App Used 23andMe’s DNA Database To Block People From Sites Based On Race And Gender

A coder used 23andMe’s open API to create a program that can discriminate against people online, based on their DNA.

App Used 23andMe’s DNA Database To Block People From Sites Based On Race And Gender
[Photo: courtesy of 23andMe]

The future imagined by the 1997 sci-fi film Gattaca may come to pass sooner than we think. This week, personal genetics company 23andMe discovered that a programmer had used its open API to create a screening mechanism for websites–which could effectively block people by race, sex, and ancestry.


Dubbed Genetic Access Control, the program–which was posted to GitHub on Monday–would act as a login for sites and scan the genetic information of 23andMe users who make their data available, much like how websites currently request access to your Facebook profile prior to entry. The coder in question cited a few “possible uses” for Genetic Access Control, ranging from “Groups defined by ethnic background, e.g. Black Panthers or NAACP members,” to “Safer online dating sites that only partner people with a low likelihood of offspring with two recessive genes for congenital diseases.”

In other words, you may not qualify to enter websites that use this program, depending on your family history:

Screenshots: via Github

23andMe took swift action, blocking the programmer’s access to its API on Wednesday. (Only three people used the application before 23andMe stepped in, PR director Catherine Afarian told Fast Company.) According to BuzzFeed News, Genetic Access Control was at odds with 23andMe’s API policy, which explicitly prohibits exploiting the platform to build “hate materials or materials urging acts of terrorism or violence.”

In a statement to Fast Company, 23andMe explained how it exercises control over apps created by developers, despite its open API:

This app clearly violates our API policy. We’ve shut down the application and this developer no longer has access to our API.

Our API is open for anyone to create a set of development and testing keys which are limited to 20 users.

Once an app is built the developer has to request broader permissions from us and their app goes through our review process.

We monitor the activity of all of our developers and have a specific review process in place before an app is approved and broader use is permitted.

23andMe further emphasized that people can decline to make their genetic data available to apps that use the 23andMe API: “Like any app, individuals have to actively consent to allow the app permission to reference their 23andMe account information before the app can be used.”

Still, it appears that due to the nature of its platform, 23andMe does not have preemptive measures in place, aside from the guidelines set forth by its API policy. A review process works at the moment, but as genetic testing becomes increasingly personalized, and as more people use the services provided by companies like 23andMe, it’s safe to say that DNA information will be far more accessible–and there’s no telling whether other companies will have the same outlook as 23andMe.


About the author

Pavithra Mohan is an assistant editor for Fast Company Digital. Her writing has previously been featured in Gizmodo and Popular Science magazine.