杏吧原创

Privacy of hundreds of thousands of genetic volunteers may be at risk

A team was able to uncover a dog's DNA in a research database - and it could mean the privacy of people who volunteer for genetic studies is at risk
Blood samples
Researchers use large DNA databases to conduct genome-wide association studies
Bloomberg/Getty

The privacy of people who add their DNA to research databases may be vulnerable to hackers, who could exploit the information published in genome studies to identify an individual鈥檚 genetic code.

Genetics researchers are inadvertently publishing information that can theoretically be pieced together to identify someone鈥檚 DNA held in a research or commercial database, say Daphne Ezer at the Alan Turing Institute in London and her colleagues. Her team simulated how attackers could identify a person鈥檚 genetic code, and used this method to find a single dog鈥檚 genetic material in a DNA database.

Genome-wide association studies (GWAS) identify genes that听are associated with personal traits or disease. Researchers use large databases containing the DNA of hundreds of thousands of听people to conduct these studies and detect subtle DNA differences between participants.

Ezer鈥檚 team showed how, under some circumstances, a hacker could use the information about an individual鈥檚 traits published in GWAS to recover that person鈥檚 genetic information 鈥 known as a reconstruction attack.

鈥淵ou might even be able to identify an individual with just two studies performed on the same database, if a small number of people are included in one study but not another,鈥 says Ezer.听This could happen if, for example, some participants skip听a听survey question or join one听study later than the other, which Ezer鈥檚 team听describe as a听鈥減otentially common鈥 scenario.

In these cases, attackers can use algorithms to predict the genetic details of an individual in one of the studies by combining information from both. The team showed this is possible by finding the genetic information of a single dog in the Cornell Dog Genome database.

To protect volunteers鈥 genetic privacy when publishing the results of a study, the team suggests that researchers try scrambling the data to make it听noisier, or conceal some identifiable information.

Because the study involved dogs, we don鈥檛 know if a similar attack would identify people from听their genetic information. But if used with the technique that exposed a potential vulnerability in the genealogy testing website GEDMatch in October 2019, 鈥渋t听could potentially be used to听reveal the identities of individual听participants鈥, says David听Baranger, a neurogenetics researcher at the University of听Pittsburgh in Pennsylvania.

The UK Biobank, which holds听500,000 genomes in its听database, says researchers are听prohibited from trying to identify听a participant in this way. 鈥淲e are not aware of any such incident where this has occurred,鈥 says a spokesperson.

鈥淩esearchers treat the privacy of听participants in projects such as听the UK Biobank very seriously,鈥 says David Curtis at University College London.

bioRxiv

Topics: DNA / Genetics / Privacy