Laws Will Not Save the Genetic Collection Network from Its Inherent Dangers

The Only Way to Prevent the Spread of Your Genetic Information Is Abstinence

This has the feeling of material passed from hand to hand, not something written to convey a particular idea precisely. Why not something less generic and more pointed?

But can one really trust one's genetic information with these companies? While, for example, 23andMe promises that it will not share any of its information with third parties, it also claims that “under certain circumstances, [genetic] information may be subject to disclosure pursuant to a judicial or other government subpoena, warrant or order, or in coordination with regulatory authorities.”

Why is an issue of trust created when the company says that it is subject to the rule of law and obeys court orders? It seems to me that "trust" is the wrong category of analysis about what we might think problematic about the situation. Does the rule of law act differently when a court subpoenas the testing company rather than ordering a cheek swab to be taken from you?

In an age when online behavior the most precious commodities on the market, and one’s behavior is tracked by the government without one’s consent, it begs the question: are safeguards currently in place to keep our genetic safe from intrusion?

No proofreading, evidently. Why is "safeguards in place?" the question that would arise on the basis of the example you just gave?

So in the end, the tour of GINA and the Fourth Amendment is directed to the conclusion that using an elective genetic testing service is a privacy risk?

It seems to me that you have done more reading and assembling of sources than would be necessary to achieve this conclusion, which could be based instead on the two-step chain, information cannot be shared that does not exist in sharable form, therefore voluntarily sequencing one's genome creates privacy risk inherently, by creating sharable information.

Therefore, the evident route to improvement is to use the material you have got more effectively, by evolving a more capacious view from it. One approach might be the one I took above: thinking about the data creation process. Another might be to ask whether "genetic information" is a category different from "biometric information," or belongs instead to a class of "information whose risk profile results from the fact that it can't be changed if disclosed," or "information that can be used to undermine personal safety," or some other useful analytical classification.

The Genetic Collection Network

-- By ShayaAfshar - 05 Mar 2017

“As gene tests become common, possibilities for abuse will intensify. Banks might not offer you a mortgage if you were likely to die before it was paid off... Politicians might dig up dirt on their rivals... How far should law enforcement be allowed to go? Should prosecutors be allowed to subpoena a company’s DNA database of thousands of people if they suspect it contains a match to a crime suspect?” – Kashmir Hill

The Genome Unpacked

With the completion of the Human Genome Project in 2003, a new era of scientific innovation began. A wave of research ensued from the Genome Wide Association Studies that have identified hundreds of single Nucleotide Polymorphisms—a single nucleotide variation in a DNA sequence—that do everything from demonstrating statistically significant correlations with different disease phenotypes to exploring the means by which our genes interact with environmental factors such as smoking and nutrition.

In the wake of these developments, companies like 23andMe and Ancestry.com formed, promising to use the biomarker information collected from their consumer genetic test kits to serve a number of purposes, from assessing disease susceptibility prior to the onset of symptoms, to facilitating a more precise diagnosis through identification of disease subtype, to mapping one’s ancestral genetics.

But can one really trust one's genetic information with these companies? While, for example, 23andMe promises that it will not share any of its information with third parties, it also claims that “under certain circumstances, [genetic] information may be subject to disclosure pursuant to a judicial or other government subpoena, warrant or order, or in coordination with regulatory authorities.” In an age when online behavior the most precious commodities on the market, and one’s behavior is tracked by the government without one’s consent, it begs the question: are safeguards currently in place to keep our genetic safe from intrusion?

The Genetic Information Nondiscrimination Act of 2008 ("GINA") and the Fourth Amendment

GINA Protects Users' Genetic Information from Insurers and Employers

The Genetic Information Nondiscrimination Act of 2008 (“GINA”) protects an individual’s genetic information via a number of safeguards. For example, individuals are not required to provide genetic information about themselves to a health insurer under any circumstance. Because no access to genetic information is given to insurers, it follows that they cannot set premiums for an individual or a group of individuals based on genetic information. Additionally, under GINA, genetic information is considered health information and is therefore protected under HIPAA privacy laws, preventing its disclosure without the consumer’s permission. GINA also protects against genetic discrimination in the workplace. Like with health insurers, a patient is protected from an employer using any genetic information as a source for making decisions such as hiring, promotion, reimbursement, or termination.

Neither GINA nor the Fourth Amendment Prohibit the Search and Seizure of 23andMe Members’ Genetic Information

GINA, the only statute that 23andMe makes reference to on its website, is only useful to guard against insurers and employers. The Fourth Amendment of the U.S. Constitution prescribes individuals the right “to be secure in their persons, houses, papers and effects,” and this is where law enforcement is involved. The Fourth Amendment explicitly prohibits unreasonable searches and seizures and requires a judicially sanctioned warrant to be supported by probable cause. The constitutionality of a search is determined by a “totality of circumstances” standard, balancing the intrusion on an individual’s privacy against governmental interests.

The Supreme Court ruled on a relevant case, Maryland v. King, in 2013. In that case, police seized an arrestee's DNA via a cotton swab inside his cheeks, which was then deposited into a government DNA bank. The Supreme Court, overturning the appellate decision, used the “totality of circumstances” standard, and concluded that the search was reasonable because it was minimally intrusive to the arrestee and the information obtained from the DNA would help the government interest in solving and preventing crimes. Law enforcement, therefore, can collect DNA at a crime scene, but the Fourth Amendment restricts this seizure to defendants in criminal cases. The courts have not yet ruled on the privacy issues behind genetic testing websites.

The Real Dangers of Genetic Testing Services

In fact, 23andMe’s safeguard is simply its word, because there is little regulation of what companies can and cannot do with users’ genetic data. Users essentially sign away any recourse to prevent 23andMe from using their genetic data as it pleases. This genetic information would essentially amount to a “Holy Grail” for the healthcare industry, and it is therefore no surprise that data companies like Google financially back genetic ventures like 23andMe. The potential for targeted marketing, much in the same vein as Google has used its search data, is a highly realistic possibility if not an inevitability. It is no stretch of the imagination, then, to understand that like our internet data, our genetic data would not just be in the hands of marketers but also in the hands of governments. Already, law enforcement has used Ancestry.com to compare genetic information found at a crime scene with the Ancestry.com database to track down another suspect who was later determined innocent. The Electronic Frontier Foundation called law enforcement’s actions in this situation a “wild goose chase” that demonstrated “the very real threats to privacy and civil liberties posed by law enforcement access to private genetic databases.”

Until regulations are put into place, membership in services like 23andMe should be a nonstarter to anyone interested in privacy. Even then, regulations can only go so far: putting your genetic information on the internet leaves it vulnerable to a privacy breach, period. While I am sure 23andMe puts great care into its privacy, if only for liability reasons, it remains to be seen how this sort of information will be used in the future. If you—like many people in the legal profession—watch what you say on the internet, then entrusting your genetic information to a third party should be off limits.