What You Should Know Before You Submit Your DNA to Anyone
Before you submit your DNA to anyone, we suggest you consider the following.
Forensic science has advanced human knowledge and provided definite benefits in a number of fields. Two commercial DNA analysis companies are using their customers’ genomes to study how genetics determine the severity of COVID-19 symptoms patients experience. The nightly news and plenty of television cop dramas remind us of the importance of DNA in crime scene investigation.
Sophisticated genetic analysis was largely responsible for the capture and conviction of the Golden State Killer. Putting a man who committed as many as a dozen murders and 50 rapes no doubt is a happy ending. But the case also raised serious privacy implications that could give genealogists and family tree-tracers pause. If you’re not careful, trying to trace your ethnic composition, trying to find out about potential allergies and susceptibility to certain diseases, or learn if you’re related to Abraham Lincoln or George Clooney could expose you and your family to unwanted scrutiny, suspicion, and harassment.
Submitting DNA samples to popular sites like 23andMe, Ancestry.com, MyHeritage, and FamilyTreeDNA – which, combined, warehouse the chromosomal codes of more than 30 million people – is anything but secure. Compounding matters, uploading your DNA also uploads partial sequences of people related to you. Posting your genome to a commercial database provides a direct link to your parents and siblings and a scent that bloodhounds can follow to more distant relatives.
“So, you aren’t just putting your own DNA out there, possibly to be used in police investigations. You’re putting theirs out there too, without necessarily having their consent”, Debbie Kennett, an honorary research associate in the Department of Genetics at University College of London, told The Independent.
That’s how police apprehended the Golden State Killer. Investigators uploaded DNA fragments from the serial killer’s crime scenes to a website that aggregates results from the commercial testing services. The site compared them to millions of voluntarily submitted samples and led police to several people who shared some of those DNA sequences because they are somehow related to the suspect. Those results led them to other relatives and greater DNA similarities until they narrowed their search to Joseph James DeAngelo. He was a perfect match, and the cops had their man.
It’s not hard to imagine law enforcement badgering relatives of people they consider suspects to surrender their DNA for comparison.
Siccing the fuzz on your old Aunt Eloise isn’t the only potential collateral damage commercial DNA testing can incur:
• Scams – There are limits to what DNA can reveal, but some less-than-scrupulous companies may not make that clear. They may make sweeping generalizations about a person’s ideal diet, athletic ability, or other physical attributes. Relying on these dubious claims as the basis for nutrition, exercise regimens, or dating targets is destined to prove foolhardy.
• Identity Theft – Security measures increasingly are using biometrics and genetic traits to prevent identity theft. But crooks are just as quick to find ways around these measures. GEDmatch – the same company that played an unwitting role in the Golden State Killer’s capture – recently reported a “sophisticated attack” exposed the DNA profiles on its servers to police perusal for several hours. The next attack might make give access to the shadowy figures lurking on the dark web.
• Secrets Exposed – Because DNA reveals familial relations, people researching their heritage may accidentally find out their dad is not really their dad. One family man was taken aback when a young woman reached out to him only days after he submitted his DNA for testing. She was his daughter, conceived with sperm he donated more than two decades before. She had tracked him down through a donor profile and her own DNA-matching skills. He has since made contact with nearly 20 more offspring conceived the same way.
Unlike undergoing a DNA test in a hospital or clinic, trusting a consumer testing services forfeits HIPAA protections. “[With] genetic data that’s generated outside of the health care setting, there’s a relatively low baseline of protection, and that’s provided generally by the by the
Federal Trade Commission,” Dr. James Hazel, a postdoctoral fellow at the Center for Genetic Privacy, told the New York Times. “So, the Federal Trade Commission…has the ability to police unfair and deceptive business practices across all industries. Other than that, there are
really no laws in the United States that apply…”
While there are no guarantees, you can safeguard your DNA privacy by using only large companies whose names you recognize. Stick with 23andMe, Ancestry.com, and a few other industry leaders.
Also, read the user agreements and opt-out of any services that make you uncomfortable or may yield too many clues to your identity. Some vendors ask permission to use samples for academic studies. They always strip away names and other identifiers, but there’s still the chance for human error.
Some companies offer to store your DNA for retesting if and when technologies advance to the point where a reexamination could lend additional insights. You may prefer your sample to be destroyed after mapping.
Finally, all leading sites offer the option of deleting your information from their databases. See the specific services’ websites for information. Regulations may require the sites to keep some information, but it will not be used or searched after you revoke permission.
Here are some additional stories that have been published after our initial writing of this article: