Mónika Mercz: The Greatest Threat to National Security: DNA
We have previously discussed the dangers of at-home DNA testing on this platform, but a crucial aspect of the existence of DNA databases in the hands of foreign companies is the potential threat to national security of a state. In the constant fight between huge platforms and states, this phenomenon might just become a key player of the future.
Firstly, I would like to briefly call back to why these databases can create problems in the first place, and that can be summed up in a few words: the lack of privacy protection. With the emergence of DNA testing companies a new era came about, where everybody got curious and wished to know more about their ethnic background (heritage), their possible lost relatives and even their health status. Naturally, this culminated in both some unfortunate incidents and positive consequences (with people having their sensitive information, their very own DNA sold to pharmaceutical companies, and decade-old crimes being solved, respectively). The sad truth of all outcomes, however, is that from now on every individual that has chosen to participate in this trend and gave away their genetic material has become known to the owners of these databases. Another facet of this discourse is that the people whose DNA is in the hands of these companies did not only provide information about themselves, but their descendants, ancestors and many relatives as well. Anonymity cannot be fully achieved in an environment where the data can be reidentified so fast and can be interconnected with such ease as in this case. It is thus not without reason that the Hungarian National Authority for Data Protection and Freedom of Information has issued a statement about the possible negative consequences of handing out our DNA sample as they find the protection provided by the companies to be lacking.
But having seen many sides of this issue, we must take the next step and see the bigger picture: how do these existing huge databases relate to the national security of a state, which is explicitly considered an ‘essential state function’? What issues does it raise if individuals from around the world willingly give over their genetic material to privately owned companies? Considering the fact that the two biggest DNA testing companies, Ancestry and 23andMe are based in the US, I will look at the situation there as well as in the European Union, where the debate about essential state functions, especially with regard to national security is on-going, as will be presented below.
Before discussing any of the above-mentioned topics, we must define what national security is. Comprehensive national security should incorporate political, economic, environmental, and societal approaches along with its traditional military approach. National security is seen as a prevention of values and standards from the threat in the present and future, including human and non-human both and narrow policy options which can affect the quality of life for its nationals.
In the context of the EU, the Treaty on European Union Article 4(2) names national security as an essential state function of Member States, which means that it remains the sole responsibility of each Member State. There are many aspects of a nation’s security:
- a nation’s possession of control of its sovereignty and destiny,
- (un)used military capacity and the capabilities of the armed forces, and
- homeland security and the fight against terrorism.
Non-military ideas of national security also include political and economic security, energy and natural resources security, cybersecurity and many more. Cybersecurity in particular is interesting, seeing that with the emergence of new technologies, profiling, a digital dictatorship or other bleak futures are more of a possibility. This facet of national security refers to protection of the government’s and the peoples’ computer and data processing infrastructure and operating systems from harmful interference, whether from outside or inside the country.
Sadly, processing sensitive data is not in the hands of the countries in this respect. The US is quite different in its approach towards data protection and its importance when it comes to their security, seeing that within days of birth, nearly all infants born in America are compelled to give their DNA to the government (for mandatory disease screenings), which has been used by law enforcement before, the same way that privately owned companies – despite claiming in their data protection statements that they are not willing to cooperate – have given samples to police before. What the US decides to do with their own database is completely their right, but seeing what these companies (which are all-to-willing not to take data protection concerns seriously) are doing with the customers’ DNA samples, and who they are possibly selling it to is indeed a dangerous game.
National security can be interpreted as the preservation of the norms, rules, institutions and values of society, and has been described as the ability of a state to cater for the protection and defense of its citizenry. However, in all interpretations, the breach of data protection to such a degree can only be read as a threat and a concern which governments should take issue with.
This matter is especially urgent knowing that there are now AI technologies which are able to unlock custom-tailored, rare DNA sequences, and government officials and companies are even increasingly turning to technologies like DNA tracking, artificial intelligence and blockchains to try to trace raw materials from the source to the store. Researchers also found that it was possible to extract someone’s sensitive genetic markers and create fake profiles of individuals apparently related to a target by making a relatively small number of DNA comparisons.
These technological advances will soon become so momentous that they will reshape how DNA can be used. Because we are talking about future occurrences, we cannot be sure about how exactly misuses could happen, but we do have some ideas. Certain companies could share genetic information with others, not just for research purposes, but also to decide whether someone can be insured, what kind of healthcare or cosmetic procedures should be advertised for them, what kind of cultural influence should be inflicted upon them, they could very easily be controlled or discriminated against based on genetic background, and many more. The use of DNA combined with AI could be akin to a weapon never previously seen before. But what kind of response should countries give when faced with such a threat to national security?
The first thing to note is that this response could have more of an effect on the future of the EU and integration than we can foresee. On one hand, as presented above, national security is considered an essential state function, which is strongly related to the concept of stronger Member States, cooperation rather than full-on unity and the respect of sovereignty. On the other hand, the real practical question is whether a single Member State is strong enough to affect any change in the policy of these huge companies – and sadly, the answer is most likely no. This leads to a conflict of interests, where a national security question either becomes a part of global security or this facet of security becomes embedded into an EU policy. Currently there are fears related to misuse of DNA databases in many countries, but not much action has been taken in the matter.
With the US having a governmental database and most privately owned companies being based in the country, the issue’s severe nature turns towards other states. I have already mentioned how the EU has a dichotomy in how to even approach the situation because of the delicate nature of integration at the moment, but other areas of the world do not fare well with taking any action either. Experts now agree that direct-to-consumer DNA testing is a risk, and many choose not to use these services anymore, but the privacy concerns are ever-present.
Very few countries have adopted specific legislation relating to genetic testing, the ones having done so being Austria, Switzerland, Germany and Portugal, and increasing numbers of “genetic privacy” laws have been passed in the US in recent years as well. The UK has recently reported that due to the Human Genetics Commission responsible for providing the British government with expert advice giving their opinion on the matter, the UK now considers that it would not be desirable to ban tests bought over the Internet, simply because it would be impossible to police such a ban given the freedom of access to the Internet. I would personally agree that a ban could never be effective, only strict genetic privacy laws, great fines and a comprehensive framework of action by various countries could result in any change.
Because I think that these unpoliced, privately owned databases pontentially pose some of the biggest threats to the future national security of Member States, I would advise setting up new bodies in Member States, which would all help enact the specific countries’ legislation and decisions. These bodies could be operating under a bigger EU Board, which could enact change more effectively, hopefully minimizing the misuse of sensitive personal data and resulting in states being able to provide some form of protection for their citizens in this sense as well.
Mónika Mercz, JD, is specialized in English legal translation, Junior Researcher at the Public Law Center of Mathias Corvinus Collegium in Budapest while completing a PhD in Law and Political Sciences at the Károli Gáspár University of the Reformed Church in Budapest, Hungary. Mónika’s past and present research focuses on constitutional identity in EU Member States, with specific focus on essential state functions, data protection aspects of DNA testing, environment protection, children’s rights and Artificial Intelligence.
Email: mercz.monika@mcc.hu