Good morning, Cyber Saturday readers.
On a shelf in my bedroom lies a DNA testing kit I treat with the same suspicion one might afford a parcel addressed “Pandora.”
I received the kit as part of a gift bag at Fortune’s Brainstorm Tech conference a couple years ago. I remember turning the unassuming box over in my hotel room and almost giving into temptation. What relatives might my ancestral inquiry unearth? To which diseases am I most susceptible, and how might I tweak my lifestyle to prevent them?
Alas, I have resolved never to crack the wrapper, and this week’s arrest of Joseph James DeAngelo, 72, believed to be the Golden State Killer, has reminded me why.
Investigators pinpointed DeAngelo after testing DNA preserved from decades-old crime scenes against online genealogy databases. A relative of the alleged serial rapist presumably uploaded her or his information in the hopes of discovering blood relations. A partial genetic match laid the trail for the cops to follow, and they later fingered their quarry after testing remnants of DNA that DeAngelo had supposedly discarded in public.
Let’s be real: I am not hiding from the law. Nor am I seriously concerned about outing a mass murderer in my lineage (mostly because I consider the odds unlikely). I admire these investigators’ clever forensic tactics. But I refuse to partake in voluntary DNA testing because its ramifications are unclear to me. I hold my privacy dear—and that of my family more so.
Giving up genetic information means relinquishing an asset so personal and unchangeable that there is no going back, for you and for those closest to you. Writ in those nucleotides is a record of your most intimate kin and medical history. I regard this information as toxic waste—and I am not satisfied with the state of information security to keep the data away from prying eyes.
Perhaps this decision is a miserly one, holding back possible scientific and medical progress by choosing to live in the dark. My attitude is probably rooted in some deep paranoia cultivated after reading too much dystopian fiction in my youth. I would be lying if I said it wasn’t informed by the chilling possibility—however slight—that a political regime could ever use this information against me and my loved ones; look no further than the plight of the Rohingyas in Myanmar to understand what I mean.
In some ways, my intransigence is foolish. Nothing is stopping anyone from nabbing traces of my saliva off a cup I toss in a public waste bin. Or from scooping up a thread of hair I might shed on the sidewalk. We all slough off bits of ourselves everywhere, every day. DNA is hard to protect.
But I have no plans ever to sign off on the terms of service that preface a consumer DNA test—no matter how many provocative conversations I might have with my desk-mate, Fortune’s biotech reporter, Sy Mukherjee. (You can subscribe to his health newsletter here.) It’s just not happening.
Whenever I get the urge to swab, I recall what did the cat in.
Have a great weekend. I’d love to know whether you agree or disagree with my stance; do write.
Robert Hackett
@rhhackett
robert.hackett@fortune.com
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’sdaily tech newsletter. Fortune reporter Robert Hackett here. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.
THREATS
Crypto wars redux. A former top Microsoft executive, Ray Ozzie, has unveiled a technical proposal designed to enable law enforcement to gain unencrypted access to the data stored on criminal suspects' phones. Cryptographers and cybersecurity professionals blasted the schema as being no better than earlier suggestions involving so-called key escrow, which they argue is too hard to secure in practice. As one cybersecurity pro, Rob Graham, put it in a post, "We know how to make backdoors, we just don't know how to secure them."
In the penalty box. The Securities and Exchange Commission fined Yahoo—well, the business formerly known as Yahoo—$35 million for failing to promptly disclose a massive 2014 data breach that affected hundreds of millions of user accounts. The penalized company, since renamed Altaba, has agreed to settle the charges and pay the specified amount. Altaba was created amid Yahoo's sale to Verizon as a vehicle for stakes in Yahoo Japan and Alibaba.
Hotlanta. The city of Atlanta set aside $2.6 million to recover from a recent ransomware attack that crippled its computer systems. Costs included fees for incident response from the security firm Secureworks, advisory services from consulting firm Ernst & Young, and crisis communications from PR agency Edelman. The hackers originally demanded $50,000 in Bitcoin.
Escaping unscathed. Despite Facebook's data controversies, the company posted profits of $12 billion for its first quarter of the year. The Cambridge Analytica scandal and #DeleteFacebook campaign apparently had minimal impact on the business. Executives at the company said they do not expect to be adversely impacted by the onset of the data privacy regime known as GDPR in Europe either.
To catch a predator. As mentioned in the essay above, an investigation to identify the Golden State Killer, the culprit behind a series of rapes and murders in the '70s and '80s, came to a close this week. The cops have arrested and accused Joseph James DeAngelo, 72. The investigators used an open source database of genetic information, GEDmatch, to find a partial DNA match that led them to DeAngelo. The tactic raises privacy concerns about sharing genetic information with genealogical services online.
Speaking of forensic criminology, you can call this suspect Jane "D'oh!".
Share today's Data Sheet with a friend:
http://fortune.com/newsletter/datasheet/
Looking for previous Data Sheets? Click here.
ACCESS GRANTED
Companies pay hundreds of thousands a year to keep snacks in the break rooms. They pay to send people to training and conferences that usually have very few tangible benefits. And we dump millions into marketing campaigns that we can’t tie to sales results.
But pay 100K a year to have a list of what we’re actually defending? Nope. Too expensive. Wasteful, really. Asset management is arguably the most important component of a security program, but I know of virtually zero companies that have a single person dedicated to it.
FORTUNE RECON
Police Are Downloading Data From People's Phones Without Warrants and Privacy Advocates Are Outraged, by David Meyer
Millions of Hotel Rooms Are at Risk of Master Key Hack, by Don Reisinger
More Than 1 Million Children Were Victims of Identity Theft in 2017, by Chris Morris
IBM Blockchain Is Tracking Diamond Rings Across the Globe, by Jeff John Roberts
Facebook Tries to Bring More Transparency to Opaque Set of Guidelines, by Michal Lev-Ram
Google CEO Sundar Pichai Isn't Stressed Over Privacy, But Investors May Have Reason to Worry, by David Meyer
Police Body Cameras Could Get Facial Recognition Technology, by Lisa Marie Segarra
Facebook Didn't Read the Fine Print on Data Harvesting App, by Don Reisinger
WikiLeaks Claims Coinbase Has Shut Down Its Online Store's Bitcoin Account, by David Z. Morris
ONE MORE THING
Not measured, not managed. Earlier this week John Doerr, the illustrious investor and chairman of the venture capital firm Kleiner Perkins, proselytized his bible for business management—a system he calls "objectives and key results," or OKRs—in a video conference call with several Fortune staffers (myself included). In the following Aeon column, Jerry Z. Muller, a history professor at Catholic University of America, argues that metrics can be detrimental to business success. The practice stifles innovation and results in negative consequences, like "gaming, cheating and goal diversion," he writes. Both raise valid points.
