Human beings leave trails of genetic data wherever we go. We unavoidably leave genetic traces on the doorknobs we touch, the items we handle, the bottles and cups we drink from, and the detritus we throw away. We also leave a trail of genetic data with the physicians we visit, who may order genetic analysis to help treat a cancer or to assist a couple in assessing their pre-conception genetic risks. Our genetic data, often but not always shorn of obvious identifiers, may be repurposed for research use. If we seek to learn about our ancestry, we may send a DNA sample to a consumer genetics service, like 23andMe, or share the resulting data on a cross-service platform like GEDmatch. If we are arrested or convicted of a crime, we may be compelled to give a DNA sample for perpetual inclusion in an official law-enforcement database. Law enforcement might use each of these trails of genetic data to learn about or identify us—or our genetic relatives.
Should law enforcement be permitted to make use of each and every one of these forms of genetic data, consistent with the Fourth Amendment of the U.S. Constitution? That is the question that motivates James W. Hazel and Chris Slobogin’s recent article, “World of Difference”? Law Enforcement, Genetic Data, and the Fourth Amendment. Hazel and Slobogin take an empirical approach to the Fourth Amendment inquiry, reporting results of a survey of more than 1500 respondents and probing which types of data access respondents deemed “intrusive” or treading upon an “expectation of privacy.” Their findings indicate that the public often perceives police access to genetic data sources as highly intrusive, even where traditional Fourth Amendment doctrine might not. As Hazel and Slobogin put it, “our subjects appeared to focus on the location of the information, not its provenance or content.” That is, intrusiveness turns more on who holds the data, rather than on how it was first collected or analyzed. Hazel and Slobogin conclude that their findings “support an argument in favor of judicial authorization both when police access nongovernmental genetic databases and when police collect DNA from individuals who have not yet been arrested.”
Hazel and Slobogin’s analysis is firmly rooted in existing doctrine. As they observe, much genetic data collection, analysis, and use has traditionally been beyond the scope of the Fourth Amendment. The Fourth Amendment extends its protections only to “searches” and “seizures,” and existing doctrine defines government intrusion as a search, in large measure, based on whether government action intrudes upon an “expectation of privacy” that society is prepared to recognize as “reasonable.” Under the so-called “third-party doctrine,” “if you share information, you do not have an expectation of privacy in it.” But in its recent Fourth Amendment decision in United States v. Carpenter, the Supreme Court suggested that the third-party doctrine is not categorical. As Hazel and Slobogin aptly summarize, “In the wake of Carpenter, considerable uncertainty exists about the applicability of the third-party doctrine to genetic information.” Indeed, Justice Gorsuch, dissenting in Carpenter, “used DNA access as an example” of information in which individuals typically expect privacy, despite having entrusted that information to third parties.
Hazel and Slobogin provide an empirical response to this uncertainty. They survey public attitudes regarding the privacy of certain sources of genetic data, and the intrusiveness of investigative access to that data. In assessing these attitudes, the authors also queried respondents about a range of non-genetic scenarios, including some both clearly within and beyond existing Fourth Amendment regulation, in order to better gauge relative findings of intrusiveness and privacy. The authors appropriately acknowledge that the platform they utilized to complete the survey—Amazon Mechanical Turk—and the population they recruited to participate may be imperfectly representative of the general public. They discuss countermeasures they took to minimize biases in their results, including excluding responses received in under five minutes (which “are indicative that the individual did not answer thoughtfully”).
The results indicate that law-enforcement access to many sources of genetic data ranked as highly intrusive and infringing upon an expectation of privacy. Among other findings, “police access to public genealogy, direct-to-consumer and research databases, as well as the creation of a universal DNA database, were … ranked among the most intrusive activities.” These government activities ranked similarly to searches of bedrooms and emails, and as both more intrusive and more infringing on a reasonable expectation of privacy than “cell location”—the data at issue in the Carpenter case itself. Yet many already-common police collections of genetic data, including surreptitious collection of “discarded” DNA, compelled DNA collection from arrested or convicted persons, and even familial searches in official law enforcement DNA databases ranked as among the least intrusive or privacy-offending activities.
Hazel and Slobogin suggest that Fourth Amendment doctrine should be attentive to societal views about privacy, such as the data uncovered in their survey, and that this should prompt closer scrutiny of the “situs of genetic information” in assessing expectations of privacy. The role of survey data in Fourth Amendment analysis is contested, but one need not subscribe to Hazel and Slobogin’s view of the importance of this data to Fourth Amendment analysis to appreciate their insights.
For one thing, Hazel and Slobogin’s data provide an antidote to claims of broad public support for law enforcement use of consumer genetics platforms to investigate crimes. According to Hazel and Slobogin, government access to consumer genetics data consistently ranked as highly intrusive and privacy-invasive. These findings also lend weight to Justice Gorsuch’s intuition in Carpenter that government access to genetic data from these sources ought to require a warrant or probable cause.
In addition to the Fourth Amendment, moreover, Hazel and Slobogin’s findings suggest that Congress or the Department of Health or Human Services ought to act to better protect medical data, especially genetic data in medical records. Survey respondents “ranked law enforcement access to genetic data from an individual’s doctor as the most intrusive of all scenarios, just above police access to other information in medical records.” Under existing law, these records are typically protected from nonconsensual disclosure under the HIPAA Privacy Rule, and physicians and their patients share a fiduciary relationship that is often privacy protective. But the HIPAA Privacy Rule codifies a gaping exception to nonconsensual disclosure for law enforcement purposes. As Hazel and Slobogin recognize, the Privacy Rule permits genetic information to be disclosed to law enforcement upon as little as an “administrative request.” That minimal standard runs contrary to the strongly held attitudes of privacy and intrusiveness that Hazel and Slobogin’s study reveals. These findings should provide impetus to act to better protect medical records from government access.
We ought not, however, overinterpret the authors’ results. Their findings indicate limited concern about the most well-known forms of genetic surveillance, through compelled DNA collection from individuals arrested or convicted of crimes or from surreptitiously collected items containing trace DNA that individuals cannot help but leave behind. Perhaps these results reflect a genuine lack of concern with these practices—or perhaps they merely reflect that individuals expect what they know the government is already doing. A one-way ratchet of public acceptance ought to give us pause about findings of non-intrusiveness for well-known police practices.
In sum, Hazel and Slobogin’s article yields important new data suggesting that government access to many sources of genetic data is indeed highly intrusive. That data may inform Fourth Amendment analysis. It also may inform discussions about the fitness of existing statutory and regulatory protections for genetic data, the need for new protections, and the credibility of existing claims of public support for certain uses of such data.