How DNA Databases Violate Everyone’s Privacy

If you’re an American of European descent, there’s a 60% chance you can be uniquely identified by public information in DNA databases. This is not information that you have made public; this is information your relatives have made public. Research paper: "Identity inference of genomic data using long-range familial searches." Abstract: Consumer genomics databases have reached the scale of millions…

If you're an American of European descent, there's a 60% chance you can be uniquely identified by public information in DNA databases. This is not information that you have made public; this is information your relatives have made public.

Research paper:

"Identity inference of genomic data using long-range familial searches."

Abstract: Consumer genomics databases have reached the scale of millions of individuals. Recently, law enforcement authorities have exploited some of these databases to identify suspects via distant familial relatives. Using genomic data of 1.28 million individuals tested with consumer genomics, we investigated the power of this technique. We project that about 60% of the searches for individuals of European-descent will result in a third cousin or closer match, which can allow their identification using demographic identifiers. Moreover, the technique could implicate nearly any US-individual of European-descent in the near future. We demonstrate that the technique can also identify research participants of a public sequencing project. Based on these results, we propose a potential mitigation strategy and policy implications to human subject research.

A good news article.

from https://www.schneier.com/blog/

DNI Wants Research into Secure Multiparty Computation

The Intelligence Advanced Research Projects Activity (IARPA) is soliciting proposals for research projects in secure multiparty computation: Specifically of interest is computing on data belonging to different — potentially mutually distrusting — parties, which are unwilling or unable (e.g., due to laws and regulations) to share this data with each other or with the underlying compute platform. Such computations may…

The Intelligence Advanced Research Projects Activity (IARPA) is soliciting proposals for research projects in secure multiparty computation:

Specifically of interest is computing on data belonging to different -- potentially mutually distrusting -- parties, which are unwilling or unable (e.g., due to laws and regulations) to share this data with each other or with the underlying compute platform. Such computations may include oblivious verification mechanisms to prove the correctness and security of computation without revealing underlying data, sensitive computations, or both.

My guess is that this is to perform analysis using data obtained from different surveillance authorities.

from https://www.schneier.com/blog/

Indiana’s Voter Registration Data Is Frighteningly Insecure

You can edit anyone’s information you want: The question, boiled down, was haunting: Want to see how easy it would be to get into someone’s voter registration and make changes to it? The offer from Steve Klink — a Lafayette-based public consultant who works mainly with Indiana public school districts — was to use my voter registration record as a…

You can edit anyone's information you want:

The question, boiled down, was haunting: Want to see how easy it would be to get into someone's voter registration and make changes to it? The offer from Steve Klink -- a Lafayette-based public consultant who works mainly with Indiana public school districts -- was to use my voter registration record as a case study.

Only with my permission, of course.

"I will not require any information from you," he texted. "Which is the problem."

Turns out he didn't need anything from me. He sent screenshots of every step along the way, as he navigated from the "Update My Voter Registration" tab at the Indiana Statewide Voter Registration System maintained since 2010 at www.indianavoters.com to the blank screen that cleared the way for changes to my name, address, age and more.

The only magic involved was my driver's license number, one of two log-in options to make changes online. And that was contained in a copy of every county's voter database, a public record already in the hands of political parties, campaigns, media and, according to Indiana open access laws, just about anyone who wants the beefy spreadsheet.

from https://www.schneier.com/blog/