Monthly Archives: November 2014

Preparing for biometrics and drones in the ‘post-privacy’ era

Privacy is generally understood as a freedom from unauthorized intrusions. The development of the legal protection of our privacy rights was historically tied to traditional concepts of home, curtilage or property. As frequently articulated, our privacy rights were connected to a “thing” or a “place” where we had a reasonable expectation of privacy. This concept transitioned over time from a physical place to include information space. Now the astonishing developments resulting from modern technologies is further challenging our historic conceptions of privacy and will require the formulation of new standards and practices and perhaps even a redefinition of privacy itself.

Gone are the days when the government only kept records of events such as birth, marriage, property ownership or death. Governments are now using surveillance technologies from drones to automated license plate readers to collect and store data on citizens and non-citizens alike. The commercial collection of personal data is also widespread. Mall owners use technology to track shoppers by signals from their cell phones. Online advertisers and data brokers watch as you browse the web and collect your browsing history. Retailers use digital signs, which are disguised facial recognition scanners, to track your passage through the store for later marketing use. Technologies, like facial recognition software, are even being made available for personal use. For example, Facebook’s tagging feature uses this technology.

One type of data being widely collected is biometric information. Biometrics are unique data markers that identify using intrinsic physical or behavioral characteristics. Physical characteristics can include fingerprints, face prints (facial recognition-ready photographs), iris scans, palm prints, voice prints, wrist veins, hand geometry, a person’s gait, and DNA. Behavioral biometrics include non-biological or non -physiological features such as distinctive and unique mannerisms (signature or keystroke patterns, habitual behaviors.) While fingerprints have been collected for generations, technology now allows the real-time capture of many more forms of biometric information, and advances in digital storage technology enables the permanent storage of massive amounts of extraordinarily detailed data.

Data collection is now easily accomplished and does not necessarily require your cooperation or awareness. Governmental agencies, particularly those involved with public safety, are major collectors of data. The United States government operates some of the largest biometric identification systems in the world. The Department of Homeland Security (DHS) maintains an automated biometric identification system (IDENT) that has a database of more than 126 million records and conducts about 250,000 biometric transactions per day averaging 10 seconds or less per transaction. The DHS Biometric Optical Surveillance System (BOSS) can perform real-time facial recognition and also capture your iris data from 10 meters away… while you are in motion. It was reported in 2011 that the measured error rate in face recognition has dropped by half every two years.

As biometric technology has expanded, so has the ability to store and communicate such data. Stored data may be shared by local, regional, statewide or federal databases or by private companies under contract with a local law enforcement agency. Most local and national law enforcement agencies are working to make the communication between their various databases seamless and responses to queries rapid and accurate. The ability to integrate and store information from many different databases has dramatically increased the value of biometric data and the risks associated with collecting and maintaining it.

The aggregation of data from multiple sources can pose a privacy threat. There is the risk of theft of biometric information, which could facilitate criminal access to bank accounts and credit cards, allowing the possibility of other criminal activities. There is a risk of data creep, where information voluntarily provided to one recipient may be transferred without permission to another recipient, then linked with other data or applied to a new and unauthorized purpose. At the same time, the unregulated scope of data collection, sharing, linking and storing could invite misuse.

Another medium for data collection that could have far reaching privacy implications is the use of “unmanned air vehicles” or “drones.” Previously used extensively only in military applications, the Federal Aviation Administration (FAA) predicts there will be 10,000 commercial drones by 2017. The FAA has until September 2015 to create rules about how drones can operate in U.S. airspace and is currently working with several industries to expedite some limited commercial operations. Google has applied to the Department of Transportation to test its planned U.S. delivery service Prime Air.

There are many legitimate and exciting uses for commercial drones, like emergency response and recovery efforts; mapping and survey applications; television and motion picture industry uses, such as sporting events (i.e., birds’ eye view of football game) or special effect shots; agricultural applications; journalistic uses [“journo-drones”]; and “ambulance” drones.

But in the area of privacy related to searches or surveillance, drones are a part of a technology system that acquires evidence that formerly required a trespass. Drones may be equipped with the following types of technologies: high-resolution digital camera, optically or acoustical enhanced imaging; imaging radar [i.e., see thru smoke, haze and other opaque media] or sensors [data re: weather, temperature, radiation or other environmental information). A “perch-and-stare” drone can conduct long-term covert, warrantless surveillance of a suspect.

The use of drones raises myriad ethical and legal issues and presents a situation where the analysis and resolution of those issues lags far behind the technology. The military usage of drones is already well established, and the expansion into the civil society is ready to explode. Private parties and corporations are seeking permission to utilize drones before the FAA has even finished developing the regulations that will control their use. Sophisticated drones have the capacity for machine recognition of faces, behaviors, and the monitoring of individual conversations. The images and data collected by drones raise serious questions regarding privacy, data storage and personal liberty.

Both penal and civil laws need to keep pace with these advances. The FAA is creating the administrative regulations and guidelines that will theoretically control the introduction of drones into civil society. Legislation designed to regulate the use of drones has been introduced in the U.S. Congress and in several states. Federal and state law enforcement agencies will have the dual, and potentially conflicting, desire to utilize drones and simultaneously recognize and protect the privacy rights of citizens.

Privacy advocates have raised the alert and the legal community needs to anticipate and prepare for how to protect against the excesses and abuses that could arise from the widespread use of drones. Although the specifics of the incidents cannot be predicted, it is certain that the surveillance abilities of drones will be utilized for industrial espionage and the theft of corporate secrets. Smart counsel should be preparing to advise their clients how to protect and defend against the “coming of the drones.”

Candace Cooper, Inside Counsel

Discrimination based on genetics could soon be illegal in Canada

Even a decade ago, the idea of genetic discrimination sounded like science fiction. Today, it’s a reality Canadian law could soon address.

It is increasingly easy to have your personal genome sequenced and analyzed for genetic markers. There are now relatively simple tests that can determine if an individual is likely to develop Alzheimer’s, certain kinds of cancer,  or inherited conditions like sickle cell anemia or cystic fibrosis. That kind of information could be very powerful in the hands of the right person, or the wrong person.

That’s why Canada’s senate is studying a bill that would make it illegal to discriminate on someone based on their genetic information.

Denying someone disability insurance because they have a genetic marker for Parkinson’s disease? Illegal. Denying someone health insurance because they have a genetic marker for a rare heart condition? Illegal. Or at least that’s how it ought to be, the bill argues.

The bill would also make it illegal to force someone to undergo a genetic test, or submit the results of a genetic test, before entering into any kind of contract. It would do all of this with amendments to the Labour Code and the Human Rights Act.

“I’m hopeful that it will receive all-party support,” Liberal Senator James Cowan told the Huffington Post. “I don’t see it at all as a partisan issue.”

Cowan is the man who put forward the bill in the hopes of ensuring that basic human rights aren’t trampeled just because some people now have a glimpse of their potential future.

As Canada.com explored in our video project earlier this week, the amount of information modern genetic tests can yeild, at a relatively low cost, is surprisingly high.

For $200, anyone can have their genome sequenced and tested for dozens of known markers. The company can even keep that information on file and provide more insight as we learn more about the human genome and what each sequence of DNA actually does.

In October, Canada’s Privacy Commissioner Daniel Therrien, recognized that insurers have good reason to want this information when offering someone coverage.

“The [insurance] industry believes it needs access to all existing genetic test results to ensure a level playing field in terms of knowledge between both parties of a good faith contract,” he said. “Bill S-201 recognizes the overriding societal benefits of protecting applicants’ right to privacy and of providing all persons with insurance coverage regardless of their genetic heritage.”

The bill has been before the Standing Senate Committee on Human Rights since early this summer, after it passed second reading in the Senate. It still needs to go through the House of Commons.

William Wolf-Wylie, Canada.com

Government storing baby blood data raises privacy concerns

The Nafkes of Apex have two healthy daughters, and their girls are among the millions of children already screened.

Both of their results came back perfectly normal.

But it’s what the government is doing with your child’s DNA after the children are screened for diseases that is raising ethical concerns.

“I thought they were using it to check to see if she had any newborn illnesses that can be detected through this blood test,” said Melissa Nafke, a mother of two in Apex.

Government officials are doing just that – but that’s just the beginning.

“It was sold as we are going to screen for diseases, and that’s it,” said their father, Adam Nafke. “I have no idea about the big government database where all of this goes.”

The Nafkes had no idea that DNA left over from their daughter’s newborn screening tests, called dried blood spots, are stored in a government facility for up to five years in North Carolina.

“The fact that they take these without consent really bugs me, that it’s opt out,” said Adam Nafke.

But his wife, Melissa, said, “As long as they’re used for good reasons I’m not concerned.”

Clearly the Nafkes disagrees on this issue.

But these concerns are why DHHS officials want to set the record straight.

Asked what the government plans to do with the data, Scott Zimmerman, director of the N.C. State Public Health Lab, said,

“So if an outside agency such as an academic institution approaches us and asks for dried blood spots, there are two approaches that can be taken. One, we can get parental consent to release that dried blood sample to an outside entity. We will not release any DBS that contains patient information without parental consent.”

Zimmerman added, “The only other way DBS are released is if they are de-identified.”

Over the years, DHHS has released these dried blood spots to the University of North Carolina, for example. And the argument both institutions are making is that these spots are necessary for research.

Dr. Margaret Gulley, a pathologist at UNC, said being able to use the dried blood spots “is a huge advantage” in clinical research.

Gulley hopes parents will not worry about the security of their child’s DNA.

“We do take very seriously the opportunity to keep the information secure, especially when it has to do with health information,” Gulley said.

And Zimmerman insisted “no dried blood spots are released without parental consent.”

In one building, millions of dried blood spots are stored. And although the state right now is only using these dried blood spots for clinical advancements, some parents are worried that could all change in the future.

Adam Nafke said it concerns him that such a vast database could one day be used for “nefarious purposes that violate our rights.”

But Melissa Nafke said, “If they want to 20 years down the road follow and track those children and find out what their outcomes were, I think that’s potential for a lot of research and a lot of amazing discovery.”

“Any large government database that holds personal information concerns me – especially with everything that’s happening with the [National Security Agency],” Adam Nafke said.

So regardless of your position, the government still owns your child’s DNA. How they plan on using it – especially if it changes and evolves outside the realm of research in the future – remains to be seen.

But state officials say North Carolina has never sold this information to outside agencies for profit. Right now they are de-identified and released for research purposes, without needing your consent.

Eileen Park, WNCN

Genetic discrimination impacts cancer patients in Canada without insurance coverage

This year 67 women will be diagnosed with breast cancer every day — 14 of those women will die every day, according the latest statistics from the Breast Cancer Society of Canada.

It’s a harsh reality for so many women in Canada and Teresa Quick is a prime example of that statistic.

The Toronto woman lives with the fear of getting cancer one day.

Both Teresa’s mother, who was diagnosed with breast cancer when she was 34 and then ovarian cancer at the age of 51, and grandmother died from cancer.

With a history of cancer in her family, Teresa opted to get genetic testing, specifically for the BRCA 1 gene mutation also known as the cancer gene.

When she was 27, Teresa tested positive for the mutation.

The result meant she has a very good chance of getting breast cancer or ovarian cancer in her lifetime.

To help reduce her chances significantly, Teresa opted to have a preventative double mastectomy.

Teresa is still at risk of getting cancer, but her chances are much lower.

However her story does not end there.

Teresa bought a condo and got a mortgage 5 years ago and to provide herself with extra protection in case she got sick, she applied for critical illness insurance that would help cover her mortgage in the event she fell ill and would require to take time off of work for treatment.

Teresa’s application was denied because of her family history with cancer.

Teresa’s case represents the situation many women with cancer and the BRCA gene mutation face when it comes to acquiring private insurance.

If the applicant has a family history of certain cancers or mutations like the BRCA gene, there is high chance they will not get insurance.

Allison Hazell, a genetic counsellor with Medcam, says this not uncommon.

“When someone is perfectly healthy but there is a known specific hereditary mutation in the family that causes a specific disease they are eligible to do testing for that known mutation. And if they test positive for that mutation or they do carry that mutation, there is a risk that an insurance company might say even though you are perfectly healthy right now, we are going to deny you insurance based on the fact that you carry that particular mutation,” Hazell told Global News.

In Teresa’s case, although she did have preventative surgery done, because of her family’s medical history, she was denied coverage.

“”If I were to get sick and I was unable to work and I was trying to get treatment I would have a very large expense. Mortgage is my biggest expense,” Teresa said.

Her mother was tested positive for the BRCA gene, but for fear that her daughters would face discrimination, she kept the results sealed.

“My mother had her test results sealed for this exact reason. She did not want my sister or I knowing whether we were BRCA positive or negative based on her results because it would be used against us,” Teresa recalled.

Global News contacted the insurance company that denied Teresa’s application.

Due to privacy reasons, they could not comment on her specific case.

They did however send us this statement on their policy regarding insurance coverage approval:

“TD Insurance offers critical illness insurance on credit products, designed to benefit customers in the event they suffer a critical illness such as stroke, heart attack or cancer … generally when coverage is not offered it’s due to the existence of underlying medical conditions or risk factors. As a general rule, TD Insurance looks at the existence of underlying medical conditions or risk factors before extending coverage, by asking our clients to fill a questionnaire.”

Now Teresa was given accidental insurance coverage, so if  she were to get into a fatal accident, her mortgage would be covered.

However, for Teresa’s peace of mind, the critical illness insurance is what she really needs in order to ensure she will have money to cover her mortgage payments if she were to get sick and require treatment.

In 2008, the United States passed a ban on genetic discrimination by insurance companies.

In Canada, the issue still remain up for debate.

There is a bill, however, on the table that will actually ban insurance companies in Canada from basing their coverage on genetic testing.

That bill is expected to be brought before Parliament once again, in the coming weeks.

Angie Seth, Global News

Should life insurance firms have access to your genetic test results?

So, you’re thinking you might like to check out one of those inexpensive new tests that would give you some insight into, say, the health implications of your ethnic heritage. It may, incidentally, turn up findings you may or may not want — say, on your Alzheimer’s disease risk, or your risk of developing lung, breast or skin cancer.

And let’s say in the next year or two that when you apply for life insurance (or long-term care or disability insurance), the insurance company demands to know whether you’ve had any genetic testing done, and if so, wants to see it. Or requires some genetic testing done as a condition of providing coverage.

Didn’t see that coming, did you?

The insurance companies have — and, fortunately for us, so has a group of bioethicists from Columbia University, who in a commentary in this week’s Journal of the American Medical Assn. pondered the not-at-all distant future in which insurers will seek access to applicants’ genetic test findings before making their underwriting decisions.

Now that it can cost as little as $1,000 to have a full-genome scan — and that more than 700,000 Americans have done it — the future is now.

For some, violent criminality may be written in their genesScience NowFor some, violent criminality may be written in their genesSee all relatedí

Although the Genetic Information Nondiscrimination Act of 2008 bars the use of genetic information for health insurance coverage decisions, it does not do so when it comes to life insurance, disability insurance or long-term care insurance.

A few U.S. states have adopted some protections against such use by insurance companies, but most have none. Only Vermont outright bars its use by insurers. And some insurance companies have already started asking.

For starters, the authors of the commentary — Robert Klitzman, Paul S. Appelbaum and Wendy K. Chung, all of Columbia University’s Medical Center — acknowledge that having one’s genetic information scrutinized by an insurer opens an individual to being denied coverage — or offered coverage at inflated rates — for having acted in one’s own best health: Afterall, aside from a few untreatable or unpreventable genetic diseases that could be turned up, many of the genetic variants currently being found interact with other factors in the environment, and with behaviors.

Knowing what those risks are, an individual can take steps to lower her risk of developing whatever disease she carries an elevated risk for developing. And clearly, our society is not bettered if knowing — and acting on that knowledge — is discouraged.

The conundrum is that people who suspect they carry a genetic variant that could affect their life span or their ability to care for themselves are — at least now — the ones who are most likely to get genetic testing performed. Those whose fears of premature death or disability are confirmed will disproportionately apply for health or disability insurance.

If insurers are kept in the dark about applicants’ genetic risks, they respond to their increasingly sick pool of claimants by hiking their premiums to everybody. Insurance for people of average risk (or at least for people who don’t know of any outsized genetic vulnerabilities they may have) may be priced out of the market. And that’s not good either.

The commentators suggest there may be ways to thread this bioethical needle: Give all people access to a certain level of insurance without any requirement to ante up genetic information; to get layers of coverage beyond that minimum, insurance companies may require genetic information.

“Scholars, physicians and policymakers need to consider these rapidly evolving issues, or insurers will make decisions on their own,” the group wrote. And life and disability insurance companies should align their reading of genetic risk with scientific findings, and to make their assumptions transparent. As scientists deepen their understanding of the power of specific genetic variants, and of the interaction between genes and behavior, insurance companies will need to underwrite accordingly.

Either that, or insurers could be told, as they are in Vermont, that they’re not entitled to consumers’ genetic information, whatever it says.

Melissa Healy, La Times

States Should Secure Parental Consent Before Storing Newborn DNA

The U.S. Senate is preparing to vote on a bill that has a promising name but a frightening reality. The “Newborn Screening Saves Lives Reauthorization Act of 2014” (H.R. 1281) passed the House in late June and, if approved by the Senate and signed into law, would provide $99.5 million to state newborn screening programs and research initiatives.

A little-known danger of the bill is that it does not include parental consent requirements for state storage, use, analysis and sharing of newborn DNA and newborn genetic test results.

Most states conduct newborn screening on every newborn. Within 48 hours after birth, a few drops of blood from the baby’s heel are squeezed onto a special card, sent to a state lab and tested for up to 50 genetic disorders. While parents support newborn screening, most parents do not know it’s a state government program or that some states store and use the newborn’s blood spots (DNA) and test results without parental consent for purposes beyond newborn screening.

According to our research, nine states currently store all or some newborn DNA indefinitely; eight additional states store it for more than 20 years, and four states (California, Iowa, Massachusetts and Michigan) make newborn DNA available to researchers through a ‘virtual repository’ set up by the federal government, but only Michigan requires parental consent for research. Additionally, four states (California, Maine, Utah and Washington) claim newborn DNA as state government property.

Yet, studies show most parents do not support genetic research using newborn DNA without parental consent (See “Not Without My Permission,” – Beth A. Tarini, MD).

The federal government has acknowledged that DNA is identifiable and cannot be de-identified, stating, “none of these [research] statutes was written with an eye toward the advances that have come in genetic and information technologies that make complete de-identification of biospecimens impossible and re-identification of sensitive health data easier.” (Notice of Advance Rulemaking, Human Subjects Research Protections, Federal Register, July 26, 2011).

As the American Academy of Pediatrics reports, the storage and use of newborn DNA has generated much controversy, “primarily because of public concerns over the lack of parental knowledge and consent for these activities.” Further, “there is currently little guidance to aid new state policy development to address the concerns of program professionals, investigators, and the general public.” (“Retention and Research Use of Residual Newborn Screening Bloodspots,” Pediatrics, Dec. 23, 2012).

The ACLU also warns, “Proceeding with [research by states and third parties] is not only improper, but also risks undermining the public trust and goodwill upon which newborn screening programs depend.” (Letter to SACHDNC, May 14, 2010).

Despite these serious concerns, the bill now before the Senate expands and encourages research using newborn DNA and genetic test results without parental consent requirements. H.R. 1281 adds new federal responsibilities to the current Hunter Kelly Newborn Screening Research Program, which are possible only by using newborn DNA collected by state agencies.

Twila Brase, The Daily Caller

Judge denies U.S. request to block Honeywell wellness program

A U.S. district judge in Minneapolis is allowing Honeywell to begin penalizing workers who refuse to submit to biometric or medical tests. A federal agency had asked the judge to block the program.

The case will continue to move forward in the court.

The tests, required by Honeywell in a recent policy change, will measure blood pressure, cholesterol and glucose, as well as check for signs that an employee has been smoking. Employees who decline to take the tests could be fined up to $4,000 in surcharges and increased health costs. The U.S. Equal Employment Opportunity Commission (EEOC) had sued Honeywell over the policy last week. Attorneys for the agency argue that the testing program violates the Americans with Disabilities Act and the Genetic Information Nondiscrimination Act by penalizing employees who decline to take part.

U.S. District Judge Ann Montgomery denied the agency’s request for a temporary restraining order at a hearing Monday.

In a statement, a Honeywell spokesperson said company officials are pleased that the policy will continue in 2015.

“Honeywell wants its employees to be well informed about their health status not only because it promotes their well being, but also because we don’t believe it’s fair to the employees who do work to lead healthier lifestyles to subsidize the health care premiums for those who do not,” according to the company’s statement.

Staff at the Equal Employment Opportunities Commission didn’t immediately respond to a request for comment.

The case is the third similar lawsuit filed by the EEOC against companies in recent months. It could have broad implications for what companies can require of employees through wellness plans.

Jon Collins, MPR News

New DNA analysis could provide complete description of a suspect

When DNA evidence began appearing in U.S. courtrooms in the late 1980s, it was heralded as the greatest leap forward in criminal investigation since fingerprinting. In the following decades, its analysis has helped identify and incarcerate the guilty as well as exonerate and free the innocent.

Now, the next generation of DNA analysis, which researchers say can reveal a level of detail far beyond what currently is used in criminal investigation, is awaiting its first courtroom test in Massachusetts.

Prosecutors there plan to prove in court that a pair of abductions and rapes were committed by the defendant and not by his identical twin brother. The DNA shared by identical twins was one of the problems of earlier testing, which was not nuanced enough to point out differences between twins that scientists say exist.

“The forensic application of this testing is new, and to the best of our knowledge, our case will be the first prosecution to use it,” Suffolk County District Attorney Daniel F. Connelly said in September, when he announced charges against the man. “The scientific foundation, on the other hand, is well-understood and widely accepted.”

Scientists at Battelle are among those watching the Massachusetts case, which involves what is known as “next-generation DNA sequencing.”

“In my opinion, next-generation sequencing is the most-significant breakthrough for forensic DNA science in the last 25 years,” said Richard Guerrieri, who is a research leader in Battelle’s applied-genomics business group and the former chief of the FBI Laboratory’s nuclear DNA casework and database units.

“That twins case in Boston, we think might be the game changer,” said Michael L. Dickens, the general manager of Battelle’s applied-genomics program.If the DNA evidence game is indeed changing, Battelle researchers said they have spent years jockeying for great field position. The research center recently won an $825,000 National Institute of Justice grant that will fund a 19-month study. Researchers at Battelle, who are leading the project, selected seven forensic laboratories across the country at which they will measure the effectiveness of next-generation DNA-sequencing technology in criminal cases.

DNA, or deoxyribonucleic acid, is a molecule that provides the genetic instructions or blueprints that make us who we are. The information is stored as a code of the chemical bases adenine, guanine, cytosine, and thymine. The bases pair off in DNA’s ladderlike double helix — A with T and C with G.

“DNA really is a four-letter alphabet in a sense,” Guerrieri said. But from those four letters comes stunning variety. A complete blueprint of human DNA, called a genome, consists of about 3 billion bases. It is the arrangement of those bases that matters.

Most DNA in people is identical and what makes a person a person instead of, say, a horse. But not all of it is the same. The National Human Genome Research Institute boils it down this way: “ For example, the sequence ATCGTT might instruct for blue eyes, while ATCGCT might instruct for brown.”

In crime fighting, scientists extract DNA from the cells of an unidentified victim or an unknown suspect. Hair, blood, semen and saliva all can provide the genetic material needed to generate a profile.

In the most-common procedure now used, analysts look at specific locations in the DNA for information that repeats. The size of those repeated sequences varies depending on the person. Taken together, they can be used to create a profile that can be entered into and compared to DNA profiles in law-enforcement databases such as the FBI’s Combined DNA Index System, or CODIS.

CODIS now references 13 such locations to compare within DNA. DNA from a crime scene that matches the DNA profile of a suspect at 12 of those locations, for example, has a greater likelihood of belonging to that suspect than one that matches at only two of those locations.

Researchers at Battelle said next-generation sequencing opens up a new world of insight.

“What we’re doing is gaining more information, much more information, than just the number of repeats,” Guerrieri said.

Using thousands of biomarkers, analysts now can be far more specific in trying to identify an unknown person. The person’s familial origin, eye color, hair color, even body type might be pinpointed, helping investigators eliminate other potential suspects when none of their DNA is in any law-enforcement database.

The upcoming study will assess the ability of laboratory instruments, procedures and software to analyze the data, including the performance of Battelle-designed software that uses DNA biomarkers to predict a person’s appearance, ancestry and other identifying traits.

Guerrieri predicts that next-generation sequencing will be accepted and more widely used in crime fighting within the next five years.

“A new era of forensic investigative genetics is about to happen,” he said.

Dickens envisions a time not too far in the future when, presented with only a person’s DNA, “I can tell exactly what you look like,” he said. “That’s our goal.”

Theodore Decker, Columbus Dispatch