Stop the Database State

A recent article in New Scientist magazine [1] has highlighted the dangers from the unrestricted data sharing of DNA profiles that will occur when the EU Prüm Convention [2] is fully implemented.

The case highlighted by New Scientist was that of Peter Hamkin who was arrested in 2003 on suspicion of murdering a woman in Italy, after his DNA profile on the UK DNA database was matched with that of the murderer. A second DNA test ruled him out, but the case highlights the technical problems with cross searching between different national DNA databases, particularly as only six loci need to be compared under Prüm which will result in a large number of false positives.

New Scientist is a scientific magazine and as such its remit clearly does not cover the wider socio-political questions with data sharing, which is unfortunate because these are critical issues. For example, one of the key concerns around unrestricted data sharing is the lack of legal safeguards for people falsely accused of crimes due to errors in the database. This can have disastrous consequences for the accused person, as under the European Arrest warrant they can be extradited effectively on the whim of a foreign prosecutor, without any UK court review of the credibility of the evidence against them. If this happens, despite being innocent they may find themselves locked up for a prolonged period, in a foreign country with a judicial system falling far short of the standards we take for granted in the UK. For example in Italy, cases can take years to come to court, which raises the question of where will the extradited individual, who has now no income, find money to pay their mortgage and other bills and who will look after their children or other dependants?

There is currently no legal redress or right to compensation from database errors. Indeed, there is no legal requirement for law enforcement, or other government bodies to ensure that data held within a database is accurate, or to correct database errors. Such a situation is a recipe for ongoing and repeated errors, as the database owner (or EU member state) suffers no consequences from such errors and therefore has no drivers to ensure accuracy.

Another concern is data security as data protection laws vary considerably between member states. Indeed, in 2009 an official government report [3] concluded that it was inevitable that DLVA data, which is also subject to sharing under Prüm, will be lost, stolen or sold in a number of EU countries.

Finally, it is also important to remember that mass unrestricted data sharing not even necessary for effective law enforcement. It is perfectly possible for such data to remain under national control and for searches to be conducted at the specific request of another law enforcement bodies.

[1] http://www.newscientist.com/article/mg21128285.500-dna-supernetwork-incr...
[2] The Prüm treaty enforces the so called principle of “availability” where law enforcement officials in one EU jurisdiction are entitled to access information held in any other. Although the UK is not a signatory to the Prüm Treaty, a EU Council Decision (commonly referred to as the Prüm Decision) has effectively meant that its data sharing for law enforcement purposes is now obligatory even for the UK. See The Prüm Framework, page 39 in Database State, Joseph Rowntree Reform Trust Ltd, 2009, ISBN 978-0-9548902-4-7. (http://www.jrrt.org.uk/uploads/Database%20State.pdf)
[3] http://www.theregister.co.uk/2009/12/14/dvla_prum/