I don't understand how this isn't a violation of HIPAA. Comparing a DNA upload against the medical records of other people without their express written consent seems to me to be wrong.
I think there is a legal issue here around wether uploading your medical data to a 3rd party service allows that service to take ownership of your medical data and allows them to do what they please with it.
DNA absolutely falls under PII (personally identifiable information). I can't understand how a company to collect and use this information without (it appears) any rules or regulations.
Not only is it a security risk and a privacy violation but it has implications for every aspect of your life and the lives of your children and immediate relatives. I can't understand how this can be run out of someone's house with a part time volunteer staff with no security.
The people give their consent, but what maybe actually is surprising is how the police went about it according to the GSK LATimes podcast.
Police made a fake profile online with the killer's DNA. At first they got a match for a relative. It turned-out it too was a fake profile created by another LE agency with the GSK's DNA.
I wonder if they violated the website's terms and conditions by creating a fake account and uploading somebody else's DNA (not that this would be necessarily be illegal).
I suspect law enforcement agencies don't have to worry too much about violating the terms and conditions of a service they're using for an investigation.
At worst, their fake account gets closed by the site and they have to go through proper channels if they want to proceed further.
By creating a profile and uploading your DNA -- you're giving consent for your DNA to be indexed.
Whether or not you should be requiring the consent of all people with similar DNA is the real question -- but given Americans' obsession with individual rights I don't see it changing. In their eyes, why shouldn't they be permitted to upload and share their own DNA?
I know it was a rhetorical question, but because of negative externalities. Same reason I can’t dump pollution in the river that runs through my property, because that polluted your property downstream.
That seems like a much better legal analogy. If anything, this should probably be considered search and seizure without a warrant. That would make the evidence inadmissible in court. Or we carve out searching DNA databases as outside of that amendment. That actually makes more sense to me as even your dna is no longer yours once it’s in the public domain on a hairbrush at the dumpster. IANAL.
So this isn’t about sharing a selfie, this is about sharing a group photo, where other people are partly out of frame, but you can still make out who they are. And if we stitch together enough photos, we can make out a lot of people, people who never even took a photo.
Although, some would be sharp to point out that in the case of a selfie most of your facial features are also not your own. So it’s mostly a question of where we draw the line as to what is personal and what is shared. But in the case of a murder, if we had an actual selfie of the killer at the scene, we would be able to solve the case fairly quickly using standard investigative methods.
I said that in my second paragraph. I also said it’s a question of where we draw the line as to what is personal and what is shared. Do we consider a selfie personal or shared? In 2019, we consider it personal.
Yeah, that's the tricky thing. Individual ownership of information as a principle doesn't cover the set of all things people care about when information is shared between individuals (or infer-able about another individual based on information of a sharing party).
I actually am on the compliance team of a HIPPA covered entity, and your link does not disprove my point.
> Most Health Care Providers—those that conduct certain business electronically, such as electronically billing your health insurance—including most doctors, clinics, hospitals, psychologists, chiropractors, nursing homes, pharmacies, and dentists.[0]
My gym nor personal trainer are covered by HIPPA as just a simple example of health-adjacent businesses for which HIPPA provides no recourse.
> Covered entities are defined in the HIPAA rules as (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards. Generally, these transactions concern billing and payment for services or insurance coverage.[1]
But that's not true. Third parties, companies which do not in any way "bill insurance" or may not even provide healthcare services directly may be considered a covered entity.
>Entities that provide data transmission of PHI on behalf of a covered entity (or its business associate) and that require access on a routine basis to that PHI (such as regional Health Information Organizations (HIOs)) are considered to be business associates under HIPAA
The original point was around genetic testing services. [0] As an example, take 23andme. I know that they take pains to use language that would disabuse a reader of the notion that they were providing medical advice. [1] It seems that 23andme did not accept insurance of any time until after May 2019. [2] I don't know if they are seeking to become HIPAA-compliant now that they ostensibly interact with insurance looking for HIPAA anywhere on their page or various policies turns up nil. Contrast that with someone like Smile Direct Club (page title is "Privacy Policy - HIPAA". [3]
Regarding the BAA exception, if you ever signed a BAA it becomes clear that your interactions with the other party to the BAA are HIPAA covered, even if your normal course of business is not. If a covered entity sends you PHI and they didn't have a BAA in place prior, that would constitute a breach.
When you upload to GEDMatch.com, you are agreeing to make your DNA available to be compared against others for identification or research purposes. That's the entire purpose of the service.
"research purposes" sounds pretty benign though. Most people don't mind helping out some scientists for some intangible greater good. On the other hand if it was phrased "so we can pin crimes on you or your loved ones" people might not be so keen.
Uh...I think HIPAA might be the most misunderstood law in America.
As a general rule: if it's not an insurance company or medical provider (who accepts insurance) HIPAA does not apply. Hint: the "I" in HIPAA stands for insurance.
Just because you emailed your great aunt to tell her you have the flu doesn't mean HIPAA suddenly applies to Gmail.
HIPAA doesn’t extend beyond certain health care boundaries. Disability insurance for example aren’t bound to HIPAA in any way. Once you give them your medical records they can do what they like with it.
I'd imagine the major intelligence agencies have already started their own genetic databases, right? Being able to track down everyone at a genetic level is insanely valuable data from a national security perspective.
Given that the intelligence agencies regularly and aggressively hack every telecom and networking company out there, it's pretty likely that they have already hacked the commercial DNA databases, no? Why wouldn't they?
I'd like to think there is someone out there trying to protect my data, but it's much more likely they are just aggregating everything into a single genome DB that will inevitably get hacked or leaked.
"I'd imagine the major intelligence agencies have already started their own genetic databases, right?"
The gig is up.
It's a law felons give their DNA in some jurisdictions. Felons have families. Felons have great grand mothers. Felons have 2nd cousins. There are 6.1 million felons. I'd image the US is pretty much mapped out by now.
Some police agencies (NYC, for example) collect DNA samples on arrest. And if you're found not guilty, the arrest was wrong, or whatever, they still keep the DNA forever. [1]
But it's not like they conduct knock-and-spit dragnets. Oh, wait... [2]
Even worse is that social service agencies do it. Don't be born in California, because the fact that you suddenly exist means the state gets your DNA. [3]
A desire to control people for mostly petty reasons in order to better society or some such is what led us here. You know what they say about the road to hell.
> I'm able to refuse the state/hospital in California to take blood samples, right?
As sibling asserts, no you may not refuse. However:
> State law requires that parents are informed of their right to request the child’s sample be destroyed, but the state does not confirm parents actually get that information before storing or selling their child’s DNA. [0]
> "I'd imagine the major intelligence agencies have already started their own genetic databases, right?"
> The gig is up.
Absolutely. Also the Pentagon has another excellent source: It stores DNA fingerprinting for US armed forces personnel (so as to identify the remains of MIA/ KIA soldiers). If you could get your hands on that it would probably help fill in the family trees of people involved in intelligence work - I think it is fairly common for extended families to have lots of people working in defence and intelligence.
Presumably the Chinese can combine the family trees from these DNA databases with information from scraping Facebook/ LinkedIn etc and data from the Office of Personnel Management breach. IMO they should be able to connect DNA samples to people in the US very effectively, the DNA will map to a person or a few people and the Chinese will know the work - including intelligence work for the US government - that those people do. So, for example, if they pick a suspicious USB key or document they can take the skin cells of those who handled the object and identify them.
Not just felons, also everyone who works for a government under a fake identity like undercover agents and spies. Just think of cartels tapping into that resource and checking out new recruits: "So, how come you DNA shows you are the son of a cop, have an aunt at the DEA and a brother at the Sherrif's office?"
Shortly prior to its demise, the Stasi was collecting blood and hair samples and storing them in anticipation of future DNA profiling technology becoming available.
I found "Stasiland" by Anna Funder a good read if you don't mind reading a more general history of the Stasi. There are a few examples in there I believe.
I'm not sure about the DNA sampling, but its been widely reported they did have large collections of "scent jars" which were just as powerful as having someone's DNA:
The Stasi had a whole range of methods and means to try to track down people who said or did anything critical of the East German communist regime. Collecting scent samples was used to try to identify those, for example, who had distributed flyers or who wrote critical graffiti.
When they found a piece of graffiti or a flyer then they took a dust cloth, which was usually yellow, and left it for a while lying next to the flyers covered by a protective piece of aluminum foil and then they had their sample. The cloth was then sealed in a pickling jar and stored. If the Stasi later came across a suspect in the process of the investigation, they tried to get a sample from this person as well -- of course, secretly. A trained dog was given the two smells, and if they matched, the Stasi had a concrete name.
Apparently back in 2007, German authorities were using this same method to track activists trying to disrupt the G8 Summit:
In a reminder of methods used by the East German Stasi secret police, German authorities are collecting human scents to trace activists they believe may try to violently disrupt the G8 summit in June. It's proving highly controversial, and there's no scientific evidence that the method is infallible.
DNA profiling technology did exist shortly before the end of the Stasi (the first use in criminal investigation was in 1987 [1]), though presumably they didn't have access to it.
In news coverage of drone strikes/bombings of sites thought to contain known terrorists, mostly high value targets, I've absolutely heard them say identified/confirmed by DNA. Here is the first example I could find:
>A DNA sample from one of the men killed in the U.S. drone attack was successfully matched with a close relative of Mansour, the interior ministry statement said.
They've been taking biometric samples from millions of Afghanis [0] and Iraqis [1].
Wouldn't be too surprised if those ain't the only countries where US soldiers collect that kind of data.
They were also trying to locate bin Laden in Pakistan through use of sham vaccination programs that were actually taking DNA samples. As a result the loss of trust caused Polio to go from the cusp of eradication to back with a vengeance.
I like the claims with al-Baghdadi's n-th death being DNA confirmed. US obtained a supposed blood sample of al-Baghdadi from his right hand man in return for a promise of $25 million and US residency for himself and his entire family. Then, someone in a tunnel, unseen by anyone other than a dog, was blown up by an explosive belt, leaving no remains but small chunks that could be identified. These were then DNA confirmed to be identical to whoever the blood sample was taken from.
Not a blood sample (EDIT yes a blood sample). His underwear was stolen so his shart remnants could be DNA tested. This by someone close to him who wanted revenge and of course 25 mill. The mole was managed by the SDF who communicated with the US.
> U.S. intelligence tested those samples and got positive DNA matches for al-Baghdadi, kicking the hunt into high gear. The informant stole the underwear about three months ago and the blood sample was taken roughly one month ago, a Kurdish official said.
Curiously the articles suggest they used the blood sample in advance of the raid to confirm it was al-Baghdadi, with no suggestion of what they were comparing it to.
OK, thanks, I was unaware of that. You've changed my mind on the issue that we don't really know who the guy in the tunnel was. So we really did get him.
Captured Feb. 4, 2004 as a civilian and released that Dec. 8 as he was seen as no threat.
> "Ibrahim Awad Ibrahim Al Badry, also known as ‘Abu Bakr al-Baghdadi’ was held as a ‘civilian internee’ by U.S. Forces-Iraq from early February 2004 until early December 2004, when he was released," the Pentagon said in a statement. "He was held at Camp Bucca. A Combined Review and Release Board recommended ‘unconditional release’ of this detainee and he was released from U.S. custody shortly thereafter. We have no record of him being held at any other time."
This is also interesting. He didn't start at Bucca:
> This is also interesting. He didn't start at Bucca:
That's also a way to not mention the fact that he also served time in the infamous Abu Ghraib prison around the same time the reports on the on-going torture there were finalized.
As such there's a very good chance he not only witnessed but also experienced that [0] kind of torture, just like neither Abu Ghraib, nor Bucca were exceptions during that time [1].
In that context, it wasn't just a random coincidence how ISIS paraded their prisoners around in "horrible orange suits", as Trump put it, completely missing the reference [2], like many US Americans.
I provided a link to an article documenting the evidence he was there and detailing that he was there when they were extensively brutally torturing the prisoners. Abu Ghraib is in the link title.
What source have you read that said there were no remains? Depending on how exactly he blew himself up, there might very well be identifiable remains intact, such as extremities or even the head.
I mean, the vaccines were real. They were just also a front for a government sponsored DNA heist. Given the actions of the US government, it seems reasonable in the current political climate to refuse vaccines and other on-site medical treatment if you don't want your DNA stolen. In recognition of the communal failure to protect privacy which has led to these programs being potential DNA theft operations, vaccination providers should start letting people take their needles home to self-administer vaccines. Whether or not it's likely in any given case is irrelevant, the government used medicine to steal DNA so now we can't trust medicine. Medicine needs to reinvent itself so that vaccines can be widely deployed without risking further data breaches, and the only way they can really do that is by not collecting the data -- even on a needle.
ISTR that the vaccines offered needed several applications spaced over days or weeks; and that the CIA agent did not return to administer the follow up shots. So the vaccines were real but ineffectively administered.
You could create a culture of - after every injection - sterilising the needles in the presence of the injectee. This would be moderately burdensome but wouldn't avoid the need for blood samples for medical diagnostics so wouldn't really protect against malicious actors taking the role of medical professionals. That sort of behaviour simply shouldn't be acceptable to anyone, not even spies.
As pointed out in other threads, the DNA of your relatives is almost certainly in multiple databases already and that will probably be enough to identify you (or at least narrow things down to a few people). We need laws and cultural standards (in all the cultures) for how that information is controlled and used but I have no idea how we get there.
First paragraph: I don't recall reading that in any of the coverage I saw at the time, but I'm not super skeptical of this claim.
Second paragraph: if I don't trust the magician/doctor not to make the needle reappear after it goes in the waste basket, I don't see why I would trust them to not substitute some other liquid for the sterilizing fluid. Even an on-site incenerator is hard to trust, if we're assuming CIA involvement. These people actually hired a magician (John Mulholland) to write a document explaining magician stagecraft to CIA officers as part of the MK-ULTRA program -- they tried to destroy it when they realised congress was going to request those documents, but a copy survived and got republished decades later. I wouldn't trust my own eyes to notice when a well trained agent swapped needles in front of me, and I can't imagine any on-site procedure I would trust as much as taking a needle home with me. As for blood tests, I don't see why I should have to opt into these to recieve vaccines. Medicine can be modular.
Third paragraph: I get that the cat is out of the bag for most people in my country -- I have second-degree relatives who are already in the database. This isn't (yet?) the case for many people living in the third world, which is where most of the backlash to this practice actually occured. I also think that insisting on practices that make future generations more difficult to track are reasonable, even if it will take some time for the genetics to get swashed around enough for these efforts to matter.
This might be wrong but it was reported in some publications at the time: "In March health workers administered the vaccine in a poor neighbourhood on the edge of Abbottabad called Nawa Sher. The hepatitis B vaccine is usually given in three doses, the second a month after the first. But in April, instead of administering the second dose in Nawa Sher, the doctor returned to Abbottabad and moved the nurses on to Bilal Town, the suburb where Bin Laden lived."
I think we'll have to agree to disagree over the possibility or desirability of running low-trust vaccination campaigns. FWIW I upvoted your first comment, even though I disagree with part of it.
> I think we'll have to agree to disagree over the possibility or desirability of running low-trust vaccination campaigns.
I can happily agree to disagree about such things, but I will point out that you still have to live in a world with crazy idealists like myself who will become potential disease vectors if not provided a low-trust mechanism for vaccinating themselves. That isn't intended as a threat, just food for thought when considering cost/risk analysis from your own worldview.
Major intelligence agencies have people working at all these companies like Google, Facebook, 23AndMe, Ancestry.com, etc with unfettered access. Just like how they infiltrated the nuclear programs of various countries and stole secrets, it's the same thing except 100x easier because the level of security is so much lower and easier to hack.
If you don't think that squads of spies for Russia, China, the US, Israel, India AREN'T working at these companies you are woefully naive.
> Given that the intelligence agencies regularly and aggressively hack every telecom and networking company out there
This is a common misconception, as long as we are talking US companies and US agencies, they don't need to do much of that, thanks to the third-party doctrine [0] they do not even need a legal warrant.
Now add in the fact how popular ancestry tests have become, and how even that data is openly monetized, it's not that far of a reach to assume US intelligence agencies have been building their own aggregated DB.
If you're interested in learning more about the power of genetic genealogy and its real-world applications, I'd highly recommend the New Hampshire Public Radio podcast Bear Brook [0].
It doesn't cover this particular attack, but it does discuss the way databases were used to identify the victims of a murder that took place decades ago. In that case, there was a lot of work done tracking down branches of family trees, and asking living people to submit their DNA to these databases to help fill in the gaps that prevented positive identification of the victims.
That's less and less of a concern: firstly, there are far far fewer adoptions this century due to both acceptance of being a single parent and because of access to abortion and birth control. Secondly, it won't be long before every adopted child learns about DNS testing in school and as soon as they are of age (or can fake ID) they will find relatives [Source: have volunteered in the field].
This will lead very quickly to no more anonymous adoptions. I'm in favour of open adoption as studies have shown it's healthier for the child but that's my own personal bias outside of the technology.
> 23andMe chooses to use all practical legal and administrative resources to resist requests from law enforcement, and we do not share customer data with any public databases, or with entities that may increase the risk of law enforcement access.
At the risk of sounding overly cynical I'm going to sound overly cynical - I don't think that statement is worth the pixels it's activating. They are going to say whatever they need to say to keep the money rolling in. It could be a lie, it could be something that changes tomorrow without notification. They don't care because why should they?
Why would they care about saying it and not care about doing it? Obviously they've identified that their customers value those protections, so if they were demonstrated to be lying about it or changed their policy in the future don't you expect that they'd risk losing the customers who made the choice to use 23andme based on their progressive law enforcement policy?
That's the market-based ethics enforcement. Usually this cause and effect link is too weak to be practical. Business incentives are short-term, leadership changes, companies get bought, business models change, and market transparency is low.
True, prioritizing short-term gains creates incentives to lie. But they've stood by this progressive policy for quite some time now even though scrutiny of law enforcement access to DNA databases is higher than ever. So I'm not convinced they're lying. Believe me, if there is any sign that that's the case then I will be deleting my account as soon as possible.
If you read that, and think this means they don't cooperate with legal requests, then you've really made a huge mistake.
They "resist". All that means is they ask for a proper legal document, such as a warrant.
Warrants are easy to obtain. Judges give them out like candy, and I'd be incredibly surprised if after the success of the Golden State Killer case, that 23&me doesn't get 100's or 1000's of search requests per month.
Sure, they are probably not ever getting the full dataset, but you don't really think they are actually contesting the legal authority of the government to do this right? 23&me is not your doctor. You have no HIPAA protections.
They also publish transparency reports and have a policy of notifying users whose data was subject to subpoenas. See the full text of the linked page for more details.
It's literally ran by Sergey Brin's wife. Some day your data will be part of Google. I'd say we are still a ways off from connecting DNA to advertising, but I'm sure google will "boldly" take us there.
I guess you missed that Sergey had an affair with a young Google employee and divorced Anne Wojcicki. Since then he's remarried another woman, and they have a child together.
Oh god! They divorced in 2015. I am sure if Google had any such plans, it is just as likely with any other CEO up there. Let us worry about real conflict of interest happening elsewhere in Politics, Climate change etc which might dooms us all before these...
>Oh god! They divorced in 2015. I am sure if Google had any such plans, it is just as likely with any other CEO up there.
Any subsequent marital issues or extracurricular activities of the individuals concerned cannot erase the fact that the venture was literally bootstrapped by Sergey Brin and Google.
I wanted to have it done so badly, but now I'm with you. Anyone have a cost on analyzing your DNA privately? Then the breach is just you+1, and you could use a fake name (I know, I know, that isn't foolproof when DNA is involved)
For what 23andme does, a couple hundred probably, maybe under 100 if you went in with several people. You could have your whole genome sequenced, the materials and service cost would be in the neighborhood of $7000 commercially.
Data analysis costs vary widely, depending on what you want.
That's awesome. Do they have a good track record of privacy? I read what they have on their site, but I can't just take them at face value with something as valuable as a whole genome.
For a while Veritas claimed to offer full genome sequencing for $1000, but I believe they've recently reduced the price to $600. Also, in refreshing my memory on this company with some light research, I found this published 40 minutes ago:
You can delete your data fairly easily from their website. Takes about 30 seconds. Of course this assumes your data hasn't been leaked elsewhere, and that they are compliant.
Many systems don't actually delete data; they set a "deleted" flag that often causes the system to behave as if it did from the customer's point of view, but the data stays in the database for perpetuity.
That means in all likelihood it is still there, and may actually still be being served to other users.
> Many systems don't actually delete data; they set a "deleted" flag that often causes the system to behave as if it did from the customer's point of view, but the data stays in the database for perpetuity.
> That means in all likelihood it is still there, and may actually still be being served to other users.
Even if you take it "anonymously", they will be able to link you to your family/relatives/etc. It wouldn't be too hard to track you down. They may not know your legal name, but they would be able to know who your parents, siblings, cousins, etc are.
Sure, but you would be giving them your DNA, which can be mapped back to you through other peoples DNA that are in any way related to you. What I am saying is, that once someone else has your DNA, all aspects of anonymity are gone.
To reduce exposing "who" you are, then you would have to ensure that nobody currently related to you, or future offspring, ever get their DNA stored, are never arrested, are never in a medical facility that stores DNA samples, and so on. You would also want to verify that nobody related to you has ever been arrested or provided their DNA willingly or otherwise.
DNA can also be used in conjunction with computer modeling to draw a picture of approximately what you look like. That image can be compared to state ID card data. This was done for a brief period in Japan, using chewing gum stuck to bus stop benches, to show off their software. Here [1] is one example from 2013.
In summary, to remain anonymous, you would need a kit that you operate at home, that does 100% of the diagnosis and reporting in your home, with no DNA and no data leaving your home whatsoever.
If your brother or sister submits their DNA it's going to be immediately obvious you are siblings. Same goes for your parents. There is some ambiguity if it's aunts or cousins, but you might be able to work it out.
It should be very valuable for counterintelligence to check the legends of enemy agents. If the DNA of the suspected agent identifies relatives that are implausible given the provided back story, further investigation may reveal that the legend is false.
It should also be valuable for screening candidates for security clearances. Are the relatives named by the candidate related to the candidates DNA relatives? If not, further investigation is warranted.
Then it would just be a matter of subverting the DNA entries (in the database). Either in the public sources, or in opposition's database. Replace the true DNA data with your agents actual data.
You're an American agent in Moscow. They can easily get a real sample of your DNA and run a match. Now they know your real relatives. How do you fake this?
Even if the CIA create a complete web of fake identities in the DNA database, how do you stop a real relative uploading their DNA?
But like other things, such as social media, big data, and blockchain, it makes it harder to establish secure fake identities. Inhibiting the creation of fake identities inhibits both criminal activity and covert operations of law enforcement and national security.
Indeed. I did a genetic test, and a year or so later got an email to the effect "apparently my grandfather isn't my grandfather but one of your (distant) relatives".
This will be an unpopular opinion but we should index the DNA of every citizen.
The two objections are 1) exposing genetic health info 2) foreign countries can identify our spies.
For #1, I have news for you: insurance companies already build risk profiles of you, DNA profiles are not going to tip the balance of your premiums against what they already know. This ship has sailed. (and TBH if they didn't insurance would likely be even more unaffordable and out-of-reach than it already is)
For #2, I can't say.
But think of the benefits: how many more crimes would be solved? How many LESS innocent people would go to prison for crimes they didn't commit?
Plastic straws, browsing history and DNA indexing are white people problems, IMHO. Look at what it's like to be black in America in 2019: Botham Jean was sitting in his own apartment, eating ice cream, watching a ball game when a white off-duty Dallas police officer broke in and murdered him for no reason.
She'll be out of prison in 5 years.
The rise of body cams has the last 10 years has shown these types of incidents happen more frequently than we ever wanted to admit.
How many people are hurt in real life by things like DNA indexing? Please. It must be nice to be so rich to worry about frivolous non-problems like these. A national DNA index could keep a lot of innocent (mostly minority) people out of prison but oh no god forbid a white person be revealed to have a genetic marker for Alzheimers and their insurance premiums go up. The horror.
Who suffers from government lists of potential terrorists, criminals, and their relatives? It's not a "white people" problem. That would be a problem faced primarily by dark-skinned people.
And really, what else would the government do with a database of the DNA of every person in the country, other than use it to track and profile people of color? Could you imagine being "stop-and-frisked" for your DNA to see if you were related to any known criminal, and then questioned under suspicion that you might know where they are hiding?
It seems simply crazy to say in one breath that government and police abuse their power, and then in the next say you want to give them authority to keep files on every single person with impunity.
It's comical that you think this is some 1984 thing that will happen if we enable DNA indexing...the fact you don't know it already does happen shows just how far removed your experience is with police from those of black and Hispanic people in America.
If you're Arab flying into the country? Even worse.
If anything DNA indexing would allow innocent, unaffiliated people to not have to endure the indignity of what they currently go through.
So... you are saying: "We can't trust police, let's give them more powers"?
I think your expectations on how many crimes a DNA database would solve is vastly over-estimating. For example, even if a rape case collected DNA evidence, most of them never actually process those kits. You can't solve a crime if you never look at the evidence to begin with.
I think a DNA database is a solution in search of a problem.
What is this implicit assumption that DNA index = power?
Power to do what? Identify you? They already (try to) do that! A DNA index is just a superior authentication mechanism, one that would involve a lot less suffering for those being identified.
You don't experience the problem because you're likely wealthy and probably white. The fact that rich whites can so easily dismiss even the idea of police authentication as a problem just shows that rich white America isn't even aware what poor black people go through in this country every single day.
DNA can be synthesized for $2 a gene. DNA tests as used in crime labs only check dozens/hundreds of genes to make a match.
With a database of everyone's DNA, anyone can be framed for anything.
Sorry, but this fundamentally misunderstands how sequencing technology works.
The kind of DNA sequencing you do on the population/genome scale is of relatively low quality and depends on a reference genome. It is not a de novo sequencing. Particularly challenging are repetitive sequence areas; high-throughput sequencing utilizes short reads that cannot be unambiguously assembled or mapped in these areas. If you have two sequences that have AGAGAGAGA... on their ends, you cannot determine to what degree they overlap. Only reads that span the repetitive sequence with sufficient margins can be unambiguously assembled or mapped.
DNA fingerprinting, however, relies precisely on robust characterization of these repetitive sequences. These sequences experience many errors during replication that produce high diversity in a population. Your unique suite of sequence lengths is used to identify you. This is assessed with restriction digest fragment length polymorphism analysis (RFLP analysis), an entirely different technology from high-throughput sequencing.
These repetitive sequences are also difficult to synthesize, for the same reasons it fails in real organisms. RFLP analysis is, therefore, about the most robust way you generate a DNA 'fingerprint'.
This situation changes if the sequencing technique used generates longer reads. Thus-far, the economical option always uses short reads, and this technique is perfectly suitable for the kinds of analysis done. It would take a breakthrough in sequencing technology for this to change, which is certainly plausible, but is not the current reality. A future concern, perhaps, but science fiction for now.
This is interesting. But can I know ahead which genes will be tested? Is it always the same set?
Basically, I'm asking: is this really true? Given a drop of your blood I can frame you today for anything plausible for under a $1000? It's kind of difficult to believe.
They can only test a relatively small group of SNPs, and they chose the ones that (at the time) believed differed the most from one person to the next, so as to maximize the probability of being able to distinguish between individuals.
But if you've got everyone's DNA, then you can calculate those SNPs for everyone, and then easily create kits that would allow you to frame anyone you want just by leaving behind samples of "their" DNA at the crime scene of choice.
I feel like I'm asking something you already answered, but just to make sure: this implies, that to frame specifically you I don't need everyone's DNA, I just need a sample of yours, right? And if I understand correctly, DNA evidence is treated with quite a respect in court?
So, if I really can make a sample of "fake DNA" (that will be indistinguishable from the "real" for forensics purposes) for a couple hundreds dollars, I really can frame anyone I know for anything (right now!), because getting a sample of their DNA isn't really that difficult.
It doesn't quite add up in my head, because if it's so simple, why the courts would even consider it hard evidence?
Not that $2 a gene isn't in our near future, but the method you're citing is highly error prone (on the order of 80% misassembled) and (hopefully) wouldn't look like a natural sample to a forensic lab. Commercial prices for gene assemblies are still ~$200 per, so not super accessible yet.
You should look up the no-due-process list of "terrorists" (some real, I grant) who have problems at airports. Then think about what governments like to do with lists of people in general.
Exactly! If we had a DNA database we could quickly clear people as innocent.
Instead we rely in inaccurate authentication measures like birthdays and names and photos...hence endless suffering.
DNA would positively or negatively identify people.
Besides, people are already voluntarily doing this at airports as part of the CLEAR program. So your horrible awful terrible nightmare scenario...literally goes on every day at major American airports.
> If we had a DNA database we could quickly clear people as innocent.
Only when you have a sample to compare it to that definitively came from the perpetrator (not just “was found at the scene and can indicate that whoever it came from was present”.)
Is the TSA the FBI? They're not looking for perpetrators, they're looking for terrorists. I promise you the US government has a vast database of biometric information of suspected terrorists.
The fact we all have to suffer thru terrible, imperfect authentication techniques like looking at your birthday shows we should have a database to save us all the grief.
Honestly all your arguments are actually GREAT reasons to have a national DNA index.
Somebody having their own position on an issue that you believe impacts one ethnic group more than another is not racist. Having a position on an issue that is motivated by which ethnic group you believe it impacts is outright racist. I guess these days I probably shouldn’t be, but I am shocked to see openly racist rhetoric on HN.
Oh no... that's the website !? PHP 5.6 has been end of life for going on a year now. I mean I get it. It's a small team of volunteers. They don't have the resources to manage something like this.
The attitude of the founder is very concerning. He doesn't seem to grasp how serious managing over a million DNA records is, even after experts and researchers try to tell him.
The should temporarily pull the site down, or at least disable the search until work can be done, as Mr. Ney suggested to them. The site isn't a money maker, what would be the harm?
Listened to a podcast that featured the founder of gedmatch.com. He definitely didn't seem that tech savvy, and from the discussion about the company/site, it seems plausible that it is.
How is it a national security leak? Bad certainly but wolf has been cried so many times around "national security" that replacing it with "because reasons" or similiar would cause no loss of meaning.
It seems the concern is that if a foreign power is suspicious that someone might be a spy, they can collect their DNA and run it against this database. If the spy's relatives are in the database, they will be flagged, and likely make it easy to deduce the true identity of the spy. This could then leave the spy in a compromised situation.
So that's exactly the analogy they wanted to use. The point is that "national security threats" can be a serious danger, but if you claim something small is a "national security threat" too many times then it starts to lose its meaning and urgency.
What if the threats are all very real but human nature is to grow fatigued by warnings and become ever more complacent even when the wolf is at the door?
It's an interesting idea, but for a whole bunch of biological reasons, I suspect it would be exceedingly difficult if not impossible.
First, we don't actually have the ability (as far as I'm aware) to use a particular genetic sequence to activate some drug that would work systemically. Second, we don't have the ability (as far as I'm aware) to recognize an identifying sequence, then do DNA damage elsewhere in a life-sustaining gene. Lastly, it takes so long to identify the output of a gene (protein, siRNA, rRNA, or whatever) and make a drug targeting that output that even if you were able to target a coding region, it would be far faster to kill them by more traditional means.
Once the cat's out of the bag, it will be an arms race between biological attack and biological defense. Rich people and politically connected people will be vaccinated against the murder-viruses. And those are the only ones worth spending more than a brick of ammo to kill.
It's far easier to take an already-deadly disease that kills indiscriminately, modify it to have shorter incubation time and higher kill rate (so it burns itself out before going pandemic) and shoot it at a target on a spitball or with a Bulgarian umbrella, while they're on their way to meet with everyone else you want to kill.
Either way, that's still leaving biological evidence all over the crime scene, and has the potential to kill a lot of people you weren't specifically targeting. So the preferred methods of assassination will likely continue to be poisons, firearms, and explosives for a long time to come.
i believe that we have those capabilities already. super expensive + high risk we don’t actually understand what we’re doing but the capabilities are there. the future is now
Frank Herbert's novel, The White Plague targeted women only (and had male carriers). When I read it in high school I realized targeted assassinations would eventually be possible.
I hang out with the local DIY Bio group a bit (even though I know bugger all about this subject, really, and do not consider myself a "biohcker"), and somehow the subject of "targeted assassinations" came up. After part of that conversation, I walked away with the understanding that my interlocutor (who was an actual expert in some aspect of this overall field) was saying that - in principle - you could engineer a mosquito to both A. carry a deadly disease (Ebola, Zika, Malaria, ??) AND B. only be likely to bite somebody with a specific genetic profile.
As I recall, the individual I was talking to said that the didn't think it was possible to carry out that exact scenario today, but that it was close enough to reality to not be science-fiction, and would definitely be possible eventually.
This is one of my greatest fears and I think it may be the ultimate demise of humanity.
Imagine a virus that has a 90% mortality rate among East Asians, but only a 10% mortality rate amount Europeans. Or vice versa. It breaks the concept of mutually assured destruction because the attacker might believe that other nations do not have the ability to strike back, or they can construct feasible defenses against a counterstrike. Release the virus then close your borders and ports.
It also would of course be easier for a non-state actor to construct a world-destroying biological weapon compared to an arsenal of nuclear weapons. You can hide a biological weapons lab anywhere.
Almost certainly impossible. It's not a matter of newer technology, it's just that DNA doesn't work that way. You'd have to have some kind of weapon targeted to a specific person's entire genome (based on a sample of it) to not end up with an insane amount of collateral damage.
Human DNA is almost identical in every human that lives, and genes are present in everyone that are not active. You'd try to target a given group of people with e.g. brown skin and short stature and you'd end up killing your neighbors plus some other random people half a world away.
An interesting example of technology and the tech that defeats it evolving together, a friend with leukemia who received a bone marrow transplant was told that a DNA test using a blood sample would identify him as a woman, the person who donated the marrow.
So what I'm getting is that the ship has sailed, it's too late to prevent the spread of DNA information, and what we should focus on now is risk mitigation, legal and otherwise.
Police matched the killer's DNA with one of his relatives' DNA in the DB, started digging in his family and found someone matching the profile of the killer.
Police then watched him and got his DNA from a can he threw away to give them the exact DNA match.
It doesn't matter, with family searches. The "grim sleeper" was caught because his son committed a crime and they put his dna into a database. Searching the database they matched a relative, then did some sleuthing.
Say you arrested someone and wanted to establish family ties like find their brother, determine if they belong to a certain clan etc. If those ties were in that DB, you could find them with that data.
Seems like this database plus a sufficiently advanced version of the CRISPR process would allow nation state or companies to manufacture DNA that collided with the DNA of real people, very scary.
"risk exposing people’s genetic health information..."
Genealogy DNA tests only use 0.07% of a person's DNA (that's 0.0007 or seven ten-thousandths). Plus it's in the non-coding or "junk" zone of the chromosomes. Not much opportunity to figure out people's health issues from that little DNA.
>. Plus it's in the non-coding or "junk" zone of the chromosomes.
The site themselves aren't important but they are physically linked to important sites. DNA is a chain, if you which section you are in and roughly what it looks like you can infer someones disease state.
Companies like 23andMe regularly improve their technology and offer upgrades to get improved results. On this page [0], you can scroll down to "23andMe Health Reports by Chip Version" and select "See All" to see the changes.
My colleague is just bringing out a paper that shows that for variants that are rare in the population, the techniques used by 23&me and similar produce results that are almost exclusively false positives.
https://www.biorxiv.org/content/10.1101/696799v1
The thing is, there are so many sites being sampled that any one false positive is buried under a mountain of true positives.
False positives only matter when you are trying to be definitive about disease diagnosis. That is why clinicians follow up with more sensitive DNA tests after something like 23 and me detects a deleterious variant. For something like ancestry, the number of true positives is so ridiculously large that a few false positives don't matter.
I think there is a legal issue here around wether uploading your medical data to a 3rd party service allows that service to take ownership of your medical data and allows them to do what they please with it.
DNA absolutely falls under PII (personally identifiable information). I can't understand how a company to collect and use this information without (it appears) any rules or regulations.
Not only is it a security risk and a privacy violation but it has implications for every aspect of your life and the lives of your children and immediate relatives. I can't understand how this can be run out of someone's house with a part time volunteer staff with no security.
Mind Blown.