September 15, 2022 - 10:20am

You’ve been sexually assaulted. You go to the police and, as part of the evidence you hope will convict your attacker, you give them a DNA sample. A few years later the police contact you again. Your DNA sample has been used to identify a suspected criminal. But that suspect is you.

That’s what happened to an unnamed San Francisco woman, whose DNA was entered into a police database in 2016. In late 2021, it was used to link her to a theft case. Physical evidence she gave as a complainant — hoping to get justice — was being used against her in a completely unrelated case. The District Attorney Chesa Boudin declined to pursue the prosecution, saying that his office wanted victims to feel safe reporting crimes and co-operating with police.

Following that case San Francisco adopted a new law in April this year, limiting how the police can store and use DNA profiles from crime victim reference samples. A similar bill has passed the California State Senate and is awaiting Governor Newsom’s signature. The woman is now suing the authorities, the police chief, and others involved, for an unconstitutional invasion of privacy.

The case reveals the importance of regulating the use of data, especially biometric data, for uses other than the initial purpose of collection. Had the law not been changed future victims might think twice about giving physical evidence — or even a complaint — for fear of later incrimination.

But even though a person may feel confident that they will never break the law, nor be reasonably suspected of breaking the law, can they say the same for their family members? By its very nature DNA connects you to your relatives. And a near match with a sample collected at a crime scene may just incriminate a sibling, cousin or uncle.

Since the UK Government lost a case in the European Court of Human Rights in 2008, British law on police retention of DNA samples from innocent people — including those who were charged and acquitted — is much tighter than US law. But there are still lessons to be drawn from the repurposing of Jane Doe’s DNA sample.

Perhaps a friend sent off their DNA to one of the ancestry companies which offer to analyse someone’s swab and tell them what percentage Viking or Maori they are? They may have missed their small print.

As well as putting DNA to commercial use, such companies willingly co-operate with the police to solve serious crimes. They have been credited with helping to solve the Californian Golden Gate serial killer case by identifying the relatives of potential suspects. Now, Scotland Yard is running a similar pilot programme.

The collection of identifying data from people who have committed no crime crosses a threshold — akin to the wholesale extraction of data from the mobile phones of victims in rape cases.

Any form of biometric data, including DNA, cannot be separated from an individual’s physical existence. And that is exactly why the state’s retention and use of this information should be closely controlled. In a similar vein, the lack of a proper regulatory framework for police use of facial recognition technology is worrying.

At its core, this is a problem about the lack of clear boundaries when it comes to state surveillance into our private lives. Ubiquitous cameras, all-permeating data acquisition, and the acceptance of the “nothing to hide, nothing to fear” mantra, render us transparent to authorities that remain mostly opaque to us.

Our faces in public spaces; our use of public transport; our curiosity about what our genes reveal about our family history — anything may be fair game for the police. And that makes justice an unfair game to us.

Timandra Harkness presents the BBC Radio 4 series, FutureProofing and How To Disagree. Her book, Big Data: Does Size Matter? is published by Bloomsbury Sigma.