基因检测技术并不难，难的是要别人替你保守秘密

凯莉•查尔斯花了数年来仔细权衡基因检测的利弊，最终好奇心占了上风。这位36岁的作家想更多地了解跟自己关系冷淡的父亲及其家族的历史。对此她知之甚少，而且都是听父亲说的。最后一次收到父亲的信是在近14年前，而最后一次交谈的时间就更久远了。正因如此，查尔斯决定自行寻找自己基因史上那些丢失的碎片。

虽然采集足够的唾液样本再寄出去是件很平常的事，但在数百万探寻自身家族历史的人中间，查尔斯却有所不同，她想知道完成排序和检测后，自己的DNA数据会流向何方。

在基因检测时使用化名的查尔斯可不是普通的消费者，她非常重视保护隐私。因为担心会有人用那些基因信息追查到自己，今年3月最终决定在Ancestry.com旗下的AncestryDNA进行基因检测时她编造了一个名字。

几周后，也就是今年4月，一名男子在加州被捕。该男子可能就是早该落网而且臭名昭著的“金州杀手”。此事让人们开始激烈争论家谱服务对隐私的潜在威胁，因为它追踪人们的祖先或医疗史。执法部门发现“金州杀手”嫌疑人的原因就是在一个基因数据库中发现其亲属的DNA和凶手匹配。

查尔斯说：“刚开始我在想，‘噢，天呐，他们是用我的DNA找到他的吗？’”因为她恰好在当天收到了自己家谱检测的首批结果。

很快查尔斯就发现自己跟此事无关。让警方终结这宗悬案的是开源网站GEDMatch，而不是AncestryDNA。用户可以自愿向GEDMatch上传基因信息，以期找到失散多年的亲人。

这让查尔斯松了口气。她知道自己有可能在自身的基因史中获得意外发现，甚至是跟犯罪有关。确实，从4月开始，警方通过比对GEDMatch上亲属的基因信息和犯罪现场留下的DNA，至少解开了六宗悬案。比如，得益于这种家谱技术的进步，警方在7月逮捕了约翰•D•米勒，罪名是杀害8岁女孩阿普丽尔•汀斯利并毁尸。此前这桩案件已经搁置了30多年。

查尔斯说：“这让我有点儿紧张，原因并不是这项技术被用于阻止暴力犯罪，而是执法部门是否知道适可而止。基因信息只会被用于比对杀人犯吗？会不会在某一天也会被用来抓捕抗议者呢？”

在GEDMatch这样的网站上分享基因信息的人都很清楚自己是在公开这些数据。但使用目前市场上的那些DNA检测工具呢？如果你把唾液装进试管寄出去，你的个人信息能保密吗？

答案是，这要看情况。和所有消费品一样，使用家谱服务的基础是用户接受其隐私协议。在这些政策条文的法律措辞中，大家会发现“偷偷藏在”里面的一条内容是你同意和未提及名称的“第三方”分享去除身份特征后的基因信息。虽然这些共享信息剔除了姓名、住址等个人标识，但仍有人怀疑个人隐私能否真正得到保护。

如今，基因检测领域由两大公司主导，而且两家公司都声称隐私可以得到保护。一家是Ancestry.com，具体业务由其子公司AncestryDNA负责；另一家是加州生物科技公司23andMe，负责人是安妮•沃西基。近几年，双方的业务都实现了显著增长。2012年成立的AncestryDNA（母公司成立于1983年）于今年3月宣布，它已检测了近1000万人，从而成为全球最大的家谱服务公司（2016年有报道称这家未上市公司的价值为26亿美元）。竞争对手23andMe在2018年公司报告中表示，其检测人数已超过500万。23andMe去年底的价值据称为15亿美元。

两家公司都抓住了这个较新的市场中不断增长的需求，但它们的目的不同，因此在考虑隐私问题时面对着不同的道德困境。AncestryDNA只向用户提供其先辈的遗传信息，23andMe则更进一步，它会告诉用户他们的遗传素质以及今后可能患上某些疾病的风险。这些数据可能提醒人们注意潜在的健康问题。但就像有些人担心的那样，如果在剔除个人特征后共享这些信息，特别是和保险公司以及用人单位共享，相关人员及其家人就可能在医疗方面受到区别对待。

查尔斯很重视这些假设。虽然担心，但她仍感到好奇，并在7月底将另一份样本寄给了23andMe。她还没有收到检测结果：“我确实有点儿担心。但在今天的科技环境下，剩下的隐私真的不多了。所以我想，‘就让担心随风而去吧。’”

在这个隐私退化的时代，人类DNA可能是最后的前沿地带。同时，越来越多的公司开始在基本未知的领域对人类DNA进行排序、存储和解读，其业务介于略受监管的消费品和严格监管的医疗服务之间。

23andMe等直接为消费者提供基因检测服务的公司必须在获得美国食品与药品监督管理局（FDA）批准后才能将健康风险告知个人，在这个过程中有医生参与的公司则不需要获得批准。但和医疗保健机构不同，直接为消费者检测基因的公司不受健康保险流通与责任法案（HIPPA）约束。此项法案保护的是个人医疗信息的隐私权，但几乎没有法律涉及这些公司所获基因信息的隐私权。

纽约大学新闻学教授查尔斯•塞费就基因检测行业做过全面论述。他说：“医疗研究和硅谷数据的最大区别之一就是要求人们在知情情况下表示同意的道德框架。这个区别保证了[隐私]权力得到保护。”

虽然23andMe的隐私政策宣称绝不会在未获得明确书面同意的情况下散播个人基因信息，但该政策表示，23andMe“使用并和第三方分享整体信息”。也就是说，他们把客户的基因信息汇总并剔除个人特征后就会进行共享。

虽然23andMe表示这些第三方实体多为研究伙伴，但最近它和英国制药巨头葛兰素史克签订了价值3亿美元的合同，后者将利用其基因信息进行药物发现。举例来说，23andMe的网站称“为了发展业务，启动研究，向您发送营销类电子邮件并改善我们的服务”，有可能进行这样的交流。

虽然这个整体数据处于匿名状态，但专家们仍怀疑隐私能否真正得到保护。

斯坦福大学法律和生物科学中心主任汉克•格瑞利指出：“他们会把数据中的个人特征去掉，但如果对医疗研究有用，其中必然会有你的年龄、身高、体重、居住地，或许还会包括你的出生地和可能患有的疾病。”换句话说，“也许能通过这些信息把你找出来。”

即便如此，格瑞利还是把自己的基因信息发送给了AncestryDNA。虽然承认有被认出的危险性，但这位生物伦理学家觉得自己的基因信息是否存在被公诸于众的风险可能只是个理论上的顾虑。

格瑞利表示：“我不知道这个威胁的真实程度如何，有没有人真的担心。也许如果有人认为斯蒂芬•库里在这个数据库里，他们会想找到他，看看是什么让他的跳投如此之准。”

但也有专家将人们被重新认出的风险视为对个人自由的直接威胁。生物技术研究机构Hastings Center的博士后研究员乔尔•雷诺兹担心，对于23andMe等公司提供的医疗基因检测，大多数消费者都不太可能捕捉到自己未来的隐私面临的那一丝威胁。

雷诺兹说：“对开发这项技术以及在这个领域工作多年的专业人士来说，这是个复杂的问题。我有点担心人们不完全理解它的含义。”（为公正而彻底地研究家谱服务伦理，这位生物伦理学家决定把自己的个人医疗数据放在网上并在23andMe接受了基因检测。）

绝大多数消费者都愿意将自己的DNA信息用于研究，前提是他们认为这是在做公益。据23andMe介绍，该公司近80%的用户都主动选择了“为研究”贡献个人数据。然而，尽管人们普遍认为这门科学是为公众利益服务，生物伦理学家们却警告说情况或许并非总是这样。

格瑞利说：“大多数人都乐意为医疗研究做贡献。但如果有人想研究人种和智力问题呢？”

雷诺兹也有类似顾虑。他解释说，人种方面的科学研究往往被误解和误读。

他指出：“基因研究中有一个非常复杂的问题，那就是人们平常说的人种，以及构成我们文化的人种跟这项研究中人种的含义有天壤之别。”

雷诺兹解释道：“你会处于一种怪异境地，你相信某些人种面临特定健康风险并且会出现特定的健康问题。但这种信念会轻而易举地变成非常有害的种族主义观点，进而宣称某些人种有某某某健康问题。但研究绝不是这个意思。”

不过，第三方共享最让人担心的威胁或许还是以研究名义分享消费者基因数据，这些数据有可能在某一天被用于研究以外的领域。

Ancestry发言人保证说：“我们没有而且也不会把DNA数据卖给保险公司、用人单位、健康服务提供商或者第三方营销商。我们只会在用户同意后和研究人员共享这些DNA数据。”与之类似，23andMe仍表示只会在征得用户同意后共享信息，而且执法部门必须有法院命令才能接触到具体数据。

虽然目前看来隐私政策为消费者提供了一定程度的保护，但值得注意的是，从法律上讲随时都可以修改这些政策。比如说，Ancestry的隐私政策共有16条，它在结尾时附带表示：“我们可能随时调整本隐私声明。”这绝对合法，而专家担心的也正是这一点。

雷诺兹说：“如今我们给某些种类的基因歧视开了绿灯，因为根本没有法律保护手段。这方面的风险非常大。”

纽约大学新闻学教授塞费也认为美国现有法律对基因歧视的防范很薄弱，而且不太可能用于实践。“如果有人提供基因组信息，那么在将某人纳入他们的风险池之前，保险公司为什么不去看看他的基因组呢？”

他还说，威胁并非存在于电影《变种异煞》所描述的遥远未来，它就在眼前。

等待最新一组基因检测结果的查尔斯对此仍有保留，但她说解决这个问题还需要一点儿时间。

她说：“我必须得相信隐私政策，这样才能把我的样本送去检测。我猜再过5-10年我们就知道它们管不管用了。”（财富中文网）

译者：Charlie

审校：夏林

Kylie Charles spent years carefully weighing the pros and cons of genetic testing until her curiosity got the better of her. The 36-year-old writer yearned to know more about her distant father and his family history. All she knew was what he had told her, and it wasn’t much. It had been nearly 14 years since he last wrote her, and years more since they spoke, when Charles chose to carve out the missing fragments of her genetic history for herself.

While the process of producing a sufficient saliva sample and sending it off was tediously routine, Charles was unusual among the millions looking for answers about their family history in wanting to know what could happen to her DNA data after all is sequenced and settled.

Charles, who asked to use a pseudonym to protect her anonymity, is not your average consumer. She was so concerned about maintaining her privacy that when she finally settled on using AncestryDNA, a subsidiary of Ancestry.com, in March, she did so under a fabricated name for fear that her genetic information might somehow be traced back to her person.

A few weeks later, in April, the long-awaited arrest of a man in California alleged to be the infamous “Golden State Killer” ignited frenzied debate about the potential threat genealogy services that trace ancestry or medical history pose on privacy. The suspected killer had been identified when law enforcement found matching DNA from his relatives on a genetic database.

“Initially I was like, ‘Oh my god, was it my DNA that found him?’” said Charles, who coincidentally received the first results of her own genealogy test that same day.

That quickly turned out not to be the case. It was through GEDMatch, an open-source website that enables users to voluntarily upload their genetic information in the hopes of reuniting with long-lost relatives, and not AncestryDNA that investigators were able to solve the cold case.

Charles felt a pang of relief. She knew that she had the potential to discover surprises, even those of a criminal nature, in her genetic history. Indeed, since April at least six more cold cases have been solved by matching crime-scene DNA to genetic information posted by relatives on GEDMatch. In July, for example, such advances in genealogy technology led to the arrest of John D. Miller for the murder and mutilation of 8-year-old April Tinsley, a crime that had otherwise remained unsolved for more than 30 years.

“It makes me a little nervous, not in the sense that this technology is being used to stop violent criminals, but whether law enforcement will know when to stop,” says Charles. “Will it just be used to catch murderers? Or will it be used to catch protesters one day, too?

***

Share your genetic information with a site like GEDMatch and you’re fully aware that you’re publicizing it. But what about using one of several DNA kits on the market today? If you spit in a tube and send it away, will your personal information stay private?

The answer is: it depends. Like any consumer good, participation in a genealogy service is contingent on the user’s agreement to its privacy contract. Tucked discreetly in the legalese of these policies, you will find a line indicating your consent to sharing de-identified genetic data with unnamed “third-parties.” While this shared information may be stripped of personal identifiers such as your name or location, some question whether individual privacy can truly be preserved.

There are two key players who dominate the genetic testing field today—and they both insist it can be: Ancestry.com, via its AncestryDNA unit, and 23andMe, the California biotech company led by Anne Wojcicki. In the last few years, both have experienced serious booms in business. In March, AncestryDNA, which launched in 2012 (its parent company was founded in 1983), announced that it had tested nearly 10 million people, claiming the title as the world’s largest genealogy company. (In 2016, the privately held company was reported to be valued at $2.6 billion.) Rival 23andMe says it has tested more than five million people, according to 2018 company reports, and was reportedly valued at $1.5 billion at the end of last year.

Both companies have managed to capitalize on increasing demand in a relatively new market, but they differ in purpose and thus present different ethical dilemmas when it comes to considerations of privacy. Where AncestryDNA offers information solely on a person’s ancestral heritage, 23andMe takes it one step further—providing the consumer with data on their genetic predisposition or risk of acquiring certain diseases in the future. Those results could warn individuals of potential medical issues. But, if, as some fear, that information were de-identified and shared—particularly with insurers and employers —it could put those people, and their family members, at risk of medical discrimination.

Charles weighed those hypotheticals. While worrying, she was still curious and sent off another sample, this time to 23andMe, in late July. She hasn’t yet received the results: “I do still have some anxiety about it,” Charles admits. “But there’s really not a lot of privacy left with today’s technology, so I thought, ‘Let’s throw caution to the wind.’”

In this era of dwindling privacy, human DNA is perhaps the last frontier. And the burgeoning group of companies that sequence, store and interpret that DNA operate in a largely uncharted territory, somewhere between the realm of lightly regulated consumer goods and highly regulated medical services.

Direct-to-consumer genetic testing companies like 23andMe must win FDA approval to send individuals medical risk findings, while companies that involve physicians in the process do not. But unlike healthcare providers, direct-to-consumer genetic testing companies are not bound by HIPPA, the law that protects the privacy of personal medical information, and there are few laws in place to regulate the privacy of genetic information obtained by these companies.

“One of the big distinctions between medical research and data in Silicon Valley is the ethical framework that requires informed consent,” said Charles Seife, a professor of journalism at New York University who writes extensively on the genetic testing industry. “It is a difference of making sure that [privacy] rights are being preserved.”

Although 23andMe’s privacy policy vows that personal genetic information will never be distributed without explicit written consent, the company does “use and share aggregate information with third parties,” the policy states. That means they only share customers’ genetic information once it has been pooled together and de-identified.

While 23andMe says the majority of these third party entities are research partners—it recently inked a $300 million deal with British pharmaceutical giant GSK, which will use genetic data for drug discovery, for example—the company’s website notes such exchange may take place “to perform business development, initiate research, send you marketing emails and improve our services.”

Even though this aggregate data is anonymized, experts question whether privacy is truly protected.

“They will strip the data of identifiers, but if this is going to be useful for medical research, there will necessarily be information about your age, your height, your weight, where you live, maybe where you were born, and any diseases you may have,” says Hank Greely, director of Center for Law and Biosciences at Stanford. In other words, he says, “Your information might be personally identifiable.”

Even so, Greely sent his genetic information to AncestryDNA. Although he acknowledges the danger of re-identification, the bioethicist questions whether the risk of his genetic information being made public is anything more than a theoretical concern.

“I don’t know how realistic a threat this is. Is anybody going to really care,” wonders Greely. “Maybe if somebody thinks that Steph Curry is in this database they’re curious to identify him and see what makes his jump shots so good.”

But other experts see the risk of re-identification as a direct threat to personal liberty. Joel Reynolds, a post-doctoral fellow of bioethics at the Hastings Center, fears that most consumers are unlikely to grasp the nuanced threat that medical genetic tests like those offered by 23andMe could pose to their future privacy.

“This is complicated stuff for professionals who are developing the technology and have been working in the field for years,” says Reynolds. “I’m a little worried that people are not fully understanding the meaning of it.” (In an effort to research the ethics of genealogy services fairly and completely, the bioethicist decided to put his own private medical data on the line and took a 23andMe exam.)

An overwhelming majority of consumers are willing to share their DNA for research purposes under the assumption that it is for a greater good. According to 23andMe, nearly 80% of its users actively opt to donate their data for “research purposes.” But while the general assumption suggests that such science is for a greater good, bioethicists warn that may not always be the case.

“Most people are going to be happy to contribute to medical research,” says Greely. “But what if somebody wants to do research on race and intelligence?”

Reynolds voices similar concerns, explaining that scientific research on race is often misunderstood and misinterpreted.

“One very complicated facet of genetic research is the fact that racial categories that people use in everyday speech and that are part of our culture mean something very different when they get used in this research,” says Reynolds.

“You get into a weird situation where the belief that particular races have particular health risks and are going to have particular health consequences,” he explains. “That belief can easily turn into very pernicious racist ideas that certain races have X, Y and Z health problems and that is simply not what the research says.”

But perhaps the most troubling threat of third party sharing is the possibility that a consumer’s genetic data—shared in the name of research—might one day be used for non-research purposes.

Ancestry’s spokesperson offered these assurances: “We do not and will not sell DNA data to insurers, employers, health providers or third-party marketers and will only share DNA data with researchers if the customer has consented.” Similarly, 23andMe maintains that sharing only happens with consent and that law enforcement agencies must have a court order to access specific data.

While for now privacy policies seem to offer customers a degree of protection, it is worth noting that these policies are legally allowed to change at any time. Ancestry’s 16-point privacy policy, for instance ends with this caveat: “We may modify this Privacy Statement at any time.” That’s perfectly legal, and it’s what worries experts.

“Today, there are open doors to certain types of genetic discrimination that we simply do not have legal protections for,” says Reynolds. “This is very high stakes.”

Seife, the New York University journalism professor agrees the nation’s existing laws to prevent genetic discrimination are weak and unlikely to hold in practice. “If genomic information is out there, why wouldn’t an insurer take a look at someone’s genome before putting them in their risk pool?”

He adds, the threat is not in the “Gattaca remote future. It’s in the here and now.”

As Charles awaits her latest set of genetic test results, she still harbors reservations but is bargaining for a bit more time.

“I had to take privacy policies at face value in order to be able to send my tests in,” says Charles. “I guess we’ll find out in 5 to 10 years if they were true.”