‘You can take someone’s DNA and design a weapon that can kill them’: House intelligence committee member warns people not to share health data with sites like 23andMe because it can be used to program new bio-weapons to target them
In today’s digital age, where technology is advancing at a rapid pace, the issue of privacy and security of personal health data has become a growing concern. With the rise of direct-to-consumer genetic testing services like 23andMe, many individuals are eager to learn more about their ancestry, health risks, and genetic traits. However, a warning from a House Intelligence Committee member has shed light on the potential risks of sharing such sensitive information with these companies.
- US Rep Jason Crow warned that bio-weapons are being made that use a target’s DNA to only kill that person during the Aspen Security Forum on Friday
- The congressman said the development of the weapons is worrisome given the popularity of DNA testing services like 23andMe
- 23andMe has stated that it does not sell off customer’s private information, but other DNA companies have provided information to police upon request
- In 2019, it was found that several Russian and Chinese labs were processing DNA tests for Americans through Medicare and Medicaid
- Officials warned the bio-weapons could also target animals and disrupt food supplies around the globe
A member of the U.S. House Intelligence Committee warned that bio-weapons are being made that use a target’s DNA to only kill that person.
Speaking at the Aspen Security Forum on Friday, US Rep Jason Crow of Colorado warned Americans to not be so cavalier about sharing their DNA with private companies due to the coming of the new type of weapon.
‘You can actually take someone’s DNA, take, you know, their medical profile and you can target a biological weapon that will kill that person or take them off the battlefield or make them inoperable,’ Crow said.
The congressman said the development of the weapons is worrisome given the popularity of DNA testing services, where people willingly share their genetic mapping with businesses to gain insight on their genealogy and health.
‘You can’t have a discussion about this without talking about privacy and the protection of commercial data because expectations of privacy have degraded over the last 20 years,’ the Democratic lawmaker said.
‘Young folks actually have very little expectation of privacy, that’s what the polling and the data show.”
Crow, a former Army Ranger who served three tours of duty in Iraq and Afghanistan, continued: ‘People will very rapidly spit into a cup and send it to 23andMe and get really interesting data about their background.’
And guess what? Their DNA is now owned by a private company. It can be sold off with very little intellectual property protection or privacy protection and we don’t have legal and regulatory regimes to deal with that.’
‘We have to have an open and public discussion about… what the protection of healthcare information, DNA information, and your data look like because that data is actually going to be procured and collected by our adversaries for the development of these systems.’
23andMe has repeatedly stated that it does not sell off customers’ private information, but other DNA companies have provided information to police upon request.
US Senator Joni Ernst of Iowa, a member of the Senate Armed Services Committee, said the US rivals could use such DNA bio-weapons to target food supplies on a vast scale.
Ernst warned that biological weapons could be used to target specific animals that citizens, troops or cities depend on, bringing about scarcity and food insecurity to weaken people.
‘Food insecurity drives a lot of other insecurities around the globe,’ Ernst said.
‘There’s a number of ways we can look at biological weapons and the need to make sure not only are we securing human beings, but then also the food that will sustain us.’
Earlier this week, the Washington Examiner reported on just how easy it could be for privately-owned databases to be used to develop bioweapons such as the ones touted by Crow.
The publication explained how DNA belonging to a target – or the close relative of a target – could be stolen and used to form a biological weapon effective against that person only.
That technology could lead to highly-targeted assassination programs, and also make it much harder for killers to be tracked down.
Similar technology could be deployed against US agriculture by designing weapons which target only a certain breed of farm animal, or crop.
That could plunge the country into famine, and leave the US on its knees in the face of hostilities from a rival like Russia or China.
Army General Richard Clark, commander of the US Special Operations Command, highlighted how Russia had already shot to infamy with a less-sophisticated version of the same scheme.
Discussing the nerve agent poisoning of former double agent Sergei Skripal in England in 2018, he said: ‘Russia is willing to use those against political opponents. They’re willing to use them on their own soil, but then to go in on the soil of a NATO ally in the UK and use those … and as we go into the future, we have to be prepared for that eventualities.
‘And I don’t think we talk about it as much as we should and look for methods to continue to combat.’
Skripal and his daughter Yulia were poisoned with the nerve agent Novichok in the English town of Salisbury, and almost died from their injuries. Britain’s then-Prime Minister Theresa May blamed Russia for the outrage days later.
Last year, US Sen. Marco Rubio sounded the alarm that Russian and Chinese labs were processing the DNA tests of Americans through Medicare and Medicaid.
‘It is ridiculous that our current policies enable the Chinese Communist Party to access Americans’ genomic data,’ Rubio said in a statement.
‘There is absolutely no reason that Beijing, which routinely seeks to undermine US national security, should be handed the genomic data of American citizens.
In 2018, Ancestry, 23andMe, Habit, Helix, and MyHeritage all signed on to the policy drafted with the help of The Future of Privacy Forum, a non-profit, in support of ‘advancing responsible data practices in support of emerging technologies,’ according to Gizmodo.[a] [a] https://gizmodo.com/ancestry-and-23andme-agree-to-new-rules-to-make-you-fee-1828001465
The guidelines, titled Privacy Best Practices for Consumer Genetic Testing Services [b] and released on Tuesday, deal with scenarios where users’ personally identifiable and anonymous genetic information might be shared with law enforcement (without a warrant) and other third parties.
[b] https://fpf.org/wp-content/uploads/2018/07/Privacy-Best-Practices-for-Consumer-Genetic-Testing-Services-FINAL.pdfThe new voluntary policies call for requiring separate consent from users before sharing ‘individual-level information’ with other businesses and more transparency about the number of requests for data received by, and fulfilled for, law enforcement.
While all the companies have said they agree to these standards of practice, there is no law enforcing the rules.
Additional Information:
Why this company is blaming its customers for data breach
Genetic testing company 23andMe is facing 30 lawsuits from victims of the cyber attack it faced last year, involving the theft of genetic and ancestry data from 6.9 million users. The company allegedly sent a letter blaming the victims for the data theft and disclaiming responsibility. The breach initially reported in October 2020 impacted around 6.9 million individuals due to an internal data-sharing feature. Hackers used a technique called credential stuffing to breach user accounts and access personal data of additional customers who opted-in to 23andMe’s DNA Relatives feature. Lawyers representing the victims accused 23andMe of neglecting responsibility and downplaying the severity of the situation. 23andMe reset passwords and made multi-factor authentication mandatory after the breach, and changed their terms of service to discourage legal action. In a court case, 23andMe argued that the stolen data cannot cause financial harm as it did not include sensitive information like social security or financial details.
Genetic testing company 23andMe is facing 30 lawsuits from victims of the cyber attack it faced last year. The breach involved the theft of genetic and ancestry data from 6.9 million users. Now, the company has allegedly sent a letter to a group of victims who have sued the company over their data breach, blaming them for the data theft and disclaiming any responsibility.
The breach was initially reported in October 2020 when customer data was found for sale on the dark web. At first, 23andMe claimed that only 14,000 accounts were affected. However, further investigation revealed that the actual number of impacted individuals could be around 6.9 million due to an internal data-sharing feature linked to those accounts.
Hackers initially breached around 14,000 user accounts by using a technique called credential stuffing. They used passwords that were known to be associated with the targeted customers to gain unauthorized access.
However, by breaching these initial accounts, the hackers could access the personal data of an additional 6.9 million customers whose accounts were not directly hacked. This was possible because these customers had opted-in to 23andMe’s DNA Relatives feature, which automatically shares some of their data with people considered their relatives on the platform.
23andMe, in a message to the victims, emphasised that the breach occurred due to the exploitation of reused passwords, which exposed personal data for an additional 6.9 million customers.
“Users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe…Therefore, the incident was not a result of 23andMe’s alleged failure to maintain reasonable security measures,” reads the letter. “Therefore, the incident was not a result of 23andMe’s alleged failure to maintain reasonable security measures.”
One of the lawyers representing the victim group who received a letter from 23andMe, Hassan Zavareei, has accused the company of neglecting its responsibility in the data security breach. According to Zavareei, instead of owning up to their mistake, 23andMe has chosen to downplay the severity of the situation and abandon their customers. He shared his concerns in an email to TechCrunch.
After the breach, 23andMe reset customer passwords and made multi-factor authentication mandatory. To discourage legal action, they changed their terms of service, making it harder for victims to file class action lawsuits or mass arbitration claims.
Source: Mail Online, NPR-Images, TOI,
Also Read: