DNA hack could make medical privacy impossible

[InfoSec News <alerts () infosecnews org>]

http://www.csoonline.com/article/730015/dna-hack-could-make-medical-privacy-impossible

By Kevin Fogarty
CSO
March 11, 2013

It may now be possible for anyone, even if they follow rigorous privacy and 
anonymity practices, to be identified by DNA data from people they do not even 
know.

A paper published in January in the journal Science describes a process by 
which it's possible to identify by name the donors of DNA samples, even without 
any demographic or personal information. The technique was developed by a team 
of geneticists at MIT's Whitehead Institute for Biomedical Research and is 
intended to demonstrate that science and technology have surpassed the 
techniques and laws currently in place for safeguarding private medical data, 
according to Yaniv Erlich, a fellow at Whitehead and member of the research 
team.

The point was not to reveal private information, but to demonstrate a systemic 
weakness that will require research, debate and new laws and technology to 
overcome, Erlich says. The technique relies on the custom of passing family 
names down through the fathers family. By statistically modeling the 
distribution of family names, the researchers were able to narrow the list of 
possible contributors of DNA samples. They then pinpointed individuals using a 
range of other publicly available sources, none of which were directly 
connected to the original donors and none of which included protected personal 
data.

[...]


______________________________________________
Attend #HITB2013AMS April 8th - 11th in Amsterdam.
Featuring over 42 international speakers and keynotes
by Bob Lord and Edward Schwartz http://conference.hitb.org