A researcher, who delved into the security implications of DNA technologies, explains that the increasingly lucrative market for data brokers may simultaneously amplify breach concerns in the health care sector.
Michael Goetzman's research was, in part, inspired by the 1997 film “Gattaca,” which presents a future world where genetic discrimination is made possible through reliance on a genetic registry database. In the real world, employers and health insurers are prohibited by the Genetic Information Nondiscrimination Act (GINA) from requesting or purchasing genetic information which can be used for discrimination, but Goetzman explained that major privacy concerns remain.
On May 14, the Wisconsin-based security researcher, who also works for a nonprofit in the healthcare industry, will present on this very topic at Thotcon, a hacking conference in Chicago. According to an abstract on the Thotcon website, his talk will inform the community that the “dystopian future” depicted in “Gattaca” is here.
As an experiment, Goetzman asked 17 of his family members if they would use popular genetic testing kits on the market. All agreed, Goetzman told SCMagazine.com in an interview, and used autosomal DNA testing services (available to both males and females) provided through 23andMe, Ancestry.com or Family Tree DNA, Goetzman said. As an added bonus, the researcher also asked 25 males with his last name to participate in the experiment, to see if they were related to him by undergoing Y-DNA testing (which focuses on the Y chromosome passed down in males).
Goetzman said that the information gleaned specifically from his family members' DNA tests surprised everyone, including him.
“It helped me solve the 92-year-old family mystery on my adopted grandma,” he said. “We found her biological parents. And that wasn't even an original goal – I thought it was impossible.”
But the family also learned things that “spooked” them, he added.
By turning saliva samples over to the companies, the service providers were able to predict individuals' hair color, eye color and other physical traits (even constructing an individual's face) which, he noted, could be of use to law enforcement seeking out similar information from genetic data collectors. The DNA data also allowed companies to determine genetic susceptibility to certain medical conditions or illness, he explained.
“What's keeping this data, which is essentially text files dropped on your computer, from being disclosed?” Goetzman said. “I'm wondering how many companies or governments contain a mass database of DNA and what should happen if that leaked out onto the internet?” he said.