App used 23andMe's DNA database to block people from sites based on race and gender http://www.fastcompany.com/3048980/fast-feed/app-used-23andmes-dna-database-to-block-people-from-sites-based-on-race-and-gender by @pavsmo via @FastCompany

App Used 23andMe's DNA Database To Block People From Sites Based On Race And Gender

A coder used 23andMe's open API to create a program that can discriminate against people online, based on their DNA.

By

The future imagined by the 1997 sci-fi film Gattaca may come to pass sooner than we think. This week, personal genetics company 23andMe discovered that a programmer had used its open API to create a screening mechanism for websites—which could effectively block people by race, sex, and ancestry.

Dubbed Genetic Access Control, the program—which was posted to GitHub on Monday—would act as a login for sites and scan the genetic information of 23andMe users who make their data available, much like how websites currently request access to your Facebook profile prior to entry. The coder in question cited a few "possible uses" for Genetic Access Control, ranging from "Groups defined by ethnic background, e.g. Black Panthers or NAACP members," to "Safer online dating sites that only partner people with a low likelihood of offspring with two recessive genes for congenital diseases."

In other words, you may not qualify to enter websites that use this program, depending on your family history:

Screenshots: via Github

23andMe took swift action, blocking the programmer's access to its API on Wednesday. (Only three people used the application before 23andMe stepped in, PR director Catherine Afarian told Fast Company.) According to BuzzFeed News, Genetic Access Control was at odds with 23andMe's API policy, which explicitly prohibits exploiting the platform to build "hate materials or materials urging acts of terrorism or violence."

In a statement to Fast Company, 23andMe explained how it exercises control over apps created by developers, despite its open API:

This app clearly violates our API policy. We've shut down the application and this developer no longer has access to our API.

Our API is open for anyone to create a set of development and testing keys which are limited to 20 users.

Once an app is built the developer has to request broader permissions from us and their app goes through our review process.

We monitor the activity of all of our developers and have a specific review process in place before an app is approved and broader use is permitted.

23andMe further emphasized that people can decline to make their genetic data available to apps that use the 23andMe API: "Like any app, individuals have to actively consent to allow the app permission to reference their 23andMe account information before the app can be used."

Still, it appears that due to the nature of its platform, 23andMe does not have preemptive measures in place, aside from the guidelines set forth by its API policy. A review process works at the moment, but as genetic testing becomes increasingly personalized, and as more people use the services provided by companies like 23andMe, it's safe to say that DNA information will be far more accessible—and there's no telling whether other companies will have the same outlook as 23andMe.

[via BuzzFeed News]

[Photo: courtesy of 23andMe]

Add New Comment

3 Comments

  • I appreciate you highlighting this Pavithra. As a security researcher who also happens to have a keen interest in the medical ethics of DTC genetic testing, I see several issues raised by this incident. Some forms of genetic discrimination are illegal under the Genetic Information Nondiscrimination Act of 2007 (GINA, see www.ginahelp.org). But others are an evolving field of privacy and ethics. Personally, I am a big fan of 23andMe and have advocated "hacking" its results for hemochromatosis testing (http://celticcurse.org/hemochromatosis-hfe-gene-test-23andme-c282y-h63d-s65c). This is not an API hack but a way of getting data out of results during the FDA ban.

    Stephen Cobb
  • Fernando Ardenghi

    these potential confounds by adopting a within-subject design in which women's mate preferences were assessed before and after they began taking the pill. Women starting the pill showed a significant preference shift towards MHC SIMILARITY compared with three months before the pill was taken, a shift that was not observed in the control group of normally cycling women."

    Please remember personality = temperament + character Personality is composed of two basic types of traits: traits that an individual acquires, dimensions of character; and traits with biological underpinnings, dimensions of temperament (Cloninger 1987)

    The key to long-lasting romance is STRICT PERSONALITY SIMILARITY.
  • Fernando Ardenghi

    Genetic Matchmaking is mainly based on the T_shirt Experiment that only proved: normally cycling women (not pregnant and not taking contraceptive pills) are (temporarily) attracted by the perspiration scent of clothes used by men with a Major Histocompatibility Complex MHC more dissimilar to theirs, and not proved: women attracted by those men for long term mating with commitment. and 2 Scientific Papers debunk their claims. 1) "Human oestrus" Gangestad & Thornhill (2008) "Only short-term but not long-term partner preferences tend to vary with the menstrual cycle"

    2) "Does the contraceptive pill alter mate choice in humans?" Alvergne & Lummaa (2009) ".. whereas normally cycling women express a preference for MHC (Major Histocompatibility Complex) dissimilarity in mates, pill users prefer odours of MHC-SIMILAR men, indicating that pill use might eliminate adaptive preferences for genetic dissimilarity." ................ "...., Roberts et al. attempted to eliminate these potential confo