There’s a great lecture pair on genomic data privacy up at the GenomeTV channel, a service of the NHGRI. The two speakers are Isaac Kohane and George Church, two of the foremost authorities on the use of genetic data in research.
I found many things to agree with in both talks, and a few substantial points of disagreement. Kohane quoted Richard Stallman in his talk, and I was slightly surprised by how pragmatic the quotation sounded in this context:
We must require new systems to be designed for privacy rather than to collect all possible data. […] It is not too late to protect privacy pretty well, but we must insist on it — which means, not heed the people who say it is hopeless.
Unfortunately, both Kohane and Church display an attitude of hopelessness, at least as far as privacy technology is concerned. Kohane appears to believe that technology has no role in protecting privacy and that we should, instead, regard privacy as a problem to be solved through social convention. Church is on the record as a privacy technology skeptic:
Church says that medical researchers, who depend on large public genome databases to investigate how genes influence disease and other key scientific questions, ought to embrace the new reality, “jump to the endgame … admit that it’s very challenging to promise anonymity, and make it so that people don’t care about it.” [LA Times, 18 Jan 2013]
I take inspiration from Stallman here: we can build systems that respect privacy. In systems that require private information to function, we must at the very least be clear about how that information is being used and provide mechanisms that allow users to control access.
And this brings me to my biggest point of disagreement, based not on anything the speakers said explicitly, but rather on an assumption that both take for granted: the assumption that there exists a single, one-size fits all solution to this problem. A perfect policy, if we could only hold enough roundtable discussions to uncover it and convince people that it is in their best interests to adopt it. I submit that there is no such policy and that the owners of the sensitive information themselves have a right to decide how their information is used.
Privacy-aware systems (like Genecloud) must avoid making these decisions for patients, subjects, and other stakeholders and give them the policy controls and auditing features that empower them to manage their own privacy.