I'm pretty sure there can be a "birthday paradox" variant of attack on genetics with respect to finding cold cases.
How many people need to voluntarily submit to genetic databases before cold cases can be connected easily across the population?
Even though it's easy to discuss "criminals", we also should be discussing genetic privacy rights alongside that. My own mother went through 23andme and had her genome mapped. Half of those genetics belong to me, yet 23andme didn't come to me for any sorts of permission. As far as I'm concerned, half of my data is in their database with absolutely no consent from me. (Nor have I ever submitted my dna for any of these companies.)
What am I to do about that? From where I sit, not a damned thing. If I wanted to have the data that I share with my mom, I too would have to submit to a full dna mapping. And along with that, what of the ML training of the disease questions? How do I not only purge my data, and sanitize their model from that data? I'm just not seeing it.
That is what's funny about DNA. It seems like the most private and personal thing there is, but you got all of it from other people. As you said, your Mom can test and share her DNA without your permission, even though you share half of it. The same is true for the thousands of other relatives you have out there who all share parts of your DNA. So your particular genome is highly personal, but it's made up of shared data that you don't have any hope of being able to keep private.
The actual thing that those companies like 23andme get is your consent. Your genes already stick on everything you touch. They are basically public.
If you refund something bought at an online retailer, they could theoretically use the opportunity to sequence your genes. But they don't because they need your consent. But then again, genes are just biological manifestation of data and in your TOS you agree to them processing your data and using it to recommend products to you don't you? If most people don't care how many data companies collect about them, will they care if the online retailer is doing something like this?
> How many people need to voluntarily submit to genetic databases before cold cases can be connected easily across the population?
We’re already there. These cases a getting cracked because the suspect pool is often narrow enough just using GEDmatch, that’s practical to follow them all around to get discarded DNA.
It's an instance of the general "social network" problem of privacy. If you are in a group of friends who all like some particular artist, you are very likely to like the artist too. It doesn't mean you'll always like them, but there is a strong correlation. This can be done for so many characteristics, educated or not, gay or straight, liberal or conservative.
Now, if a sizeable portion of your group is in some social network where they share details of their life, like, say facebook, then facebook will a) know you exist because your e-mail address and your phone number will be uploaded to them as part of the address book upload that apps have and b) know all these things about you without you ever telling facebook, having joined facebook, or being able to do anything about it.
As you observed so well, the same holds true for genetic testing. Maybe some point in the future you'll receive spam mails for preventative health measures concerning some genetic disorder that runs in your family. Or you'll have a hard time getting life insurance. I don't want to live in such a world, but it's coming.
> I'm pretty sure there can be a "birthday paradox" variant of attack on genetics with respect to finding cold cases
Yes.
While not directly the same as your single-person birthday paradox example, there is a huge difference in the likelihood of two random samples matching vs finding matches within a database of samples.
In one database [1], there were 122 matches in 9 or more markers in a set of 65,000 people. The 9-marker matches, if done on two random people, would be "1 in billions" type matches.
The short story is: Even smart folks don't understand statistics and misunderstandings can have life-altering effects.
Unfortunately, DNA testing nowadays operates on much smaller samples, which are exponentially more difficult to analyze correctly, and there is no oversight. Even worse, simply concluding that the suspect's DNA cannot be ruled out (the result was inconclusive), is often enough for a conviction [1].
This is very cool technology, but the injustice that will result from its use by law enforcement will be terrible indeed...
The main wrongful conviction in article happened in 1999. I'm not sure if they are the same technique used in recent years but the article also alluded to the mother discovering the DNA match was different. For something like that I feel it's not the maturity of the technique but the expertise behind it's usage.
10 comments
[ 3.6 ms ] story [ 34.9 ms ] threadHow many people need to voluntarily submit to genetic databases before cold cases can be connected easily across the population?
Even though it's easy to discuss "criminals", we also should be discussing genetic privacy rights alongside that. My own mother went through 23andme and had her genome mapped. Half of those genetics belong to me, yet 23andme didn't come to me for any sorts of permission. As far as I'm concerned, half of my data is in their database with absolutely no consent from me. (Nor have I ever submitted my dna for any of these companies.)
What am I to do about that? From where I sit, not a damned thing. If I wanted to have the data that I share with my mom, I too would have to submit to a full dna mapping. And along with that, what of the ML training of the disease questions? How do I not only purge my data, and sanitize their model from that data? I'm just not seeing it.
If you refund something bought at an online retailer, they could theoretically use the opportunity to sequence your genes. But they don't because they need your consent. But then again, genes are just biological manifestation of data and in your TOS you agree to them processing your data and using it to recommend products to you don't you? If most people don't care how many data companies collect about them, will they care if the online retailer is doing something like this?
Not that that'll prevent identification.
We’re already there. These cases a getting cracked because the suspect pool is often narrow enough just using GEDmatch, that’s practical to follow them all around to get discarded DNA.
Now, if a sizeable portion of your group is in some social network where they share details of their life, like, say facebook, then facebook will a) know you exist because your e-mail address and your phone number will be uploaded to them as part of the address book upload that apps have and b) know all these things about you without you ever telling facebook, having joined facebook, or being able to do anything about it.
As you observed so well, the same holds true for genetic testing. Maybe some point in the future you'll receive spam mails for preventative health measures concerning some genetic disorder that runs in your family. Or you'll have a hard time getting life insurance. I don't want to live in such a world, but it's coming.
Yes.
While not directly the same as your single-person birthday paradox example, there is a huge difference in the likelihood of two random samples matching vs finding matches within a database of samples.
In one database [1], there were 122 matches in 9 or more markers in a set of 65,000 people. The 9-marker matches, if done on two random people, would be "1 in billions" type matches.
The short story is: Even smart folks don't understand statistics and misunderstandings can have life-altering effects.
[1] https://www.theatlantic.com/science/archive/2015/10/the-dark...
This is very cool technology, but the injustice that will result from its use by law enforcement will be terrible indeed...
[1] https://www.theatlantic.com/magazine/archive/2016/06/a-reaso...