As Washington mulls the creation of a centralized autism registry, questions about privacy, power and precedent loom large. What begins as a research database could, over time, morph into a tool of surveillance or discrimination, especially given how similar population lists have been used elsewhere in history.

Proponents argue that pooling health records, genetic data and behavioral logs will accelerate breakthroughs in understanding autism. Yet when individuals have no real say over their inclusion, an ostensibly benevolent resource can become a de facto requirement for access to care or services, locking people into a system they cannot leave. Without stringent consent mechanisms, families may feel pressured to enroll simply to secure support for their children.

A centralized database invites security risks. Hackers have shown an uncanny ability to breach even well-protected systems; a leak of sensitive medical or genetic information could have lifelong consequences. Beyond external threats, broad data-sharing arrangements among research institutions, insurers and tech companies create endless opportunities for mission creep—where initial research goals give way to policing, employment screening or insurance underwriting.

History offers grim reminders of how data-driven registries can be repurposed. In Nazi Germany, the Jewish census evolved into lethal deportation lists. In Rwanda, ethnic identity cards facilitated genocide. Though a registry of autistic individuals lacks the overt characteristics of race or religion, it nonetheless labels a vulnerable group and could be used to restrict access, stigmatize or surveil them under the guise of public health.

To prevent abuse, any registry must be built on clear, enforceable rules: opt-in participation; strict limits on who can query the data; robust security protocols and independent oversight boards with the power to sanction misuse. Legal guardrails should mirror the strongest privacy laws—ensuring individuals can view, correct or delete their records. Without these, the registry risks becoming a permanent scaffold for intrusion into personal lives.

The choice before policymakers is not simply whether to build a registry, but what kind of society we aspire to be. Will we design systems that protect autonomy and privacy, or will we default to convenience at the expense of individual rights? As debate intensifies, one lesson from history is clear: once a registry exists, it cannot easily be undone.