Sign up for our newsletters   

Baltimore City Paper home.
Print Email

Mobtown Beat


Legislative Audit Reveals Troubling Problems With Maryland State Police’s Handling of DNA Database

By Ralph Brave | Posted 7/28/2004

On June 28, the state Office of Legislative Audits released a blistering critique of the Department of State Police’s performance, including management of its forensic DNA database.

The audit report showed that, among other problems, state police were failing to collect required DNA samples from thousands of convicted felons and failing to enter those DNA samples that had been collected and analyzed into the department’s DNA database in a timely manner. These and other findings were widely reported by the local media after the audit was released, but three important aspects of the report went entirely unnoted.

The first, known as “Finding 28,” reveals that there has been no secure backup system in place for the state’s forensic DNA database, which contains nearly a decade’s worth of collection and analysis of the DNA “fingerprints” of nearly 20,000 convicted felons.

This means, according to the audit, that, should anything happen to the main computer system or hard drive on which the state keeps its forensic DNA files “critical data would be lost and the DSP [state police] would be unable to readily recover this data.”

Sources close to the legislative audit investigation have told City Paper, and state police have confirmed, that the backup system used by the department’s Forensic Sciences Division, which manages the DNA operations, was to download the DNA database onto a tape each evening. The tape of DNA files was then taken home by a department employee. The employee would bring the tape back to the lab the next morning.

State auditors pointed out that the state’s backup system made the sensitive DNA information vulnerable to unauthorized access and that, when the employee returned with the tape in the morning, there was no off-site backup system in place at all.

State police spokesman Maj. Greg Shipley confirms that the state police employed this practice to back up its DNA data, but he says it has been discontinued since the audit. Due to “security reasons,” the police declined to disclose the name or position of the staff member whose job it was to take the database home each evening. Sources close to the audit tell CP that the unnamed employee was an information-technology staff member, not a police officer.

The lack of a secure off-site backup system is contrary to the state’s Department of Budget and Management guidelines for Information Technology Disaster Recovery, which urges backup storage “in a secure, environmentally controlled location.” The FBI national DNA index system, in which the state participates, has Standards for Convicted Offender Labs that defines “secure” as a “locked space (for example, cabinet, vault or room) with access restricted to authorized personnel.”

The state auditor does not say that the state’s DNA evidence was ever compromised or disclosed to outsiders, but disclosure of forensic DNA is a criminal act under state law.

Mark Profili, director of the Baltimore Police Department’s Trace Evidence Analysis Unit, says the city keeps its backup forensic DNA data at a different police building than the one that holds the original files. Similarly, the state of Virginia transports its backup data from its Richmond lab to another state lab in Roanoke. Maryland state police officials say they have now also adopted a practice of keeping the backup files in a different facility than the originals.

“Unbelievable!” exclaims Barry Scheck when asked what he thinks of Maryland’s former method for handling its backup DNA database. Scheck is a nationally renowned forensic DNA expert, a commissioner on New York state’s Forensic Science Review Board, and the co-founder of the Innocence Project, which assists prisoners who say they were wrongly convicted in accessing DNA evidence that may help prove their innocence. “I’ve never heard of anything like it,” he says. “This contradicts the assurances given to civil libertarians every day about the security of DNA databases.”

Rockville-based defense attorney Stephen Mercer recently lost his challenge in court that the state’s DNA database law violated citizens’ Fourth Amendment rights, which protect against unreasonable search and seizure. He calls the state’s treatment of the DNA information “totally believable.”

“It’s what one would expect,” Mercer says, “once part of a person’s DNA code has been duplicated.”

But not all forensic experts believe people should be alarmed by Finding 28. Kevin McElfresh, general manager of the Bode Technology Group, which analyzes convicted offenders’ DNA samples for both Baltimore City and the state of Maryland, challenges critics’ concerns.

“It’s a red herring to say this is some big deal,” McElfresh asserts. “Even if the data gets out, nobody will be able to learn anything from it. All that DNA data and a buck will buy you is a cup of coffee.”

The state’s forensic DNA data is maintained without personal identifiers, the state police’s Shipley notes, backing up McElfresh’s point. Further, there is no other personal or clinical information attached to the DNA files, so it would be extremely difficult for anyone to make use of it. Essentially, Shipley and McElfresh say, the only information available in the DNA files is a series of numbers indicating how many repeating DNA sequences a particular sample contains.

Regardless, forensic experts say, privacy protection should be of utmost importance when dealing with DNA files. Paul Ferrara, chief of Virginia’s forensic lab, says that his state’s backup files contain not only the DNA profiles but also important information on the police lab’s computer-management systems.

“You’ve got to keep the backup data in a facility equally secure as the lab, not in the premises of an individual,” Ferrara says. “That’s an awful lot of responsibility to lay on an individual.”

One Maryland forensic expert, who requested anonymity, pointed out how simple it would be for the state’s police to have employed a safer backup system for its DNA files.

“You know where the state lab is located?” he asked, referring to the Pikesville site on Reisterstown Road. “State police headquarters is right across the street. All they had to do to keep their backup data secure was walk it across the street.”

In addition to Finding 28, another aspect of the legislative audit report that did not receive coverage in the local media was that there are an estimated 3,000 or more felons out of prison on parole or probation who have not yet had DNA samples taken for the state’s database. That is just an estimate because state police have not yet determined how many of the 10,000 individuals placed on parole or probation in the state during the period studied by the report (January through August 2003) were required by law to submit a DNA sample.

The audit report showed there is no efficient system for taking DNA samples from those convicted felons being released from jail and sent back out to the streets. Neither, the report states, is there a process in place for notifying those individuals who have already been released that they are required to give the state a DNA sample. Failure of a parolee or probationer to provide a DNA sample upon notice is considered a violation of parole or probation according to state law.

According to the legislative audit, there is also a backlog of 8,000 cold cases from Baltimore City and Prince George’s County on file that have unanalyzed crime scene DNA evidence.

The lack of DNA samples from the thousands of released felons and the unanalyzed cold-case evidence represent multiple lost opportunities to solve crimes—or even prevent them—through the identification and arrest of perpetrators who have left DNA evidence at the scene of a crime.

In written responses to the legislative audit, state police officials concur with the criticisms and say they are making efforts to address the problems. State police spokesman Shipley says the department is working on interagency agreements with the court systems and with prisons to help it collect DNA samples to add to the database. But he says funding has been an ongoing problem.

“We have a collection staff in our forensic sciences division, which at the moment consists of one person who does this full-time,” Shipley says. The department is also utilizing its 19 crime-scene technicians, when they’re available, to collect DNA samples from convicted offenders.

Superintendent of State Police Col. Thomas Hutchins was scheduled to address a state legislative committee July 27 on these and other issues brought up by the legislative audit.

“The state police either need to get more personnel to collect and enter the DNA data,” Baltimore’s Profili notes, “or else they need to change the way they are doing it. One way or another, they have to address these problems.”

Related stories

Mobtown Beat archives

More Stories

Biology Student to Hold Biohacking Meeting at CCBC (3/3/2010)

Illegalize It? (2/11/2009)
Scientists Oppose Legislation That Potentially Disrupts Medical Research

For Science (10/28/2008)

More from Ralph Brave

The Heat Is On (9/6/2006)
For Writer-Turned-Activist Mike Tidwell, Soon Is Too Late To Start Worrying About Global Warming

Three Feet Higher and Rising (7/12/2006)
Facing Global Warming In Maryland

Power Failure (4/5/2006)
Maryland Loses Control of its Energy Future

Comments powered by Disqus
CP on Facebook
CP on Twitter