You Can Donate Your Genome For Medical Research, But Not Anonymously

An anonymous reader writes "Dozens of volunteers who anonymously donated their genomic data to a public database for medical research have been identified by a team led by Yaniv Erlich, a former computer security researcher turned geneticist. Erlich's team matched Y chromosomal markers in genomes compiled by the 1000 Genomes Project with non-anonymous genomic databases, for example some assembled from contributions by family tree enthusiasts (abstract). After finding a match on a presumed relative of the study participant, the researchers pieced together the relative's family tree through search engines and the like, until they were able to identify the participant based on gender, age, place of birth, and other supposedly 'non-identifying' information associated with the genome. The names of the identified participants have not been released."

Re:

[Anonymous Coward]

Those of us who see these privacy problems in advance are called "tinfoil hatters" and the like, but only by the rabble who act like everything always goes according to plan.

The defender must successfully deal with every potential threat. The attacker only has to find the one thing the defender missed. Thus, security favors the attacker. In this case, the investigator trying to find out who this "anonymized" info belongs to is the attacker.

Is that really so hard to understand? Do you see how un-ju

Re:

[I Mean, What]

Evil will always triumph over good, because good is dumb.

Re:

[Runaway1956]

Albert Einstein explained it already. People are insane. They keep doing the same thing, over and over, expecting new and different results. Pretty simple, isn't it?

Re:

[cellocgw]

Albert Einstein explained it already. People are insane. They keep doing the same thing, over and over, expecting new and different results.

And yet, when it comes to procreation, ask any parent: every kid is radically different from the previous models. The insanity here is that us parents foolishly expect the next time around to be the *same* as previous results.

Re:

[Amorymeltzer]

Preventing the release of your own information? Identification by genotype is a very real privacy issue, but what happened here is NOT the fault of researchers. People seeking familial ancestry information, posted some genotype information online PUBLICLY, in the hopes of finding a relative (in this case, fathers, who can be traced by the Y chromosome). Since last names are roughly patrilineal, a simple genotype match cross-referenced with last names and location made it trivial. Are people to be preven

Re:

[stranger_to_himself]

Preventing the release of your own information? Identification by genotype is a very real privacy issue, but what happened here is NOT the fault of researchers. People seeking familial ancestry information, posted some genotype information online PUBLICLY, in the hopes of finding a relative (in this case, fathers, who can be traced by the Y chromosome).

It would have been enough for the subject's family to have posted the genealogy information - the subject may have known nothing about it. Still, you are right its not the fault of the researchers (as its impossible to fully anonymise a dataset while retaining its research usefulness).

Re:Another law

[Archangel Michael]

It isn't the fault of anyone. Identification is exactly that, itendification. To identify someone or something, we have to have identifiable information. That information HAS TO BE FREE in order for identification to work. Given enough information, it will always be easy to identify specific individuals with relative certanty. That is kind of the point of identification, isn't it?

There is no PRIVACY violation here. Also, privacy is an illusion. If you want privacy, go live off the grid in some cave all by yourself.

If you want to create a "crime" for this, how about creating a general statute that basically says, "any inappropriate use of identification of individuals, without their express concent, is illegal" and then define what constitutes "Inappropriate" separately in such a way that it creates clear guidelines that spans all forms of technology used to identify people.

Re:Another law

[Charliemopps]

The problem isn't what people, or business's do with this information. That's just annoying... The problem is what the government will do with it, and they will, of course, exempt themselves from any such laws.

Re:

[Archangel Michael]

Socialism requires government have this information. It is, IMHO, a violation of the Fourth Ammendment. But without a viable second ammendment, good luck protecting the rights enumerated under any of the others.

Re:

[TubeSteak]

Socialism requires government have this information.

1. Why does socialism require the government to have your DNA?
2. Is the lack of DNA the reason that previous attempts at socialism have been less than fully successful?

But without a viable second ammendment, good luck protecting the rights enumerated under any of the others.

Has the soap box or ballot box failed your country yet in 200+ years?
I'm not against gun rights, but I am against the mentality that only guns can protect your rights.

Re:

[Archangel Michael]

1) Socialism, reporting compliance to the authorities. The moment it becomes "beneficial" to have DNA on record by the government, it will be required. Already, we are required to provide government agencies proof that we have certain things like Vaccinations and TB tests. When it becomes clear that certain gene traits lead to pedophelia then DNA scanning will take place ... "for the children". Because it hasn't happened yet, doesn't mean it won't. The question is, how much "privacy" do you have when "safte

Re:

[Kjella]

There is no PRIVACY violation here. Also, privacy is an illusion. If you want privacy, go live off the grid in some cave all by yourself.

If you give someone private information on the premise that it can't be tied to your person and that turns out to be false, of course that is a violation of your privacy even if it's nobody's fault. Personally I like some of the benefits of privacy like democracy, can't have that without private voting. Privacy is no more an illusion than free speech or due process, it exists if you make it so. But just like countries where you have no free speech and no due process, you can have no privacy too. But I would

Re:

[Archangel Michael]

If you give someone "private" information, it isn't private anymore. That is the nature of privacy and information. Once you tell somebody something you are at their mercy to keep it to themselves. If you want to keep a secret, don't tell anyone

Re:

[WillAffleckUW]

If you give someone "private" information, it isn't private anymore. That is the nature of privacy and information. Once you tell somebody something you are at their mercy to keep it to themselves. If you want to keep a secret, don't tell anyone

I think you're failing to get the point.

The people involved signed legally enforceable consent forms which specifically mandate what data authorization and sharing are permitted.

The problem lies in the interpretation that release of bits of information did not violate these IRB approved contracts, when in fact, as a number of panels at scientific conferences had warned, they did violate these IRB approved contracts.

By the way, like your hair.

Re:

[Vellmont]

It isn't the fault of anyone....

Given enough information, it will always be easy to identify specific individuals with relative certainty.

The situation is avoidable because the research data included too much identifying information. How relevant is the persons age for instance? How relevant is the specific place of birth (City for instance vs region).

There's a way to publish the data with enough uncertainty about who the individual is to make identification impossible, or extremely unlikely. I don't kno

Re:

[pepty]

Still, you are right its not the fault of the researchers (as its impossible to fully anonymise a dataset while retaining its research usefulness).

For researchers the way forward is to restrict access to their data. Stored data is encrypted, email/FTP is encrypted. HIPAA enforcement and potentially being banned from access to clinical trial data (in the case of egregious carelessness) would be good motivators to maintain good IT practices.

On NPR they pointed out that while it is illegal to deny or charge more for health insurance based on genetic information it is perfectly legal to deny life insurance or long term care insurance on that basis. The

Bottom line

[Hentes]

Only donate your genome if you know that none of your relatives have done it.

Re:

[Charliemopps]

and if they do it in the future?

Really?

[Antipater]

You donated the sequence of information that is the inherent root of your entire unique identity...and you're mad that someone used it to discover your identity?

Re:

[Anonymous Coward]

Table record identified by primary key. News at 11.

And tomorrow: a special investigation of how related keys relate to related records.

Re:Really?

[interkin3tic]

I skimmed at least one of TFAs. Didn't see anything about any participant being mad about it. It did say something along the lines of "We told these people they'd be anonymous." So there is an important issue of informed consent here: the researchers were wrong when they were getting permission. Hopefully no lawyers hear about this.

It also points out that as a consequence, the data can't be distributed freely, since it could be traced back and used to discriminate against people whose only crime was trying to help science and having faulty genes.

So, no, this isn't a simple matter of "people getting mad," this is serious consequences.

Re:

[infinitelink]

It did say something along the lines of "We told these people they'd be anonymous." So there is an important issue of informed consent here: the researchers were wrong when they were getting permission. Hopefully no lawyers hear about this.

It'll only be a problem if the lawyers twist things as usual; if they didn't offer a 100% guarantee I'd say the lawyers should be toothless in society: substance over form, and propriety over vagueness, "anonymous" is only so until someone OUTS you.

Y-Chromosome is tied to your last name

[Anonymous Coward]

It's pretty simple: Because Y-Chromosomes pass from father to son unchanged, and because last names also tend to pass from father to son unchanged, the Y-Chromosome can be linked to your last name. If you've got DNA info about someone's Y-Chromosome and their last name (in this case people gave that info to genealogy databases but it could just as easily be a police DNA database) then you can probably identify the last name of anyone else who is a match for that Y-Chromosome.

Re:

[Coisiche]

Generally true, but I believe there's a significant incidence (about 10% is a figure I recall from somewhere) where the passed surname and Y-chromosone don't match.

Anyone got the accurate figure for that?

Re:

[MSojka]

Y-Chromosome tied to your surname? Even assuming your culture has surnames in the first place, that assumption is so wrong in its generality it hurts. Patrilineal naming convention is just one of many, and for example patrinomic (where your surname is derived from your father's name, as in "Jon Olafsson, son of Olaf Magnusson") is also often in use - for example in Iceland or many Muslim countries.

Insurance - Denied

[Maximum Prophet]

The Genetic Information Nondiscrimination Act makes illegal for health insurers to discriminate based on genetic testing but life insurance, disability insurance or long-term-care insurance companies can.
http://www.kaiserhealthnews.org/Daily-Reports/2013/January/18/genetic-testing.aspx [kaiserhealthnews.org]
Those companies might find it profitable to deny insurance because you have the same name as someone in a genetic database. If they can eliminate the few people that might get some rare disease, it might be better for them in spite of the few false positives.

Re:

[coyote_oww]

I have a genetic disease, and my RL last name is Brown. Good luck with that.

Re:

[coyote_oww]

Thinking further, would you have a case if insurers amalgamated data and determined that Browns where x% more or less likely to have some condition? in other words, you can't discriminate on the basis of genetic testing, but could you technically work out a system to bias rates based on surname, and if so, what would be it's legal position?

Re:

[Maximum Prophet]

That used to happen with mortgage companies. (There's a term for it, but I can't recall)

They couldn't discriminate based on ethnicity, but would exclude the parts of the city where certain people lived.

Of course, if we take this to it's illogical extreme, the insurance companies would go out of business if we could test exactly what diseases you'll get and when you will die. Insurance only works when there is uncertainty.

Re:

[Khashishi]

You can still have accident insurance. We can't test for that yet.

Re:

[nitehawk214]

You can still have accident insurance. We can't test for that yet.

What genes have we identified for the accident prone?

Re:

[Maximum Prophet]

There are probably enough Browns and Smiths that it probably doesn't matter. However, if your last name is rarer, and 66% of the people with the name have something like Huntington's, you might be denied long term coverage.

Re:

[pepty]

when you apply for disability or long term care insurance: "Thank you Mr/Ms. Brown for your application. Your last step is to submit a cheek swab for genetic analysis" No law against it right now.

Research to scare people about DNA privacy.

[A. Jamie Cuticchia]

As a fairly well-known geneticist, a study like this either, through direct dissemination or twisted discussion, is exactly what continues to worry people about giving DNA samples. I am also a lawyer and concerned about this in terms of any privacy rules which may have been violated. I am not against experiments of this type, so long as every subject knows exactly what they are getting self into. General consent forms for studies are expected to be written, in most cases, at a 5-year-old reading level - I

Re:

[ColdWetDog]

Wait. What?

Where'd the twitter thing come from? Have we been invaded? (Grabs tinfoil).

I hate birds.

What???

[jensend]

You mean if I give someone 800 megabytes of unique personally identifying information, they might be able to personally identify me?

Shocking!

Re:

[WillAffleckUW]

You mean if I give someone 800 megabytes of unique personally identifying information, they might be able to personally identify me?

Shocking!

Thanks for leaving your cup in the diner. I used the DNA on that to sequence your genome.

No harm, no foul, right?

By the way, you should get your liver checked.

Still worth it

[backslashdot]

All I can say is that given the advances possible, the slight loss of privacy is worth it .. So if you do have the chance to volunteer for something like this do it. It's likely more dangerous to have a Facebook account where you talk about or your friends talk about your ailments.

Rest assured

[ThatsNotPudding]

Both the data and procedures have been copied by the NSA and National Security Letters sent to all involved. Endless War means Endless Spy^H^H^H Vigilance.

Personal Genome Project blog post on this issue

[Slicebo]

George Church's "Personal Genome Project" has, from it's very beginning, acknowledged the possibility of this kind of exposure. In fact, you can't participate in the project without signing a consent form that makes this explicit. From their website:

http://blog.personalgenomes.org/2013/01/17/genome-re-identification-in-the-news/ [personalgenomes.org]

"Since its founding, the Personal Genome Project has only accepted participants who understand and acknowledge re-identification as a potential risk. This “open consent”

you may already have.

[slick7]

Did you ever really read the release forms signed immediately prior to surgery?

Resurrection of a sort?

[PacRim Jim]

Suppose that future humans decide to use historical genomes to reincarnate past humans. Would you want your body restored? If so, you'd better have your chromosomes sequenced.