Hacking your DNA data
Hannah - This week we've been talking about ethical issues in medicine and so far we've been discussing the price of drugs.
But in recent years medicine is becoming more and more personalised, with drugs being adapted to our specific DNA codes.
With all this sensitive data needing to be stored some people including Yaniv Erlich from MIT concerns about the safety and privacy of our genetic information as he explained to Kate Lamble
Yaniv - The genome is basically 3 billion letters that consist our DNA. This is the material that is inherited from our parents and basically represents our heritage. For most of the traits and the diseases that we know, there's a strong genetic component. But it's important to emphasise that for most of the diseases, the genome doesn't determine the trait it just increases the predispositions. By analysing genomes, we can understand this tendencies in the hope that in the future, we can suggest treatments based on the genetic makeup of the person, what is called personalised medicine.
Kate - So, you're concerned about the security of this genetic data. If I gave my genetic data to somebody, what would be the problem if someone identified me? I mean, I put lots of information on Facebook and Twitter, in the public domain about myself all the time. how would someone having my genetic information be different? What could they do with it?
Yaniv - The thing is that, it's a question of personal taste. Some people are really open about showing data about themselves. Other people have some concerns about their privacy. Some people are concerned that they might be discriminated based on their genetic makeup. So, our project was mainly to show that this can happen and to tell people that they should be aware of that.
Kate - Are there laws against it? As well as just protecting ourselves sort of by not sharing our data, are there laws being enacted to prevent this from happening in the future?
Yaniv - So, here in the US, we have GINA - the Genetic Information Non-discrimination Act. According to GINA, you cannot be discriminated in your workplace or by health insurance based on your genetic material. But GINA as of today doesn't protect you from discrimination by your life insurance company or long term care. So, it gives you some cover, but the blanket is not full. There are few services that you'll be denied based on your genetic makeup.
Kate - If I donated my genetic data or gave my genetic data to either research institute or to my doctor for some personalised medicine, they were going to anonymise that data, take my name off it. How could somebody then know that that data was mine?
Yaniv - Your genome is a strong identifier of yourself and I will tell you a little bit about our study. We focus on males. Now males get the Y-chromosome from their father and therefore, they got his Y-chromosome from his father. Now, in most western societies, males get their surnames from their fathers as well. So, this creates a correlation between the Y-chromosome and the surname. What we showed that you can take whole genome sequencing data that is apparently de-identified or anonymised and then by inspecting the Y-chromosome and searching it online genetic genealogy databases, you can find the surname of the individual. And then we considered if you know the age of the person and the geographical location. In most cases, you have this information as part of the metadata. So, we said, "Okay, if you have surname, you have the age, and you have the geographical region, you can really identify the person and get to this individual." We showed that in several examples that we can get to people that posted their genome anonymously on the web that we can identify them.
Kate - It amazes me that these genetic databases that you can use to identify somebody's surname and just lying around on the web. How did we get ourselves into a situation where that information is just out there?
Yaniv - Many people are interested about their heritage and about their ancestry. This databases created by the really vibrant community of genetic genealogists - by the way, I'm part of this community as well. They also put my Y-chromosome and my surname in these databases because I wanted to know more about my heritage. Now, the thing is that, if you contribute, it enabled people to identify all your patrilineal relatives.
Kate - So, if we want to protect this data and do more than just anonymise it, I mean, I share my banking details online to buy things on the internet through PayPal and things all the time. can we just use the same practices that they do to protect our genetic information?
Yaniv - It's a bit different because when you share your bank information, what you're trying to protect is from a third party that will tap into the conversation or the online transaction. But the bank that you are communicating with sees all the information. So, we cannot use just the simple encryption methods, but there are new methods that are currently developed but I have to say that they're still in their infancy. In these methods, you could share genetic information. Let's say, we have some companies that try to interpret the information for you. And under these encryption methods called homomorphic encryption, the interpretation company, the company that tries to say what are the predispositions that you have, they don't really see the actual data. So, think about that you have a brick of gold and you want to go to a jewellery maker, but you don't really trust that jewellery maker. He might just take the brick of gold and run away. So, what you could do, you could take this brick of gold, place it in a glove box and put inside the glove box all the equipment that he needs to make the necklace. You lock that glove box with the best lock in the world and now, you give it to the jewellery maker. Now, the person has not interest of finding a way because he will never be able to break into the glove box and steal the gold brick, but he can still make the necklace for you. The same way this encryption method that you put your genetic information inside this mathematical glove box. Now, you give this glove box to the company. They know how to process this encrypted data and to derive the predispositions, but they don't see the actual results. They cannot just take them and run away. You get back this glove box, you open with your key, and now, you get these processed genetic information that you can do something with it. You can go to your physician or use it for other purposes.