Two years ago, I moderated a panel at SXSW called “Is Your Biological Data Safe?” Looking at the panelists—a woman who runs a DIY bio lab, 23andMe’s privacy officer, and an FBI agent—it was not hard to determine at the time that the answer was, and is, “no.”
DNA sequencing is cheap and accessible; companies with large databases of genetic material have to think about how (and if) they’ll protect it; and yes, the FBI is interested. Much of the panel focused on two news items:
- Artist Heather Dewey-Hagborg used DNA “found” on wads of gum, cigarette butts, or a strand of hair, sequenced it, and created masks intended to look like the person who left the DNA behind.
- A company called “PooPrints” had begun offering a service in which it sequenced the DNA from dog shit that had been left in the common areas at condos in order to identify the dog (and the owner) who left it there.
These were relatively harmless but dystopian examples of possible DNA use (this was the point of Dewey-Hagborg’s art project), but it wasn’t hard to imagine something potentially more insidious.
Now, we have that example. Alleged serial killer Joseph James DeAngelo was caught because one of his relatives submitted their DNA to an open-source genetic database for researchers called GEDMatch, which law enforcement used to match to DNA left at one of the crime scenes.
I would start by suggesting that you not submit your DNA to centralized genetic databases
It is, of course, a good thing that DeAngelo, the alleged “Golden State Killer,” was caught. But it should frighten you that police used an open-source genetic database to do it. As we’ve seen with so many other privacy overreaches, law enforcement uses questionable tactics on serial killers, child pornographers, and terrorists and later uses them on petty criminals.
The general consensus at our panel was that we are leaving our DNA everywhere, all the time, and so it’s difficult to keep your DNA “private” (this was a year-and-a-half before Black Mirror’s “USS Callister” told a story about a creepy man harvesting DNA from his coworkers’ coffee cups, napkins, and lollipops.) You can’t change your DNA like you can change a password and we’re inherently broadcasting it all the time, so what, exactly, can we do?
I would start by suggesting that you not submit your DNA to centralized genetic databases. Open-source databases are accessible by anyone, and private ones are subject to subpoena or, possibly, hacking.
In the same way that we should be careful about who we give our social security numbers or fingerprints to, we should also be careful about who we purposefully give our DNA to. I understand that DNA sequencing offers lots of promise as personalized medicine becomes more attainable, and that online DNA sequencing companies have likely helped some people learn that they have certain genetic diseases.
But there have been enough DNA-related snafus that have come to light in the last few weeks and years that make me think that willingly giving your DNA to a large database isn’t worth the risk. We learned that, before arresting DeAngelo, police wrongly identified an innocent man as a suspect in the case based on his DNA. We learned that an innocent man’s DNA was recently used to frame him for grisly murder he didn’t commit. We learned that consumer DNA test results are inaccurate roughly 40 percent of the time. One DNA-testing company was unable to tell the difference between human DNA and dog DNA. 23andMe and other DNA-testing companies are also lacking when it comes to being able to assess the genomes and ancestry of people of color. We learned that before turning to GEDMatch, police subpoenaed the DNA of an innocent person from another DNA testing site.
The fact is, we don’t know how our genetic sequence will be used, who it will be accessed by, who will cross-reference it, or who it will be used to implicate now or many generations in the future. Even if you don’t plan to become a serial killer or even a petty criminal, it is likely a mistake to willingly hand over your DNA to people who promise to store it in a place where it is meant to be accessed. Unless you never leave your home you really can't "protect" your DNA, but you can still avoid paying someone to make you less safe.