Unregulated profile matching

Definition of a DNA database system

43.24 Part 1D of the Crimes Act defines a ‘DNA database system’ as a database (whether in computerised or other form and however described) containing the following indexes of DNA profiles: a crime scene index, a missing persons index, an unknown deceased persons index, a serious offenders index, a volunteers (unlimited purposes) index, a volunteers (limited purposes) index, a suspects index, and information that may be used to identify the person from whose forensic material each DNA profile was derived; and a statistical index; and any other index prescribed by the regulations.^[25]

43.25 To fall within the definition of a ‘DNA database system’, a DNA database must include all listed indexes of profiles. Any database that does not hold all of these indexes appears to fall outside the definition, and therefore outside the legislative framework.

Issues and problems

43.26 DP 66 noted that some DNA databases established for federal law enforcement purposes might fall outside the legislative definition of a DNA database system.^[26] If this is the case, these databases would not be subject to regulation under Part 1D of the Crimes Act, thereby undermining the procedures and safeguards established in this legislation.

43.27 For example, the DVI Database contains four indexes only—an unknown deceased persons index; a missing persons index (containing profiles obtained from missing persons’ personal items and blood relatives); a crime scene index; and a suspects index.^[27] As the database has only four of the specified indexes it technically falls outside the definition of a DNA database system. In addition, the AFP operates its own DNA database for criminal investigation purposes that also might not accord exactly with the definition of a DNA database system.

43.28 Further, while hard copy databases (for example, a manila folder or a ring binder) could come within the legislative definition, this would only be the case where the database holds the prescribed indexes, and separates the profiles into these indexes.

43.29 In its submission, the New South Wales Council for Civil Liberties also expressed concern about the historical establishment and maintenance of unofficial databases in that jurisdiction:

The NSW Police Force has a long history of holding forensic and other information in a variety of formats, databases and sub groupings. It is clear from other forensic information such as fingerprinting that this is rarely destroyed or removed from police databases, even when there is a requirement to do so … To our knowledge, police operate a myriad different paper databases containing information about criminal suspects … they continue to keep fingerprint information after it is required to be destroyed and removed from police information databases … It is our view that DNA profiles and databases will be manipulated in a similar manner.^[28]

43.30 Dr Jeremy Gans also raised concerns about the legislative definition in relation to the New South Wales forensic procedures legislation:

This definition is clumsily drafted and unnecessarily complex. As presently written, a database of DNA profiles that lacked just one of the listed indexes would fall outside of the definition (and, hence, regulation by Part 11) The definition should, at the very least, be modified to ensure that a database is covered if it contains any of the indexes in para (a). Better still, the definition should be framed independently of the individual indexes it contains, eg as a database (however described and formed) containing identifiable DNA profiles maintained for the purposes of criminal investigation and prosecution.^[29]

43.31 In its review of the New South Wales forensic procedures legislation, the New South Wales Legislative Council Standing Committee on Law and Justice suggested that the legislation could be clarified, either by prohibiting any database that does not fit the description of a DNA database system; or by redefining the term to include all databases, however formulated. The Committee recommended the former option, suggesting that this would prevent the proliferation of databases.^[30]

Submissions and consultations

43.32 DP 66 proposed that forensic procedures legislation should be amended to prohibit the establishment or maintenance of any DNA database that does not fit within the legislative definition of a DNA database system.^[31] Most of the submissions and consultations supported the proposal.^[32] Concerns particularly emphasised the need to eliminate unregulated profile matching. The Commonwealth Attorney-General’s Department commented that:

It is correct to say … that parallel systems with different regulatory frameworks and safeguards are contrary to the intention of creating an integrated national DNA database system. Community confidence in that system will be undermined if unregulated matching is allowed to occur, particularly where it involves profiles obtained from samples taken under legislation with few safeguards.^[33]

43.33 The Law Institute of Victoria supported the proposal, commenting that:

The resulting risk for unofficial and unregulated databases to be abused must be checked … The confusion which would inevitably result from multiple databases with non‑uniform administration is another reason to prohibit establishment and maintenance other than under s23YDAC.^[34]

43.34 Several police services expressed concern about the potential impact of the proposal on their existing DNA databases. For example, the Victoria Police submitted that:

This proposal may not have taken into account the need to have another database for local matching based on local legislation (or lack of) that is not consistent to Commonwealth law. It is assumed that this proposal only refers to DNA profiles to be compared on NCIDD but it is not clear. If it is suggested that jurisdictions cannot maintain their own local databases, then Victoria Police disagrees with the proposal.^[35]

43.35 The NSW Police Service opposed the proposal, commenting that it is imperative that laboratories have the ability to create and maintain databases such as: employees’ profiles, for reference in cases of suspected laboratory or crime scene contamination; databases created in the validation of new technology, and which are required to be maintained for the scrutiny of the wider scientific community; and databases relating to population genetics. They noted that the latter two databases would be expected to contain anonymised information.^[36]

43.36 Finally, the Queensland Government opposed the proposal, stating that it intends to retain the ability to operate its own DNA database and to operate outside the NCIDD system if required. This would enable Queensland to share information with the Northern Territory if the latter did not participate in the NCIDD system.^[37]

Inquiry’s views

43.37 The Inquiry now considers that the better approach would be to amend the legislative definition so as to include all DNA databases used in the law enforcement context. This approach more effectively addresses concerns about unregulated profile matching for several reasons. First, a DNA database system established for a particular purpose might not need all of the indexes specified in the legislative definition. For example, a database established only to identify victims of a mass disaster would not need a crime scenes, suspects, serious offenders, or a statistical index.^[38]

43.38 Second, there may be privacy advantages in establishing separate DNA databases for specialised purposes, such as disaster victim identification, rather than using the established NCIDD system. For example, as the DVI Database is separate to the NCIDD system, this removes the opportunity for matching profiles belonging to relatives of missing and deceased persons with profiles stored on the general crime scene index. While such matching currently is permitted under the Crimes Act, the physical separation between the DNA databases would provide an added deterrent to such activity.

43.39 Finally, the approach is more inclusive, ensuring that all law enforcement DNA databases—whether in computerised or hard copy form—would fall within the regulatory framework.

43.40 Therefore, the Inquiry recommends that the Commonwealth should amend the definition of a ‘DNA database system’ in the Crimes Act to mean ‘a database (however described and formed) containing identifiable DNA profiles maintained for law enforcement purposes’. The Inquiry emphasises, however, that it does not support a proliferation of DNA databases for law enforcement purposes.