What You Should Know Before You Submit Your DNA to Anyone

Privacy / February 16, 2021 May 2, 2023

What You Should Know Before You Submit Your DNA to Anyone

Before you submit your DNA to anyone, we suggest you consider the following.

Forensic science has advanced human knowledge and provided definite benefits in a number of fields. Two commercial DNA analysis companies are using their customers’ genomes to study how genetics determine the severity of COVID-19 symptoms patients experience. The nightly news and plenty of television police dramas remind us of the importance of DNA in crime scene investigation.

Sophisticated genetic analysis was largely responsible for the capture and conviction of the Golden State Killer. Putting a man who committed as many as a dozen murders and 50 rapes no doubt is a happy ending. But the case also raised serious privacy implications that could give genealogists and family tree-tracers pause. If you’re not careful, trying to trace your ethnic composition, trying to find out about potential allergies and susceptibility to certain diseases, or learning if you’re related to Abraham Lincoln or George Clooney could expose you and your family to unwanted scrutiny, suspicion, and harassment.

Genetic Breadcrumbs

Submitting DNA samples to popular sites like 23andMe, Ancestry.com, MyHeritage, and FamilyTreeDNA – which, combined, warehouse the chromosomal codes of more than 30 million people – is anything but secure. Compounding matters, uploading your DNA also uploads partial sequences of people related to you. Posting your genome to a commercial database provides a direct link to your parents and siblings and a scent that bloodhounds can follow to more distant relatives and vice versa.

“So, you aren’t just putting your own DNA out there, possibly to be used in police investigations. You’re putting theirs out there too, without necessarily having their consent”, Debbie Kennett, an honorary research associate in the Department of Genetics at University College of London, told The Independent.

That’s how police apprehended the Golden State Killer. Investigators uploaded DNA fragments from the serial killer’s crime scenes to a website that aggregates results from the commercial testing services. The site compared them to millions of voluntarily submitted samples and led police to several people who shared some of those DNA sequences because they are somehow related to the suspect. Those results led them to other relatives and greater DNA similarities until they narrowed their search to Joseph James DeAngelo. He was a perfect match, and the cops had their man.

It’s not hard to imagine law enforcement badgering relatives of people they consider suspects to surrender their DNA for comparison.

Other Hazards

Sending the police to call on your Aunt Eloise isn’t the only potential collateral damage commercial DNA testing can incur

• Scams – There are limits to what DNA can reveal, but some less-than-scrupulous companies may not make that clear. They may make sweeping generalizations about a person’s ideal diet, athletic ability, or other physical attributes. Relying on these dubious claims as the basis for nutrition, exercise regimens, or dating targets is destined to prove foolhardy.

• Identity Theft – Security measures increasingly are using biometrics and genetic traits to prevent identity theft. But crooks are just as quick to find ways around these measures. GEDmatch – the same company that played an unwitting role in the Golden State Killer’s capture – recently reported a “sophisticated attack” that exposed the DNA profiles on its servers to police perusal for several hours. The next attack might make give access to the shadowy figures lurking on the dark web.

• Secrets Exposed – Because DNA reveals familial relations, people researching their heritage may accidentally find out their dad is not really their dad. One family man was taken aback when a young woman reached out to him only days after he submitted his DNA for testing. She was his daughter, conceived with sperm he donated more than two decades before. She had tracked him down through a donor profile and her own DNA-matching skills. He has since made contact with nearly 20 more offspring conceived the same way.
Unlike undergoing a DNA test in a hospital or clinic, trusting a consumer testing service forfeits HIPAA protections. “[With] genetic data that’s generated outside of the health care setting, there’s a relatively low baseline of protection, and that’s provided generally by the Federal Trade Commission,” Dr. James Hazel, a postdoctoral fellow at the Center for Genetic Privacy, told the New York Times. “So, the Federal Trade Commission…has the ability to police unfair and deceptive business practices across all industries. Other than that, there are
really no laws in the United States that apply…”

Attempt to Protect Yourself

While there are no guarantees, you can safeguard your DNA privacy by using only large companies whose names you recognize. Stick with 23andMe, Ancestry.com, and a few other industry leaders.

Also, read the user agreements and opt-out of any services that make you uncomfortable or may yield too many clues to your identity. Some vendors ask permission to use samples for academic studies. They always strip away names and other identifiers, but there’s still the chance for human error.

Some companies offer to store your DNA for retesting if and when technologies advance to the point where a reexamination could lend additional insights. You may prefer your sample to be destroyed after mapping.

Finally, all leading sites offer the option of deleting your information from their databases. See the specific services’ websites for information. Regulations may require the sites to keep some information, but it will not be used or searched after you revoke permission. Follow-up with them later to ensure they actually deleted your information.

Here are some additional stories that have been published before and after our initial writing of this article:

The 2020 Census and Your Privacy ~ What You Should Know

Privacy / September 30, 2020 February 17, 2021

The 2020 Census is coming! In exactly one month, households will begin receiving official Census Bureau mail with detailed info on how to respond to the Census online, by phone, or by mail. The online and telephone response options are available starting March 12.

More than 1,000 advertisements designed to reach 99% of U.S. households will advertise the coming of the census in English and 12 other languages over the next couple of months.

You may be surprised to learn that the U.S. Constitution requires the government to count every person living in the country once a decade.

The report compiled using census statistics is called the American Community Survey (ACS). The American Community Survey (ACS) is the premier source for detailed population and housing information about the United States.

How Census Data is Used

Modern census facts and figures are commonly used for research, business marketing, and planning. The changes over time can cause a ripple effect. Info from the census survey gets broken down to a neighborhood-like level.

The census may show that the population is migrating from large cities to the suburbs and smaller cities which will affect consumer preferences.

Homebuilders, police departments, and town and city planners are among the many private- and public-sector decision-makers who count on these annual results to plan services and policies: from building roads,² deciding where highways are expanded, building power plants to attracting jobs and planning emergency evacuations. These statistics help determine how federal funding is spent on infrastructure and services. As an example, the ACS contains many questions related to housing. These include the age of your home, its plumbing, its insurance costs, and the type of heating fuel used.

The U.S. Chamber of Commerce, the National Retail Federation, and the Mortgage Bankers Association are just a few of the dozen organizations that have previously lobbied to protect the ACS, saying it's vital for developing business investment.

About 3.5 million households participate in the ACS, with the respondents picked at random and scattered around the country in a way designed to capture the full extent of the diversity. The response rate is 97 percent, so only three of every 100 people contacted refuse to cooperate. Info from the survey gets broken down to a neighborhood-like level.

As a researcher, I and therefore, my clients, have been a beneficiary of the statistics gathered in each Census. I use industry reports quite often to help clients who want to learn about a market into which they may be entering. I have used census statistics to help clients determine where or whether to build schools, plan school bus routes, and prepare school superintendents for the future of their districts.

What to Expect

You probably have already received a letter in the mail. Those who decide not to respond will most likely receive a follow-up phone call from a Census employee. You may also have someone come to your home to interview you.

To increase convenience and save money, the ACS also is available to complete online. You still have the option of a paper questionnaire or phone interview.

In the past, the Census has called people on their cell phones. You may be surprised that the unanswered questionnaire mailed to you will ask about your investment income and utility bills (a Census question since 1940). you may also be disturbed by questions about the location of your children's school and the pattern of your commute to work (an avenue of Census inquiry that started in 1960).

Skipping a Census question

Refusing to answer any census question is against the law and could be costly. The census law (Title 13, United States Code, Section 224), coupled with the Sentencing Reform Act of 1984 (Title 18, Sections 3551, 3559, and 3571), provides for penalties of up to $5,000 for failure to report, and $10,000 for intentionally providing false information, the bureau separately says Census.gov online, citing Section 3571 of Title 18.

Privacy

Although the Census provides useful statistical information about a population, the availability of this information can sometimes lead to abuses, political or otherwise, by the linking of individuals' identities to anonymous census data. This is particularly important when individuals' census responses are made available at detailed levels. Still, even aggregate-level data can result in privacy breaches when dealing with small areas and rare subpopulations.

For instance, when reporting data from a large city, it might be appropriate to give the average income for minority females aged between 30 and 50. However, doing this for a town that only has two minority females in this age group would be a breach of privacy because either of those persons, knowing her income and the reported average, could determine the other woman's pay.

Persons concerned about the privacy of their answers should know that, under federal law, all employees and officials of the Census Bureau are prohibited from sharing a person's personal information with anyone else, including welfare agencies, the Immigration and Customs Enforcement, the Internal Revenue Service, courts, police, and the military. Violation of this law carries penalties of $5,000 in fines and up to five years in prison.

What To Do to Protect your Privacy

There isn't much you can do. This article from NPR reports that for the first time, personal information from federal and state records, such as tax returns and Medicaid applications, as well as public utility records will be used to fill in the blanks on 2020 census forms.

We can see from the recent news that our data is pretty likely to be breached at some point in the future. Considering all of the computers and databases which will be used to compile the census data and all the agencies with connecting networks using the information, it could be just a matter of time..

In a study conducted by two students at the Harvard John A. Paulson School of Engineering and Applied Sciences, who explored data leaks for their final project in Privacy and Technology, they showed that a cybercriminal doesn’t have to have a specific victim in mind. They can now search for victims who meet a certain set of criteria. The census information can help criminals find that data.

For example, in less than 10 seconds one of the students produced a dataset with more than 1,000 people who have a high net worth, are married, have children, and also have a username or password on a cheating website. Another query pulled up a list of senior-level politicians, revealing the credit scores, phone numbers, and addresses of three U.S. senators, three U.S. representatives, the mayor of Washington, D.C., and a Cabinet member.

Steps You Can Take

One thing you should not do is lie (it's a crime) and don't provide false answers. Remember if you pay property taxes or utility bills, your residence is not unknown to the government. Complete your form because not completing it is against the law as well although a lesser crime than lying. Drawing attention to yourself by breaking the law will not be helpful. A chart of response rates from census.gov shows that they do have a maximum contact attempt rate so they do keep trying to reach you.

Do use a Voice Over Internet ( VOIP) number such as Google Voice when asked for a phone number. Don't use your cell phone number.

In the article entitled “How to Protect Yourself After a Data Breach, it is suggested that we “Follow the news. It is not a bad idea to type “data breach” into Google News once a day to see who the latest company has been. Then if you shopped at that store or restaurant, or provided your information on the site, you know to be extra vigilant about your credit card activity.”

References