TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

United States Privacy Digest | Notes from the IAPP Publications Editor, May 4, 2018 Related reading: EU seeks global recognition of digital regulations



Greetings from Portsmouth, NH!

In popular culture, perhaps one of the most interesting stories this week involved the capture of the infamous Golden State Killer. After his reign of terror in the 1970s and ‘80s, investigators have spent decades trying to identify the serial rapist and murderer. Even with DNA samples from crime scenes on hand, detectives had never found a match over the years. That is until Paul Holes, an investigator and DNA expert, used a consumer-facing DNA-matching website to find the killer.

Using preserved DNA from a past crime scene, Holes found the killer’s great-great-great grandparents, who lived in the early 1800s. From there, a team of investigators created more than two dozen family trees, which included thousands of relatives. The team “used census data, old newspaper clippings and a gravesite locator to find the deceased relatives,” The Washington Post reported. “When they got to the current day, they turned to police databases and websites such as LexisNexis.”

Through process of elimination, the team eventually located a “72-year-old retiree who was quietly living out his golden years in the Sacramento suburb of Citrus Heights.” From there, law enforcement “scooped up an item discarded by the man that contained his DNA,” and compared it to the DNA from a past crime scene. They found a match, and Joseph James DeAngelo was arrested late last month.

It’s an amazing story. Holes and his team worked long, meticulous hours to find DeAngelo, and should be applauded for their efforts.

The story also gives rise to a host of privacy and ethical questions about our DNA, how commercial sites use it, and how much of it is accessible to law enforcement. A lawyer connected with the site used by Holes, GEDmatch, said, “The purpose [of the service] was to make these connections and to find these relatives … It was not intended to be used by law enforcement to identify suspects of crimes.”

Our DNA isn’t just personal information, it’s familial information. When investigators uploaded the crime scene DNA, they found matches to the suspect’s relatives, not DeAngelo, himself. So, if one family member decides to upload their DNA, it affects the genetic privacy of that person’s family going back generations. DNA can also reveal a lot about a person’s health and future health.

That’s what stuck out to me in another report that came out this week about DNA testing for IQs. MIT Technology Review reported on DNA IQ, a “test scenario” that could be sold to parents “to predict kids’ mental abilities and make schooling choices,” something the creator of the test calls “precision education.” Would you pay $50 to find out your child’s odds of receiving a PhD? What would you do with the information?

The report has found at least three other online services that are tying DNA to IQ. But MIT points out that much of the genetic research connecting DNA to IQ may be flawed; companies like 23andMe have stayed away from predicting IQ because of the unreliability of intelligence reports.

Predicting how kids will do later in life brings up ethical issues related to eugenics, pre-determination and other creepy things out of a science-fiction novel. Of course, there’s an upside to all of this. If a person who’s been tested has a high likelihood of getting cancer, he or she can work to pre-treat it. That’s a great thing. But if companies like Cambridge Analytica mine personal data to potentially sway elections, imagine what could be done to human populations if DNA data is mined on a massive scale. Perhaps I’m projecting a bit here, but the potential downside is palpable.

Commercial use of DNA is here, as are all the ethical and privacy issues that come with it. There’s a tremendous upside. But it’s already impossible to control our personal data online these days. How will controlling and protecting our DNA data be any different?


If you want to comment on this post, you need to login.