This week we learned that San Francisco Police used a woman’s own DNA—collected years earlier as part of an investigation into her sexual assault—to charge her for an unrelated property crime. What’s worse—it appears the S.F. police routinely search victims’ DNA in criminal investigations.

This practice is possible because San Francisco has been storing DNA gathered from rape survivors in the same local database where it stores DNA from rape assailants and other suspects. The San Francisco District Attorney stated the database potentially includes thousands of victims’ DNA profiles, with entries over “many, many years.”

This is not the first time San Francisco has had problems with its DNA crime lab. In 2010, the SF Weekly reported the same lab concealed DNA mixups and lacked proper security practices to prevent contamination. And in 2015, a lab technician was found to have improperly analyzed DNA evidence in a murder trial, which caused the police to reexamine 1,400 criminal cases that were prosecuted in part based on that same technician’s DNA work. 

The San Francisco police chief asserted this week that the lab’s collection practices “have been legally vetted and conform with state and national forensic standards.” However, local DNA databases like San Francisco’s are not held to the same strict laws and regulations as state and federal-level DNA databases like the FBI’s CODIS database. This means that there is nothing to prevent local police and the DA from storing—and searching—DNA from nearly anyone who might interact with the criminal justice system. This includes crime victims, potential suspects who are never arrested or charged, people who have consented to have their DNA collected to rule themselves out as suspects, and even people whose DNA has been collected without their knowledge.

Even if police and prosecutors in San Francisco decide to limit the DNA included in the local crime lab database, this won’t affect similar “rogue” DNA databases in other parts of the country. In Orange County, California, the DA has a well-known “spit and acquit” program that offers to drop petty misdemeanor charges—like walking your dog off-leash—if people agree to provide a DNA sample for the local database. As of 2019, the Orange County database included DNA from 150,000 people who would not otherwise be required to give the state their DNA. In San Diego, police were stopping juveniles and only letting them leave after they “consented” to the collection of their DNA, even though California state law strictly regulates and limits the collection of DNA from kids. (This practice was later outlawed by California state law.). In New York, police collected DNA from 360 black men after a woman was beaten and strangled in Queens and later collected DNA from a 12 year old without his or his parents’ knowledge. None of this DNA can legally be entered into state or federal DNA databases—it can only be collected and then repeatedly searched—in local databases like San Francisco’s.

This case also highlights the problems with police failing to respect the scope of a person’s “consent,” and shows that, if police have access to data, they will find a way to search that data. Here, the rape survivor likely agreed to a medical exam where her own DNA would have been collected along with her assailant’s. However, it's hard to imagine a scenario where she would have consented to her DNA being stored indefinitely in a criminal database along with her assailant’s. And in fact, as the San Francisco DA and police chief have recognized, and any victims’ rights advocate can tell you, there are very good reasons to prevent that practice—the last thing we want to do is discourage crime victims from reporting because they are afraid they, themselves, will be charged with a crime. But, as the example above with the San Diego teens and as many, many other examples show, police regularly push the boundaries of “consent.” This comes up in cell phone searches, as Upturn discussed in a fantastic report last year, just as it does in DNA cases.

In San Francisco, the District Attorney has now recognized that the search of the rape survivor’s DNA was unconstitutional and dropped the charges. And at least one state senator has suggested introducing legislation to outlaw this practice. However, a law that merely addresses DNA collected from rape victims is not enough to prevent other improper and unconstitutional DNA searches in the future, both in San Francisco and throughout the country. Any legislation that’s introduced must also address the consent issues more broadly. And it should ban the warrantless collection of DNA without a person’s knowledge, as a new law in Maryland did last year.

It may also be time to go much further. New York introduced legislation that would do away with local DNA databases altogether. San Francisco’s latest problems with its DNA crime lab suggest municipalities shouldn’t be allowed to maintain these “rogue” databases at all. Our DNA—which can predict what we look like, who we’re related to, where we came from, and which diseases we’re likely to get—is far too sensitive to leave its access to the whims of law enforcement and prosecutors.