 Good morning. My name is Jim Lewis. I work at CSIS. Thank you for coming to our event today. This is the second one of these we've had on DNA forensic sciences. The first one was almost as packed as this one. We have a busy schedule, so we want to go ahead and get started. One reason I wanted you to sit down is so I could see if we needed more chairs. So I see we're close. You have an agenda. What we're going to do is turn over the opening remarks to Ken Krupa, who's the Deputy Director of Defense Forensics, and then Ken will introduce Ben Riley and Paula, our two following speakers, our two keynote speakers. So with that, let's go ahead and get started. Jim, thank you very much. I appreciate you all coming here. It looks like a very good turnout. And then also the opportunity to really, I thought we'd put together a pretty good group of dynamic speakers here. Not only speakers, but two panels to talk about privacy and information security. Not only that, but the emerging technologies and how biometrics and forensics has really caught wind. And there's really doing great and wonderful things, not only for the Department of Defense, but also for the protection of homeland. So just a couple of things I wanted to, I know you have the agenda in front of you. I just want to note we're going to go through a couple keynote speakers. And then also we've got the coffee break at 9.30 to 9.45, give you an opportunity to mingle around and have some discussion with your peers and stuff. So what I understand we've got a lot to do, a short time to do it in, so I just want to get started if we could. So it's my pleasure to introduce the keynote speaker and highly renowned visionary within the U.S. Department of Defense, Mr. Ben Riley. So Mr. Riley, as you know, is the principal deputy for the Deputy Assistant Secretary of Defense for Rapid Fielding. And he really is responsible, he's focused on the policy and oversight of fielding these types of capabilities that counter unconventional and time sensitive threats. So he facilitates the rapid technology transition with the Department of Defense. They look at a very short turnaround time to get capabilities out to the field. And he does such just a great job of doing that, not only working with partners within DOD, but with our foreign partners and inter-agency partners, the academia and industry. So he does a great job of doing that. So, sir, thank you again for coming, taking time out, and the podium is all yours. Thanks, Ken. I'm Ben Riley, as Ken said. He gave me some prepared remarks, which I'll put aside. But one of the reasons we do these conferences is, and I'll go into a little more depth in a minute, in a bit here, but some, about 2004, we really started to look in the Department at biometrics, and then I would say subsequently forensics as a military capability that we could apply on a battlefield. The real genesis of it came about with the improvised explosive devices that I'm sure many of you are very familiar with. And at a point in our realization that we had, as we exploited these devices forensically with our partners from the FBI, and also now within DOD, that we had fingerprints on these. We also had individuals in detention, and we had taken fingerprints on these individuals. And I had a question, could we match the fingerprints off the latent IED, the latent IED prints to these guys we have in detention to see whether we have any matches, and at one point I had a senior guy tell me, we don't do that stuff, that's police work, we're soldiers, Marines, and the like. I remember a British military historian, Sir Michael Howard, saying the only thing harder than putting a new idea in the mind of a military man is taking the old one out. And so it was a challenge to start until we caught our first guy in late 2004, and it went from we don't do this to why don't we have more of this stuff, and it turned around. Somewhere in that period I was invited over to DHS to give a talk. They had some conference, international conference with about 60 attendees on biometrics, and I was the lunch guy to talk at lunch, and the talk went fine. And at the end of the talk, like any talk, there was, do you have any questions, and the first guy, hand went up and the first guy stood up and said, so how much information do you collect on the American citizens, and what do you do with it? And it was kind of for me, as though I were hitting the head with a 2x4, because it was a realization that if we did not get out in front of and discuss publicly the issues of privacy and civil liberties and the fact that we follow the law and the policies as we go through these development of this capability that we would very quickly be shut off. And so many of the things that our office does, both on an interagency basis and in coordination with militaries, ensuring that we operate within the confines and the boundaries of the law and within public policy and support the policies put forward within the government. And we've been assisted in that with other interagency partners, most notably the FBI again. But that kind of is how we got into it and why sessions like this were important to me. So we address these issues up front and not be accused of more or less putting these things under the bushel and under a basket and hiding them. By way of background, my office in OSD, as Ken said is focused on fielding what we call fieldable prototypes, rapid fielding of new capabilities, trying things out. Many of the programs we do are fairly small in size and scope. By DoD standard, certainly a couple hundred thousand here, a couple hundred thousand there. This particular program started with a $600,000 investment at MIT Lincoln Lab and Dr. Bernadette Johnson, who is today, I guess the Chief Technology Officer, came to me with, I have an idea. And so we tried this idea out and I sort of said to myself, yeah, right, we'll be able to do this, but in fact we've been quite successful. But there's a bit of risk in there, but a bit of capability. But by way of background, I was a Navy officer and charged with this and as we looked at the challenges first in Iraq and subsequently in Afghanistan, clearly there was a large degree of counter insurgency and elements of counterinsurgency in this. And as a Navy officer, I'm not ashamed to say I'm not ashamed of counterinsurgency. So to help myself out, I sat down in red as much as I could on the topic and read both the classics, which I'll quote you from in a second here and also read modern writers, John Noggle, Dave Kilcullen and others, and I have subsequently worked with a lot of these guys. And if you read these things, you find recurrent themes throughout them. In counterinsurgency campaigns the solutions are political, economic, social. Much of the work that our soldiers, Marines and others have to do is more like police work than it is that it is kind of standard combat. In fact, I have a somebody brought me a bag of toy soldiers, plastic toy soldiers like the little lead ones you used to get in. Some are red and some are green. And it says the bag says commies versus good old USA. And there's no ambiguity in those toys. There's either good guys and that in fact is the way we'd like combat to be. But we understand and we know quite clearly today that it's much more ambiguous and much more vague in both the nature of the threat and others. So we've invested in a variety of these areas and I read a lot of these things and these recurrent themes come forward. Now quote one from a French author, Colonel Roger Trinke, who was in the French military, he fought in Vietnam with the French. Then he fought in Algeria with the French. And his book is entitled Modern Warfare published in 1960. And in fact he says in Modern Warfare the enemy is far more difficult to identify. No physical frontier separates the two camps. The lines of demarcation between friend and foe passes through the very heart of the nation through the same village and sometimes divides the same family. It is a non-physical often ideological boundary which must however be expressly delineated if we want to reach the adversary and defeat him. And in fact later on he talks in a few pages later about an identity card which mapped a person to a specific region of the city that they used in Algeria. And so when folks first came to us talking about the ideas of biometrics it was Colonel Trinkier's words and approach that came back to me we had updated it from an identity card to fingerprints and modern processing had let us do that but that was kind of the background that I focused on. When we first started doing biometrics there was a thought the FBI collects fingerprints to a certain standard and many of the military folks we worked with said we don't need to do that same standard because we have a different objective in mind our objective is to catch bad guys and their objective is to arrest somebody and take that person to a court and court of law and you need rules of evidence and so on. But one of the outcomes of a successful counter-insurgency campaign is to establish the rule of law in a region and so more and more as we started this we don't need to do the same thing the FBI does we move to the point we need the same rules of evidence, we need the same chain of custody, we need many of the things that they have and even in Iraq Iraq was developing a court system and had judges and those judges wanted similar kind of evidence maybe in a different standard but we found within the military that we needed to establish those same kinds of protocols and procedures that the FBI had although on many occasions we might not be able to do it but nonetheless that should be our objective and so a couple of discussions today will focus on the capabilities that really in this particular kit that really get to that point and I think it's an important point to make forensic background forensics kind of trailed the application of DODs of our employment of biometrics and brought us to move beyond fingerprints to many of the other typical forensic capabilities that we're all familiar with and in fact proceeding this but today DOD has four different forensic labs one focused on cyber crime with the Air Force cyber forensics I should say and I'll let Ken or others go through them in more depth but one of our big partners in this project has been the Office of the Provost Marshall General in the Army and specifically the Army Crime Lab at Fort Gillon and my, down in Georgia and my visits down there it always seemed to me that a lot of their forensic applications although they do a fine job have been focused more on on typical criminal activities that one might see and not necessarily moving this forensic capability forward as a battlefield capability and so the introduction of this kit that you'll get briefed on plus forensic labs that we have deployed forward have enabled us to bring a lot of this typical very traditional forensic capability into the military battlefield environment now I think most of us know that forensic labs are pretty high end capabilities with very very talented people in them and that's a difficult thing for us to deploy also a very expensive thing and so it became one of the rationales behind what we're doing with this piece of equipment right here and Ken gave me some target goals here one of the goals is reducing cost and he says a current operator costs $350,000 a year a forensic scientist our goals $50,000 in other words you can take any moderately trained what 15 or 20 minute training period soldier given the training he can operate this piece of equipment we have a goal of a current sample cost about $600 our goal is to bring it down to $25 that's work in progress and the cost per kit is goal is what's this about $250,000 the goal is 25 the goal is 25,000 so I view what we have here in what we'll talk about today and this piece of equipment is kind of a rabbit if you will that I hope will stimulate the rest of the marketplace to chase this and do continual improvements in this area so while it's quite a remarkable piece of equipment it I think is only the start of what will be a significant technology development in the future just one final thing one of the things that we have been very focused on in this effort and we owe a lot of thanks to other partners who have helped fund this including people within the Department of Defense notably the joint IED Defeat Office or organization but the FBI Department of Homeland Security National Institute of Justice all who have put money in NIST who's helped in the standards and we owe a lot of thanks to those people who contributed a lot to the effort but one of the big things that constantly amazes me in the work we've done in the area of biometrics and I think in this forensic activity we'll move into the future is the amount of information sharing we've done with information John Boyd who's here our Director of Defense Biometrics cites a fact that in 2005 we shared one biometric file with the Department of Homeland Security notably US Visit today it's upwards of thousands per day and that only grows as we find with this kind of amorphous threat that Colonel Trinke talked about people who might have been involved actively say an IED activity overseas and now decide they want to come to this country either because they're tired of making IEDs or because they want to come here undercover and so can we use our information to help people like DHS State Department and others catch these guys or the FBI obviously before they get here and so this business of information sharing of the data we have is not only directed through presidential directives but also through just common sense I think so it's been an interesting course to watch this go from I have an idea to where we are today but I sort of hope and think it's only the start of a broader push to streamline this technology drive the cost down and obviously there will be significant implications not only within the DoD but across the various law enforcement communities who have helped support this so with that I'd like to turn it over to Paula Dr. Paula Pamani I know it Paula Dr. P who is working the program now since Bernadette moved up and Paula will give you a more detailed overview Wuna Thank you for the opportunity to speak to you today my name is Paula Pamianowski there's a bit of a handful but you get used to it quickly I'm from MIT Lincoln Laboratory and I'm currently serving as the principal investigator for the ANDI program ANDI standing for the Accelerated Nuclear DNA Equipment Program this is a rapid DNA analysis for human identification development effort which means I'm going to explain very simply as simply as possible it's not at all a simple process what we're doing when we analyze DNA and then use that to motivate you why we needed to go to rapid DNA analysis I'm going to explain why the government was interested in doing this capability actually you've already heard a fair amount from Mr. Riley so I can go a little more quickly in that regard but I'll explain about the rather unprecedented consortium that the government brought together to bring sufficient resources to this issue and then I'll explain a little bit about the current prototype that we have brought for you to see here today sitting in the back of the room and then turn it over to the panelists we're very interested in specific regions on the human DNA now to start one of the things that's a little alarming about ANDI is the name nuclear in the title the nuclear here really refers to the nucleus of a human cell and within the human cells you have your entire genome your double helix DNA molecule which is there what we do is we analyze a very small fraction of that DNA now we all know that we have genes within our DNA and that's what codes us for the things that make us our traits our physical traits our race our ethnicity our susceptibility to disease now these are things that we're very concerned with for the privacy of the individual we don't want to get information in that regard for the individual so we're interested in analyzing non-coding regions which is great about 95% of the DNA to work with in that regard but you need another characteristic these regions have to have variation between individuals you need to be able to discriminate between individuals as you analyze their DNA now over the last 10 to 20 years the science has developed and been adopted to look at what are called short tandem repeat markers now you see here a sequence of letters your DNA your nuclear DNA is made up of four different nucleotides these are just molecules that are strung together along your DNA and these short tandem repeats have the characteristics that they have well defined flanking regions you see them here in green and within them you see a particular sequence of letters in this case the sequence is G-A-T-A and for this example you see it repeats 12 times now what you do is you look at a population and you say well how often does somebody have a 12 in this particular case it occurs about 42% of the time so you already have a little bit of discrimination between you and someone who doesn't have a 12 but we inherit half of our DNA from our mothers half of our DNA from our fathers and things are paired our chromosomes are paired which means you inherit one copy one variant which we call an allele from your father and one copy from your father the frequency for each allele should be statistically independent at least to the largest extent and so those probabilities will multiply if you have a 12 from one parent and a 13 from another parent in this particular case you would be with 6% of the population now to gain further discrimination power we interrogate multiple DNA locations the standard has developed the FBI uses a standard set of 13 loci locations on the DNA that they interrogate now the probability of just randomly matching all of the alleles across 13 loci is about 1 in 5 trillion so you see we're already to the point where we're beyond the population of the planet and if you have a very good high yield DNA sample you get excellent discrimination power you can analyze these 13 in practice they use another three locations to look at one of them determines gender and there are two extra ones now the gender helps in the case of rape being able to deconvolve the samples and then also for forensic cases you might have a degraded sample having a couple of extra alleles helps with the discrimination power at the end of the day you really only looked at about three thousands of a percent of the person's DNA and again it's all non-coding there's no information about the person's physical or biophysical traits so why do we need to change things this has been in practice for many many years now and it's working quite well except in one regard it takes a very long time to do this process it's a very complicated wet biochemical process typically done by very highly trained technicians so just to walk you through a little bit why does it take so long well you see there's a suite of different pieces of equipment that need to be used samples need to be moved throughout the process in total it takes about 10 hours typically now the first step is you need to extract the DNA from the nucleus of the cell you need to purify it there's a step where they actually determine how much DNA is present in the sample you need to make sure that there's enough to move forward with the analysis this is very critical in the case of forensic sample processing then the regions of interest these STR markers need to be copied you need to get a lot of statistics you break them apart and make multiple copies and then finally you need to separate out the different fragments these pieces you're interested in and then detect how many repeats each one has at the end of the day well at the end of 10 hours you end up with a file that looks like this this is what the trained analyst can look at here you see all 16 locations separated out nicely there's two peaks at each location again one from each parent unless you get the same copy from each parent in which case you have one peak but it's taller on the lower left you see that this person is an XY that means he's a man contributing the sample now this isn't the information that you need to really identify the person you can now just report 32 numbers two numbers for each of the 16 loci so it's a very small bandwidth file that needs to be sent around matched to other information you might have in a database somewhere else and because it's very simply numbers it's very easy and unambiguous to do the matching so 10 hours just to do the biochemical processing but on the front end you first have to get the sample from wherever it was collected to the laboratory these centralized laboratories depending on where you're operating in the world this could take days even months to get the sample out on the back end you have to match your profile against a national database for instance the FBI's database or other databases that the DOD might hold and it's typical you can have processing backlogs in that regard that can be hours or even weeks if you're not a high priority analysis so the idea here is the operational community really needs to shorten this timeline you need to be able to get an answer out that matches the timeline of the operation in hand if you're holding someone you'd like to get an answer before you release them and they go to ground so the goal has been set to try to get the processing under an hour deploy it out to the field proliferate a lot of these systems have them used by easily trained operators and then make sure that you get the answer in the time window you need this was a tall order from where we are today and the government began various organizations within the government had begun funding the development of rapid DNA however no one organization had enough resources to bring to this problem the assistant secretary of defense for research and engineering who are your hosts today put together an unprecedented consortium that combined the department of defense department of justice department of homeland security efforts ultimately seven sponsoring organizations were brought together you see the list of them here a few of our sponsors here today like Tom Callahan from the FBI and Chris Miles who's one of your panelists from DHS science and technology directorate their goal was to develop a common core instrument no one would get exactly what they wanted everybody has different mission needs but the idea was this instrument would serve as the foundation for agency customization it was a long path to get this program stood up basically ASDR and E worked for about a year and a half with its technical advisory panel to set up this program Lincoln laboratory came on board as program integrator and system architect Lincoln laboratory is a federally funded research and development center we're independent we're not for profit and we have a charter with the department of defense to not compete with industry originally it was planned that Lincoln laboratory would build the equipment in house we are a research and development prototype house however we first conducted a survey to look at what commercial technologies were out there to see if we could leverage what was already out there the results of the survey came back with our recommendation that the government could accelerate the development of a rapid DNA capability by by submitting a subcontract industry and basically having the industry put their resources against it at this point the consortium was stood up all the stakeholders pulled their requirements together and a prioritized list of what could be gone after easily was put together and then their competitive request for proposal is issued for the hardware subcontract this was awarded to net bio who's here today with the prototype that they've since developed so the program kicked off back in October of 2009 and as it was called Andy again accelerated nuclear DNA equipment and the hardware goals was to get the processing down to one hour or under one hour but the samples that they were gonna process were a reference samples so basically you have the person in hand you take a swab typically of their cheek cells there's a lot of DNA there it's actually taken just by a cotton swab it was decided that it was a bridge too far to go immediately to forensic samples low yield maybe degraded samples samples that are left behind as people touch objects of interest so the idea was let's first go for the reference samples and then we could do a spiral development to start looking at forensic samples however to move towards forensic samples there was also a portion of the program that Lincoln laboratory undertook to look at how much DNA was left behind on objects of interest so that way we could set the requirements for this next stage of development now all of this has to be used by non-technical users in deployed facilities and so with that regard also you have to communicate back to the databases there's a secure data communications and processing piece that Lincoln laboratory also took on Tony Lapidulla who's one of your panelists led that effort so he'll be able to go into more detail then I'll give in this talk here now the goal was to have five prototype instruments delivered in 18 months so that's 18 months from October 2009 we're about a year behind on the development but we're doing really well at this point once the prototype was developed the idea was you now need to understand how well does it meet the operational goals of the various sponsors and then this will drive the next cycle of development to get a more capable, more advanced DNA analysis platform very simply in three steps here's what the instrument and the process looks like as I mentioned you swab the inside of somebody's cheek and then that swab is inserted into what's called a biochip set now these biochip sets are single use consumables they're designed to have to process five samples at one time so that's five different individuals you could get their DNA profile along with a ladder reference a little ladder reference on board what's very innovative about this is that all of the wet biochemistry is on board this biochip set it arrives packaged with all the reagents on board and they're stabilized by design to be good for at least three months at room temperature now this alone is a huge enabler for removing that highly trained technician from the step you unpackage them and you put the swabs and you're ready to go the biochip set is then inserted into the instrument and again you can see it in the back of the room it's about the size of a large microwave oven and that's because we were able to make use of a microfluidic approach basically no fluid is shared between the biochip set and the instrument which keeps the possibility of contaminating samples down but basically the instrument provides air pressure to drive the fluids through a very complex series of channels and gating to move through the process it also couples electrically electric field as well as with heating and cooling so it drives the process and it doesn't interact with the sample in any real physical way here's a picture of the biochip set from the top you see where the swabs are loaded into the top chamber the five different swabs you see the pneumatic interfaces labeled there's a clamping arm that comes down and couples with that pneumatic interface to drive the samples through and basically the biochip sets will fit into a shoebox it's about that size these different pieces of equipment really are on board on this biochip set this region here you see is where the DNA extraction and purification takes place the sample is then driven to the area labeled with pink where the STR markers are copied now one thing that it doesn't do at this point because again we're going after just reference samples it doesn't do the quantification so we don't know how much DNA is present but we don't need to because you have too much DNA you actually want a down sample the amount of DNA you have so if we move to a forensic capability that's going to have to be integrated into the system if you now look at the bottom and again this is a very sandwiched layering of different channels it's a very complex piece of equipment you see where the separation and detection occurs basically you now have these different fragments that you've made copies of that you pass them through an electric field which causes them to straighten out basically there's a sieving matrix that they pass through the short ones reach their first basically the long ones reach their last and ultimately they go in front of a laser interrogation system which counts allows you to count how many copies you have for each of the STRs so all that's done on the biochip set it really is easy to use I show a couple of pictures here of Lieutenant Colonel Scott Jackson he's a U.S. Army fellow at MIT Lincoln Laboratory he's an infantry man and with very minimal training we showed him how to load samples load the instrument and then look at the results it's very easy to use we've had a prototype instrument in house at MIT Lincoln Laboratory since the end of December we are now currently doing integration testing with it right now we have it with a prototype biochip set ultimately we're going to move to injection molded plastic for the biochip sets and hopefully we'll begin testing with that in April so that's our last gate before the sponsors can take acceptance of them if these new biochip sets work appropriately what we do see from our independent testing of the instrument is that it can produce STR profiles quality comparable to traditional laboratory equipment in 94 minutes and this is very good for the program the goal was set to an hour or under an hour however it was decided that quality was more important than timeliness because 94 minutes is still an incredibly short amount of time to do this processing so the quality is looking good now once you produce these profiles you need to be able to handle them securely and the architecture that was stood up looks as followed it has to be easy to use again by a non-technical user that's critical for adoptability by organizations it's also very important to understand who's using the equipment and what they're doing with it so the person has to log in so you know who the person is they need to have a smart card with their own personal identity verification information on board it's designed to basically digitally sign that information every time a change is made so you know who was interacting with a file and what they were doing the original copies of all the information are saved so if somebody tampers you can go back to the original file and you have that accountability and then finally the information is encrypted and decrypted at each step so the Andy instrument produces the file the laptop, tablet and we do all of the data analysis there there are two software packages that go with Andy again to make it easy to use I showed you an electrophereogram with peaks the idea is a non-technical user really shouldn't be looking at that all they should be doing is saying okay I generated a profile do I match to a suspect so there's a program called STR Match on board DOD needs us to be able to quickly look to see if someone they have say in a holding facility matches somebody on record maybe you have a local watch list that you're comparing against or to format things appropriately to send to a national database so the idea is again get this answer into the hands of the operator before you need to release that person and the other piece of interest primarily to the DHS is to look at whether family stated family relationships are indeed verified for immigration purposes to prevent fraudulent claims basically someone coming over an asylum seeker bringing over someone who is not in truth a family member the idea here is you want embassy personnel or other people working in immigration to be able to really look to see if this family relationship is verified now STR profiling as it's currently done really only allows you to look at parent-child relationships and to see if they're compatible there's no other capability for instance you can't tell if two siblings are related to each other just because of the way the statistics work right but by bringing this equipment forward to say an embassy to a refugee camp you can do it quickly you can really cut down on the amount of interviewing, paperwork all of the things that have to happen and ultimately shut down a potential path for illegal entry to the United States so what we have today is a prototype that we're currently integration testing as soon as that's completed and the instruments ready to go the five instruments will go to the different sponsoring agencies three of the instruments are slated to go to the Department of Defense one will go to the FBI one will go to the Department of Homeland Security and they're going to begin independently testing the instruments they're going to however make use of the tests going to be providing standardized samples for everybody and the goal is for everybody to share the information from the testing so that way you get even more statistics on how well it operates and what issues and concerns are the DOD then needs to think about operational validation they need to see if it can operate in operationally relevant environments some environments could be quite harsh you don't want to take it someplace and break it for instance and then again as Mr. Riley said this will be used for evidence in military operations so there has to be some level of validation testing to make sure that the quality of information coming out is compatible with that of traditional methods on the civilian law enforcement side there's a very stringent validation testing which could take a fairly long amount of time and making sure that the policy of using this particular device this particular capability in national law enforcement civilian law enforcement is appropriate so there's a long path before it really gets out into the real world to summarize the field deployable rapid DNA analysis consortium was stood up to develop this core capability for rapid accurate human identification and then we screw into the ANDI program we now have a fully functional prototype that has demonstrated fully automatic processing of samples in 94 minutes the quality is comparable to traditional laboratory equipment and it is easily operated by non-technical personnel after only a minimal amount of training the program is on path to delivering the five fully functional prototypes with injection molded consumables to the sponsoring agencies in April 2012 so that's coming very soon we're conducting a very extensive test suite to make sure that the performance of the instrument and its operational utility is sufficient prior to field deployment and then the system will undergo validation testing prior to evidentiary use that's all I have for you today thank you thank you Paula, Dr. Palmanoski okay so what I'd like to do is we're going to go on a brief break, I'd like to break now come back the schedule says 945 so I encourage you to go back we have the ANDI equipment on display there's a couple posters that kind of summarize some of the key events some of the privacy and the information sharing things so I'd encourage you all to take a peek at that and to interact so see you back at 945 well welcome back I know one of the important functions of events like this is to give people a chance to mingle and we'll have another one at the end of the panels we've got for you the two panels we have one on privacy issues one on the information sharing environment both crucial issues for this this is the second one of these events I think as I mentioned we've done for Ben and his team and the first one was really kind of neat that was when starting with some of the data they were getting off IEDs they found they were able to do matches between the people who built the bomb and then the people who were applying for entry to the US applying for jobs at US military facilities it was really kind of cool and when they said that to me I thought this is really going to be interesting and one of the things that you might not have seen a link to is that shortly after DOD began this years ago that was when many countries in the world suddenly decided it would be useful to fingerprint people when they came in for a visit that's when the European Union flopped on fingerprinting so there's real effects on the event and the use of this technology but there's real issues too and I think you can all think about them we're in a borderless kind of conflict to the extent there's people out there that we need to find some of the individuals we might be dealing with US citizens I know that's been one of the concerns all along that you will collect data and it will turn out to be a US person and that creates all sorts of issues we have this larger issue and it will come up in the second panel on information sharing too on just the ubiquity of data and what are the rules for the treatment of that data when it concerns individuals who are either US persons or non US persons so a lack set of issues surrounding a very valuable technology we have a great panel to talk about this I'll just read their names and titles their bios will be available on our website Jill Spriggs who is the chief of the Bureau of Forensic Science at the California Department of Justice Elizabeth Johnson who is the CODIS manager for the US Army Criminal Investigation Labs and I think CODIS stands for USA DNA Index System amazing and Samuel Jenkins who is the director for Privacy the Defense Privacy and Civil Liberties Office so tremendous panel to talk about this what I'm going to ask the panelists to do is talk for 5 or 10 minutes we'll hear their presentations and then we'll open it up for questions and discussion with the four so thanks I'm going to whip through mine it's a pleasure to be here I arrived late last night so forgive me I've been drinking coffee and cranberry juice trying to get sugar and caffeine up here just so you know a little bit about me I'm the chief over the Bureau of Forensic Services California Department of Justice I'm under the California Attorney General's office which our Attorney General is Kamala Harris I'm under the division of law enforcement Bureau of Forensic Services has over 400 employees about an $85 million budget we service 47 of the 58 counties in California so as the doctor was talking I was thinking in my head about how all our over 500 law enforcement agencies is going to use this rapid DNA system possibly when they're doing live scan we have 10 full service laboratories throughout the state we have latent print labs, tox labs Richmond is our big data banking laboratory we have our data bank there we also have casework I'm lucky enough I have a method development or research section which a lot of laboratories do not have as well as missing persons we have over 2 million offender arrestee profiles we upload about 20,000 samples per month and we have between 350 upwards to 600 hits per month I also have a teaching institute we're pretty spread out throughout California as you can see and one of the things I was asked to talk about was the policies the state of California has implemented that prevent unauthorized use of DNA you can find these in our California penal code this is where anyone any person normally uses any of these DNA types and discloses the profiles and shall be punished by imprisonment in a county jail not exceeding one year or by imprisonment in the state prison for 16 months or two or three years so you're going to have law enforcement agencies out there or possibly military putting in these samples and uploading them so you have to think about the privacy rights also anybody who uses it for financial gain have criminal fine up to three times of any financial gain received or $10,000 these are just some of our penal codes and then also the employee of the department of justice one other thing that I was sitting here thinking about was when I was a DNA analyst several years ago I did two DNA cases both were John Doe warrants one was solved, one still has not been solved I would want you to look up people versus Robinson that was the case that was my case and one of the things in that particular case was the person, the offender had a arrest on a juvenile and should not have been uploaded into the data bank but there's a provision in the code that says if you do it in good faith it's okay and that was upheld so that's going to be something that's important as you have law enforcement agencies or military looking at these wrap sheets a lot of time they can be very confusing when you're looking at them so you want to make sure that provision is in there okay how were those policies were used in the aid of the Grimm sleeper case our policy and procedures we developed this through our familial search committee as you probably heard the Grimm sleeper case it was an LAPD case it was solved July 7th 2010 came out in the Los Angeles Times it was very public display we have our now governor there Jerry Brown the mayor LAPD police chief and the LA County DA we were also in the Los Angeles Times it was a very busy week just so you know how this kind of came about this picture it's kind of funny we were all standing in front of it and he said hold it right there I'm going to take your picture so that's why we all have the numbers all over our face we also have another familial search that was solved too and this was a rape so you have the Grimm sleeper that was many many homicides are still finding more this was actually a rape case that was solved I'm going to talk a little bit about our policies our first bulletin came out April 24th 2008 and we actually started the first case in October 2008 our goal was to minimize privacy concerns because you have to remember that offender is not in there to find his family member so you always have to have that in the back of your mind and what this is it's just an investigative lead when we hand over that offender's name we do not search arrestee samples we do not search offender samples so the conditions of the policy must be met before DOJ will release the name of the convicted offender and the DNA database who may be a relative of the actual perpetrator and we took every precaution we could to do this we have three criteria it must be a violent crime so we don't do burglaries we don't do robberies all investigative leads have to be exhausted and it has to be a serious public safety risk case work conditions has to have an unsolved forensic evidence DNA profile and it has to be a single source meaning it's one person you have to have 15 loci so we want that because that gives us more markers to search and we also have to have the YSTR type which is your mail type our familial search committee just so you can see who it's made up of we have a familial search chair which is our case working technical lead Gary Sims myself my DNA assistant chief Eva Steinberger Ken Konzak who is our CODIS technical leader over that system Linton von Berlding who's our state administrator Matt Pucci who's also in our data bank we also have a deputy attorney general who advises us on certain issues and certain things Mike Chamberlain and then we also have a special agent in charge Karen Sherwood we meet approximately every month we just met Thursday to come up with our next five cases so what we've done is we've used scientifically based procedures we have over almost two million profiles in there we don't want to have a whole candidate pool of thousands and thousands of people so what we've done is based on the Y type and the 15 markers that are compared to the unknown crime scene we're searching for the rarity of the marker as the doctor said in one of those markers 42% of the population has that marker that's not a good marker that we would want to use so we want to use those ones our software looks at the rarity of those markers so I'm kind of going fast because I've only got five minutes so the request comes into the bureau chief it comes into me I look at the request I funnel it over to the Richmond laboratory if it's missing anything we're looking for it and when we meet as a committee we go over it we do look to see have investigative leads been exhausted have they done everything they can on the case before we accept the case we are pretty picky about the cases that we take so remember we don't search arrestees we only search offenders the first search was that actual grim sleeper case on October 27th 2008 we got our ranked 200 convicted and compared it to the Y of the crime scene sample no match in particular the grim sleeper case so but let's say on the next time we did it a year later just we always search everything every year we always send out a letter and ask for another letter to search in this particular case in the grim sleeper Lonnie Franklin's son had been put in the system in that year so we had a Y hit and it matches that Y against the unknown crime scene sample the committee meets we meet and we round table the hit we look at the date of birth we look at the race if we have anything that knows in our documents from the investigation the race we look at everything we go around the room and we vote are we going to hand that name over to our Bureau of Investigation to investigate and we go around the room yes yes at that point we handed over to our Bureau of Investigation they go and they actually do a family tree so in the grim sleeper case they looked at where did the Fender's father was he still living and was he in the area was he living in California at the time of all these crimes yes he was he ended up living two to three miles from each victims where they were dumped so we look at all of that comes back they write a report thick with a lot of documents that go with it they come back to the committee and we vote again whether or not to hand over that name to law enforcement and when we do we make it clear that it is only a lead our software looks at parent child sibling sibling that's usually the relationship that's going to come up with our software we also ask the detective to be there when the committee meets with the law enforcement agency to give them a lead also a DA representative and the crime lab director and we make it clear that it is an investigative lead we also make sure that it's very clear that the named convicted offender is not the source of the forensic unknown DNA profile we also talk about the results provide an indirect association based on potential genetic relationships rather than a direct match does not confirm that the named offender is biologically related to the source of the forensic unknown our computer software is best explained by parent child and sibling sibling relationships but other patrilineal relatives could exist such as uncles no match you get a letter from me saying there's no match but to send me another letter in a year and we will go ahead and research so one of the things when the grim sleeper first came out was the skeptics about invading the privacy of people and I think one of the things the ACLU's comments that was in the LA Times July 10th 2010 from our perspective if you're going to use familial DNA searching this is the kind of case you should use it for remember what we use it for it has to be a violent crime violent case public safety risk this is the kind of case you should use it for and the kind of precautions they took in this case and the kind that should be taken we took every caution there was and remember this is just an investigative lead this was our attorney general to time Jerry Brown now he's the governor this arrest proves proof positive that familial DNA searches must be a part of law enforcement's crime fighting arsenal although the adoption of this new state policy was unprecedented and controversial in certain cases is the only way to bring dangerous killer to justice so who pays for it we currently absorb it under the Bureau of Forensic Services we have bi-monthly meetings we choose the next five cases we currently don't have a backlog we chose the five cases and we're doing it we've completed 35 searches our new attorney general Kamala Harris is very supportive of this and so we're doing two searches now a month and that's my contact information should you need anything hope that was not too fast thank you Jullo was a little fast but if there are questions we'll have a chance to come back to them during the Q&A period with that let me turn to Elizabeth please good morning as was mentioned earlier CODIS is the combined DNA index system is the database of DNA records that's used to find matches between DNA profiles developed from crime scene evidence and DNA profiles from convicted offenders arrestees or other crime scenes the goal of finding these matches is to provide investigative leads to criminal investigators a DNA record in CODIS consists of a specimen identification number a laboratory identification number and the DNA profile itself represented as a string of numbers there is no personally identifying information or PII in CODIS there are no names no dates of birth no social security numbers there's no specific information about the crime from which the DNA profile was developed control of that information remains with the laboratory that owns the DNA record the CODIS program the Department of Defense complies with both the DNA Identification Act of 1994 and the Privacy Act of 1974 the DNA Act restricts disclosure of DNA samples and analyses only to A. criminal justice agencies for law enforcement identification B. in judicial proceedings C. for criminal defense purposes for the case in which the defendant is charged or D. if personally identifying information is removed for forensic identification research and protocol development when a DNA sample is taken from a military offender he or she is notified in writing of his or her right to expungement should the charge is not result in conviction or should the conviction be overturned also in compliance with the Privacy Act he or she is advised of why the information is being collected and the authority that allows that collection before the identity of a military offender is released a confirmation process is always applied the identity offender is verified through IAFIS the integrated automated fingerprint identification system the analysis of the samples repeated to verify that the profile involved in the match is indeed associated with that sample finally the qualification of the offender is verified obviously the Army crime lab can only control data that it enters into the database and not data entered by other laboratories this raises the concern of data quality from other laboratories when the DNA identification act of 1994 created CODIS it also created a process for the development of federal standards to ensure quality of data in CODIS all labs entering data into CODIS must comply with the quality assurance standards issued by the director of the FBI additionally labs that participate in the National DNA Index System or ENDIS must comply with the ENDIS operational procedures together the FBI quality assurance standards and the ENDIS operational procedures ensure the quality of the data in the national database and give us confidence that the information we receive and provide to military investigators is accurate and as we move towards rapid DNA as you saw earlier this morning that is our future we expect that these same measures will be incorporated into that process to continue to protect the privacy of our servicemen and women thank you thank you very much morning I'm Sam Jenkins I'm the director for privacy in the DOD's privacy and civil liberties office I've been in that role for 5 years and previously I was in health care privacy for a long time but in the course of my work one of the goals that we have in my office is to help users of information including DNA get to the point where we can say yes to them you can use, collect, maintain and store PII personally identifiable information including DNA for appropriate purposes within the department so we don't stand in front of people as an obstruction to their use of information we are focused on facilitating the ability of individuals to use information appropriately in the department and with any new technology for identifying individuals there are numerous privacy and civil liberties concerns that need to be analyzed and addressed these can range from the specifics of appropriate procedures involving the collection to more abstract theoretical implications of the use of particular information at the defense privacy and civil liberties office part of our job is to evaluate all collections of personally identifiable information and at a minimum we check to ensure compliance with applicable laws beginning with the Privacy Act of 1974 that is the core standard for our program the fact that it was published in 1974 does not suggest that it's not an up-to-date law there's a condition in the Privacy Act that requires that we establish administrative, technical and physical safeguards about information and by using those safeguards we can apply policies and procedures to the collection and use of information that ensure that we follow the laws of the country our reviews of these systems will often go beyond just that checklist of regulatory requirements our job is to ask if proposed collections meet constitutional muster in terms of their association with the privacy rights and the civil rights of individuals who we collect information about as well as the discussion of the ambiguous standards of social acceptance because as social media that takes its bigger and bigger footprint in the sharing of information across the country privacy, individuals privacy considerations are changing in the country so the social acceptance of how we use information is becoming important we perform these reviews on a myriad of systems collecting information from, ranging from HR data to medical information and to biometric information we're physically located on the same floor of a building where the defense biometrics office resides and we work very closely with them on a day-to-day basis we have to recognize that some PII is more sensitive than others in 1943 president Roosevelt signed an executive order that said we must use the social security number to identify individuals in federal record keeping in 1943 the consequence of the use of the SSN couldn't be forecasted in 2008 president Bush revised that executive order to take the word must out and add the word may and it opened the door for the federal government to officially start looking at alternatives to the use of social security numbers but if you look at the history of the social security numbers and all of the impact the numbers have had on people's financials their identities and other information thefts that have occurred about individuals you'll find that over the years those consequences increased a great deal we have to be careful as we collect and use DNA that we don't reach a similar circumstance with DNA now DNA can uniquely identify an individual but it can also identify familial relationships I'll give you an example of one that we were involved in a few years ago in 2005 the DNA fingerprint act allowed for the collection of DNA at the conviction of a person of a felony we in the DOD often times have people who are deserters they leave their posts for extended periods of time with the intent of not coming back we had such a person who was apprehended by the military and taken to a military activity up in Great Lakes, Illinois the law at the time the 2005 act of DNA fingerprint act at the time allowed us to collect the information at that point of the conviction of a felony and the court marshal of this fellow would have gone before would have resulted in a conviction of a felony so in anticipation of that conviction the law enforcement personnel took a DNA swab and ran it they ran it through the lab and they matched it to a familial match for a rape but we couldn't let that DNA sample and its result be used in subsequent law enforcement activities about that rape because it was collected prior to the conviction and the marine was never convicted under the court marshal as often happens in DOD military services they are discharged with a less than honorable discharge which is a lifelong penalty in and of itself but he was never officially convicted so the sample was collected inappropriately and should never have been run should never have been collected in the first place in 2007 the law was changed for the collection at the point of arrest for crimes that would result in a felony conviction and we've worked with Elizabeth Johnson and her group and others in the department to make sure that we are collecting that information appropriately and using it in appropriate settings including having instructions provided to individuals on how they might expunge their records if they're not convicted so significant concerns exist regarding DNA collections for law enforcement purposes concerns arise when DNA is collected at the point of arrest to begin with we have to ask what the individuals rights associated with that collection of their DNA at that point are and do they have rights and what we've done in the department to meet that challenge as I just mentioned is if an individual has a DNA sample taken at the point of arrest but is never taken to a trial and convicted of a felony or if the charges are dropped or they're released without charges we have to have a means of informing the individual that they have a right to request that their records be expunged of that DNA sample and we have done that by providing instructions that are included in the DNA sampling kit that are given to the individual at the point of collection in addition to the information that the Privacy Act requires that we provide them the authorities to the collection of the information at the point where we take the swab so we have worked very closely with groups throughout the department to ensure that we are meeting both our Privacy Act requirements and focusing on the rights of individuals in relationship to that collection there is a concern about the collection of information by law enforcement the state of New York has announced that it's going to collect information from all people convicted of crimes including misdemeanors and while New York argues that such a widespread collection will save lives one can help but wonder if such a low standard of DNA collection might infringe on an individual's rights after all collecting DNA from people ticketed for speeding would undoubtedly solve other crimes but it would also create a national database for drivers there needs to be clear and distinct policies and laws that define how a sample is used and when it is warranted for collection so that we protect the individuals that entrust us with their information and then while technology is not yet enabled instantaneous DNA collection the capability for that as we've seen today certainly exists and we're going to get to a point as technology advances in the future that we're going to shorten that 94 minutes down to something very much less than that so that kind of technology coupled with stops and checks you know the police stops and checks that they often do for drunk drivers and such screenings might create an invasion of an individual's privacy and might step on civil rights that the Constitution guarantees for individuals and so we have to be mindful as we collect information about the rights to privacy and the civil rights and civil liberties that are afforded to individuals by the Constitution so I'd like to thank the Centers for Strategic and International Studies for inviting me to participate today I'm looking forward to interacting with you as we go forward today and I thank you very much for taking the time to come and listen to us did we have microphones for questions I think while we're getting the microphones I'll go ahead and maybe start to warm things up fascinating presentations especially some of the case data let me start by asking all three panelists sort of a basic question we have as you heard in the last presentation a framework of privacy laws and privacy rules can we just extend them into covering practices with the new technology with DNA or are there places where we need to either modify them or come up with new rules what's the ideal privacy framework for this new technology I know it sounds like some of the presentations we've heard there's been a fair amount of progress but when you look at this what do you think we need what is it that we have and how would you change it Jill do you want to start first of all I'm not an attorney I think a lot of the policies that you have now in place are good I would start by looking at them to make sure that they fit all of the necessary things that you want to do with this new instrument you've got the misdemeanor issue where you're going to have law enforcement agencies that want to start their own misdemeanor databases we have a similar program in Orange County in California called spit in a quit I don't know if you guys have heard of that where Orange County if you're convicted of a misdemeanor if you give them a sample they'll take away the misdemeanor so you're going to have to look at all those different levels you're going to have law enforcement agencies out there and personnel also when I was looking at the penal codes one of the things for financial gain you're going to have to make sure that your backgrounds are done very good on these law enforcement officials I can tell you with my own bureau I review the backgrounds I only pass about 50% of the people due to such things as drugs finances prior work history so that's going to be another place where you're going to need to look so I think you're going to have to look at the whole overview of everything before you actually would roll this out one of the other things I talk to the doctor about is we only search every Sunday so if you have a law enforcement official that's uploading the sample it's still going to stay in a file and only be searched every Sunday so are you going to be able to search faster right away and how is that going to work with endis so those are just some of the things that I can think of I'm not sure about spit and the quit there but it's an interesting program Elizabeth what happens when somebody refuses to spit is that a confession of guilt go ahead is that better thank you my comment is regarding the speed of some of these processes as I described during our confirmation process we verify identity through fingerprints we verify offense information either through our DoD systems or through NCIC and if we are getting to the point where we can do the DNA in 90 minutes and do the search instantaneously which we're not there yet we're going to need to do some of these verification processes up front and I think that's something the FBI is looking at and could perhaps comment on we want to do that fingerprint search and verify identity before the sample is collected and run in the Andy as well as offense verification those steps need to be completed prior to the DNA analysis in order to really get the savings of time that comes from this rapid method sure there's one other thing currently when you have a hit in a crime laboratory so you have a hit to a convicted offender we go back and we repool that sample and we rerun it to make sure there's no mix up as we also verify a thumb print and then we don't consider those convicted offender or rescue samples coming in the door as evidence so that's why we ask the local law enforcement agency to go out and collect their own sample so in this case are we going to start considering these samples evidence and are you going to be able to go back and verify that particular reference sample with a thumb print once you have a hit great under the Privacy Act we are required to provide public noticed individuals who we intend to collect information from and DNA would be one of those collections of information we have to publish these notices in the Federal Register now granted the majority of the public has no idea Federal Register exists for this purpose but it is our means of informing the public being transparent to the public in our collection and use of this information we also use the system of record notices that are published in the Federal Register to help guide our operators and users of information in our systems associated with that information to understand the limitations on how that information can be used and so as we go forward in collecting DNA for various purposes we have to be very clear in defining the purpose for which we collect the information and if we are going to collect information for one purpose and anticipate using it for another purpose we are going to have to go back to our public notice and revise the purpose statement to ensure that we include new intended purposes for its use and we need to identify particular authorities in the Federal Government that allow us to do that purpose and then we have to train and make our operators of our system aware of the privacy requirements inherent in these collections and use of information to ensure that we are collecting it at the right thresholds and for the right purposes so that we don't infringe upon individuals privacy rights. Given that the was that a question? I didn't want to given go ahead please it's like California well I it's covered to the missing persons I believe so it's not excluding it okay given that the purposes that DOD might have in collecting this data will not be the same as the purposes that a law enforcement is a little speculative so I'm going to push the panel a bit given that the DOD purposes are going to be different in some ways than the purposes that a law enforcement agency might have there will be some overlap but not complete how much of the law enforcement precedent which is pretty strong how much of that is transferable to what DOD does now where will DOD need to think about maybe doing some different things? Under the Privacy Act there is an allowance to share information with law enforcement authorities who are pursuing evidence related to the commission of a crime by a particular individual and so we do share information with law enforcement to help facilitate investigations but again as we move forward and we change the purpose for which we're collecting information we also have to look at the documented sharing of that information with organizations outside of the Department of Defense to ensure that the purpose of their use is compatible with the purpose for our establishing the record in the first place but we participate with law enforcement activities to ensure that criminals who do commit crimes are identifiable so we continue to share information with law enforcement agencies and we'll see if we can make it work and we'll see if we can do that. Thank you. Jill, maybe I could ask you how much of the data that you use do you get from places like either FBI or DOD? Is that something that you work with or is that is it? Most of the data that we're using to do or Mr. Jenkins in particular what is DOD doing with GINA which is an act that controls the taking of DNA samples from individuals and with respect to the vibes are you familiar with that act? No, I'm not. Because there is an issue within the federal government maybe Jill you know you've done some work on that area after whether or not you can take DNA from federal employees as elimination samples. Yeah, there's the GINA act it also goes to manufacturers of consumables so often times or not often times every once in a while we'll get swabs that contain a profile that's a very low level profile of somebody who actually made the swabs or the tubes so it's very important to wear a mask one of the things we're trying to do in California is and I pitched the idea which I think is a great idea sorry even though it's my idea to one of the assignments is to actually mandate law enforcement personnel as well as crime lab personnel to give their samples because I believe there are a lot of old cases that are sitting that are unsolved that are probably the detective who collected the sample and so that is one area that really does need to be looked at. I wonder maybe if Paul is still here we could ask for Paul Pomianowski what there you are sorry you were trying to try could you talk a little bit about what you do about contamination with Andy and because that is a good question that's an excellent question at this point again with limited testing we've done to date we haven't seen any evidence of contamination we don't yet know to what level the instrument could be contaminated but just by the way the processing is done because there's less human in the loop there's less chance for contamination to happen but however the rigorous testing it's going to need to go through particularly the testing that will happen at the National Institute of Standards and Technologies we'll look at this particular device to see how well it handles contamination just just from being a DNA analyst and I'm sure you could talk to this too your cheek cells are rich in DNA there's a lot of DNA there so if you have any type of contamination it has to have to be a lot of contamination in order to see it because your DNA from your cheek cells is going to overpower any small amount of contamination and that's probably why you haven't seen it and you won't see it Elizabeth did you want to I just wanted to add I agree with that we do see a low level contamination on occasion in the laboratory the GINA, the Genetic Information Nondiscrimination Act does contain an exception for law enforcement laboratories doing DNA analysis that allows us to maintain DNA profiles of our employees for detection of contamination and we do have such a program and use it in every case to evaluate any unknown profile that we develop and for us in California we have unions so that's why we're not able to do it it's very hard to get it done we had a couple other questions will they go ahead please we seem to have kind of a one-way street sharing with law enforcement we can give you data that you can use for law enforcement but we can't get any information back out of it because the law is so strict is there a reason why if you're not using the evidence the law basically states you can only use for law enforcement purposes is there any effort for thought or discussion on broadening those restrictions within California law so that you can use it for more mass security type purposes specific and overseen are you are you speaking in regards to just our offender our samples that we collect on our RESTY samples well we also only do it in our state too we don't do any other states we only do it in California I would have to talk to you about exactly what you're thinking about using it for Tom Callahan is here too he can probably help you with that too but right now we only do it in California we don't do it on our RESTY samples when we started the program we made a decision not to do it on our RESTY samples California is very litigious and so if you guys have heard we had a people versus BUSA where it was found unconstitutional to have a RESTY samples we filed a brief in the California Supreme Court which quashes that so we're still doing them but until that's all worked out where we won't be doing a RESTY samples from familial searching where exactly are you from okay because we're in the same way we can't search your DOD databases either we're not allowed to do that so I think that's a bigger even bigger discussion yeah and that's a hard one that we talked about a year ago and it probably didn't make much progress on it combining databases creates a whole much greater set of privacy issues I don't know if Samuel or Elizabeth want to add anything to that it's a nice idea and there's a real operational benefit but it does raise some concerns but it does because a database collecting information in the state of California and a database collecting information at the federal government level are operating under different authorities and responsibilities and there's no clean merger of that type of information into a single source of query that would meet all the different requirements associated with the two different collections so I think we're quite a ways away from something that's a one stop all search if you will information about individuals Tom I don't know if you wanted to add anything no okay well don't say I didn't offer go ahead please from a DOD perspective we're required to inform individuals about the purpose for the collection of a DNA sample in this case including the authorities for the collection of that information and whether the collection is mandatory or optional on their part but if it's a mandatory collection there has to be a consequence for refusing to provide it and we have to have that fully established so that the individuals told what that consequence might be but anyone has a right to refuse to provide information but it doesn't mean that the law enforcement effort will stop because they didn't provide it okay go ahead please between a DNA fingerprint and a fingerprint with respect to how it's treated and should they be different I think the reason Congress called it DNA Fingerprinting Act was the STR has chosen rather than AML which gives sex give no personal information about a person and they are tantamount to a different kind of fingerprint I'll take it when we create a DNA profile and all of those coded numbers that construct that profile of an individual that coding is a unique personal identifier meaning that from that code or that DNA profile we can specifically use that number in appropriate databases to identify an individual so that is an element that is personally identifiable to each individual I mean your DNA mapping is only relevant to you I mean 1 out of 5 trillion means that we have unique identifiers for each individual so they're probably more accurate than fingerprints themselves so it is a personal identifier and we treat it as such because with that you can collect from a variety of sources records and information about each individual who that coding applies to so we treat it as personally identifiable information and protected as such no but they can be used to obtain that additional information all that can be used to retrieve personal information about individuals so it's what you can get from that coding I think some of the concern comes from the retention of the sample while it's true the SGR profile does not contain information that can be used to do anything other than identify the individual most people believe that as we retain the sample in the future there is a potential other information about that person and that is really the big difference between DNA and fingerprints the sample itself one of the things you could say about the whole privacy concern is maybe there's three issues that drive it we've touched on each of them collection what are the rules for collecting the sample use once you collect the sample and process it what are you allowed to do with the results and what are the rules on that and then finally kind of related to use but the issue Elizabeth just brought up storage right when you think about these three issues where do you think the greatest risk of privacy is where do you think we should have the most concern is it the collection point is it storage if you were ranking these things what would you say go ahead and I'd like to ask all three members of the panel what do you worry about the most about your own privacy do you worry about I spit and I quit sounds kind of interesting I mean for a traffic ticket but where is it the collection or is it where do you see the focus of privacy concerns that's an interesting question I guess I would see more in the collection and the reason for that is when you're collecting it are you mixing up the sample do you have a thumb print to support whose sample it is so I would I would see it more in the collection than in the storage and I mean in storage it goes into a room that's key carded and locked and nothing's going to happen to that sample so I would see it in collection I guess okay I agree with that we have several mechanisms in place to ensure that the DNA sample we receive does go with the individual whose information we receive with it but where we do see mistakes they are typically at the collection point and we have several ways of verifying samples and have identified issues in confinement facilities and at the point of collection in the our equivalent of booking stations and are constantly working to assure that process up there are very few but where there is vulnerability that is at the point of collection I have to deviate just a little bit because my concern would be in how we use the information we have a data repository of DNA samples that we maintain on military persons for the identifying the remains of service members but the purpose for that collection was only for identification of remains and if we choose to use that information in that data collection for some other purpose then that use is not an appropriate use under the manner of which we documented that system and informed the public so I'm concerned that we have data that could be used for other purposes that could be used under the radar if you will inappropriately. Go ahead please. The privacy issue is it applies to collection it's interesting that different state jurisdictions have different statutes for what is permissible for collection and there's a wide variety across the United States and the federal government so perhaps half the states do permit collection of samples for an arrest including misdemeanor arrest like California other states are only for felonies so the fruits of the poison tree in one state would be permissible in another state. The second thing that you have discussed is the concern for effective collection and storage I don't know if anyone has mentioned or addressed what happens when circumstances are triggered to purge previously collected DNA samples or profiles which are in databases but that also seems to be very uneven across the United States and I wanted to ask the panelists whether they're familiar with how that's working that is the statutory opportunity for privacy so that samples that should be removed from databases are done and done so effectively. We do have an expungement program in California we actually have an outreach section that handles the expungements. I can tell you we've had very few expungements. We've had a very easy process it's on the website and we made it so that anyone can do it and it's very easy but we've had very few expungements. Why do you think that is? I'm not sure. Do people know about the program? People do they know about it like I said it's on the website but we've just had very few expungements. Within the Department of Defense there's people of at the time their sample is collected the instructions for how to get that are published in Department of Defense Instruction 5505.14 and that is available on the internet on the IG's website anyone can find those instructions we have had a number of soldiers and Marines don't believe any airmen yet utilize that process when we expunge a sample we go through the expungement process that we use for hit confirmation we run the fingerprint we have to verify that they have in fact had their convictions overturned or not been convicted of anything and we also reanalyze the sample because through the expungement process the sample is destroyed and we want to ensure that we are in fact destroying the correct sample. I would describe very few but I would say it's catching on and I expect a unified defense bar which makes this a little bit different from most other entities they share a lot of information with each other and I expect that defense attorneys will share information about how to achieve that expungement when an individual is entitled to it as we were developing the DNA Caution Policy a few years ago we were very very involved in identifying this process of expungement for individuals whose DNA didn't meet the threshold for retention and not only did we include information in our guiding implementation documents but we also provided instructions in the kits that were used to collect the samples so that individuals had two ways to find out about expunging their records should the threshold not be met so we worked very closely to ensure that those rights of individuals were available to them and they had procedures and steps to follow to make those requests I know we got two questions out there and I just want to ask a quick one can you get your fingerprints expunged does anyone know and I assume that mine which they took quite a long time ago are still out there if we took your fingerprints for a background check for security clearance those are going to be retained in that file forever so no if we took fingerprints related to a background check for security clearance those will be retained in that particular collection forever until those records are retired or disposed of so probably not but if they were collected if your fingerprints were collected for a law enforcement purpose for a law enforcement purpose and the purpose was not carried out you have the right to request that they be expunged you always have the right to request that something be removed from a record if it's not accurate or relevant and if the relevancy comes into play in this particular case where if your fingerprints were taken at the point of arrest and you were never charged with or convicted of a crime then you have the right to request that information removed for its irrelevance to the particular proceeding so you always have the right to ask we have we provide a repository under federal law where states can share their DNA profiles from their crime scenes and also from convicted offenders for arresting so it is state law that the sample, the authority collect the sample and then federal law allows us to share that if when the DNA act came in and allowed for the FBI required all states uploading a recipe to have an expungement provision even if their state law did not have an expungement provision so the federal law required or had as an expungement provision so if someone's state conviction is overturned they can get that profile expunged from the national database even though they do not have the expungement from their state we tried to model the national database on the federal law but I think that's an important point here it is state law in regard to authority and operation that most of these issues about 85% of hits occur within the state where the crime is committed it matches the rest even if we're not on the front Good morning everybody I'm Lou Fenelli the director of the DOD DNA registry I oversee the service laboratory after and the repository so just a point Mr. Jenkins mentioned of the repository we possess over 6.4 million bloodstained cards when the repository was established in 1992 the decision was made to maintain those cards indefinitely or as a medical record for 50 years point I'm trying to make is that they remain cards until they're used for the purpose of identifying the remains. There are federal laws that protect use for other proof of life concept if you will, if someone's captured or I do have a federal law that allows me to process that card, but we do not possess a database that we can go into readily such as CODIS. I think we need to be clear a little bit about, our colleague in the back mentioned victim identification this conversation is pertaining specifically to law enforcement purposes. There are other uses for DNA within the federal government that those privacy questions need to be addressed individually and to where CalDOJ is meeting and talking about it regularly. That's the sort of level of conversation has to go on for each use. So victim identification, missing persons, law enforcement and Ken brought up employee collections. It is imperative that we have a way to make sure that we don't have contamination in the products and for our laboratory staff. Once it's beyond the laboratory and the products that we use, the information that goes into CODIS or any of our victim identification databases is only as good as the way we could verify that information. So you could perpetuate a detective who in good faith tried to collect something out of the crime scene or a guy down range and if there's no way to say it's our guy versus somebody else's guy, we're just perpetuating bad data. But the main point I'm trying to make is we just have maintained bloodstained cards. Thank you. Did we have one in the back? Go ahead, please. Thanks. I assume that not your laboratories but other laboratories probably check enlistees for communicable diseases for the determination of fitness and deployment with what would the million servicemen being sent overseas. And Congress's passage in 2008 of GINA prohibiting discrimination doesn't, I don't think on its face, apply to the military. The question is are you aware of the discussions within the military about the use of the DNA you keep on file to determine decision, to make decisions concerning deployment of enlisted men? You can see the utility now that we know what genes identify, type 1 diabetes, susceptibility and a bunch of other things. Just as you would make a decision that you wouldn't send people with communicable diseases overseas, you can see that many would argue that you'd want to make a decision about the probabilities of people acquiring diseases and conditions. So the question is not whether you're doing it, I assume under the restrictions for identification you're not. The question is are you aware of discussions within the military to use samples for those purposes? When we are dealing with military members and family members who are being transferred or deployed overseas, we do a great deal of health screening to determine whether they have a disease process that can't be treated in an overseas location or would be detrimental to them in an overseas location. As example, for a military member with diabetes, it is very difficult to deploy somebody to a forward setting such as Afghanistan and be confident that they can maintain their regiment of insulin treatments and other dietary requirements and manage their disease process where in the United States they could potentially be assigned to a station where they could do that. But the same thing applies, the same screening applies to family members. We don't transfer family members to overseas locations where the conditions of the family member could not be adequately cared for. So we do that as a form of screening, but we don't use a DNA database to identify those processes. We do that by medical examination, physical examinations, interviews with individuals, both the service member and the family members. And the whole point of doing those screenings is to ensure that where we send them, we can care for them. Or where we send them, their particular disease process won't be exacerbated by the conditions of their ultimate duty station. All right. We had one more question there. Yes, I think a previous question contrasted fingerprints and DNA, and I think that sort of analogy breaks down with familial testing. So when I give up my fingerprints, I mean, that is a unique identifier for me for my life. But when I give up my DNA, that might affect my children's children's children. And I guess I would wonder if in the expungement, if there should be a policy setting aside expungement, say on death or discharge, or whatever the nature of the reason for collection of the DNA was. Go ahead. We have an attorney general's ruling that let me back up. We have what we call a dead inmate project. So there are a lot of people who died in prison out there that had qualifying offenses that never were collected. So we had to get an AG's ruling to go back and collect those samples, whether it be from tissue samples or corner samples or crime laboratories have blood stains that they've had for years and years and years. So we had an AG opinion and it was deemed that we could go back and collect dead inmate samples, even though they're dead, which I kept saying they're dead. So we have used those samples to solve one case in L.A. It was a Sacramento County dead inmate sample that was collected. It hit on an L.A. County case from the 70s of three young men and it was able to solve that case. So that's where I know that you can use these dead inmate samples to help solve some of these old cases, if that's what you're going to. My question was a little different about whether maybe upon death the DNA should be expunged so that the people, so that the inmates, children's children's children couldn't be, their privacy might not be impacted by a familial search. That would probably have to go back to an attorney general's opinion also because as far as I'm concerned that sample is still, you're still able to keep it in the data bank and use it. The Privacy Act only covers the living. So at the point where an individual dies, the Privacy Act no longer provides protection of their information. It was intended to protect information of living citizens. You may have hit upon something here. I have one final question that I'd like to ask all three panelists and then we'll do our change over here. When you talk about this kind of technology, when you talk about DNA sampling, generally the reaction you get is very often one of discomfort, particularly with the public. If you were to scan the press on this, you would find a lot of privacy concerns justified or not as another matter. I think one of the things we've gotten from the panel today is a fairly robust set of rules on the use of this information. But if you were going to do one thing that would maybe lower people's concerns to the extent they have them, what would be that one thing that you would do to make this something a little more comfortable for the American public? You can just make stuff up. I think the one thing there's a lot of confusion on is the DNA that we use do not code for any physical characteristics or medical. And I think that there's a misconception there. The thing that I would like people to know is that it does not work like it appears on television that you can run a DNA sample and find out where the person lives and shops. There are great restrictions on what there's not much in CODIS that's of interest to people anyway that's all retained in another format. And there's great restrictions on who can access that information. And I think these limitations on how this data will be used need to be included in those informative statements as to why we're collecting what our authorities are so that people understand at the point of collection that it's not as you see on television. It's completely different in our use than what you see on CSI. Well, that's a little disappointing. No, actually it's kind of a relief. Let's do two things if we may. We have to swap panels. That will take about five minutes. So if you want to refill your coffee or anything, plan on doing that. But we'll start promptly at 11.05. Join me in thanking this panel, please. Presentation. Waste basket. Oh, sorry. Oh, no, that's okay. I wanted to know about the expansion of data. I built an actual thing. For identification purposes. That is for civil purposes. It's for licensing. And apparently the civil database at the federal level is really only on federal employees, all of the other checks, including security plans checks, are not retained in the national database. They're returned to the tribunal. There is the same thicket of local, really state and federal laws on expungement with fingerprints and with criminal histories. Yeah, actually it's a much richer set for DNA because it's been around for a hundred years. DNA hadn't been around for a hundred years. So there's plenty of provision for it. Thank you. I'd really like to congratulate you on taking on at most a complex challenge. I'd like to make an observation and try monitoring the general audience. Very good. You asked at what stage would you be able to assess how I would be moving in the right direction. That is, I believe, the reason the data warehouse vests at every stage. I would be more concerned about the system at which any data is pooled and data signature vests. IBM has created a complex, which I can discuss with you over time, way of data pooling with forms of data signature on which I develop. Kenny, this system is what I believe. This system, from collection, is any form of inclusion, benign, or adverse. And this applies through a professional perspective. So, is that something we talked about earlier? You might want to see if there's a point to the next panel for information sharing and I will overlap with some of the points you just made. So I want to think about a way to... Think about some of the policies that Mr. McAllister and I will be discussing. Mr. McAllister and I will be discussing. Mr. McAllister and I will be discussing. Mr. McAllister and I will be discussing. Mr. McAllister applies to volume of the information which is right here. You're not going to be able to hear. Mr. McAllister has developed a whole system that might help. I will talk to you about that. Yeah. That's interesting. Yeah, we can talk. I'm going to inject some of those in the next panel. Okay. Yeah, what time? I guess we should... Oh, he's throwing things. Steve Washington, how are you? Good to meet you. Yeah, we'll just do that way. Right. The hard part will be getting them back in their chairs. If I could ask people to go ahead and take their seats, we can get started with panel two. I'm almost guaranteed to butcher it. Anybody else got a... Can people get the last cup of coffee and then go ahead and sit back down? Okay. We're getting there. What? No, I'm just trying to get them to sit down. Have somebody walk down the back and encourage them to sit down. Okay. Yeah, okay. All right. Do me a favor and get the people in the back to sit down. At least to me, it looks like there was at least a degree of overlap between our last panel, which focused on privacy, and this panel, which talks about the information sharing environment. And the information sharing environment, ISE, is a concept that's been around for a while. There's been some progress in different parts of the federal government and moving this environment forward in other parts, maybe a little less progress. It's a crucial point, and I think we heard from Tom earlier, that the ability to combine data, to share data, and to search data is one of the fundamental challenges for the technologies we're talking about now. I'm going to go through and give you the names of the panelists, their titles, their bios are available on our website, and then we'll go down the row and have them give their presentations. So, first is... I'm going to butcher it again. See, I knew I would get it wrong. Anthony Rapadoula, who's on the bioengineering systems and technology staff at MIT Lincoln Labs, right? Steven Washington, who's the project manager at the FBI's Biometric Center of Excellence. Is that on West Virginia? Okay, well thanks for coming in. A big center out there, if you haven't been out there, it's worth a visit. Chris Miles, who's the biometrics program manager, Human Factors Behavioral Science Division Directorate of Science and Technology at the Department of Homeland Security. And then John Collins, Forensic Science Division, Michigan State Police. Thanks for coming. So with that, let me turn to our panelists and we'll get the discussion started. Thank you. So good morning, my name is Anthony Rapadoula. I'm from MIT Lincoln Laboratory. I'm a colleague of Paula's. I still am Deputy Principal Investigator on the ANDI project from the Lincoln side. And so Lincoln was responsible for, excuse me, the design of the software that runs on the tablet, which we'll show here. And also was responsible for designing the security architecture for the full system. NetBio was responsible for the instrument, both the hardware and the software that runs on that platform. And so what I have here, I'm sure that this isn't readable by anybody in the audience. I have a poster and I have an excerpt from the poster. But what I'd like to do is to walk through the different pieces of the system and talk about the security features at each point. So I'd like to say that the project sponsors really stress the importance of building a secure system. A lot of that credit goes to Chris Miles, actually, my co-panelist. The goal is to prevent or at least discover any unauthorized access of the system. The example that we always use is on-the-side paternity testing on the weekends. That's the kind of thing that we want to be able to track. You laugh, but it's been known to happen. Additionally, future generations of this instrument or similar instruments might be deployed in a variety of field locations. And so we don't want to rely strictly on physical security. We can't just rely on guards and locked doors for the security of the system. And so we build a number of security features into the system. And the security features that we added are far and above anything that you would find on standard laboratory equipment. So we took our responsibility very seriously here. So I'd like to walk through this chart a little bit. I'll focus mostly on the Andy instrument itself, the connection, and then the tablet where the Lincoln Laboratory software runs. So to start with the Andy instrument, it is running a variant of Windows 7. And so you need to log in with the username and password as always. I think it was mentioned earlier that each of the buckle swab that are used in the system have an RFID tag attached. And so that sample can be traced all the way from the manufacturer of that swab all the way through the data generation, all the way to all of the data products that come off of the instrument. The STR profiles that are generated by the Andy are encrypted and they are stored in an encrypted format on the Andy itself. And they're encrypted in such a way that the Andy itself cannot decrypt them. You actually need the tablet to view and to manipulate the data. And further, the Andy instrument digitally signs all of the profiles that it generates. And that proves which Andy instrument actually generated the data that is exported to databases or for other uses. So those are some of the features that happen at the Andy itself. I'd like to talk a little bit about the connection between the Andy and the tablet now. The protocol that we use, and I'll try not to bore you with too much gobbledygook here. The protocol that we use is Transport Layer Security or TLS. And this is what's typically used to secure commercial web traffic. So if you're in your web browser and you are going to an HTTPS URL, you're using TLS under the cover. This is a tried and true secure protocol. And it guarantees that the data between the Andy and the tablet are encrypted at all times. Further, we have a mutually authenticated TLS protocol used here. It means that the Andy presents cryptographic credentials that says I am an Andy. And those get handed to the tablet and the tablet has to verify those cryptographic credentials. And it's mutual. The tablet also hands its cryptographic credentials back to the Andy and the Andy verifies the tablet's credentials. This means that both pieces are guaranteed that they're talking to a trusted system component. And last and perhaps obviously here, it's a wired connection. And that just lowers the chance for eavesdropping. There is no wireless signal being sent from the instrument. Lastly on the tablet, it's also running a Windows 7 variant. So you need to use your name and password to log in as you would expect. You also need to run our software a common access card. So anyone in the military knows what these are. This is just a smart card. So you need one of these plus a pin that goes along with the card. And this guarantees that when you're running our software, we know who you are and what time you're using the instrument and what you're doing. All of the activities that occur on the software running on the tablet are logged. Advanced users are allowed to edit the profiles on the tablet. But if you do that, the new profile that gets generated is digitally signed by your CAC or your smart card. And that proves exactly who made the modification and when. We also keep a full history of all of the edits that might happen to a profile on a tablet. So we have a strong cryptographic chain that goes all the way back to the generation of the profile by the Andy through any changes that might be made by expert users on the tablet. So that's a summary of the integrated security system that's present in the system. That's all I have. I'd be happy to pass it along. Great. Thank you. I think... Good morning. My name is Stephen Washington. I'm from the Federal Bureau of Investigation, Clarksburg Seages Division. I'm here to represent the BTC Biometric Technology Center. I was called in on last minute notice and asked to speak about information sharing. I mean, sure enough, coming from another location, my information didn't show up. So as a result, we're going to continue to look at this device and I'll speak about it even though I don't know. Anyway, with that being said, seriously speaking, I'm from the, as I mentioned, the BTC Biometric Technology Center. We are currently constructing a new facility in Clarksburg, West Virginia. A rather impressive facility. This facility will have joint operations between the DOD, DOJ, and hopefully DHS as well. One of the concerns that we've come across is how do we share information? And so as I'm leading up that activity, I've been asked to come and speak to you. And so as a panelist, I'm going to do the same thing as a student. I'm going to receive questions, but in turn, I'm probably going to ask questions back, which is kind of uncommon for a panelist. I was about to mention that I'm new to this side of law enforcement. I've been with the FBI two years, but I've been asked not to say that because every time I say new to this side of law enforcement, they keep looking for me on one-aid posters. So with that, I'll say this, that I spent 20 years with Heal It Packard in the IT division developing shared information services, a lot of custom solutions for the government sector, but from a private standpoint. So with that as a retiree, yes, I have retired, I've joined the FBI to help lend some of my expertise in data information sharing. A couple of things that we've found thus far is that we share a common mission, a common mission that being Homeland Security. And despite presidential directives and other things driving us towards that, we've yet to find a true common platform with regards to how to share this information. We run across issues such as PII, which will make it difficult to share information across platforms. I've found it interesting that I can't share information at times with my partner, DoD, despite our common interest as far as protecting Homeland Security. But with that, what I have found is that there are some outreaches that are assisting with this challenge. Such as the ISO EC 11179, which is the directive, which is intent, is to give a common platform for sharing metadata. Metadata is the data about data. I should also tell you with the being new to this side of law enforcement, I'm also an engineer, so if I start to go off tangent, just reel me back in. But with that, being able to share the core construct is a starting point, but even with that, we still run across our degree of challenges. The challenges that my colleagues have brought to me on my various projects in data management are the questions of the data type, the usage requirements, or user requirements at times, and then common platforms. Again, I mentioned the various standards that are put in place to try to resolve that. These are challenges that face us but yet have yet to be resolved. In 2005, September 2005, there was a meeting with OPJ. They came together with the Global Justice Information Initiative, and they endorsed something called the GJXML. This is the Global Justice Dataset Model. This model is intended to provide a core construct for information sharing. It has lost steam since 2005, but nonetheless, I invite you to take a look at that particular entity, for it provides a very strong construct with regards to how information could be shared. Some examples of information sharing within the biometric space include biometrics.gov, fbi.gov, slash about us slash sieges, two locations that I would highly recommend that you visit. And the one wouldn't come up, so I'm not even going to give you that one because for the last two days that information has been down. I was going to ask you to turn to an article that was produced by NJI in November of 2011 with regards to sharing information on a global perspective. The need is greater than ever to share information amongst our common law enforcement entities. With that request and demand to share information, what we have found is that the sharing of information at this point has resulted in fewer case closures than prior to the sharing of information. I found that information alarming, which tells me that our sharing routines are incorrect. It's hard to imagine that with more information, we're able to do less, which is a bit of a challenge that faces my team and I. So as we go forward with this, we're caught with the question of what do we share, when do we share it, and whom do we share it with. Wrapped into that are a great construct of purpose. What is the purpose of sharing the information? What is the purpose of the request? So with that, as I mentioned earlier, I come to this panel to attempt to answer some of those questions with regards to information sharing. But obviously, I have quite a few questions that I'll issue to you with regards to what we need to do in this information sharing space. I invite you to visit us at Clarksburg West Virginia Biometric Center of Excellence, opening our doors in 2014. Thanks, guys. Well, I am Chris Miles with the DHS Science and Technology and like my other panelists, I guess we're mostly engineers up here, so we're your egghead panel for the day. I'm not a policy person, I'm not a legal person, and there are representatives here in the room from United States Citizenship and Immigration Services and our legal counsel and privacy advocates, and so you can imagine how nervous I am with them in the audience. But they can answer a lot of your specific questions on operational applications of an amazing technology that we've been developing. So we are going to focus mostly on the technology, or I'm going to focus on the technology, and we'll talk a little bit about plans, but that's not my focus in science and technology, I'll just say that up front. Tony already stole a lot of my wind as we're going to talk about the information security environment and what we're providing. As much security as we can possibly throw at this. We've been working with our privacy office, and I'm a co-chair on the White House National Science and Technology subcommittee on biometrics and identity management, and privacy as one of our working groups has been for seven years now, and we've really looked at how do we not only use or apply technology, but how do we develop the technology so that it has inherently privacy-protecting capabilities built into it. So I think Tony covered most of those. We're going to use our privately identity verification cards, PIV cards, and the technology that exists there. We're going to use encryptions and what exists there to protect the data in the machines. We're going to not include any information as was said earlier. The DNA we're processing does not contain medical information or ancestral information or physical traits about the individuals. We're just excluding all of that, and we're going to go out of our way to log and track where the data is and how the data is being shared and who has the authority to do that and limit it as much as possible. So through all of that, as well as our work in human factors division, and we know that whenever humans are involved, there's going to be errors in the data and errors in the handling of the data. So we're going out of our way through the RFID on each swab and the machine reading that information, knowing which slot it was put in when you put the DNA sample in the slot. It locks in there, so you can't put it in one and then move it to another one. You know, there's a lot of processes that we've been doing through the development of the technology to ensure that the privacy is an integrated portion of what we're talking about here as we've been developing this. Within DHS, our real requirement or the need for DNA or the use of DNA, U.S. Citizenship and Immigration Services came to us five years ago and said, you know, we're doing all of these applications where we're trying to verify are the relationships on this application for immigration valid or invalid. And they spend a lot of time and a lot of effort to interview, look at documentation that exists, and try to verify is in fact this information correct. And they came to us and said, you know, we'd love for you to have a technology solution to this that can validate these relationships and their requirement was five minutes. So they wanted that to be done in five minutes. And we actually looked at all of the other biometrics. We looked at, you know, face recognition and we all say, oh, he looks just like his uncle, you know, and to what extent is that true? We actually use that to verify relationships. And it turns out it's not very strong. It's, you know, and there hasn't actually been a lot of studies on that. You know, the dangling ear lobes, the, you know, all of these characteristics that we all say, oh, yeah, these are genetic things that are passed down. To what extent can we use those? Well, you know, and blood was used to verify relationships. You know, your blood typing is something that's passed down by the Association of Blood Banks as established a process and a method by which they used to do that. And now they use DNA for paternity validation. And then within DHS, that's really the background for DNA is today the application process goes all the way through. And if there isn't enough information provided, then applicants can go have their DNA process today through a certified laboratory and provide that as additional information to the Department of Homeland Security. And that's allowable today, but it's at the very end of the process. So, you know, we looked at technologies. We looked at what was the capabilities. And we said, boy, this Andy program and working with DoD and Department of Justice made a lot of sense to look at could we advance the technology and how far could we push it? We're not going to get to five minutes. I don't think any time soon we would love to be there. The other thing was low cost. You know, how far can we drive down the cost of doing this? We in the Andy program set a goal for $100 a sample. I think we'd like it cheaper than that, but we need to look at what's the business case under what condition will it pay to do a DNA sample versus sending it to a certified laboratory and waiting for those results versus just the processes we do today of doing the interviews and verifying the relationships through our current processes. So, you know, all of that is on the table as we move forward with this program. Our plans are to receive the prototypes and these are prototype devices. These aren't final versions. We're going to be receiving the Andy system here in April. Hopefully, we also have under contract another company into Genix that will be delivering a device to us this April. We plan to test the devices, do performance testing through NIST and do some operator and user experience testing, hopefully in the field with USCIS. We hopefully are moving forward and working through all the privacy impact assessments and everything that has to be done to hopefully allow us to go out and do some DNA collection in the field. You know, under very limited conditions, people that are volunteering to give their DNA at this point. Because we think they will in a refugee camp, how many of them have some significant, you know, birth certificates and documentation to prove their relationships. So, given the opportunity to say, here's the opportunity right on the spot to give your DNA and have it run, would you volunteer to do that? We believe that's the early cases of where we'll be testing the technology. And we'll be looking at the use for the operator, the realism of taking a device such as these out into the field and using them that way. What are the use cases and business cases that that works? And then we're also funding the further development of going, everyone's talked about the 13-core FBI alleles that are used in the DNA processing. We're funding expanding that out to about 27 that will allow us to go from just-parent child relationships to grandparents and grandchildren, siblings. You know, these are also relationships that we need to verify. We also need to develop the software capability to process that in the field. And today the expert system that allows that kind of processing of those extended relationships is something that a highly trained technician needs to do. So, to move that to an operator that can use that piece of equipment in the field is something that we're working on as well. So, that's about all I have to say. I'll be happy to answer any of your questions. And thank you very much. Good morning, everyone. My name is John Collins. I'm the director of forensic science for the Michigan State Police. I operate seven laboratories around the state, one in the upper peninsula and six in the lower peninsula. And what I thought I would do with my brief time here is to maybe take this discussion and bring it down to street level for a little bit. And I'll explain a little bit why I think it's relevant for the state of Michigan and what we're seeing. But I want to share with you something that in my travels around the state when we talk about forensic science that seems to resonate with people and I think is very pertinent to this discussion on information sharing is to compare the forensic science laboratory to something that we're all very familiar with and that is an automotive service center. And I want you to imagine taking your car to an automotive service center, dropping your car off at the dealership for service and giving the technician the keys and walking away and saying, I'll be back in two days. Okay. It is a necessarily collaborative business that automotive service centers work in because what happens when you bring the car in is that the technician will ask you, you know, how can I help you today? Well, I need an oil change. That would be something fairly simple. But if you have something more complex like you're driving the car and you have some wobble or vibration in the vehicle, the technician may ask you some questions about what you're experiencing. Well, are you feeling this little shimmy and idle? Or is it only when you're driving? Do you experience it at certain speeds? Do you experience it at a certain speed and then it goes away but then you go a little bit faster and it comes back, which can help determine if it's something wrong with the wheel balancing versus something in the drivetrain. And what's happening during that collaboration between the customer and the service providers that the service provider is trying to narrow down what is happening so that they can take their limited resources and their limited time and deliver maximum value to the customer. Because if they didn't do that, you could go in for an oil change and it could take about a week for them to figure out that that's actually the reason that you brought it in. So we operate in a collaborative business and one of the things that you see in the newspapers nowadays is about crime laboratory backlogs. And I'm here to tell you that one of the primary drivers of crime laboratory backlogs is lack of information in the laboratory. And the inability for the laboratory to understand exactly what the customer, what information the customer has and what the customer's actual request is. Instead we kind of get this dunk truck effect where they bring the truck up to the lab, dump it off and we're out of here. Now in Michigan we have kind of an interesting situation. Number one, we have a governor who is the former CEO of Gateway and he's a certified public accountant and he places a high value on technology and information as you might expect. The other thing is that recently in Forbes magazine, Michigan was shown to have four cities in the list of the top 10 cities, top 10 most violent cities in the United States. Detroit, Flint, Saginaw and Pontiac. And some time ago, recently a few weeks ago, our governor Rick Snyder announced a public safety, basically a public safety plan for the state of Michigan with the primary goal being of getting all Michigan cities off to this top 10 list. Michigan also is a very, as you know, very complex border state with our great lakes and we have three what you would call major international crossings, two of which state and port here on, are major, major commercial crossings into and out of the United States. So this exchange of information is going to be very critical for the public safety initiatives that we're pushing very hard for in the state of Michigan. When we talk about this information in terms of civil rights or privacy, there's a myth that I want to dispel of right now and I think that the time is right for this. And that is that forensic science is not a conviction business. It's often thought of as that because of our results being used by prosecutors in the prosecution of cases. We are in the public safety and science business and the early history of forensic science actually has a lot of its roots and its drivers of progress in the exoneration of innocent people. And so to think of forensic science as something that points out bad guys and is an adversarial endeavor really is a limited view of what we do. It's not like that. We are inherently truth seekers and I think it's ingrained not only in our history but in our culture and I don't think you see that in CSI. I don't think you see that in a lot of news coverage about forensic science but it's really important to understand that that is in the forensic science world part of our makeup is about science and public safety not convictions. One of the things to keep in mind when we talk about the collection potentially of DNA from in particular arrestees which is we're seeing is kind of what we're moving towards in the criminal justice system is that a lot of the suspects that we arrest in the criminal justice system are not only suspects and potential perpetrators of crime they are also at an elevated risk for victimization as well for a lot of different reasons including their personal socioeconomic situation. And when we look at some of the trends and some of the problems that we're seeing in terms of human trafficking human and particularly child exploitation the potential of gathering this biometric data if you will and collecting this at the booking process of our law enforcement system also produces some dividends for these individuals not that goes far beyond just the adjudication and investigation of the case but also potentially protecting these individuals from becoming missing becoming victims of human trafficking human trafficking whatever it may be it also mitigates a problem in many jurisdictions of jail overcrowding you'll hear stories from law enforcement officials about the fact that well we're making these arrests I would like to be able to go into a shopping mall and arrest somebody for shoplifting because that individual may be also committing rapes but we can't do that because we have jail overcrowding one of the advantages of DNA collection is that it mitigates that risk because it can help deliver value to that arrest because of a potential DNA collection even though that individual will not be lodged in some type of a correctional facility or jail so this brings me finally to the concept of information sharing information sharing as I alluded to with my analogy with the Automotive Service Center is essentially a resource multiplier and if you look at that Automotive Service Center analogy we think about what we do with VIN numbers of automobiles even though you take your car in for an oil change that VIN number of your vehicle is loaded into a database and five years from now when you sell that car the buyer of that car can pull up a history and see where that car has been and so forth and actually delivers a lot of benefits to individuals who could be at risk when they purchase that vehicle and so forth the Michigan State Police has developed under our director, Colonel Christy Kibietsu is one of the first, I believe, the first state police organization to develop a biometrics and identification division which is looking at this concept of biometric enrollment at the time of booking for the purpose of collecting this information and using it to improve the overall value that our criminal justice system delivers to the public and so what you essentially have is you have an opportunity here for information exchange that delivers maximum opportunity and benefits to our citizenry really at a minimal risk of any kind of civil rights violations or misuse even though that risk is there as I think Sam alluded to the risk is not a reason to abandon it as an option it's a reason to take it very seriously and be very cautious so I know that in terms of the public safety priorities for the state of Michigan the ability to exchange information with various agencies law enforcement agencies, prosecutors other crime laboratories, Department of Defense whatever, what have you really maximizes our ability to keep people safe and to improve the integrity of our criminal justice system thanks thanks very much for those presentations I'll start with one to warm up the audience here which you know we've heard all these different approaches here and technical and some of the policy issues and the engineering issues when you think about information sharing what are the obstacles now to improving the ability to share information what are the things that you would each of you, I'm going to ask each of you down the road what is the thing you would change that would make information sharing work better in this new technology Tony do you want to start sure so I'm a humble technology developer so that's where I'll focus my comments so one thing that I think would be useful as I've shown with the system that we developed here we apply digital signatures to the data as it's generated or modified at each step there's no room in the current CMF standard the common message format this is the data format that's accepted by ENDIS there's no room for digital signatures in that standard but that's an example where we could apply technology to track who generated this profile and you can make that association in a strong cryptographic way user identification whom is accessing the information would be very helpful with regards to the collaboration of data sets often what I've been advised of is that we can't share that data because it normally comes down to the rights or role of the individual accessing the data so if we had a better tracking mechanism across the data sets I think that would help improve our situation dramatically okay Chris well fortunately this last year the NIST kind of took the lead on establishing for us the data sharing standard for DNA and kinship information so ANSI NIST 2011-1 Brad Wing back here was the head on pushing that forward includes now type 18 record is DNA data it includes I think there were like 40 organizations involved in developing what that data envelope should look like so that the information on DNA can be shared so fortunately we have that in place really a question of the authorities and the adoption of that standard that's in place I think that will take a while before the community brings that on board we'll need to validate that it's being used and being used correctly and that typically we always have a problem with people kind of adopting the standard but twisting it a little bit to be their own unique version and then suddenly you have data that can no longer doesn't match up well and obviously that can happen in DNA if we're not all processing the same DNA information the FBI core 13 low side to start with and a core set beyond that so you know policy I think is going to be rightfully so it's going to take a while before we're allowed to take immigration data and run it against the FBI repository just because that policy does not exist yet to allow us to do that and a lot of questions on how long we retained information for, how long we retained samples for and how long we keep that information for sharing I think those you know the in truth this is no more data than any other biometric data that we have today and we have processes for sharing biometric data within the federal government it will just be policies that need to be put in place to allow the sharing of that information and the you know I don't like most of the other biometrics DHS has reasons for keeping the biometrics that it has we don't just give a copy of that to the other federal agencies we allow them to send us information that we search and send them back results and I think that's a distributed architecture of who holds the data and who has the authorities for that data that obviously should continue on and the DNA as well I don't foresee us just openly giving everyone copies of the databases that exist Chris maybe I want to be one of the questions I was going to ask and then we'll see if the audience has anything is you're saying there's a common format for data now is that am I missing maybe the folks from NIST want to comment on that? Yes there is and this past year the standard for the interchange of biometric data was updated to include DNA information and this is the first standard for the exchange of DNA data that's being recognized nationally and internationally it will form the basis for the exchange of DNA information to Interpol for instance the FBI has already taken the step of implementing the XML schemas to be able to accept the DNA information and it does include the capability to include encryption, cryptographic reference information the data signatures and things like that this standard has been around since 1986 and it was originally brought about to exchange fingerprint minutia information it forms the basis for the biometric data exchange to the FBI to DOD for US Visit is building their DNA data repository based upon the standard which was released in November so it's already gaining traction and I think it's one place to look at it's available if you go into biometrics.nist.gov and on the right hand side there's a button which will take you to the standards home page the standard is available to be downloaded for free there are on that web page there's the list of the loci it also includes loci for things like family tree and the like because in disaster victim identification some people may have had a DNA sample taken to establish their family tree and so the medical examiners may want to take a DNA sample and compare it against that so there are other uses for it as well but look at that there's also some information about best practices there great thank you um well I had a question then for John you were maybe one of the more forward leaning in talking about access to information getting information which I'm sort of in the same boat but what information do you have now that you do not have now that you would like to have access to do you know what would the ideal system look like for you well I can tell you in particular something fairly specific and this is more of maybe a little inside baseball for crime laboratories but I think everybody in this room would be shocked if you knew how much time our forensic scientists in the United States spend working cases that have already been adjudicated now when you talk about DNA and latent prints it's a little bit of a different problem because those are in fact that results in biometric data that can be searched and so there's value to processing that evidence and using it for law enforcement purposes in a database type of an environment but being able to query databases such as court databases prosecutor databases to find out if a case has already been adjudicated this was a problem I think that the Georgia Bureau of Investigation many years ago started to uncover when they realized how infrequently their testing reports were actually being viewed by anybody in law enforcement or I should say police or prosecutors so laboratories tend to be somewhat disconnected from their customers data that being police their primary customers police and prosecutors although there's many beneficiaries of our services but that's one example and I think there's also a lot of data in crime laboratories that have some type of almost intelligence value for law enforcement in terms of patterns and the way that crimes are committed and so forth so it's there's just so many disparities and we have so many different segments in this in criminal justice that I think one of the things that we have to be able to do as a community is to communicate a common set of requirements that we all need because until you develop that you don't have a market that any business is going to invest resources to try to serve and it's not acceptable to have 500 jurisdictions operating as individual markets with individual needs and I think we have a little bit too much of that right now. Steven did you want to add anything to that? If I may there's a concern that I've had with regards to and exploitation is the wrong term used but in the private sector there's a lot of development with regards to information sharing and there's Forbes magazine saying that at this particular point in time we are the most heavily monitored society in the history of the world and most of it is done through self-reporting meaning that we're using quick capture devices on a regular basis our cell phones, our PDA devices and we have a tremendous amount of information that's out there and available what I've found is that we are failing at times to use these QCPs they're developed by the commercial sector in the government sector. We are not taking advantage of technology that's there and with that many of the information sharing constructs that have been established NISTIS is leading the way obviously for the government sector but again I just find that we're a little slow at getting to technologies that are already available to us. Tony, Chris did you want to add anything? No? One of the questions I always ask and sort of my standard question is and particularly security came up in a few of the presentations is how do your devices how do your databases connect to the internet and have you thought about that? If they don't connect that's a good answer but it's usually not the answer so what do you when you think about how you connect with each other how do you do that how do you think about security then my usual going in assumption is that if it's connected to the internet it's not secure but I'm happy to be dissuaded. Go ahead. So for the current anti prototype there is no internet connection off of either the device or the tablet as they're currently configured it is something we would like to do in the future in fact we had plans to have remote connectivity from the tablet to DOD databases that's an implementation that didn't make it into the spiral something we would like to do we have some plans and how to do that securely a lot of it is based on typical web implementations things like transport layer security and cryptographic certificate credentials but that's not something that's in the current prototype. Thanks. We serve on both sides obviously one side of the FBI house does not connect to the internet the other side connects the IAF's databases available on this platform for common communications with our law enforcement partners. Yeah I don't work for US visit that is our DHS repository for the biometrics information that exists today but you know they have I think 40,000 plus users of that information and provide you know secure access to the information for all the different DHS customers within Coast Guard and Customs and Border Protection and USCIS and Immigration and Customs Enforcement and you know there's DHS as a large data system of information sharing and you know our needs there we almost refer to it as screening of individuals because we we touch so many humans every single day going through airports and the sea ports and all around the country and world that you know we have 10 to 30 seconds to make most of our decisions on whether or not someone gains access to the country if that person is who they claim to be so our system has kind of you know in the world of forensics where you're taking lots of time to you know validate a decision that's going to be made we're on the polar opposite of that where we have to very rapidly provide additional information to an officer that's making a determination on the spot and DNA definitely is is a slower process than that and that's where we're still kind of determining what's the appropriate use cases for it and its current capabilities within DHS there's no issues with internet connectivity for us but I think from a public policy standpoint it's going to be something that's going to be increasingly it's an emerging area of interest I think to say the least okay great go ahead please about communications and a lot of it and sharing information a lot of it will depend upon interoperability of systems and the best comparison is to compare CODIS and AFIS CODIS works great because they had the vision from the beginning and built the system from the bottom up so everyone could communicate AFIS and IAFIS are a mess jurisdictions can communicate with each other they have different vendors the encoding process is different so it's a very very traumatic experience to try and search the databases you need to search in AFIS so the comment is for purposes of if you're designing new things you've got to design the interoperability of various vendors and using this to set the standards for the communication from the ground up then you get something like CODIS which is tremendously effective so it sounds like in the case of this data and this technology maybe building off the experience of AFIS they managed to get things a little closer to being right is that fair well yes if they actually knew what the problem with AFIS was which not many people really do yeah you want to tell us no that's okay no if you had three hours I could tell you but you don't have that we have a question over there I've got a lot of the same line we're talking a lot about technical standards but as I believe Mr. Miles briefly mentioned earlier you also have this issue of separate systems that are being shared but you don't share you don't just combine the systems you share the system or allow use of the system for an external agency or for a different agency and in that way you keep the information compartmentalized but is there any discussion on methods in which you can ensure that the proper rules essentially for all of those various systems actually travel with that information in that if I am at DHS and I'm using a DoD system to screen against or to run through how do I ensure that the correct protocols procedures and protections for the system that I'm using are known to me who doesn't use that system every day yeah very good question I think you know that there are so many different laws and so many different rules that those all have to be taken into account as you design the architecture and I think you can design architectures that maintain that level of information are we doing that today I don't have enough insight into the information systems that exist I'm kind of working on the the devices that provide that information but you know that I think I think your question is a very good one and something that we have to be doing at the information access level you know I know I won't speak for the FBI but they do that today with you know ensuring who can send information and who can search the data and get you know who can get results back so lots of policies and operational and training and you know all of those things that have to take place Steven if I remember correctly you said the Center for Excellence was going to open in 2014 but I thought there was already a big university program out there and a big FBI data center and some other activities you know I already thought of you guys sort of national hub is that was I yes we are the national hub for fingerprint information and we do have several shared systems as well on the campus when I refer to the opening in 2014 that is with regards to the BTC the Biometric Technology Center which will be a center that will specialize in training of late and print activity it will also specialize in the introduction of new biometric devices quick capture platforms will be doing hopefully some DNA work out there so it is a new center that we are opening in 2014 an expansion of the current campus what will you do when it comes to merging fingerprint and DNA data is that something that is currently one of the major challenges we are looking at the AFIS system as was mentioned is problematic we are making strides forward I'd rather not speak into any level of detail but we do have the Dazzle Lab which is giving us a bit of a construct that we can operate against forward thinking we are taking a look at some other common strategies OMB Max would be one particular common sharing platform that we are looking at so there are certain advanced technologies that we are looking at but I don't have any details I can provide at this time okay did we have other questions out there Kat go ahead I'm sorry there is a question about mission across agencies we talked a lot about kind of permission sharing within effective agencies but as we kind of moved to a more global model I think it's going to be more of a central repository where all data is located in one place and everybody searches it from their own effective organizations or is each agency going to maintain their own kind of federated data and that's going to be globally searchable across all agencies yeah you know as I said before I think it does depend on the authorities that are granted to each agency we don't have the personnel or the staff to run information for the entire federal government nor would we intend to and you know except in some specific cases you know I think the National Counter Terrorism Center is in charge of helping us to identify terrorists will DNA become a repository there of known terrorists and you know along with their other biometrics I don't know of a plan to do that today but it would make sense to me that for known individuals that were trying to as the entire federal government are trying to track down that the processes that we use for uploading current biometrics to that system should apply for DNA you know we currently each have processes by which we say this is a known terrorist or a possible threat or you know each of the different categories of persons that are uploaded to that national database but that's a very specific very limited number of people that go into that into that kind of category and are highly reviewed and doing so you know then you know for DHS purposes you know I cannot tell you today that we will be creating a DNA repository within DHS we've not had an agency come forward and say we absolutely need that you know within most of our applications we're going to do the familial relationships we're going to get a is that valid as the application is is valid or not and we're probably going to print out a report and stick it in their file and that may be the end of it you know I believe down the line there will be other applications that come along that would would need DNA within DHS applications but today we have not had the operational components come forward and say we need a national repository for DNA so you know there isn't although it's a very small bit of information and not you know there isn't much to share there you know the sharing of it's going to be the easy part compared to all of the policy and the rules by which it can be shared and when can it be shared and collected even one comment maybe it relates peripherally to what I'm saying but I want to make sure it's mentioned is that one of the things that we're also talking about here is really the introduction of a massive cultural change in law enforcement if you talk about the criminal justice community United States is that you're talking about a paramilitary culture or military culture for talking about Department of Defense that is traditionally very command and control and we are introducing at a rapid pace technology and science into this culture and it is not a easy transition and that's those things are really hard to those are the intangibles and I think that the for example the International Association of Chiefs of Police ICP they have a for example a forensic science committee they have an award named after August Vollmer who was a huge proponent out of UC Berkeley back in the early 1900s about elevated professionalism or technology science and policing and it is a it is you just cannot understate or overstate how how significant this cultural changes and it's going to take time but it's something to pay attention to Tony when you were thinking about when you and Paula were among the people working on this what did you think in terms of law enforcement, domestic law enforcement as a customer did that enter into the design thinking at all or where did that fit into what you were doing so there is some thought that a system like this would be deployable at booking stations, at local police departments but I think there's a whole infrastructure and even policy issues that need to be addressed before that actually happened I see Tom Callan has something to add to that 54 of those, the state labs, the army, the FBI Puerto Rico and Elizabeth who's the other one there's and DC, Washington DC there's 54 points of entry for convicted offenders and arrestees so all samples are collected and have to go to one of those state level laboratories with rapid DNA machines we are looking at initially hundreds if not thousands of ports of new portals to be able to come into the national database and in having the a a non-DNA person be involved in collecting that sample and putting it in the machine that machine you can think of as a fax machine or an entry portal the results will still be viewed at least our concept will be viewed in one of those 190 laboratories the laboratory who has the unsolved case gets the message that you have an unsolved, you have an open case and here's a DNA profile that has been associated with that case so that's the use case and then this would get at the backlog problem those 54 labs can now concentrate solely like the other 126 labs in the country on crime scenes and that should help reduce the backlog so that's the use case for domestic law enforcement is to put the portal follow the fingerprint the fingerprint model where the fingerprints booked in the or is collected at the point of arrest and the DNA collected and analyzed and upload at the point of arrest and one other thing Ken to there's a reason that Pete Vellone and I are sitting next to each other Pete from NIST and the FBI so we have learned from the APHIS issues and in all of our requirements compatibility not only with the FBI but standards for the CODIS core but with the international standards are being applied to these machines great thank you let me ask the panelists if they have any final thoughts they want to share on this any maybe we could ask them about the work how does it work between state federal and local I left out tribal any final comments you want to make on this I'll make just a real quick one I I've had the opportunity to work in the federal government to state agencies and also at the local state it's amazing how similar the problems are no matter what level you move through in terms of information sharing and so forth back in 1996 when I was with the ATF we had the bombing of the Olympics in Atlanta and then a series of serial bombings afterward by Eric Rudolph who was later captured in North Carolina and that was a great example in a very high profile where you see the benefits of the potential benefits of really good solid information sharing and how quickly it can go south if you don't have it Chris well I just like to say thank you for holding this panel to the DOD and to CSIS you know that we need to really carry on these kind of discussions because I gave a presentation about a year ago at a conference and you know talked about I think we're talking about real necessary uses of the technology to help refugees to help asylees to help in prevention of human trafficking slavery these terrible things where DNA can be a benefit to stop these fraud cases the crime you know I think there's a lot of potential good use for the technology here but the next day in the news it was run that starting this summer we were going to collect DNA on everybody going through airports just total fraud on what I had said versus what was presented in the news the next day so just to be clear we're not going to be starting to collect DNA at airports no we're not and you know it's something that we have today that the perception and the privacy issues and the what's being said in the media is so 180 degrees out of our requirements our restrictions our things that we're doing to protect the privacy of individuals and the restrictions we have on how we can share data and how we can use it that's not getting out there I think the previous panel said that as well and I don't know how we do that more effectively we obviously have to because there are the concerns and there are the misperceptions that are taking place in huge ways the next month of my life there was 30,000 postings a day on the internet describing these misuses of how we were going to be using DNA and I spent innumerable hours and FOIA requests and things that followed on after that explaining how we're really going to use it and we're still supporting the program today but we have to at every turn be ready to answer those kind of questions and carry on this dialogue so I think this was a good form today and I really appreciate the opportunity. Thanks a crucial point Steven we've spoken a lot about the potential often focusing on some of the negative content of data and information sharing I was interviewing one law enforcement person who indicated that CSI is my best friend but my worst enemy they've indicated they go out into the field because I've seen it on television every investigator should be able to pull the fingerprint off the ceiling of something that was thrown up and touched the ceiling but with that I have to candidly say that in my limited time here with the FBI I've seen the collaboration of information between all agencies DHS DoD and DOJ in particular and in addition to that collaboration of information the use of new technologies that will allow us a multimodal approach be it using partial information from a DNA swab facial recognition fingerprints etc pulling information from multiple data sets to solve various crimes or prevent various activities from happening I've been very impressed as an outsider coming in so despite the fact that we've indicated there are several challenges with regards to information sharing I believe that the horizon is very positive the technology is out there I think we've all agreed as panelists that policy is more restricting factor than is technology so with that I just wanted to close on a note of saying thank you and as a newcomer I'm very impressed by the work that's being done by our law enforcement personnel our war fighters and I'm just happy to be a part of trying to solve the puzzle of getting this information to a point where it's readily available on a quick capture platform Anthony you got the last word excellent so I'd like to thank you for the invitation to speak here today I'd like to echo a little bit what Steven's said that this technology is in its infancy I think we have a lot of policy issues to work through that's above my pay grade but I am very interested in talking to people offline after this about other use cases that they might have for DNA and for their security and their analysis requirements we shouldn't look at this as a finished product it's a fantastic prototype it does amazing things it does things that two years ago I would have bet were impossible but here it is, it exists what can we do with the next version and the next version that's the discussion I'd like to have thank you well join me in thanking this panel please I'm I'm also happy to say that I don't have to sum up what we've done here today that that responsibility falls on Kent we did make a change in the schedule so we did move up lunch because after looking at this thing it's like we have lunch and come back closing remarks who's going to be there I'll be talking about myself or something so so now I'm the last thing holding you up between us and lunch really I thought this was a very fascinating discussion in a forum that we had just to get to hear some of the things from the need for these biometrics and forensics technologies and how it's really not going to go away if anything biometrics and forensics from my capture really goes multiple mission applications not just law enforcement there's some intelligence applications there's medical applications counter-terrorism protection of the homeland it's there's a lot of things that it touches and it plays with and really this is just the beginning of a lot of new efforts coming out there because the way the way we look at it is we got to get information quicker and faster to the individual collecting it the answer needs to be at that person rather than going back through laboratory systems and get the answer six or seven months ideally that's where we would want to go to push technology to do those types of turnaround times and with reliable information so people can make decisions and act upon the information that they're collecting so I do want to thank Mr. Jim Lewis and Katrina out here and some of the helps and CSI for hosting and organizing this activity I know it's CSIS. Did I say CSI? It's a bad word on this panel. Okay that's right. That's almost like saying DHS is collecting DNA and what? Oh and send all the privacy questions to DHS and so well experienced with that so if there's any freedom of information request Chris is going to take that on for us so that's great but speaking of that and how we help each other out with that kind of stuff it's really the need for collaboration it's pretty easy to look at a box in the back and it produces DNA results but we just scratch just some of the surfaces that the collaborative effort of the in this particular case the Andy steering committee started several years ago and this stuff really takes a lot of time it's not only producing a piece of equipment but you heard some of the privacy issues the policy issues information sharing there's requirements there's a whole lot of stuff that goes into this and it's not just about putting money towards that so it's these activities of leveraging those existing organizations within the US government to develop some whole of government approach to address all those various issues because there's experts throughout the whole of US government to do that and I think we hit the mark pretty good with the rapid DNA effort and trying to prevent those things that we encounter with the fingerprint identification system so it just goes show the power of your federal government and a lot of other expertise in the academia and the industry to do something great like this particular effort we talked a lot about policies I probably got a list of 35 policies we probably got to look at at least to make sure that we're not ignoring but there was some really good discussion we do appreciate these types of forms like Chris mentioned it's good to get these inputs now because the more you know about the issues and problems if you know them three years ago you can start building systems like this understanding that you need to have these particular control measures or these security features and things like that so these types of environments are very helpful for folks like me and other members of the steering committee to understand as we push technology into the future and of course always always be mindful of the rights and privacies that's really at our forefront I mean there are a lot of misconceptions out there we're all trying to do the right things you know we're trying to depend on what your mission application is we're not really interested in the biomedical information behind this not this community and the other communities that we're involved in but certainly interested in protecting the privacies because we are US citizens just like others so again it's very fascinating I want to thank all the panel members Mr. Riley, Dr. Pominowski and others Mr. John Boyd for actually giving us some resources to do this particular event thank you very much for that and enjoy lunch until next time