Stanford Identifies Potential Security Hole In Genomic Data-Sharing Network

An anonymous reader writes: Sharing genomic information among researchers is critical to the advance of biomedical research. Yet genomic data contains identifiable information and, in the wrong hands, poses a risk to individual privacy. If someone had access to your genome sequence — either directly from your saliva or other tissues, or from a popular genomic information service — they could check to see if you appear in a database of people with certain medical conditions, such as heart disease, lung cancer or autism. Work by a pair of researchers at the Stanford University School of Medicine makes that genomic data more secure. Researches have demonstrated a technique for hacking a network of global genomic databases and how to prevent it. They are working with investigators from the Global Alliance for Genomics and Health on implementing preventive measures.

Giving your life away

You're flat-out an idiot if you give your DNA to any database of any kind anywhere. Electronic medical records are likely just as bad though, I have no doubts that all your EMRs are going straight into a government (FBI, NSA, etc) database as just one more means to track the average citizen. Of course just giving a blood sample is probably getting you into a government shadow DNA database anyway so I guess it doesn't matter.

Re:Giving your life away

[ve3oat]

You're flat-out an idiot if you give your DNA to any database of any kind anywhere.

I disagree. The "standard" 67 Short Tandem Repeat (STR) Y-chromosome markers used for paternal-line genealogy are perfectly safe, with one exception. The exception is an extremely rare mutation of one of the markers (DYS410) which carries significant medical information, but it is so rare I have never heard of anyone having this mutation (although someone must have or we wouldn't know about it). So Y-chromosome testing for genealogical purposes is pretty safe. Dozens, hundreds, even thousands of men all share the same values for these 67 markers.

So what's the lesson here?

[WOOFYGOOFY]

The lesson, which the world teaches you daily in the headlines is once data and PID is in electronic form, unless it's encrypted and never decrypted (and thus useless for analysis using today's technology) then it is not safe and WILL be exposed, revealed, possibly leveraged against you in both likely and forseen and unlikely and unforeseen ways.

The lesson is- never believe anyone who tells you that your data is secure.

The implications are- anything you say or do may be used against you. So act as though that's true.

Re:So what's the lesson here?

[gstoddart]

As long as there are no data privacy laws, and until there are very harsh penalties for failing to keep your data safe, your data pretty much isn't safe and never will be.

Between people doing a bad job of anonymizing, or companies wanting to monetize your information, there is no incentive to keep your data secure, and no penalty for failing to do so.

You are completely correct, this stuff will get tied to you, it will get used for things you never consented to, and it will come back to bite you in the ass.

We can't trust corporations with our email addresses or our credit card information. Trusting them with our genetic information is bordering on idiotic.

Much like all those secret spy powers which were only supposed to be used to fight terrorists are now being used to do every other aspect of law enforcement ... this stuff will be used for everything you can imagine.

Once that genie is out of the bottle, you can kiss goodbye the idea of this staying private or not getting abused.

Re:So what's the lesson here?

[WOOFYGOOFY]

Yeah or we stole your DNA and now we will replicate it and plant it at the scene of a crime. It's not impossible and probably not even far fetched. Maybe it's even happened already.

Re:They should use APPS!

[jeffmflanagan]

I'd be disappointed if the stupid app posts aren't automatically posted by an app. It would be too sad if a person is manually posting that to every article.

Re:They should use APPS!

[gstoddart]

Dynamite is for cows, you're all cows ... send in the cows, there ought to be cows.

In Soviet Russia, meme pukes you!

Get over it. Slashdot has always had the drivel, and has always had people complaining about the drivel.

Just be glad time cube guy and the poop guy have slowed down.

Re:They should use APPS!

[kheldan]

Hey buddy, I wouldn't mind if the trolls and shitposters would show a little creativity and originality, but it's the same copypasta over and over again, like they're high-functioning autism-spectrum disorder sufferers or something; if it's going to be noise instead of signal, can it at least be interesting noise?

Re:This doesn't make sense.

[RDW]

Recognizing that a particular genome contains sequences related to heart disease or lung cancer in no way makes it identifiable or linked to a particular person.

It's the other way around. Here you already know the identity of the person and their genome sequence, and are trying to work out if that genome is present in a database of genomes devoted to, say, heart disease, implying that this person (or perhaps a family member) has the condition. Although the 'beacon' databases that the attack targets release only small pieces of anonymous data, the results of multiple queries can be combined to figure out if the database contains the genome of interest.

This is just another scare mongering story, probably clickbait ... nothing to see here, please move along.

Judge for yourself - here's the original paper:

http://www.cell.com/ajhg/fullt...

Re:They should use APPS!

[kheldan]

Oh for fuck's sake, dude.. I suppose you think I'm frothing at the mouth and covering my monitor with spittle or something in anger over shitposters on slashdot? Please. And, there's nonsense, then there's interesting, entertaining nonsense. This repetitive 'apps' crap is neither, it's just boring.

Re:This doesn't make sense.

[L'Ange+Oliver]

Very well resumed!