èƵ

Genetic privacy attack could reveal DNA secrets from genealogy sites

Researchers say they have serious concerns about the genetic privacy of users of genetic genealogy services including MyHeritage, GEDMatch and FamilyTreeDNA
Researchers are concerned about genetic privacy
Researchers are concerned about genetic privacy
Terry Waller / Alamy Stock Photo

Attackers could reveal most of the genetic information for millions of people whose DNA is held on genetic genealogy databases by exploiting how the websites work.

Michael Edge and Graham Coop at the University of California, Davis, have described three different methods by which DNA data could be compromised. They have serious concerns about the genetic privacy for the more than 5 million users of genetic genealogy services including MyHeritage, GEDmatch, FamilyTreeDNA, LivingDNA and DNA.Land.

These database sites allow people who have had their DNA tested by companies such as 23andMe to upload their genetic data to help them find family members. If portions of their DNA have a strong match with others on the website, they can see a name or email address to contact them.

By manipulating this process, it could be used to reveal most of the genetic data of most people, say Edge and Coop. “It depends on the method and on the database, but is potentially quite a lot of [genetic] information,” says Edge.

However, the genetic genealogy firms that spoke to èƵ reject the suggestion that genetic privacy is at risk.

Edge and Coop warned the companies of vulnerabilities and suggested fixes 90 days before publishing a . While they tested the techniques on 872 publicly available genomes, they didn’t use them on any of the databases.

Gene data fishing

One attack involved uploading many real genetic data sets and monitoring for partial matches with short stretches of people’s genomes in the database.

A twist on that approach was uploading genetic data that is largely fake, apart from a genuine segment targeting a match for specific genetic variants linked to greater risk of certain conditions, such as Alzheimer’s.

A third way involved trying to trick algorithms by using completely faked data designed to match most people in the databases.

Tests returned more genetic data as the minimum matching segment length reduced. Using the first technique with the shortest segment length returned significant genetic data: about 60 per cent of an average person’s total alleles – their variants of a gene – could be recovered. “So we are in fact talking about most of the genetic information of most of the people in our database,” says Edge.

None of the techniques are very complex or difficult to implement, the pair say.

Attackers could end up with a list of names and email addresses associated with a large amount of unique genetic data, revealing much about the individuals’ ancestry and allowing predictions about genetic traits for certain conditions.  “For most traits, predictions made from genotypes are not very accurate, but it is quite possible that those predictions will improve with time,” says Edge.

Intrusion detection

Bradley Malin at Vanderbilt University in Tennessee says that even if people harvested only small amounts of data in comparison to the entire genome, that could be of interest. James Watson, co-discoverer of the structure of DNA, for example, thought to be key to Alzheimer’s risk.

For now, Malin says the risk is more one of principle than practice.  “There are many things that could go wrong, or limit an attack, say through some intrusion detection mechanism.”

Christi Guerrini at the Baylor College of Medicine in Texas says while the risks concern her, they need to be put in the context of other vulnerabilities, such as health information including genetic data being hacked.

“There are easier ways of compromising someone’s data,” says Debbie Kennett at University College London, who points out that there is no federal DNA theft law in the US, unlike in the UK.

Most of the database firms told èƵ they have measures in place to guard against attacks.

Yaniv Erlich at MyHeritage says: “As leaders in genetic privacy, we analysed their method and found that the risk for MyHeritage users is minimal.”

Curtis Rogers at GEDmatch says: “Most of these kits [uploads] would be filtered out before going on our database as being too irregular.”

David Nicholson at Living DNA says the firm: “Put in place numerous safe guards even before the article came out. We are confident that for the way we have our system setup what has been presented has limited impact.”

Paul Maier at FamilyTreeDNA says it employs measures that “effectively prevent the hypothetical problem” presented by the new research.

DNA.land did not respond to a request for comment.

Reference:

Topics: DNA / Genetics