23andme & Ancestry.com aggregated the world's DNA; the police obliged them by asking for it


[Read the post]


We’ve read the stories of Google and Facebook resisting requests from the government. Are they true? In these divorce cases when Facebook are subpoenaed, do they actually provide data from divorcee accounts?


Strikes me as simple enough to ensure that personal data be encrypted so as to require the active, conscious, participation of the owner to access it. If the datastore owner wants to play too, to protect their liabilityinvestment, I’d be ok with that.


They should take a clue from librarians:


I seem to recall on a police procedural type show (I don’t remember which one or all the specifics) a rich suspect with one of those giant DNA pictures (23andMe sold these, right? Edit: I was thinking of dna11.com) on his wall was refusing to submit to a DNA test and the police didn’t have enough evidence for a warrant. One of the detectives snapped a photo of his DNA picture and they were able to “magic” it into a positive DNA match sufficient for a warrant.

Possible or just CSI-style nonsense?


DNA picture? Mayhap a picture of a PCR reaction run on an agarose gel? Producing multiple bands?

If yes, then sure, any picture that includes all of it includes the full result, that is, a sampling of information. It’s very far from knowing their complete genome, that is, the full extent of information stored in their DNA. It’s like, these PCR tests take out page 10, 154, 1224 and a few more from a book many thosand pages long, and then checks two words on each page. That’s about the size of it. You can often tell people apart on those words, but it doesn’t describe their full genomes in any way.


Yes! It was a styilzed version of this in wall hanging form. Something like what you can get from here: http://www.dna11.com

So would a “match” based on something like this have evidentiary value?


It’s a bit like a fingerprint, based on DNA. So you check a few places in the genome where you know there is a certain amount of variation. Maybe at one place, there might be 10 or 100 variants. After you check enough of these places, it’s like lottery: getting every number right by pure chance is very unlikely - instead it is likely that both samples have the same source.

This is the basic idea but the details wouldn’t hold up exactly.


Wasn’t 23andme one of those websites BoingBoing was touting as the very latest cool thing? Amazing how the latest cool thing keeps turning around and biting us these days.

*See also, the wireless webcam below, optimized for use with your smart phone, and no real mention of security. What’s the worst that could happen?


23andme isn’t biting you, it’s the government.


Amazing how the government keeps turning around and biting us these days.


Sounds like a good idea, but how could that work? On facebook (or the comments section here), would your feed just be a list of notifications “XYZ posted something, contact them to decrypt it so that you can see it.”?

How would a company that processes data make use of that data if for every query against the database they had to contact the owner of every single row in the database to decrypt it in order for the query to run?

I suppose in some cases you could make all the data unencrypted except for a relation table that links data to specific people/accounts, and you would have to decrypt that link for them to know which was your data. But how would that work with things like Facebook, Google, forums, phone company/ISP records, etc.?

Also, I wonder about “we will notify the affected customer through the contact information provided to us, unless doing so would violate the law or a court order”. I’m imagining a company legally required to notify customers when their data is being disclosed (required due to contract/TOS or whatever), doing so and just letting the lawyers fight a duel over the paradox that they were both legally required to and legally ordered not to. Doesn’t seem like that would go well for the company. I think there have been cases like that, but can’t think of one right now.


It’s kind of hard to blame the government for Ashley Madison, or for Target. Leaks are going to get more frequent and more damaging from here on. The government sure doesn’t help matters when they weaken crypto, and put private data in the hands of flawed workers. But big business is also making things worse, and all these clever little startup are starting to look like so many honeypots.

I’ve met quite a few seniors who are leery of putting their credit card information into a website. Maybe that’s where this ends - when all of us assume the internet is rotten with corruption and only a fit place for cat videos.


As you suspected, utter nonsense!

Here’s a TINY snippet to show you what you’d need:

rs12755035 1 2016221 GG
rs3128326 1 2016263 CC
rs884080 1 2016609 GG
rs7513222 1 2017761 AG
rs908742 1 2023116 AG
rs10910030 1 2025544 CC
rs12410859 1 2028592 CT
rs4648807 1 2030758 TT

Multiply that by millions and you’ve got a “picture” that could be used to prove a positive DNA match.


Since 2001.


Based on scandals involving forensic DNA testing, I’d say that people have been convicted on that little.


Cool. Thanks for the ELI5 - much appreciated. Everything I know about DNA is what I learned from watching Jurassic Park. Definitely not an area of expertise for me.


“… Government by the Corporations, for the Corporations shall not perish from the earth.”

@Boundegar, there are cat videos on the internet? Why didn’t some one tell me this before!?


Because the (genetic) data itself doesn’t need to be encrypted. Only the personal details. You may still do your searches and statistics and pretty much anything you like. It’s only when the data is tied to an identifiable human being that it becomes interesting to ‘authorities’. On an personal level, a private individual would be able to look for ‘cousins’ by matching their own data with others’ (at that stage anonymous) data. It’s only when you want to contact your new-found cousin that you’re required to interact with them co-operatively.

Oops - I answered before I read your next para. I see we’re an accord though, so it doesn’t matter.

No idea. It probably couldn’t. Or I’m too dim to think of something. But in any case I was only concerned with protecting the general public from fishing expeditions on DNA matches.


This topic was automatically closed after 5 days. New replies are no longer allowed.