PRIVACY ORIENTED | From the age of BIG BROTHER – greetings!

Published 10 February, 2010, 08:38
Edited 11 February, 2010, 11:16

Russia Today

The European Parliament is debating an agreement that allows the banking data of its citizens to be scrutinized by American officials.

Washington says this measure is vital to counter terrorism, but many in Europe see it as an invasion of privacy.

In a deal that came into force temporarily last Monday, the EU and the US are sharing banking data conducted through the SWIFT money transferring system. For supporters, including the US government, it seems a key part of the fight against the financing of international terrorism

But a large body of members of the European Parliament sees it as an infringement of the basic rights of EU citizens. They are worried about how much banking information is going to be revealed, how long it is to be stored and the potential for information to be misused or transferred to a third country.

The members of the European Parliament are due to debate the deal on Wednesday and take a final vote on Thursday. Some of the parliamentarians are already dissatisfied with the fact they have not been given the eight weeks they are supposed to have to consider such a deal.

Member of European Parliament Jan Philipp Albrecht claims that the principals of protection of fundamental rights, especially data protection, are not fully considered in the agreement about the SWIFT-data with the US.

“The breaking point regarded what the Council is doing now is about the access of the EU citizens to the US court, it’s about implementing an independent data protecting supervisor’s right to review and so on,” Albrecht told RT. “It’s really important for us to be implemented, so, we think there has to be a general debate before deciding, therefore, we can’t decide at this moment. We want a debate about the fundamental principles in the security cooperation and at the moment the parliament is united about saying this.”

A Dutch member of the European Parliament Sophia in ‘t Veld has said the EU parliament in large majority has very serious concerns whether this agreement is fully in line with the rules on data protection and fundamental rights.

“This parliament expressed concerns on various occasions in recent years. And we are not pleased with the way that the council – that is the European member state governments – are trying to push this through,” Sophia in ‘t Veld noted. “They are trying to sideline the EU parliament and since the 1st of December, in a procedure under the new Lisbon Treaty, where the EU parliament has to give its consent to such an agreement. We feel that the European Council should be much more forthcoming and give us access to all the relevant information that we need in order to take a well-founded decision.”

Updated: Wednesday, 10 Feb 2010, 8:00 AM CST
Published : Wednesday, 10 Feb 2010, 8:00 AM CST

MyFoxTwinCities.com

Airport security has captured everybody’s attention since the failed Christmas day bombing on-board that northwest airlines flight. Now there’s word the controversial full-body scanners will be at MSP International Airport soon.

One newly-published report has the machines arriving sometime this summer– for travel around June or July.

Airport officials say they’re not sure how many they’ll get, but the TSA told them they’re on the way with more to follow in 2011.

The TSA, however, says its list of airports isn’t finalized yet.

There’s been so much attention on the machines, not really for their price tag, but for their advanced technology.

The full-body scanners can see through clothing — leading critics to say they’re invasion of people’s privacy.

Supporters say these machines would have stopped the so-called “underwear bomber” from ever boarding an America-bound jet.

Passengers we talked with Wednesday morning had reactions ranging from support for the scanners, to them being a “creepy…invasion of privacy.”

TSA officials haven’t decided whether everybody will go through the full-body scanners.

At the airports that have them already, they’re being used as a secondary device — preventing security lines from getting even longer.

A federal appellate panel on Tuesday blocked a court order requiring disclosure of e-mail between the White House, Justice Department, National Security Agency and Office of the Director of National Intelligence — communications that paved the way for new spy legislation.

The 2008 messages were a precursor to legislation that year to kill litigation against the nation’s carriers for funneling Americans’ communications to the National Security Agency without warrants.

The decision by the 9th U.S. Circuit Court of Appeals reverses a California judge who ordered disclosure of those e-mails and the names of telco company lobbyists who pushed for the legislation. The Electronic Frontier Foundation, a civil rights group in San Francisco, sought the e-mail and lobbyist information under a Freedom of Information Act claim.

The EFF wanted the data, which could shed light on the behind-the-scenes machinations of how the legislation was passed that nullified its lawsuit. The suit accused the carriers of being complicit in providing Americans’ electronic communications to the NSA.

The San Francisco-based appeals court, hearing the FOIA case at the request of the Obama administration, ruled U.S. District Judge Jeffrey White failed to determine whether the information should be kept secret for national security reasons.

The decision comes two weeks after President Barack Obama said during his first State of the Union address that “it’s time to require lobbyists to disclose each contact they make on behalf of a client with my administration or Congress.” (.pdf)

The Freedom of Information Act, however, exempts disclosure of materials deemed national security secrets. The circuit court’s decision means Judge White must consider whether disclosure of the sought-after information would harm national security.

The legal saga began four years ago when the EFF sued AT&T, alleging that the NSA was siphoning all electronic communications from AT&T. The suit, bolstered by internal AT&T documents, accused the carrier of assisting in setting up the warrantless dragnet that the EFF and others claim continues unabated today.

That suit had grown to include all the nation’s leading internet service providers.

The 2008 legislation was approved by Obama as an Illinois senator and signed by President George W. Bush. The legislation — which also bolstered the government’s warrantless electronic eavesdropping powers — means the courts likely will never address the merit’s of EFF’s allegations.

Homepage art: monstersweare

See Also:

• Courts, Congress Shun Addressing Legality of Warrantless Eavesdropping
• Top Internet Threats: Censorship to Warrantless Surveillance
• Obama Sides With Bush in Spy Case
• Scholars Reject Obama’s Stance on Warrantless Cell-Phone Records
• McCain: I’d Spy on Americans Secretly, Too
• FBI, Telecoms Teamed to Breach Wiretap Laws
• Bush Administration Says Warrantless Eavesdropping Cannot Be Questioned
• Senate Set to Re-Up Bush Warrantless Spying Powers in U.S.

The Pentagon’s science fringe has been trying to lord over the natural elements for years now. They’ve talked about planet hacking and screwing with enemy climates, and they still want to harness the power of lightning.

This year, military science has more of an “all-encompassing” goal for global mastery. As part of its budget for the upcoming fiscal year, Pentagon extreme research agency Darpa is launching the “Transparent Earth” project. They’ll invest $4 million into the creation of real-time, 3-D maps that display “the physical, chemical and dynamic properties of the earth down to 5 kilometer depth.”

At first, the idea doesn’t sound all that impressive. The earth is more than 3,500 miles deep, from crust to core, so Darpa’s plan would literally just scratch at the surface. But geologists and geophysicists still know very little about the day-to-day goings-on underground, even at a depth as shallow as 5 km (that’s 3.1 miles). The deepest drilling of the planet was a Soviet hole on the Kola Peninsula, which took 19 years and made it around 7.5 miles into the crust, and even NASA still uses land-based GPS signals to predict volcanic eruptions.

Rather than a mega-drill, Darpa wants to harness innovations in sensor technology to develop a constantly-updating model of planetary activity. They’ll use sensors to detect “natural indicators of subsurface activity,” and then take advantage of mathematical algorithms designed to estimate various natural earthly phenomena, including geophysical turbulence and shifting tectonic plates.

Algorithms are already used in planetary mapping and predictive science, but adding high-tech sensors would provide a constant stream of new data. And that kind of accuracy could have serious planetary implications: Changes in the earth’s crust can explain and predict volcanic eruptions, earthquakes and even the formation of mountain ranges.

After they successfully combine sensors and mathematics, Darpa’s end goal would put even NASA’s satellite footage to shame:

A global three-dimensional picture of the earth’s subsurface with variable spatial, temporal, and information resolution, allowing changes at local scales to propagate through both physical models and proximity rules to update the global picture.

So maybe Darpa wants to protect civilian populations from the ravages of natural disasters. But those same tools could be used for military purposes against enemies, suspects one unnamed geoscientist. “All of my ’science is good!’ tree-hugging comments aside, what this program is probably really about is detecting, targeting, and destroying hard and buried underground facility (UGF) targets,” he said.

Whatever Darpa’s intention, they want their transparent earth sooner rather than later: The agency anticipates that the new 3-D models will be available to the Army, Air Force, special operations and intelligence agencies by 2015.

Photo: NASA

ALSO:

• Military Scientists Explore Planet-Hacking
• Military Science: Hack Stormy Skies to Lord over Lightning …
• Scientist Looks to Weaponize Ball Lightning
• Hit Anywhere on Earth with ICBMs, “Cans of Whup-Ass”
• Defense Firm’s Global Warming Solution: More Drones
• Pentagon Orders Massive Bunker-Busters for Underground WMD
• Pentagon Scientists Target Iran’s Nuclear Mole Men

DECT vivisection / The Register

By Dan Goodin in San Francisco • Get more from this author

Posted in Security, 8th February 2010 08:03 GMT

Cryptographers have broken the proprietary encryption used to prevent eavesdropping on more than 800 million cordless phones worldwide, demonstrating once again the risks of relying on obscure technologies to remain secure.

The attack is the first to crack the cipher at the heart of the DECT, or Digital Enhanced Cordless Telecommunications, standard, which encrypts radio signals as they travel between cordless phones in homes and businesses and corresponding base stations. A previous hack, by contrast, merely exploited weaknesses in the way the algorithm was implemented.

“This standard, as with everything else we have broken, has been designed some 20 years ago, and it is proprietary encryption,” said Karsten Nohl, one of the cryptographers who helped devise the attack. “It relied on the fact that the encryption was unknown and hence could not be broken. This is a case where something that has some potential for being strong is broken by just this one design decision that in any public review would have been spotted immediately.”

Nohl, 28, is the same University of Virginia microscope-wielding reverse engineer to crack the encryption in the world’s most widely used smartcard. In December, he struck again after devising a practical attack for eavesdropping on cellphone calls.

He and fellow researchers Erik Tews of the Darmstadt University of Technology and Ralf-Philipp Weinmann of the University of Luxembourg, plan to present their findings Monday at the 2010 Fast Software Encryption workshop in Korea.

Like several of Nohl’s previous hacks, it began with nitric acid and an electron microscope. After dissolving away the epoxy on the silicon chip and then shaving down and magnifying the section dedicated to the DECT encryption, he was able to glean key insights into the underlying algorithm. He then compared the findings against details selectively laid out in a patent and exposed during a debug process.

The results of all three probe methods revealed the fatally insufficient amount of pre-ciphering in the DECT Standard Cipher.

In practical terms, the attack works by collecting bits of the encrypted data stream with known unencrypted contents. In cordless phones, this often comes from a device’s control channel, which broadcasts a variety of predictable data, including call duration and button responses. Sniffing an encrypted conversation with a USRP antenna and the average PC, an attacker would need to collect about four hours of data to break the key in typical scenarios.

In others – such as where DECT is used in restaurants and bars to wirelessly zap payment card details – the time needed to crack the key could be dramatically shorter, Nohl said. The time can also be sped up in a variety of other ways, including by adding certain types of graphics cards to beef up the power of the attacking PC. In some cases, the attack can retrieve the secret key in 10 minutes.

“We expect that some smarter cryptographers than ourselves will find better attacks, of course,” Nohl told El Reg. “We found the algorithm and then implemented the first attack. It’s almost guaranteed that this is not the best attack.”

The DECT Forum, the international body that oversees the standard, said it takes the attack scenarios laid out in the paper seriously and “continues to investigate their applicability.”

The crack of DECT is only the latest time Nohl has defeated the proprietary encryption of a device with critical mass. His 2008 attack on the Mifare Classic smartcard used similar techniques of filing down a silicon chip and then tracing the connections between transistors. His proposed attack of GSM encryption affects cellphones used by more than 800 carriers in 219 countries.

Latin Letter by Derek Sambrook of Trust Services, S.A. for Offshore Investment Magazine
February 2010

The Spirit of Palmerston

More than a century ago, during Great Britain’s hey day, it was said that Britannia both ruled the waves and waived the rules. As the 19th century British prime minister, Lord Palmerston, stated: “we have no eternal allies and we have no perpetual enemies. Our interests are eternal and perpetual, and those interests it is our duty to follow”. Lord Palmerston’s dictum is itself eternal and perpetual – and has international application; only the superpowers, not those sentiments, change.

Latin America’s leading banking centre, Panama, understands Lord Palmerston’s view, not because it is a world power, but because, great or small, all countries (as with individuals) will usually not place others before their own interests. It is in this spirit that the Panamanian government is approaching the transparency demands of the Organisation for Economic Co-operation and Development (OECD) in relation to the thorny issue of taxation and in doing so, the government has emphasised its intention to be a responsible member of the international community; nonetheless, as Dulcidio de la Guardia, Panama’s Vice-Minister of Finance has put it, the country will “always take care of its interests”.

In a complete reversal of fortune since dictator Manuel Noriega’s forced removal over 20 years ago, Panama’s banks are today well regulated and its Financial Analysis Unit is a member of the Egmont Group (made up of a global collection of national agencies) which enjoys a good reputation. Its common goal is to facilitate information exchange, training and sharing of expertise in the battle against financial crimes. Panama’s enthusiasm is best illustrated by the fact that it ranks fourth among 30 countries surveyed by the Financial Action Task Force (a body set up over 20 years ago by the Group of Seven, a collection of developed countries) because of the efforts it has made to enforce anti-money laundering measures. And unlike the Cayman Islands, which eschews imposing personal income taxes (despite its present financial problems), Panama has always taxed income earned within its borders (27% for individuals and 30% for corporations).

Panama’s government does not favour the ubiquitous tax information exchange agreements of the sort that have been signed in great haste by a number of offshore financial centres; they bring no benefit whatsoever for Panama because with its territorial tax system, it has no interest in foreign income earned. Instead, the government wants to sign double taxation treaties which will not only conform with the spirit of the OECD’s tax information sharing policy, but will actually attract foreign investment to Panama; presently, no tax relief can be claimed against Panamanian taxes imposed on a foreigner’s local profits. This removes the one-way street benefit for foreign governments perhaps appropriate where the information requests involve jurisdictions only offering beaches and attractive legislation but this does not apply in Panama’s case.

It is a common mistake to draw direct comparisons between Panama and such jurisdictions whereas the country’s canal, with its vital international commercial role, is but one example of this error; geopolitics would be another but would require a separate article. Ships can always go round an island, but to profit most from international trade many ships have no choice but to pass through the canal. The canal, in fact, was the cause of a terrible blunder on the part of Ferdinand de Lesseps (the French diplomat who built the Suez Canal) who compared Egypt with Panama. Work commenced before it became clear that constructing a sea-level canal through the flat Egyptian sand (a canal, I would add, which I have passed through) was an entirely different enterprise. The French canal may not have been created but perhaps the longest palindrome phrase in the English language was: A man, a plan, a canal – Panama.
Mistakes aside, whilst much of the OECD transparency tactics can be criticised, I am readily aware that many of the critics haven’t got an unbiased bone in their bodies. They are usually professionals who make their living (as your columnist does) from the steady stream of people and businesses lured by the attractions on offer in offshore financial service centres. Jason Sharman, however, does not fit this description because he is a political scientist at Griffith University in Australia.

His findings summon the spectre of hypocrisy raised in my column one year ago this month (Man, Angels & Brazil – Issue 193) only this time the culprit is the United States of America state of Nevada, not Delaware. The professor found that Nevada’s corporate system offered both light reporting and disclosure requirements – not to mention a quick one-hour incorporation service. In a state with a population of less than three million, Nevada apparently forms about 80,000 new businesses a year with the total now standing at over 400,000. It is understood that when the US Internal Revenue Service undertook a study it discovered that between 50% and 90% of those registering Nevada companies were in breach of federal tax laws elsewhere. Panama, on the other hand, has just over three million citizens and registers perhaps just a little over half the number of companies each year that Nevada does and, like Panama, Nevada does not reveal the names of shareholders.

Armed with USD10,000 in funding and Google as a research partner, Jason Sharman undertook a study of international money laundering; his findings will sit uncomfortably with the OECD. What he found onshore was often a lack of concern in even knowing who the clients were: copy passports and references? Forget them. And, of course, for the people behind the structures, there is no fear of a UBS backlash – personified by the revelations of its former employee, Bradley Birkenfeld – because these middlemen, unlike Swiss bankers and other responsible offshore professionals around the world, were not concerned with knowing who was behind the companies. The professor’s research led him to conclude that the US, and some other OECD members, were far more lax in their due diligence than, say, Switzerland or Liechtenstein.

45 attempts were made by Jason Sharman to create anonymous offshore companies, including bank accounts for them, around the world. These efforts were successful in 17 cases and in 13 of them the country involved was an OECD member. In the United Kingdom, after under an hour on the internet and for less than USD800 without providing identification, he formed an anonymous company and was provided with bearer shares, nominee directors and a secretary. He found, however, that service providers in centres such as Bermuda, the Bahamas, the British Virgin Islands, Liechtenstein and Panama were careful with their due diligence.

An ex-UK Foreign Office adviser (and a former colleague of mine), Rodney Gallagher, suggested in the Financial Times (18 November 2009) that at the end of the day only those offshore jurisdictions with political clout or the support of large countries (such as China) are likely to survive; he includes Hong Kong, the Gulf States, Singapore and Panama on that list.

In the case of Panama this fits in with the views expressed also last November by Susan Haird, Deputy Chief Executive of UK Trade and Investment, a government agency, when she visited the country and with whom I met as Chairman of the Panama-British Business Association (PBBA). She sees Panama as a source of future business for UK companies and believes that “Panama’s strategic position in the world makes it an important trading partner for the UK”. She was the keynote speaker at Britannica Day, a British trade-related event, which is held in Panama every year and organised by the local British Embassy in conjunction with the PBBA.

Panama’s Deputy Minister of Economy and Finance, Mr Frank De Lima, also attended Britannica Day and from discussions I had with him, it would seem that the Panamanian government understands that any tax treaties must be framed sensibly and include the necessary safeguards to deflect attempts to obtain information outside rules which call for evidence and exclude fishing expeditions. It must be why, as head of the delegation who attended tax treaty meetings with Mexico, the Deputy Minister confirmed that the negotiations came to a happy ending and that a treaty should ensue.

Britannia may no longer rule the waves, but she still has her day once a year in Panama. UK exports to the country in 2008 almost reached USD250,000 million and I predict that these are destined to grow steadily every year. After all, in President Martinelli, Panama appears to have the man and the plan.

Arapahoe wins federal grant for biometric ID system

CNET News / February 5, 2010 9:16 AM PST

Feb. 5 (Bloomberg) — Air passengers should be made aware of the health risks of airport body screenings and governments must explain any decision to expose the public to higher levels of cancer-causing radiation, an inter-agency report said.

Pregnant women and children should not be subject to scanning, even though the radiation dose from body scanners is “extremely small,” said the Inter-Agency Committee on Radiation Safety report, which is restricted to the agencies concerned and not meant for public circulation. The group includes the European Commission, International Atomic Energy Agency, Nuclear Energy Agency and the World Health Organization.

A more accurate assessment about the health risks of the screening won’t be possible until governments decide whether all passengers will be systematically scanned or randomly selected, the report said. Governments must justify the additional risk posed to passengers, and should consider “other techniques to achieve the same end without the use of ionizing radiation.”

President Barack Obama has pledged $734 million to deploy airport scanners that use x-rays and other technology to detect explosives, guns and other contraband. The U.S. and European countries including the U.K. have been deploying more scanners at airports after the attempted bombing on Christmas Day of a Detroit-bound Northwest airline flight.

“There is little doubt that the doses from the backscatter x-ray systems being proposed for airport security purposes are very low,” Health Protection Agency doctor Michael Clark said by phone from Didcot, England. “The issue raised by the report is that even though doses from the systems are very low, they feel there is still a need for countries to justify exposures.”

3-D Imaging

A backscatter x-ray is a machine that can render a three- dimensional image of people by scanning them for as long as 8 seconds, the report says. The technology has also raised privacy issues in countries including Germany because it yields images of the naked body.

The Committee cited the IAEA’s 1996 Basic Safety Standards agreement, drafted over three decades, that protects people from radiation. Frequent exposure to low doses of radiation can lead to cancer and birth defects, according to the U.S. Environmental Protection Agency.

Most of the scanners deliver less radiation than a passenger is likely to receive from cosmic rays while airborne, the report said. Scanned passengers may absorb from 0.1 to 5 microsieverts of radiation compared with 5 microsieverts on a flight from Dublin to Paris and 30 microsieverts between Frankfurt and Bangkok, the report said. A sievert is a unit of measure for radiation.

European Union regulators plan to finish a study in April on the effects of scanning technology on travelers’ privacy and health. Amsterdam, Heathrow and Manchester are among European airports that have installed the devices or plan to do so.

The U.S. Transportation Security Administration has said that it ordered 150 scanners from OSI Systems Inc.’s Rapiscan unit and will buy an additional 300 imaging devices this year. The agency currently uses 40 machines, which cost $130,000 to $170,000 each, produced by L-3 Communications Holdings Inc. at 19 airports including San Francisco, Atlanta and Washington D.C.

Last Updated: February 5, 2010 04:31 EST

• Genetic testing for newborns started in the 1960s
• Specimens are often given to outside researchers
• Scientists have said the collection of DNA samples is a “gold mine” for doing research

(CNN) — When Annie Brown’s daughter, Isabel, was a month old, her pediatrician asked Brown and her husband to sit down because he had some bad news to tell them: Isabel carried a gene that put her at risk for cystic fibrosis.

While grateful to have the information — Isabel received further testing and she doesn’t have the disease — the Mankato, Minnesota, couple wondered how the doctor knew about Isabel’s genes in the first place. After all, they’d never consented to genetic testing.

It’s simple, the pediatrician answered: Newborn babies in the United States are routinely screened for a panel of genetic diseases. Since the testing is mandated by the government, it’s often done without the parents’ consent, according to Brad Therrell, director of the National Newborn Screening & Genetics Resource Center.

In many states, such as Florida, where Isabel was born, babies’ DNA is stored indefinitely, according to the resource center.

Many parents don’t realize their baby’s DNA is being stored in a government lab, but sometimes when they find out, as the Browns did, they take action. Parents in Texas, and Minnesota have filed lawsuits, and these parents’ concerns are sparking a new debate about whether it’s appropriate for a baby’s genetic blueprint to be in the government’s possession.

“We were appalled when we found out,” says Brown, who’s a registered nurse. “Why do they need to store my baby’s DNA indefinitely? Something on there could affect her ability to get a job later on, or get health insurance.”

According to the state of Minnesota’s Web site, samples are kept so that tests can be repeated, if necessary, and in case the DNA is ever need to help parents identify a missing or deceased child. The samples are also used for medical research.

Art Caplan, a bioethicist at the University of Pennsylvania, says he understands why states don’t first ask permission to screen babies for genetic diseases. “It’s paternalistic, but the state has an overriding interest in protecting these babies,” he says.

However, he added that storage of DNA for long periods of time is a different matter.

“I don’t see any reason to do that kind of storage,” Caplan says. “If it’s anonymous, then I don’t care. I don’t have an issue with that. But if you keep names attached to those samples, that makes me nervous.”

DNA given to outside researchers

Genetic testing for newborns started in the 1960s with testing for diseases and conditions that, if undetected, could kill a child or cause severe problems, such as mental retardation. Since then, the screening has helped save countless newborns.

Over the years, many other tests were added to the list. Now, states mandate that newborns be tested for anywhere between 28 and 54 different conditions, and the DNA samples are stored in state labs for anywhere from three months to indefinitely, depending on the state. (To find out how long your baby’s DNA is stored, see this state-by-state list.)

Brad Therrell, who runs the federally funded genetic resource consortium, says parents don’t need to worry about the privacy of their babies’ DNA.

“The states have in place very rigid controls on those specimens,” Therrell says. “If my children’s DNA were in one of these state labs, I wouldn’t be worried a bit.”

The specimens don’t always stay in the state labs. They’re often given to outside researchers — sometimes with the baby’s name attached.

According to a study done by the state of Minnesota, more than 20 scientific papers have been published in the United States since 2000 using newborn blood samples.

The researchers do not have to have parental consent to obtain samples as long as the baby’s name is not attached, according to Amy Gaviglio, one of the authors of the Minnesota report. However, she says it’s her understanding that if a researcher wants a sample with a baby’s name attached, consent first must be obtained from the parents.

More Empowered Patient news and advice

Scientists have heralded this enormous collection of DNA samples as a “gold mine” for doing research, according to Gaviglio.

“This sample population would be virtually impossible to get otherwise,” says Gaviglio, a genetic counselor for the Minnesota Department of Health. “Researchers go through a very stringent process to obtain the samples. States certainly don’t provide samples to just anyone.”

Brown says that even with these assurances, she still worries whether someone could gain access to her baby’s DNA sample with Isabel’s name attached.

“I know the government says my baby’s data will be kept private, but I’m not so sure. I feel like my trust has been taken,” she says.

Parents don’t give consent to screening

Brown says she first lost trust when she learned that Isabel had received genetic testing in the first place without consent from her or her husband.

“I don’t have a problem with the testing, but I wish they’d asked us first,” she says.

Since health insurance paid for Isabel’s genetic screening, her positive test for a cystic fibrosis gene is now on the record with her insurance company, and the Browns are concerned this could hurt her in the future.

“It’s really a black mark against her, and there’s nothing we can do to get it off there,” Brown says. “And let’s say in the future they can test for a gene for schizophrenia or manic-depression and your baby tests positive — that would be on there, too.”

Brown says if the hospital had first asked her permission to test Isabel, now 10 months old, she might have chosen to pay for it out of pocket so the results wouldn’t be known to the insurance company.

Caplan says taking DNA samples without asking permission and then storing them “veers from the norm.”

“In the military, for instance, they take and store DNA samples, but they tell you they’re doing it, and you can choose not to join if you don’t like it,” he says.

What can parents do

In some states, including Minnesota and Texas, the states are required to destroy a baby’s DNA sample if a parent requests it. Parents who want their baby’s DNA destroyed are asked to fill out this form in Minnesota and this form in Texas.

Parents in other states have less recourse, says Therrell, who runs the genetic testing group. “You’d probably have to write a letter to the state saying, ‘Please destroy my sample,’” he says.

He adds, however, that it’s not clear whether a state would necessarily obey your wishes. “I suspect it would be very difficult to get those states to destroy your baby’s sample,” he says.

CNN’s John Bonifield and Jennifer Bixler contributed to this report