DNA enters legal maze with potential to solve — and create — privacy problems
In August 1970, a woman named Patricia Ann Parker filed a paternity suit against Elvis Presley in Los Angeles Superior Court. The 21-year-old waitress claimed she’d had a relationship with the King of Rock and Roll during his engagement in Las Vegas earlier that year, and she wanted $1,000 a month in support for the child she named Jason Peter Presley.
Parker’s only proof that she and Presley were ever together was a black-and-white snapshot of the two of them taken in the corridor near his dressing room. Presley gladly posed with anyone who wanted a picture, and he was appalled his generosity was being used against him in a court of law.
The judge decided the quickest way to arrive at the truth was to order blood tests to establish the baby’s paternity. The baby obviously needed to be tested, too, and in those days the blood was drawn from a small cut made in the child’s heel. Presley and Parker were present for the procedure, and as the doctor made his incision, the child shrieked. Presley reportedly clenched his jaw and cursed underneath his breath at Parker, who he felt had unnecessarily put her baby through great pain to undergo this fishing expedition.
The blood tests proved that the child was not Presley’s.
The procedure used to draw that baby's blood is identical to the one used for screening babies for genetic conditions in the first 24 to 48 hours of life. That process is the neonatal heel-prick test (commonly referred to as the Guthrie test) and has been a staple in labor wards and birthing clinics for decades. The drawing of blood from a newborn can be used to prove — or disprove — paternity, or for screening for a host of genetic conditions. Now with DNA testing, it’s much quicker and far more accurate.
Like that 1970 blood test, DNA has provided a lot of answers. But it has also created new questions with the potential to open a Pandora’s box of legal problems that we haven’t even imagined yet.
The long lagging arm of the law
DNA currently is basking in widespread popularity. It has helped solved murders, rapes and other crimes. It has exonerated the wrongfully accused and freed the wrongfully imprisoned. It can establish paternity and reunite long-lost family members. It’s also being mined for data collection for future medical research and breakthroughs.
DNA's accuracy is hard to dispute, and it has become so affordable that millions are signing up for websites like Ancestry and 23andMe with the companies' promises to help track their pasts and see what mysteries lay ahead.
But for every positive action or step forward, there is an equal and opposite reaction.
The law traditionally lags behind technological breakthroughs, so it seems inevitable that the courts will have to engage with this at some point.
“Law moves much slower than science and technology; (it's) known as ‘The Pacing Problem,’” said Gary Marchant, Regents' Professor of law and director of Arizona State University's Center for Law, Science and Innovation. “So with many questions in genetics and other emerging technologies, legislators and regulators have to establish rules. When someone claims injury or invasion of privacy, courts and juries are forced to adjudicate new claims using old laws, which often fit poorly.”
Even more troubling is that DNA could potentially leach into a lot of different areas of the law, including privacy, discrimination, research, consumer rights, health and law enforcement.
About the only federal law on the books that has any teeth is the Genetic Information Nondiscrimination Act of 2008, also referred to as GINA. The law prevents discrimination from health insurers and employers.
“It was one of the very first and preemptive laws looking toward the future to try and reassure people that we could go forward with genetic medicine,” Marchant said. “But it only protects certain things — health insurance, yes, but not everything.”
Marchant said that could be problematic for individuals who choose to get their DNA sequencing done, because they would have to disclose by law what they know to insurers for life, disability or long-term care insurance.
Before the federal law was passed, many states had passed laws against genetic discrimination. The degree of protection from these laws varies widely among the different states.
“We all leave our DNA behind every day on drinking glasses and many other objects,” Marchant said. “In some states, it would be illegal to take your drinking glass and test your DNA for any trait. In other states it would only be legal to test for non-health-related traits, and in other states it would be legal to test for anything.”
Marchant said that since we cannot avoid leaving our DNA behind every place we go and on every object we touch, it raises tough questions that we as a society must eventually answer.
“Do you care that virtually anyone could test your DNA for private information?” Marchant said. “Would you want to know the secrets in your DNA, and how might they use that information to help or hurt you?”
Better to ask for permission than forgiveness
While there’s not much in the way of legal precedent regarding DNA, our DNA has been tested and stored by hospitals, health providers and other entities for almost 50 years — with and without our knowledge — according to ASU Professor Diana M. Bowman.
Bowman said Guthrie tests have been utilized by the health community since the 1960s. The blood that is captured on those cards is screened for a number of genetic diseases, including cystic fibrosis and phenylketonuria, and is subsequently stored.
“The filter paper — which constitutes the card — contains the DNA of a newborn, which is then screened for a range of genetic conditions, thus allowing early intervention — when required. From a public health perspective, Guthrie cards are a very powerful tool that have allowed thousands and thousands of children across the world to have a better quality of life,” said Bowman, a professor in the Sandra Day O'Connor College of Law and the School for the Future of Innovation in Society. “The public health benefits of the program cannot be questioned, especially as scientific advances have allowed us to test for additional genetic diseases. I think there are very few people who would argue otherwise.”
In addition to diagnosing diseases, these cards have a variety of uses, said Bowman. They include identifying remains of a body (especially in the case of mass tragedies), establishing paternity and medical research.
BowmanBowman is also the associate dean and professor in the Consortium for Science, Policy and Outcomes and a senior sustainability scholar with the Julie Ann Wrigley Global Institute of Sustainability. said the problem is many people who were screened as children as part of the Guthrie card program have no idea that they went through the heel-prick process, and that in many instances — if not the majority of cases — the hospitals didn’t have the parents' consent prior to the test.
The bigger legal issue today, Bowman said, doesn’t have to do with consent to the screening process itself, but what was done with the information on the cards in regard to potential secondary uses, such as research. Bowman also suggests that there may be questions relating to the ways in which the cards have been stored. How might they be used in the future? And who has ownership of them?
Bowman said in the United States, there have been cases where families have, collectively, taken the state to court over accessing and taking possession of their cards; in Texas, this resulted in the destruction of 5 million cards as part of the settlement agreement. In Australia, widely publicized events including a criminal investigation into an alleged case of incest in Western Australia, led to the destruction of all cards older than two years in that state’s archive.
“The loss of that very rich kind of DNA could be seen as a real blow to medical science and to the legitimacy of the screening programs themselves,” Bowman said. “We need to get more sophisticated in how we look at consent, and secondary use, and walk parents through this powerful public health intervention.”
Using DNA to bust criminals, find family
In the new era of DNA testing, people can pay a fee, send a swab of their saliva to a site such as Ancestry or 23 and Me and get a breakdown of their genomes. But the millions who have already taken these tests probably don’t realize they’re putting their genetic privacy at risk.
That was certainly the case with 72-year-old Joseph James DeAngelo, a suspect arrested in the “Golden State Killer” case after Sacramento police investigators used an open-source genetic database, GEDmatch, to explore his family tree.
Though most private genetics companies won’t grant access to their databases, they do work with law enforcement on disclosing information about customers' DNA. And sites like GEDmatch include free tools that allow people to enter their DNA profiles or genealogical data to find familial matches with other users.
Marchant said he’s all for it when it comes to potentially busting violent criminals.
“If we are finding these horrible criminals who are doing these horrible things … that we would not have found otherwise, I don’t see that as a bad thing,” Marchant said. “Frankly, if I had a murderer or rapist in my family, I would want to help catch them before they commit another horrific crime. I wouldn’t have a problem with it myself, but some people do: In which case, don’t put your data on a site.”
Jamie Winterton, director of strategy for ASU’s Global Security Initiative, says there are other ramifications to DNA discovery.
“People are finding new relatives they didn’t know they had or looking at someone they thought was a relative and realizing, ‘Oh, based on this data, we’re not genetically related at all,’” Winterton said. “So there are some awkward conversations going on between people.”
Winterton, who is adopted, said she has contemplated taking a DNA test and finding her biological parents but has resisted so far.
“I don’t know how I would be received,” Winteron said. “I’m also a privacy advocate, and my genetic parents might want to keep their privacy. I have no idea what they want. I have been going back and forth on this for five years.”
Nothing is secure with hackers
DNA has provided myriad discoveries about the past, but it's also in use to push forward future discoveries. The All of Us Research Program is one such effort. Organized by the National Institutes of Health, its mission is to gather data from 1 million or more people living in the United States to accelerate research and improve health. According to the program website, researchers hope that by taking into account individual differences in lifestyle, environment and biology, they can uncover paths toward delivering precision medicine through DNA collection.
Researchers believe data collection in large volumes could lead to breakthroughs in early Alzheimer’s detection, breast cancer, sickle cell anemia, heart issues, rare blood disorders and almost any genetic hereditary disease.
While some are inspired to participate in a national database, others are less inclined to put their DNA information on the market, so to speak, without explicit control of who has access. For these individuals, blockchain technologies may be an option.
ASU Research Professor Dragan Boscovic thinks that’s a good idea.
“It’s an indelible copyright and unbreakable reference that no one can dispute,” said Boscovic, a computer science research professor and director of ASU’s Blockchain Research Lab. “Blockchain can help you control who has access to that information and for what purpose. You would be the owner rather than the companies who are now testing or hospitals that are keeping our bio samples.”
Boscovic suggests choosing a blockchain that supports privacy and enables participants to control the information, in case they choose to allow research and testing. The blockchain protocol should also control access to genealogical history and shield personal information from law enforcement unless the user gives specific permission.
The other benefit of a blockchain is that it’s extremely hard to hack. But not impossible, according to ASU’s Adam Doupé.
“Nothing is secure,” said Doupé, an assistant professor in the School of Computing, Informatics, and Decision Systems Engineering and associate director of the Center for Cybersecurity and Digital Forensics. “Hackers are very clever because they prey on human fears and weaknesses. There is definitely an extortion scenario or two there.”
Doupé said hackers often target individuals with a high net worth to extort them for their silence. If a hacker obtained someone’s DNA that showed they are prone to early-onset Alzheimer’s or another genetic disease, they might be willing to pay to keep that information private.
“When your DNA is out there, like data, it’s sort of like Pandora’s box,” Doupé said. “Once it’s out there, you can’t ever put it back in the box.”
Potential chilling effect on global security
Winterton has spent her career looking at national and global security. She is trained to think about worst-case scenarios and says she shudders when thinking about the possibilities of DNA falling into the wrong hands.
“There are millions and millions of genomes out there and I don’t know how they’re being protected, but I hope they’re doing a better job than Equifax did with our credit histories,” Winterton said. “When you collect large groups of data, you have to consider: What could a foreign adversary do with that information? I think that gets left out of the conversation.”
One answer is simple to Winterton: It could be used to exploit an American with a national security clearance.
In April 2015, the database for the U.S. Office of Personnel Management was breached, Winterton said. This database contained sensitive information about Americans who applied for security clearances. The Equifax hack occurred in 2017, detailing economic information about millions of Americans. Add a DNA breach, and that could spell additional trouble, Winterton said.
“The genetic piece is another way to manipulate someone,” Winterton said. “It offers a fuller picture, this whole other aspect of a person that an adversary could control and target an individual with classified information.”
Winterson said people are often willing to give up their private information for convenience and are often motivated on a risk-reward basis. She said consumers need to start considering what privacy means to them, while tech companies need to think about potential outcomes of their products and how to protect privacy.
“It would be much more effective if Silicon Valley and people from national security talk about this problem now, rather than deal with the risks down the road after deployment,” Winterton said. “That never, ever works.”
More stories in this series
More Law, journalism and politics
Law experts, students gather to celebrate ASU Indian Legal Program
Although she's achieved much in Washington, D.C., Mikaela Bledsoe Downes’ education is bringing her closer to her intended destination — returning home to the Winnebago tribe in Nebraska with her…
ASU Law to honor Africa’s first elected female head of state with 2025 O’Connor Justice Prize
Nobel Peace Prize laureate Ellen Johnson Sirleaf, the first democratically elected female head of state in Africa, has been named the 10th recipient of the O’Connor Justice Prize.The award,…
Native Vote works to ensure the right to vote for Arizona's Native Americans
The Navajo Nation is in a remote area of northeastern Arizona, far away from the hustle of urban life. The 27,400-acre reservation is home to the Canyon de Chelly National Monument and…