Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

FBI, US g-men tried to snatch DNA results from blood-testing biz. What a time to be alive

23andMe reveals four law enforcement requests

+Comment Not content with snooping on your emails, whereabouts and telephone calls, it appears the Feds now want your DNA results.

DNA testing company 23andMe says it has received four requests from law enforcement agencies for "user data" in the past quarter, all of them from the United States.

Those stats came in the first "transparency report" from the company on Wednesday. At the same time, it launched a new "personal genome service" (PGS) test that it says will provide you with 60 different data points covering "health, ancestry, wellness, and personal."

The transparency report is frustratingly vague. We asked the company how it defined the term "user data" and it told us: "Any personal information relating to one of our customers, including but not limited to name, email address, health, and genetic information."

It confirmed that this includes the results of the tests it carries out on your behalf. But we don't know exactly what was asked for, or under what justification.

Likewise, who is "law enforcement"? Does it include the FDA? The company told us: "We've received requests from both state and federal law enforcement organizations. Only two of the four requests were legally valid, one from the FBI and one from a state law enforcement agency."

So on at least one occasion the FBI has asked for specific details on an individual. We don't know for a fact it was their DNA tests, but since that is 23andMe's sole function, it's a fair bet.

Privacy

On the plus side, 23andMe refused to hand over the details requested – whatever they were. Under its privacy policy, it promises not to use user data without consent, unless: "(i) the information has been anonymized or aggregated so that you cannot reasonably be identified as an individual; or (ii) a legal obligation requires us to use it in some way, e.g., a court order requires us to disclose the information."

Of course, there is some irony in the company publishing the transparency report on the same day that it launched its new service. Suddenly the potential problem has grown much larger.

That new test comes after two years of work with the FDA, after the agency told 23andMe that it must "immediately discontinue marketing the PGS until such time as it receives FDA marketing authorization for the device."

The FDA was concerned about the danger of false positives or negatives giving patients misleading information about their risk of contracting serious diseases or conditions.

Even though 23andMe didn't hand over any data in this instance, it does put a spotlight on the fact that we are increasingly reliant on corporations to protect hyper-personal data.

And we have seen repeatedly in recent years the willingness of both corporations and law enforcement agencies to push the envelope, in their own interests, on what is acceptable or even legal.

It's worth noting that when the FDA undercut 23andMe's business by forcing it to take down its test, soon afterwards the company sold access to parts of its DNA database to pharmaceutical companies Genentech and Pfizer, with a cut on any new drugs developed as a result. It was a smart business move. But that business is people's most personal data, and the financial reward is already there in its commercial exploitation.

Security

Even if we assume that those with such data and those with the legal powers to force the handover of data will not abuse our trust, there is the issue of security and data storage. As we have seen time and time again, companies do not protect their data sufficiently, leaving them open to hackers.

When millions of credit card details are leaked, it is bad enough, but imagine what would happen if the details of millions of DNA tests are put online or sold on the dark web.

The FDA did its job in this case, as frustrating as it must have been for 23andMe. The FDA has ensured that medical tests are being carried out appropriately and with the necessary levels of care and attention. It is protecting the public for the public's own good.

But until we have a government agency with equivalent powers to force companies to maintain high data-security and privacy standards, the insertion of Silicon Valley-style disruption into our personal lives, albeit through innovative companies, is a disaster waiting to happen. ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like