Flickr user Max Braun

Most people mail a vial of their spit to genetic information startup 23andMe because they want to know about their ancestors. They probably don't think that they might be adding themselves to a database that could open or close doors to certain websites.

A new program called Genetic Access Control uploaded to Github on Monday creates a framework for using 23andMe's genetic hoard in place of passwords. First spotted by Qz, the program (which has been proactively blocked by 23andme) could let a webmaster either open up or close down a site based on certain genetic traits of the visitor.


It works like this: Someone installs Genetic Access Control on their website in place of a username/password login and puts forward a set of genetic information that needs to met. That information can be very strict, matching a single specific person, or it can be loose, matching any number of genetic markers scientists have mapped.

The user attempting to login then needs to give the website access to their 23andMe account, similar to the way that some websites use Facebook or Twitter for their login. Except in this case, the site is checking the 23andMe account to see if the user meets the website's standards. If you do, you're in. If you don't you're out.

The creator of the code set forth a handful of examples where this could be beneficial in the code's readme file. Verifying a person's identity based on their genes is pretty tight security, and it also could be used to create safe spaces for women and marginalized ethnic groups.


But it doesn't take long to imagine all the ways this could be abused: blocking out visitors of a certain race, or sex, or those with genetic diseases. Because of this, it took 23andMe exactly two days to shut it down.


Given that we've just touched the tip of the ice berg into how this could be abused, it was probably smart of 23andMe to shut it down. The programmer has not made themselves public, but given the possibilities they outline on the Github page, it seems they were trying to point out a flaw in an open genetic API, rather than suggest taking discrimination to the genetic level.

That doesn't make the idea less scary. In fact, the negative consequences of such a program might be best captured in the username of the app's developer: "offensive computing."

Share This Story

Get our newsletter