Is your DNA safe from hackers?
That’s a question experts have started asking as more and more people submit DNA samples to companies like 23andMe and Ancestry.com. In most cases, you spit into a tube and mail the saliva in for genetic testing, which then reveals not only your cultural lineage but provides clues about any health risks and genetic disposition. The testing kits cost around $99.
Yet, hackers know your DNA is invaluable. They can collect a sample when you throw out a used Kleenex or sip from a disposable cup. Criminals can collect the DNA sample to blackmail you later on, sell it on the Dark Web, or save it in an archive for future use.
Joyce Lignell, a representative from TimiCoin/TimiHealth, a company that uses blockchain technology to secure your DNA, says that consumers need to approach genetic testing with their eyes wide open.
“When you engage in DNA testing with 23andMe, you make a choice [about which testing and cost model you prefer],” Lignell told Fox News. “But you make the assumption (wrongly) that this is their business model -- e.g., charge me for a kit and provide the service. But as we’ve discovered, that is not the case. Their actual business model is based upon selling their ever-growing data pool of DNA results to whoever wants to purchase it.”
Last month 23andMe announced a major partnership with pharmaceutical giant GlaxoSmithKline focused on “research and development of innovative new medicines and potential cures.” 23andMe customers can “choose to participate in research and contribute their information to a unique and dynamic database,” the companies said, in a joint statement.
As part of the four-year collaboration GlaxoSmithKline made a $300 million equity investment in the consumer genetics specialist, which has over 5 million customers.
“The continued protection of customers’ data and privacy is the highest priority for both GSK and 23andMe,” the firms said, in their statement. “Both companies have stringent security protections in place when it comes to collecting, storing and transferring information about research participants.”
Nonetheless, the use of consumer DNA is in the spotlight at the moment. Reuters recently reported, for example, that immigration authorities in Canada have been using DNA and ancestry websites to ascertain the nationality of migrants.
The FTC is aware of the privacy implications of DNA services. In December, the agency warned consumers about the potential dangers of DNA testing kits. An FTC spokesperson released a statement to Fox News.
“Rather than just clicking ‘I accept,’ consumers should take some time to understand how their information will be used and shared. Consumers should weigh both the benefits and the risks, such as the risk of a security breach. And when setting up an account on a DNA testing site, privacy-conscious consumers should choose settings to maximize privacy.”
Jules Polonetsky, the CEO of the consumer advocacy group Future of Privacy Forum, told Fox News “the risk of DNA theft is not serious right now, but we do see a problem with consumers being unaware of the consequences of sharing your DNA.”
Polonetsky says companies like Ancestry.com and 23andMe require a separate sign-up form that he says is spelled out clearly as an opt-in program for sharing DNA with third-parties.
Lignell disagreed with this, saying: “The fact is those terms are buried in complex language in a lengthy document that probably next to no one reads. Specific sensitive terms are not called out and easily brought to our attention, instead they are intentionally obscured.”
Ancestry.com released a statement to FoxNews.com: “Data security is a top priority for Ancestry and we are committed to continually improving our systems to protect our customers’ data against both existing and emerging threats. We employ technical, physical and administrative safeguards to protect customer data stored in our systems. Ancestry maintains a comprehensive information security program designed to protect our customers’ personal information based on the sensitivity of the personal information collected.”
A 23andMe spokesperson also released a statement to Fox News:
“We employ robust authentication methods and restrict access to our systems through policies and protocols. We also employ software, hardware, and physical security measures to protect the computers where customer data is handled and stored. Personal information and genetic data are stored in walled-off segregated computing environments.”
What will ease the minds of everyday consumers? One avenue is to make better laws about protecting your DNA, beyond the 2008 federal law called GINA (The Genetic Information Nondiscrimination Act), and for states to become more involved. Polonetsky says the key is to know exactly what you’re signing up to do -- and how your DNA will be used.