Genealogy site lets people create fake relative profiles with your DNA, study reveals
The rise of genealogy services such as 23andMe and Ancestry.com has brought DNA testing into homes across the United States — and the accompanying explosion of genetic data has helped law enforcement crack cold cases around the country.
But University of Washington experts have found that one of the most popular third-party genealogy databases — GEDmatch, which California authorities used to reopen the Golden State Killer case — leaves users’ sensitive genetic data vulnerable to compromise and impersonations.
“People think of genetic data as being personal — and it is. It’s literally part of their physical identity,” lead author Peter Ney, a postdoctoral researcher in the UW Paul G. Allen School of Computer Science & Engineering, said in a statement. “This makes the privacy of genetic data particularly important. You can change your credit card number but you can’t change your DNA.”
The study revealed that a malicious user could mine data on GEDmatch to approximate a user’s genetic makeup, and then use that information to create a profile that would appear to be a child or another relative, University of Washington researchers said in a Tuesday news release on their findings.
“When we have a new technology, whether it is smart automobiles or medical devices, we as a society start with ‘What can this do for us?’ Then we start looking at it from an adversarial perspective,” study co-author Tadayoshi Kohno, a professor in the Allen School, said in a statement. “Here we’re looking at this system and asking: ‘What are the privacy issues associated with sharing genetic data online?’”
GEDmatch changed its terms of service in May after backlash and privacy concerns about law enforcement use of the free, public database of genetic information, according to BuzzFeed News. NBC reports that GEDmatch has now “altered its terms of service to automatically exclude all members from law enforcement searches and left it to them to opt in.”
The researchers said they shared their findings with GEDmatch before publishing them, adding that GEDmatch said it “has been working to resolve these issues.”
“If GEDmatch users have concerns about the privacy of their genetic data, they have the option to delete it from the site,” Ney said. “The choice to share data is a personal decision, and users should be aware that there may be some risk whenever they share data. Security is a difficult problem for internet companies in every industry.”
The researchers said they carried out the study by making a research account on the platform and uploading “experimental genetic profiles that they created by mixing and matching genetic data from multiple databases of anonymous profiles.”
Researchers were able to ferret out the details of a target profile’s genetic makeup by comparing it to various test profiles.
“So basically, all the adversary needs to do is upload ... 20 profiles and then make 20 one-to-one comparisons to the target,” Ney said. “They could write a program that automatically makes these comparisons, downloads the data and returns the result. That would take 10 seconds.”
The researchers were even able to create a fake child profile for one of the experimental profiles.
“Because children receive half their DNA from each parent, the fake child’s profile had their DNA sequences half matching the parent profile,” the researchers said. “When the researchers did a one-to-one comparison of the two profiles, GEDmatch estimated a parent-child relationship.”
But fake relative profiles aren’t the only concern.
“Genetic information correlates to medical conditions and potentially other deeply personal traits,” co-author Luis Ceze, a professor in the Allen School, said in a statement. “Even in the age of oversharing information, this is most likely the kind of information one doesn’t want to share for legal, medical and mental health reasons. But as more genetic information goes digital, the risks increase.”
This story was originally published October 29, 2019 at 1:43 PM.
