The Genetic Fortress
11th June, 2018 | Data Security | Entropic
Companies that provide Genetic genealogy services offer individuals the option to submit a sample of their DNA, to enhance their ability to explore their ethnic origins, their family heritage, and discover and reunite with lost relatives. Similarly, Personal genomics companies also offer individuals this option to help them better understand their genetic traits, and how that might affect them in their lifetime, along with their descendants and relatives.
Despite the advantages that these services bring, the widespread use of expiring security and storage technologies to protect this information represents the next significant new threat to the loss of our privacy and individuality.
Current security technologies are neither definitive nor sufficient enough to protect the extremely sensitive genetic information of individuals that are being accumulated, and holistically stored in digital fortresses.
Unwanted exposure of personal genetic information from these companies over time, will forge new precedents in data loss, going beyond the loss of simple, renewable elements of our identity (ex: social security numbers, drivers license numbers, credit card numbers, etc...) to the loss of our genetic details, which is much worse.
Trailing the Ancestry.com breach reported in Dec 2017, earlier this week MyHeritage.com reported a data breach of 92+ million email addresses and hashed passwords that was found on a private server outside of their network. Though the immediate impact of this is unknown, history demonstrates that it is possible to gain access to these accounts using multiple, well established techniques.
It is for these reasons that MyHeritage has had to initiate frantic, across-the-board password changes and prioritize the implementation of two-factor authentication for it's services - a step that several other personal genomics sites have not yet implemented. Two-factor authentication (2FA), boosts authentication capabilities by requiring additional checks from the user, before allowing access to the secured information. An overview of two-factor authentication by Bennett Garner is originally posted on CoinCentral.com.
While gaining access to an individual's account might yield basic details, such as their name, gender and photos; what makes this data breach far more significant, is that it could also reveal specific or aggregated genetic information about them or their family.
This genetic information is refined from DNA Uploads from other genealogy services, personal DNA samples submitted through their DNA test kit, and correlated and refined against other sources of information.
Lets delve into a bigger picture of how MyHeritage collects information about individuals. In our previous article, we introduced a model to help describe the lifecycle of information after it has been disclosed to an organization by an individual. In this article we'll focus on one particular phase of this lifecycle - the Collect & Send phase, and describe how it applies.
Through it's own network; partnerships with BillionGraves (US), FamilySearch (US), and EBSCO Information Services (US); the gathering of records from government entities such as the US Census Bureau, the Danish National Archives, private entities, along with historical acquisitions of Kindo (UK), OSN Group (Germany), Zooof (Netherlands), FamilyLink (US), BackupMyTree (US), and Geni (US), MyHeritage has accumulated a wealth of detailed information about 3+ billion individuals in total, including 449+ million photos, and 96+ million user accounts.
In terms of ongoing information collection, MyHeritage is not only fueled by a massive set of information accumulated from documents and public records, acquisitions, partnerships, users of their web sites and apps, and their DNA upload and DNA test kit services. Information is also gathered from an ecosystem of third party developers who create web sites and Apps using the MyHeritage Family Graph API.
The more frequently individuals, products and services access and use the web site and MyHeritage Family Graph API, the more they disclose information about individuals and their families back to MyHeritage. This information is then refined and made accessible through their services.
It's important to note that the picture we have just presented is not exhaustive. MyHeritage has an elaborate information collection infrastructure that has evolved over a period of more than 14 years. We could also look at genetic information collection through another lens, such as 23andMe or Ancestry.com, which might yield an equally or more elaborate ecosystem of information collection, with overlaps to other organizations.
Many companies across the globe have focussed the better part of the last 2 decades to reducing the logistical cost of storing and managing information through leasing or building cloud based infrastructure. The common theme of these changes is centralizing the storage of information, and making it Internet-accessible. Unfortunately, this has created vast new information security issues, many of which are at the center of the data breaches we are experiencing now.
Cybersecurity and storage technologies need to refocus on protecting the fabric of information, to make it immune from neglect, theft, and loss - especially over time. Decentralizing information is the next step to making it impermeable to attacks over time.
Decentralizing database storage using sharding is a promising option, described in this article by Colin Harper, originally posted on CoinCentral.com. Decentralizing can be done on a bitwise, or a blockwise level, vastly improving the safety of stored information over time.
If you have any feedback, questions, or suggestions, please let us know.
Acknowledgements:
Newspaper: Photo by Photo by Denny Muller, Books: Annie Spratt, Medal: Tim Mossholder, Book w/Pen: Photo by Álvaro Serrano, Files: Photo by Samuel Zeller, University: Photo by delfi de la Rua, Camera: Photo by Marc Mueller, Digits: Photo by Nick Hillier, Women with scarves: Photo by diGital Sennin, Marriage: Photo by Sweet Ice Cream Photography, Bookshelf with Heads: Photo by Giammarco Boscaro, Flohmarkt im Mauerpark, Berlin, Germany: Photo by Roman Kraft, Open book with photo: Photo by Jason Wong, Map: Photo by Himesh Kumar Behera, Fortress in Alhambra, Granada, Spain: Photo by Willian Justen de Vasconcellos, Stadtbibliothek, Stuttgart, Germany: Photo by Tobias Fischer...on Unsplash.