EDITOR NOTE: This is Jonny’s 75th post on Technology Bloggers! Jonny was a complete newbie to blogging when he wrote his first post (about prosthetic limbs) but he is now somewhat of an expert – although he probably wouldn’t agree! – note by Christopher
Recently a couple of articles have appeared on large US websites about a type of search engine called Shodan. This search engine has been about for about 3 years, but it is different from Google and its cohorts in many ways. I looked at it and could not understand it at all, so what is it then and why is it causing such concern?
Expose online devices
I have seen Shodan described as “The scariest search engine on the Internet”. This CNN money article explains that Shodan navigates the Internet’s back channels. It’s a kind of “dark” Google, looking for the servers, webcams, printers, routers and all the other stuff that is connected to and makes up the Internet.
What interest could there be in such capability? Well a lot apparently. The system allows an individual to find security cameras, cooling systems and all types of home control systems that we have connected to the Internet. (See Christopher’s series about his British Gas system here).
One serious problem is that many of these systems have little or no security because they are not perceived as threatened. Shodan searchers have however found control systems for a water park, a gas station, a hotel wine cooler and a crematorium. Cybersecurity researchers have even located command and control systems for nuclear power plants and a particle-accelerating cyclotron by using Shodan.
Hacking apart it turns out that the world is full of systems that are attached via router to the office computer and web server, and on to the outside world. Access for anyone who can find them and might like to turn of the refrigeration at the local ice rink, shut down a city’s traffic lights or just turn off a hydroelectric plant.
The Shodan system was designed to help police forces and others who might have legitimate need for such a tool, but what when it gets into the wrong hands. Security is non existent, just get your free account and do a few searches and see what you find.
See this Tech News World article for a further look at the ethical and practical issues that such a freely available product might bring
Regular readers will be aware of my interest in these types of problems through my work at the Bassetti Foundation for Responsible Innovation. I am not sure how the development and marketing of such a tool could be seen as responsible behaviour, but as I have been told on many occasions during interviews there are plenty of other ways of finding out such things. These types of systems are gathering already available information to make it usable, nothing more, so not doing anything wrong.
The speaker at the conference was Anne Wojcicki, CEO of the world’s largest commercial genetic company called 23andMe. They offer a kit that you spit into and send back, then they analyze 4 million variables and you check out the results online.
Recent technological advancements have brought the price down beyond belief. What cost $100 000 a few years ago and took months cost $1000 last year and now $300 and can be done while you wait.
What they call Next Generation Genetic Testing has meant that the analysis has become incredibly more intricate, where as a few years ago they analyzed a few thousand proteins, they can now do millions, so if you already had your genome sequenced a few years ago you might want to re-do it to gain ever more information. As I said I went to this conference with the CEO from 23and Me. They are a relatively new company but have the majority of the market share in DNA genetic analysis. The CEO very much presented her organization in business terms, but continuously highlighted the research they conduct in looking for cures for new diseases. They have amassed an enormous database and can conduct statistical analysis on Gene mutations in a few hours that only a few years ago (or without them they argue) would take years.
So what do they actually provide you with for the money?
Results are viewed online, and consist in various types of analysis presented as bar charts, pie charts and statistics. So one line of interest is where your Genes come from, for example how much of you is from Africa, Asia, Europe or elsewhere. How much of you is Neanderthal.
Then we get into the interesting stuff about how your genes relate to your parents, who are you most like.
Carriers and sufferers of diseases learn about their mutations, so if you have or are carrying a genetic disorder this information is also presented.
Then we move onto risks for the future. What percentage rise in risk do you have in your genes for developing certain diseases? Maybe you have a 20% rise in risk of developing Alzheimer’s or getting breast cancer. Here we are moving out of the present and world of scientific analysis and into the world of risk.
A world of interesting information and probably very useful in many cases and just a bit of fun in others, but I would like to raise some issues about the above.
No doctors are involved in giving this information, an individual reads their results online, so one of my reservations is about interpretation. What does a 20% rise in risk of breast cancer mean? How does an individual react to such news? What can or will they do? Also in terms of a negative result what are the effects? I have reduced risk of contracting breast cancer so I skip my mammogram for a few years, after all I am at low risk.
And what if I discover that I have some kind of genetic disorder? Well should I tell my brothers? Maybe they have it too. Do I have the right to tell them? Or am I obliged to tell them? Do they have the right to know or indeed the right not to know?
And ancestry, what if I discover that my father is not the man my mother is married to?
Then as a concerned scientist I start thinking about the data, and discover in the contract I signed (without reading because it is 10 pages long) on the internet gives the company the rights to distribute my genetic information to other research organizations. OK all in a good cause but are they going to make the information non traceable? Is that even possible when such an amount of intricate information is involved? Probably not say the scientists at Harvard.
I am not saying that 23andMe are doing anything wrong at all, their database must be a great resource for science and particularly medicine, possible benefits should not be underestimated and I am sure that their hopes and aims are all pursued in good faith, but I wonder if such a database should not be independently regulated. At present these types of operations are practically unregulated in the US, and maybe this should not be the case. Technology is moving ahead at an incredible rate in this field and nobody can say what this material will reveal, to whom and for which purposes. I note on the video that Christopher linked on his post about Google that they are one of the company’s biggest investors, and as they are a corporation specialized in data collection that does not really surprise me.
Legislation has been passed in the US called GENA, whose aim is to protect individuals from unfair treatment from certain sectors on the grounds of genetic testing. It is not however definitive and as I say only covers specific areas of commerce such as health insurance and employment, but I am dubious about the power of the state to enact laws as quickly as needed. Lawmaking is a slow process in a fast moving world as the genetic testing debate has proved. Equally however we don’t want to slow down the pace of research due to regulation, as that too has serious consequences for individuals who might be looking for breakthroughs in certain treatments.
I fear though that if you pay for such a test and the results show a tendency towards getting a cancer of some sort, a health insurance company might accuse you of hiding or having access to information you should have disclosed, and make life difficult when it comes to paying for the health care you need or for your funeral (I don’t think life insurance is presently covered under the legislation).
Or that one day they might ask you to lick a stick when you go in to the broker to buy your holiday insurance or apply for a job. What do you think?