Police Want Genetic Data from Corporate Repositories

Both the FBI and local law enforcement are trying to get the genetic data stored at companies like 23andMe.

No surprise, really.

As NYU law professor Erin Murphy told the New Orleans Advocate regarding the Usry case, gathering DNA information is "a series of totally reasonable steps by law enforcement." If you're a cop trying to solve a crime, and you have DNA at your disposal, you're going to want to use it to further your investigation. But the fact that your signing up for 23andMe or Ancestry.com means that you and all of your current and future family members could become genetic criminal suspects is not something most users probably have in mind when trying to find out where their ancestors came from.

Posted on October 22, 2015 at 6:40 AM • 42 Comments

Comments

RAHOctober 22, 2015 7:37 AM

And we all know that the Gov will take good care of it, just like the Office of Personnel Management did.
We need to take back control of this situation and take back our privacy. Stop this nonsense police state crap.

dna trollingOctober 22, 2015 7:45 AM

nice, so anyone can troll the police db by submitting forged/stolen DNA

does anyone know if there is a way to submit samples to 23 and me anonymously?

Francis CollinsOctober 22, 2015 7:53 AM

This seems to violate the spirit of the fourth amendment to the USA constitution although it may be technically "legal" because the information is obtained from a third party.

Maybe the companies can anonymize the data with strong encryption or send the data back to the requesting person so that the 4th and 5th amendments would then apply?

If I were these companies, I would shut down and delete all the data immediately like Lavabit and reopen outside the jurisdiction of countries in the US sphere of influence. Maybe store the data on a ship in international waters or on a satellite?

Here's a better idea, maybe jackbooted thugs should kick down every door in the US and forcibly take DNA swabs at gunpoint so we can all be "safer".

jlOctober 22, 2015 8:31 AM

Hmmm, I wonder about the National Bone Marrow Registry? People have been highly encouraged to provide samples to "be the match" for someone who may need a transplant.

Miguel SanchezOctober 22, 2015 8:51 AM

Devil's Advocate:

Meh. This can be a good move. What is this evidence used for? Closing out violent crime cases, primarily.

Hard to be against closing out violent crime cases.

How can it be used against people? Not really. In the future Gattaca sort of world, maybe, when dna is processed instantaneously, but it surely is not processed instantaneously yet.

As for dna being flawed, it isn't that flawed.

It remains and will remain a major evidentiary tool to protect against primarily violent crime.

Bob S.October 22, 2015 9:09 AM

Do future generations a favor and don't voluntarily donate your DNA to anyone for any reason. There is absolutely no doubt whatsoever the data will be used against your wishes or knowledge and abused repeatedly, maybe forever.

This case seems pretty mundane, except to the target of course. Police are trying to break a case, the DNA angle came into play, they got the warrant and it was a false lead...on to something else.

But, we can all foresee infinite variations of abuse.

The good news about this incident: It provides us public notice of government intentions. They want it all.

You were warned!

Clive RobinsonOctober 22, 2015 9:11 AM

@ Blake,

"held by a private company" != "at your [police] disposal"

The article has suffered bad editing, in that it is not possible to determine if the quote is about Scene of Crime DNA or the online DNA database. I suspect that it's the Scene of Crime DNA being referenced.

>Also, are any EU nationals on 23andMe? Because those Safe Harbor laws say Hi.

23andMe have had an advertising drive in London with adverts on trains amongst other places. Thus it is safe to assume that they do have operations in Europe.

@ All,

It's not just the authorities you need to worry about, go and carefully read that "Health Insurance" form your employer gave you to sign... Look carefully at the information rights you are signing away, in effect you are giving the insurance company or their agents full rights to go and get any information on you they chose without limit.

Many years ago I lost a job because I refused point blank to sign the form, for the very reason I have no reason to trust them or their long term intent. It was back before DNA tests were affordable, and shortly after a US Company tried to use medical records to get rid of senior staff, and a few years before a story about a well known US supermarket started doing the rounds. Apparently they had tried to use a customers purchase records to reduce or have negated an injury claim (the basic argument was the person regularly purchased alcohol, therefore they were a drunk or impaired at the time, thus the accident was their own fault).

As a simple rule I never ever give a "blanket authority" to anybody, especially if I do not have any kind of contract with them (which you do not with many Company Health Care schemes). As I've pointed out before the "you can trust us" argument has no future predictive value on their behaviour, after all nobody is a murderer until they kill their first victim...

damion cocchiOctober 22, 2015 9:15 AM

How to submit to 23&Me and be nearly pseudonymously:

Learn about you…without letting them learn about you
Now here’s a strategy for getting your results pseudonymously. Note that the company still gets my genetic code, but they don’t know it’s your's. It’s not tied to your name or other data that could be used to link it to you.

First, any time going to 23andMe’s site, Use these (or similar) privacy tools, including a Virtual Private Network (VPN) service.
* Private Wifi, but there are lots of good options out there. This VPN service lets you choose the secure server through which to run your web traffic; for instance chose Virginia. That also makes the IP address appear as though your in Virginia, even though I might actually be in Boston.

Open a new Firefox Web-Browser (or similar) session window in Private Browsing mode while running DoNotTrackMe, a tracker-blocker, and MaskMe, an add-on that creates aliases of your contact and payment information,

Go to 23andMe’s website.

buy the kit in my shopping cart and was asked to provide a name for it, give a fake one. When filling out shipping information, re-enter the same fake name and give an address that you have access to but not easily identified as one that can be connected to you. i.e. work address, and can actually get the package regardless of name shipped to; and , any virtual cards created in MaskMe automatically have this address as the card’s billing address.

Use MaskMe to create a new alias email address and auto-fill with a masked phone number. Both of these aliases can be forward to my real information, so you can still get email confirmations and phone calls.

For billing, again give the fake name and address, then generated a “Masked Card” in the amount of the testing kit. Masked Cards are like virtual prepaid credit cards, so the merchant doesn’t get your real credit card number and your bank doesn’t see where you spent it. Also, most online merchants don’t check for a match on your name when you use a credit card; they only check for billing address, credit card number, CVV, and expiration date, so you can use pseudonyms when online shopping more often than you may have realized.

Using the alias email that you just created and MaskMe’s password generator, wit this new 23andMe account. MaskMe stored and encrypted this automatically. Because using a unique email address and password, no person or system can identify you by cross-referencing anywhere else you’d re-used the same information, which is what happens after hacks and data breaches and in big data marketing.

Then check out, go to your real, personal inbox to complete the 23andMe registration by clicking the confirmation email, which will be forwarded to you from the alias email address.

expect about three weeks or so for my first batch of results to come in, which you will be notified about through the alias email address. With the VPN + private browsing window + DNTMe + MaskMe combo, go back to 23andMe and logged in.

Before you can actually see any results, however, the site pesters you to fill in a lot more personal information. Again, their privacy policy says they make a profile of you that includes your answers to these voluntary questions. So hit “skip” probably 6 times to finally reach your results. They really push this aspect of the service, even putting a “to do” list on your home page that you see every time you log in that begs you to “complete your health profile.”

Marco ZeroOctober 22, 2015 9:32 AM

What about all the other places where samples are collected and from which DNA can be extracted? Thinking not just about the recently in the news Theranos but all med labs? How can we know that they have not be infiltrated, that thay are not spying on citizens just like for instance the telcos? Are the test anonymized?

blakeOctober 22, 2015 9:37 AM

@Clive Robinson

> I suspect that it's the Scene of Crime DNA being referenced.

Quite possibly, and by all means, use that Scene of Crime DNA to solve the case. But that still completely skips over the (lack of?) authority with which they obtain the cooperation of Ancestry.com - maybe if they have a warrant and credible suspicion that the (unknown) suspect made a DNA submission to a specific site, but my spidey-sense tells me that's not what's being discussed.

(It might be *good* editing to carefully make this point ambiguous!)

> after all nobody is a murderer until they kill their first victim...

Yeah, and this isn't going to change unless we introduce ThoughCrime - which is an even worse alternative.

BestianOctober 22, 2015 11:32 AM

It seems to me that one should start from the premise that any kind of sensitive information not under one's physical control is already being stolen as a matter of routine, likely by several entities.

While it may sound paranoid at first sight, it is actually a very pragmatic and powerful assumption. It leads directly to redirecting the efforts away from the hopeless battle for limiting what 'they' can do covertly, toward the easier goal of limiting what harm can be done with such information.

For instance, I don't care much if a corrupt / inept LEA has my DNA beforehand to plant on / contaminate a crime scene with, rather than getting it from me after I'm in their custody. There are and will always be infinite numbers of ways for random people to be arrested and held during the investigation of a crime they have no relation with. And even for framing them with fabricated, contaminated or misunderstood evidence. What I do care is that the judicial system be designed and operated so that I can't be held in a secret location for an undefined length of time and then judged behind closed doors by a secret court based on unverifiable evidence of unverifiable scientific value for a crime against a secret (or even just arbitrarily interpretable) law or regulation, maybe even of a foreign country under some treaty... And that I don't need millions to spend in lawyer fees to be entitled to that. This is entirely possible, and indeed some countries without much fuss come/came reasonably close to this ideal scenario.

It's nothing new, but it is worth reminding that the problem is the asymmetry between 'agencies' and citizens in accessing and using the information, and in bearing the outfall of one's mistakes. Imagine a repository of all emails, phone calls, surveillance cameras, DNA, whatever, for a whole country, indexed by date, location and names of people appearing in each of those (from metadata, face/voice regognition and so on). Imagine every citizen getting a daily notification of queries that returned any record linked to them, complete with the an id traceable by courts to the analyst/agent who made the query, the ref. number to the court authorization for that query, and the category of crime being investigated. Add a login for each citizen to a page showing the full history of such queries. Even with reasonably long latency before such disclosure, the publicity alone would go a long way to keep the system balanced and accountable.

Dr. I. Needtob AtheOctober 22, 2015 11:44 AM

"The cops searched an Ancestry.com database and got a familial match to a saliva sample Usry’s father had given years earlier."

The problem here is one that many people might not be able to understand: If authorities first form the hypothesis that a certain person might be the one they're looking for, and then turn to DNA or fingerprints to test that hypothesis, the result can be meaningful and compelling.

But if they begin with no hypothesis at all and instead start by searching a large database for a match, any match they find will be substantially less meaningful.

It's like testing a coin to see if it has the unusual property of always landing heads up. If you suspect such a coin you can flip it ten times, and if it comes up heads every time you can note that the probability of that happening by chance is less than 1 in 1,000 for a fair coin, and conclude that it's almost certainly a trick coin. And if 1 in 1,000 isn't enough you can flip it ten more times for a probability of less than one in a million.

But if you flip a huge truckload of coins, remove all the coins that landed tails, and then flip the remaining coins again, repeating the process until you're down to one coin, it won't make any sense to claim that there's something special about that coin simply because it landed heads up 10 or 20 times in a row.

ScaredOctober 22, 2015 12:17 PM

I'll be watching closely this year as they take a blood sample for our mandatory (*) health insurance Biometric Screening. The last years they've been dumping the unmarked sample w/o marking into a bio hazard container after measuring cholesterol, but if you read their privacy statement then they can share with a long laundry list including (no surprise):

"13) For special government functions such as national security;"

Are there any Government Functions that are not Special?

(*) You can opt out, but then you don't get the $40 bi-weekly "discount" on your premium.

AdamOctober 22, 2015 12:21 PM

@Miguel

Hard to be against closing out violent crime cases.

I looked into this a while back. At that time, DNA gave us a 1-in-40 to 1-in-100 match per whatever, and they would use a few of these match points to get a conviction. So, at 2, that's somewhere between 1-in-1600 and 1-in-10,000. Local population is a few million. That's hundreds of folks just locally who match. Yet convictions stand on such flimsy in court.

Now imagine that we are looking at the US population. What is it? 321 million? And the odds of a match are 1 in 10,000,000 (ten million). 32 people, on average, will match. 31 of those people are not in the DNA database. You are their only match.

If you can't prove you're innocent, you will be convicted. And given our 97% conviction rate, and the six or seven figure expense of defending yourself, your best bet is to take a plea bargain deal and go to jail.

The internet, and are prisons, are full of people who claim they were falsely convicted. Often they have witnesses, receipts, everything to prove they were out of town and didn't do it. It doesn't seem to help.


Yes, we are against guilty criminals going free to murder or whatever again.

Our problem here is that these DNA databases allow police to close out cases by convicting innocent people while the criminals go free. DNA is supposed to be one piece of a set of evidence that convicts. Yet too often it's the only piece, and by itself is enough.

There's also the part where you shed DNA like fingerprints. You can buy a kit in your local store, for cash, to replicate DNA. Spray your enemy's DNA on your crime scene and you can frame him pretty convincingly.


DanielOctober 22, 2015 12:31 PM

Mores of his than a decade ago my father died. During the last years of his life he got really involved in family history. To help out a sick and dying man I had extensive genetic testing done so I could help him find missing ancestors.

To see that act of love now being taking advantage of sickens and angers me in a way I can't put into words. These people know no boundaries which is the living breathing definition of anti-social.

damion cocchiOctober 22, 2015 2:11 PM

A 167-item online survey, qualified by the Johns Hopkins University Institutional Review Board as exempt (NA_00023396), was designed so the majority of questions were applicable to customers of Navigenics, 23andMe, and deCODEme. Officials at Navigenics, 23andMe, and deCODEme agreed to offer a survey to random samples of customers receiving genetic risk profiles.

The survey was fielded in January 2010 well before Edward Snowden revelations, or even the Usry Ancestry.com case. 3,167 of the customers were invited to participate in the online survey; 1,163 (37%) responded to the invitation; and 1,046 (33%) were eligible and completed the survey. The majority of respondents paid for the test themselves (87%), whereas the remaining 13% received the test as a gift from a family member or friend.

Attitudes about governmental protections

When asked about types of protections provided by the government, 96% of respondents stated that it was very (87%) or somewhat (9%) important that it be illegal for insurers and employers to get their information, and 89% indicated that it was very (74%) or somewhat (15%) important that it be illegal for law enforcement to get their information. These responses echo the results of a survey of the general public about participation in genetic research, where 93% and 84%, respectively, said that it would be important that it be illegal for insurers and law enforcement officials to get their study information (Kaufman et al., 2009). This preference was independent of customers' opinions about how well the companies protected their privacy.

damion cocchiOctober 22, 2015 2:15 PM

NYT (2009): DNA Evidence Can Be Fabricated, Scientists Show http://nyti.ms/1QFthct

* “Scientists in Israel have demonstrated that it is possible to fabricate DNA evidence, undermining the credibility of what has been considered the gold standard of proof in criminal cases.

* “The scientists fabricated blood and saliva samples containing DNA from a person other than the donor of the blood and saliva. They also showed that if they had access to a DNA profile in a database, they could construct a sample of DNA to match that profile without obtaining any tissue from that person.

* “‘You can just engineer a crime scene,’ said Dan Frumkin, lead author of the paper, which has been published online by the journal Forensic Science International: Genetics. ‘Any biology undergraduate could perform this.’”

FelineOctober 22, 2015 2:25 PM

@Miguel:

Right. The government agencies amassing the DNA data would *never* apply it to a purpose other than solving violent crimes.

Miguel SanchezOctober 22, 2015 3:28 PM

@Feline, et al

Typically, I would agree with you. But the fact is that there is someone and something I think is more of a risk then cops and the government. And that is the people. This is actually one major reason why I hate the "terrorist, terrorist, terrorist" mantra the government is singining. Because we have, in America, a horrific problem with violent crime. And this is also true with some other countries.

This said, America absolutely has a horrific incarceration problem. It is totalitarian state level horrific.

One super massive evil that has been ongoing is even jailing people for drug use. Prison should not be the answer for drugs. Never should have been.

@D regarding 'recent dna analysis flaws'

Yes, but it remains a very strong indicator.

@Adam, et al

Adam, you need to bear in mind that while there may be a 97% conviction rate, many suspects are not brought to trial and ruled out *because of dna evidence*.

Evidence convicts, but it also acquits.

In fact, DNA evidence while closing cold cases is also freeing many prisoners who have been wrongfully convicted based on flimsier forms of evidence.

Eye witness testimony is horrible evidence, we now know.

Confessions are horrible evidence.

DNA, far stronger.

tyrOctober 22, 2015 3:43 PM


@damion cocchi

That gives a whole new meaning to parallel construction.

LEA can clear the books of all the old cases by a quick
DNA manufacture tying them to (random dissident loudmouth)
suspect, COINTELPRO would have worked so much better with
this ability at their command.

Bob FOctober 22, 2015 5:03 PM

On the one hand a database of all human's dna matched with their physical and mental characteristics would be great for reverse engineering the human genome.

On the other hand such a database seems perfect for abuse.

Is there nay way we can create such a database but anonymize the individuals names?

Dirk PraetOctober 22, 2015 5:52 PM

The idea totally creeped me out watching the X-Files episode "Paper Clip" in 1995. Twenty years later, it still does. Can anyone define "surveillance state" for me again?

Old Bull LeeOctober 23, 2015 6:27 AM

This hilarious when you consider how restrictive the FDA has been about letting consumers have their own information.

Kai SetzOctober 23, 2015 8:08 AM

You would imagine they would have learnt the lesson, after subverting humanitarian polio-vaccination programs in Pakistan. The result then was: NGO personnel targeted and killed in reprisals, sharp rise in cases of polio, thousands of children dead or maimed for life.

http://www.irinnews.org/report/64507/pakistan-sharp-increase-in-polio-cases

http://www.nytimes.com/2014/11/27/world/asia/gunmen-in-pakistan-kill-4-members-of-anti-polio-campaign.html?_r=0

http://www.aljazeera.com/indepth/features/2013/12/pakistan-polio-workers-targeted-killing-201312118364851379.html

http://www.cbc.ca/news/health/polio-cases-in-pakistan-increase-to-220-who-reports-1.2811642

http://www.cbsnews.com/news/pakistan-polio-vaccination-workers-targeted-in-fresh-attacks-7-now-killed/

Anyone interested in donating blood to their local friendly hospital...?

widget ouijaOctober 23, 2015 8:53 AM

Notice the weaselly wording from the privacy FAQs in ancestry.com regarding DNA test results:

https://dna.ancestry.com/legal/privacyStatement#4

"Delete this Test from AncestryDNA: You can permanently delete your DNA Test from the AncestryDNA Website on the right-hand side of the Settings page, but once you delete the test, your DNA test will not be recoverable and this action CANNOT be undone."

So you can delete it from the website, but can you delete it from their servers?

Some half-assed insinuations are made further down:

"Please note: in the event that you or we delete Results, copies of that information may remain viewable elsewhere to the extent any such copy has been shared with others and copied and stored. Additionally, we may retain certain information to prevent identity theft and other misconduct even if deletion has been requested."

The bottom line is: once you send them your DNA data, no cataclysm on earth is ever going to make them let go of it. Your DNA now belongs to ancestry.com (and whomever they choose to sell it on to). Forever.

Sharyn VadoOctober 23, 2015 10:11 AM

@widget ouija:

Perfect example of the appeal of cloud computing to the information industry. "OK users, imagine that your data resides in a fluffy cloud in a magical distant world and leave the complicated details to us. Don't worry your pretty little heads with minutiae like ownership, assurance or privacy."

SallyOctober 23, 2015 10:31 AM

We are nearing a point, if we are not there already, where we should assume that DNA information from all of us is already available to others. There are many positives in terms of medical research, search and rescue, exonerating the falsely-accused, discovering family history, etc. We already assume databases full of other identifying information about ourselves. Would we honestly be all that surprised to find out that a blood sample gets squirrelled away at every medical facility birth? The abuses based on that information are mind-numbing, but we are likely past the point of being able to protect the information from being gathered in the first place.

ianfOctober 23, 2015 10:53 AM


@ Kai Setz imagines “they would have learnt the lesson, after subverting humanitarian polio-vaccination programs in Pakistan: NGO personnel targeted and killed in reprisals, sharp rise in cases of polio, thousands of children dead or maimed for life.

With all due respect, nobody gives a shit about Pakistan… including the Pakistanis themselves. And in America, not as long as “the Pakis” do not have offensive ICBMs or submarine-launched long-range cruise missile capabilities (that's what the Israeli atomic sub permanently on patrol in the Indian Ocean[*] is for—I mean against).

Incidentally, and this is not a defense of the American Ways, it doesn't require any Western activities for rumor-fueled superstitions to take hold in undeveloped societies, and lead to murder of suspected human organ harvesters or foreign aid/ health care workers. Or, for that matter, in case of the exalted public amok in the wake of the 1997 demise of Di-hard-with-a-vengeance, to near-lynch a fellow gawker who has STOLEN A KEEPSAKE TEDDY BEAR from the mound of flowers, cards, and tchotchkes outside the Kensington Palace! (immortalized for posterity by allusion in the When She Died… opera).

[^*] some say “the [German-built] sub is there to obliterate last traces of the MH370,” but I believe that, had they found it, the Israelis would be wringing every single last drop of goodwill publicity from that. Bibi certainly could use it. Of course, it wouldn't have been their military sub that found the plane, but some civilian fishing trawler, never mind its primary function of a sub resupply/ crew exchange vessel. How's that for forward mil.thinking from someone who has never DONE HIS DUTY? ;-))

SteveOctober 23, 2015 10:45 PM

I believe a lot of universities and maybe pharmaceuticals are doing genetic studies of families etc. Johns Hopkins for instance, http://www.hopkinsmedicine.org/psychiatry/specialty_areas/schizophrenia/research/epi-genetics.html I gave samples over two decades ago thinking I was doing a good deed for relatives. I have no idea what might have been in the release I must have signed, or if this genetic data is being made at the government's or law enforcement disposal. Maryland has a law against family dna searching by law enforcement so I've read, but what about out of state entities with access...do we really need to hire a lawyer to read every licence and release, and document and lease etc etc. We're so screwed.

SteveOctober 23, 2015 10:54 PM

Can the gov and law enforcement really have a proxy do their illegal searches especially when the collection for such purposes was outside the scope of our consent. I know they claim we disclosed to third party blah blah legal theorizing interpretationing blah

SteveOctober 23, 2015 11:08 PM

And then how do you dispose of dna, sneezy tissues, fingerprints on plastic cups and trash, with unshredded junk may with name and address to correlate. Can't flush everything and there are laws against incineration. If avenues for permanent disposal are blocked by law then how can law enforcement claim we have no expectation of privacy in discarded trash? Plus I believe they even tear up your plumbing to search for whatever, a thumb drive, dna, drugs, anything.

rgaffOctober 24, 2015 12:23 AM

@ Steve

What about a relative's body that was willed to medical research... was DNA harvested by law enforcement to try to pin crimes on you? So people trying to benefit others with their last and final act ends up being abused to destroy the lives of those they love instead?

Clive RobinsonOctober 24, 2015 12:29 AM

@ Steve,

I've been led to believe that criminals use "household bleach" as a "sure fire" way to dispose of DNA (mind you it's a recorded fact that at least one "criminal mastermind" believed that lemon juice made you invisible to CCTV).

On the assumption that there is a grain or two of truth in the use of bleach... How long do you think it will be before the EPA get pressurized into making it's use a "crime against the environment" or some such? Just to ensure even the "cautious innocent" are guilty of something...

And in other news... It would appear that the NY Fed Prosecutor is up to his tricks again, trying to get the scope of "illegal" gambling spread even wider. Shame he did not start with his home turf "The NY Stock Exchange", but then I think of all those "Hedge Fund" kickbacks into political campaigns that would be lost...

SteveOctober 24, 2015 1:12 AM

Referencing back to Bruce's entry on Problems with dna, https://www.schneier.com/blog/archives/2015/10/problems_with_d.html
showing the dangers of this kind of access. I was mainly interested in the legal argument that when the law obstructs or places a burden on discarding private information be it genetic or digital can they really argue that we have no expectation of privacy when we make reasonable efforts to discard such information? Is it reasonable to bleach or incinerate every kleenex when you have a cold? Or shred each and every document with identifiable info so that nothing ever slips through the cracks. I don't want to be an opsec freak, and I don't want the government invading my personal life, even if it's only in a database for future searching/canvassing. Beware Inspector Lestrade.

rgaffOctober 24, 2015 2:31 AM

@ Clive

"criminals use "household bleach" as a "sure fire" way to dispose of DNA"

Since my hands haven't fully melted into a soup of inorganic compounds from its use yet, I suspect this is a myth.

@ Steve

that's the whole problem when basic human rights like privacy and the right to be able to live life without government interference are tossed out the window... we can't adequately individually protect ourselves from a government that wants to invade us.

markmOctober 25, 2015 7:54 AM

Steve • October 23, 2015 10:54 PM

Can the gov and law enforcement really have a proxy do their illegal searches especially when the collection for such purposes was outside the scope of our consent.

Yes, according to the US Supreme Court. https://en.wikipedia.org/wiki/Third-party_doctrine

The EU has better privacy protection, in principle. It may be lacking in enforcement against powerful government agencies in Europe, and it won't stop US agencies from seeking third-party data from any company that comes under US jurisdiction in any way - and in internet gambling cases, merely having a web site that's visible to Americans has been enough for the US DOJ to claim jurisdiction.

EdNovember 1, 2015 7:32 AM

The whole good cop/bad cop question can be disposed of much more decisively. We need not enumerate what proportion of cops appears to be good or listen to someone's anecdote about his Uncle Charlie, an allegedly good cop. We need only consider the following: (1) a cop's job is to enforce the laws, all of them; (2) many of the laws are manifestly unjust, and some are even cruel and wicked; (3) therefore every cop has agreed to act as an enforcer for laws that are manifestly unjust or even cruel and wicked. There are no good cops. ~Robert Higgs

thevoidNovember 10, 2015 10:02 PM

DNA Data From California Newborn Blood Stored, Sold To 3rd Parties

This might come as a surprise to California natives in their 20s and early 30s: The state owns your DNA.

the state believes they own you anymore.

Turns out a non-descript office building in Richmond contains the DNA of every person born in California since 1983. It?s a treasure trove of information about you, from the color of your eyes and hair to your pre-disposition to diseases like Alzheimer?s and cancer.

this has been going on nationwide since 2006 Screening Newborns Saves Lives Act, and i think around a decade and a half in Minnesota. 1983... is a long time.

The CDPH turned down a request for an interview and wouldn?t explain why it doesn?t ask permission to sell babies? blood spots. But it said parents can have them destroyed https://www.cdph.ca.gov/programs/nbs/Pages/default.aspx . And CDPH says the blood spots are de-identified and can?t be tracked back to the child.

But Yaniv Erlich with Columbia University and the New York Genome Center said there?s no way to guarantee that. His research demonstrated how easy it is to take anonymized DNA, cross-reference it with online data and connect it to a name. ?You need to have some training in genetics, but once you have that kind of training the attack is not very complicated to conduct,? he said.

But Erlich doesn?t see the privacy risk as a drawback. In fact, he just launched DNA.land, a crowd-sourced database where people can voluntarily donate their genetic blueprints so that everyone can benefit. ?I want to stress that sharing genomic information is highly important, to advance biomedical research,? said Erlich. ?This is the only way that we can help families with kids that are affected by these devastating genetic disorders.?

oh, it's easy to deanonymize.. but everybody should join in anyway.

But Gatto thinks the state should have to at least ask her consent before storing and selling her daughters? DNA. ?We are at the beginning of a frontier of so much genetic research, there is no knowing at this point in time what that info could be used for,? said Gatto. ?The worst thing as a parent is to think that a decision that you are making today may negatively affect your children down the road.?

Gatto ended up requesting that her child?s blood spots be destroyed. Meanwhile, her husband ? state Assemblyman Mike Gatto ? introduced a bill this year that would have required signed consent on newborn screening. Opposition from the state and the industry killed it.

consent? cattle need not be consulted.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.