We Asked Police Labs If They’d Use Sexual Assault Victims’ DNA To Implicate Them In Crimes. One Agency Wouldn’t Rule It Out.

“This attitude like somehow victims' DNA is fair game, it’s unacceptable.”

Earlier this week, San Francisco District Attorney Chesa Boudin made a shocking claim: that the city’s police lab had used DNA from a sexual assault survivor to implicate her in a crime years later — and he believed the practice could be widespread.

The use of victims’ genetic information to connect them to unrelated crimes was quickly condemned by officials in the Bay Area and elsewhere; a state lawmaker said he was considering legislation on the matter. And experts and victim advocates said the revelation raises serious concerns about how local authorities may be storing and using — or misusing — genetic information, and how that could keep future victims from coming forward.

“I hope there's another reason that her DNA was out there because if this is commonplace then that causes a whole whirlwind of problems with our forensic science system,” said Sara Katsanis, a research assistant professor at the Northwestern University Feinberg School of Medicine who studies the ethical, legal, and social implications of genetic information.

BuzzFeed News reached out to 20 law enforcement agencies in California that conduct forensic testing, as well as the state attorney general’s office, which provides DNA testing services for authorities in 46 counties at 10 laboratories across the state. As of Friday, all of the more than a dozen agencies that responded to questions, including in Los Angeles, Sacramento, and San Diego counties, say they absolutely do not use sexual assault survivors’ DNA to investigate crimes other than the cases for which their DNA is originally submitted. But a spokesperson for one agency added it seemed like a “creative approach” and wouldn’t rule it out.

“My takeaway is that just because you were once a sexual assault victim, it doesn’t give you the right to get involved in criminal activity,” Tony Botti, a spokesperson for the Fresno County sheriff, said in an email. “So the short answer is, no this is not something we routinely do, but if we needed to test a sample against someone we were focused on, as long as it is legal to do so, we would do it.”

Remarks like those are exactly why it’s important to draw an even clearer line that survivors’ DNA should never be used for anything but identifying and prosecuting their assaulters, said Camille Cooper, vice president of public policy at the Rape, Abuse & Incest National Network (RAINN).

“This attitude like somehow victims' DNA is fair game, it’s unacceptable,” Cooper said. “There are women that are particularly at high risk for being assaulted because they may have criminal histories, right. And that doesn't make them fair game … and it doesn't make it OK for law enforcement departments to gang up on them and misuse their DNA.”

On Monday, Boudin said his office learned that San Francisco’s crime lab has been inputting DNA collected from sexual assault victims into an internal database that’s used to identify suspects. The discovery was made, he said, after a prosecutor figured out that police apparently linked a woman to a recent property crime using evidence collected from a rape exam in 2016. Boudin and other city officials promptly denounced the practice as morally reprehensible and legally dubious, saying that police may have violated the woman’s constitutional rights.

Police Chief Bill Scott has pledged to investigate the lab’s practices, but said there’s a little more nuance to the case at hand. At a police commission meeting this week, Scott explained that the database used to connect the woman in this case was for “quality assurance” and that investigators also found a match in a criminal database to link her to the crime.

“We will reform what needs to be reformed,” he said, according to KTVU. “But there’s a lot more to this that needs public transparency.”

It’s not year clear how long San Francisco police have been employing the practice or how many survivors may have been implicated in crimes unrelated to their sexual assault using DNA they provided for the sole purpose of identifying their assailant. (The district attorney’s office has since dropped the charges against the woman in the case in question as it investigates the issue.) But while speaking to reporters about the discovery at a news conference Tuesday, Boudin said the city’s crime lab has been storing victims’ DNA from rape kits “as a matter of routine practice” and that it’s likely other crime labs in California — and possibly elsewhere in the US — have been doing the same thing.

“What we understand is that crime labs that collect and process DNA from survivors of sexual assault do not limit the use of that DNA to the sexual assault case. Instead, they built a database with it and that’s, as we’re told, not specific to San Francisco — it’s done all across the state,” Boudin said. “It's highly problematic wherever it happens, whether it's in San Diego or Sacramento, for the same reasons it's problematic here.”

But officials in those very jurisdictions he named, and others across the state, told BuzzFeed News that’s not how they operate.

“The short answer is no,” said Bruce Houlihan, director of Orange County’s crime lab. “We’ve never done that, never will.”

Houlihan said the lab follows the federal procedures for using the Combined DNA Index System (CODIS), a national database used to match genetic samples collected from crime scenes to those of people convicted of or, in some cases, simply arrested for crimes. Under CODIS rules, agencies cannot upload victim samples, which are collected to eliminate their genetic information from that of suspects, into state and national databases. However, local jurisdictions may operate their own separate databases for local use only, and such programs are not regulated by the state or the federal government.

Houlihan said the OC lab does not keep its own internal database (though he said the county’s district attorney does). In Alameda County, which is located east of San Francisco on the other side of the Bay Bridge, the sheriff’s crime lab does keep an internal database of suspect, victim, and lab employee genetic information to rule out cross-contamination, but the DNA profiles held there are never used “to affect investigations,” sheriff’s spokesperson Lt. Ray Kelly told BuzzFeed News.

“I’ve never heard of or ever did I see we use a DNA sample from a rape victim to then later use it to … make a case against a rape victim,” Kelly said. “I don’t even know how or why you would do that.”

Kelly said it would be “unethical” to use victims’ DNA in that way — and unnecessary — as he expressed dismay over the accusation by the San Francisco prosecutor.

“I don't appreciate it from our side of the bay because we don't do that stuff,” he said.

But just because other law enforcement officials say they’re not using sexual assault survivors’ DNA in the way described by Boudin, it doesn’t mean it’s not happening elsewhere, said Cooper, the vice president of public policy for RAINN.

“It’s sending shockwaves across the country, and I'm worried that there are going to be victims out there that are going to be afraid to seek medical care because of this,” she said.

The anti–sexual assault organization is already working with members of the US Senate to draft legislation to prohibit the practice Boudin described in San Francisco, Cooper said, adding that she wanted survivors to know that her group has their backs.

Boudin did not give a straight answer when asked whether the practice he described was legal, but said during Tuesday’s news conference he had “grave concerns” about it, citing federal protections against unreasonable searches and seizures and state laws outlining victims’ rights. Under the California Constitution, victims' property must be returned to them when it is no longer needed as evidence.

“Here, biological material, DNA evidence that belongs to sexual assault survivors that’s gathered from them in the most invasive manner any of us can even think of is being stored and used and not returned or destroyed in a database that we know goes back to at least 2016 if not longer,” Boudin said.

A spokesperson for the state attorney general’s office declined to comment on whether the practice purportedly used at the San Francisco lab breaks any state or federal laws, noting that the issue is being investigated by local authorities. San Francisco Supervisor Hillary Ronen said she has already asked the city attorney to draft legislation explicitly outlawing the use of sexual assault survivors’ DNA evidence for anything other than investigating their case. State Sen. Scott Wiener has also said he is exploring legislation to address the issue.

“Hopefully, in a few short months, there won't be any question about its legality,” Ronen said at the news conference.

Natalie Ram, a law professor at the University of Maryland who specializes in genetic privacy and law enforcement’s use of DNA, told BuzzFeed News there has not been much litigation around the legality of unregulated databases like San Francisco’s, but in her eyes it should be illegal due to “clearly demarcated limits” in state and federal statutes about what DNA can be used for law enforcement’s investigative use.

But, she added, it could be difficult for people facing charges to learn about the existence of these programs because it’s unlikely the DNA match from a rogue database would be presented during prosecution.

“What would be introduced in court is the crime scene sample from the crime for which they’re charged — not the crime in which they were a victim — and another new, clean DNA sample that is collected following arrest or arraignment,” Ram said. “It can often be very difficult for a criminal defendant to learn about the investigative strategy of how they came under suspicion and so these sorts of investigative techniques or tools can remain obscured.”

Boudin told reporters on Tuesday that the only reason his office learned about the crime lab’s storing of sexual assault survivors’ DNA was because of a line on one page of discovery that made a reference to a 2016 sexual assault examination.

“The litigation process in this case is what revealed this transgression,” he said. “That doesn’t always happen.”

Rachel Marshall, a spokesperson for Boudin, did not respond to BuzzFeed News’ questions about why the district attorney believed other crime labs in the state have also been holding on to sexual assault survivors’ DNA when those labs say that’s not the case. Instead, Marshall emailed links to articles about how other agencies across the country have kept and searched DNA evidence of victims and other innocent people.

When asked if Boudin misspoke about the scope of other California crime labs’ internal databases, Marshall said she was “not suggesting in any way that the DA misspoke.”

Sexual assault victim advocates and genetic experts told BuzzFeed News they have not heard of any other law enforcement agencies using survivors’ DNA to later incriminate them in unrelated crimes. They cited other examples of rogue databases that have been used to collect genetic information from people who aren’t even suspected of committing crimes.

Still, while they hope the practice reported in San Francisco is not widespread, advocates and experts said it shows that there needs to be more oversight of these unregulated databases to prevent the misuse of victims’ DNA.

“There’s plenty of other ways to solve crimes,” Katsanis said. “As we expand these unethical applications of DNA data, we build distrust with the population. And that undermines the value of the tool.”