How Cryptography Will Guarantee Genomic Privacy

Most people in the developed world will soon be able to afford to sequence their own genome. The goal of doing this for less than $1000 should be achieved within a year with the possibility of sub-$100 genomes within 5 years.

The benefits are legion since medicines can be tailored to individual patients.

But there are some serious concerns too. Your genome will reveal much about you: your risk of various diseases, your ancestral past and your phenotype; eye and hair colour and so on.

So an important issue is privacy. It stands to reason that individuals will want to keep private the results of tests such as those that determine the risk of disease, whether children are likely to inherit certain diseases and of paternity tests.

Various groups are developing techniques to create this level of privacy and today, Pierre Baldi and colleagues at the University of California, Irvine reveal a number of ways to keep the results of certain genetic tests secret.

They’ve looked particularly at paternity tests, compatibility tests (whether conditions could be passed to children) and to the risk of getting certain diseases. The scenario they imagine is that each individual will have his or her own genome stored on a PC or smartphone. They would then be able to access an online service that examines the genome or compares it with another and sends back the results.

The question here is who should have access to the data. Baldi and co start with the assumption that only the owners of the genome should have access to their genomic data and the results. So the service provider cannot see the genomes involved or the results.

It turns out that there are various algorithms that already allow this kind of ‘black box’ transaction. The basic idea is to use standard encryption techniques to ensure that only those with the required key can see the data or the results of any computation. This can guarantee privacy against all but the most determined and well-resourced attacks.

All this is fairly standard stuff. Baldi and co’s work is essentially testing the speed at which the tests can be carried out, the first time this has been done with full genomic data.

They conclude that this level of privacy is possible now. They also say these tests could be done in a reasonably short period of time, depending on how much genomic data is involved. The examples they work through take between a few milliseconds and over an hour.

Privacy is an issue that is likely to become increasingly visible in public debate. Several companies already offer genomic tests but the question of privacy has taken second fiddle to ones such as accuracy and cost. Given that we already have the capability to improve privacy, that should change sooner rather than later.

Ref: arxiv.org/abs/1110.2478: Countering GATTACA: Efficient and Secure Testing of Fully-Sequenced Human Genomes