Please log in.
Before you can vote, you need to register. Please log in or create an account.
Public: Law Enforcement: Identification
pkeydna   (+7, -4)  [vote for, against]
Public key DNA identification system

Use public key cryptography to digitally encrypt and sign digitised DNA fingerprints, which are held by law enforcement agencies (these could even be held in a completely public repository). DNA owners (the phenotypes) can sign known search queries with the private key, to permit themselves to be eliminated as suspects in serious crime cases, without compromising their privacy. Since owner is the only party in possesion of the private key, the DNA could not be used without the owner's explicit permission.
-- goldilox, Mar 28 2005

BBC DNA story http://news.bbc.co....onshire/4291215.stm
BBC DNA story [goldilox, Mar 29 2005]

Wiki Zero-Knowledge Proof http://en.wikipedia...ero-knowledge_proof
[contracts, Mar 30 2005]

Well, [yellow smoked salmon / aurous liquid oxygen], wouldn't this quickly just end up a rapid way to check people for outstanding warrants? I'd rather keep my cells to myself in the hopes that, if my brother is implicated, I also don't have to face the equally-simplified execution by shots-on-the-spot.
-- contracts, Mar 28 2005


The whole idea is that it can't be used like that. For example, a thief may have an interest in a mass murderer being caught, but is wary of assisting an investigation by submitting to DNA testing, because he knows that the DNA evidence may also be used in "fishing expeditions", and his crimes detected. With this system, he could agree for the DNA to be used only to prove a "no match" in the murder case.

This would also protect against DNA fingerprints being leaked by or stolen from law enforcement agencies.
-- goldilox, Mar 28 2005


I'm sorry, it just seems to me that this system would immediately lead to abuse - - at least in the United States.
-- contracts, Mar 28 2005


I think it would almost certainly lead to abuse, but at least the abuse would not be admissable in court. I don't think. Anyway, croissant for you, just for being interesting.
-- moomintroll, Mar 28 2005


Quite. A whole new set of options might open up for would-be snitches.
-- RayfordSteele, Mar 28 2005


Without the private key, the encrypted DNA fingerprint is completely useless. The DNA owner must cooperate for it to be used, on a per enquiry basis, and this is guaranteeed mathematically. The only potential abuse of this system, that I can see, would be for law enforcement agencies to steal the private key, or trick or coerce the owner into permitting its use. This could be mitigated by requiring the request to be filtered via a magistrate, whose office would digitally sign the request. Coercion and trickey can of course already be used to obtain unencrypted DNA samples. Stolen keys can be handled using something similar to existing public key certificate revocation.

See BBC DNA story link for an example of a situation where this could be useful. The police are requesting DNA samples to assist in tracking down a serial rapist. In this case, I would like to see the rapist apprehended, but there's no way that I would provide a DNA sample, because I would not trust that it would not be misused in future. However, I would happily provide an encrypted sample, and would digitally sign my permission for the single specific query that would eliminate me as a suspect.

And no, I am not a thief living in Northampton!
-- goldilox, Mar 29 2005


I bunned it, with a footnote to say that I don't see the need for all this security. I say everybodies dna should be on file so that the police can cross-check at any time. A thief left a hair at the scene of the crime? Look him up in the data-base and arrest him. I have nothing to fear because I do not do anything against the law and if I did I would deserve punishment accordingly. If you fear abuse, obviously you don't have faith in the government you yourself have elected, so you should deal with that problem first, restore your faith or overthrow the government.
-- zeno, Mar 29 2005


But what if your DNA somehow found itself in the hands of your unelected health insurance company, and they used the knowledge to adjust your premium, based on your genetic pre-disposition to a disease? With this system, it would be encrypted, and therefore unusable by them.
-- goldilox, Mar 29 2005


[golidlox], there would be laws against such a thing.
-- zeno, Mar 29 2005


Don't count on it. Insurance enjoys a high degree of laissez faire.

Besides, I think that the argument can be made that genetic predisposition risk is as valid a risk factor as any of the others that are commonly used against the insured.
-- bristolz, Mar 29 2005


Is it possible, that in the near future, DNA strands could be constructed at will?
In this case, the basic idea of linking people with crime scenes may become very difficult, since DNA samples could be planted.
-- Ling, Mar 30 2005


Yes, and it's quite possible to do that now, by planting lots of other people's DNA at a crime scene. But my idea's not about providing increased surveillance, it's about providing a mechanism where owners have control over how their DNA is used. At the moment, this is all or nothing - you provide a sample, and you don't know how it will be used in future, so the tendancy is towards a blanket "no", even in situations where it might be beneficial for the owner to provide a sample. I should probably have used a different example.
-- goldilox, Mar 30 2005


I'm not sure whether this will work as you wish.
Once the fingerprint has been de-crypted, how do you know it won't be distributed or copied before the file is closed again?
-- Ling, Mar 30 2005


This seems like an eminently sensible idea to me - allows detectives to narrow their search, serves to protect the innocent and still protects the privacy of the individual. Bun. Or do you get porridge?
-- wagster, Mar 30 2005


The file is never actually decrypted. Zero knowledge proofs are used to determine a match / none match. The private key is used to sign a query, which permits explicit tests to be made against the file.
-- goldilox, Mar 30 2005


Ok, now I'm with you.
-- Ling, Mar 30 2005


Would this require the destruction of all earlier, or alternate, DNA records in order to work?
-- bristolz, Mar 30 2005


Isn't a pkeydna some kind of one-celled organism that you look at under a microscope?
-- phundug, Mar 30 2005


I need some more help with the "zero knowledge proofs are used to determine a match" part of your answer to Ling's question.
-- jutta, Mar 30 2005


I can say with a provably high probability that zero knowledge proofs are used in cryptography schemes but, beyond that, I can offer nothing.
-- bristolz, Mar 30 2005


it's not clear that zero-knowledge proofs can be used to prove arbitrary matches without revealing the data being compared.
-- Random832, Mar 30 2005


Yes, the devil is in the detail, which I was trying to avoid, in the interests of clarity. For example, this system also requires a trusted laboratory to produce the encrypted DNA sample. I can post an expanded version with cryptographic protocols and references for the maths if there is sufficient interest. However, this will take me about half a day to write up, so it can't be immediate.
-- goldilox, Mar 30 2005



random, halfbakery