Hacker News new | past | comments | ask | show | jobs | submit login
23andMe Is Terrifying, But Not for the Reasons the FDA Thinks (scientificamerican.com)
115 points by hepha1979 on Nov 27, 2013 | hide | past | web | favorite | 109 comments

If my fear was that an organization holding genetic data was going to break policies and law against my interests, I'd be at least as concerned about the State of California (and other states). Every state (by federal law since 1963) screens almost every newborn baby, via a blood test, for genetic diseases:


California retains the residual blood spots for followup studies, apparently indefinitely – see the section "Storage and Use of Dried Blood Spots":


California currently screens for 79 disorders:


And, results lookup long afterward by disorder is possible, since there's a routine, by-email procedure for checking the sickle-cell status of NCAA athletes:


The policies for the data and the retained sample are described by the 'babysfirsttest' site above as allowing use "for medical intervention, counseling or specific research projects which the California Board of Health approves" and "anonymous research studies". Those sound about equivalent to the 23andMe policy... and at a similar risk of reinterpretation or rule-bending if organizational priorities or technology change.

Look I know that much of HN has a libertarian and pro-corporation bias. But, I think the article is pretty specific about the profit motive being cause for concern.

The California Board of Health reports, however indirectly, to the taxpayers. This accountability, however insignificant you may perceive it, is simply absent from 23andMe.

To summarize your comparison:

- 23andMe collects genomes to please their VC and Wall Street investors.

- The CA government collects genomes to please the taxpayers.

Be honest, and forget your bank account: who do you really trust more?

I do trust the profit motive of a small company, bound by various contracts and laws, public perception, and their own need for future customers to voluntarily opt-in, moreso than the state's shifting policies, pandering to the different fears of various eras.

Even where the profit motive can lead to abuses, those abuses pale in comparison to the history of even very good governments. California is one of the most accountable governments in the world, but in the memory of its living residents has imposed both forced internment of its citizens by their ethnicity (WW2) and forced sterilization (until 1963).

What future crime or health scares could lead to the repurposing of this broadly-collected state data? (It's quite hard to opt-out of this collection, whereas it's costly to opt-in to 23andMe's program.) And if state-repurposing happens, those who implement the change, perhaps including for-profit companies in partnership with the state, can be insulated from accountability, because when the state decides to do it, it is 'legal'.

Perhaps you assign those scenarios much lower probability than the more common and mundane privacy abuses of profit-seeking sleazeballs. OK, fine. Still, the magnitude of damage the state can do, with its powers of compulsion and confiscation, is much larger. Fewer events, yes, but much worse when they happen.

So if you're 'terrified' by the chance 23andMe might misuse voluntarily-offered genetic materials, against their own policies, state law, and customer preferences, you ought to reserve at least some fear as well for the danger from the much larger cache of genetic data, collected without explicit consent, already in the hands of an institution that – when it occasionally misfires – does more damage than any single company can.

"I do trust the profit motive of a small company" - Oh, you mean that small company with nearly $100MM in funding, as well as $80MM in revenues?

"bound by laws" - like the laws and regulations enforced by the FDA?

Really. You trust "profit motives". How adorable. But yet you couldn't find space above to relate for us all the charmingly ethical conduct of companies "bound by various contracts and laws, public perception, and their own needs for future customers"...companies like Union Carbide, Monsanto, Enron, Kerr-McGee, British Petroleum, Halliburton, FlowTex, Bayer etc etc ad infinitum.

No thanks. 23andMe is yet another group of shady, for-profit slimeballs making money off people's fears, called out by the FDA for the same kind of arrogant adolescent libertarian horseshit that gave us Vioxx.

And yeah, most of us actually prefer to deal with the "state's shifting policies" - you remember...the policies we vote on.

Right, and the State has never violated our trust either.

Nobody should trust any corporation OR government agency blindly. Duh.

But to suggest that corporations are somehow inherently less trustworthy that the government is just... silly. And unsubstantiated.

It doesn't really matter who is collecting. It's the aggregation and storage that is the root problem - because sooner or later that data will get into all the sufficiently determined wrong hands. If the NSA can't secure data or even know what has got out, California or 23andMe or Google have no chance.

The problem we have is that it is now easier to collect everything than to be selective and this represents a huge risk to security down the line in all kinds of ways. You could say our data footprints have become a form of pollution. To mitigate we need to flip it and make non-collection the default - e.g. introduce strict regulations around destroying non-critical information with a very high bar for even temporary storage and anonymisation wherever possible.

But there are potentially immense health benefits from having the testing done, having it available for on-line consultation (by the individual and her chosen advisors), and continuing to re-test in greater resolution as technology advances.

Do we just forgo all those benefits because of the risk of abuse or data compromise, by any entity anywhere down the line?

Or do we try to figure out the right checks, both in practices and law, to maximize the benefit and minimize the risks? I'm for that iterative discovery of the right balance. And, I think a for-profit company operating under the microscope of consumer/journalist/regulator scrutiny is more likely to find the optimal tradeoffs than a compulsory state collection program, or other solely bureaucratic and legislative processes.

You have the right idea. It's important to remember what we'd want if we didn't have any concerns about power abuse. In a perfect world, anyone would be excited that some of the world's best scientists were studying the secrets of their body and would soon be able to offer them opportunities to take control of their health and ageing rather than leaving it to chance. Even better if an enormous sample was pooled for study. This is the only realistic way to move toward a complete understanding of how our bodies work.

There are real potential abuses of privacy, but we shouldn't let those scare us into failing to progress. The fact is, you leave your genetic information everywhere you go. If any restaurant wanted to get into the DNA collection business, they would never run out of material. In the near future, I wouldn't be surprised if some people argued that any genetic material left at their business was their rightful property, and since you made no effort to hide the fact that you were eating off that particular fork, they shouldn't have to avert their eyes from your DNA or deny its association with you. Perhaps on your next visit to any chain restaurant, they could suggest a menu more appropriate to your specific health needs.

I feel you are both missing the point that the kind of abuse we are opening ourselves up to inevitably includes catastrophic abuse as well as everyday injustices. Two examples that spring easily to mind - jury nobbling by organised crime, market manipulation by foreign powers. This is the job of government, legislation, and society, and is not within the remit of private corporations or something that can be left to a theory of market self-regulation. The example that a restaurant left to its own devices could get into collecting data so easily underlines that this needs legislative teeth.

You're right about the potential abuses. However, the only reason we have any kind of biological privacy is because the stuff we leave everywhere is too small for most people to notice. But we are not clean animals. We shed everywhere. I don't think biological privacy in the long term is a realistic goal unless we're willing to make full-body plastic suits fashionable.

More to the point, it's absolutely necessary to research this stuff. The more samples we can get out there, by whatever means necessary, the better. This kind of research will absolutely save lives, and in no small portion.

It's good to keep the security implications in perspective. However, if privacy concerns held back or halted basic research on biology, they would do more damage from voluntary and legislative protections than they are capable of doing by creating advertising profiles.

Counterfeiting money is an example of something which is relatively easy but can be hugely damaging if done on a large scale - we try to make it harder for the casual counterfeiter but mostly we rely on draconian penalties around it precisely for this reason.

There is also an important cultural aspect that makes certain behaviours abhorrent/unacceptable that would need to be tapped into.

Research is a legitimate and beneficial activity that you would therefore expect to be licensed and controlled.

Is it reasonable to say that a government is more accountable to taxpayers than a company is to customers? If I am displeased with the policies of KillBrownPeopleOnTheOtherSideOfTheWorldCorp or TheKidnapPeopleWhoGrowFungusesCompany, I can just decide not to purchase their services. The process available in government is that I can vote to replace the person who oversees the policies, which will remain unchanged.

23andMe. I don't have to give them my genome if I don't trust them.

As the article rightly notes: "...every one of your relatives who spits in a 23andMe vial is giving the company a not-inconsiderable bit of your own genetic information to the company along with their own. If you have several close relatives who are already in 23andMe’s database, the company already essentially has all that it needs to know about you."

The FDA's regulation doesn't stop that or have anything to do with that. I fail to see the problem with 23andMe. They provide testing for people who want to pay for it.

FUD about building a massive database is kind of hard to take seriously when the NSA watches everything and the US government already builds DNA databases.

IMO both of you have good points.

I would expect 23andMe to be doing some shady Facebook-esqe bullshit because of the profit motive and that is why I have never used them even though I am curious. I expect the state to be doing some shady Facebook-esqe bullshit because of "terrists" but I didn't have the option to not.

So I can both be "at least as concerned about the State of California" and also be 100% against sending a swab to 23andMe. I trust neither more but with one of them I have control over their collection of my DNA.

Moreover, if I understand the situation correctly, states aren't outright sequencing and compiling the full genome from each of those spots - instead, the blood spots themselves are being saved. That will make it signicantly harder to access and misuse the genetic data contained therein. 23andMe, on the other hand, has that data in a much much more accessible and centralized form, though it too doesn't fully sequence it. Yet.

That's a big part of what makes it more dangerous than what the states are doing, I believe.

When a baby is born in CA, do the parents have a choice, as to whether or not the blood sample is collected?

My understanding, from the 2nd link I included and other sources, is that parents can opt-out if they are insistent beforehand, and claim a religious exemption in writing. But they aren't specifically informed and asked before the blood sample is taken.

I was excited about 23andMe, but I decided against it solely for this reason. You can change your passwords, but you can't change your genetics. Whether it's the mundane and real concern of invalidated health insurance claims, or the far-flung hypothetical concerns (future clandestine organizations developing individually targeted assassination viruses), giving away one's genetic code involves too much risk and moral hazard.

(It's a shame, too. I badly want my full ATGC sequence to be a zip file on my hard drive.)

Clarification: while 23andMe could fully sequence your genome using the sample you provide (which I assume they bank...), that's not what they actually do currently - your DNA is instead chopped up into short segments and run on an Illumina SNP genotyping microarray (to obtain variant calls at thousands of genomic loci found to be relevant in various association studies).

Your DNA is never actually fully sequenced, because that is currently too cost prohibitive...

> Clarification: while 23andMe could fully sequence your genome using the sample you provide (which I assume they bank...)

I'm not sure they bank it. They offer an upgrade that includes more tests, but to take advantage of it you have to send a new sample. An upgrade that did not require sending a new sample would surely have a much higher conversion rate, so I'd expect they would offer that if it were feasible.

That's interesting. I just assumed that they would, since DNA is pretty stable once extracted and storing nano or micro liters of materials, even at -80C, shouldn't be too expensive considering the upside.

They require a good amount of spit, in order to ensure that they get enough DNA from each sample. It's quite likely that they're not left with much afterwards, and for many of their samples there may be nothing left at all. Banking the DNA is a whole other hassle. Banking the 500,000 samples that they've done so far would require quite a bit of freezer space.

Also, based on their recent statements, it seems that 23andMe doesn't actually do any of the lab work, they contract out to a lab partner. Based on the amount of capital they've raised, I would have assumed that they did everything in house. Anybody know more about this?

"Banking the 500,000 samples that they've done so far would require quite a bit of freezer space."

Maybe one or two -70 freezers full of eppendorf tubes. It's not a significant cost.

I'd never calculated the density of eppendorf tubes before, but it looks like they would fit in 3 cubic meters. Needless to say the freezers I've used have not been nearly that well packed.

My understanding was that the reason they require "a good amount of spit" was actually so that you couldn't steal someone else's saliva and submit it for testing.

I'm 98% sure that when I signed up it was presented as a choice: "Do you want us to bank your DNA for free?". I signed up after they changed SNP arrays (I think it was v2 -> v3 that the above poster is referencing offered upgraded reporting). I'm not sure if the banking was only implemented post v3, or if they had some other reason to re-collect spit despite having some DNA banked.

Your DNA is never actually fully sequenced, because that is currently too cost prohibitive

Q> Does anyone know the actual/current pricepoint for this?

Currently about $3,000 and falling.

See http://www.genome.gov/images/content/cost_per_genome_apr.jpg

Not quite... that it the raw sequencing cost and doesn't cover the prep work required, or likely the computational resources required for processing. It is actually almost to the point where the computational costs are more than the costs of raw sequencing.

And, for the places where you can get a $3K genome sequenced, it isn't likely that they will service outside (non-research) customers.


The page cites only 69 people so far had it fully sequenced, and it cost about $100k a few years ago

That figure is only for publicly available sequences. The cost is now under $5k, and I'm sure thousands, if not tens of thousands, have had it done. (Including me!)

Custom-made virus would probably cost millions for an uncertain result (delivering a virus into your bloodstream would require some work). A drug-addicted thug with a lead pipe would probably not even get the cost into four figures. I think your priorities are misplaced. Unless you are protected on a presidential level, if somebody decides to assassinate you the simplest plan would probably be the most effective one.

I've read too many cyber-punk novels, I know. :)

I'm more thinking along the lines of what may or may not be possible in 30-40 years, and even then it's an admittedly extreme example.

I'd really like to see some better analysis of that. The ACA has made the first point mostly moot in the US (as it already is in most of the developed world), and... let's just say that I'm willing to take my chances with the "assassination virus" thing.

Seriously, what's the real danger here? I just don't see much. I paid 23AndMe and was generally pretty amused (and sadly unsurprised; not much of anything interesting turned up in my profile).

My examples are endpoints on a spectrum. The core point is that while risks are low now, giving up one's genetic data is a one-way decision that can never be undone. It's a gamble, considering the unknown unknowns of both technology and future public policy.

I suppose in the case of future clandestine organizations developing individually targeted assassination viruses, they would be able to obtain their own sample from the individual.

What I don't understand is: People use 1Password etc to generate arbitrarily secure passwords for Facebook but agree on sending their DNA password (even though its 1B chars) on a postcard to a company (with unknown security credentials and intentions) just to know that they are 29% east-european and probably sleep better at night. Sigh...

Unless you go to extraordinary effort to keep your DNA confined, you almost certainly leave samples in publicly accessible places hundreds of times a year.

It's not a question to keep my DNA confined, but rather making it random. If somebody wants to track my DNA, yes they can do that - here in Switzerland, far away - but I wont send it to them on a silver plate.

There's a difference between leaving a door unlocked vs. mailing a stranger the key.

How long do those samples last?

DNA lasts a long time. Just watch any one hour crime drama. :)

Actually, it could last an arbitrarily long time if it wasn't exposed to UV or cleaned up. The hard part would be distinguishing your random DNA from that of everyone else.

'Sound paranoid? Consider the case of Google. (One of the founders of 23andMe, Anne Wojcicki, is presently married to Sergei Brin, the founder of Google.)'

That's where the article lost me …

Sure, that was an awkward transition, but you gave up too early. One paragraph later justifies this:

"What the search engine is to Google, the Personal Genome Service is to 23andMe. The company is not exactly hiding its ambitions. “The long game here is not to make money selling kits, although the kits are essential to get the base level data,” Patrick Chung, a 23andMe board member, told FastCompany last month. “Once you have the data, [the company] does actually become the Google of personalized health care.”

Basically all we know in medical science, which we all benefit from, is based on health data collected from other indivivuals, often (and preferably) many individuals. Collecting data and using that to gain knowledge is not a bad thing per se.

If it was a institution where people expressly donated their data for research then that is the right way to do it. The concern is about selling that data and using it for other commercial purposes. Another concern is about creating this single repository of data that can then be exploited my incremental updates to TOS that nobody reads or understands.

The author is trying to use that relationship to stress a point which stands no matter whether the founder is related to Google founder or not. Take that piece of information out and the point that the author is making still stands. Google has showed us that by luring people to share their private information, it is possible to sell your users eventually. Now you don't have to be related to a Google founder to learn and use that business model. If there was any other company that followed the same practice and didn't explicitly allow me to own my data and delete it from their databases I'd be worried about that company as well. No matter whether they are related to Google or not. The relationship to Google just make me extra worried because of the history of Google.

The point has nothing to do with the relationship between the companies. Like the commenter upthread said, it was a clumsy way to transition into the topic. 23AM could be a Microsoft spin-off, or a Bloomberg company, or a Koch Brothers company: the same points would stand.

The reason Google matters is that it demonstrated that the business model of hoarding and capitalizing on personal information works. The rest of the article spells out ways in which 23AM is already capitalizing on its stored information.

>>> it demonstrated that the business model of hoarding and capitalizing on personal information works

Marketing companies and spammers are using this model all the time. AFAIK most of Google's income is from ads which use very little of personal information (yes, I know about targeted ads but I have a feeling marginal utility of those vs. just having ads on Google which everybody uses is not that high).

I really dislike the whole Google point - it just seems to be buying into the Google / privacy hysteria / phobia, and is a really extreme cynical viewpoint on these things. Yes, they want data (both Google and 23andMe). And yes they want to exploit it, and make money from that. But the reason they want to do that is because there is value there. Value to the companies, but the only reason it's valuable to them is because there is much, much greater to the downstream users that they will pass this information on to. I really dislike the exaggerated tone. For example:

> [Google makes money ] ... By parceling out that information to help advertisers target you, with or without your consent

Umm. No. 1) don't use Google services. Or 2) go to your account settings and disable personalised ads or 3) browse in incognito mode, etc. There are loads of ways to choose not to be targeted by ads. People seem to constantly feel a need to exaggerate what Google actually does. They don't "sell your data", they don't "track" you, they don't do anything "without your consent".

Not that I think Google needs any help defending themselves here - but what really concerns me is that we can very quickly slide into a kind of technophobia that will take a cynical viewpoint on every form of new technology. Anyone here involved in a startup can be a victim of that, and the level of acceptance by society of new technologies and change is really, really crucial to moving society forward.

> 1) don't use Google services

Is that really possible today? Have you tried to browse the web without trying to hit Google servers? Do you know how hard it is? No common man is capable of doing it frankly.

Not hitting their servers is different to not using their services.

You can block cookies to their domains, or just block all third party cookies, and then you will be pretty safe from them doing anything to track you. The browsers make this pretty easy - I would argue that is in reach of 'the common man', or at very least one who can use Bing (however Bing will profile and track you just like Google, of course).

What have you tried? Couldn't a browser extension just drop any requests for domains owned by Google? I think the problem you're trying to describe is that of their services being too good to give up.

We are living in the world of connections. You may have extremely low IQ and live off the streets, but if you know right/powerful people then you are very "rich" to other people.

Its one thing to be able to talk and convince Ellison, Gates, Musk, or Zuckerberg to invest in your company; its another thing to sleep with one.

You'd think Scientific American could manage to spell Sergey's name right.

In their defense, transliteration is weird. The spelling they used isn't one that Brin uses, but is one that is used for Сергей by other people.


"A male given name, Sergey or Sergei."

Sure, I know people who spell it both ways, but in this case transliteration isn't an issue: you're talking about a public figure, the co-founder of Google, who's been in the US (and presumably spelling his name the same way) for 34 years.

This is just the case of a writer and/or editor being too lazy to look up the correct spelling.

Are you trying to ad-hominem the author? I don't understand the purpose of a comment like this, otherwise. Transliteration and spelling are distinct words and concepts. Frankly this is NBD to someone who is worth $NBdollars.

I am embarrassed to know to that they split sometime earlier this year.

Recently watched Gattaca. Found it interesting how in that world, DNA profiling for job placement was illegal, but because the technology was so widespread and available, it was easy to circumvent the regulations without getting caught. Just shake someone's hand or take a drug test, and they have your entire genome.

The article failed to terrify me. Yes, genetic testing is coming, and yes, very soon genetic information will be as easily accessible as any other information about the person. The governments already have large DNA databases, and those will expand. There's no "portal" that 23&me is luring us through - there's the future towards which we move inevitably, and since the technology exists, it will be used. Out of all possible usages of this technology, the one 23&me presents seems to be pretty benign. I'd rather be afraid of the government of which I have very little control and which knows or can know pretty much everything about me than of the company that can be shut down by any FDA bureaucrat.

Does anyone know if 23andMe would be restricted from disclosing your info under HIPAA?

yeah that's what I'm curious about. For example if we went to Electronic Medical Records i'm not sure the companies could just dig stats from that. But I guess what's alarming in the case of 23andMe is that they've taken the tactic of ignoring FDA. If a company goes rogue and takes "corp vs. the gov" attitude they are probably gearing up to push some limits that their consumers may not be prepared for and which may not technically be legal "yet" (while they try to lobby to change laws).

If they don't think FDA rules apply to them, why would they think HIPAA rules do?

HIPAA and FDA are completely independent. HIPAA is much broader and at the same time much less cumbersome to comply with. I'd be extremely surprised if they weren't being HIPAA compliant, not just because of the law but because HIPAA doesn't ask much that they wouldn't be insane not to do anyway.

Not answer you directly, but this should concern you as well: https://news.ycombinator.com/item?id=6550198

I know I have the bright light/sneezing mutation :-)

Would this be a concern about privacy exist if there was no way your genetic profile could be used against you? If you couldn't be discriminated in any way on that basis, what else would need to be hidden?

I'm not asking rhetorically -- what else do we have to hide about our genes?

It is highly disruptive in terms of insurance. Insurance can only work if many people pay for the few who actually need the insurance. The best way for insurance companies to increase profits is to get rid of the people who actually need them from their pool: if they can have access to a good set of indicators to remove people with high incidence of diabete, kidney failure or cancer, they will use it. And once people understand that, nobody will use insurance anymore.

Health may become another kind of risks you can't insure against anymore, like divorce or unemployment.

That was true in the past, but is irrelevant now that insurance companies can't refuse to insure you, or even charge you more for pre-existing conditions.

Not true at all. If you know you are at higher risk thanks to your personal genetic test, you are more likely to buy yourself good insurance coverage.

1) More high risk customers buying the insurance concentrates the 'pool' of insured risks...

2) ...leading to more payouts

3) ...leading to higher insurance

4) ...leading to those without the risks opting to take cheaper, lower level coverage

5) ...leading to more concentrated risk in the pool of insured people in the good coverage

6) ...and back to step 2. The insurance fails, or becomes too high a cost to be worthwhile for anyone.

I agree with your points, but the result will probably just be higher rates, not failure. You can see it start to happen already with the early implementation of the ACA. However, that that isn't what I was talking about, and it doesn't support the parents claim that, "they [insurance companies] can have access to a good set of indicators to remove people with high incidence of diabete, kidney failure or cancer, they will use it."

My point was, no, insurance companies can't use the data, even if they had access to the it, which they won't.

I was wittering on about this earlier today: https://news.ycombinator.com/item?id=6807778 and other comments in that older story - but my brief summary is: if you know your genetic data, you can then make insurance policy choices based upon it without telling the insurers. But when enough people do this collectively, the insurance market will (possibly) fail or be forced split offerings into various levels of cover. Customers then self-select and the end result is the same as if the insurers knew the data in the first place.

At this point do you really need the genetic data to get the same effect? I throw out my back, I upgrade my insurance, then I get the surgery. The doctor says I have 90% blockage in my arteries,I upgrade insurance, then I get the bypass. It seems like genetic data will have less influence than people making changes based on empirical observations of their health.

I don't know specifics about the USA, but certainly in the UK, private healthcare insurance works like most other forms of insurance, i.e. Pre-existing conditions or other relevant information is either not covered or must be declared and will be used to adjust premiums.

No car breakdown insurance lets you take out a policy to cover the vehicle after it has already broken down...

right, they just charge everyone more now.

Exactly, it was pretty dishonest for anyone to say the the ACA would reduce healthcare costs, it was obvious they were going to go up.

how about charging you more because you have a higher risk of a certain disease?

See the other story today about this: https://news.ycombinator.com/item?id=6807275

That sounds like a pretty good thing.

Hm, let's see, these markers indicate a high probability of low intelligence, and over here, shall we say lack of industriousness. Here's one that's tied to problems with authority. And this one is correlated to serious chronic health problems, how much sick leave do you normally take? By the way did you know your Dad is the same as mine?! I sure didn't.

I think that all of those examples could be datamined today without any genetic testing (and probably are).

Like any personal information, there are ways that it might affect or interest others. There's no magic, foolproof way of stopping people from using information against you other than not revealing it. Hence, hiding it is always a good fallback.

Assume you are a woman or older than 40. Can you know wherher you have been discrimined, say, when applying for a job? It is illegal... But it is quite likely unnoticeable as well.

If your genes reveal you are at a higher risk of developing certain diseases and insurance companies had access to that information, they might deny your their products or charge you more for them.

Next time the government decides to do away with "undesirables" they'll have a list already built for them.

This commentary points out, "But as the FDA frets about the accuracy of 23andMe’s tests, it is missing their true function, and consequently the agency has no clue about the real dangers they pose. The Personal Genome Service isn’t primarily intended to be a medical device. It is a mechanism meant to be a front end for a massive information-gathering operation against an unwitting public." Yes. That was reported in a Fast Company magazine profile of 23andMe[1] submitted here to HN 44 days ago, with a lot of discussion.[2] The basic problem that 23andMe faces is a business model that by its own acknowledgement really doesn't provide much benefit to the consumers who are paying to have their DNA SNP-sequenced and their personal health history data collected for 23andMe's use.

[1] http://www.fastcompany.com/3018598/for-99-this-ceo-can-tell-...

[2] https://news.ycombinator.com/item?id=6549600

I wonder what 23andMe would find if I submitted my dog's spit. Might be worth teaching him to spit.

On the Internet, nobody knows you're a dog ... until you link your Google+ and 23andMe accounts.

(there's already a link there between YouTube comments and flecks of spittle ...)

The grass is greener on the other side of the fire hydrant. I wish I could teach my dog _not_ to slobber his DNA all over everything. If my home were ever a crime scene, CSI would be barking up the wrong tree looking for suspects.

I considered getting sheep spit and sending it in claiming that I was welsh.

Alternately, you could submit your own spit to Wisdom Panel.

I signed up for 23andMe, got the results, had a brief chat to my GP. She said it's interesting, but only useful if you're looking for the source of a problem.

Even my health insurance doesn't care, they only worry about diagnosed conditions. Plus any pre-exisiting conditions are covered after three years.

On the other hand, the country where I live has universal healthcare.

In the U.S., denying insurance or raising rates based on pre-existing conditions will be illegal as of Jan. 1. Doing these things based on genetics has been illegal for several years now.

I think this article is a little short sighted. DNA profiling may be bad for some people in certain situations (health insurance), but the long term effects, for our species as a whole? I don't have a problem sacrificing my individual genetic privacy if it brings us closer to a Gattaca style utopia.

Can someone summarise why the FDA have any say in genetic testing? It's not as if they are selling a drug or other substance that might be incorrectly made or labelled. Presumably spitting into a vial can't cause harm.

Yes, of course. The article does that.

[23andMe] ... edged closer and closer to marketing their services as a way of predicting and even preventing health problems. And any kit intended to cure, mitigate, treat, prevent, or diagnose a disease is, according to federal law, a "medical device" that needs to be deemed safe and effective by the FDA.

While I have no particular knowledge of the case, the FDA checks that services are safe and effective. Basically that the company isn't selling proverbial snake oil (or literal snake oil, I guess).

Providing incorrect or misleading information could lead to people making health decisions with potentially serious consequences. If that information is wrong people could take unnecessary risks with their health.

If you're going to market something that can allegedly test and diagnose illnesses, it sure as hell should be tested and regulated.

I hope 23andme is shutdown.

I don't understand the anger and animosity at 23andme I've seen on HN lately. Maybe I'm not understanding something the way you are.

My understanding is they sequence some of your dna, and then link to various publicly available studies to show users "This paper showed this mutation correlates with this disease".

Is that not a correct description of their service? Why do you want them shut down?

The problem is, most people aren't trained doctors. They will have no idea how to interpret the results. They will likely go waste their own doctors time worrying about everything. 23andme is preying on some peoples fears, and turning them into hypercondriacs.

The absolute vast majority of people will die from heart disease or cancer. What is the point of paying money to find that out?

Obviously there's also the privacy aspect as well - trusting your DNA to some private company who wants to make profit.

If you have a symptom, or family history of some disease, go see a doctor. That's kinda what they're there for. And they train for years in order that they can interpret results correctly.

"FDA is concerned about the public health consequences of inaccurate results from the PGS device - the main purpose of compliance with FDA's regulatory requirements is to ensure that the tests work," said Alberto Gutierrez, director of the FDA's centre for devices and radiological health, in a letter to the company.

"Patients relying on such tests may begin to self-manage their treatment through dose changes or even abandon certain therapies depending on the outcome of the assessment," he added.


There is a lot of unwarranted 23andMe hate going on here. Not only do they offer at the end of sign up to delete/remove your genetic sample, you can also inform them you want to do this at any time.

DNA is extremely stable at low temperatures so they can periodically re-assay the sample and give you more information on SNPs they have found important or you can opt-out and just get the one sample.

With 23andMe I'm waiting for the entertaining family scandals to happen when people suddenly discover they have cousins they didn't know about. It's going to be a cataclysmic mass phenomenon and there's nothing anyone can do about it.

I hope the FDA forces 23andMe to take back their results that I'm getting Alzheimer's. Unless they already have. I forget.

Pretty sure we need laws that protect this information from predators.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact