Well, sure. We knew this already, right? But it’s nice to see it spelled out with actual research, and Joe Cadillic has sent some along for us. Antonio Regalado spells it all out in an article on MIT Technology Review:
A private DNA ancestry database that’s been used by police to catch criminals is a security risk from which a nation-state could steal DNA data on a million Americans, according to security researchers.
Security flaws in the service, called GEDmatch, not only risk exposing people’s genetic health information but could let an adversary such as China or Russia create a powerful biometric database useful for identifying nearly any American from a DNA sample.
GEDMatch, which crowdsources DNA profiles, was created by genealogy enthusiasts to let people search for relatives and is run entirely by volunteers. It shows how a trend toward sharing DNA data online can create privacy risks affecting everyone, even people who don’t choose to share their own information.
Read more on MIT Technology Review.
The research article underlying the report is:
Genotype Extraction and False Relative Attacks: Security Risks to Third-Party Genetic Genealogy Services Beyond Identity Inference
Peter Ney, Luis Ceze, Tadayoshi Kohno
In Network and Distributed System Security Symposium (NDSS). 2020.