DNA Databases Are a National Security Leak Waiting To Happen (technologyreview.com) 35
schwit1 writes: A private DNA ancestry database that's been used by police to catch criminals is a security risk from which a nation-state could steal DNA data on a million Americans, according to security researchers. Security flaws in the service, called GEDmatch, not only risk exposing people's genetic health information but could let an adversary such as China or Russia create a powerful biometric database useful for identifying nearly any American from a DNA sample. GEDMatch, which crowdsources DNA profiles, was created by genealogy enthusiasts to let people search for relatives and is run entirely by volunteers. It shows how a trend toward sharing DNA data online can create privacy risks affecting everyone, even people who don't choose to share their own information.
"You can replace your credit card number, but you can't replace your genome," says Peter Ney, a postdoctoral researcher in computer science at the University of Washington. Ney, along with professors and DNA security researchers Luis Ceze and Tadayoshi Kohno, described in a report posted online how they developed and tested a novel attack employing DNA data they uploaded to GEDmatch. Using specially designed DNA profiles, they say, they were able to run searches that let them guess more than 90% of the DNA data of other users. The founder of GEDmatch, Curtis Rogers, confirmed that the researchers alerted him to the threat during the summer. "The same attack wouldn't work on other genealogy sites, like 23andMe, because they don't permit data uploads," the report notes. "Others, like MyHeritage, do allow uploads but don't give users as much information about their matches."
"The problem with GEDmatch is the browser is too good, and searches too deeply," says Erlich. "If I were them, I would remove it, fix it, then put it back."
"You can replace your credit card number, but you can't replace your genome," says Peter Ney, a postdoctoral researcher in computer science at the University of Washington. Ney, along with professors and DNA security researchers Luis Ceze and Tadayoshi Kohno, described in a report posted online how they developed and tested a novel attack employing DNA data they uploaded to GEDmatch. Using specially designed DNA profiles, they say, they were able to run searches that let them guess more than 90% of the DNA data of other users. The founder of GEDmatch, Curtis Rogers, confirmed that the researchers alerted him to the threat during the summer. "The same attack wouldn't work on other genealogy sites, like 23andMe, because they don't permit data uploads," the report notes. "Others, like MyHeritage, do allow uploads but don't give users as much information about their matches."
"The problem with GEDmatch is the browser is too good, and searches too deeply," says Erlich. "If I were them, I would remove it, fix it, then put it back."
Worried about China? (Score:5, Insightful)
Funny that the author is worried about China using DNA data to identify any American they get a DNA sample from. I'd be much more concerned that the US government would use such data as part of an existing system that spys on our phone calls, emails, tracks our phones and cars, etc, etc. As we move toward fascism in this country, DNA is just one more tool to control people.
Re: (Score:2)
That gives them embassy paperwork in that nation a cover for their expert Russian/Chinese language skills. Skills that are totally hidden by the CIA/US gov by swapping/creating an educational/social media past.
One worker is created and the actual education of another person stays hidden. Worked for generations and blocked any other nations internal US gov/mil database search. Every record was a match when found. But now that new family D
Re: (Score:1)
Well, if the CIA stopped with nepotism, they wouldn't find relatives spying in their country.
At this point, the Chinese have the OPM hack, Aetna and other hospital chain hacks, and a number of other hacks regarding identities and pictures, relatives, etc.
Okay, maybe now they find illegitimate kids, and surprise, surprise, the spies are worried they might be outed?
Try keeping your pants zipped up.
It wouldn't take much to get DNA from spies by offering something to their kids, or just chatting up their siblin
Re: (Score:3)
China is the current boogieman, along with Communists. Useful distractions from the way the US government abuses its own citizens. Just look at all the pearl clutching on Slashdot, used to justify the extreme measures that the government is taking. The site has swung from strongly pro-freedom and privacy in the Snowden era to immediate what-about-China-ism.
Re: (Score:2)
Indeed. It is a shame how easily even supposedly smart people can be manipulated.
Re: (Score:2)
Indeed. The whole fear about "China" is obviously a bad misdirection in this case. Looking at history, the US is already in an advanced state of introducing fascism.
You aren't that interesting. (Score:2)
Sorry to disappoint you guys, but your genome isn't that interesting. It's really not very valuable at all.
And none of the big players that most people use for genetic testing actually test the whole genome. They actually report very little of it, well less than 1%. So if you are worried about someone getting your genome, they won't be able to clone you.
Re: You aren't that interesting. (Score:2)
Further, the typical response is that insurers will use it to raise premiums. Forgetting the fact that your genes are not destiny, literally everyone, everyone, 100% of people are a high genetic risk of something awful. So if insurers are going to raise rates, they are just going to raise rates on everyone.
Your genome is not interesting.
Re: (Score:1)
How much did they pay you to say this? Goodness, I hope you don't actually believe it yourself...
Re: You aren't that interesting. (Score:2)
Are you worried they are going to clone you? They aren't.
Re: (Score:1)
I am the clone, you insensitive clod!!!
Re: (Score:2)
The other trick the CIA likes to do is create a fake husband and wife team.
Two names get joined so a CIA spy can enter a nation with the full cover of been with an embassy worker.
Their education won't match what the created "team" education was.
Gone is the years of languages. Welcome to the very average "art" "sport" and "history" cover story..
Find the DNA and cover names given
Waiting to happen? (Score:1)
I got news for you. Nothing waited. This is happening.
Re: Waiting to happen? (Score:1)
Re: (Score:1)
DNA databases, leaking. No, I can't cite proof, but disbelieve at your own peril.
Re: (Score:2)
Now what?
Re: (Score:1)
Try not to leave your DNA lying around.
Think bigger (Score:3)
There are some genetic marker(s) in there somewhere that, when correctly read, can give a pretty accurate picture about you. Where you're from,
your ancestry, etc. etc.
Now you or I don't really give much of a damn about where someone was born, but at the secret weapons development level, those who might be interested
in building a bio-weapon that ONLY targets a very specific group of people based on a regional genetic profile would be VERY interested in such data. The
more data available to you, the faster the pattern becomes recognizable and the easier it is to start isolating your target.
Find a genetic marker found only in Nationality X and you can work on building a virus that only becomes lethal in folks who possess that particular marker.
Re: (Score:2)
No IQ over 110.
What was 1950-1060's fiction is now a real hunt for a nations expert DNA.
Wonder what the USA has been buying up from labs all over Russia and China over the past decade?
That very private US company so happy to share all their secrets with the gov of China could just have wanted nation wide DNA?
China might have got some new US tech out of the side deal but the US gov/mil got the needed DNA access...
Now other advance nations are doing the same to
Re: (Score:2)
I know what you are thinking. Its unfair to dumb people. But you got it backwards. [globalresearch.ca] They discriminate against high IQ people.
Robert Jordan, a 49-year-old college graduate, scored a 33 on an intelligence test he took as part of the application process to become a police officer in the town of New London, Connecticut. The score meant Jordan had an IQ of 125. The average score for police officers was a 21-22, or an IQ of 104. New London would only inter
Re: (Score:2)
All the smart people unable to work due to some genetic marker found by another nation.
Re: (Score:2)
those who might be interested
in building a bio-weapon that ONLY targets a very specific group of people based on a regional genetic profile would be VERY interested in such data
This only makes sense to someone who doesn't really understand the complexities of genetics. Unless you are talking about a population of clones, such a specific biometric weapon is unfeasible. Our DNA is much too unique and varied to be targeted as a group by such a theoretical weapon. Even in a parent-child relationship, the genetic crossovers number in the millions. A "targeted" weapon might hurt you, and not your father or mother, because there are so many differences in your genetics.
There is no geneti
Re: (Score:3)
Find a genetic marker found only in Nationality X and you can work on building a virus that only becomes lethal in folks who possess that particular marker.
The US is among the least vulnerable to such an attack vector.
Any possible marker you use from USA samples will guaranteed kill off a percentage of every nation on earth, including the attackers.
Any other nations markers targeted would at best kill a very tiny portion of the US population.
In other words they would do far more harm to their home country than any other, and far less harm to the US than all others.
The nationalities such an attack would work best on would not be aided in the slightest with a US
profit wins... always (Score:2)
But, ya, the potential for profit is huge, so, sorry, ain’t gonna get fixed.
Re: (Score:3)
GedMatch, as the article says, is run by volunteers. This is not a profit-driven organization.
Re: (Score:2)
So decades of DNA left by criminals (Score:1)
Give the police in the USA the tools and support they need to find criminals from the 1960-1990's who feel they got away with crimes for decades.
Do the testing and track them all down.
What is the CIA expecting other nations to do?
Test some US embassy "worker" DNA and find out their real wealthy family had the best education on offer and that their embassy ID is fictional?
That the embassy staff went to college under a different na
Re: (Score:2)
should not be investigated by the police due to "China" and "Russia"? Give the police in the USA the tools and support they need to find criminals from the 1960-1990's who feel they got away with crimes for decades. Do the testing and track them all down.
This is just another species of "if you aren't doing anything wrong, you don't have anything to worry about". It sounds great right up until the point that the people at the top decide that "doing something wrong" includes things like your particular party membership or, in the case of genetic databases, your racial background. Once this particular genie is out of the bottle, it's not a question of "if" it will be abused, but "when".
Re: (Score:1)
Should police not look at CCTV, do finger pints due to the numbers it adds to federal "racial background" database stats?
Not look at crime al all as the results and convictions show the reality of "racial background"?
Every decades and generation police get more tools to find criminals with.
Fingerprints, create card fraud tracking, CCTV, advanced city wide smartphone tracking, voiceprints
The ability to triangulate weapons fire in a city and respond.. compu
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Criminals get found.
Lazy police work gets detected decades later.
The media learns of another "person convicted of the crime wasn't guilty"...
The police and the prosecutor have to then try and talk their way out of the results of new DNA testing..
All great reasons to keep on testing
I've submitted my DNA to GedMatch (Score:1)
I did so after I heard about the use of this site to catch the "Golden State Killer" a few years ago. I would love it if my DNA could lead Law Enforcement to bring someone to justice.
There are always those who foresee a future like the dystopia in 1984. The truth is, technology always brings with it great potential for both good and evil. It's not the technology that's the problem. It's who is in power and how they treat people. Oppressive governments exist with or without technology. Likewise good governme