What does it mean to own our genes?
Arvind Narayanan
Abstract:
Given that each of us shares genetic material with our blood relatives, to what extent can one expect to keep one's genetic information private? I will consider this question with respect to an attacker equipped with large-scale (albeit incomplete and "noisy") information about the blood relationships in a large population group, i.e, a genealogical graph. Given this kind of auxiliary information, it turns out that the availability of genotype information of a small fraction of individuals -- as little as 0.2%, in preliminary experiments -- is enough to cause the majority of the population to lose any hope of genetic privacy. I will describe a strong inference attack that allows the attacker to re-identify completely anonymous genetic material, such as pieces of hair collected en masse from public spaces without the consent or even the knowledge of the potential victims. There are many ongoing efforts aimed at aggregating genealogical data on a massive scale. As I will show, the compilation of the "world's family tree" is a matter of time. Further, there are several population groups for which enough auxiliary data is already available to leave them vulnerable to genetic re-identification. There is no purely technological fix to this attack. I will briefly present policy prescriptions that may delay ubiquitous genetic re-identifiability, and argue that genetic privacy norms must change to accommodate the new technological reality