I can comment on this firsthand. I was born in a hospital here in California, so my DNA was collected. A couple years ago I heard about this program, which I believe to be a gross violation of privacy and overstepping of authority. I read somewhere that you can have your/your child's sample destroyed by filling out a form and sending it to a state health agency (don't remember the specific one now). You have to provide name, date of birth, and the name of the hospital. I did so, and perhaps a month or two later I received a letter saying that my sample had been destroyed. Clearly these samples are not de-identified if they are able to be located with the info provided.
I think this program is utterly disgusting. It's a terrible violation of privacy. The DNA of every baby (born in an actual medical institution) is collected, tested for whatever, and then stored indefinitely. There is no opt-in or opt-out as far as I'm aware, just that you can later have the sample destroyed if you happen to hear about this program and go to the effort of finding out how to do it. This is some disgusting Orwellian BS.
I think it's an extreme overstep as well, but I do believe it's possible the data is anonymous. A secure hash of the fields you were talking about would make it possible to lookup when given the correct information, but impossible to reverse.
Of course, it's just as likely, this already being a government program and a massive overreach at that, that your identifying data is stored in plain text. I just wanted to throw out it's possible it's not.
>A secure hash of the fields you were talking about would make it possible to lookup when given the correct information, but impossible to reverse.
Think about the inputs of the mechanism you just described though. Presumably the goal of the "secure hash" is to prevent government workers from grabbing samples of specific people to do whatever with, so let's break it down. To calculate this hash you apparently need:
1. The name. If you're going after a specific persons sample, you already know this.
2. The date of birth. I don't know when this program started, but if you're alive today you definitely aren't more than 43,830 days old (365.25 * 120).
3. The hospital. I have no idea how many hospitals exist or have existed in California, but lets say there's been 100,000.
So the total number of possible hashes given only the name is 4,383,000,000. Sure, you could salt it as well, but the people we're trying to defend from have access to the DB and thus the salt, so we gain nothing from that. Here's some hashcat benchmarks: https://gist.github.com/epixoip/a83d38f412b4737e99bbef804a27...
Looks like 1000MH/s is a reasonable rate to be able to process sha-512 hashes, so according to that benchmark you should be able to generate the complete rainbow table in about...4 seconds.
It's probably longer given drive speeds and such, I've never actually tried to do what I'm describing, but it does seem like a less-than-one-work-shift process to calculate the hash of a specific person on commodity hardware if that's the only three inputs required. If that's the case, hashing it hasn't made it anonymous.
Realistically, the odds are vanishingly small that various security-themed agencies aren't already ingesting all the DNA data. This is a treasure trove in the eyes of a police state.
I don't think so, even if it was only stored that way the government will still have (name, dob, hospital) info for most citizens saved in some db/list making it easy to recreate the link back to the real person with pretty high accuracy I would assume.
Even more Orwellian, you received a letter "claiming" your samples had been destroyed. You have no proof this was done unless the samples were returned to you.
I had a kid a year ago, and another one three years ago. Both had this test.
Their mom probably wouldn't remember if you asked her. She's not really a good person to ask. You should be asking the partner who was there for the birth, since we're the one that actually sees it happen (they were still stitching up my wife when the test was done).
For the second kid (because I was just in a daze for the first kid), being the paranoid security person that I am, I asked what happens to the sample and what kind of controls are placed on the sample. I also asked if I could opt out. I was told that I could not opt out and that the sample becomes the property of the State and there is nothing I could do about it.
This article was the first I learned that I could request it be destroyed. It is also the first time I'm learning it could be used for research (but I kind of assumed that was why they kept it in the first place, other than to add to a database for matching with potential criminal activity).
So thanks for posting this, now I have to figure out how to request the samples. I'm going to see if I can actually the spots back.
Not being able to opt your child out of DNA collections seems like what could be a slippery slope to a Brave New World. What's even worse is the level of misinformation surrounding the situation. Even if the samples are held under the assumption that they will be used for research, one should be entitled to opt-in, opt-out, and know what is happening with their/their child's DNA. A lawsuit here seems reasonable if not to stop this, to atleast shed light on the situation.
please, it was a one line comment, how could you have misread it?
the antivaxer comment is about opting out for something that is immediately beneficial (disease screening) and long term (research) in lieu of paranoia (in case of a working government) or privacy (in case of a broken government as it is now, according to the article).
the right course of action is not to deny your children of the proven benefits, but to force the government to respect the individual and its own processes/institutions.
Looks to me like a good angle would be the state's apparent failure to notify parents that their child's dna will be stored. Since that is a provision of the law.
Well, when you don't own the majority of the fruits of your own labor, then I'd say your "DNA" is a drop in the bucket in comparison. But yeah, precisely how you feel is how Libertarians and other actual free-minded individuals feel about concepts such as taxation.
Personally, I don't see DNA as that intrinsic or important as others do. It's just a piece of information about the composition of my body. Sure, if they could completely clone my brain and the essence of what I am, then I could get behind something like this. But as is, I'd just be peeved that someone gets to "use" my DNA. Same way I get peeved that Google/Facebook "use" my browsing habits to train their ML algorithms.
I’m most worried that in the future our DNA could be used by health insurers the way financial institutions use credit scores. Those with genetic predisposition to expensive conditions might never be insureable.
That would be society doing that, not just insurance companies.
Just like before the ACA it was society at large that didn't worry too much about people being dropped from insurance. Sure, people moralize about how awful it is, but then they take the policy with the lower rate instead of the better underwriting.
Does it maybe require accepting that random or targeted drug tests can be carried out and you have no right to refuse? Source this is the case in several countries.
Why do/should they care if people in the gym are on drugs or not?
I understand you can be fired from the job because of them (due to negative affect they might have on your work), and when participating in competitive sports, but rejecting someone to the gym for the sole reason of them being on drugs seems in-line to refusing them serving in a supermarket for the same reason.
This is legislation not gym terms and conditions. It is about public policy towards steroids. I.e. one mentally unstable person did something criminal whilst using steroids and then there was a moral panic.
"Any tissue sample that is given in a hospital or any medical facility, once it's given, is no longer your property," Lorey explained. "You can agree with that or disagree with that, but it happens to be the law."
If true this is incredibly depressing. I don't know very much about patient privacy laws but have some follow up questions for those more knowledgeable:
1) I assume this quote refers to California state law and not Federal law?
2) Is there a state that has a track record of taking privacy more seriously?
Despite caring deeply about my privacy I've let it steadily erode with the rise of "customers are the product" type services. Between this and Cambridge Analytica it seems that the US is surprisingly bad at protecting citizens' privacy. I'd like to know if it's possible to live in the US without essentially waiving my right to keep personal information personal.
A patient’s lack of ownership over their discarded tissue is (at least partially) a result of the decision in Moore v. Regents of the University of California[1] which was, yes, a California Supreme Court case. Though it seems courts in other jurisdictions sometimes agree with its decision.
Wow, reading through that case it seemed like it should have been a slam dunk for Moore. It appears that we literally have more rights over our personal information than we do over our DNA.
This is why property isn't a great metaphor for certain situations[1]. An important aspect that people (incorrectly) attribute to property is exclusivity: When I own something, it's mine, and that means it's not anyone else's. A transfer of ownership is a severing of rights.
The fact is, for some things (like tissue samples with DNA), it's important to recognize that non-owners can have a stake in is done with something. The originator of a tissue sample cannot entirely severe their connection with that tissue, and that means that the new owner shouldn't be able to claim unrestricted ownership. The legality should recognize ways in which the non-owner can be affected by the owner's interactions with the sample.
(Aside: GDPR works by essentially doing the same thing with data. The "Rights of the Data Subject" stipulate that a non-owner of the data is still a stakeholder in that data.)
[1] Although, ironically, that actually makes property law well-suited to addressing the situation. In Common Law, the idea of 'ownership' is understood as 'a bundle of rights,' which can be un-bundled. A framework for addressing the situation is to enumerate separable rights for tissue samples, and stipulate different rules for delegating those rights.
The USA only protects one type of citizen: the corporate citizen. Human citizens are like a 3rd world country here. Those human citizens who want better treatment own or control corporations, and gain their entitlement through them. This is the United States of America.
What rights does a "corporate citizen" have that an actual citizen doesn't?
I think what you really mean is that people or organizations with money seem to have more rights. Obviously because they have the resources to fight for those rights.
The article states that parents can request the blood spot sample to be destroyed. A link is given.
You do have the right to ask the biobank to destroy the leftovers after the fact, though the agency's website states it "may not be able to comply with your request."
Following the link, I saw no evidence that parents can request destruction of the sample. Instead, this is what I saw:
You have a right to ask the Newborn Screening Program not to use or share your or your newborn’s information and/or specimen in the ways listed in this notice. However, we may not be able to comply with your request.
> You have a right to ask the Newborn Screening Program not to use or share your or your newborn’s information and/or specimen in the ways listed in this notice.
This is how we found out that my daughter has cystic fibrosis and have been able to treat her from a few weeks after birth. The result is that she'll probably live a normal length life rather than dying in adolescence.
This is good to know, and it's great that they're running these tests. The issue is not that they run these tests, but that the data is then retained for use by others, not for protecting your child.
There is a middle ground between "we don't test for diseases" and "your kid's DNA is now public knowledge".
Please explain how keeping your daughter blood sample forever and selling it helped in any way ?
Running a detection test is what helped your daughter and is not the issue at hands, it's keeping samples indefinitely and selling them that's problematic.
Why are people downvoting this comment? Even if you think the current system is wrong, you should be thinking of how to fix it without losing the benefit outlined by this commenter.
Nobody objects to testing newborns for diseases. That’s awesome. Keep doing it. We all support that program, so there’s not much point in telling us how good it is.
Almost entirely unrelated to that is the storage of samples after they’re taken. That’s the actual problem, and solving it has not effect on the first issue there.
While I hate getting meta and discussing voting in HN comments, the best thing to do in the future is instead of asking why votes are going in one direction or another, instead, either vote yourself, or if it calls for it, offer up on-topic commentary. Comments that stir good on-topic discussion should never be down voted, regardless of whether you disagree with them or not, or even if they are missing a point.
Down voting a comment like the parents is, at best, insulting the very premise of good HN discussions.
Because the guy was justifying taking and keeping the DNA material for perpetuity with his anecdote.
It's the quintessential example of authoritarianism defense. One instance of good justifies authoritarianism and violation of individual liberties and freedom.
My son was also tested for Cystic Fibrosis but in MA, to my knowledge his DNA isn't stored. I think CF is standard screening in all states, this website has a state-by-state list: http://www.babysfirsttest.org/newborn-screening/states
“””
"So there is no possibility a researcher may request blood spots for a specific research experiment … but then keep blood spots without the department's knowledge to be used for other purposes?" she asked.
"I want to say no" he said. "But I'm not ready to say no because I know how humans can be sometimes."
“””
To me that just reads like he knows the answer is yes and is just trying to soft-pedal the truth. Moreover, since he’s literally the person selling the dna, it strains my credulity to believe that he hasn’t already known this, and if he had already taken steps to prevent it from happening, I’m betting he would’ve mentioned them specifically.
“””
"De-identified DNA"
However, Lorey stressed that the blood spots cards, stored in the state biobank, are "de-identified." There is no name or medical information on the card, just the blood spots and a number.
“””
Is he trying to sell me on the idea that my dna can’t be used to personally identify me?
Obviously the number references your name in another register. Otherwise you wouldn't be able to request to have the sample returned. Got to love American state propaganda.
Doesn't sound like propaganda to me. Seems clear. When samples for out to researchers, they only get the sample and no way to look up who it belongs to.
However, officials who have access to the registry could obviously look you up. Hopefully there are controls in place to keep those same officials from having samples tested, but 8 doubt it.
Ya, not clear if you didn't read it. The article clearly talks about the registry. It says that the registry is stored in a separate building from the samples.
>if he had already taken steps to prevent it from happening, I’m betting he would’ve mentioned them specifically.
It said the studies have to be approved by a review board and that the researchers have to agree to destroy or return the samples when they're done.
I don't think we should cynically assume "he knows the answer is yes." He may be hedging simply because he knows it relies on the word of the researchers.
But biomedical researchers have been sensitized to issues of research ethics much longer than internet/data science practitioners. There can be significant penalties for procedural violations and in my experience people do not tend to play fast and loose with the rules.
"19.16 In 1999, the Senate Legal and Constitutional Legislation Committee referred to newborn screening card collections as ‘inadvertent DNA sample banks’, noting that identified blood samples containing genetic material from almost all people under the age of 28 are currently stored in most States and Territories."
And in Switzerland [1] (text in german). Blood samples from newborn screenings are stored for 30 years. For the screening to take place, the parents' oral consent is required. Opting out of the screening or blood archival is VERY rare. Though personal information is destroyed after analysis, attribution is still possible using LIMS (an electronic laboratory database).
As far as I understand, access to this data is generally restricted [2].
"If illnesses occur later, which can be clarified via tests on this sample, the responsible physician can request it from [Children's Hospital Zurich]. Part of the remaining material may also be used by the screening laboratory during quality control measures and for the development of new research methods. In this case, the samples will be anonymous, having undergone a procedure to make them unidentifiable." [3]
The day will come when DNA sequencing is so fast and affordable, that the storage fees for all these samples will be less (over some period of time) than the cost of sequencing each sample and storing a digital copy. Indexed, identified, searchable.
Then we're really going to have some interesting privacy concerns.
My flippant answer, before reading the article: Basically everyone, probably through a web site where the requestor simply uploads a document (any document) then checks an electronic checkmark next to the words "I pinky swear that I will only use this for good and pure and light-giving purposes."
> Who has access to it?
After reading the article: Yep, law enforcement and "third party researchers" (in quotes because, as the article points out, that term is supposed to mean scientists operating under a code of ethics but, yeah).
I dunno, folks, it sure seems like nobody really gives a damn about private information unless it's being used to link them to a scandal and then they really care.
The article doesn’t mention and routine sequencing at all. I think it’s unlikely that someone has paid to sequence, even the exosomes of these individuals... who knows though!
Home births are popular in California (well, relatively speaking anyway); has anyone had a baby at home & did the state come asking for DNA when you went to get a birth certificate or some other time?
My wife and I had children at our home in California in both 2013 and 2014.
No, California did not seek any kind of test or diagnostic results (or anything like this). It was never mentioned and this is the first I have ever heard of it.
In Sweden a blood repository from babies has already been used by law enforcement for DNA matching purposes [1], even though that was not the intended purpose of the repository.
If you want your baby screened but don't want your state to keep the sample, the mayo clinic has a screening panel that does all the federally recommended tests, and another one that does this and a bunch more.
The doctors at Kaiser were totally useless when I asked about this: they'd go from "gee, I never heard about this" to "shrug, it's an official state program", and then they piled on the guilt trip about how urgent it is once my kid was born and I was sleep deprived. Bastards.
So you have to research it yourself and get a pediatrician to order the test from Mayo before your child is born, so it's all arranged once you're in labor. Then make sure they use that test, and you opt out of the state test. (Or better yet, if your state claims it's mandatory, refuse the test and if they do it anyway you've got casus belli for a constitutional challenge)
My wife gave birth last year in California, and immediately upon returning home, we located the paperwork for requesting the DNA be destroyed and submitted it. We received a response telling us that our request was received, but that's all. Unfortunately neither of us can remember where to find the form we needed to send it to request it be destroyed. Maybe it was in the hospital paperwork?
> Nearly every baby born in the United States gets a heel prick shortly after birth. Their newborn blood fills six spots on a special filter paper card. It is used to test baby for dozens of congenital disorders that, if treated early enough, could prevent severe disabilities and even death.
This almost feels like a scene taken right out of the movie Gattica.
The way many metabolic conditions work is that essential products are not synthesized, or toxic products are not cleared. These can cause unrecoverable damage within hours or days of birth if not treated. So, tests are performed to identify known metabolic conditions to prevent newborns from suffering unrecoverable brain/otherwise damage. This is generally known as "newborn screening" if you are curious to learn more.
You go to the doctor to get a physical checkup to see if anything's wrong, then get it treated.
This is exactly the same thing, but done for newborns who are much more fragile and vulnerable to make sure they get care while already in the hospital, especially for any potentially severe or immediate issues.
I would lean towards no. I've seen state research based on flimsier data. In this case, infant mortality which has been going down historically could be connected to anything. Perhaps carbon levels in the atmosphere were the cause.
More specifically, in this case, state governments have general police powers, which means that anything not specifically prohibited to them by the federal Constitution (including by a federal law that is a valid exercise of federal power under the Constitution because of the Supremacy Clause) is within their power.
It seems the best the U.S. political system can come up with right now is "GDPR for X" where X represents only a few specific industries, because of strong entrenched special interests, lobbying and legalized bribery, which means strong gridlock and disagreement for a more "universal" law. Because the more industries the law would affect, the more billion-dollar corporations would fight against it with TV ads, lobbying and vote buying (sorry, I mean "campaign donations").
GDPR generally applies to all personal data of a citizen. The best I've seen from the U.S. government so far is the Consent Act, which applies only to online services only. It doesn't apply to ISPs, network providers, medical data, or a ton of other things it should apply to.
The more people realize that this "single issue" of taking money out of politics and drastically reducing or eliminating a corporations' influence on political decisions affects every other issue they care about, the better.
They collect DNA of anyone arrested by the police. Then they aim to destroy samples taken from people not subsequently convicted.
As I understand it the process is quite opaque and there have been cases where some police forces have revealed that they are unable to (or simply refuse to) comply with the requirement to delete samples so they keep everything.
>Research found South Yorkshire was most likely to remove a DNA profile while Cambridgeshire, Gloucestershire and Nottingham refused to remove any profiles.
I'm lucky to be able to say that I haven't experienced it directly to be able to answer in more detail but the article I linked suggests that it is a bit of both.
Some senior police officers interpret the rules in a way that suits them, some people say the law as written is ambiguous.
I mostly interpret "Unable" in this context to mean it would require too many man-hours to clean up the database because it has been allowed to grow too large and disorganised. I can't back that up with evidence, it's just something I recall hearing. There are no doubt other reasons and this applies to the overall picture rather than individual requests for removal.
In the case of an individual request I could still imagine that the system is so badly designed that it isn't actually possible to locate all parts of a sample, all references to an individual in the (various) database(s). I've seen environments like that in the corporate world, I assume the government is capable of creating them as well.
At least one could argue that a person has a choice: to commit or not to commit a crime. But a newborn does not have a choice to have its DNA collected. This is the worst violation of privacy I have ever read about in my life. And I find not that surprising that CA is one of the few states where this is practiced.
But that was probably criminal and not mandated at the state level! It makes me very very scared of the benevolence and of the thought process of CA government.
Only they take it when you were arrested, not when you are convicted. Anyone can get arrested - it doesn't take you committing a crime for this to happen.
Innocent people get arrested. Sometimes, folks are accidentally guilty. Bag of drugs in your back seat, dropped by that workmate you drove to lunch? It is your problem now. Not to mention the way the system is run in the US, innocent people wind up convicted. Some folks convict themselves voluntarily because getting arrested and waiting in jail for a trial can do some major life damage.
Pretty sure there will be a lawsuit. What kind of Gattaca/1984 bullshit is this, the state where everything causes cancer? How did CA techies not rebel about this?
What's up with the hoarding and secrecy of medical data? It's real possibility that AI starts to work and solves all diseases in the next few decades. Maybe that's the point? To horde life-extension and immortality inventions.
Because it's perfect for discriminating against you. First it's health insurance company putting your prices up due to poor genes, then it's an employer getting rid of you because they see genes for depression and addiction.
Discrimination in regards to all sorts of attributes are illegal. Including one of the most useful measurements for predicting job performance, IQ.
You don't need to select for depression and addiction explicitly, companies implicitly do this by forcing normal working hours on their employees.
Insurance is a stochastic tax on the young and healthy to benefit the old and unhealthy. If it's decoupled from employment I don't see why an employer would care. Also, why shouldn't we use all information to predict costs and risk?
This whole medical data hoarding might be a "what if" scenario on AI and immortality.
I think this program is utterly disgusting. It's a terrible violation of privacy. The DNA of every baby (born in an actual medical institution) is collected, tested for whatever, and then stored indefinitely. There is no opt-in or opt-out as far as I'm aware, just that you can later have the sample destroyed if you happen to hear about this program and go to the effort of finding out how to do it. This is some disgusting Orwellian BS.