Transitive Data Privacy: Behind Golden State Killer DNA and Cambridge Analytica
We are spending a lot of time discussing what happens to data when you explicitly or implicitly share it. But what about data that you have never ever shared?
Your Cousin’s DNA
We all share DNA — after all, it seems we are all descendants of a few tribes. But the more closely related you are, the closer the DNA match. While we all know we share 50% DNA with siblings, and 25% with first cousins — there is still some meaningful match even between distant relatives (depending on the family tree distance).
In short, if you have never taken a DNA test but one or more of your blood relatives has, and shared that data — some of your DNA is effectively now available for a match.
While this may have seemed like theory a few weeks ago, the cops caught the Golden State Killer by using this method.
A similar thing happened when data was mis-used by Cambridge Analytica. Even if you never used the quiz app on Facebook platform but your friends did, they essentially revealed private information about you without your consent or knowlege.
The number of users that took the quiz was shockingly small — only 300,000 users participated. And yet, upwards of 50 million (as many as 87 million) people eventually had their data collected by Cambridge Analytica.
And all of this was done legally and while complying with the platform requirements at that time.
Transitive Data Privacy
The word transitive simply means if A is related to B in a certain way, and B to C — then A is related to C. For example, cousins is a transitive property. If Alice and Bob are cousins, and Bob and Chamath are cousins, then Alice and Chamath are cousins.
As private citizens, and corporations, we now have to think about transitive data privacy loss.
(This is an excerpt. More coming soon.)