Yes. The weirdest example of this ( and most personally applicable ) is the DNA data shared with 23andme and the like. I did not subscribe to this. Neither did my kids ( or kids of the individual who did subscribe I might add ), but due to some shared geography and blood ties, whether I want to or not, I am now identifiable in that database.
To your point, there is something in us that does not consider what information could do.
If you have nothing to hide what are you worried about? Or if you are not planning to be a criminal what are you worried about?
I am 100% not serious and do not believe either statement above. I sadly am in the same boat as you and had a blacksheep of a brother who did some sort of crime and as a condition had his DNA taken so I by default am in the system as well.
I never could understand why people would willingly offer their DNA to companies that even if they are not selling that data sooner or later could have that data leak and the consequences could mean being able to afford life and medical insurance or not.
> I never could understand why people would willingly offer their DNA to companies that even if they are not selling that data sooner or later could have that data leak and the consequences could mean being able to afford life and medical insurance or not.
I’m the odd one out on this thread but I just… don’t see why it’s a big deal? All the consequences of my dna leaking seem so extremely theoretical and unlikely that I’m willing to take the risk in exchange for a few minutes of fun reading a report about where my ancestors came from.
This is always framed like people who willingly surrender privacy must not know better or be uneducated about the harms but I think it’s fair for people to just decide they don’t evaluate the harms as very serious.
The example you gave about health insurance is implausible because it’s illegal in the US and I assume other developed countries for insurers to charge different amounts for health coverage based on pre-existing conditions. It strikes me as very, very paranoid to worry that someday my DNA might leak, and there’s something bad in it, and the law will change such that insurers can abuse it, and I for some reason won’t have a job that gives me health insurance anyway. That’s a lot of ands making the probability of that outcome very small.
> The example you gave about health insurance is implausible [...]
See [1].
From [1]:
> GINA focuses only on one line of insurance—health; it does not prohibit other insurances—life , disability, long-term care (LTC), auto, or property—from using genetic information [...] in 2020, [...] Florida became the first US state to prohibit life, LTC, and disability insurers from using genetic test results to set premiums or to cancel, limit, or deny coverage
To me that means you are not safe.
> and there's something bad in it
This is just gambling. If enough peoples' DNA is out there, you will see the whole-population rate for conditions. You might consider it OK to be unexpectedly unable to buy long-term disability insurance because you have a 50x greater risk for YYYY than the general population.
> [...] and I for some reason won’t have a job that gives me health insurance anyway
This is an extremely privileged attitude. This part seems to me that if you get very ill you *must* continue to work in order to maintain your coverage. Even a highly paid SWE can be laid low by carpal tunnel syndrome.
While the stuff about disability and LTC insurance is slightly concerning, the part about life insurance isn't. I've never seen any convincing evidence that life insurance is anything but a big scam. The only time it seems to make any sense if if you're pretty sure you're going to die very soon, and take out a term life insurance, but this seems to require either the ability to see the future, or a plan to hire someone to kill you so your family gets the insurance money.
Why auto or property insurance would be affected by your DNA I can't even begin to imagine.
Term life insurance is not a scam if you have dependents. It’s offloading the potentially severe consequences to someone else if you’re the primary wage earner and die, during a defined period of
time. And it’s generally inexpensive.
Think ‘normally I’d be working for another 20 years, would buy a house, send kids to college, etc. but I just got diagnosed with terminal cancer and now my kids are totally screwed.’.
I think I know where you are going with this, but could you elaborate? Is the objection here based on math ( whole is life is more expensive than term so it is not cost-effective? -- because otherwise you are simply paying premium for another benefit ) or something else?
It is term life + an annuity in disguise, with worse returns. That is also why it is the dominant product that life insurance sales folks try to sell. Because term life is well regulated and understood, so not high margin.
They generally get really disappointed when you buy a standard term life policy, but they’ll still sell it to you because money is money.
Do you have a disposition making you more likely to end up in an auto accident? Can some other correlation be done which is not genetic per se but works out to some higher risk social stratum in aggregate? You never know. The power imbalance is great, they won't tell you why you got your score and with enough machine learning they probably can't even if they wanted.
This stuff still seems frankly theoretical. I finally opted into long-term disability insurance after using the maximum short-term twice in the span of two years because of spinal degeneration in my late 30s. You have to agree to a medical exam and send records to apply for this insurance anyway, and in spite of trying to get it specifically because I'd used up the max short-term, and I am seemingly quite a high risk to actually become disabled, I was still approved.
In practice, in talking to co-workers also applying for the same things, the only people who ever got denied were all obese.
This is all setting aside that, assuming somewhat symmetric distributions of genetically determined traits, half of all people will have above average genetics. The conversation on the Internet always seems to fixate on people being denied coverage or charged more, but that seems to assume pricing models are just plain malicious, in which case they could charge more and deny you anyway, with or without data. Assuming they're actually using the data and building real predictive models, half the population would benefit from insurance companies having more data.
All that said, I would still never submit data to a company like 23andme, and would also never allow the police to have camera feeds of my house, even though I'm extremely confident they would never find a reason to arrest me. It's creepy, feels invasive, and I just don't want it.
> All the consequences of my dna leaking seem so extremely theoretical and unlikely that I’m willing to take the risk in exchange for a few minutes of fun reading a report about where my ancestors came from.
That's one of the things I've found odd about these discussions. Most of the concern seems to be about very theoretical things that we don't see in reality. On the other hand, the actual harm I'm seeing from mass surveillance is the fact that social media mobs often come through someone's life and try - often successfully - to ruin them.
The way things currently stand, the fact that I'm unable to delete Hacker News comments is much more of a threat than sending my DNA to 23andMe.
<< The example you gave about health insurance is implausible because it’s illegal in the US and I assume other developed countries for insurers to charge different amounts for health coverage based on pre-existing conditions.
As phrased, I am unable to comment as to whether that statement is accurate, but I will go with it for the sake of the argument.
I chuckled a little, because that one phrase immediately reminded of just how much political capital was spent to even allow 'pre-existing conditions' to be removed as a factor in denying coverage.
What exactly makes you think that law cannot be changed?
Changing the law is extremely difficult in the US because of the gridlocked-by-design political system, so I think it's unlikely. Changing it would also be extremely unpopular.
Of course it could happen. But even if it did, all the other unlikely events I listed would all have to happen for me to be harmed. The point of my post was that me being harmed due to having given my DNA to 23&me is unlikely, not impossible. Just like it's theoretically possible a brick could fall on my head while walking outside, but I still don't wear a helmet every time I go outside.
Worrying so much about this stuff just feels to me like the tech geek version of preppers who stock their house with guns and canned food in case the apocalypse comes (which never does).
I appreciate you having the courage to go against the grain on this. I share similar views, specifically about healthcare privacy in general. It's obnoxious to what extent they go to guard some bland info like my blood type or blood pressure. I'm not saying it should be published on a ticker at the hospitals website, but the only info they should really keep private are the things that could blackmail or shame people. Birth control, abortion, STDs, etc. I actually hold the unpopular opinion that HIPAA goes too far. It's "privacy theater". If the concern is health insurers dropping patients, then the agency that regulates insurance should "leak" some information in a sting operation and sue the insurers for breaking the law. We shouldn't foist that liability on IT people and allow insurance to harm people.
Roe v Wade wasn’t a law. Actions by the Supreme Court which are unfavorable are much more likely given that there are only 9 justices, they are appointed regardless of popularity, and they have lifetime appointments.
The discussion is you comparing the overturn of a law to overturn of Roe v Wade. The weight is completely irrelevant because we’re discussing the difficulty of the action.
Anyone who knows basic federal government structure in the US knows court rulings are significantly easier to move quickly compared to passing real laws.
This isn’t “playing semantics”, it completely invalidates your point. Look at how well overturning obama care went to see how difficult law passing is.
<< This isn’t “playing semantics”, it completely invalidates your point. Look at how well overturning obama care went to see how difficult law passing is.
You do have a point. I disagree that it invalidates mine, but it does weaken it based on how it was originally present it. That said, we are absolutely playing semantics, because while Roe vs Wade was not the law, it was a precedent that effectively held back even a consideration of law changes at bay. So it is not irrelevant, but you are correct from a purely technical standpoint.
<< Anyone who knows basic federal government structure in the US knows court rulings are significantly easier to move quickly compared to passing real laws.
<< Changing the law is extremely difficult in the US because of the gridlocked-by-design political system, so I think it's unlikely. Changing it would also be extremely unpopular.
I am thankful for this response, because it illustrates something OP pointed out directly ( as humans we mostly suck at estimating future risks ). Changing a law is sufficiently possible ( hard, but possible ). On the other hand, short of current civilization crumbling before our eyes, there is no timeline, in which DNA data already in the hands of some other entity could be put back in the bottle. Possible vs impossible ( assuming time machines can't exist ).
<< The point of my post was that me being harmed due to having given my DNA to 23&me is unlikely, not impossible. Just like it's theoretically possible a brick could fall on my head while walking outside, but I still don't wear a helmet every time I go outside.
I think the reality is that we do not know for sure ( although some fun science fiction does exist suggesting it is not a great idea to let that space be unregulated ).
That said, DNA, at its core, is just information. Information by itself is neither good or bad. However, humans come in all sorts of shapes, sizes and capacities for evil. In some humans, that capacity is rather shallow. In others, it runs very deep indeed. Evil is not a pre-requisite to become a CEO, but since humans can be pretty evil, it is just a matter of time before at least one is hardcore -- kicking puppies for fun type - evil. If so, that one evil person can do damage, if they so choose with information at their disposal. And the funny part is, there is just so much information hoarded and sold these days so.. really.. it is just a matter of time.
<< Worrying so much about this stuff just feels to me like the tech geek version of preppers who stock their house with guns and canned food in case the apocalypse comes (which never does).
I will not give you a speech here, but never is a really long time. If there is one thing that a person should have picked up since 2018, it is that things can and do change.. sometimes quickly and drastically. It is not a bad idea to consider various eventualities. In fact, DHS suggests it is a good idea[1] to think about your preparedness.
You might be mocking preppers, but I did not suffer from lack of toilet paper during the pandemic.
Supposing that there might be imminent drastic changes to society that would make it perilous for powerful 'evil' actors to know about my DNA, I don't see why those actors wouldn't be so powerful they couldn't just mandate DNA testing for everyone participating in society. My DNA can always be forcibly collected from me later on, regardless of what I do today.
Also, I don't see the relevance of 'never' here? Several lifetimes from now, there will be little to exploit in linking my DNA to whatever artifacts of my identity remain, since by then I'll just be a long-dead stranger. But then when we restrict ourselves to possibilities within my or my immediate descendants' lifetimes, we run into the issue above.
<< My DNA can always be forcibly collected from me later on, regardless of what I do today.
Hmm, would it not be an argument for nipping it in the bud now? I am confused.
<< Several lifetimes from now, there will be little to exploit in linking my DNA to whatever artifacts of my identity remain, since by then I'll just be a long-dead stranger.
Again, hmm. You state it as if it was a given, but it effectively assumes technology does not progress beyond what we have today. That said, all what I was about to type a moment ago is in the realm of pure speculation so I will stop here.
I still think you are wrong, but I should get some sleep and it seems unlikely I could convince you to reconsider.
given the proven low quality of most forensic science, and especially hair identification, it's all fun and games until the police decide you're the person they want to find guilty and they let the lab know that.
As I've said many times before in this subthread, I'm not claiming it's impossible that something bad could happen, just that it's very improbable, so it would be irrational to let fear of it control my life.
I feel like "control your life" is kind of a strong statement. I'm on the same side as the other commenters; I don't let fear control my life, I just let it be a factor in my decision to not send $29.99 and a cell sample to a company.
"in exchange for a few minutes of fun" is absolutely not worth enriching some dicks that don't care if I live, die, or get falsely accused.
All that notwithstanding, People plead guilty to crimes they didn't commit regularly because they are told it will make things easier on them. Or they avoid the death penalty.
The TLDR is that the actual real evidence doesn't matter - what matters is if the prosecution and the police are able to convince a jury that you did the crime. Watch at least the lawyer's section until the end(the cop's section is basically - "everything he said is true").
> The TLDR is that the actual real evidence doesn't matter - what matters is if the prosecution and the police are able to convince a jury that you did the crime.
Don’t you think there’s some correlation there though? Typically, the jury is convinced by telling them what evidence the state has.
It’s like saying a laser rangefinder doesn’t actually measure distance but time. Ok, but one Leads to the other…
"Can you state exactly what your threat model is?"
The threat model is that police and prosecutors need to find someone guilty. If you watch the video to the end, the lawyer explains exactly how even a genuienly completely innocent person might be convicted of a crime because they were able to use "some" evidence to show that you maybe were near the crime scene. They don't need definitive proof - they just need enough to sway the jury. And if you take that into consideration, then giving law enforcement any info about you can only ever work to your disadvantage.
> The threat model is that police and prosecutors need to find someone guilty.
Sure. And the chance that I'm the person they decide to pin it on because my DNA happened to be in a database is extremely low. Why are you only focusing on one of the bullet points when the point is that probabilities are multiplicative?
Well by that standard is not worth protecting your privacy at all, after all the probability of any of your data being used against you is extremely low. And it's a difficult point to argue, because obviously it's true - but still, why take the risk?
>>Why are you only focusing on one of the bullet points when the point is that probabilities are multiplicative?
Because I'm saying that all of your points don't need to be true for something bad to happen to you. The probability of all your points happening is probably so close to zero it might as well be zero. But if you've given the state any information it can be used against you - like the point made in the video shows. So I think what I'm saying is that yes, your points are improbable, but not all of them have to happen for you to get screwed over.
> Well by that standard is not worth protecting your privacy at all, after all the probability of any of your data being used against you is extremely low. And it's a difficult point to argue, because obviously it's true
Correct, this is exactly the point I'm making.
To recap: the point is that it is not necessarily the case that someone who sends their DNA to 23&Me is ignorant of the risks or stupid; it's entirely possible that they objectively analyzed the risks and decided it's not serious enough to care.
> but still, why take the risk?
For the same reason I walk outside without wearing a helmet to prevent me from bricks that could randomly fall from building facades. Mitigating the risk is not worth it, to me, relative to the hassle of doing so.
This may be a bit late in the discussion, but one of the biggest deal with allowing DNA to be put into databases which the police can trawl is that the risk of false positives increases as the database size increases. DNA profiling is a probability game with an underlying assumption that people in the DNA database are of higher risk of being guilty than those not in it. Most conviction on DNA evidence also use partial DNA, meaning they accept an even higher risk of false positive. The current methods in DNA forensic is also to use AI to combine multiple partial DNA to create a single profiles, and the false positives of those are not very well understood by judges and juries.
The legal system and the evidence value of DNA profile could adapt to a world where every persons DNA is accessible, but it is a slow process and I doubt it will be done in my life time.
<< I never could understand why people would willingly offer their DNA to companies
I can play devil's advocate and come up with some level of rationalization along the lines of 'it will help humanity cure cancer' in a handwavy kinda way, but even then one is trading future potential against near 100% guarantee that things do change in regards to what you gave -- that is: even if company is promising today it will not do something with data, a day will come when that will no longer be the case.
The blacksheep example is definitely interesting though and likely a good idea for a police drama episode ( if it wasn't used already ). Edit: And now that I think about it, if it would be made, it would show the the good certainly have nothing to fear indeed.
You could put quotes around the first line to make it clear you're joking or being sarcastic. I was pretty taken aback by someone seemingly actually saying that, at first! :`D
I don't see the logic following a data leak and not affording medical insurance, as that would imply insurance company saying "hey there's been a big DNA data leak - get that data and make profiles as to what people we should up the premiums on!" Which , ok I guess I can't believe they wouldn't because of moral reasons or even because it may already be illegal to do so or because they would worry about being found out, just seems like it would require not just thinking about it but probably also they would need to assemble a team to take advantage of it and that would not be worth it.
<< just seems like it would require not just thinking about it but probably also they would need to assemble a team to take advantage of it and that would not be worth it.
I think it has been somewhat well established that humans will do a whole lot of nasty without much thinking as long as a higher up tells them to. And this does not touch the simple fact that the companies are not exactly entities governed by morality ( and some would argue that it is not entirely certain if humans are either ).
>whole lot of nasty without much thinking as long as a higher up tells them to.
sure
>In short, I think you are wrong.
so, your technical conclusion is that because people will do bad things when told by authorities they will not need to start any sort of project to integrate the dumped data into their platforms, paying multiple developers for a potentially long time - it will just magically happen because of the power of evil?
I mean I want to believe in the power of evil as much as the next guy, but that's a bit much. And once we go back to the whole "they would need to assemble a team to take advantage of it" which maybe was not that clear at the end of my post then again, no matter how you slice the evil, it would not be worth it.
Because assembling the team to analyze and ingest 23&me data might take a while, cost a good amount of money, might decrease in value over time (or increase in risk) for something that is probably illegal to do in the first place.
Higher ups may want it done, but probably only if it can be done immediately and doesn't cost a lot of money.
<< Higher ups may want it done, but probably only if it can be done immediately and doesn't cost a lot of money.
Since we are talking evil, I suppose money is a good place to start ( being root of it and all that ). So motivation would likely be there, but I am willing to accept your qualification of 'yes, but don't spend a lot'.
Lets look at some of that potential cost structure. The analytics part these days is not exactly expensive. Hell, HN just yesterday had a story about $4.80 GPU time being used to do some reinforcement learning to find 'best HN post' on 9gb of HN data[1]. That used to be a little require more time and be more labor intensive. Edit: Yes, what we are discussing would naturally go beyond $4.80, but in terms of bang for buck it is hard to find a better time than now.
One could reasonably argue getting the right people ( right experience and knowledge ) could be prohibitive in terms of cost, but.. if you are already an insurance company, it is not exactly impossible that you already hired people with applicable experience, knowledge and skill. And if you are already paying them, maybe this little offshoot project could be sold to them as a great advancement opportunity. And if they took it too far? Well, no one told them to go overboard. After all, we at <company D> have a strict ethics policy.
If that is the case, two big pieces of the cost structure are either negligible or already part of the annual budget.
>if you are already an insurance company, it is not exactly impossible that you already hired people with applicable experience, knowledge and skill.
my experience with large companies is that there is already allocation of those resources somewhere, with lots of managers and such, I think it would be a major thing to move people around or to hire new people.
Sure it's nice to believe Evil is working agile, but really it just says its adapted some agile methods and its super slow as per the usual.
> I never could understand why people would willingly offer their DNA to companies that even if they are not selling that data sooner or later could have that data leak and the consequences could mean being able to afford life and medical insurance or not.
Reality: nobody cares about your DNA. It's useless for medical or life insurance companies, they can't discriminate based on the DNA by law. And if it's ever repealed, you can bet that life insurance companies will just start asking for your DNA info anyway.
DNA also doesn't provide actionable intelligence for advertisers that is worth more than a week of your purchase history or your Facebook profile.
However, DNA provides actionable intelligence for _you_. Mostly by highlighting the disease risks and other clinically-significant data (like drug metabolism speed).
All true but above all DNA is personal. It's yours to share or not. When someone related to you shares, they're sharing you and yours as well.
Let's rephrase: I never could understand why people would willingly offer their DNA *and the DNA of all those who share some part of their DNA* to for profit companies subject to data breaches, court orders, nefarious employees, etc.
> Let's rephrase: I never could understand why people would willingly offer their DNA
To get information that benefits them.
And from a practical point of view, a lot of my information has been leaked multiple times already. And I'm carrying a phone that tracks my movements to within a few meters all the time. I walk by multiple Ring cameras every day, etc.
"Stand Out of Our Light " - Similar message as "Surveillance Capitalism" - from an ex-Google'r - but without the depth and breadth. Not as heavy but packs a near similar punch.
Not GP but I despise this argument because the definition of a criminal depends who you're asking: in some countries, doctors giving warnings about an impending pandemic could be criminals.
Edit: I was too fast on the comment button and didn't read until the end.
To your point, there is something in us that does not consider what information could do.