everyone: older news
23andMe and GlaxoSmithKline
by Brent Kirkpatrick
(Date Published: 1/11/2019.)
As a scientist who has worked with human genetic data, I know that the privacy protocols and patient privacy measures proposed by 23andMe and GSK are too weak. The people and process protocols are insufficient. Now, when we begin to discuss the technology, the inefficiencies become glaring.
As a cybersecurity expert, I know that any computer system can be hacked. Even if 23andMe and GSK are well intentioned and have the best people and processes, they have adversaries in cyberspace. Even if consumers have accepted that 23andMe stores their genetic data on Internet connected servers, it is clear that copying some or all of that data and transmitting it to the U.K. is a bad idea. Regardless of encryption.
Simply having two copies of genetic data on two Internet connected servers increases the chance that it gets hacked. If 23andMe is really interested in privacy and security, they would never increase the chance that the data gets hacked. Their actions indicate that they are more interested in their own research glory than in patient privacy. 23andMe would rather get research glory while sacrificing their customer's privacy than make privacy and consent assured.
Please contact us at Intrepid Net Computing if you need solutions to privacy, to security, or to cyberattack.
Trojan Hunter. Digital forensics for Trojans at an accessible, fixed price. For any operating system.