is near impossible to get off will be increasingly rejected as individuals resent being put on it for often no apparent good reason. In the current situation one would be most foolish to volunteer one's DNA.

7. What governance arrangements are necessary to secure confidence in the acceptable and appropriate management and use of the NDNAD?

An oversight committee should be created, not just in an advisory role, but with powers to act. This committee should be able to receive complaints from the public. It should be composed of a minority of involved parties (Police, Forensic Science Service, etc.) and a majority of independent members (Genewatch, Nuffield Council on Bioethics, etc.) with the chairperson being an independent member.

The creation of the NDNAD Ethics Group was a step in the right direction but it does not take any direct input from the public and its powers appear limited.

Public involvement through debate and representation in oversight is lacking.

8. What further uses might it be appropriate to make of the genetic information collected for the NDNAD in the future?

Any further use must be reviewed in a transparent manner. Today it is not even possible to find out if one's DNA has been used in a research project.

For one's DNA samples or profile to be included in any non forensic use, outside of the limited use to be communicated to those sampled, must require an informed opt-in consent. Consents should be revocable.

Familial searching is not proportionate, as again it will involve many innocents. This is an obvious and unwarranted invasion of privacy. Revealing genetic familial relationships not always known by family members is a clear breach of privacy that is unethical. This type of research has in the past been associated with eugenics, racism and discrimination.

Any new use should be publicly debated.

9. Are there circumstances in which it might be acceptable for information contained on the NDNAD to be shared or linked, perhaps anonymously, with other agencies or databases?

For bioinformation sharing to be acceptable, mechanism must be in place so that shared data is kept in sync. In particular, when a profile is deleted in the NDNAD it must be deleted wherever it has been shared. Obviously any sharing should only happen if the use of the shared profiles is a subset of the allowed use of the profiles in the NDNAD. Independent oversight of data sharing must be in place.

Safeguards for exchanges of bioinformation with police forces from other countries are unclear and standard data protection measures such as data correction are too often not required.

Any data sharing also imply that more individuals will have access to the DNA profiles further increasing the risk of information leaks.

10. Under what conditions or in what circumstances might arguments for an universal DNA database be persuasive?

A universal DNA database is not proportionate to the need of the criminal justice system in a democratic society. Furthermore current data seems to indicate that this would not increase the detection rate (see response to question 5).

DNA contains very personal intimate genetic information, and technological and scientific progress may help reveal more information from a DNA samples than is currently possible. The temptation to use new techniques on the NDNAD may become too tempting to the Home Office, the Police and the DNA labs. The risks would be even greater if we ever get a Government keen on misusing bioinformation to further restrict people's rights and freedoms.

websiteblogblog archivenews feedfeedback

Thu, 06 Nov 2008

The DNA database and you - How big is it? How many get off it? Your questions answered...

Published in El Reg

El Reg Special Report: The DNA database and you

The National DNA Database (NDNAD) keeps growing: it now hols more than five million DNA profiles of individuals. Getting off the database, if you have been sampled by England or Wales forces, remain as unlikely as ever. And it remains difficult to make sense of the stats bandied at us, with the press quoting wildly differing figures. So we decided to investigate.

In August, the Daily Mail reported that "4.5 million genetic profiles [are] on record. Up to 1.5 million - or a third of these - are from innocent people".

In another article on the same day, the Mail reported "[t]he figure of 573,639 people on the database who have not been convicted, cautioned, formally warned or reprimanded has pushed the overall total to 4.2 million."

This is an extreme example of the difficulty of making sense of statistics concerning the NDNAD. Our first step was to find source data.

In May 2007 the National Policing Improvement Agency (NPIA) started to administer the NDNAD. We'll use data obtained in a recent response to a Freedom of Information request to the NPIA to get some sense out of the data and figure out what are all the implied assumptions.

Data from the NPIA is authoritative, but the organisation's view of what is the NDNAD is a matter of opinion. The NPIA claims that "The NDNAD is not a criminal records database. It holds very little information about a subject's identity - only their name, date of birth, sex and ethnic appearance. Inclusion on the DNA database does not signify a criminal record, and there is no personal cost or disadvantage by being on it".

The National DNA Database Ethics Group and the Human Genetics Commission both consider the NDNAD to be a crime-related intelligence database. Recent findings suggest that composite statistics do not mask identity within genome-wide association studies and that DNA profiles previously considered anonymous and not containing genetic markers may reveal much more than was thought.

Often assumptions are made about the data; and these may not be the same for different sets of data. The NDNAD includes profiles of DNA samples taken by forces from England, Wales, Scotland and Northern Ireland, but often figures given in Parliament or in the press are only for samples taken by the England and Wales forces.

The NDNAD includes DNA profiles of the DNA samples taken from individuals and profiles of the DNA found at crime scenes. Here are figures up-to 2008-09-01.

(At 2008-09-01) England & Wales forces Other forces
Total number of subject profiles 4,969,225 327,088
Estimated total number of individuals 4,319,807 273,358
Total number of crime scene profiles 320,335 13,749

The subject profiles consist of both profiles of DNA samples taken from individuals following arrest for a recordable offence, known as criminal justice samples, and profiles of subjects who volunteered a DNA sample (whether those that do so are sufficiently informed before they give their consent is an issue that was raised during the presentation of the Nuffield Council on Bioethics; the NDNAD Ethics Group has been discussing the volunteer consent form for DNA sampling and accompanying information), for example, for elimination purpose.

Another source of confusion is that the number of subject profiles on the NDNAD is higher than the estimated number of individuals on it. This is often misrepresented. It happens because some of the profiles held are replicates. Multiple samples are taken from the same subject and profiled when on different occasions there's confusion concerning the person's name. Replication also happens when the police decide to resample an individual. The number of replications is estimated at around 13 per cent (it varies over time and between police forces).

Define innocent

A common question is how many of these individuals are innocents. This is particularly difficult to find out.

First, the National DNA Database was allegedly never set up to record this information; this is in the Police National Computer (PNC).

Second, what is meant by innocent is not always consistent; the obvious definition of all those never charged and those acquitted may not map directly to the information available. The NPIA ran a report on 2008-03-31:

(At 2008-03-31 for England & Wales forces) Total individuals Percentage of total
With a conviction, caution, formal warning or reprimand 3,259,347 79%
No conviction, caution, formal warning or reprimand listed 573,639 14%
Not known as PNC record removed 283,727 7%
Estimated total number of individuals 4,116,713 100%

From the above table it can be deduced that, as of March 2008, there were DNA profiles for at least 573,639 innocent individuals and possibly for as many as 857,366 innocents. Fourteen to 21 per cent of the sampled individuals recorded in the NDNAD are innocent. Furthermore, that does not take into account any mistakes in the PNC.

What happens to the DNA samples and profiles of all those innocents? Most of them are kept and retained forever. The procedure to get off the NDNAD is complex and assume that one case is considered exceptional enough to justify such a procedure in the first place.

See El Reg's How to delete your DNA profile for more on this. (Note that the only process map the Metropolitan Police has published since is a rehash of the usual guidelines and the Specialist Crime Directorate 12 wrote that '[t]here is no additional information I can supply on this subject'.)

Subject profiles removals 2003 2004 2005 2006 2007 2008 (adjusted)
England & Wales forces 677 34 81 271 310 222
Other forces 23,492 19,160 21,580 21,969 21,265 19,164

The huge difference in numbers between removals of samples taken England & Wales forces and by other forces is due to differences between English & Welsh and Scottish laws. DNA profiles and samples of innocents taken by Scotland forces can't be kept forever.

Whether England and Wales forces can keep stalling on the removal of DNA profiles (and destruction of DNA samples) of innocents has gone all the way to the Grand Chamber of the European Court of Human Rights:

"The [Marper and S v. UK] case concerns the decision to continue storing fingerprints and DNA samples taken from the applicants after unsuccessful criminal proceedings against them were closed." The hearing was in February and the ruling will be given later this year. (Note that the adjusted figure for 2008 is based on data up to September adjusted for the rest of the year.)

I did not request the data for calendar additions to the NDNAD, but to put things in perspective, the yearly average number of subject profiles added to the NDNAD for the the financial years 2005-07 was 711,645 (NPIA NDNAD Annual report data). For England and Wales forces it was 646,767 (John Reid in Parliament written answers).

Profiling at a young age

There's particular concern as to how many young individuals are included in the NDNAD. Depending on whether you consider the NDNAD as a criminal database, being included in it at a young age is worrying.

(At 2008-09-01) England & Wales forces Other forces
Total subject profiles from 10-17 year old 343,745 10,671

The England & Wales forces again lead in in their aggressiveness to sample DNA. Six pe rcent of all the profiles in the NDNAD were taken by other forces, but only three percent of the DNA profiles of subjects 10 to 17 years old (when the report was ran) was for samples taken by other forces.

The NPIA last ran a more complete report concerning 10-17 year-olds on 2008-04-10:

(At 2008-04-10 for England & Wales forces) Total individuals Percentage of total
With a conviction, caution, formal warning or reprimand 264,297 87%
No conviction, caution, formal warning or reprimand listed 39,095 13%
Estimated total number of individuals 303,393 100%

(The number of those with a PNC record is one less that the estimated total number of individuals. The NPIA did not state if there's one youngster with a PNC record already removed, which is unlikely or whether this should be viewed as a statistical error). From the above table, it can be seen that at least 39,095 innocent youngsters are affected.

If you happen to live in England or Wales, being young or innocent, or both, is not enough to ensure you won't be captured in this massive database. ®


It can be argued that retaining DNA profiles of individuals is not even effective in solving crimes. Helen Wallace, from GeneWatch, debunked this assumption last year when looking at who should be on the NDNAD:

"Collecting more DNA from crime scenes has made a big difference to the number of crimes solved, but keeping DNA from more and more people who have been arrested - many of whom are innocent - has not. Since April 2003, about 1.5 million extra people have been added to the Database, but the chances of detecting a crime using DNA has remained constant, at about 0.36%."

El Reg Read and comment on this article at El Reg...

(Two days ago, the Lords voted in favour of an amendment to the Counter Terrorism Bill, which aims 'to try to spark a national debate about the retention of samples and to inform the public about what information is being held on them'.)

websiteblogblog archivenews feedfeedback

Mon, 03 Nov 2008


The BBC in its Monday's coverage of the inquest into the death of Jean Charles de Menezes picked up on a comment made by another passenger, that he looked almost calm. This is in fact the second time during the inquest that someone commented de Menezes was calm.

First time was in the statement of Vivien Menezes, Jean Charles's first cousin:

[...] He was a calm individual and always behaved reasonably and was polite to the police. [...]

And on Monday when Anna Dunwoodie, a passenger in the same row of seats as Jean Charles de Menezes was answering a question from Mr Jonathan Hough (on behalf of the Coroner)

Q. You also say that you could see the expression on the man's face who actually had the gun pointed at his neck, that's Mr de Menezes; can you remember anything about that expression now?

A. I remember that his eyes were closed and I remember that he had ... you know, it's a hard thing to try to explain but his eyes were closed and he looked almost calm, which again I hesitate to say that, but ... I guess he had a gun pressed, and there wasn't very much he could do about it.

As you hopefully noticed I settled as the title for this blog on an excerpt from the custody record filled in after my arrest:

RISK ASSESSMENT: DP [detained prisoner] is calm on arrival [at the station], almost too calm.

What's so unusual, disturbing or noteworthy about remaining calm?

(The bold is my emphasis.)

websiteblogblog archivenews feedfeedback