Creepy, dystopian genetic identification already exists—we’re just not using it yet

Yep, this one can log in to our site.
Yep, this one can log in to our site.
Image: Reuters/Pool
We may earn a commission from links on this page.

This post has been updated.

The dark 1997 sci-fi film Gattaca takes place in a world where employers accept job candidates based on the quality of their genes. The possibility of such discrimination just got a little more real.

Using widely available technologies, a programmer has designed a proof-of-concept that looks at a user’s genetic makeup to allow them to log in to a web service or site. It even has a suitably dystopian name: Genetic Access Control.

It’s essentially a genetic version of the way many web services already verify unknown users. Determining that people on the web are who they say they are is a tricky problem, so many services allow you to log in using some ubiquitous account, like Facebook, Google, or Twitter.

By using a technology called OAuth—an “open standard for authorization”—these smaller sites can simply ask you for permission to connect to your Facebook account. That makes verification easy for them, and it also allows them to ask for other data that might be useful, like your list of Facebook friends—essentially, your online DNA.

A sample of raw genomic data in 23andMe.
A sample of raw genomic data in 23andMe.
Image: 23andMe

Genetic Access Control works by connecting via OAuth to 23andMe, the ”personal genomics” website. People curious about their genetic origins can send a swab of saliva and $99 to 23andMe, and get their very own account that allows them to browse their personal genome. Through 23andMe’s OAuth API, programmers can ask for permission to connect to that account, much as they do with Facebook.

This is where things start to get sci-fi.

Once granted this permission, the programmer can make decisions about how to deal with a user based on his or her genes. The Genetic Access Control page lists some possible uses. They are at once promising and creepy:

– Creating “safe spaces” online where frequently attacked and trolled victim groups can congregate, such as a female-only community

– Ethnoreligious sects may wish to limit membership, e.g. Hasidic Jewish groups restricting access to Ashkenazi or Sephardic maternal haplogroups with the “Cohen” gene

– Safer online dating sites that only partner people with a low likelihood of offspring with two recessive genes for congenital diseases

– Pharmaceutical applications that check for genetic predisposition to negative drug interactions before dispensing

– Groups defined by ethnic background, e.g. Black Panthers or NAACP members

Genetic Access Control is not yet in effect in any significant way. For now, it seems to simply be a demonstration that such a system can be easily implemented, part of what the creator calls an ”Offensive Application Programming Initiative.”

Perhaps in order to prove just how offensive this technology can be, the page has a demonstration that screens for white users—those whose “ancestral makeup is primarily composed of European genetic markers.” Here’s some sample output:

Image for article titled Creepy, dystopian genetic identification already exists—we’re just not using it yet
Image: GitHub/offapi
Image for article titled Creepy, dystopian genetic identification already exists—we’re just not using it yet
Image: GitHub/offapi

Of course such a system becoming widespread depends on lots of people having sequenced genomes in 23andMe or a similar service. The site says it already has a million genotyped customers, and the potential health benefits of sequencing—as well as the curiosity factor—mean there could be many more to come.

Upon learning about Genetic Access Control, 23andMe announced on Twitter that it had blocked the creator’s access to its OAuth API, citing an “API policy violation.” The open-source code, however, could still be used by others and its success as a proof-of-concept stands.

Genomic data collection is creepy for a lot of reasons. Add the Gattaca-zation of the web to that list.

Updated July 24, 2015: This post has been updated with 23andMe’s comments that it had cut off API access for the developer of Genetic Access Control.