Why genetic privacy could be doomed

By Razib Khan | June 7, 2011 1:34 am

I was having a discussion with some friends who have all expressed interest in being genotyped or have been about putting their information into the public domain. They were a pretty savvy lot (half of the six had been genotyped), but one expressed the common sense objection that “someone could find something in the future.” In other words, a really creepy stalker could keep running your data through Promethease. Imagine you’re a really strange person, and you have a bunch of gentoypes of people who you want to know about, and you design a program which scours the academic literature and constantly notifies you when the individuals in your database pop up with a large effect mutation. I have no idea why someone would do this. Perhaps you could be blackmailed by someone threatening to disclose to your employer than you had a 50% greater chance of a heart attack before the age of 60 than the general population? Whatever the details of the concern, they’re general, ranging from inchoate to eloquent.


But all this is moot in my opinion. I think in 10 years most people will probably have at least a genotype with the most informative SNPs. I assume that full genome sequencing will be really, really, common. I also doubt there’s just going to be one copy of this information. Right now digital security is not that great. People only care when there’s a breach. But in reality there are breaches far more often than people realize. Apparently it is common practice for technically savvy organized criminal gangs to exploit security holes at major financial institutions, steal personal data, and then blackmail the institutions by threatening to divulge the information. The institutions usually pay up, as the cost vs. benefit isn’t even close.

One can imagine similar things occurring routinely when genotype information spreads throughout poorly secured medical databases. All you need is one weak link, and it’s out. Right now if your credit card number is exposed because some hackers extracted them out of a leaky database, you call your credit card company and have the card cancelled. If someone gets your sequence you can’t have it cancelled. It’s out there. It’s yours. Forever (barring somatic mutations and ubiquitous gene therapy of some sort).

Of course they might get a sequence, but lack a name attached to it. This happens often with other data, which is why firms sometimes make a big show of having no “personally identifiable information” on file. But a genotype by its nature is personally identifiable. If they have a big database they might cross-check and look for matches. If they don’t find you, they might find relatives. Even if you are confident you aren’t exposed, it is possible a relative of yours is exposed, which would immediately give everyone some information about you in direct relation to your genetic relatedness.

CATEGORIZED UNDER: Genetics, Genomics, Personal Genomics
  • 4runner

    “I also doubt there’s just going to be one copy of this information.”

    Of course there is more than one copy of the information. Every cell has a copy.

    If you really want to ensure your genetic privacy, you had better start worrying about biological copies. Don’t lick the envelope that contains your resume. Don’t leave any hairs behind during the interview. Don’t even think about peeing in a cup for a pre-employment drug test.

  • http://blogs.discovermagazine.com/gnxp Razib Khan

    If you really want to ensure your genetic privacy, you had better start worrying about biological copies. Don’t lick the envelope that contains your resume. Don’t leave any hairs behind during the interview. Don’t even think about peeing in a cup for a pre-employment drug test.

    right. though this is a different issue. getting someone’s information like this requires some investment of time/energy. making a digital copy can be much faster (granted, copying a 3 GB genome isn’t so easy today, but it may be pretty easy in 10 years).

  • http://math-frolic.blogspot.com Shecky R.

    doesn’t even have to be an outside hacker; just a disgruntled or unscrupulous employee at, say 23andMe, may have access potentially to copious info. And many (most?) of the initial DTC companies will go out of business… but their files won’t simply disappear. Yes, genetic privacy is unsecurable in the long run, and I think many users realize that, but haven’t truly thought through the full ramifications for other offspring and blood relatives.

  • Solitha

    “I have no idea why someone would do this. Perhaps you could be blackmailed by someone threatening to disclose to your employer than you had a 50% greater chance of a heart attack before the age of 60 than the general population? Whatever the details of the concern, they’re general, ranging from inchoate to eloquent.”

    The problem is that we have no idea just what DNA technology will be able to reveal about us in the future. There’s still so, so much to be learned.

    Let’s say instead of the heart disease example you gave, it’s a genetic marker predisposing someone to “go postal”. Then it becomes a potential liability to an employer, and possibly even society, to let that person roam free… or have children.

    As for “not licking the envelope” and the effort required – agreed, it requires a lot of time/energy.

    Today.

    We can’t predict how easy it might be in the future, though. How far have we come in the last decade? How much farther might we be in another?

  • http://blogs.discovermagazine.com/gnxp Razib Khan

    Let’s say instead of the heart disease example you gave, it’s a genetic marker predisposing someone to “go postal”. Then it becomes a potential liability to an employer, and possibly even society, to let that person roam free… or have children.

    right. but lets keep in mind that genomics is NOT MAGIC. if there was a large effect variant for “going postal” it is probably already known :-) and it is. a company can simply look at the history of your family from public records today, and ascertain what your probability of going postal is. genomics will probably add some on the margins in the future, but most of the risk is out there to mine if you so choose (obituaries list the cause of death, etc.).

    We can’t predict how easy it might be in the future, though. How far have we come in the last decade? How much farther might we be in another?

    don’t pose rhetorical what-if’s which leave the whole sample space hanging. it’s useless. give some concrete the possibilities. i have no idea what scenarios you might imagine. aliens who arrive in large numbers to become free-labor servitors to retrieve envelopes? it is possible. but plausible?

  • http://oleaeuropea.wordpress.com Tracey S.

    It’s like the internet – what you put up there is pretty much there forever and someone could always use it against it. Unfortunately, while you can control whether you put up embarrassing drunken photos you cannot control the contents of your genome. And we’ve all seen Gattaca.

    To some degree we may have to accept that in the future our genetic information will not be totally private – particularly if we want the benefits the better knowledge of our genes may provide us one day. But we need to make sure our genetic anti-discrimination laws are up to the task of protecting us and are enforced consistently. Of course that still leaves you vulnerable to some whackadoo who wants to do something terrible to you, but there are plenty of ways out there for a crazy bad person to hurt you without your genetic info. If someone really wants to do someone else serious harm and doesn’t care about the law, they will find a way with or without your genome. I’m much more worried about large scale discrimination from employers or others than I am about the lone person who would pore through my DNA and search various databases looking for something to hang over my head.

  • http://blogs.discovermagazine.com/gnxp Razib Khan

    but there are plenty of ways out there for a crazy bad person to hurt you without your genetic info

    yep. much easier ways alas….

  • jb

    In just about all situations I can imagine, someone who knows you personally will know you better than someone who knows your genome. He’ll know your actual strengths and weaknesses, not just your potential. The one exception I can think of is that you have a gene that says you will get a certain genetic disease within the next 10 years. And how often is that going to happen? And besides, presumably you already know that yourself, and have already taken steps, and may not even be keeping it a secret.

  • Jonathan

    “I was having a discussion with some friends who have all been genotyped about putting their information into the public domain. They were a pretty savvy lot (half of the six had been genotyped), ”

    Which was it? All of them or half of them?

  • Mary

    I think we are looking at this from different sides. I agree that privacy cannot be assumed at all for the data. But what we need is protections from misuse of that.

    Denial of insurance coverage is not a theoretical problem. It is real. Criminal database checks seeking relatives are real. There are consequences today, already.

    Other countries have managed to institute protection without inhibiting research and personal use. I thought this article was very compelling–and check out the document in the comments too: “DNA Theft: Recognizing the Crime of Nonconsensual Genetic Collection and Testing”.

    http://www.genomicslawreport.com/index.php/2010/12/09/surreptitious-genetic-testing-wikileaks-highlights-gap-in-genetic-privacy-law/

  • Vlad

    “I have no idea why someone would do this.”

    It’s pretty obvious who would do this: insurance companies. But it seems to me that this type of open access would be a GOOD thing: information asymmetry between insurers and insureds would diminish and thus average health-care insurance prices would diminish (although the differences between the prices paid by different customers would increase).

  • http://elainewestwick.blogspot.com Elaine Westwick

    “Perhaps you could be blackmailed by someone threatening to disclose to your employer than you had a 50% greater chance of a heart attack before the age of 60 than the general population?”

    A more specific example and good candidate for blackmail – paternity. You’d need 2 sets of DNA, but the results are unequivocal…

  • Wrath

    9. Jonathan Says: Which was it? All of them or half of them?

    “They were a pretty savvy lot (half of the six had been genotyped)”

    Should it have been only some of the friends, it probably would have been: “They were a pretty savvy lot (the half of the six that had been genotyped)”

    What we *can* surmise is that *you* were not involved in said discussion…

    <_<

  • http://blogs.discovermagazine.com/gnxp Razib Khan

    sorry about that, it was late and it got confused in a reedit. i think it’s clearer now :-)

  • Pingback: Moderate marginal value to genomics | Gene Expression | Discover Magazine()

  • http://EyeBleedInk.com John Watts

    This has already been a hot bed issue in the pharmaceutical industry where patients who had their DNA, RNA, and other genetic materials sampled by pharmaceutical companies in order to help diagnose or treat an ailment that person has/had. Along the way the pharmaceutical company does other testing on the genetic material (without the donors authorization or notification) and finds a potential treatment and/or cure for another disease.

    The problem now is that the pharmaceutical company claims ownership of this persons genome sequence and therefore cannot only prevent the donor from receiving any potential profits, it also allows the pharmaceutical company to keep the treatment/cure on ice because it competes with a drug they already provide. Again the donor has no say in forcing them to hand it over or make use of it.

    As for genome discrimination, you’d batter DAMN WELL believe it’s happening here and now and it will only get worse in the future if actions aren’t taken here and now to protect it. I still get discriminated against by employers because I have long hair and an ear ring. It makes no difference if my qualifications are above and beyond any other candidate, or that my background check is spotless, or if I can pass a drug test at the drop of a hat; they simply will not hire me because they are discriminative against and an adult male who chooses to let his hair grow out.

    It’s 2011 and I can still be refused a job for having long hair, what makes you think you won’t be refused a job or even health/medical/life insurance because your genome sequence says you have a 30% probability of stroke by age 40?

  • Herpus Derpus
  • natselrox

    How far are we from making personalised poisons? Guns are much simpler but not nearly as sexy. :P

NEW ON DISCOVER
OPEN
CITIZEN SCIENCE
ADVERTISEMENT

Discover's Newsletter

Sign up to get the latest science news delivered weekly right to your inbox!

Gene Expression

This blog is about evolution, genetics, genomics and their interstices. Please beware that comments are aggressively moderated. Uncivil or churlish comments will likely get you banned immediately, so make any contribution count!

About Razib Khan

I have degrees in biology and biochemistry, a passion for genetics, history, and philosophy, and shrimp is my favorite food. In relation to nationality I'm a American Northwesterner, in politics I'm a reactionary, and as for religion I have none (I'm an atheist). If you want to know more, see the links at http://www.razib.com

ADVERTISEMENT

See More

ADVERTISEMENT

RSS Razib’s Pinboard

Edifying books

Collapse bottom bar
+

Login to your Account

X
E-mail address:
Password:
Remember me
Forgot your password?
No problem. Click here to have it e-mailed to you.

Not Registered Yet?

Register now for FREE. Registration only takes a few minutes to complete. Register now »