Between your computer and your DNA, huge privacy issues loom aright around the corner according to Clay Shirky:
- Databases have two key weaknesses that affect this debate. The first is that they deal badly with ambiguity, and generally have to issue a unique number, sometimes called a primary key, to every entity they store information on. The US Social Security number is a primary key that points to you, the 6-letter Passenger Name Record is a primary key that points to a particular airline booking, and so on. This leads to the second weakness: since each database maintains its own set of primary keys, creating interoperability between different databases is difficult and expensive, and generally requires significant advance coordination.
Privacy advocates have relied on these weaknesses in creating legal encumbrances to issuing and sharing primary keys. They believe, rightly, that widely shared primary keys pose a danger to privacy. (The recent case of Princeton using its high school applicants’ Social Security numbers to log in to the Yale admittance database highlights these dangers.) The current worst-case scenario is a single universal database in which all records — federal, state, and local, public and private — would be unified with a single set of primary keys.
New technology brings new challenges however, and in the database world the new challenge is not a single unified database, but rather decentralized interoperability, interoperability brought about by a single universally used ID. The ID is DNA. The interoperability comes from the curious and unique advantages DNA has as a primary key. And the effect will put privacy advocates in a position analogous to that of the RIAA, forcing them to switch from fighting the creation of a single central database to fighting a decentralized and interoperable system of peer-to-peer information storage.
While much of the privacy debate around DNA focuses on the ethics of predicting mental and physical fitness for job categories and insurance premiums, this is too narrow and too long-range a view. We don’t even know yet how many genes there are in the human genome, so our ability to make really sophisticated medical predictions based on a person’s genome is still some way off. However, long before that day arrives, DNA will provide a cheap way to link a database record with a particular person, in a way that is much harder to change or forge than anything we’ve ever seen.
Everyone has a biological primary key embedded in every cell of their body in the form of DNA, and everyone has characteristic zones of DNA that can be easily read and compared. These zones serve as markers, and they differ enough from individual to individual that with fewer than a dozen of them, a person can be positively identified out of the entire world’s population.
DNA-as-marker, in other words, is a nearly perfect primary key, as close as we can get to being unambiguous and unforgeable. If every person has a primary key that points to their physical being, then the debate about who gets to issue such a key are over, because the keys are issued every time someone is born, and re-issued every time a new cell is created. And if the keys already exist, then the technological argument is not about creating new keys, but about reading existing ones…
….This is a different kind of fight over privacy. As the RIAA has discovered, fighting the growth of a decentralized and latent capability is much harder than fighting organizations that rely on central planning and significant resources, because there is no longer any one place to focus the efforts, and no longer any small list of organizations who can be targeted for preventive action. In a world where database interoperability moves from a difficult and costly goal to one that arises as a byproduct of the system, the important question for privacy advocates is how they will handle the change.