In 2009 the San Francisco police arrested Lily Haskell when she allegedly attempted to come to the aid of a companion who had already been taken into custody during a peace demonstration. The authorities released her quickly, without pressing charges. But a little piece of Haskell remained behind in their database.

Haskell is one of hundreds of thousands who have had their DNA extracted as part of an enormous expansion of what were once categorized as criminal data banks. Police in about 25 states and federal agents are now empowered to take a DNA sample after arresting, and before charging, someone. This practice occurs even though many of those in custody are never found guilty. If they are cleared, their DNA stays downtown, and they must undergo a cumbersome procedure to clear their genetic records.

Courts nationwide are now wrestling with the civil-liberties implications. Some have held that the practice violates the Fourth Amendment protection against “unreasonable searches and seizures.” Other courts, including one that heard a legal challenge brought by Haskell, have agreed with law-enforcement officials that lifting DNA is no different from taking a fingerprint, an established routine even for those not convicted. Ultimately the U.S. Supreme Court will probably decide this matter.

The ability of DNA technologies to match a tiny sliver of tissue left at a crime scene to a suspect gives them an undeniable allure to law enforcement. For critics, the unreasonableness of this “search” relates to the information-rich nature of DNA. It does more than just ID people. It also has the potential to furnish details about appearance, disease risk and behavioral traits. The laws establishing DNA databases attempt to guard privacy by limiting inspection to only 13 relatively short stretches of DNA among the billions of “letters” of code that make up the genome. Yet that protection may not be enough. Once those 13 markers are extracted, law-enforcement agencies continue to store the larger biological sample. Civil-liberties organizations worry that officials may eventually mine these samples for personal details or make them available for medical research without consent.

New genetic technologies are opening up possibilities that did not arise when the samples were first collected. For instance, a technique called familial searching can match DNA from the crime to someone in the database who is not a suspect but possibly a close relative of one—the database hit would be a near but not identical match to the DNA at the crime scene. The police would then have a whole new set of potential leads who would come under scrutiny as possible perps.

Although this process may nab criminals who would otherwise elude capture, it may also ensnare the innocent. Most of the possible leads produced by searches in partial database matches will have done nothing wrong. These persons of interest are likely to be concentrated in minority communities whose denizens represent a disproportionate fraction of the databases. Moreover, the seeming infallibility of DNA may prompt police to place too much reliance on familial search methods instead of considering nongenetic evidence that may steer an investigation toward other leads, notes New York University School of Law professor Erin Murphy.

The need is acute for legislative safeguards that protect privacy while also allowing police to solve crimes using these powerful tools. DNA samples should not be taken until a suspect is convicted, and even then the original DNA sample should be destroyed once the relevant markers are in the computer to guard against any future temptation to delve into someone’s private life. Finally, familial searches should be undertaken only as a last resort after other investigative leads have been tried—an approach that California has adopted and that other states should follow.

DNA is not just a technological progression from fingerprinting. It is qualitatively different. As such, it needs to be treated as more than a mere formality of a police booking procedure.