Italian DNA database: The devil is in the details

By EDRi · August 26, 2009

This article is also available in:
Deutsch: [Italienische DNA-Datenbank: der Teufel steckt im Detail |]

On 30 June 2009, the Italian Parliament finally passed Law No. 85 that
ratifies the Prum Convention and forms the legal ground for the creation of
an Italian National DNA Database (NDNAD).

Although this law might have benefited from UK and USA court experience in
the field of DNA forensics, the current text indicates that neither British
nor American case law have been taken into consideration. Furthermore, the
law is flawed by a foggy understanding of the technicalities behind DNA
profiling and sloppy wording that certainly will not facilitate the work of
lawyers, prosecutors or judges. Just to highlight a few of these
inconsistencies, it must be noted that art. 8 (Attivita` del laboratorio
centrale per la banca dati nazionale del DNA – Activity of NDNA Database
Central Laboratory) lacks any general provision that would oblige all the
responsible parties to adopt serious and adequate security measures against
unauthorized access, data tampering, and illegal handling of data and

Furthermore, art. 9 (Prelievo di campione biologico e tipizzazione del
profilo del DNA – Mandatory DNA Sample Collection and DNA Profile
Sequencing) states nothing about the need for a properly established chain
of custody. It is crucial that the collected sample be processed, both
technically and administratively, in such a way that it would be impossible
for a “planted” or “altered” sample to be used. This requirement was proven
vitally important in the OJ Simpson trial (held between 1994 and 1995 at the
Los Angeles Court in the USA) where the value of DNA evidence was
successfully challenged by the defendant due to law enforcement gaffes.

As if this wasn’t enough, nothing is said about the effect of an improperly
managed chain of custody on admissibility of the samples as evidence in
Court. This is an issue similar to the one raised in the computer forensics
field, where there is an vigorous ongoing debate about the
admissibility/reliability of digital (volatile) information presented in
Court without a documented and technically well-grounded chain of custody
(the relevance of this issue is enhanced by the recent finding that DNA
samples can be easily faked without expensive facilities.)

This same lack of perspective can be observed in art.10 (Profili del DNA
tipizzati da reperti biologici acquisiti nel corso di procedimenti penali –
DNA Profiles Sequenced from Biological Samples gathered during Criminal
Investigations). (Its impact on due process and the right of defense are
addressed in the analysis of art. 12). This section deals with sample
tracing and access to data. Law enforcement officers can access the NDNA
database without prior authorisation from the prosecutor or the judge that
is responsible for the investigation involving the sample or profile in
question (under Italian law, law enforcement bodies are under the direction
and control of the public prosecutor). Since the article is silent about the
matter, only future court decisions will determine whether prior
authorization is needed to access the NDNA database, thus leaving wide open
a window of several years in which “anything can happen”. It is worth
pointing out that there is no mention of defense and victim’s lawyers in
this provision, thus making it impossible for them to make reasonable
discovery demands.

The third provision in art.12 requires neither the positive identification
of the personnel accessing the NDNA database and material in the central
lab, nor the secure logging of access to and activity involving the profile
and sample.

Art.13 also raises concerns (Cancellazione dei dati e distruzione dei
campioni biologici – Data Erasire and Destruction of Biological Samples).
Provision 3 doesn’t clearly identify who is in charge of ordering the
destruction of samples and profiles. It would have been far more appropriate
(and easier) to say that samples, profiles and all of its related
information cannot be used during the trial. A judge in the preliminary
investigation, preliminary hearing or trial – depending on the stage of the
trial – orders the destruction of both profiles and samples from the NDNA
database, the central laboratory and any other place where this information
is stored (e.g. prosecutor’s docket, law enforcement investigator files,

Art.14 deals with punishment for a public officer that communicates or uses
data and information without authorization, or for purposes other than those
stipulated specifically in the law. Well, the punishment is incredibly
light: a jail term of between one and three years. This means that by
pleading guilty (up to 1/3 of a reduction in term) and obtaining a further
1/3 reduction for the “attenuanti generiche” (generic circumstances that
decrease the severity of the punishment), a defendant could face a final
jail term of less than six months that could be avoided by simply paying a
fine. Given the magnitude of the matter, one would expect to find harsh
punishments rather than the equivalent of a light slap on the hand.

Two final remarks:
The first one is about technology. The law says nothing about strategic
technological choices. Of course it is not to be expected that a law will
enter into the maze of ICT and molecular biology oddities. Naturally a
series of subordinate administrative acts will be adopted by the ministries
concerned. But what the law might have (and should have) laid down was the
inclusion of principles such as the use of non-proprietary file formats and
technologies (thus avoiding the technological “locked-in” syndrome that
allowed ICT multinationals to create a de facto monopoly since the cost of
converting huge quantities of information to a different format was so high
as to discourage the shift).

The second one concerns the “vicious loop” in assessing crime impact and
crime spreading. By excluding white collar crime profiles from the NDNAD,
the law can alter crime-related statistics. If all you can find in the NDNAD
are violent crimes committed by Africans or Balkan immigrants and
undocumented migrants (they will hardly be involved in stock exchange
frauds), prosecutors will find easier to investigate these crimes, with the
potential result being an injection of “hidden racism” into the justice

To put it briefly: crime statistics are based upon prosecutory
investigations and trials, but if prosecutory investigations are based upon
the NDNA database, the only crimes that will be scrutinized by politicians
will be those that fall into the NDNA database.

Italian NDNA database. The devil is in the details

Italian NDNA database. The devil is in the details

(Contribution by Andrea Monti – EDRi-member ALCEI -Italy)