[ad_1]
The data you shared with a genetic test startup like 23andMe is private – at the moment.
However, according to privacy experts, bioethicists and entrepreneurs, it is increasingly difficult to maintain this confidentiality, which is based on the confidentiality and confidentiality of your data.
Your DNA data contains very sensitive information about your health and identity. A genetic test report often includes everything from your ancestors to your cancer risk, to information on allergies and predispositions to Alzheimer's disease. Whether it is a political figure claiming an Aboriginal heritage or a CEO with a genetic risk of mental illness, each of these factors could be used against someone who put himself in the wrong hands.
The most prolific genetic testing companies take meticulous steps to protect your privacy, for example by removing personal identifiers such as your name from your genetic code before selling them to researchers or pharmaceutical companies. They also typically store your personal information and genetic data in separate environments to protect against potential hacking.
But these protocols do not protect against several key vulnerabilities, experts say.
One is what can happen to the data outside the hard-to-define walls of a DNA testing service. While genetic testing companies can and frequently share anonymous genetic data with researchers and pharmaceutical companies, individual users can also upload their non-anonymous private DNA reports into public databases such as GEDmatch. This service, which used to return to the suspected suspect of the Golden State Killer, allows the identification of relatives who have not even pbaded a genetic test.
Even large pools of anonymized genetic data can theoretically be linked to an individual. For at least ten years, researchers have demonstrated that by cross-referencing anonymous DNA data with datasets containing personal information, such as voter or census lists, they could correctly "re-identify" individuals. important parts of participants.
In addition, most major genetic testing services allow clients to download their raw genetic data – Aces, Gs, Ts, and Cs that make up their genetic code – using their e-mail and email addresses. their profile.
Privacy experts and bioethicists say that all these problems mean that the current landscape of genetic testing is ripe for a potential calamity.
"These are not video games that can be downloaded and shared without your permission, or even banking information," said Matt Mitchell, director of digital security and privacy for the Tactical rights organization. Tech, at Business Insider.
"You can cancel your credit card, you can not change your DNA," he added.
The Golden State Killer case: how to exploit private and protected DNA data in public databases
When you send your saliva sample to a company such as 23andMe, Ancestry, Helix or a handful of DNA testing startups, you perform an badysis of the genetic data that it contains. This DNA data includes your unique genetic code, as well as your pedigree data, which may indicate members of your family.
To protect your privacy, most of these companies make this data anonymous: they delete your personal data, such as your name, and store the DNA data separately from your personal information.
Ancestry spokespeople, 23andMe and Helix all told Business Insider that their privacy policies were designed to protect people's data within the walls of their platforms. But what happens outside of their domains depends on the individual customer.
In the case of the Golden State Killer, law enforcement officers transferred the DNA of their suspect into the GEDmatch personal genomics and open genealogy database with the help of a sample from from a crime scene. Then, with the help of a team of experts, they were able to badyze and compare several sets of data until they found their suspect, Joseph James DeAngelo. The key to their discovery was the fact that 24 members of DeAngelo's family had participated in GEDmatch.
You share a lot of your DNA with your parents and siblings, and less with more distant relatives. But by comparing an anonymous DNA sample with identified samples, researchers can triangulate on a person's relatives and then identify the person himself.
None of the leading genetic testing companies allow users to download raw DNA samples as does GEDmatch. But you can upload your Ancestry or 23andMe genetic data and share it with GEDmatch or another public genealogy database.
"Today, when you have an anonymized data set and a complementary resource with which you can compare these data, for example GEDmatch, you can start to identify individuals from that." "said James Hazel, a biomedical researcher at Vanderbilt University. the privacy policies of several genetic testing companies, said Business Insider.
"Data is data – once it's available, it's very difficult to control"
Until recently, researchers considered that the risk of re-identification – when a person correctly matches your anonymous DNA data with your personal information – was extremely low. But as more and more people participate in genetic testing and data badysis tools become faster and easier to use, this risk is on the rise, they say.
Hazel said the current risk of re-identification is "important".
Dawn Barry, president and co-founder of the LunaDNA genetics research start-up and 12-year veteran of the biotech giant Illumina, has agreed.
"We need to prepare for a future in which re-identification will be possible," she told Business Insider during a meeting on the sidelines of a Wall Street health conference. Newspaper.
Since about 2009, researchers have demonstrated that by comparing large sets of supposedly anonymous DNA data to public datasets from censuses or voter lists, they could correctly identify between 40% and 60% of all participants in genetic testing.
DNA databases have increased significantly since this 2009 experiment.
Last fall, more than 19 million people had pbaded a private test of Ancestry or 23andMe. In the wake of their growth, participation in public databases such as Promethease and GEDmatch has also exploded.
"The data is data – once it's available, it's very difficult to control," said Hazel.
David Koepsell, bioethicist at Yale and co-founder and CEO of the blockchain-enabled EncrypGen genomics company, agreed.
"Re-identification is a real concern and people have done it with public databases – it's not science fiction," he told Business Insider.
Last November, Yaniv Erlich, geneticist and scientific leader of the MyHeritage parent company, led a study published in the journal Science in which he examined DNA data from GEDmatch and MyHeritage. Erlich concluded that with a genetic database of 1.3 million US residents, about 60% of all white Americans could be located until a third cousin. This finding was independent of whether the individuals themselves had participated in a genetic test.
"In the near future," writes Erlich in the newspaper, "this technique could involve virtually any American person of European descent".
Ancestry spokespeople, 23andMe and Helix all described the comprehensive privacy policies designed to protect people's data when their data remains on the platforms.
"To protect against re-identification, we are depriving our customers' personally identifiable information of their genetic information by storing both sets of data in separate and isolated computing environments," said a 23andMe representative by email to Business insider.
The spokespeople for Helix and Ancestry shared similar policies.
"It could go wrong": Experts warn against downloading your personal DNA data
But Ancestry, 23andMe and Helix all allow users to download their raw DNA data. The download is free at Ancestry and 23andMe, but costs $ 499 with Helix. A spokeswoman for Helix said the fees were due to the fact that Helix provided a more complete set of genetic data than the other platforms.
In most cases, to download their DNA data, a user must log on to the platform and select "download my raw DNA". Then they receive an email where they have to confirm the download. After clicking confirm, the download of the text file begins.
Once customers have downloaded their genetic data, they are no longer protected by any of the company's security measures.
"What you do with your data is your responsibility, that it is to share your username and pbadword with other people, to share via 23andMe, to upload your data or anything else, "reads the 23andMe website.
Experts say this configuration does not properly protect users. At a minimum, they say that platforms must encrypt genetic data from the moment they are sent to the moment they are received. They also pointed out that a person's login information may be identical to that of his email, another potential weakness of security.
"It's Privacy 101," Mitchell told Business Insider. "These companies must have the highest level of security and they do not have it."
Mitchell and Hazel both stated that they thought genetic testing companies should use two-factor or multi-factor authentication, a security measure applied by many banks and data companies. Users must provide at least two pieces of evidence (such as their phone number and a pin) before allowing access to sensitive data.
"It's something that a lot of companies do," said Mitchell. "If anyone really cares about your data, they will handle it with the utmost caution.The downloading of raw data is dangerous and may turn out badly."
Hazel believes that more users should be aware of these vulnerabilities, as well as the different ways in which their data can be used that goes beyond their original intent.
"It depends on the compromise," he said. "How comfortable are you with the way data can be shared and used?"
Source link
