Cyberbiosecurity
Security is all about keeping something valuable safe. Identity theft is a big issue these days, but we usually refer to the information that identifies us, as opposed to our actual identity, our physical being.
What if someone could steal or duplicate what identifies you physically – your DNA? DNA, when properly analyzed, is the ultimate arbiter of guilt or innocence in many legal cases. While blood type can narrow to a group of people, DNA takes us right down to the individual. We hear statistics like ‘there is a 1 in 18 billion chance this is the perpetrator’. That is not quite accurate. Consider this excerpt from a Los Angeles Times article from 2009 titled FBI resists scrutiny of ‘matches’ by Jason Felch and Maura Dolan…
At the time of her discovery, many states looked at only nine or fewer loci when searching for suspects (most attempt to compare 13 loci when evidence is available). “If you’re going to search at nine loci, you need to be aware of what it means. It’s not necessarily absolutely the guy,” added Troyer’s colleague Phoenix Lab Director Todd Griffith.
Inspired by these findings, defense attorney Bicka Barlow investigated if there might be similar matches in DNA databases to challenge prosecutors’ assertions that the odds of a coincidental match were as remote as 1 in 1 trillion. She found that there were 122 pairs of individuals that matched at 9 of 13 loci and 20 pairs that matched 10 out of about 65,000 felons.
So the issue seems to be a need to go further in the comparison, more than 9 points need to match. They mentioned that 13 matches is the goal. That may be a requirement going forward but that is just a technological hurdle. DNA is still something that is unique to you and you alone if you examine enough loci. There are many articles written that address the perils of not matching enough loci.
So should you be concerned if you have had your DNA collected, say for a site that will trace your ancestry? Well, how confident are you that information will never be accessed illegally? I checked two of the more well-advertised sites and they both discuss their commitment to security. I have no reason to doubt them, but I also know any web site that has been breached has made the same claims before the breach. As with any other information, once you share it, you don’t control it. But so what?
An article from 2009 in the New York Times written by Andrew Pollack showed that DNA evidence could be fabricated…
The scientists fabricated blood and saliva samples containing DNA from a person other than the donor of the blood and saliva.They also showed that if they had access to a DNA profile in a database, they could construct a sample of DNA to match that profile without obtaining any tissue from that person.
Fabricated samples could be used in the same way that people purchase clean urine samples to bypass drug tests. Clean DNA could be used to avoid being denied coverage for a genetic condition.
If a DNA database were to be compromised (and one already was) this information might be sold. Insurance companies might be interested in knowing if you have any genetic dispositions that might affect your insurability, and some might be willing to buy that information.
There are numerous areas where DNA information is weakly protected. DNA information has yet to be recognized as valuable and in need of high level protection – perhaps more so than the financial details of our lives. For now, I think I will let my ancestry be a mystery.