It's important to understand in the ancestry.com case they didn't ask for information about a specific individual. They provided a sparse sample with a few markers and asked ancestry.com, without a warrant, to do a fuzzy cold hit search of their entire database and provide them with information about any individuals that had partial matches. Ancestry found one, and related this existence, which was then speculated to be a possible relative. At that point police got an actual warrant to enable getting the name of this remote match, and ancestry.com provided it. The person was not even an ancestry.com customer. He was a person that participated in a scientific study years ago, the database results of which was later sold to by ancestry.com without his notified consent.
There are massive statistical problems with this approach, without even having to get to the obvious privacy problems.
This is a good reminder to assume that anything you contribute to any database will potentially be used against you. This is the biggest problem I have with the idea of electronic medical records: they create the potential to be caught up in a future "fishing expedition" by authorities whose motivations are not in your interest.
His case against the PATRIOT Act was tossed because he didn't have standing!? Despite the fact that court documents (which are permissible (unlike the Snowden documents which probably aren't)) showed he was specifically targeted?
Sweden have a national DNA registry that, while optional, practical all newborns are added to since 1975. The registry is purely intended for medicine and research, and the few exceptions when law enforcement had requested a sample, there have been outcry from both researchers and the public that such use would start make parents denying the request and ruin the extremely valuable resource that such registry create. Everyone loose when that trust is lost, from the pain and misery that happens from untreated disease, to the economical loss to society, to the loss of progress from a lack of research data.
It pointed out that the state sells the information to private companies. As the author points out, it is a test you pay for. Lets see state law requires one to get a test, one has pay for it, one have no control over the handling of it and the state makes money off of it. The state need to do the right thing and protect people's privacy and not sell the people out.
I am not in the mood to check the wording of the law; I wonder if one can refuse to have the hospital to do the test and do it on one's own with a private company where one has control. If one can't do this, then I would look at this as nothing more than state collection of DNA pure and simple and in such a case the state should go F' itself.
When I joined the (US) military in the mid-90's they took a compulsory blood sample for DNA matching. At the time they didn't sequence it, but just folded a drop of blood into a piece of paper and filed it somewhere.
This is exactly why the companies using this DNA data must fight the US government all the way to the Supreme Court for any such request. Otherwise, their businesses risk dying out before they even get a chance to take off, because people won't trust them anymore if they just end up handing the data over to the government.
Or you could get your DNA tested under a pseudonym with a prepaid card (if enough people started doing this they might even offer an anonymous or encryption option).
Been there done that. 23andme will not accept any prepaid/debit card and kit's shipping address must match billing address. Full name is obviously required - as I was told, for your own protection. Long story short, I withdrew.
Why would parents stop using the DNA registry if police use it legally? Are parents really saying to themselves "I don't want to provide little 1 month old Timmys DNA, because one day he might rape somebody and I don't want him to be caught"?
Did you not read the article? Some guy was questioned by police for a brutal crime that is only connected to him by the fact that his father's DNA, submitted to a third party and legally fished by police, didn't match DNA recovered from the victim - but was close enough to possibly be a relative. You are a fool if you think that the police only lock up the guilty. I doubt many parents would want to expose their children to the possibility.
I'm curious how you draw the line between what information is okay for them to have, vs what isn't? Why is it bad for them to have your DNA, but not bad for them to have your photo from your drivers license/passport? Is it possibly because you were born and raised in a society where one was common and the other was not?
And what does accountability have to do with this? Whether the government has accress to DNA markers is orthogonal to them being held accountable for their actions
We don't give the government the right to search anyone's house, car, or person without certain cause? Would you be fine if they could because you're not planning to break any laws?
No, but that is different. DNA is something that I literally litter tens of thousands of copies of everywhere I go in public(via skin cells). If DNA is so private, why do we all discard so much everywhere we go?
> The Sorenson Molecular Genealogy Foundation was launched by billionaire Utah businessman James LeVoy Sorenson with the backing of the church. The foundation's goal was finding a "genetic blueprint" for humans, and it amassed more than 100,000 samples when Ancestry acquired the database in 2007.
It is discouraging that this data that was ostensibly collected for non commercial purposes can be sold to Ancestry.
That's why I never participate I anything data related.
I turned down a $100 best buy gift card in exchange for a 10 minute interview. The guy wouldn't let me go because he couldn't understand why anyone would turn down $100 for a 10 minute chat.
When I was forced to participate in a study in university I always lied in my answers (how is forcing me to participate moral?)
Its my data. I don't trust you, ill do my darnest to keep it from you or feed you wrong info.
Incredible huh? Great idea for business -- ask someone for something volunteerly with backing of church or hide behind some religion, then once you get enough -- boom sell it to highest bidder. Only problem you have to be a hard-core scumbag to pull something like that.
I'd love to check my DNA for potential diseases, and I'd like to know, for instance, if I'm a descendant of Genghis Khan - but this article reinforces my reluctance to send it in anywhere.
As I understand it, they refuse to do anonymous testing - they have good reasons, some of which are completely focused on privacy. I'd love to have an at-home kit, so I could check the contents of my DNA against a database of known facts.
> I'd love to have an at-home kit, so I could check the contents of my DNA against a database of known facts.
I think sequencing at home would be difficult. What we would need is for them to sequence your DNA, then send that data to you, then destroy their copy of the data. This would need to be enforced contractually. The problem is that if you lose your copy of the data, it is gone. This has issues with usability.
If if they offered to keep your named detached from the sequence it wouldn't do much. Your DNA probably has more bits of entropy than your first and last name together.
Sequencing at home is done all the time by your own cells -- or anyway replication is. There's no inherent reason it can't be done by small cheap tools; we're just not there yet.
(Yes, privacy is why I never signed up with 23andme. I expected news like this.)
We're still years off from sequencing at home for anyone other than dedicated biohackers. The MinION is really cool, but it's very much an advanced researcher's tool.
Honestly, if you're interested in having your genome sequenced/analyzed, I would suggest contacting a local genetic counselor and asking if they can find a sequencing core (or someone that does beadchips) that would agree to delete your data after analysis. They would also be able to discuss your data and the impact it has on your health with you, and provide referrals if more testing or diagnosis is needed.
I figured that was probably the case; even optimistically, the Minion costs around $1000. But the parent comment seemed rather too absolute in rejecting sequencing at home, like it'd never happen. I'm going to wait a few years and then reevaluate the choices.
> If if they offered to keep your named detached from the sequence it wouldn't do much. Your DNA probably has more bits of entropy than your first and last name together.
Doesn't help them much to know that you got DNA sequencing done if they don't know who you are. Generally the idea is they already have an anonymous DNA sample and they want to find a person with a potentially matching sample. Having two anonymous samples doesn't help them.
They won't give you information about potential diseases, but they'll give you information about your ancestry and ethnic makeup and they'll do it anonymously. They give you the option to register, but you can also lookup your results by the tag on your sample.
I have an uncle who got tested by a program like that a few years back. I'm not sure if it was the same one, but the results basically just said he was a male of Western European descent.
That may be true, but there are degrees of anonymity. The problem described in the article is not the DNA, but the association of the DNA with some other identifier. If all they have is a DNA sample, the only current way to look it up would be to match it against another DNA sample, which only tells you that you submitted a DNA sample.
In the future, it may be possible to take a sequenced DNA and simulate what the person looks like, but we've barely crossed the threshold of having enough computing power to sequence a genome, so we're many years from that being possible and, even then, without knowing the donors age, you wouldn't be able to say what the donor looks like today.
You can still get a lot out of DNA today. There have already been murderers apprehended because their family members agreed to undergo DNA testing even though they didn't.
IIRC it's possible in many cases to go from anonymous genome (and no other info) to a surname with a distressingly high degree of accuracy. It doesn't really involve trying to predict phenotypes or anything, it's basically just because you are distantly related with at least some people who have their names attached to DNA sequences.
It becomes even easier to identify someone if you have some very limited extra information. Like, say, the postcode their sample was mailed from.
My understanding is that basically the idea of an "anonymous" DNA sequence is going to quickly become meaningless, that unless the person being sampled takes extraordinary effort it will be possible to narrow down who they are. It only takes like 30-40 bits of information to uniquely identify a human.
What use is the DNA match to third parties if there is no name/identity information paired with it?
I guess it reveals a few bits of information if you know your killer submitted a sample to the project (but an easy way to avoid this threat is to not be a killer).
Most of the threats I can think of start with the third party already having the DNA, so it's existence in the project database doesn't seem important.
Someone else that is a (distant) family member of yours could supply enough information that by combining a few of those records you'd be as identifiable as if you had added your name and SSN to the sample. It's not a problem in isolation, it is by combining data from several sources that you can re-establish identity from an otherwise anonymous submission.
For instance, let's say my brother submits his DNA non-anonymously to some database. By looking at the match between his profile and mine it could be established that I'm a close relative. A few more like that and some constraint trickery and you'd have me as the only solution to your equation.
For an interesting perspective on this: consider what could happen if Facebook bought 23andme... (not much chance, fortunately given who founded 23andme but still).
The relative match can happen whether you have submitted your DNA or not.
The third party that is searching using DNA gets "Bill's close relative" or "Bill's close relative that also anonymously submitted their DNA to the database".
The specter of the service working internally to de-anonymize submissions is real enough though.
I guess I don't really care about protecting myself from future dystopias, not really in a sense that I have nothing to hide (I find attention quite uncomfortable), more in a sense that I hope I'd stand up and shout loudly, rendering irrelevant all the past hiding-planning.
There's approximately 100,000 Amsterdam Jews that would stand with you and should just as loudly, only they can't.
Lessons from the past can only be applied to the future if you're actually willing to learn them. Unfortunately, it seems as though those lessons weren't serious enough yet. I shudder to think of the kind of lesson that it would take to get people to understand these things in a way that we will actually live by those lessons in the future.
Standing and shouting loudly is not much of a defense against an organized entity that is 'out to get you', even if that seems like a distant and remote possibility, the damage it could do is sufficient to warrant the - small - premium we'd pay in being careful with our data today.
It's a bit like the rest of the security industry: probability of incidence * potential damage is a good way to figure out whether or not something is worth protecting against.
Because I got very tired of the 'if you have nothing to hide' mantra, and even if you freely admit to finding attention quite uncomfortable you might be persuaded by the argument that seemingly innocent entries in databases have cost many lives already.
Is it okay if I think the better lesson (vs hiding) is to not allow tyranny?
Maybe it's overly optimistic or foolish or something, but it's still a shit world if only the people that (properly!) planned ahead survive.
Edit: Imagine a modern populist horror that subjected everyone to mandatory genetic testing and slaughtered people with certain genes; You can't escape your genes, the problem would be the populist horror, not whether you were on some preexisting list of people that needed slaughterin'.
That's definitely preferable. But given that Hitler actually made it in on the democratic process you don't always get that choice. And yes, those that properly planned ahead survived. I have a very nice piece about that from a guy called Simon Carmiggelt, unfortunately it is available in Dutch only, and only in video (even though he was a writer):
The essence is that the writer meets with an elderly lady from the city on the street and she relates how just above everybody died from a particular family, except for one guy who saw it coming, warned everybody else and then left.
If the Nazi's had been able to take possession of a Europe wide DNA database they might have just been able to eradicate the Jewish people forever and that's a very sobering thought to me. Now, I'm not Jewish but I know a few people here that are 'singletons', they have no living relatives going back two generations and that's a pretty strange thing to have it described to you. I don't have much to worry about from the angle of religious persecution or anything to that effect (I believe, but then again, who knows, maybe one day some religious nutcase will decide to open a war on atheism and maybe then I will have a problem but that's not genetic so the link with DNA isn't really there).
Even so, less data in searchable files about you is better imnsho, the upsides are quite limited and the downsides significant, especially if you have no idea who is rooting around in them (one case of being stalked is enough for a lifetime).
If one has cheap DNA sequencing, then they don't really need a preexisting database to implement genocide. In fact relying on one could even reduce their accuracy.
Not that I disagree with the general lesson. It just seems in such a situation, a mapping of DNA<->name is actually less worse than a mapping of name<->location.
Going on the assumption that your name and address are already out there in many databases adding your DNA + your name would make it that much easier to go from 'DNA' to 'list of people to pick up'.
It's always the combination of databases that makes them that much more powerful.
I imagine I slipped in my edit as you were writing, but (given the necessary tech) the Nazis could have created a Europe wide database by collecting DNA.
Indeed. Imagine people being jailed, exiled or killed based on their deviance from some ideal. It's not at all imaginary to me that such a thing could re-occur in the future and there is absolutely no telling where it would happen either. But with lots of countries moving drastically towards extremism in Europe and elsewhere I see little to be optimistic about.
English translation of that piece from above:
[deleted]
It's super crummy (google translate) but it gives you a bit of a feeling of the atmosphere in the original. This is not fiction.
I'll do a better translation, this really does no justice to the original text.
edit: a much better translation, still a quickie but it captures the mood much better:
This is another perfect example of how the whole "If you've got nothing to hide..." thing is totally insane. This guy had nothing to hide, seven years later the police show up.
I wonder if it's possible for e.g. the Mormon Church to run a DNA program to be able to protect the data and identities under the 1st Amendment, similar to what the Catholic Church has done with pedophile records.
It would certainly help if the LDS Church was headquartered in its own sovereign nation but I think it's trickier here in the US. Though it would certainly make for an interesting test of freedom of religion if it ever came down to it.
Someone intent on finding a suspect can try to find a convenient suspect. Perform secondary sort on those who cannot afford a defense and/or persons of color and you've got someone who is suddenly in a world of undeserved trouble.
And this is why I will not do Ancestry DNA. As much as I want to do their DNA program I just won't until we have some major strict privacy laws regarding DNA. Once a third party has it, just like storing your data in the cloud, who knows where this DNA will wind up or for what purpose.
Even with privacy laws there is very little in terms of guarantees. Too many ways in which data can be copied or read by those who should not have access. For some data, it is simply better if it does not exist in an easily accessible centralized pool at all.
This isn't going to end well. The minute the general public becomes aware that they're effectively handing their DNA over to the FBI and perhaps the NSA, companies like Ancestry.com and 23andMe.com will be out of the DNA business. I was thinking of registering my own DNA, but not any more. I'm not against law enforcement at all, but I'm sure against this kind of back door attempt to confiscate yet more of our private data.
The general public isn't worried about these problems. The general public is the people who voted for giving those agencies their powers and letting them keep them. Anyone who voted for Bush or Obama is someone who isn't worried about giving their DNA to 23andMe.
Farcical comedy I know but imagine if one day you go on some sneezing rampage due to allergies on some sidewalk 5 minutes before a horrible murder took place and you're suddenly a suspect! At least that is my fear.
That is not really true. According to 23AndMe, by law the lab that processes your saliva must keep your data for a minimum of two years. Moreover 23AndMe keeps your data forever if it's involved in any of their studies (it's in their TOC), which probably happens the second you submit anything to them. I do not believe that 23AndMe actually deletes data.
Do they still keep a database of all previous customers? If only 1% request a deletion it would leave a fairly small group of people who requested the deletion. Then via genetic markers you could probably match them back up fairly easily with the right data.
Then that brings up even more questions like what laws is this lab subject to? The reason I bring this up is that many of the laws in the US related to medical data tend to try to protect it for the consumer.
How was the process of signing up for the PGP? I've been interested in doing it before, but wasn't sure if it would be a major hassle or more of an in-and-out of the doctor thing.
Also I'm impressed at the amount of data, I expected a few VCF files, not a ~60GB BAM.
Time to ask 23andme to destroy my sample, I'm disappointed but not surprised. Not 23andme's fault though. Thankfully I had mine tested in the Canadian facility rather than the U.S. one; so they can legally comply.
No doubt they can get my sequence anyway, maybe they already have it; but at least I can say that they got it illegitimately.
This is why I refused to contribute to a medical study on a condition I had in the past and that would have required me to provide some DNA sample. These databases should not exist given the weak legal protection and the non existent protection against hackers.
There's a lot of negative reaction here. What's wrong with the police searching DNA data to find a suspect? Is it:
A) They might do something statistically invalid like charging whoever matches, even if somebody is bound to match just by chance. That didn't happen here. Usry was only a suspect and interrogated then let go. If he did get wrongly convicted, that means there's always at high risk of that for any investigation even without DNA. If we don't trust our processes for protecting against wrongful convictions, then we should try to fix those because they'll already be being abused. If we don't want police to interrogate any suspects who aren't already known to be guilty, then we might find they become a lot less effective at solving crimes.
"... was interrogated for six hours and finally gave blood for a DNA sample. For the next month, he remained under suspicion until his DNA was determined not to match the samples taken from the crime scene."
That looks like a perfectly normal and acceptable way of investigating a crime. It looks like the system working safely.
B) Police accessing personal data is wrong. How about phone tapping with a warrant? How about searching a house with a warrant? Private surveillance footage? Where do you draw the line and not allow them to investigate crimes?
C) People confuse it with secret anti-terrorist or antidisestablishmentarian (I found a use for that word!) NSA investigations which don't follow the well accepted warrant process.
- 23AndMe/Ancestry shouldn't have a database of DNA -> identity mappings.
- Law enforcement shouldn't have the ability to compel surrender of data for which someone can have a reasonable expectation of privacy (medical records, private communications, journals etc.). Privacy trumps investigation for me.
- Law enforcement shouldn't have any kind of "search" access to any private DNA database. I could accept them getting information for an exact match but including relatives and partial matches is too far.
I understand wanting to keep the police out of your private things. But we already let them in when they have a warrant. Are you saying DNA is more private than your house, computer, phone converations, etc? Or that all those things should be off limits to police with a warrant?
Of course this is not the same as giving them free access to whatever they want. Then I could understand people's worries. Individual policemen could use it to harass people they don't like, or other abuses.
> Are you saying DNA is more private than your house, computer, phone converations, etc? Or that all those things should be off limits to police with a warrant?
I can live with the police gaining access to my house but my computer and phone conversations are just as off limits to them as I want my DNA to be. Every device I own that can store data is fully encrypted so the police have no access to that regardless of their wishes. Same goes for most of my phone conversations.
I draw the limits at two things: my body (DNA) and my mind (communications, data).
The warrant would tend to be targeted at a specific person. "Tell us what you have on Bob Jones", and not a population "Tell us what you have on everybody named Jones"
![http://cdphiprod/SiteCollectionImages/1newwind.gif"></a>](http://cdphiprod/SiteCollectionImages/1newwind.gif"></a>){kind=link}
There are massive statistical problems with this approach, without even having to get to the obvious privacy problems.