Online DNA profiles create potential privacy risks
A recent scientific study has determined that genetic information that is publicly available online can be used to identify others.
A team of researchers at the Whitehead Institute for Biomedical Research at the Massachusetts Institute of Technology (MIT) was able to identify 50 individuals who submitted personal genetic material anonymously as participants in genomic studies, using only a computer, an Internet connection, and publicly accessible online resources.
“This is an important result that points out the potential for breaches of privacy in genomics studies,” stated Whitehead Fellow Yaniv Erlich, who led the research team.
Intent on conducting an exercise in “vulnerability research”, a common practice in the field of information security, the Institute took a multi-step approach to prove that under certain circumstances, the full names and identities of genomic research participants can be determined, even when their genetic information is held in databases in de-identified form.
Previous studies have contemplated the possibility of genetic identification by matching the DNA of a single person, assuming the person’s DNA were cataloged in two separate databases. This study, however, exploited data between distant paternally-related individuals. As a result, the team notes that the posting of genetic data from a single individual can reveal deep genealogical ties and lead to the identification of a distantly-related person who may have no acquaintance with the person who released that genetic data.
In other words, the posting of a uncle’s DNA online can lead to the identification of a nephew.
Aware of the sensitivity of his work, Erlich emphasized that he has no intention of revealing the names of those identified, nor does he wish to see public sharing of genetic information curtailed.
“Our aim is to better illuminate the current status of identifiability of genetic data,” Erlich says. “More knowledge empowers participants to weigh the risks and benefits and make more informed decisions when considering whether to share their own data. We also hope that this study will eventually result in better security algorithms, better policy guidelines, and better legislation to help mitigate some of the risks described.”
An article in the Boston Globe noted that: “In the era of Facebook and face-recognition software, the loss of privacy is part of daily conversation, but many people do not realize how much they have already sacrificed. Adding DNA to the mix raises the stakes because of how much information it carries about an individual’s disease risk and traits.”
The results of the Whitehead Institute study were published in the journal Science this week.