Why You Should Use Asymmetric Encryption to Protect DNA Results

Getting your DNA tested is all the rage with more than 12 million people in the United States sending in swabs of genetic material to be analyzed in 2017. Genetic testing is a booming business-to-consumer enterprise (a $117 million market in 2017) that brings previously out-of-reach technology to people interested in their ancestry and potential hereditary health issues, all at a reasonable price.

But the testing often comes with another cost, one that far outlasts the credit card charge. I recently wrote about the ways Instagram, a Facebook company, allows researchers to harvest hashtags and photos related to depression and other mental health issues. And how that data could be used to serve ads for medications or other types of mental health treatments.

Consumer DNA testing falls into a similar, somewhat murky area.

Once the data is out of your hands, who has a right—besides you—to use it in the future? And how will it be used? By advertisers or law enforcement? Take, for example, the case of the Golden State Killer. This is a high-profile example of using DNA information housed at an open-source genealogical testing outfit to make an arrest. In this instance, authorities initially used DNA from a relative to eventually track down the alleged killer; authorities then gathered the alleged killer’s DNA and matched it to evidence found at the scenes of several crimes. While this DNA match was made through an open-source organization, law enforcement can subpoena the genetic information, as well.

So, when you have your DNA tested to find out about your ancestry, you’re likely not thinking how it may be used by third parties for research or advertising. With social media sites, we implicitly acknowledge that through the use of the platforms, the companies will use at least some of our data to serve us personalized ads. With DNA testing, however, I don’t believe that same tacit agreement or understanding is made with the companies providing the service.

Asymmetric cryptography and the blockchain could help secure user data and make it accessible only to the person providing the sample to the personal genetic testing companies.

Getting Past the Fine Print 

Some DNA testing companies have Draconian user agreements, which make it difficult for consumers to remain in control of the data rendered from the DNA. Some DNA vendors offer the use of de-identified customer DNA, only with the permission of the customer, to various research outfits. The issue here is that even de-identified data—if someone has enough of it—can lead directly to a real person. Way back in 2013, a researcher was able to divine the names of several people who had given up their DNA and track down their families, just by using the DNA data, Google and a genealogy website. Imagine, with current technology, how easy this would be today.

The issue for consumers is ensuring your DNA remains your DNA.

Asymmetric Cryptography Could Provide DNA Testing Security

There’s lots of talk about how the blockchain is used as part of the effort to mine cryptocurrency or to ensure the supply chain for food and other commodities stay safe.

Utilizing the distributed database foundation of the blockchain, and, specifically, a feature called asymmetric cryptography, may be one way of partially securing DNA data. So what is encryption? In this case, our encryption definition focuses on asymmetric cryptography, also known as public key cryptography, which has a fancy name, but is simple enough to understand. To use it, there must be two “keys,” one public and one private, both of which consist of long strings of numbers, letters and symbols. It’s a password.

Asymmetric cryptography is akin to the way your employer deposits a paycheck: you and your employer can deposit money; only you can see how much is in the account and take it out.

The DNA testing organization and the consumer each would share the public key, which only allows encrypted information to be added. The private key is one you alone hold; this key allows only the person who holds the code to decrypt and remove information.

Consumers who take advantage of genetic testing need security and safety in all aspects of their online data, especially when it comes to highly-sensitive personal information.

So rather than DNA testing firms storing genetic data on their servers, they and their customers would utilize blockchain’s distributed database to keep the information in hands of those who actually own it. (The operational aspects of the database would need to be worked out, of course.) From there, we could decide how much, if any, data we want to share with researchers, advertisers or anyone else.
Blog Comments

Blog post currently doesn't have any comments.
 Security code

TriZetto Provider Solutions® Powered by Cognizant

We help physicians, hospitals and health systems simplify business processes and get accurate payments quickly. We will always look for new ways to help you improve revenue and increase cash flow. We will stay ahead of regulatory changes so your office will never struggle to keep up. All so you can focus on the one thing that really matters: doing what is best for your patients.

Learn More