SA Forum is an invited essay from experts on topical issues in science and technology.

If there’s a gene for hubris, the 23andMe crew has certainly got it. Last Friday the U.S. Food and Drug Administration (FDA) ordered the genetic-testing company immediately to stop selling its flagship product, its $99 “Personal Genome Service” kit. In response, the company cooed that its “relationship with the FDA is extremely important to us” and continued hawking its wares as if nothing had happened. Although the agency is right to sound a warning about 23andMe, it’s doing so for the wrong reasons.

Since late 2007, 23andMe has been known for offering cut-rate genetic testing. Spit in a vial, send it in, and the company will look at thousands of regions in your DNA that are known to vary from human to human—and which are responsible for some of our traits. For example a site in your genome named rs4481887 can come in three varieties. If you happen to have what is known as the GG variant, there is a good probability that you are unable to smell asparagus in your urine; those blessed with the GA or AG varieties are much more likely to be repulsed by their own pee after having a few spears at Spargelfest.

At first, 23andMe seemed to angle its kit as a fun way to learn a little genetics using yourself as a test subject. (“Our goal is to connect you to the 23 paired volumes of your own genetic blueprint... bringing you personal insight into ancestry, genealogy, and inherited traits,” read the company’s website.) The FDA had little problem with the company telling you why you had dry ear wax (rs17822931) or whether you’re likely to sneeze when you look at a bright light (rs10427255).

That phase didn’t last for long, because there is much more interesting stuff in your genome than novelty items. Certain regions signal an increased risk of breast cancer, the impending onset of metabolic diseases, and sensitivity to medications. 23andMe—as well as a number of other companies—edged closer and closer to marketing their services as a way of predicting and even preventing health problems. And any kit intended to cure, mitigate, treat, prevent, or diagnose a disease is, according to federal law, a "medical device" that needs to be deemed safe and effective by the FDA. Since mid-2009, 23andMe has been negotiating with the agency, and in July 2012, the company finally began the process of getting clearance from the FDA to sell the kit that it had already been selling for five years.

Everything seemed rosy until, in what a veteran Forbes reporter calls “the single dumbest regulatory strategy [he had] seen in 13 years of covering the Food and Drug Administration,” 23andMe changed its strategy. It apparently blew through its FDA deadlines, effectively annulling the clearance process, and abruptly cut off contact with the agency in May. Adding insult to injury the company started an aggressive advertising campaign (“Know more about your health!”), leaving little doubt about the underlying medical purpose of 23andMe’s Personal Genome Service. This left the agency with little alternative but to take action. “As part of our interactions with you, including more than 14 face-to-face and teleconference meetings, hundreds of email exchanges, and dozens of written communications,” the agency complained, “we provided you with… statistical advice, and discussed potential risk mitigation strategies.” It is the tone of a spurned spouse, exasperated and angry that 23andMe is putting no effort into salvaging their relationship.

But as the FDA frets about the accuracy of 23andMe’s tests, it is missing their true function, and consequently the agency has no clue about the real dangers they pose. The Personal Genome Service isn’t primarily intended to be a medical device. It is a mechanism meant to be a front end for a massive information-gathering operation against an unwitting public.

Sound paranoid? Consider the case of Google. (One of the founders of 23andMe, Anne Wojcicki, is presently married to Sergei Brin, the founder of Google.) When it first launched, Google billed itself as a faithful servant of the consumer, a company devoted only to building the best tool to help us satisfy our cravings for information on the web. And Google’s search engine did just that. But as we now know, the fundamental purpose of the company wasn’t to help us search, but to hoard information. Every search query entered into its computers is stored indefinitely. Joined with information gleaned from cookies that Google plants in our browsers, along with personally identifiable data that dribbles from our computer hardware and from our networks, and with the amazing volumes of information that we always seem willing to share with perfect strangers—even corporate ones—that data store has become Google’s real asset. By parceling out that information to help advertisers target you, with or without your consent, Google makes more than $10 billion every quarter.

What the search engine is to Google, the Personal Genome Service is to 23andMe. The company is not exactly hiding its ambitions. “The long game here is not to make money selling kits, although the kits are essential to get the base level data,” Patrick Chung, a 23andMe board member, told FastCompany last month. “Once you have the data, [the company] does actually become the Google of personalized health care.” The company has lowered the price of the kit again and again, most recently from $299 to a mere $99, practically making it a stocking-stuffer. All the better to induce volunteers to give 23andMe the data it so desperately wants. (Currently, the database contains the genetic information of some half a million people, a number Wojcicki reportedly wants to double by year end.)

What does 23andMe want to do with all that data? Right now the talk is all about medical research—and, in fact, the company is doing some interesting work. It has been sifting through its genomic database, which is combined with information that volunteers submit about themselves, to find possible genetic links to people’s traits. (The bright-light/sneeze genetic tag is a 23andMe discovery.) More promising are 23andMe’s attempts to recruit people who suffer from certain diseases, such as Parkinson’s and a few types of cancer. Simply through brute-force pattern matching, the company has a chance of finding genetic causes of these ailments, which could lead to a way to combat them. (And perhaps a blockbuster patent or three.)

That’s just the beginning, though. 23andMe reserves the right to use your personal information—including your genome—to inform you about events and to try to sell you products and services. There is a much more lucrative market waiting in the wings, too. One could easily imagine how insurance companies and pharmaceutical firms might be interested in getting their hands on your genetic information, the better to sell you products (or deny them to you). According to 23andMe’s privacy policy, that wouldn’t be an acceptable use of the database. Although 23andMe admits that it will share aggregate information about users genomes to third parties, it adamantly insists that it will not sell your personal genetic information without your explicit consent.

We’ve heard that one before. Back when Google was first launched, the founders insisted that the company would never sell you out to advertisers. The company admitted that it would share aggregate information about users’ behavior with anyone who ponied up enough money, but the company’s privacy policy promised that “[i]ndividually identifiable information about you is not willfully disclosed to any third party without first receiving your permission.” A decade and a half later, after countless minuscule frog-in-boiling-water changes, Google’s privacy policy is craftily worded, diluting the word “consent” so that it’s implicit in most cases. (There are a few exceptions; the company has graciously agreed not to reveal that you are a homosexual or that you have heart disease unless you explicitly opt in. But in matters not related to your medical conditions, race, ethnicity, sexuality, or your political or religious beliefs, there is no such guarantee.) Not that your consent really matters, implicit or explicit. Google has repeatedly proven that it is more than willing to break its promises and ignore its own privacy rules when it suits.

Why should we believe that 23andMe’s promises are any more binding? Early signs certainly aren’t encouraging. Even though 23andMe currently asks permission to use your genetic information for scientific research, the company has explicitly stated that its database-sifting scientific work “does not constitute research on human subjects,” meaning that it is not subject to the rules and regulations that are supposed to protect experimental subjects’ privacy and welfare.

Those of us who have not volunteered to be a part of the grand experiment have even less protection. Even if 23andMe keeps your genome confidential against hackers, corporate takeovers, and the temptations of filthy lucre forever and ever, there is plenty of evidence that there is no such thing as an “anonymous” genome anymore. It is possible to use the internet to identify the owner of a snippet of genetic information and it is getting easier day by day.

This becomes a particularly acute problem once you realize that every one of your relatives who spits in a 23andMe vial is giving the company a not-inconsiderable bit of your own genetic information to the company along with their own. If you have several close relatives who are already in 23andMe’s database, the company already essentially has all that it needs to know about you. It is doubtful that 23andMe would be able to protect that information even if it were so inclined.

While the FDA concentrates on the question of whether 23andMe’s kit is a safe and effective medical device, it is failing to address the real issue: what 23andMe should be allowed to do with the data it collects. For 23andMe’s Personal Genome Service is much more than a medical device; it is a one-way portal into a world where corporations have access to the innermost contents of your cells and where insurers and pharmaceutical firms and marketers might know more about your body than you know yourself. And as 23andMe warns on its website, “Genetic Information that you share with others could be used against your interests. You should be careful about sharing your Genetic Information with others.”

Present company excepted, of course.