Furthest Right

The real privacy threat: your DNA made public

Forget deleting browser cookies.

What if you were judged — like you are socially, and economically — but now biologically?

Time named direct-to-consumer DNA exams its Invention of the Year for 2008, following the emergence of companies like 23andMe and Navigenics, which report on your genetic risk of illnesses such as prostate cancer or Parkinson’s. Academic medical research efforts like Harvard’s Personal Genome Project aim to study the DNA of volunteers, hoping to find genetic links to diseases. So do healthcare providers: In December, California-based Kaiser Permanente announced plans to study the DNA of 400,000 members.

The promise of these tests includes drugs that may someday be tailored to treat your illnesses. The peril is that your personal data could circulate more widely than you expect. DNA provides a rich digital source of medical information, which has great scientific value and lends itself to data sharing. But DNA testing currently involves a lightly regulated tangle of private and nonprofit researchers. Once you take a DNA test, it ceases to be your property. Your genetic data could circulate among insurers and employers, or even data brokers and pharmaceutical companies hoping to profit from it.

“Information can be harmful, and the risks great for individuals,” says Patrick Taylor, deputy general counsel at Children’s Hospital in Boston, who has written about genetic privacy. Those risks include the loss of a job or insurance — employers or insurers might not like your DNA profile — and the disclosure of medical secrets or the creation of family traumas. And with DNA, Taylor notes, “Once it’s out, it’s out.” You can change your credit card number, but you can’t apply for a new genetic code.


At first, they’re going to charge you extra for genes that suggest there’s cancer in the family.

Next, it’s going to be on entrance exams.

Finally, they’ll demand you adjust yourself. You’re gonna need to fix that H1V-zA-D4 gene… I can do it for only $2500 if you sign this disclaimer, just in case — it’s less than 1% of the procedures — we turn you into a drooling vegetable instead. Hey, it happens. We’re changing your blueprint after all.

All from the same imperfect science that can’t cure cancer as it is, and is often wrong about many things.

Maybe it’ll get political.

Not diverse enough? Too diverse? To the ovens.

Or it could get social.

You’ve been pulled over, so we need a DNA sample — oops, there’s that anti-social gene. You… um… need to come with us.

Or even become the ultimate control method.

The following samples lacked the genes for proper docility, sir. I recommend they be neutralized.

But there’s an even greater threat.

When people start linking up data from multiple sources, they can form a picture of you that’s completely revelatory. Especially if those sources sell their data to private databases, which they will need to do to bolster ad revenue.

It’s not a far-off assumption to assume people will look through your public persona, find things they don’t like, and then use that as an excuse to look for DNA they don’t like.

Facebook’s new terms of service say that it owns–or at least shares–your uploaded content. Your photos from a company retreat could show up in a Facebook ad. Or Facebook could sublicense the rights to your company jingle in a video. Does Facebook want to use your content like this? It doesn’t matter–the company says it can.

Technically, the terms say that by joining and uploading, “you grant Facebook an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to (a) use, copy, publish, stream, store, retain, publicly perform or display, transmit, scan, reformat, modify, edit, frame, translate, excerpt, adapt, create derivative works and distribute…” your content. Facbook also specifies it can “use your name, likeness and image for any purpose, including commercial or advertising… .”

PC World

Facebook reversed its policy early today, but the principle remains: solid business logic was the basis for this decision. We don’t want to get sued, and we have all this information we can capitalize on, or at least use in our advertising and sell to our business partners.

How many other businesses will do this? And what other data can they link into it:

A Vietnamese researcher will demonstrate at Black Hat DC next week how he and his colleagues were able to easily spoof and bypass biometric systems that authenticate users by scanning their faces.

The researchers cracked the biometric authentication embedded in Lenovo, Asus, and Toshiba laptops by spoofing the biometric systems with everything from a photo of the authorized user to brute-force hacking using fake facial images. They successfully bypassed Lenovo’s Veriface III, Asus’ SmartLogon V1.0.0005, and Toshiba’s Face Recognition — each set to its highest security level — demonstrating vulnerabilities in the systems that let an attacker cheat them with phony photos of the legitimate user and gain access to the laptops.

These Windows XP and Vista laptops come with built-in webcams that work with the facial-recognition technology. This form of authentication is considered more convenient than fingerprint scans and more secure than traditional passwords. The software scans the user’s face and stores the images and facial characteristics. Then the user can log in by scanning his or her face, which is then matched against the image data.

Dark Reading

Run that facial recognition software behind the CCTV cameras that cover just about all of the cities now. ATMs, security cameras, police cameras, weathercams, you name it.

So now we have an activity profile from Facebook and sites like it, a facial profile, and the DNA to match. We can easily filter for those we don’t like, whether we are large corporations, a government, or — most likely the case — an ideologically-minded mob purging biological elites so its Revolution can succeed.

Share on FacebookShare on RedditTweet about this on TwitterShare on LinkedIn