New Scientist has a fascinating piece in which reporters Peter Aldhous and Michael Reilly demonstrate – with a little cash, and more than a little effort – the possibility of obtaining large-scale genetic data from someone without their knowledge or permission.
The reporters started with a glass that Aldhous had drunk water from; Reilly swabbed the glass and sent the sample to an unnamed commercial lab for whole-genome amplification (a technique widely used in forensics and research applications, which allows small amounts of DNA to be converted into larger amounts). An initial attempt to send this amplified DNA to personal genomics company deCODEme failed to generate results, but two subsequent approaches were successful: the unnamed commercial lab managed to generate genome-wide genotype data from the amplified DNA, and deCODEme provided results when Reilly submitted a sample of Aldhous’ semen (from a used condom) on the provided swab.
Because Aldhous had also had his DNA analysed (legitimately) by personal genomics company 23andMe it was possible to assess the accuracy of the two “surreptitious” genome scans. For the deCODEme semen sample the concordance with the 23andMe data was spectacularly good (99.996%), a testament to the analytical accuracy of modern genome scans. For the amplified DNA the concordance was only 93% – this is likely to be at least partly due to what’s called “allelic bias” (the amplification of one copy of a variant more effectively than the other), which is a well-known artifact of whole-genome amplification.
The genetic data was then run through the
open-source free software package Promethease
and deCODEme’s proprietary browser to get a glimpse inside Aldhous’
DNA. While it should come as no surprise to regular readers that the
predictive value of the disease risk data from both sources was less
than compelling (the common variants currently assayed by these tests
capture only a tiny fraction of the heritable risk for most common
diseases), this is a sign of things to come: the predictive power of
genetic tests will only improve over the next few years.
What can be done to reduce the risk of surreptitious genome scans? One obvious way is for personal genomics companies to use sample collection methods that are difficult to perform without arousing suspicion – and in fact 23andMe already does this, using a collection kit that requires 2 mL of saliva. Of course it’s possible that this could be faked using other body fluids (e.g. mixing semen with water); if surreptitious testing becomes a serious problem I guess it might be possible to limit this by testing for specific saliva biomarkers prior to extracting DNA.
Such measures might be worthwhile for personal genomics companies seeking to limit negative pubilicity. However, for generic DNA testing labs this probably isn’t a feasible approach: there are plenty of reasons why a genuine researcher might need to generate large-scale genotype data from a limited sample, and labs will need to balance the desire to hinder criminal tests with the need not to throw too many obstacles in the path of kosher scientists. Requiring some form of verification that the applicant is from a legitimate research institute, however, is probably not too much to ask.
Clarification of the legal status of surreptitious DNA testing will certainly help. The UK, for instance, has had a ban on “non-consensual analysis of DNA” in force since 2006; it seems likely that other governments will follow suit. This certainly won’t stop people from surreptitious testing, but it will at least deter those with only a casual interest in the results. It may also help to prevent the very real possibility of “celebrity DNA testing” – tabloids contemplating revealing to the world that Oprah Winfrey is homozygous for the rs9939609 A allele would have to weigh up the publicity against serious legal penalties.