Eight technical questions to the U.S. plan to collect DNA from immigrants

I re-publish a commentary originally published at Processing Citizenship in October 2019, when the new DNA collection plan was first announced

It is yesterday’s news that the U. S. Department of Homeland Security would be about to collect DNA samples from people into federal immigration custody. To understand the actual novelty and  implications of such a move, we suggest, it is necessary to look into the technicalities of the plan, and ask technical questions. Is that a continuation of business as usual or a real change in the paradigm through which alterity is processed?

Biometric collection conducted on hundreds of thousands of immigrants in federal detention facilities. So what? Aren’t we well used to biometry in order to identify and register migrants? After all, this takes place since quite some years on the Eastern side of the Atlantic. Fingerprinting, DNA for family reunification, X rays to establish age, voice recognition: technologies measuring biological characteristics are routine at most Hotspots in Europe, as well as at registration centers inside the Schengen area. This evidence might at most suggest that for once the Western side of the Atlantic is technologically reeling after the Eastern side.

Geo-technological considerations apart, what is so disturbing with reading that DNA samples from hundreds of thousands of immigrants will be collected by the U.S. Department of Homeland Security? The technology itself, that is, the fact that DNA sampling touches more intimate nerves than fingerprinting, in our technological imaginary? The sheer numbers, evoking collective memories of population management that (we thought) were buried in the past? The governance aspect, as we are well aware that the U.S. Department of Homeland Security (DHS) is eventually accountable to the Trump administration?

All these motivations are implicit in the way newspapers and media are presenting the news. However, there is more. If we wish to understand the actual implications of such a program – also for those who feel it’s time to take action, we need to engage with its technicalities, we need to sort what is business as usual and what is a step further in the socio-technical management of people unknown to authorities, in the processing of alterity. We need to ask more technical questions and have more technical answers. All of us, not only geeks. It’s not so difficult, as I wish to show.

Three are the main technical aspects that should be object of clarification by the program proponents:

1) whose DNA samples are collected and in which circumstances;

2) what is meant by “DNA samples” and how do they differ from other biometric samples;

3) where is data circulated, for which purposes and who can access it.

Whose DNA samples?

According to the U.S. DNA Fingerprint Act of 2005, federal agencies are allowed to collect DNA from individuals in their custody. Customs and Border Protection (CBP) and Immigrations and Customs Enforcement (ICE) are federal agencies who keep migrants in their custody, but a special provision up to now exempted them from collecting DNA from individuals in their custody.

On the other hand, federal laws, regulations and an increasing number of state laws require law enforcement to collect DNA from all people arrested for a serious crime—whether or not they are ever convicted. Up to now, DNA samples have been stored in the FBI DNA database CODIS which contains more than 18 millions profiles of people under arrest, charged or convicted in connection with serious crimes.

We find a first inconsistency here, which needs clarification. The DNA Fingerprint Act of 2005 refers to “people under custody of federal agencies”, while DNA samples up to now stored are those of “people arrested, charged or convicted for serious crimes”. Given U.S.  migration management procedures – which are similar to European ones, most migrants fall into the first category. However, there is no statistical evidence that they also massively fall into the second category.

So, we have a first question: whose DNA is to be collected? That of people in custody at CBP and ICE, or that of people in custody who have also committed serious crimes? In the second case, there is no news, as this is what was already happening. However, media have reported that the new rules would allow to collect DNA from children as well as those who seek asylum at legal ports of entry. This would be a step further in the surveillance of unknown populations, as it would extend DNA collection to individuals who do not have been arrested, charged or convicted for serious crimes. As a matter of fact, in the U.S. system, those who present themselves at legal ports of entry to seek asylum are considered to enter the country lawfully.

Another issue concerns the definition of “serious crime”. In the U.S. as in many European countries, entering the country without documents (e.g., Visa) has been turned into a crime in the last years. The extent to which it can be conceived of as “a serious crime” is however open to debate. Associating irregular border crossing to “serious crime” would be a further step in the surveillance of unknown populations.

It should also be noted that the governmental practice of amassing a trove of biometric data on migrants is already taking place. In the U.S., migrants are already fingerprinted. In Europe, the “Hotspot” machine and other identification centers are collecting extensive types of administrative and biometric data at the external borders of the Continent, including fingerprints, bone scans, saliva. So, what is new here? To answer this question, we have to dig deeper into technological specificities, as I am going to do in what follows.

Which DNA samples, exactly?

As mentioned, in the U.S. DHS is already using biometric identification methods like fingerprinting. The new rules, however, would require forced DNA collection. According to some commentators, there is an intrinsic difference between the two technologies: DNA sampling would be more intrusive than fingerprinting.

This statement inevitably brings with it the assumptions associated with any emergent technology when it is not investigated in the actual situation of use. DNA samples can be collected in different ways, and different degrees of intrusiveness are associated with different collection techniques. Information available up to now on the foreseen collection is however ambiguous. It spans from The Guardian stating that “DNA collection is non-invasive and done mostly through a cheek swab to collect saliva, or a piece of hair“, to a former deputy general counsel at DHS who asserted that DNA testing is considered one of the most invasive actions that the government can take, as it collects a physical substance from a person’s body.

So, two further questions arise. The first is to be asked to DHS: which techniques are going to be used to collect DNA samples? The second is an ethical and political one, and answering it should involve those who are expected to be subjected to DNA sampling: what is an invasive technique? Is invasiveness related to the result (i.e., the physical substance) or to the process (e.g., having someone touching your body, even if only to collect hair)?

The fifth dilemma concerns the analyses which are expected to be carried on the DNA so collected. According to the DHS, a pilot program was already conducted last summer along the U.S. southwestern border. ICE agents used quick DNA sampling techniques to identify “fraudulent family units”, i.e., adults pretending to be the parents of children in order to be granted special protection. So, nothing new? Well, yesterday the DHS spokespersons have specified that the new rules will provide the government with a “more intensive”, “less narrow”, “comprehensive”, “complete”, “fuller-scope”, “much broader” DNA profile of the migrants in its custody. Yet not much else is known about this enhanced analysis. Obtaining a detailed technical explanation of what is meant by “intensive”, “narrow”, “comprehensive”, “complete”, “full” and “broader” is paramount to understand the scope of this next step in the surveillance of unknown populations. Which analysis would be conducted on the samples, and which types of data would be obtained? DNA testing can reveal many sensitive types of data. As the spokesperson of a civil liberties organization has pointed out, genetic material can reveal information about illnesses and sensitive personal characteristics, but also about other individuals, like family members, who might be U.S. citizens or legal residents.

This is even more important in light of a further declaration by DHS, that DHS officials would rely on software to quickly obtain DNA. Here again, the exact functioning of the software should be offered for public scrutiny. This would, for example, allow to verify potential cases of false negative or positive. Is that not possible because of industrial secrecy? Then DHS must take a decision between accountability and software adoption.

Where is data circulated?

The third set of questions concerns the circulation of DNA samples. Now the fingerprints of migrants who cross the border irregularly are sent to federal databases accessible by state and local law enforcement agencies. This informational architecture is not much different from that adopted in Europe, with the specification that on the Eastern side of the Atlantic “federal” should be replaced with “European” and “state” with “member states”. So, again, not much novelty in terms of architecture.

As we have seen, what is new is that the new rules would require to enter the DNA samples into the FBI’s DNA database known as CODIS. According to some sources, this re-use of a criminal database to store data of non-criminal populations is dictated by the necessity to save money. Whatever the reason, a seventh question arises. Which ontologies, which data models would be used for migrants? The same used for people who committed serious crimes? With which consequences for data quality? For example, what happens when the system requires inputting the specific “serious crime” committed by a migrant, and the scroll down menú does not provide the option “border crossing”? Will the field be left blank? Or will additional funds be spent to adapt the system?

Concerning purposes, CODIS is used by state and law enforcement authorities at different scales to help identify criminal suspects. An eighth question arises here. How do authority intend to assure that DNA samples of people who have not committed serious crimes are not queried for other purposes? Queries are usually recorded for accountability reasons, so that logs can be investigated from time to time. Will authorities provide individuals with a log report of the queries conducted on their data, as well as a detailed list of officers who have access to their DNA samples?

To summarize, eight technical questions arise at a very first consideration of the new DHS DNA sampling program directed to migrants:

1) whose DNA is to be collected? That of people in custody at CBP and ICE, or that of people in custody who have also committed serious crimes?

2) to what extent can irregular border crossing be associated to “serious crime”?

3) which techniques are going to be used to collect DNA samples?

4) what is an invasive technique? Is invasiveness related to the result or to the process?

5) which analysis would be conducted on the samples, and which types of data would be obtained?

6) what is the exact functioning of the software used to analyse DNA?

7) which ontologies, which data models would be used for migrants on CODIS?

8) how do authorities intend to assure that DNA samples of people who have not committed serious crimes are not queried for purposes other than crime fighting?

These are questions to which an answer should be provided before any concrete implementation. This would allow to concretely test the feasibility of the plan, as much as its democratic legitimacy.

Some sources:

CODIS

– The New York Times

The Wall Street Journal

The Guardian

Electronic Frontier Foundation

Vanity Fair