Fingerprint

Genetic Testing Kits: Unprecedented Privacy Risks

A common belief of technocentrism is that if we have the ability, why not use it? The rapid advancements in genetic testing requires ongoing public awareness. Direct-to-consumer companies like 23andMe and Ancestry.com get access to users’ DNA, which is used to provide insight about genealogy or predisposition towards disease. The falling prices of direct-to-consumer genetic tests have enabled easy access to genetic data for both the end-user and corporations. But this availability creates an increased risk for the abuse of private information.

Privacy Breach
When participating in direct-to-consumer genetic tests, people hand over a DNA sample, usually in the form of a cheek swab, which contains far more information than a fingerprint. Once information from these samples have been entered into company databases, individuals have little or no control over the way it’s being used. “23andMe and other companies say they can protect consumer privacy, but that isn’t a legal guarantee at all,” says Katie Hasson of the Center for Genetics and Society. “When you send your saliva sample off to these companies, it isn’t just yours. You’re also revealing the genetic information of the rest of your family. You’ve given away all the privacy that goes along with it. We must think carefully about the powerful genetic information we are giving to these companies.”

Profit is the driving factor in the growth of genetic technologies. As of last year, 23andMe was valued at $1.5 billion and growing. Part of that value has been generated by selling user data to over a dozen outside pharmaceutical firms, including Genentech, which paid $60 million for the profiles of those with Parkinson’s disease. 23andMe later filed a patent on the genetic marker for the condition. A gene patent means that an organization, company, or individual who first identified the gene and can mandate how it may be used in both commercial and non-commercial settings. While 23andMe tests only scan the genome for known variations, Genentech’s technology aims to get a full genome sequence, which is all of someone’s DNA. This essentially means that these companies may eventually “own” vast expanses of the human genome.

A collection of studies have demonstrated that most of the direct-to-consumer websites do not give adequate information to enable consumers to make informed decisions. Ancestry.com claims, “There is a potential risk that third parties could identify you from research that is made publicly available.” There is unfortunately no way to ensure the security, privacy, or safe handling of genetic information. Most genetic testing companies are based in the USA, but have clients all over the globe. Private data given in the name of genetic discovery could be stolen, get someone subpoenaed in court, or sold for economic gain. In an era of large corporate mergers, there is no guarantee that the original company that processed the DNA sample would not be bought out by another corporation, which may or may not uphold the same privacy policies.

DNA information on direct-to-consumer platforms, like any other online data, is vulnerable to being hacked, leaving sensitive personal information available to anyone who has the skill set to acquire it. A 2017 study by the USENIX Security Symposium found that often, those responsible for DNA sequencing fail to follow computer security best practices. It is also possible to encode malware into DNA sequences. These vulnerable systems leave the sensitive genetic information of anyone involved wide open to manipulation.

Government intervention?
The Genetic Information Nondiscrimination Act (GINA) was passed by Congress in 2008, hindering health insurers and employers from discriminating against individuals based on genetic information. GINA also forbids mandatory genetic testing. However, loopholes in these regulations still leave people at risk. GINA does not cover disability, life insurance, or long-term care coverage. This is a major flaw, as most people with a predisposition for a life-threatening or chronic disease are the most likely to seek long-term coverage or life insurance. GINA also does not apply to companies with fewer than 15 employees.

iStock.com / blueskyline

Unlike a password that can be reset whenever one wishes, biometric data like DNA is unchangeable and associated with individuals for life. We cannot rely on government alone to protect citizens’ privacy, particularly in an era of increasing surveillance. A recent bill in Congress would have allowed employers to access genetic test results as part of workplace wellness programs. It didn’t pass, but vigilance is key. Katie Hasson explains, “We don’t necessarily know all the ways that genetic testing data could be used in the future, so it is hard to make assurances, or to envision what type of discrimination will or won’t be legal. But once genetic data is out there, it stays out there.”

Highest Degree of the Law
Genetic testing companies often claim the information they share with researchers or pharmaceutical entities are aggregated and anonymized. However, matching de-identified data sets with public records can make it possible to re-identify people.

After over 40 years eluding capture, Joseph DeAngelo, known as The Golden State Killer, was apprehended this year and found guilty of ten murders and over 50 rapes in California. Detectives were able to match a discarded DNA sample from the suspect’s home to evidence from the investigation. For the first time detectives used GEDMatch, an open-access platform accessible to anyone who registers. Investigators used the website to scan DNA samples and landed on a hit with the Golden State Killer. But the culprit himself hadn’t used a direct-to-consumer genetic test—a member of his family had. While the outcome of this particular case is surely celebrated, the greater implication of such a database, whereby anyone can upload any genetic information (even fraudulently) with no awareness or permission of those who may be affected is terrifying.

Presently, 23andMe has claimed that they have never turned over genetic information to law enforcement. However, there currently aren’t overarching protections in place to ensure that genetic information wouldn’t be used in a criminal case against you. Storing DNA data in a corporate database means it may ultimately be accessible to the government. Since genetics have been historically used as a tool of discrimination, people of color may be particularly vulnerable to sharing such information with these testing companies.

Enter Dystopia
People may wish to believe that state abuse of genetic information is a doomsday projection. Unfortunately, it’s already happening in China. In the Xinjiang region, police utilize high-tech surveillance technology to monitor citizens. The government aggregates information to closely survey the ethnic population by joining facial recognition technologies with genetic databases and a person’s Internet activities.

Any information given online, no matter the intended audience, could potentially be used in ways we may not be able to foresee. Katie Hasson suggests that “there should be a broader public conversation about how our genetic information should be protected, who can access it, and under what circumstances. These large private companies must be held accountable for what they are doing with this information.”

We voyage in murky and turbulent waters. Extreme care must be taken, as there is a large risk of our sensitive and private information getting into the wrong hands. Think closely before using direct-to-consumer genetic tests, read the fine print, and consider the potential repercussions for future generations and even other members of your family.