Researchers have shown that it's possible to link your identity to supposedly secret genetic information about your predisposition to diseases, merely by analyzing family-tree databases and other publicly available information.

"It was quite surprising," said Yaniv Erlich, a genetic researcher at the Whitehead Institute for Biomedical Research. "When we got the first family, I was surprised. ... It's as if you opened a box that for a long time was locked."

Erlich led the research team whose work is being published in this week's issue of the journal Science. The team's study already has led to a tightening of security measures for federally sponsored genetic databases.

---

The security-cracking trick relies on the availability of genetic information linked to surnames in a variety of public family-tree databases. DNA samples from males can be tested to look at dozens of genetic markers on the Y-chromosome that change only rarely from generation to generation. If the markers from two individuals with the same surname are a close match, that's a tip-off that the two are closely related, even if they don't know each other.

Tens of thousands of people (including yours truly) make that information public in hopes that someone else will match up with their results. The genealogical markers aren't linked to disease or other specific traits. But under the right circumstances, they could provide an opening for links with other, more sensitive genetic information.

How the secrets were revealed
Erlich and his colleagues conducted a three-step process to see how easy it'd be to use that opening. First, they analyzed anonymous Y-chromosome data from a public database for the 1000 Genomes Project, to come up with the DNA coding for markers that are used for genealogical purposes. Then they compared those markers against entries in the two largest family-tree databases, Ysearch and the Sorenson Molecular Genealogy Foundation.

The researchers said their analysis projected a success rate of 12 percent for recovering the surnames of U.S. Caucasian males. Another 5 percent would theoretically be linked up with the wrong surnames. They said upper- to middle-class Caucasian males were easier to identify, presumably because they're more likely to participate in the family-tree databases.

Once the surnames were identified, the third step was to look at other publicly available sources to go from the surname to a specific individual: Some genetic databases, for example, include information about the age and the state of residence of an anonymous participant, and even the number of children and their birth order. Those clues were added to information gleaned from other sources, ranging from public-record search engines to obituaries.

The researchers linked five specific individuals in three separate families with supposedly anonymous genetic records. The process took three to seven hours for each family pedigree, the scientists said. Then they traced those three family-tree pedigrees to find other connections between relatives and sensitive genetic data. "In total, surname inference breached the privacy of nearly 50 individuals from these three pedigrees," the researchers wrote.

"We show that if, for example, your Uncle Dave submitted his DNA to a genetic genealogy database, you could be identified," Melissa Gymrek, a member of the Erlich Lab and the Science paper's principal author, explained in a news release. "In fact, even your fourth cousin Patrick, whom you've never met, could identify you if his DNA is in the database, as long as he's paternally related to you."

What is to be done with data?
Erlich and his colleagues made a point not to reveal the identities of those individuals, and said they were not advocating a clampdown on the availability of genetic information.

"Quite the opposite," Erlich said. "We found the gene for two devastating pediatric disorders by analyzing the data in public databases. Using these databases, we gave hope to these families and to other parents. We don't want to take away these databases. ... What we really want to do here is to have this really mature conversation about privacy — to tell people we cannot completely protect the privacy, but also to tell them about the benefits."

For years, experts have worried that sensitive genetic data could be used to discriminate against patients, potential employees or would-be insurance customers. Such discrimination is illegal when it comes to employment or health insurance, but the law doesn't cover life insurance, disability insurance or long-term care insurance. Theoretically, an insurer could search through genetic records and turn you down because you have a genetic predisposition to, say, Alzheimer's disease. 

In a Science policy paper, representatives of the National Human Genome Research Institute and the National Institute of General Medical Sciences at the National Institutes of Health said it was time to "re-examine how to balance the protection of research participants ... with the societal benefits likely to be gained through the enhanced research that broad data sharing facilitates."

They said NIH "acted swiftly to mitigate future risks" by working with the NIGMS' genetic repository to shift the data about the age of study participants out of public view and into a controlled-access area of the database.

"That reduces the risk," Erlich said. "It creates another fence."

And what about the genealogical genetic data? Max Blankfeld, vice president for operations and marketing at Family Tree DNA, said his company has been dealing with privacy issues for more than a decade — and doesn't expect the latest research to lead to policy changes. Family Tree DNA has been running the Ysearch database as a free public resource for a decade, but does not force any of its more than 400,000 participants to use it.

"People voluntarily post their information in that database, and therefore it has nothing really to do with the vast majority of the people who take the test and choose to have it protected by Family Tree DNA," Blankfeld said. "This data, we don't share with anyone."

More about genetic ancestry:

• DNA takes on a family's mysteries
• Update on Irish roots: The wearin' o' the genes
• Gene-tracing project gets an upgrade

---

In addition to Erlich and Gymrek, the authors of "Identifying Personal Genomes by Surname Inference" include Amy McGuire, David Golan and Eran Halperin. The work was supported by the National Defense Science and Engineering Graduate Fellowship, the Edmond J. Safra Center for Bioinformatics at Tel Aviv University, and a gift from James and Cathleen Stone.

The authors of the Science policy paper, "The Complexities of Genomic Identifiability," include Laura Rodriguez, Lisa Brooks and Erick Green of NHGRI and Judith Greenberg of NIGMS.

Alan Boyle is NBCNews.com's science editor, and also the administrator of the Boyle Surname Project at Family Tree DNA.

Connect with the Cosmic Log community by "liking" the log's Facebook page, following @b0yle on Twitter and adding the Cosmic Log page to your Google+ presence. To keep up with Cosmic Log as well as NBCNews.com's other stories about science and space, sign up for the Tech & Science newsletter, delivered to your email in-box every weekday. You can also check out "The Case for Pluto," my book about the controversial dwarf planet and the search for new worlds.

The next time you visit a city park, you might want to be wary of the hipsters in charge of cool-looking remote-controlled helicopters. They could be botmasters aiming to wage a cyber attack via the smartphone in your pants.

"The coolness factor is actually an attraction for attacks," Sven Dietrich, a computer scientist at the Stevens Institute of Technology in Hoboken, N.J., told me Friday.

---

Dietrich is a cyber security expert who built a proof-of-concept drone that can build a network of compromised computers, called a botnet, by hacking wireless connections to get access to computers.

 

Botnets perform activities such as distributed denial-of-service attacks, click fraud, identity theft, and cyber war. They are run by botmasters who usually gain access to the botnet via the outside, such as broadband cable or DSL connection.

Wireless networks are, traditionally, much less secure than more heavily guarded broadband connections. Most people view wireless networks as not extending beyond their walls and thus less vulnerable.

"That's where we come in. We come in from the unexpected side," Dietrich said. "We recruit systems by flying from wireless network to wireless network."

They do this with a drone called a quadricopter that is available for less than $400 at gadget stores. Dietrich and his colleagues loaded it up with a couple hundred dollars worth of off-the-shelf computer hardware and software that they customized a bit. Total cost: $600.

This drone is controlled with an iPhone or Android over a 3G network and is equipped with GPS and cameras so that its controllers can see where it is even when it is out of physical sight.

In concept, malicious controllers — botmasters — can land the drone on an apartment building or corporate office and gain access to computers via wireless networks and set up a botnet.

The network is built over the course of a couple of flights. The first flight identifies and collects information on vulnerable networks. The information is then sent off to a cloud computing service such as Amazon EC2 to crack the WEP and WAP wireless security codes.

Then, the drone is flown back and "attacks those vulnerable systems," Dietrich said. "Once we've broken in, as in we've broken the wireless security, we can then proceed to attack the systems that are behind it."

Botmasters who operate in this way are hard to catch since the drone creates a "disconnect between the botmaster and the attacking system," Dietrich added.

In fact, the only way to catch the botmasters is to see them flying the drone or capturing the drone itself. But a captured drone won't have much incriminating information on it, he noted, since it won't tell you what systems are where.

Protection from these sorts of attacks begins with tightened security on wireless networks and further tightening of security of the systems behind the router.

While people and corporations are increasingly taking such steps, many of us don't think much about it when walking around with a smartphone in our pants, which is what makes those hipsters controlling those helicopters at the park suddenly kind of creepy.

"Here I am at the park flying the drone as a toy and people are (gathered) around me, or the drone, and they are moving within the range of its attacking capabilities," Dietrich explained.

For example, the drone can be used to perform what's known as the Café Latte attack, where the drone tricks your smartphone into connecting to it by pretending it is your home or office network that your phone is configured to seek and automatically connect to.

"So the drone actually acts as a magnet by curiosity for people being attacked," he said.

More on cybercrime:

• Concept botnet could steal data via Facebook photos
• Online crime complaints down, botnet numbers way up
• FBI says mastermind of botnet nabbed
• Botnet amputated, but criminals reconnect
• Global cybercrimes cost $114 billion annually: Symantec
• How to protect your home network

---

Hat tip to Technology Review

Dietrich and his colleagues presented the details of their drone, called SkyNet, at the USENIX Security Conference in August.

John Roach is a contributing writer for msnbc.com.

 

A soft, flexible bag that hardens when confronted with a sudden force could make air travel safer on all types of aircraft, according to researchers working on the novel bag for bags in the cargo bin.

The bag is being pitched as a less expensive, more flexible and lighter-weight alternative to hardened luggage containers deployed on some wide-body jets that protect passengers from explosives snuck onto planes.

---

Fundamental to the bag, named the Fly Bag, are a techy-sounding internal elastomeric coating and a fabric impregnated with a shear-thickening fluid, notes University of Sheffield in the UK, where the bag was developed in partnership with Blastech Ltd., a spinoff company owned by the university's lab.

Elastomers are low-stiffness, high-strain materials used in products such as adhesives and sealants. The bag has an elastomer developed to provide a heat- and flame-resistant gas seal in the bag at high strain rates and deformation.

Shear-thickening fluids increase in viscosity in response to impact. Simple STFs can be made by mixing together the right amount of corn flour and water. If rolled into a ball, this would bounce on hard surfaces but return to a fluid once left alone.

"Under normal circumstances, the particles in STFs repel each other slightly, however following sudden impact, the extra energy in the system proves stronger than the repulsive forces, causing the particles to clump together in structures called hydroclusters, which bump into each other, consequently thickening the fluid," a news release from the University of Sheffield explains.

For the Fly Bag, the research team coated the yarn of the fabric with STF. As the fabric comes under strain, shearing forces between the yarns cause the STF to thicken, temporarily increasing the stiffness of the fabric.

The same idea could be applied to body armor designed to protect people from knives and bullets, the team said, though their focus at the moment is air travel. The team hopes to have the first bags on the market within two years.

More on armor tech and travel safety:

• From hard to soft in seconds
• Toughest body armor developed by scientists
• Army tests new body armor for women
• Parcel bombs four times larger than Christmas plot
• Suspicious bag delays Germany-bound flight

---

John Roach is a contributing writer for msnbc.com. Connect with the Cosmic Log community by hitting the "like" button on the Cosmic Log Facebook page or following msnbc.com's science editor, Alan Boyle, on Twitter (@b0yle).

 

 

The wide deployment of millimeter wave full-body scanners at airports around the U.S. caused a kerfuffle largely because they generate grainy photos of travelers' naked bodies. Will a makeover of the technology that promises to help put clothes on your body get a different reception?

If preliminary results from a beta test of the technology are a guide, the answer is yes.

---

"The feedback has been phenomenal from customers as to the helpfulness of the service to them," Elizabeth Thomas, a marketing executive with Unique Solutions Limited, told me today.

The company licensed the body-scanning technology from Batelle, a research organization that manages the Pacific Northwest National Laboratory where the technology was first developed, and deployed the first "mybestfit" kiosk at the King of Prussia Mall in Pennsylvania.

The millimeter wave technology uses radio waves to penetrate clothing and bounce signals off the body that get transferred to a computer where the data generates useful information.

At airports, the data is used to make a somewhat naked-body image that helps security personnel identify objects such as ceramic knives and other non-metallic weapons. At the mall, "there's no image involved whatsoever," Thomas said.

Rather, a computer software program uses the signals to generate measurement data from all over your body: arm and leg length, waist and hip size, weight, etc., and then matches that data up with fitting fashions available at the mall.

The shopping potential of the technology was demonstrated to reporters at the Pacific Northwest National Laboratory in 2007. The deployment at the Pennsylvania mall is the beginning of what Unique Solutions Limited hopes will be a trend that allows us all to be a bit more smartly dressed for stress.

More on body scanners:

• Scanning for security – and the perfect jeans
• Are airport X-ray scanners harmful
• Leaked U.S. Marshal body scan images revealed
• Airport body scanners reveal all

---

John Roach is a contributing writer for msnbc.com. Connect with the Cosmic Log community by hitting the "like" button on the Cosmic Log Facebook page or following msnbc.com's science editor, Alan Boyle, on Twitter (@b0yle).

 

 

Thieves may be finding it more difficult to pawn off stolen goods, thanks to new technologies that can put invisible marks on everything from copper wire to flat-screen TVs. Two British companies at the forefront of the technology, Selectamark Security Systems and SmartWater Technology, were recently profiled by PhysOrg.com and The Economist.

The companies liken the technology to uniquely identifiable synthetic DNA that is permanently attached to goods. The microscopic markings can help scrap dealers, pawn shops and cops determine if the loot under consideration is stolen — and, if so, from where. 

---

Microdots and adhesive
SelectaMark's technology is called SelectaDNA. It's a nearly impossible-to-remove transparent adhesive embedded with nickel alloy or polyester microdots (see image above) that contain a unique code and phone number. The information glows in ultraviolet light and can be read under a microscope.

Each batch of adhesive also has a unique marking. The code is stored along with customer details in a database. That way, even a tiny bit of adhesive can be used to identify the rightful owner of the object. A "home kit" costs about $80 (50 British pounds)

Rare earth combo
SmartWater's concept is similar: a transparent adhesive with celluloid microdots imprinted with a code that identifies the owner and the company's telephone number. This too is legible under a microscope.

In addition, SmartWater adds a unique combination of 30 rare-earth materials to the adhesive that can be used to identify an object even if the adhesive coating has been burned off, according to reports. This combo is a bit harder to decode, but a suspect batch of wire, for example, can be sent to SmartWater for lab analysis. The system is sold on an annual subscription basis, at a cost ranging from $38 (24 British pounds) for a scooter to $135 (84 pounds) for a five-bedroom home.

Both companies also sell spray-can kits that can be placed over a door or cash register, for example, and could be triggered by a motion detector or a shop owner. The spray leaves an identifiable marking on the thief's skin and clothing that lasts for days.

"The spray lodges in pores and creases in the skin, as well as nostrils, available to the swab of a curious police officer and branding the thief as effectively as his own DNA would, had he been careless enough to leave any at the scene of the crime," The Economist notes.

These technologies join other high-tech anti-theft devices such as the unique fingerprints for product tracking made by Nintendo subsidiary Siras.com in Redmond, Wash., which clamps down on warranty fraud.

More stories about anti-theft technologies:

• Anti-theft software could generate security hole
• Fingerprint smudges thwart smart phone security
• Fingerprint reader meant to replace passwords
• Reality of fingerprinting not like TV crime labs

---

John Roach is a contributing writer for msnbc.com. Connect with the Cosmic Log community by hitting the "like" button on the Cosmic Log Facebook page or following msnbc.com's science editor, Alan Boyle, on Twitter (@b0yle).

Bomb-sniffing plants could make airport security a whole lot greener – at least until a bomb-packing terrorist walks by and causes the leaves to turn white, researchers report in the journal PLoS ONE.

The plants are being grown by a research team headed by June Medford, a biologist at Colorado State University in Fort Collins, with funding from the Depart of Defense and a host of other agencies.

The trick involves using DNA to rewire the plants' protein-based signaling process, so that the leaves change color when certain chemicals or environmental pollutants are detected. Plants usually rely on the system to release toxins that ward off insects looking for a leafy meal.

---

"Plants can't run or hide from threats, so they've developed sophisticated systems to detect and respond to their environment. We've taught plants how to detect things we're interested in and respond in a way anyone can see to tell us there's something nasty around," Medford explained in a news release.

To get there, Medford's colleagues used a computer program to redesign receptors in plant cells to recognize a specific pollutant or explosive. Then she and colleagues at her lab modified the redesigned receptors to function in the cell walls of the plants.

So far, the researchers have grown Arabidopsis and tobacco plants in the lab that respond to an explosive by "de-greening" within a few hours. Next-generation greenery should make the change in color in a matter of minutes.

The plants will be ready for prime time in about three to four years, Medford told Wired.com's Danger Room. Potential applications include airport security as well as at public gathering places such as football stadiums. They could even find use around a home — turning white, for example, when radon is detected.

What's more, these rewired proteins can live in any kind of plant, giving green thumbs with an appreciation for biotech a new world of choices when considering what to grow next.

More stories on bomb sniffing and plant technology:

• Bomb-sniffing robots put to test in Iraq
• Bomb-sniffing dogs rushed to Baghdad
• Creator of bomb detector wins prize
• Study says bees can find explosives
• Custom-scented flowers may be on the way
• Text messages can quench plants' thirst

---

TIn addition to Medford, co-authors of the PLoS ONE paper, "Programmable Ligand Detection System in Plants Through a Synthetic Signal Transduction Pathway," include Mauricio Antunes, Kevin Morey, Jeff Smith, Kirk Albrecht, Tessa Bowen, Jeffrey Zdunek, Jared Troupe, Matthew Cuneo, Colleen Webb and Homme Hellinga.

Project funding is from Defense Advanced Research Projects Agency, or DARPA, the Office of Naval Research, the Bioscience Discovery Evaluation Grant Program through the Colorado Office of Economic Development and International Trade, the National Science Foundation, the Department of Homeland Security Science and Technology Directorate and Gitam Technologies.

John Roach is a contributing writer for msnbc.com. Connect with the Cosmic Log community by hitting the "like" button on the Cosmic Log Facebook page or following msnbc.com's science editor, Alan Boyle, on Twitter (@b0yle).

In an effort to reassure skittish fliers, the Transportation Security Administration says its body-scan images "cannot" be stored, transmitted, or printed -- unlike the tens of thousands of images that were stored in a machine operated by the U.S. Marshals Service. But just how ironclad can that kind of denial ever be?

The TSA acknowledges that this sort of thing is possible when the machines are in test mode. What's more, there's no magic technology that would keep a truly dedicated (and twisted) screener from smuggling out a cell phone picture of a screen shot showing you in all your glory, passing through airport security.

Instead, the TSA relies on a policy that bans cell phones and cameras in the screening area. "Our officers adhere to the highest professional standards, so we are confident our policy is followed," Lauren Gaches, a TSA spokeswoman, told me.

These reassurances fail to appease privacy rights advocates. Marc Rotenberg, executive director of the Electronic Privacy Information Center, told me this a "double standard."

---

He noted that airplane passengers aren't allowed to bring explosives on the plane, but they are subjected to body scans and enhanced pat-downs on the way to catch their flight -- just in case they try to skirt that policy. What's to prevent a TSA employee from skirting the cell phone policy?

Nor is it clear what keeps the machines locked out of test mode when they're at the airport. Gaches confirmed that the machines -- referred to as Advanced Imaging Technology, or AIT in TSA jargon -- can store, export, and print images in test mode, but insisted that this functionality is "disabled prior to arrival at the airport."

Rotenberg isn't so sure this will keep the critics at bay. "This is all in software, and a TSA official with a proper account password can enable the recording and storage of images in every single airport in the United States," he said. "There is nothing stopping the TSA from doing that."

EPIC is also concerned that USB drives, hard disk drives or the networking capabilities of the machines could be exploited to store images on an unauthorized device, though the TSA says these channels "are for limited data transfer only -- an officer's user ID, log-in and log-out time, and statistical data."

Rotenberg's organization wants the scanning program suspended and further deployment of the technology delayed until privacy and security issues are identified and resolved.

"The TSA has crossed a line," Rotenberg said.

What do you think? Are you reassured by the TSA's statement that it "has not, will not ... and cannot store images of passengers"?

More about airport security and passenger privacy:

• Leaked U.S. Marshal body-scan images revealed
• TSA boss: New pat-downs are more invasive
• Are airport X-ray scanners harmful?
• 'Transvestite terrorist' refuses body scan in spoof video
• More news from msnbc.com's Travel team

---

John Roach is a contributing writer for msnbc.com. Connect with the Cosmic Log community by hitting the "like" button on the Cosmic Log Facebook page or following msnbc.com's science editor, Alan Boyle, on http://twitter.com/b0yle.

Just in time for the holiday travel crush, concern is on the rise about radiation exposure from the X-ray full-body scanners that are being deployed around the U.S. in an effort to thwart terrorist attacks.

The controversial technology works by bouncing an X-ray beam off a person to create a full-body image that reveals contours, including natural curves as well as any bumps and protrusions from potential weapons that might escape a metal detector such as plastics and ceramics.

The image is displayed on a computer screen in a private room. The person's face is never shown -- and their identity, in theory, is unknown to the airport screener. Passengers can skip the scan and opt instead for a pat-down, which is criticized for being overly personal in the groin area.

---

Privacy concerns about the scans and pat-down reached fever pitch in recent days when San Diego software engineer John Tyner refused both -- and captured the action with his cell phone's video camera. His blog posts and YouTube videos about the encounter went viral.

While Tyner received a full refund for his ticket and gained Web celebrity status, other interested parties -- ranging from pilots and passengers to esteemed scientists -- are worried that radiation exposure from the X-rays could increase risk of cancers.

The Transportation Security Administration says the amount of radiation from scans amounts to about a thousandth of the amount a person receives from a standard chest X-ray.

Peter Rez, a physics professor at Arizona State University in Tempe, did his own calculations and found the exposure to be about one-fiftieth to one-hundredth the amount of a standard chest X-ray. He calculated the risk of getting cancer from a single scan at about 1 in 30 million, "which puts it somewhat less than being killed by being struck by lightning in any one year," he told me.

While the risk of getting a fatal cancer from the screening is minuscule, it's about equal to the probability that an airplane will get blown up by a terrorist, he added. "So my view is there is not a case to be made for deploying them to prevent such a low probability event."

A group of scientists at the University of California at San Francisco laid out their concerns in a letter to the U.S. Food and Drug Administration, highlighting in particular the potential for the X-ray dose concentrated on the skin to pose a health concern for children and other vulnerable populations, such as people with HIV.

"We are unanimous in believing that the potential health consequences need to be rigorously studied before these scanners are adopted. Modifications that reduce radiation exposure need to be explored as soon as possible," the letter said. Among the signers were David Agard, John Sedat (a professor emeritus) and Robert Stroud, all professors of biochemistry and biophysics; and Marc Shuman, professor of medicine.

In response, the Food and Drug Administration said the technology has been reviewed Sandia National Laboratories, the FDA, National Institute for Standards and Technology and Johns Hopkins University.

"In summary, the potential health risks from a full-body screening with a general-use X-ray security system are minuscule. Several groups of recognized experts have been assembled and have analyzed the radiation safety issues associated with this technology. ... As a result of these evidence-based, responsible actions, we are confident that full-body X-ray security products and practices do not pose a significant risk to the public health," the FDA said.

Arizona State University's Rez voiced other concerns: What's the potential for one of the scanners to fail, given that they will run all day, every day at airports across the country? When that happens, are safety mechanisms in place to prevent overexposure to radiation? Rez also said that the scanners are "useless for detecting explosives."

Janet Napolitano, secretary of the Department of Homeland Security, weighed in on the controversy with an op-ed on Monday in USA Today. She reiterated the government's view that independent evaluations show the technology to be safe and hammered home why the federal government deems the scans and pat-downs necessary:

"Each and every one of the security measures we implement serves an important goal: providing safe and efficient air travel for the millions of people who rely on our aviation system every day."

The question remains, though, are these X-ray scanners more harmful than helpful? Feel free to weigh in with your comments below.

---

John Roach is a contributing writer for msnbc.com. Connect with the Cosmic Log community by hitting the "like" button on the Cosmic Log Facebook page or following msnbc.com's science editor, Alan Boyle, on http://twitter.com/b0yle.