Pop quiz on forensics

A recent research paper from Jonathan Koehler, a Northwestern University law professor, titled "How trial judges should think about forensic science evidence," opened with a short quiz. Grits readers should be well educated on these topics, but let's see how you do:

"Here is a forensic science test for you. Please answer each of the three questions below True or False.

"1. Scientific tests conducted over the past 100 years have repeatedly demonstrated that everyone has a unique set of fingerprints.

"2. Recent scientific studies show that the chance that DNA samples from two different people will be identified as a “match” by a competent, well-trained DNA examiner is less than one in a million.

"3. Data from scientific tests conducted over the past few decades provide a reliable basis from which to estimate the accuracy of most forensic methods that have been admitted in U.S. courts.

Forensics nuggets

Grits was pleased that an associate turned me onto a blog by Penn State law prof. D.H. Kaye titled "Forensic Science, Statistics and the Law," which I've spent the morning perusing.

While somewhat of a challenge to your correspondent's math skills, the linked resources in this post on sources of error in DNA testing are excellent supplements to recent MSM reports, particularly this recent law review article critiquing common statistical descriptions of the likelihood of a match when trawling large DNA databases.

Especially notable from his archives: Two posts from February discussing error rates among fingerprint examiners, including an adumbration of a study which found a three percent false positive rate (among self-selected examiners who knew they were being evaluated). Most posts are fairly detailed fact-and/or-math-based assessments

Incidentally, Prof. Kaye was one of several authors in 2011 of a paper titled "The need for a research culture in the forensic sciences." So I suspect he was pleased as I was to see that the Texas-based Laura and John Arnold Foundation is funding a massive investigation by the American Association for the Advancement of Science into "the underlying scientific bases for the forensic tools and methods currently used in the criminal justice system," focusing on ten specific forensic disciplines:

1. Bloodstain Pattern Analysis
2. Digital Evidence
3. Fire Investigations
4. Firearms and Toolmarks/Ballistics
5. Footwear and Tire Tracks
6. Forensic Odontology- Bitemark Analysis
7. Latent Fingerprints
8. Trace Evidence- Fibers
9. Trace Evidence- Hair
10. Trace Evidence- Paint & Other coatings

"Reports will be issued for each of the fields specifying the quality of the existing literature and what research would strengthen the scientific foundation for that area. The project reports are expected to encourage basic research and contribute to improving the quality of forensic science used in the legal system," according to the AAAS website.

Judge Barbara Hervey of the Texas Court of Criminal Appeals is on the project's Advisory Panel. See related coverage from Forensic magazine.

House should narrow DPS thumbprint collection even further than laudable Senate bill

The Texas Senate has passed SB 398 by Charles Schwertner which clarifies that DPS does not have authority to take all ten fingerprints from drivers when they obtain or renew their licenses. Grits approves of the bill (see here and here), but it's worth mentioning that the proposal arose in reaction to DPS overreach, aiming to scale back fingerprint collection to where it was earlier - thumbprints only.

What hasn't been debated is whether we really need two thumbprints for the limited purpose - driver license verification - for which DPS is authorized to gather the biometrics. Grits fails to see why the state needs more than one, at most, to achieve that goal.

So yes, let's snub DPS' overreach on fingerprint collection in its tracks. But rather than automatically revert to the the prior rule, the House should take this opportunity to narrow biometric collection even further to match as closely as possible the stated purpose for which DPS is gathering it. Excess fingerprints beyond those bare minimum needs should be expunged from the system.

Sen. Schwertner deserves much credit for taking on this issue and standing up to DPS' overreach. But his bill could be further improved and the House should take the opportunity to do so.

Lege should make DPS expunge improperly taken fingerprints

"The state should not be collecting a full set of fingerprints from citizens who are not suspected of committing any crime," declared state Sen. Charles Schwertner as he laid out SB 398 on Wednesday in the Senate Transportation Committee. Good on him.

His bill clarifies that DPS cannot collect all ten fingerprints from drivers when they obtain or renew their licenses, limiting them to collecting thumbprints or index prints if the former is impossible. DPS began gathering all ten last year then stopped last month when legislators threatened to file this bill. DPS first took thumbprints beginning in 2005, then took all ten fingerprints, and now as of two weeks ago take both index prints, according to the discussion among senators.

Two items stuck out from the brief hearing (you can watch it here, first bill up). First, Sen. Van Taylor corroborated Grits's memory of the legislative history on this topic. He had spoken over the summer to former state Rep. Frank Corte, who'd authored the provision in question. Corte told him he had tried to give DPS the authority to collect all ten fingerprints in 2003 and the bill died on the floor of the House. Then, in 2005, he passed HB 2337 which (they thought) was narrowly drafted and limited collection to two prints. (I thought one would do, but I didn't get a vote) Indeed, Taylor pointed out, Corte specifically said in committee as he laid out HB 2337 that it did not expand DPS' authority beyond thumbprints.

That was certainly my recollection, as a participant drumming up opposition to the measure back in the day. In the early days of this blog, Grits described the House floor vote that rejected SB 945 (Ogden) by a tally of 111-26, an overwhelming margin when you consider 1) Chairman Corte was part of the leadership team in a GOP majority which had just taken power for the first time since Reconstruction and 2) this was the first session of the Texas Legislature after 9/11 and limitations on potential security measures were often a hard sell that year.

 Indeed, it's worth recalling that, as originally drafted, SB 945 would have allowed DPS to gather "any biometric identifier," not just all ten fingerprints. Suggestions floating around at the time for additional biometrics included iris scans and voice recordings that could be matched with information from wiretaps. The civil liberties fights post-9/11 were pretty extreme and intense by comparison with today, when the Tea Party faction of the GOP would have already murdered these bills in the crib by this point in session.

All that to say, Grits thought it was completely disingenuous for DPS to fabricate the trumped up legislative intent by which they justified this move and appreciated Sen. Taylor clarifying with Mr. Corte exactly what happened.

A gap in the bill was raised by Sen. Sylvia Garcia: The legislation eliminates any possibility of DPS taking all ten fingerprints going forward, but the bill does not require them to redact fingerprints they collected over the last year.

Sen. Schwertner didn't have an answer as to how many people had all their fingerprints taken, but it's possible to guesstimate. People have to renew their drivers licenses once every seven years, so in just more than a year's time, about one seventh of all Texas drivers would have had their licenses come up for renewal. As this legislation moves through the process, I hope they'll amend it to require DPS to expunge that data.

Lon Kraft of the Texas Municipal Police Association registered that group's opposition to the bill, which struck me as a fool's errand. He didn't offer oral testimony, but it's no secret that, in their heart of hearts, law enforcement would like access to full sets of fingerprints of all adult Texans, not just those who committed crimes. However, most LEOs aren't so tone deaf as to announce such views in public. This isn't 2003 and that stance wouldn't fly even then.

Senate bill would restrict DPS to gathering thumbprints at license renewals

State Sen. Charles Schwertner has a good bill (SB 398) up tomorrow in the Senate Transportation Committee clarifying the statute which the Department of Public Safety had interpreted broadly to claim they could gather all ten fingerprints when Texans renewed their drivers licenses. Schwertner's bill leaves DPS' authority where it was after the last time the Legislature considered this issue in 2003 and 2005: thumbprints only, or the index finger if thumbprints cannot be taken.

Make me Philospher King and Grits would probably rescind the gathering of thumbprints, too, but I do admit that the ability to match thumbprints contributes to preventing drivers license fraud. That's why I was satisfied, if not entirely pleased, with the 2005 compromise. DPS' unilateral decision to start gathering all ten fingerprints demonstrates the slippery-slope risk whenever such authority is granted. Thumbprints gathered for the purposes of verifying drivers license information shouldn't metastasize into a statewide fingerprint database including people who never committed crimes. This bill at least preserves the compromise cut in 2003-5 on these topics.

DPS backs down on collecting all ten fingerprints from drivers as Lege session gets underway

The Texas Department of Public Safety Government Relations Division this morning sent out an email to legislators declaring that,

based on concerns and questions raised by a number of legislators regarding the statutory authority of DPS to collect all 10 fingerprints in order to obtain a driver license (DL) or identification (ID) card, the department will immediately cease collecting all 10 fingerprints in order to obtain a driver license or identification card. The department will continue to comply with Texas Transportation Code, Section 521.059, passed by the legislature in 2005, which requires the department to collect “an applicant’s thumbprints or fingerprints.”  The department will comply with any further direction or legislative action taken by the Texas Legislature regarding this matter.

So, if this program is ending, one wonders what will happen with the vestigial data collected over the last year? Will it be expunged? Has it already been shared with the feds through the state's fusion centers? (See more from the Dallas Morning News.)

I'm not a betting man but, if I were, I'd wager a sweet sum that DPS won't get the post hoc authorization they're looking for. The last time the Texas Legislature voted on this topic, the House shot down the idea by an 111-26 margin, defying the leadership in a post-9/11 homeland security vote. (See more background here.) It's hard to imagine that the margin has shifted at all since then and indeed today my rough guess would be the vote would turn out even more lopsided. We'll soon find out, won't we?

Cops, prosecutors, raise white flag, vow to fight on warrants for cell-phone location data

I only saw two news outlets covering electronic privacy debates at the Texas Senate State Affairs Committee meeting yesterday:

• Dallas Observer: Texas cops are going to fight like hell against cell phone privacy protections
• Austin American Statesman: Balancing privacy, police needs tricky, Senate panel hears

The meeting was led by new Chairman Craig Estes who last session sponsored legislation to require a warrant for cell phone location data. See my own written testimony to the committee on behalf of the Texas Electronic Privacy Coalition. The key TXEPC recommendations, fleshed out in greater detail in the full written testimony, included themes familiar to Grits readers.:

• Require law enforcement to obtain a search warrant to obtain historic cell-phone location data.
• Require a warrant to install GPS tracking devices on vehicles.
• Centralize use of 'stingrays,' aka, IMSI catchers at DPS the way the state does wiretaps and require a warrant for their use.
• Limit data retention on innocent drivers for automatic license plate readers, limit access to the databases to trained, authorized personnel, and restrict sale of data.
• Evaluate the Department of Public Safety's unilateral decision to take all ten fingerprints when drivers obtain or renew their licenses based on potential privacy violations involving personal electronic devices using fingerprints in lieu of passcodes.

A big highlight for me was expert testimony by Chris Soghoian, a tech expert now working for national ACLU whose dissertation (pdf) first broke open this issue and spawned my own interest in these location-data issues. Thanks, Chris, for coming down!

The hearing took a strange turn, as prosecutors and a detective from the Houston Police Department insisted that changes to state law last session meant law enforcement already had to get a warrant to access cell phone location data. I'm not a lawyer, but that seems downright bizarre since the bill to require a warrant for location data failed; only content, not "metadata" (as it has come to be called post-Edward Snowden), was protected in the language that passed in HB 2268.

The prosecutors' new stance is especially odd because two different Texas appellate courts ruled in recent months affirming no warrant is currently required in Texas to obtain historical cell-phone location data. The US Fifth Circuit Court of Appeals ruled the same way, creating a federal circuit split. (See a related, earlier Grits discussion.) Indeed, the portion of Sec. 5 in Art. 18.21 of the Code of Criminal Procedure that the Fourth Texas Court of Appeals decision in Ford v. State relied upon was not changed in the amendment to HB 2268 requiring warrants for content. I just don't understand how that claim can be justified.

A case summary of Ford on the prosecutors association website even recommended their members rely on the case for precedent in the future ("Because there is precious little caselaw that construes Article 18.21, this decision could turn out to be helpful to others on that basis as well"). And in Barfield v. State, police obtained cell-phone location with an administrative subpoena and Texas' 14th Court of Appeals in Houston upheld it being admitted into evidence. (The Department of Insurance testified that it, too gets cell-phone location data with only a subpoena.)

There appear to be no court cases supporting this novel view that Texas law already requires a warrant to access cell-phone location data. Its proponents could not even provide examples of local district judges suppressing location data, nor of any jurist denying police access to this information. All they offered were hypotheticals.

But no matter how often they kept repeating that the law requires a warrant now, your correspondent simply sees no evidence for the claim. Again, I'm not a lawyer. But attorneys for service providers like Data Foundry and Golden Frog also insisted that warrants are not required in Texas presently for law enforcement to access location data. And that was certainly the universal, contemporary understanding at the time the 83rd session ended. Just a weird debate to have.

The Observer piece by Eric Nicholson summed up the odd tenor of the event thusly: "The debate over whether warrants are currently required is a bit of a head spinner. (Cops are in the paradoxical position of arguing both that warrants are necessary to obtain cell-phone metadata and that they will fight efforts during the 2015 legislative session to require warrants for cell-phone metadata.)" To be sure, I hope they're right and I'm wrong. I want a warrant requirement for these records in Texas (and nationally, though your lowly correspondent can't do anything about that). But until the judiciary agrees a warrant is required, it's hard to buy what police and prosecutors were selling at yesterday's State Affairs hearing.

Go here if you'd like to watch the whole thing online.

MORE: I was interviewed this afternoon along with Rep. Bryan Hughes on the Texas Public Radio show The Source about yesterday's hearing and location tracking issues generally. Go here to listen to the broadcast.

McCraw offers weak defense of gathering all ten fingerprints from drivers

Texas DPS Col. Steve McCraw had an op ed recently (Sept. 4) in the Dallas Morning News attempting to justify the agency's decision this year to begin collecting all ten fingerprints of driver license applicants and on renewals instead of merely a thumbprint as in the past.

The Colonel claims that "the only reliable way to establish a person’s identity is to collect all 10 fingerprints," which seems an unlikely assertion at best. Think about it: Under what circumstances would collecting 10 fingerprints do a better job of establishing identity than just a thumbprint for the purposes of verifying identity for drivers licenses? If you can imagine such a scenario, please describe it in the comments. After all, somebody who enters the DL center with a severed thumb won't be allowed to swipe the bloody appendage when asked for a thumbprint at the desk.

Bizarrely, McCraw counters concerns that the fingerprints would be integrated into criminal databases, by assuring Texans their fingers will, in fact be entered into those systems:

Some have falsely stated that the fingerprint images obtained at driver’s license offices are used to search an applicant’s criminal history — but this is simply not true. The state’s Automated Fingerprint Identification System is a fingerprint identification database; it can only be accessed for investigative or statutory purposes. Without 10 prints to integrate into the system, there are major gaps in public safety that leave law-abiding citizens vulnerable to identity theft and other schemes of criminal operatives.

This argument is a red herring. Nobody has said the fingerprints would be used to run criminal histories (which can be done by name); the complaint is that they'd be uploaded into the same database as criminals, which he admits they will.

The purpose of AFIS is identifying bad guys. Entering the fingerprints of every Texas driver does nothing to protect people from "identity theft," it just means their prints will be run against prints retrieved from crime scenes by police investigators, even if they've never been arrested. State Rep. Ron Simmons, a defender of the agency on this subject, was more honest with the public on his website which openly admitted, "All applicant fingerprints are run against the Texas unsolved latent print file, which is comprised of statewide crime scene fingerprint evidence."

The Colonel also overstated the extent to which state law expressly authorized this change. In 2003, the House of Representatives had a very specific debate on whether to collect all ten fingerprints and the idea was defeated 111-26. Then in 2005, the Lege said they could collect thumbprints or fingerprints, based on the argument that someone with missing or damaged thumbs may not have prints. But stretching that to claim authority to collect all ten after the 2003 vote takes chutzpah. This is a new interpretation that does not jibe with legislative discussions at the time the law was passed.

All applicant fingerprints are run against the Texas unsolved latent print file, which is comprised of statewide crime scene fingerprint evidence - See more at: http://www.ronsimmons.com/dps_dl_10_print_information/#sthash.hdA3a2n0.dpufAll applicant fingerprints are run against the Texas unsolved latent print file, which is comprised of statewide crime scene fingerprint evidence - See more at: http://www.ronsimmons.com/dps_dl_10_print_information/#sthash.hdA3a2n0.dpuf"

The Legislature really should step in next session to put a stop to this and order all but thumbprints expunged, which was without doubt the legislative intent back in 2003 and 2005 when the relevant statutes were passed. There could be a bill to that effect, or perhaps they could attach a budget rider forbidding the agency from spending money on their drivers license database if they collect more than one print per driver.

Clearly McCraw is feeling heat and felt the need to defend the policy, but this was pretty weak. If the Tea Party folks want to have any credibility with their small-government base, one would expect this Big Brotherish maneuver to come under attack when the 84th Texas Legislature convenes in January. There are bipartisan reasons to object to this and I suspect a coalition could be cobbled together to end it.

All Ten: DPS now fingerprinting every driver at renewal

Reversing a decade long policy implemented after the Texas House shot down the idea in 2003, the Texas Department of Public Safety earlier this year began taking all ten fingerprints of drivers when they apply for a license or a renewal. Previously they required only a thumbprint or an index finger if for some reason a thumbprint couldn't be taken.

But the Dallas News' Dave Lieber reported (June 7) that DPS license facilities now require drivers to give them all ten fingerprints, a policy change that took effect earlier this year with no publicity from the agency.

Long-time readers may recall that DPS sought similar authority back in 2003 and was smacked down by the Texas House. In 2004, Grits wrote a post titled "Why would they want all ten fingerprints?," and the question remains. Surely no more than a thumbprint would be required to prevent license fraud?

No, the real issue is they want to run fingerprints against state and national criminal databases. At first, DPS spokesman Tom Vinger told Lieber “As a point of clarification, fingerprint information collected at driver’s license offices is not run against the national fingerprint database. This is not authorized by the federal government or state statute.” But soon he changed his tune. A month later, Lieber quoted "DPS spokesman Vinger say[ing] the system has already led to the capture of three individuals wanted for crimes."

At The Watchdog.org, Jon Cassidy assessed this development in a way that jibed with my own recollection of where this issue had been left: All ten fingerprints is overreach. Did they think no one would notice? This idea was shot down in the Texas House 111-26 back in 2003 and I doubt it'd fare any better now. The Lege should take the opportunity next spring to reverse this decision, if DPS doesn't, and order the agency to expunge all but a thumb or index fingerprints for each driver.

That took a lot of chutzpah.

On the folly of fingerprints as cell-phone security

Of all the biometrics for Apple to choose to use as security on its new iPhone 5, fingerprints seem like an ill-considered choice that makes phones less secure. After all, to a computer, fingerprints are nothing but ones and zeroes - data like any other transmitted to unlock the system. And unlike passwords, you can't change your fingerprints once someone else has hold of them.

So, in an era when National Security Agency surveillance seems to constantly make headlines, why choose a biometric where the government possesses databases with millions of Americans' fingerprints on file - of everyone who has ever been to jail, applied for security clearances, undergone background checks for licensing, etc.? Even if the government doesn't misuse it, Edward Snowden's example shows such information can potentially walk out the front door, on a thumb drive or otherwise. Indeed, as far back as 2005 this blog warned that "Biometric passwords risk gravest form of identity theft," and that was before the smart-phone boom.

The Texas Department of Public Safety at one point wanted to gather all ten fingerprints from drivers license applicants, but in the end settled for gathering only thumbprints and facial recognition data - information they promptly shared with the federal government through a state fusion center as soon as they began to gather it.  Even without fingerprints of every driver, though, the government has access to enough people's fingerprints to make their use as a security measure decidedly insecure.

Personal fingerprint scanners seem Big-Brotherish, inevitable

Source: BBC

Part of me finds the idea of personalized fingerprint readers carried around by police officers abhorrent, even as part of me is already resigned to their inevitability. They're rolling them out now in the UK at Scotland Yard and the London Metropolitan Police.

But for what, precisely, would they be used? Judge Caprice Cosper in Houston has suggested repeatedly that deployment of these personal fingerprint scanners would make police more comfortable with using their cite-and-release authority for certain Class B misdemeanors because they could be sure at the scene who they were letting go. That's supposedly what's happening in England. According to BBC, "A suspect's fingerprint can be taken on the device and almost instantly checked against the police database. If a match is discovered, further relevant investigations can be made by an officer at the station. An NPIA spokesman said data from the scan is only used to check a match and is not retained."

Here's what I don't understand, and perhaps some informed reader can help me out: I've sat through presentations from Texas DPS fingerprint examiners who insisted that, unlike on TV (and apparently England) where fingerprints are matched in seconds by a computer, in Texas a real live human subjectively, laboriously compares prints for possible matches, and a second fingerprint examiner must verify it before a match can be declared. When a new set of fingerprints comes in, they go onto the stack until an actual person gets around to looking for a match, and that person generally has a backlog.

So if deployed in Texas, as Grits understands it these personal fingerprint examiners wouldn't let officers ID an individual on the street, they would only gather data which could be used later for whatever purpose. (In the UK, by contrast, the data "is not retained"). I can see where it might be useful for investigators interviewing suspects, witnesses, etc., for future reference. But as long as fingerprints are matched manually, these personal fingerprint scanners wouldn't let Texas police ID individuals at the scene. They'll still have to find out who they are the old fashioned way: By asking them.

More Kafka than Orwell: Police databases and negligent error

This morning, I read an excellent law-review article (no, not entirely an oxymoron) from Erin Murphy at NYU titled "Databases, Doctrine, and Constitutional Criminal Procedure," found via CrimProf Blog, related to a subject that comes up now and again on Grits: The way databases and their usually unintentional inaccuracies can create constitutional liberty violations for which the US Supreme Court in Herring v. United States (2009) ruled the exclusionary rule inapplicable. In Herring, the court held that "When police mistakes leading to an unlawful search are the result of isolated negligence attenuated from the search, rather than systemic error or reckless disregard of constitutional requirements, the exclusionary rule does not apply."

In that case, the defendant was arrested because of an error in a police database, and a search incident to arrest yielded drugs and a gun, which the Supreme Court said should not be excluded from evidence. Murphy's piece offers one of the best big-picture analyses on the implications of that decision vis a vis computer databases that this writer has seen, though it should be said the Texas Court of Criminal Appeals already had created the same exception to our statutory exclusionary rule years before. Anyway, suffice it to say the same issues arise in Texas state and federal law.

Murphy emphasizes a point I think very few people, even (perhaps especially) those working in the system, ever consider: Eighteenth-century constitutional restrictions in the Bill of Rights which are supposed to regulate modern police conduct were written decades before the first professional police department was ever created, even in London, much less the United States, and use of modern databases in law enforcement has transformed the profession in radical ways just since the turn of the 21st century. Here's a bit of a lengthy excerpt providing some of that little-discussed history:

The criminal justice system's reliance on databases is both old and new. As many know, the formal, organized, public police first emerged as a concept around 1829, when Robert Peel organized the London bobbies. The first detective unit in the United States was formed shortly after in 1846 in Boston, at a time when tracking down criminals largely remained a private sector gig. Dominated by companies such as the (in)famous Pinkertons, the unit's work consisted largely of pounding the pavement (and suspects). Indeed, many of the modem tools of detecting -- "[s]ophisticated criminal investigation techniques-well-organized crime records systems, fingerprints, crime labs -- did not appear until the twentieth century." Even Alphonse Bertillion's pioneer anthropometrical system of identification in the late 1800s depended largely upon manual recording and comparison of measurements.

The first primitive databases emerged around the same time, at the turn of the century. For instance, as early as 1919, the California State Bureau of Identification introduced a punch-card system for storing and retrieving modus operandi information. But perhaps the watershed moment of government databasing occurred in the early 1930s, around the time that J. Edgar Hoover opened the Federal Bureau of Investigation's first criminal evidence laboratory, which included fingerprint processing capacities, hair, blood, and firearm analysis. As part of the new emphasis on forensic science, FBI implemented its first fingerprint database-a card sorter that capitalized on the technology created to tabulate the census and that led to the formation of IBM."

Just a little over a decade later, the development of the mainframe computer in 1946 and the replacement of punch cards with magnetic tape significantly advanced databasing possibilities,'  but it remained a largely primitive technology. By as late as 1984, the federal fingerprint database the most advanced forensic database available-still depended primarily on manual recording and retrieval. At best, it served as an efficient means of organizing cards for retrieval, rather than for generating leads or links. Linking two fingerprints required manual comparison of an unknown scene sample with, for instance, the 23 million criminal cards on file with the FBI.'

The 1980s, however, initiated a period of rapid change. Personal computers became commonly available. Law enforcement began to recognize and harness the potential of electronic storage and retrieval. And then, remarkably, the Internet was born. Connectivity became possible in ways previously unimagined, and storage capacity reached new heights. The foundations for the modem criminal justice databases had been set.

The first truly modern, searchable databases, says Murphy, most prominently the one for fingerprints (AFIS), didn't appear till 1999, but they've quickly proliferated. These databases have transformed law enforcement, Murphy argues. Instead of developing suspicion, then using data held by law-enforcement to confirm, today suspicion is often developed based on the databases themselves, whether or not the information is accurate.

Why might that be a concern? Writes Murphy: "The true risk is a leaping-to-conclusions, or confirmation bias. It is the fear that the individual will be sucked into a morass of suspicion from which escape is arduous or impossible - Kafka's The Trial, not Orwell's Big Brother." You can't cross-examine a database and often the information they contain comes from many different, frequently untraceable sources that may not be correct or complete.

In Texas this is a particularly salient issue because many jurisdictions have a bad habit of reporting arrests to the statewide data system but fail to report the outcome of the cases. So if someone is arrested and charged with a crime but charges are later dismissed, the dismissal doesn't always make it into the system. The Governor's office recently threatened to withhold federal grant money from counties that don't quickly improve their data entry rates for dispositions in older cases.

The above history, writes Murphy, makes "two points abundantly clear: first, that there are an enormous number of databases in the criminal justice system, and second, that the database, as it exists today, has really only been around for ten or so years. Any person who has witnessed the past fifteen years of technological advancement knows, without reading a law review article, that online databases have transformed modem life. Yet surprisingly few changes have occurred in actual constitutional doctrine in response to widespread databasing."

Databases don't just record information like putting them in a file drawer but instead transform it, she argues:

the import and the impact of a database occurs less with regard to the moment of the information's acquisition than with all the moments that then may follow. Indeed, acquisition may not represent any kind of threat to individual liberty or privacy at all. Recall the criminal records database at issue in Reporters Committee [an early SCOTUS database-related case] - there, the Court acknowledged that the true significance of the database was not its contents, which were all technically a matter of public record, but the act of compiling and rendering that information accessible in a particular way.

For the most part, though, says Murphy, US courts have not applied or created constitutional doctrines to regulate law enforcement database use, but instead most cases focus on statutory interpretation in narrow, individual cases. Murphy argues that databases, by their nature, require structural instead of individualized, case-by-case oversight:

it is arguably impossible to regulate databases substantively - to truly inquire whether a particular series of tests or entries or searches were accurate, fair, and correct. But it is much easier to impose procedural requirements upon databases-to inquire into the existence and thoroughness of protocols for those processes and to presume inadequate or defective any database system maintained without them. Certain structural devices are demonstrably effective in minimizing mistakes, and with greater attention, others would be uncovered. A constitutional doctrine that looks for the signs of good management-think scrutiny of policies for access controls, or regular audits, or blind tests-is far more likely to improve database deployments in society than one that attempts to determine whether a database has failed or not in a case-specific context.

In her view:

regulation of databases require constitutional criminal procedure to focus less upon deliberate or intentional abuses of power than upon unintentional omissions, or mere benign neglect. There is always the risk that a malfeasant actor will corrupt or exploit a database system, to be sure. But constitutional regulation of databases aimed at ferreting out intentional harms will be very thin indeed; it is far easier to do harm, and far greater harm can be done, through mere benign neglect of database systems than through intentional manipulation.

The split among the Justices in Herring starkly illustrate this distinction. The majority viewed the sole purpose of the exclusionary rule to be deterrence and concluded that applying the rule yielded little deterrent benefit with regard to a negligent recordkeeping error. In contrast, Justice Ginsburg in dissent argued that more than marginal deterrence was possible, in the specific context of database entry, even when the complained of error constituted mere negligence in care.

If the exclusionary rule won't apply to negligent database errors, then there needs to be some other deterrent. Historically, civil liability is the other, obvious legal recourse, but police officers are immune from liability for most negligent, on the job errors. Otherwise, the only other option (and an entirely unsatisfying one) is a special-interest driven patchwork of database-by-database restrictions in statutes or agency rules created over time, which is precisely what we have now.

A more profound understanding of how databases are transforming law enforcement will inevitably require similarly transformative constitutional doctrines that the courts have so far refused to articulate, argues Murphy:

rather than follow an industrial age model reliant upon physical acquisition, constitutional doctrine would transition to an information age approach based on knowledge, creation, and dissemination. Such attentiveness would offer more effective safeguards around the creation and utilization of databases, and be responsive to concerns about insufficient auditing structures and function creep. Viewed as living, evolving organisms rather than as static repositories of discrete bits of information, the lawfulness and constitutionality of a database would more closely correspond to its actual use and deployment.

Grits wanted to raise these questions in some depth because, since federal and state courts have punted on the issues, governance of law-enforcement databases for the time being now falls almost exclusively to the states, or to the agencies operating the databases when the states eschew that responsibility. So it'd be appropriate, at this point, to see statutory regulation of law enforcement databases step up over the next few years to fill in the vacuum, probably driven both by episodic scandal and growing demands by the public for protection of electronic privacy. Murphy has performed a mitzvah by outlining the complexities of the problem and articulating underlying principles, if not specific details, for potential reforms.

RELATED: Database errors and the consequences of qualified immunity.

How state agencies outside law enforcement use and store fingerprint data

A Texas state auditor's survey released in August analyzed practices at 20 state agencies that collect fingerprints for criminal background checks. Not much controversial here, but I did learn a few new tidbits from the report.

For instance, "Seventeen (85 percent) of the 20 state agencies surveyed reported that they used a third-party vendor to collect fingerprints. Of those 17 state agencies, 16 reported that they used the services of the Department of Public Safety’s FAST contractor —L-1 Identity Solutions—to collect fingerprints. L-1 Identity Solutions contracts and works with the Department of Public Safety to provide fingerprinting services throughout the state." (FAST stands for "Fingerprint Applicant Services of Texas.") Though the survey didn't mention it, in July L-1 Identity Solutions was acquired by a French military contractor, Safran [NYSE Euronext Paris: SAF], and will be operated by one of their subsidiaries called Morpho.

A quarter of agencies surveyed (5 of 20) store fingerprint information with a third-party vendor, presumably L-1/Safran, instead of exclusively in their own systems or with state or local law enforcement. I don't much like that: When you apply for a job with a state agency and give them your fingerprints, it's a bit unnerving to think that some private military contractor from France will end up storing the data.

Indeed, when asked "who stores the fingerprints for your organization" - the agency itself, state or local law-enforcement, or a third-party vendor - four agencies listed "Other." (There was overlap in the answers, with some saying more than one entity stored the data.) There's no way to know from the report who are these "other"entities storing fingerprint data.

Seventy percent of agencies surveyed (14) did not know whether the image quality of fingerprint scans meet the minimum scan quality of 500 pixels per inch as required by the FBI ("per the National Institute of Standards and Technology Special Publication 500-275"). So therein lies at least the potential for errors if the agencies simply aren't aware of whether or not they meet minimal technical requirements for accuracy.

Agencies included in the survey were:

• Board of Chiropractic Examiners.
• Board of Examiners of Psychologists.
• Board of Law Examiners.
• Board of Podiatric Medical Examiners.
• Credit Union Department.
• Department of Aging and Disability Services.
• Department of Banking.
• Department of Family and Protective Services.
• Department of Insurance.
• Department of Licensing and Regulation.
• Department of Savings and Mortgage Lending.
• Department of State Health Services.
• Funeral Service Commission.
• Health and Human Services Commission.
• Office of Consumer Credit Commissioner.
• Optometry Board.
• Racing Commission.
• Texas Board of Nursing.
• Texas Education Agency.
• Texas Medical Board.

Identity mix-ups at Dallas jail can take a week to sort out, or decades

At the Dallas County Jail, inmates who're arrested due to an identity mix-up, even in serious cases, have trouble getting the system to document and rectify the error. Kevin Krause at the Dallas News on Wednesday published the story of two jail inmates recently held for a week or so apiece when the system really meant to arrest somebody else. Bureaucratic delays  kept fingerprints from revealing the mix-up, and naturally nobody believed the inmates who insisted they'd got the wrong guy. Of the two, writes Krause:

[Andre] Smith got out faster because he had an attorney who made inquiries on his behalf. Still, he said he's not happy that his pleas of innocence went unheeded for so long at the jail.

"They never verified anything, even when I asked them to," Smith said. "I was told, 'Everyone says it's not them.'"

Smith was pulled over by a Dallas police officer and arrested on a misdemeanor marijuana possession charge as well as the fugitive warrant. He said the officer told him he didn't think it was him but that he'd let the jail sort it out.

The suspect wanted by Georgia looked nothing like him, Smith said, and had a teardrop tattoo under his left eye. He said no one told him what the charge was.

Luckily for him, his friend's wife is a lawyer. Regina Moore said the sheriff's intake department should have notified the fugitive unit immediately so they could obtain fingerprints from Georgia. But Moore said the slow-moving jail bureaucracy hindered her efforts to clear up the situation.

The fugitive officers work regular business hours and no one can help on the weekends, she said. The person she needed to speak with was never in the office, she said, and different departments within the sheriff's department don't communicate well with each other.

"I don't think the right hand is talking to the left hand," Moore said.

Eventually, the fugitive squad got the prints from Atlanta and realized they had the wrong guy, she said. "Unfortunately, you have to keep going down there. Otherwise, they'll drop the ball," Moore said.

One of the Dallas DNA exonerees, James Giles, was initially arrested because he had the same name as the actual suspect in a similar, Kafka-esque identity mix-up that cost him ten years in prison and another 14 as a registered sex offender before his name was cleared. Some of these cases take a lot longer than a week to sort out.

A forensic science 'blockbuster' and the limits of accreditation

A couple of forensic science related items before I turn my attention away from the blog for the day:

NAS Forensic Science Report a 'Blockbuster'
In an interview, White House science adviser John Holdren was asked, "What single published finding or scientific paper has had the biggest impact on your office?" He gave several examples, but notably mentioned:

[Another is] the Academies' report that came out last year on forensic science that suggested much of forensic science is less solid than is assumed. We ended up spending a lot of effort, and we're still spending a lot of effort on what needs to be done to shore that up and what are the policy implications. In the meantime, we're working with the Justice Department. That [report] was quite a surprise. I'd not given a lot of thought to the scientific foundations of forensic science. But that one was a blockbuster.

"Blockbuster" is the right word for it. I'm still startled when folks in criminal justice fields who work routinely with forensic examiners aren't conversant about the NAS report on forensics or pooh-pooh its importance. Others take the NAS report as a personal affront, but at least that unnecessarily defensive reaction denotes a recognition of what a big deal it is. Like it or not, that report re-set the terms of debate over forensic errors for probably the next couple of decades, which is how long, at a minimum, I expect it will take to perform the necessary scientific research to validate or refute longstanding forensic methods from ballistics to fingerprints, many of which simply have no scientific basis.

Thoughts on Accreditation and Forensic Reports
At the Court of Criminal Appeals' Forensic Science Seminar, I attended a presentation by Ralph Keaton from ASCLD-LAB (see his power point presentation here), which is the largest accreditation agency for forensic sciences. Accreditation has come a long way; Keaton said that 25 years ago, not a single lab in the country, including the FBI's, would meet their standards today. Even so, until 10 years ago ASCLD-LAB was run out of somebody's house, and they had no staff before 1995. Today they employ 13 people to overview crime labs across the country. Their prominence has been boosted by states like Texas, which began requiring accreditation in 2003 for certain types of forensic evidence to be submitted in court. The state has accredited 90 crime labs (not all by ASCLD-LAB) to submit evidence in Texas courts; half are outside the state.

Even so, lab accreditation isn't a cure-all: Once they're accredited, ASCLD-LAB only requires renewal once every five years, when labs submit a "conformance file" for assessment, and shorter annual reports in between. What's more, the labs themselves choose what cases inspectors examine, so there's a risk they clean them up ahead of time or cherrypick examples. Keaton insisted that if that was occurring, they didn't do a good job of covering their tracks because they "always" found something.They also require proficiency testing of lab workers and do interim inspections related to allegations.

Anyway, readers will recall that it came out at that seminar that DPS did not disclose disagreements among fingerprint examiners in their final reports. I was later told that was the agency's practice not just in fingerprints but in other comparative disciplines like hair, ballistics, tool marks, etc.. Under the ACEV method (Analysis, Comparison, Evaluation and Verification), when an examiner concludes that two items match, a second examiner is brought in to verify the finding. When those examiners disagreed, the case went to a supervisor for resolution. In situations where the supervisor decided in favor of the examiner who thought a match was found, the disagreement was not being reported even to prosecutors, much less to the defense, in the crime labs' final reports.

I'd noted before that the failure to be forthcoming about in-lab disagreements among examiners violates the state's obligation under Brady v. Maryland to disclose exculpatory evidence to the defense. But looking again at my notes from the presentation on accreditation, it also strikes me that the practice probably violates the ASCLD-LAB accreditation standard passed in 2005 that requires issuance of reports for all work performed. I was recently told DPS is in the process of "fixing" that oversight - I need to check on the status of any changes in that regard - but even if they do, there are an unknown number of past cases where disagreements weren't disclosed, and every reason to believe that other, non-DPS labs across the state are doing the same thing. What should be done about that?

Unfortunately, accreditation doesn't solve the problems raised in the NAS report because labs are accredited based on compliance with existing practices that simply haven't been validated by science one way or the other. But if its strictures were meaningfully enforced, accreditation might help prevent structural errors like the failure to disclose examiner disagreements by DPS.

Brady violations by DPS fingerprint examiners? Is fingerprint examination even science?

There was an astonishing moment yesterday at a breakout session on fingerprint examination at the Texas Forensic Science Seminar, at which Department of Public Safety fingerprint examiner Bryan Strong (who seemed like a really nice guy so I hate to pick on him) was describing how his division implemented the ACEV method of fingerprint examination in ways that may violate the state and prosecutors' obligations under Brady v. Maryland.

ACEV stands for Analysis, Comparison, Evaluation and Verification. That's bureaucrat-speak for looking at the fingerprints visually and subjectively deciding if they're the same based on "training and experience" (as opposed to any sort of objective standard), then having a second examiner look at them to "verify" the results. There is no minimum number of similarities or comparison points required to declare two fingerprints a "match," though many other countries have established such standards. (Notably, at DPS if an examiner finds fewer than 11 points of comparison, two people must verify the conclusion.)

Anyway, Mr. Strong described what happens when the first examiner finds a match but the verifying analyst doesn't agree. In such instances, he said, they notified their supervisor and all of them conferred to make a decision. A defense attorney in the crowd asked what seemed to me an obvious question: When two examiners originally disagreed but a supervisor resolved the issue in favor of a match, was that disagreement recorded in the final report? No, replied Strong, only the conclusion. At this, the audience began to murmur and fidget. Somebody from the back cried out, "Have you ever heard of Brady v. Maryland?," which is the US Supreme Court case requiring the state to turn over all exculpatory evidence to the defense  before trial. No he had not, replied a credulous Strong, a statement which elicited an audible gasp from the crowd.

So essentially, if two examiners who looked at the prints come to different conclusions but a supervisor resolves the question against the interests of the defendant, according to this presentation, that information is not routinely disclosed to defense counsel. On its face that's a straightforward violation of Brady. Who knows how many times that scenario has occurred over the years!

A representative from the Texas Attorney General's office then asked Mr. Strong if his division had access to legal counsel at DPS, and he said he believed they did. She told him politely (if somewhat obliquely) that it appeared there were some legal issues surrounding the division's work that he wasn't aware of (problems that likely emanated higher up the chain of command than Strong's level, she gently added) and offered her agency's assistance to retrain folks at the fingerprint examination division on the subject!

There was quite a bit of discussion of fingerprints at the event, some of the most interesting by Dr. Jay Siegel, a forensic scientists who was on the 17-member National Academy of Sciences panel which published a damning report last year calling into question the scientific basis of "pattern evidence," where visual comparisons were the basis for connecting evidence to a defendant. Fingerprints are by far and away the most common and important type of pattern evidence. Siegel says 60% of fingerprint analysts don't actually work in crime labs - they're sworn police officers working in their own departments.

The most high-profile case of a mismatch was that of Brandon Mayfield, an Oregon attorney falsely accused of the Madrid train bombing after four examiners mistakently identified him using the ACEV method. (See the USDOJ Office of Inspector General's report [pdf] on that case.)

Siegel cited eye-popping data from a study published in the 1990s in which the umbrella organization for fingerprint examiners, the  International Association of Identification, performed proficiency testing on their own members and came up with a 19% false-positive rate! Though I can't find the study online, I did find this apparent reference to it in an article from the Los Angeles Times:

In a 1995 IAI-approved proficiency test, 22% of the test takers identified the wrong person one or more times. In addition, 36% could not identify prints that test givers said they should have been able to match, which means that a guilty person could have gone free in a real case.

Ken Smith, chairman of IAI certification, suggests the error rate may not fairly represent the profession because the test takers were anonymous and there was no way to determine their credentials.

But fingerprint examiner David Grieve, editor of the Journal of Forensic Science, said in an article that the test results were alarming and noted that reaction in the forensic science community "ranged from shock to disbelief."

That's just one study, Siegel emphasized, and more research is needed in the area, but it's certainly a stunning result. The day before Dr. Joe Bono, President of the American Academy of Forensic Sciences, had said a technique which had a 30-40% error rate (the Horizontal Gaze Nystagmus test for intoxication used in DWI enforcement) didn't qualify as "science." I asked him if a technique resulting in a 19% false positive rate constituted science, but he demurred, saying he hadn't seen the fingerprint study. Siegel said proficiency testing of all forensic examiners, including those dealing with fingerprints, should be "blind," i.e., given to the examiner as part of their routine work so they didn't know they were being tested.

A good argument for the "blind" testing approach may be found in the work of cognitive neuroscientist Itiel Dror, which Dr. Siegel cited and which has previously been discussed on this blog,  who conducted a study in which five fingerprint examiners were given pairs of prints which they'd earlier personally matched during their own career. This time, however, they were told the prints were from the Brandon Mayfield case, which had already been well-publicized. The result: Three of them reversed their conclusion, saying the prints they'd previously "matched" did not come from the same person. A fourth said the results were inconclusive. Only one of the five stuck to his guns and said the prints came from the same person!

This makes me wonder if the ACEV approach itself is fundamentally flawed by bias. If knowledge of another examiner's conclusions can so easily taint results, it shouldn't be the case that the second analyst should know that they're being called on to "verify" someone else's match, which implies someone else already reached a conclusion. It seems to me it'd be much cleaner to give the prints to the second examiner without telling them what the first examiner found.

Siegel concluded that there's no scientific proof fingerprint examination (or for that matter, other pattern evidence) can "individualize" their results to the exclusion of other possible sources. Indeed, searching around this morning for the IAI study, I ran across these comments from Dr. Siegel in another forum last year where he persuasively argued that individualizaiton isn't even necessary:

Not only do I beleive that a conclusion of absolute inclusion is not scientifically justified but that it is not necessary. I don’t believe that the concept of “individualization” has any place in science and is not provable in the real world. Why is it necessary to offer a nonsupportable, unprovable conclusion in court, where there is so much at stake and juries are so easily mislead? When a forensic scientists analyzes evidence that is brought to the lab by a criminal investigator, there is a reason why the focus is on that person. (This can set up a situation that invites bias on the part of the examiner, but that is another issue). The fact that there are many similarities between a latent print lifted at a crime scene and a print from a suspect, with no unexplainable differences, should be testimony enough. This would presumably be one piece of corroborating evidence in a net of evidence being offered by the prosecutor. There is no need to “guild the lily” by adding the conclusion that there is no other fingeprint in the world that could be the source for the print from the crime scene. Offering unsupportable conclusions in court reinforces the idea that forensic science really isn’t science; it is a tool of the prosecution.

That position makes a lot of sense to me. The conclusion of a fingerprint "match" by an "expert" is an incredibly damning piece of evidence when really all they're saying - that anyone can prove - is that there are similarities between the two prints. There were also similarities between Brandon Mayfield's print and the Madrid train bomber's, but that didn't mean Mayfield did it.

Demoralizing tales from Houston law enforcement

Coupla stories out of Houston PD bear watching:

First, four officers have been indicted, seven fired, and 12 disciplined after the brutal beating of a handcuffed suspect who'd run from police was captured on videotape.

Second, Moises Mendoza and James Pinkerton continue their excellent reporting on Houston PD's fingerprint lab, describing the results they got back from a recent public information act request. Bottom line: "In the last 10 years, communication broke down between supervisors and ground-level employees. Meanwhile, command staff failed to give employees adequate training, didn't keep pace with technological advances and allowed the lab to physically deteriorate, according to audit reports."

And over at the Harris County Sheriff's Office, a captain demoted by Sheriff Adrian Garcia after he admitted drinking before an off-duty car crash was reinstated to his old job and was awarded back pay by a three-member civil service commission. Look for the same thing to happen with at least some of the fired and/or disciplined officers from HPD in the first incident described above. I say that not because I think the allegations against the officers are unjust but because it's incredibly difficult for law enforcement administrators operating under Texas civil service statutes (which for various historical reasons apply to HCSO but no other Texas Sheriff) to effectively discipline bad cops.

Fingerprint mismatch led to false homicide accusation

Here's a remarkable story casting light both on a) the power of fingerprint evidence and b) its higher-than-expected error rate, from the Houston Chronicle ("Fingerprint error led to 4 months in jail," June 19):

Authorities on Friday identified an ironworker with no criminal record as the suspect held in jail for four months in 1996 after the Houston Police Department's troubled fingerprint analysis unit wrongly tied his fingerprint to a homicide, records show.

In July that year, two Houston fingerprint analysts identified Manuel Quinta Guerra's fingerprint on a bloody fork found at the scene of a slaying in southwest Houston. The next day he was arrested, booked into the Harris County Jail and held on $20,000 bail. Guerra wasn't released until December, when the FBI confirmed the print belonged to someone else, according to the Harris County District Attorney's Office, which discussed the case Friday. The killing is still unsolved.

HPD leaders were not aware of the misidentification until the Houston Chronicle brought it to their attention this week.

The discovery raises questions about whether there could have been more misidentifications by the unit in the 1990s, although police say they don't know of any.

It also focuses attention on whether the department's review of fingerprint evidence spanning 2004-2009 should be expanded. It was launched after an audit last year found lab employees were missing viable fingerprints on evidence. Police say they know of no misidentifications except for Guerra's, although they have identified vast technical errors in the unit's analysis of fingerprints.

Fingerprint analyst Rafael Saldivar, one of the people responsible for the 1996 misidentification, received a reprimand this spring for destroying notes. He was also reprimanded in writing in 1997 for his role in the misidentification.

Police will not say whether they'll expand the review of fingerprint evidence and declined comment Friday on Guerra, saying they were reviewing the case.

Perhaps most telling about the whole episode: The guy responsible for the misidentification 14 years ago is still with the department and still the source of problems.

See related Grits posts:

• Houston fingerprint lab plagued with errors, two-year backlog
• Fallible fingerprints: The dustup over cognitive bias 
• Fingerprint examiner: 'They put pressure on you shamelessly'

Fingerprint examiner: 'They put pressure on you shamelessly'

Having recently seen Houston PD release a majority of its fingerprint examiners for errors and possible misconduct, I was interested to see this story from Missouri Lawyers Media describing how police sometimes pressure forensic fingerprint examiners to match prints to their suspects:

A police officer rushes up to the fingerprint examiner and pleads for help.

The suspect sitting in the interrogation room is as guilty as can be, the officer insists, and a confirmed fingerprint match would surely bring about a confession.

Not exactly the environment to produce an unbiased examination.

But neither is it far-fetched in the sometimes boiling climate of crime-fighting. Police officers want arrests to stick, they want to get criminals off the street, and if the system allows them such access to the key processors of information, well, some officers will take advantage.

"They put pressure on you shamelessly," Pat Wertheim, a longtime fingerprint examiner, said. "I've felt it. "

Forensic examiners should have no access to case details or other information about suspects when they perform forensic analysis, but many labs operate on exactly the opposite assumption, considering themselves part of the team instead of an independent, scientific voice.

Whenever you see TV shows like Bones or CSI portraying analysts as intimately involved in detective work, they're flaunting best practices for preserving the scientific validity of forensics. That's how you end up with situations like the one in Los Angeles where fingerprint examiners falsely accused at least two people and potentially tainted hundreds of other cases.

The National Academies of Science earlier this year published its conclusions that fingerprint examination and other comparative forensic disciplines do not have a substantive scientific basis and may be unduly influenced by cognitive bias. This example demonstrates the mechanics of how that bias might play in the field.

See related Grits posts:

• Houston fingerprint lab plagued with errors, two year backlog
• Coming to grips with unscientific forensic practices
  
• NAS report: Many forensic disciplines prone to error
  
• Fallible Fingerprints: The Dustup Over Cognitive Bias
• USDOJ should embrace, not fight forensics based science
• US justice system commonly relies on shoddy forensic 'science'
• Politics push for expanded fingerprinting, biometric profiles

Houston fingerprint lab plagued with errors, two-year backlog

Stunning news this week out of Houston PD about errors and possible misconduct in their fingerprint analysis unit: First an audit showed errors and problems in more than half of 548 randomly selected cases, now the Houston Chronicle is reporting that the fingerprint unit is the focus of a criminal probe; two of the three analysts on the hot seat have been with the department since the '70s. Reports the Chron:

Because the audit found workers often overlooked fingerprints or wrongly determined fingerprints weren't able to be analyzed, authorities are re-reviewing more than 4,000 violent crime cases involving fingerprints from the last six years. They're also trying to work through a 6,000-case backlog that dates back two years and includes violent and property crimes.

After disclosing the results of the audit Tuesday, authorities emphasized that no cases have been found in which suspects have been wrongly identified because of faulty fingerprint analysis.

They have declined to release the audit publicly, citing the ongoing investigation.

Oettmeier said nobody knows what the six-year review will find, but officials could go back further if evidence of vast irregularities emerge, such as numerous cases of criminals going free or any misidentifications.

“We're not saying that we don't believe there will be false identifications. We are saying we don't know. We have an obligation to look,” Oettmeier said.

We're apparently not talking about just a recent concern; the employees involved are long-timers:

One of the employees on administrative leave worked for the fingerprint unit for 14 years, another for 38 years and a third for 32 years.

The employee who resigned worked full time in the unit from 1972 to 2006 when he retired and was hired part time, police said.

The National Academies of Science included fingerprint analysis among the list of forensic disciplines not currently supported by scientific evidence. It could be studied scientifically and potentially verified, they said, but that work has never been done. There are no standardized best practices for fingerprint examiners and some studies have discovered significant error rates, particularly when analysts are given leading contextual information about what they're looking at.

Whether that's what happened at HPD is impossible to say because the audit has not been publicly released, but among those who've seen it, reports the Chron, it has:

spawned renewed discussion about the need for an independent center to analyze forensic work, possibly including fingerprints.

Much forensic evidence across the country, such as fingerprints or DNA, is analyzed by labs closely tied to law enforcement despite the inherent conflicts of interest, said UCLA law professor Jennifer Mnookin.

Another problem: There are varying standards for how fingerprint analysts are trained and prints are analyzed, meaning some labs are more accurate than others.

“This provides yet another example for why developing validated, research-based models for the field would be a very good idea,” Mnookin said.

Oettmeier said the department was open to independent analysis of evidence. And officials are closely scrutinizing all forensic units at the department, he said. The biggest challenge is rooting out a culture that has allowed such significant problems to fester for years, he said.

“What makes it difficult is some of these issues have probably been around for a long time,” he said.

Houston's is by far the largest police department in the state and it provides forensic support for jurisdictions all over and around Harris County. Depending on what's in that audit - and I can't imagine some defense attorney won't soon obtain the document on behalf of an accused client - this news could have quite far reaching implications.

Makes you glad Texas has a neutral, trusted Forensic Science Commission to investigate such problems, doesn't it?

See related Grits posts:

• Coming to grips with unscientific forensic practices
  
• NAS report: Many forensic disciplines prone to error
  
• Fallible Fingerprints: The Dustup Over Cognitive Bias
• USDOJ should embrace, not fight forensics based science
• US justice system commonly relies on shoddy forensic 'science'
• Politics push for expanded fingerprinting, biometric profiles