At the forefront of headlines in biomedical research these days, are the advancements in medical diagnoses and meta-analysis of large groups of people based on their genetic profile, or genome. Much ground has been gained in the research of genetic medicine, in the last decade the field of genomic research has exploded, both in practise and potential.
Since 1953, the year Francis Crick and James D. Watson published their ground-breaking paper Molecular Structure of Nucleic Acids: A Structure for Deoxyribose Nucleic Acid, in which they were the first to describe the helical structure of DNA (deoxyribonucleic acid), the concept of genomic analysis and mapping has become the equivalent of a household name. Who, in the so-called 1st world, hasn’t heard of the Human Genome Project, which first came about in 1984, through projects supported mainly by the US Department of Energy (of all things)? Who doesn’t know that a person’s genome can provide scientists with incredible insights into who we are, where we came from, and where we might be going?
Few of us laypeople have any idea how this works, but that doesn’t mean we aren’t aware that it’s going on. In fact, through companies like 23andme, or meragenome.com, and even ancestry.com; and through projects like the Personal Genome Project, or the Genographic Project, the average person on the street can, for under a few hundred dollars, have their entire genome sequenced and mapped, have their genetic origins and history explained, and be informed on any potential genetic weaknesses or predispositions for disease pointed out, all without leaving the comfort of their own home!
This is a burgeoning industry, a market expected to be worth upwards of a billion dollars, though recent mistakes made by the Google backed 23andme and the Iceland-based deCODE genetics have served to make investors very nervous about the issues surrounding the business of genomics, such as ethical use and privacy, which are very important issues at the moment.
These problems were highlighted in a paper published in the journal Nature, by Yaniv Elrich PhD., a fellow at the Whitehead Institute for Biomedical Research at Cambridge; and Arvind Narayanan, an assistant professor at the Department of Computer Science and the Center for Information Technology and Policy at Princeton University. Their paper, titled Routes for breaching and protecting genetic privacy, offers a sobering look at the state of privacy in genomic research at the moment.
That isn’t to say that genomic research is inherently bad, or should be avoided. Certainly not, since the field of genomics has already vastly improved many areas of life for people all around the world, and is poised to continue revolutionising biomedical research. What it does say, though, is that there are some things we need to be aware of before we, as a society, jump head first into our proverbial gene pool.
First off, how is your genetic information being used?
The lofty goals of the larger state backed or institutional programs like the Personal Genome Project, are such that large amounts of data are required to make the research worthwhile. This means that they require the complete genomes of many, many people in order to proceed. This also means that they aren’t so much interested in your genome, as they are in comparing your genome to hundreds of thousands or even millions of other people. Huge databases of genetic information are held in their archives, and are used for comparative analysis, and later for meta-analysis (basically analysing groups of earlier analyses in broader terms), and due to the collaborative nature of this work, many various organizations and institutions need open access to those databases in order to do their research.
Now, you may already see some flaws in this situation, and while you’d be right, those obvious technology based vulnerabilities aren’t what Elrich and Narayanan are concerned about. Network security, database security and user ethics, while important issues, aren’t unique to genomic research.
What is unique is the information held in those databases. Genomic profiles of individuals that contain information that allows anyone with access to identify who those individuals are among all other people in the dataset. You may be thinking that this means names and addresses attached as metadata, which isn’t quite correct. Much like any other medical information, personal identifiers are left out of the raw data, and are replaced by numbers (though only when retaining personal identifiers is necessary); numbers that correspond to individual profiles in other databases that do allow for authorised people to identify them, but this requires access to both datasets and knowledge of the reference system. This is a basic security procedure that’s been in place for years, and it works fairly well.
The problem with genomic data is that the actual genetic information, combined with metadata like age, sex, race, general location etc. (which is necessary for the analysis being done), can be used by outside parties to identify individuals with an accuracy of >60% in some situations. These are unprecedented vulnerabilities in such sensitive information, and they present a large red flag in the market.
We aren’t talking about petty crime here, mind you. We’re talking about institutional profiling of minorities and other groups based on perceived genetic “flaws” or characteristics that could serve to malign members of certain cultural, economic or regional groups. Insurance companies are known to use this kind of sweeping and generalised information to categorise clients into risk groups, and to exclude certain conditions from coverage. If they were to gain access to this information on a wide scale, it’s foreseeable that they, as an industry unto themselves, would use that information as a way of increasing profits while decreasing perceived risk…but this is hardly ethical (though it is still legal).
This slippery slope, that seems to start in the insurance industry, leads directly to government, and the acronym NSA slips lightly off the tongue.
We are in the grips of an Orwellian plot to spy on and profile ordinary citizens of almost every country, at the hands of the American National Security Agency. We now know, thanks to brave whistleblowers like Edward Snowdon and Chelsea Manning, that these people have and will continue to use any and all means to gather information on potential “threats” to the sovereignty of the United States, and what they do with that information is anyone’s guess.
What do you think about the prospect of the NSA, and/or their counterpart organisations in other countries, gaining access to your genomic information, with the knowledge that such information could be used to not only profile you as any number of things (from connecting you to certain races or regions, to potentially identifying you as predisposed to psychotic behaviour), but also to identify you personally among millions of other people? That’s a scary prospect, and it’s all but a reality at this point.
Add in the growing popularity of paying private companies like 23andme to sequence and retain your genetic profile for the novelty of having more accurate genealogical information at your fingertips. As mentioned above, 23andme is a Google company. We already know that Google has given internet user data to government agencies in the past; what’s stopping them from sharing this too?
Biomedical genomic research is an exciting field. It’s positioned to revolutionise the way we perceive illness and is set to offer huge rewards in eliminating disease, studying our origins, and improving life for humans across the globe. But like many other areas of cutting edge research, the science outpaces our ability to deal with the social issues that arise from it. It’s not all bad news though, Elrich and Narayana offer some ingenious solutions to these problems, from differential privacy to homomorphic encryption (both of which are somewhat complex), but they stress in their conclusions that we have yet to achieve an appropriate level of security in genomic research.
Is your genome secure from spies? At the moment the answer is a frightening…no.
 Elrich, Yaniv & Narayanan, Arvind. Routes for breaching and protecting genetic privacy. Nature - 08 May 2014 : doi:10.1038/nrg3723