Stealing a genome: surreptitious DNA testing goes genome-wide

New Scientist has a fascinating piece in which reporters Peter Aldhous and Michael Reilly demonstrate - with a little cash, and more than a little effort - the possibility of obtaining large-scale genetic data from someone without their knowledge or permission.

The reporters started with a glass that Aldhous had drunk water from; Reilly swabbed the glass and sent the sample to an unnamed commercial lab for whole-genome amplification (a technique widely used in forensics and research applications, which allows small amounts of DNA to be converted into larger amounts). An initial attempt to send this amplified DNA to personal genomics company deCODEme failed to generate results, but two subsequent approaches were successful: the unnamed commercial lab managed to generate genome-wide genotype data from the amplified DNA, and deCODEme provided results when Reilly submitted a sample of Aldhous' semen (from a used condom) on the provided swab.

Because Aldhous had also had his DNA analysed (legitimately) by personal genomics company 23andMe it was possible to assess the accuracy of the two "surreptitious" genome scans. For the deCODEme semen sample the concordance with the 23andMe data was spectacularly good (99.996%), a testament to the analytical accuracy of modern genome scans. For the amplified DNA the concordance was only 93% - this is likely to be at least partly due to what's called "allelic bias" (the amplification of one copy of a variant more effectively than the other), which is a well-known artifact of whole-genome amplification.

The genetic data was then run through the open-source free software package Promethease
and deCODEme's proprietary browser to get a glimpse inside Aldhous'
DNA. While it should come as no surprise to  regular readers that the
predictive value of the disease risk data from both sources was less
than compelling (the common variants currently assayed by these tests
capture only a tiny fraction of the heritable risk for most common
diseases), this is a sign of things to come: the predictive power of
genetic tests will only improve over the next few years.

What can be done to reduce the risk of surreptitious genome scans? One obvious way is for personal genomics companies to use sample collection methods that are difficult to perform without arousing suspicion - and in fact 23andMe already does this, using a collection kit that requires 2 mL of saliva. Of course it's possible that this could be faked using other body fluids (e.g. mixing semen with water); if surreptitious testing becomes a serious problem I guess it might be possible to limit this by testing for specific saliva biomarkers prior to extracting DNA.

Such measures might be worthwhile for personal genomics companies seeking to limit negative pubilicity. However, for generic DNA testing labs this probably isn't a feasible approach: there are plenty of reasons why a genuine researcher might need to generate large-scale genotype data from a limited sample, and labs will need to balance the desire to hinder criminal tests with the need not to throw too many obstacles in the path of kosher scientists. Requiring some form of verification that the applicant is from a legitimate research institute, however, is probably not too much to ask.

Clarification of the legal status of surreptitious DNA testing will certainly help. The UK, for instance, has had a ban on "non-consensual analysis of DNA" in force since 2006; it seems likely that other governments will follow suit. This certainly won't stop people from surreptitious testing, but it will at least deter those with only a casual interest in the results. It may also help to prevent the very real possibility of "celebrity DNA testing" - tabloids contemplating revealing to the world that Oprah Winfrey is homozygous for the rs9939609 A allele would have to weigh up the publicity against serious legal penalties.

 Subscribe to Genetic Future.

More like this

All sorts of ethical issues arise when testing can be performed on something other than blood and sold DTC.....

Break a few eggs????

Or open a huge mess??

-Steve

I participated in the Genographic Project, and their lab work is done by Family Tree DNA. They require two separate scrapings of cheek cells, done with a kit that they provide.

Don't know whether they do any microscopy, etc. to confirm that the sample is what the sender says it is, though.

By Julie Stahlhut (not verified) on 26 Mar 2009 #permalink

clarification for those who care about such things.

Promethease is free, but not open source. It is based on open data.

There is also the issue only alluded to in the New Scientist article of how an individual deals with such genetic information

An extract from my blog on this New scientist article:
http://gntis.edu.au/2009/04/genome-hacking/

Would you want to know your liklihood of getting any number of diseases, if you have criminal tendencies, lousy immunse system or sporting prowess. Having this information also places a burden on the individual re: deciding who else should have this knowledge. Should you alert family members of a possible genetic flaw running through the family, could anyone else be harmed by having or not having this information. Again, there are privacy issues about who should have access to such information and how to prevent unauthorised access, but then their is also the potential personal trauma of having to deal with this knowledge, such as the New Scientist reporter who had a short-lived scare when one of the genetic tests suggested he was at risk of developing Alzhiemer's disease. What if such tests become mandatory at birth, or even as part of a screening process for embryos?

Jason Major
Manager
Gene and NanoTechnology Information Service
University of Melbourne, Australia