DNA companies should be given the death penalty for hacking
Personal data is the new gold. The recent 23andMe data breach is a stark reminder of a chilling reality – our most intimate, personal information may not be as secure as we think. It’s a damning indictment of the sheer negligence of companies that, while profiting from our DNA, fail to protect it.
The 23andMe breach led to hackers gaining access to 6.9 million users’ personal information, including family trees, birth years and geographic locations. It brings up some important questions: Are companies really doing enough to protect our data? Should we trust them with our most personal information?
Companies promise to keep our data safe, but there are a few quirks here. Government overreach is certainly a possibility, as the FBI and every law enforcement agency in the world probably cringes at the thought of accessing such a massive DNA sequence data set. It could be a gold mine for every cold case from here to the south pole.
The argument “But if you haven’t done anything wrong, you have nothing to worry about!” only partially true, here: The problem is a consensus problem. At one point my father took a DNA test and found out he had a half-brother who is about to turn 80. It got an incredible family drama when they started digging into the history and discovered a whole bunch of potentially problematic family history.
The problem isn’t so much that my father chose to do this, it’s that I didn’t consent to being in a database, and that’s where things get stuck. I can envision a definite Black Mirror-like future where a family member is curious about their parentage, gets tested, and two weeks later, the FBI is knocking on the door of every person who shares 50% DNA with that person because they’re wanted for some kind of crime.
The audacity of 23andMe, and companies like it, is amazing. They position themselves as guardians of our genetic history, guardians of our ancestral past and possible medical future. But when the chips are down and our data is compromised, they hide behind the old “we weren’t hacked. it was the users old passwords” excuse.
This logic is the equivalent of a bank saying, “It’s not our fault your money was stolen. you should have had a better lock on your front door.’ It is unacceptable and a blatant disclaimer.
Companies dealing with such sensitive data should be held to the highest possible standards. We’re not just talking about credit card numbers or email addresses here. This is our DNA, the very blueprint of our existence. If anything should be considered “sacred” in the digital realm, surely this should be it?
The fact that the stolen data was touted as a list of people with backgrounds who have been victims of systemic discrimination in the past adds another troubling layer to this debacle. It highlights the potential for such data to be misused in the most obscene ways, including targeted attacks and discrimination.
The DNA testing industry needs to be strengthened. It must ensure that the security measures in place are not just adequate, but extraordinary. They should lead the way in cyber security, setting the example for all other industries to follow.
It’s not just about better passwords or two-factor authentication. This is a fundamental change in the way these companies view the data entrusted to them. It is about recognizing the deep responsibility they have, not only towards their customers, but also to society in general.
I am optimistic; Not even a little. I have long argued that after the Equifax breach, the company should have received the corporate equivalent of the death penalty. Instead, she was fined $700 million. I think it’s funny. Allowing a breach of this magnitude to even be possible, does it really matter if it happens? You don’t deserve to keep being friends. I think this is even more true for companies that deal with our DNA.
It’s time for 23andMe and the DNA testing industry as a whole to realize that they’re not just in the data business. They deal with people’s lives, their stories and their futures. It’s time they start treating our data with the respect and care it deserves.
