DNA is the New Data
Worried about your SSN? Wait until someone owns your genetic code.
Data breaches are pretty much a daily occurrence. We’ve become desensitized to them. How many people reading this think it’s manifestly impossible their data hasn’t been compromised? Not one. Maybe yours hasn’t, but the chance it has is very real. This doesn’t mean one shouldn’t be careful with one’s personal information, it simply means we live in a world in which data and identity theft are real possibilities, even when we protect ourselves.
Which leads me to DNA, the most personal piece of data, and one which is increasingly being recorded and stored in online databases, particularly those of websites such 23andme or Ancestry.com. These sites offer legitimate (and perhaps valuable) services. They are not scams (as far as I know), and they can shed light on interesting elements of family history and maybe even provide helpful analyses of potential medical issues. Like with other sorts of data, there are real — if potential and as yet unrecognized — benefits to sharing your DNA.
Of course those same potential benefits exist when you willingly cede your data to Google, Facebook, Apple, etc, etc, etc. The same risks exist as well. Someone could easily steal your data from one of those companies or the many others to whom you have given your data or who may have received it from the company to whom you gave it.
Recently some of the DNA-testing companies have come under fire for their policies on the ownership of DNA, a question that has even more serious implications than it does when applied to the ownership of other forms of data. The policies of companies like Ancestry.com and 23andme have been parsed thoroughly with critics claiming that these policies give said companies ownership of your DNA. This interpretation is neither wholly true nor wholly false; many of these companies make it explicitly clear that they do NOT own your data in the traditional sense while also making it explicitly clear that you ARE licensing your DNA to them to share as they see fit.
On the face of it, these policies make sense. But therein lies the risk. Without assuming any nefarious intent on the part of the aforementioned genetics companies — and I’m being generous here, as the more we learn about how Facebook was exploited during the 2016 election the more we see that Facebook did act deceptively and manipulatively — the possibilities for abuse of the data are evident.
The first question is: with whom will Ancestry.com, et al share your DNA? Assuming no ill-intent, it is still very easy to imagine Ancestry.com sharing your DNA with an organization they deem to be legitimate, but which itself is a nefarious actor (think Cambridge Analytica). There will be no shortage of legitimate and illegitimate medical institutions seeking to obtain DNA data for all varieties of helpful and harmful purposes. Before you give your DNA to a company like Ancestry.com ask yourself if you trust them to make the correct determination about with whom they should share such personal info.
For argument’s sake assume that the genetics companies do make good decisions about the organizations with whom they share your DNA. What then of the safety of your data on the servers of the genetic companies? Do you trust that no bad actors will attempt to steal your DNA? If hackers are capable of breaking into the servers of established multi-national organizations like Sony and Marriott — not to mention the federal government’s Office of Personnel Management — does anyone believe the firewalls of 23andme are up to the task of keeping your genetic code safe?
Finally, of course, there are the as-yet-unknown and perhaps as-yet-unimagined uses for your DNA, a topic worthy of its own lengthy analysis. Undoubtedly there are medically-beneficial applications of this data. The knowledge we may gain, the diseases we may cure, the pain we may erase from the future, these are all noble aspirations which might be achieved by doctors and scientists able to access massive amounts of DNA data. There is another side of the coin: the knowledge we may gain, the diseases we may create, the pain we may learn to inflict in new ways, these too are possibilities that access to mass DNA data may unlock.
Are these risks reason to eschew sites like Ancestry.com and the services they provide? I don’t necessarily think so. Nor are the risks reason to disavow the collection of genetic data as a way to advance medical science. However, giving over your most sensitive and personal data is also not a decision to be made lightly. If the last decade is any evidence there is someone, somewhere who will soon obtain your DNA once you’ve chosen to share it with a genetics-testing company. Already artificial intelligence systems are built upon mountains of data with which the machines can learn to teach themselves. While I see the possibility of huge benefits, the idea of an AI algorithm crunching my DNA as part of a mega data set and sharing it with (insert unknown and possibly nefarious actor of your choice here) isn’t a pleasant thought.
The current political moment is ripe for having a conversation about protecting our data, including our DNA. Whether this last datum is considered in the broader conversation is TBD but seems unlikely. And if no regulations on the collection and use of genetic information are passed soon my guess is that the catalyst for such regulations in the future will indeed be something dark and ugly.
