Hacker News new | past | comments | ask | show | jobs | submit login

If my fear was that an organization holding genetic data was going to break policies and law against my interests, I'd be at least as concerned about the State of California (and other states). Every state (by federal law since 1963) screens almost every newborn baby, via a blood test, for genetic diseases:


California retains the residual blood spots for followup studies, apparently indefinitely – see the section "Storage and Use of Dried Blood Spots":


California currently screens for 79 disorders:


And, results lookup long afterward by disorder is possible, since there's a routine, by-email procedure for checking the sickle-cell status of NCAA athletes:


The policies for the data and the retained sample are described by the 'babysfirsttest' site above as allowing use "for medical intervention, counseling or specific research projects which the California Board of Health approves" and "anonymous research studies". Those sound about equivalent to the 23andMe policy... and at a similar risk of reinterpretation or rule-bending if organizational priorities or technology change.

Look I know that much of HN has a libertarian and pro-corporation bias. But, I think the article is pretty specific about the profit motive being cause for concern.

The California Board of Health reports, however indirectly, to the taxpayers. This accountability, however insignificant you may perceive it, is simply absent from 23andMe.

To summarize your comparison:

- 23andMe collects genomes to please their VC and Wall Street investors.

- The CA government collects genomes to please the taxpayers.

Be honest, and forget your bank account: who do you really trust more?

I do trust the profit motive of a small company, bound by various contracts and laws, public perception, and their own need for future customers to voluntarily opt-in, moreso than the state's shifting policies, pandering to the different fears of various eras.

Even where the profit motive can lead to abuses, those abuses pale in comparison to the history of even very good governments. California is one of the most accountable governments in the world, but in the memory of its living residents has imposed both forced internment of its citizens by their ethnicity (WW2) and forced sterilization (until 1963).

What future crime or health scares could lead to the repurposing of this broadly-collected state data? (It's quite hard to opt-out of this collection, whereas it's costly to opt-in to 23andMe's program.) And if state-repurposing happens, those who implement the change, perhaps including for-profit companies in partnership with the state, can be insulated from accountability, because when the state decides to do it, it is 'legal'.

Perhaps you assign those scenarios much lower probability than the more common and mundane privacy abuses of profit-seeking sleazeballs. OK, fine. Still, the magnitude of damage the state can do, with its powers of compulsion and confiscation, is much larger. Fewer events, yes, but much worse when they happen.

So if you're 'terrified' by the chance 23andMe might misuse voluntarily-offered genetic materials, against their own policies, state law, and customer preferences, you ought to reserve at least some fear as well for the danger from the much larger cache of genetic data, collected without explicit consent, already in the hands of an institution that – when it occasionally misfires – does more damage than any single company can.

"I do trust the profit motive of a small company" - Oh, you mean that small company with nearly $100MM in funding, as well as $80MM in revenues?

"bound by laws" - like the laws and regulations enforced by the FDA?

Really. You trust "profit motives". How adorable. But yet you couldn't find space above to relate for us all the charmingly ethical conduct of companies "bound by various contracts and laws, public perception, and their own needs for future customers"...companies like Union Carbide, Monsanto, Enron, Kerr-McGee, British Petroleum, Halliburton, FlowTex, Bayer etc etc ad infinitum.

No thanks. 23andMe is yet another group of shady, for-profit slimeballs making money off people's fears, called out by the FDA for the same kind of arrogant adolescent libertarian horseshit that gave us Vioxx.

And yeah, most of us actually prefer to deal with the "state's shifting policies" - you remember...the policies we vote on.

Right, and the State has never violated our trust either.

Nobody should trust any corporation OR government agency blindly. Duh.

But to suggest that corporations are somehow inherently less trustworthy that the government is just... silly. And unsubstantiated.

It doesn't really matter who is collecting. It's the aggregation and storage that is the root problem - because sooner or later that data will get into all the sufficiently determined wrong hands. If the NSA can't secure data or even know what has got out, California or 23andMe or Google have no chance.

The problem we have is that it is now easier to collect everything than to be selective and this represents a huge risk to security down the line in all kinds of ways. You could say our data footprints have become a form of pollution. To mitigate we need to flip it and make non-collection the default - e.g. introduce strict regulations around destroying non-critical information with a very high bar for even temporary storage and anonymisation wherever possible.

But there are potentially immense health benefits from having the testing done, having it available for on-line consultation (by the individual and her chosen advisors), and continuing to re-test in greater resolution as technology advances.

Do we just forgo all those benefits because of the risk of abuse or data compromise, by any entity anywhere down the line?

Or do we try to figure out the right checks, both in practices and law, to maximize the benefit and minimize the risks? I'm for that iterative discovery of the right balance. And, I think a for-profit company operating under the microscope of consumer/journalist/regulator scrutiny is more likely to find the optimal tradeoffs than a compulsory state collection program, or other solely bureaucratic and legislative processes.

You have the right idea. It's important to remember what we'd want if we didn't have any concerns about power abuse. In a perfect world, anyone would be excited that some of the world's best scientists were studying the secrets of their body and would soon be able to offer them opportunities to take control of their health and ageing rather than leaving it to chance. Even better if an enormous sample was pooled for study. This is the only realistic way to move toward a complete understanding of how our bodies work.

There are real potential abuses of privacy, but we shouldn't let those scare us into failing to progress. The fact is, you leave your genetic information everywhere you go. If any restaurant wanted to get into the DNA collection business, they would never run out of material. In the near future, I wouldn't be surprised if some people argued that any genetic material left at their business was their rightful property, and since you made no effort to hide the fact that you were eating off that particular fork, they shouldn't have to avert their eyes from your DNA or deny its association with you. Perhaps on your next visit to any chain restaurant, they could suggest a menu more appropriate to your specific health needs.

I feel you are both missing the point that the kind of abuse we are opening ourselves up to inevitably includes catastrophic abuse as well as everyday injustices. Two examples that spring easily to mind - jury nobbling by organised crime, market manipulation by foreign powers. This is the job of government, legislation, and society, and is not within the remit of private corporations or something that can be left to a theory of market self-regulation. The example that a restaurant left to its own devices could get into collecting data so easily underlines that this needs legislative teeth.

You're right about the potential abuses. However, the only reason we have any kind of biological privacy is because the stuff we leave everywhere is too small for most people to notice. But we are not clean animals. We shed everywhere. I don't think biological privacy in the long term is a realistic goal unless we're willing to make full-body plastic suits fashionable.

More to the point, it's absolutely necessary to research this stuff. The more samples we can get out there, by whatever means necessary, the better. This kind of research will absolutely save lives, and in no small portion.

It's good to keep the security implications in perspective. However, if privacy concerns held back or halted basic research on biology, they would do more damage from voluntary and legislative protections than they are capable of doing by creating advertising profiles.

Counterfeiting money is an example of something which is relatively easy but can be hugely damaging if done on a large scale - we try to make it harder for the casual counterfeiter but mostly we rely on draconian penalties around it precisely for this reason.

There is also an important cultural aspect that makes certain behaviours abhorrent/unacceptable that would need to be tapped into.

Research is a legitimate and beneficial activity that you would therefore expect to be licensed and controlled.

Is it reasonable to say that a government is more accountable to taxpayers than a company is to customers? If I am displeased with the policies of KillBrownPeopleOnTheOtherSideOfTheWorldCorp or TheKidnapPeopleWhoGrowFungusesCompany, I can just decide not to purchase their services. The process available in government is that I can vote to replace the person who oversees the policies, which will remain unchanged.

23andMe. I don't have to give them my genome if I don't trust them.

As the article rightly notes: "...every one of your relatives who spits in a 23andMe vial is giving the company a not-inconsiderable bit of your own genetic information to the company along with their own. If you have several close relatives who are already in 23andMe’s database, the company already essentially has all that it needs to know about you."

The FDA's regulation doesn't stop that or have anything to do with that. I fail to see the problem with 23andMe. They provide testing for people who want to pay for it.

FUD about building a massive database is kind of hard to take seriously when the NSA watches everything and the US government already builds DNA databases.

IMO both of you have good points.

I would expect 23andMe to be doing some shady Facebook-esqe bullshit because of the profit motive and that is why I have never used them even though I am curious. I expect the state to be doing some shady Facebook-esqe bullshit because of "terrists" but I didn't have the option to not.

So I can both be "at least as concerned about the State of California" and also be 100% against sending a swab to 23andMe. I trust neither more but with one of them I have control over their collection of my DNA.

Moreover, if I understand the situation correctly, states aren't outright sequencing and compiling the full genome from each of those spots - instead, the blood spots themselves are being saved. That will make it signicantly harder to access and misuse the genetic data contained therein. 23andMe, on the other hand, has that data in a much much more accessible and centralized form, though it too doesn't fully sequence it. Yet.

That's a big part of what makes it more dangerous than what the states are doing, I believe.

When a baby is born in CA, do the parents have a choice, as to whether or not the blood sample is collected?

My understanding, from the 2nd link I included and other sources, is that parents can opt-out if they are insistent beforehand, and claim a religious exemption in writing. But they aren't specifically informed and asked before the blood sample is taken.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact