The DNA Bill: Another Invasive, Imperfect Database!

The DNA Bill completely ignores the Supreme Court’s confirmation of privacy as a fundamental right.

A model of human DNA is silhouetted against a window (Photographer: Daniel Acker/Bloomberg News)
A model of human DNA is silhouetted against a window (Photographer: Daniel Acker/Bloomberg News)

On July 4, 2018, the Union Cabinet approved the DNA Technology (Use and Application) Regulation Bill 2018. Efforts to enact a legislation enabling DNA profiling have been underway since 2007 with the process being spearheaded by the Department of Biotechnology. Running across the different versions of the Bill have been concerns related to misplaced claims about the infallibility of DNA evidence, broad instances of when DNA can be collected, the need for clear chain of custody of DNA samples between crime scenes, labs, and databanks, expansive powers of the DNA Regulatory Board, and privacy-related aspects including the need for adequate standards for consent, retention, deletion, sharing and disclosure of information, notification, right to access, and right to redress.

The DNA Technology (Use and Application) Regulation Bill 2018 provides for the use and regulation of DNA based technology for the purposes of establishing the identity of victims, offenders, suspects, undertrials, missing persons, and unknown deceased persons. It lays down standards and procedures for laboratories, and establishes and regulates regional and national DNA databanks.

The Bill is being introduced in the Monsoon Session of Parliament but it is surprising that very little has been written about it, especially since it is flawed in too many ways. There are a number of safeguards that are still needed in the Bill and a significant amount of capacity building that needs to take place around the collection and use of DNA for forensic purposes. Fundamental constitutional issues like privacy and the right against incrimination seem to have been ignored even though there is a Law Commission report in July 2017 highlighting these issues.

The Supreme Court’s confirmation of privacy as a fundamental right in the Puttaswamy case seems to have been ignored completely.

How could anyone, including the State, claim a right to collect DNA samples, pubic hair, videos and photographs of genitals, without the clear informed consent of an arrested person who was present at the crime, questioned in connection with the investigation, or intending to find lost relatives? Surely, even if it becomes necessary to collect DNA samples, there are more civilised methods! Would Articles 20(3) and 21 of the Constitution and as interpreted in Selvi vs. State, permit nonconsensual collection of “bodily substances” from a person, on the orders of a magistrate, before even being charged with a crime?

How can the victim be compelled to provide “bodily substances”? 

DNA Evidence Is Not Infallible

While DNA profiling can be a useful tool in solving crimes, it is not infallible. False matches are possible as a result of contamination of a sample, an error in profiling, or as a result of the type of profiling system used – all of these have been severely criticised. It has also been reported that crime scene samples often have low amounts of DNA present, contain DNA from multiple persons, and are often damaged. This recognition is particularly important when DNA is used as evidence in-trial as safeguards need to be put in place to ensure a fair trial. This includes the requirement of corroborating evidence and ensuring that judges, court officers, and law enforcement are trained in forensic genetics. The Bill itself uses the words “similar” and “match” neither of which are defined.

At the very heart of the issue is that the legal system does not understand DNA evidence at all.
A street cleaner carrying a spray pack of disinfectant,  assists a police officer cleaning his hands in Nashik, Maharashtra, India. (Photographer: Dhiraj Singh/Bloomberg)
A street cleaner carrying a spray pack of disinfectant, assists a police officer cleaning his hands in Nashik, Maharashtra, India. (Photographer: Dhiraj Singh/Bloomberg)

In most cases, DNA evidence is presented as ‘proof’ when it is, in most cases, a statistical analysis of probability, which in itself is very controversial. After all, if you torture statistics enough, you can prove anything. Where the investigators are poorly trained, prosecutors do not disclose all the evidence collected, merely what suits their case, there isn’t an independent prosecuting agency and criminal trials are notoriously badly conducted, there is already a continuing violation of constitutional rights in our criminal justice system. If DNA is to be used, perhaps it is best used as exculpatory evidence until there is a good understanding of how it works and how it can be used.

Since there is a need for legislation given the constitutional concerns, here are a few suggestions:

The DNA Bill: Another Invasive, Imperfect Database!

1. Establish a databank for well defined criminal purposes and a separate databank for civil purposes may be established subsequently.

Only accept a narrow and specific Bill for the use of DNA in well defined criminal instances and make it available only to the accused, for use by the defense, not the prosecutors. The 2018 Bill establishes regional and national level databanks made up of five indices for both criminal and civil matters: crime scene, suspects, offenders, missing persons, unknown deceased persons. Though the Bill restricts the comparison of profiles against the offender and suspects indexes – so in effect a missing person is not compared against a list of offenders.

Separate databanks need to established for criminal and civil purposes and samples collected only by consent.
A reporter examines a DNA genetic testing kit in Oakland, California, U.S., on June 8, 2018. (Photographer: Cayce Clifford/Bloomberg)
A reporter examines a DNA genetic testing kit in Oakland, California, U.S., on June 8, 2018. (Photographer: Cayce Clifford/Bloomberg)

2. Limit the type of profile that can be added to an index.

DNA profiles can be made for any offence or matter listed in the schedule. The DNA profiles can then be added onto the indexes in the databank. In the 2017 version of the Bill, the criminal index was limited to a certain subset of matters defined in the schedule. This has been removed in the 2018 Bill – widening the scope for the offences and profiles that can be added onto any of the indexes.

The Bill has also made it clear that the instances of when DNA may be collected and used, is open for change as notified by the Central Government and as recommended by the DNA Regulatory Board.

This is concerning as previous versions of the Bill had included the creation of a population statistics databank. Though now removed, there is no guarantee that such a purpose will not find its way back in through regulation – particularly as this initiative is being driven by the Department of Biotechnology. India has been pursuing a digital agenda for a number of years and is in the process of defining its roadmap to leverage emerging technologies. Simply said, emerging plans for the future-India rely on data. Fine-grained, comprehensive, interoperable, and centralised data. The establishment of a DNA databank in Andhra Pradesh for predictive medicine purposes has been reported. It is important that the DNA Bill safeguards against function-creep. If a databank is desired for civil purposes - this should be separate from the criminal databank.

3. Align with international best practices.

Ensure that the Bill is in accordance with international best practices, like as defined by the Forensic Genetics Policy Initiative. It is important that the Bill reflects recognised best practice around collection of DNA, destruction of DNA and linked data, as well as safeguards for the process of collecting DNA, analysis of DNA, storage and uses of DNA and linked data, use of DNA evidence in court, international sharing of DNA evidence, appropriate penalties, police access for non-criminal purposes, and appropriate delegation of resources and priorities.

A reporter collects a saliva sample for a DNA genetic testing kit in Oakland, California, U.S., on Friday, June 8, 2018. (Photographer: Cayce Clifford/Bloomberg)
A reporter collects a saliva sample for a DNA genetic testing kit in Oakland, California, U.S., on Friday, June 8, 2018. (Photographer: Cayce Clifford/Bloomberg)

4. Align with ethical principles.

Align the Bill with the ethical principles defined by the Indian Council of Medical Research, as has been called out in the 2017 Law Commission Report - respect for person, beneficence, and justice. These are supported by the principles of essentiality, voluntariness, informed consent, and community agreement, non-exploitation, privacy and confidentiality, precaution and risk minimization, professional competence, maximisation of public interest and of distributive justice, institutional arrangements, public domain, the totality of responsibility, and compliance.

5. Undertake a financial assessment.

Require the Bill to be accompanied with a financial assessment and cost-benefit analysis.

Evidence from the United States and the United Kingdom have pointed to DNA databases being the most effective when limited to a narrow scope of individuals that are at a high risk of committing an offence again, as opposed to an expansive and all-encompassing database.

The cost of the database is particularly important given India’s large population and the fact that the Bill envisions establishing regional databanks and a national databank. The government’s projections for the cost of establishing and maintaining the databank is about Rs 20 crore upfront, and an annual budget of Rs 5 crore. In the U.K., the maintenance of the National DNA Database for 2015-16 was £3.7 million, which makes the estimate of the government lacking in credibility.

6. First, enact a privacy legislation.

Do not enact the Bill until India has a comprehensive privacy legislation in place.

The privacy protections in India found under Section 43A of the Information Technology Act 2000 are inadequate and will not fill privacy gaps that exist in the 2018 Bill. For example, the 2018 Bill only restricts the communication of a person's DNA profile contained in the suspects, undertrials, and offenders indexes to authorised persons, and does not extend this standard to data held in the missing persons and unknown deceased persons indexes.

Similarly, the 2018 Bill allows for the sharing of data of all indexes with foreign governments as opposed to limiting this to offenders.

The 2018 Bill also provides for deletion of information upon acquittal which means that information in the database will exist for a few decades even during trial, and in the case of a suspect who is never charged, forever. Clearly, this is a huge mistake and patently unconstitutional. Disclosure of data for civil disputes or civil matters also does not necessarily require the approval of a court and can be shared to any concerned authority.

(Image: Delhi District Courts)
(Image: Delhi District Courts)

7. Focus on building capacity.

Establishing a DNA databank is one component of the larger ecosystem of the use of forensic tools for solving a crime. As pointed out in numerous instances, there is a dearth of capacity building that needs to happen across stakeholders including law enforcement, medical practitioners, forensic experts, lab personnel, judges, trial officers etc. Before a DNA databank is established an assessment should be undertaken to ensure that stakeholders possess the needed capacity to ensure effective use of the databank. That the Bill uses the terms “matched” and “similar” without any explanation of the legal consequences of these terms showcases how little the Department of Biotechnology understands the legal system within our constitutional framework.

8. Security must be paramount.

The 2018 Bill requires the security and confidentiality of information contained within a databank including ensuring that adequate organisational security measures are in place. Yet, the security requirements in the Bill are not enforced with a specific penalty for the implementation of weak or insecure standards and instead punishes those in charge, for the failure to exercise due diligence to prevent a breach. This would be a blunt response to inadequate security protocols and the Bill should give more thought on how to effectively incentivise and enforce security standards and practices.

Though DNA based technologies can be useful in solving specific crimes, it is important that discourse and motivations for establishing DNA databanks are tempered with evidence as to how the same should be structured effectively and in a way as to respect and protect human rights.  

Without these safeguards, this will be another system that replicates existing systemic problems and pitfalls in the collection and use of forensic evidence. The Bill as presented in Parliament deserves to be discussed more widely before it is ready for legislation, especially since the decision of the Supreme Court in the Aadhar case is imminent and likely to have a significant impact on our understanding of our fundamental right to privacy.

Elonnai Hickok Chief Operating Officer at The Centre for Internet and Society. Murali Neelakantan is an expert in healthcare laws, and the author of DNA Testing as Evidence - A Judges Nightmare in the Journal of Law and Medicine.

The views expressed here are those of the author’s and do not necessarily represent the views of BloombergQuint or its editorial team.