Recently, I have been taking a class that discusses genetics and anthropology. As part of this class, we have discussed ethical considerations surrounding genetic data and privacy. As a person interested in security, I found many interesting topics to consider. I wish to plainly diagram and express my views, as much of what is stated is off straight vibes. If you take issue with any claims, I would love to talk about them further :^).
The Issue With Privacy Ethics #
Ethically, privacy is a difficult standard to uphold, especially when faced with the “greater good” argument. For example, if breakthroughs in medical and genetic sciences could detect and alter the likelihood for a person to succumb to and spread a transmittable disease, such as COVID-19, I find it highly likely a mandate or social pressure would force people to overturning their stances on personal privacy and compel them to publicly share their genetic data for the sake of upholding public health. However, this dogmatic stance can be easily generalized to any scenario and gives no clear bounds of where “the line” is drawn, defaulting to there not being a line at all.
The Cautionary Tale of Tornado Cash #
Take the ethically ambiguous case of Tornado Cash. Tornado Cash was an Ethereum mixer that preserved the private and anonymous ethos that blockchain technologies were founded on by jumbling together large batches of Ethereum transactions such that it would be (nearly) impossible to tell who the original sender and recipient of a transaction was. At face value, this technology seems like a decentralized ideological savior, however, Tornado Cash was abused by cybercriminals, drowning out benign and legitimate users of this service. This resulted in various governmental bodies sanctioning Tornado Cash, grinding the service to a halt. In turn, this sparked a serious debate over the ethicality of privacy preserving technologies. There are valid use cases in which a user would want to hide their transaction details, take a person’s salary paid in ETH. Yet, in practice, Tornado Cash was used to launder $7 billion into the hands of cybercriminals and over $455 million into the pockets of Mr. Kim Jong and the Lazarus Group. Consequently, in order to protect the “greater good”, Tornado Cash was shuttered and privacy was again, placed on the back burner.
The Fallout #
After the dismantling of Tornado Cash and the sanctioning of its founders, there has been a sore lack of privacy focused startups in the once idealistic blockchain community, repeatedly discounting the need for privacy as a justification for the greater good. However, this justification for a lack of privacy is commonly used by predatory, authoritarian figures that wish to collect ownership of any aspect of a person’s life. Without privacy or personally owned and protected data, a person cannot have total autonomy over their life and actions. If a controlling figure such as a company, organization, or government has access to a person’s genome and sequentially, every detail about a person, they are able to make and justify rules based off of the genetic data received, without the consent of that person. Consider, a health care company who digests all possible genetic and medical data regarding a patient. This company could plausibly deny a patient coverage due to their genome without the consultation or input of that person, justifying their decision with the data in the genome, rather than the consent of the individual. This process would likely be cheap and painless for the company as it removes pesky consultations from the individual, effectively neutering the agency of that person. Furthermore, one can imagine a dystopian government that places its citizens in a societal role based on their genome. One could have genetic traits associated without the consent of the governed. Although this example is merely a thought experiment, it is used as the basis to indicate that the proliferation of genetic data can be used as a justification to remove the due process of personal autonomy. Ultimately, privacy is necessary for the control over, and ownership of, information regarding oneself. When that information is made public, they cannot determine what is done with it.
Why Does The Genome Matter? #
Further this problem is compounded with the question of “What could someone even do with your genome? How would this really affect you?”. Although there are currently lacking common and easily exploited attack paths, this trend continues where data is stockpiled and then used at once when an attack is made common. For example, we are seeing an epidemic of password attacks in the world of cybersecurity. Previous breaches, reaching back years to decades are still affecting users. In the past, this issue was overlooked under the lens of “Well so what, just change your password and you’ll be fine”. However, abuse persists at the data gleaned in a given incident has continued effects for years to come. In addition, current computers are unable to crack cryptographic devices called “public keys”. However, it is estimated, with the introduction of exponentially faster computational devices such as quantum computers, algorithms that previously were too mathematically complex to brute force will become trivial. Therefore, many adversarial groups and organizations, such as world government cyber operation teams, are stockpiling these secrets and racing to unveil powerful crypto cracking machines, demonstrating the notion of hoarding potentially useful information with the goal of unleashing it in an attack at a later date. Similar to our personal genomes, there are not exceedingly clear methods of attack, yet, history has shown that compulsory divulgence of personal information is routinely compiled and exploited if not immediately, then down the line when attacks get easier.
The Future Prevalence of Genetic Data #
I find it highly likely that everyone will have their genetic (and all) information in a database, at least available to the government or another sufficiently large organization, if not publicly available. As previously stated, privacy is commonly a value people tend to rate highly but will be willingly exchanged for convenience or security. As seen in the ease of use of data harvesting (but free!) applications such as YouTube, Gmail, or Tik Tok, people cannot resist the benefit of using a service even though it is well known their personal information is mined, sold, analyzed, and profited from like an infinite source of corporate and advertising gold. This trend is highly likely to continue with genetic information. If a government or service does not outright mandate genetic information is handed over, an individual will cave to external pressures and willingly hand this information over. In addition, this data never “goes away”. Previously private (and now public) data is floating all over the internet. Private data tends to get breached over time and once it transfers from a “trusted” and “compliant” caretaker (the company that harvested it) and into the hands of the open internet, it will stay on forums and data wells until the end of the internet. Again, this trend can be seen through the aggregation of password data all over the internet. Once a company gets breached, this information trades hands dozens of times, and floats in the open ocean of data until someone wishes to use it for their own gain. This trend is inevitable for genetic information. Once 23andMe mishandles their data once, or gets hacked once, or an Ancestry.com employee goes rogue once, or someone has one bad day, it could mean the entire well of genetic information gets spread to the internet until the end of time.
Moving Forward #
In light of these considerations, it’s imperative we foster a culture that prioritizes the safeguarding of our genetic data with the same zeal as we protect our social security numbers or banking information. The stakes are uniquely high: once genetic data is exposed, it’s not just our privacy that’s compromised but potentially our health, insurability, and even our very identities. This isn’t merely an issue for the individual but a societal concern that demands collective action and robust legal frameworks. As technology evolves, so too should our understanding and legislation regarding genetic privacy. I encourage everyone to engage in this conversation, advocate for stronger protections, and consider the implications of sharing genetic information, not just for ourselves but for future generations. Let’s not wait until our genetic data becomes the currency of the internet age; the time to act and protect our genetic heritage is now. Your voice and actions can contribute to shaping a future where privacy and progress coexist harmoniously. If my perspectives provoke any thoughts, disagreements, or questions, I welcome the dialogue. Together, we can navigate the complexities of genetic data privacy and forge a path that respects both individual rights and the collective good.
Hopefully my ramblings have been interesting to you in some way. If so, please reach out, I would love to hear what you have to say :)
– Josh