11 minute read
23 and We
You walk into an interview, your palms sweating. You arrive in a room filled with other individuals waiting to be questioned, pasts and presents dissected for the opportunity to work. Finally, your name is called. Walking into the room, you perch on the edge of your seat, facing the interviewer. In your hand, you clutch a file of papers filled with personal information. Tentatively, you hand it across the desk. The interviewer opens the file and scans quickly through the documents, pausing upon a sheet filled with genetic information. They then politely hand back your file, and after conducting the interview, they inform you that you do not qualify. Despite your answers, your genetic information spoke for you.
Could this be our new reality? The key to our very being exists inside every one of us. It is trapped within a spiral of coded parts, tangled up in every nucleus of our cells. Genetic testing has increased in popularity over the past couple of years. By merely sending in a tube of saliva, scientists can determine where your family originates from, what races make up your heritage and, if allowed to probe further, can determine what diseases you may be at risk for. Initially, genetic testing was offered as a public service for people to resolve their lineage and possible health-related issues. However, its rise in popularity has led to the results being used only for entertainment. This growth in awareness, combined with its ease of use has led to increased risk for all involved, no matter how conscientious.
Advertisement
By putting your genetic information out into the world, you may be putting yourself and others at risk.
The human genome was first sequenced in its entirety in 2003, and since then, scientists have been able to understand more about the secrets of the human body. The ability to have individual DNA tested followed soon after in 2006. Decoding your genome has the potential to spur a healthier life for thousands of people around the world who are suffering from inherited genetic conditions.
Diagnostic testing is often done when an individual is exhibiting signs of gene mutation, and the results can diagnose a disease such as cystic fibrosis or Huntington’s. Another type of testing, called “predictive testing,” is done as a preventative measure to screen for potential inherited diseases, such as certain types of cancer.
Allowing scientists to read your genetic code can enable them to pinpoint specific genetic markers, thus allowing for more accurate medical assistance. Francis Collins, past director of the National Human Genome Research Institute, noted the value of having one’s DNA decoded. Collins states, “[the decoded human genome] is a transformative textbook of medicine, with insights that will give health care providers immense new powers to treat, prevent and cure disease.” Essentially, creating a map of your genetic history to better your health.
However, people have discovered uses for DNA beyond personal medical and heritage tests. Voluntarily giving away DNA has helped identify certain criminals if the police are allowed to put DNA samples through extensive database services. Fairly recently, the infamous Golden State Killer was found thanks to DNA evidence, after more than thirty years of escaping arrest. Yet, the benefits for society go beyond catching faceless criminals.
Imagine a world where, once everything is known about your body, diets and exercise plans can be tailored to fit individuals. With healthier lifestyles, obesity and heart disease rates could go down. Of course, this all depends on the cooperation and coordination of various companies that manage DNA databases to make sure that this information is used fairly and legally with the complete understanding of its owners. Even in beneficial cases, DNA-testing companies are fighting to keep their databases from being used to solve crimes, as this way may infringe upon personal freedoms.
Susan Perry is a professor at AUP who began her work on privacy concerns with Claudia Roda in 2011. Roda is a fellow professor at AUP and teaches courses on Computer Science and Global Communications. In a recently published a book titled Human Rights and Digital Technology: Digital Tightrope, they analyze how to protect human rights as technology continues to advance
and develop. Now, with a budget of over one million dollars, Perry and Roda seek to improve privacy designs for software engineers around the world.
Perry explains that there are various ways to use DNA. “DNA is just another form of a commodity that can be bought and sold over the internet,” she says. This commodification takes the individual out of the equation, making the data less personal. This distancing from one’s own data can lead to an indifferent mindset, which can increase the risk that data will be stolen.
In 2008, a law called the Genetic Information Non-Discrimination Act, or GINA, was passed to ensure that employers or insurance companies could not discriminate based on a person’s genetic makeup. For example, an individual at risk of early-onset Alzheimer’s should be just as likely to get a job as an individual with no such indicators. Additionally, an insurance company would not be able to refuse an individual their services if the customer shows a high probability of getting a rare disease. However, despite the passing of these laws, they have proven difficult to enforce when personal genetic information can be made public. “All the laws we will ever need to protect DNA privacy are already in place,” says Perry, “but they need to be applied properly to the digital world. GINA is a terrific idea in theory, but how do you know discrimination will be based on DNA?”
The first name that pops into the mind of many when it comes to DNA testing is 23andMe, the company that pioneered the first public affordable service. Founded in 2006, 23andMe received a large amount of money from Google, and in 2007, started offering the first commercially available ancestral DNA testing. Later, they started offering a more in-depth test that looks at an individual’s possible medical future. As of 2020, 23andMe has sold more than 10 million DNA tests, the majority in the U.S. However, the peak of these sales was in 2017 and 2018, and lately the market has lulled due to an increase in privacy concerns.
Other companies have entered this market, allowing for alternative testing options. Ancestry DNA and My Heritage DNA both began developing tests and competing commercially with 23andMe in 2012 and 2016, respectively.
With such a rapidly expanding field, it has proven more challenging to contain information in a way that does not breach a person’s privacy or cause harm. One major concern was racial profiling, whether purposefully or subconsciously. In July of 2015, an app was made available on GitHub dubbed Genetic Access Control. This app was programmed to use information based on an available 23andMe profile to limit the user’s access to specific sites based on their genetic information. Genetic Access Control could disallow access on specifications ranging from race to disease. 23andMe took immediate action, and only three individuals were ever able to use the app. What shocked users was that the coder legally accessed this data based on the company’s open API possibilities, meaning that all of the users who allowed their information to be part of API were open to use by public developers. This breach revealed a weakness in public information access to personal DNA beyond just 23andMe. Anyone with enough knowledge of computers could gain access and use, in a negative way, public information that tied to an individual. More than ever, this case shows that genetic privacy laws need to be better applied to the digital world.
Perry herself took a DNA test through the National Geographic DNA Ancestry Kit, and finalized the process with their privacy lawyers to ensure that her information would not be shared without her permission. Perry asked only for genealogical data on where she came from, so her DNA would not undergo medical tests. When requesting that her DNA swab be destroyed immediately after testing, the only guarantee she received was that it would be done after five years.
“Of course, that’s no guarantee against hacking,” she concluded with a slight shrug. The more valuable the data is, the more likely it will become a target. Personal information is especially susceptible because it is a hot commodity for anyone willing to use it for monetary gain, with blackmail as a major concern. If someone were to gather enough information and then threaten to tell that individual’s boss, family, or friends, that individual could be forced to pay a large sum of money to keep their information private. No matter what the genetic information may be, it belongs to the individual, and the only way to protect it is to stay safe and vigilant online.
Perry highly recommended that all individuals who have any number of passwords should use a password manager such as Keepass. A password manager allows you to store all your passwords in a secure database that can only be accessed by a master key.
Despite the fact Perry commissioned a DNA test, she would not recommend it to the general public. “Unless one has no idea of their antecedents, [like in the case of orphans or those who have been adopted], one has some knowledge of inherited medical probabilities and should base any medical decisions on that knowledge, not what you would find in a DNA test.” Perry insisted that what your doctor would know, based on their knowledge and your medical history, would be enough to let you be aware of any foreseeable health risks. Perry believes that the risks associated with sharing your DNA online are too high, and the results won’t necessarily give you a definitive answer.
“If you were to test your DNA, do so with a reputable company and make sure you can pull your sample and data; and make sure that it is guaranteed,” Perry continues, “If you want to determine if a company has good privacy policies, attempt to contact them, if they respond, then they probably care about your privacy.” While 23andMe’s privacy policy states that they “will notprovide any person’s data (genetic or non-genetic) to an insurance companyor employer,” MyHeritage says that they “will never sell or license such information to insurance companies under any circumstances.” Privacy policies can be worded very differently, and it is the consumer’s responsibility to be aware of what those policies could imply.
For those who would be willing to share their DNA for the greater good, consider the Personal Genome Project, founded in 2005. It is the coalition of several projects around the world, including researchers in the United States, Canada and Austria. Its goal is to create a unified source of data to help further discover more about human genes and health in general. As far as how the information is shared, their website clearly states that their approach is to invite willing participants to publicly share their data for the benefit of the project. They are not vague about what it means to share one’s data either. Not only does an individual go through an eligibility screening, but they also receive a study guide with understandable information on all the protocols as well as the risks and possibilities of them occurring. One possible threat that is mentioned is that a criminal may reproduce a participant’s synthetic DNA at a crime scene to frame the individual. To ensure that participants are motivated only by their willingness to benefit science, they are told under Article VII of their consent form, labeled “Benefits,” that “You are not likely to benefit in any way as a result of your participation in the PGP.”
While building up a database of genetic information can lead to medical breakthroughs and new discoveries, there is a dark side to having a lot of information on a large dataset of people.
DNA usage may grow to such an extent that entire populations will have their personal information connected to their DNA profiles. Already in China, organizations are using their citizens’ DNA for tracking and controlling purposes. Digital and physical lives are being monitored by the government and other organizations, which could allow them to manipulate their populations. This is only one possibility in the future of DNA sharing worldwide. However, many professionals of human privacy and freedom are working in their companies to ensure that a scenario such as this is not implemented.
You walk into an interview. Your palms are sweating. Perhaps due to a combination of nerves and caffeine. Sitting among the other individuals waiting to be interviewed, you tell yourself that you should be confident. The door opens and your name is called. You perch on the edge of your seat, file in hand, and then pass your papers over. The interviewer scans through them and looks up, giving you a bright smile. The interview passes without any problems, and perhaps you even make the interviewer chuckle. In the end, they tell you that they will be in touch, and you know they saw you as an individual, not a bunch of data on a sheet. Your DNA is not for anyone to see but yourself.
