Twenty Years After the Patriot Act, What Is the Future of Biosecurity?
To deal with tomorrow’s biological threats, we must go beyond guns, guards, gates, and lists of suspicious germs.
The USA Patriot Act was signed into law exactly 20 years ago, on October 26, 2001. While the law was profoundly shaped by the back-to-back events of the September 11 attacks and the 2001 anthrax attacks, it was deeply rooted in in fears about bioterrorism that had been growing since the 1990s. This anniversary provides a moment to reflect upon the Patriot Act’s legacy, as well as to imagine and plan for different biosecurity futures.
The overall intent of the USA Patriot Act (formally known as the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act) was clear: to prevent terrorism by raising the “barrier to entry” for potential terrorists. At its core, the act responded to two kinds of perceived threats—from outsiders and from insiders—and this dichotomy continues to have repercussions today. Within the realm of biosecurity, the legislation sought to make it harder for states, terrorists, extremist groups, and lone-wolf actors to acquire dangerous biological materials, while also protecting biological research facilities from insider threats such as disgruntled employees and people with a grudge against biological research.
Twenty years on, it is time to reflect: How well did this legislation promote or hinder biosecurity over time? What unintended or negative consequences have resulted? Most importantly, to what degree is the United States sufficiently prepared to contend with emerging biosecurity threats in a world that is more technologically advanced, interconnected, and interdependent than ever?
Some observers have described the Patriot Act as a great success. From its passage in 2001 through an assessment in 2012, it was credited with thwarting at least 50 publicly known terrorist plots against the United States thanks to the broad surveillance powers it offers law enforcement and intelligence agencies. None of these plots, however, are known to have used biological materials. And although terrorist groups outside the United States, such as Al Qaeda, were known to be pursuing biological weapons at this time, it is not clear that this domestic legislation alone is what stopped biological attacks from occurring. Thus without evidence of why bioterrorism plots have not occurred since the Patriot Act’s passage, whether the act has made the United States safer and more secure from biological threats remains an open question.
Advocates point out that the act raised the bar for malfeasance by tightening controls on specific dangerous pathogens and toxins, as well as regulating how they could be stored, used, and transferred within the United States—building a significant barrier to outsider and insider threats. Further, in its provisions to stop bad-acting insiders, it significantly raised the criminal penalties for misuse of specific biological materials, calling for much larger fines and as many as ten years in prison. This is a far cry from the 18 months’ probation given to microbiologist and white supremacist Larry Wayne Harris, a scientist who, in the 1990s, provided false credentials to obtain three vials of the causative agent for the bubonic plague. Harris was ultimately charged with just one count of wire fraud. Proponents of the act say that this combination of external and internal controls, along with the updated penalties, deters and stymies the efforts of would-be bioterrorists.
In its attempts to control insider bioterror attacks, however, the implementation of the Patriot Act has triggered a series of unintended negative consequences on the life sciences, greatly disrupting who participates in science, where science is done, and how it is conducted.
Implementation of the Patriot Act provisions cannot be separated from the Public Health Security and Bioterrorism Preparedness Response Act of 2002 (PHSBPRA). PHSBPRA replicated the Patriot Act’s top-down approach to security and introduced additional measures. These include registering and screening scientists and requiring institutions to conduct formal, written, risk-based biosafety and biosecurity assessments of their operations, such as annual insider threat awareness briefings.
Both acts have imposed significant costs and administrative burdens on scientific institutions that work on the class of harmful pathogens known as select agents. From an institutional perspective, participation in the Patriot Act’s Federal Select Agent Program (FSAP) is an unfunded mandate. Grants and other research funding do not cover the costs of physical and cyber security and facility maintenance, or the administrative personnel necessary to manage the program. The regulations are complex and can be difficult to implement correctly. These costs are high and fall back on the research institution to fund.
In response, some institutions have chosen not to engage in this research. A 2004 analysis by Sandia National Laboratories researchers Jennifer Gaudioso and Reynolds M. Salerno found that only about 40% (323 of 817) of the facilities that the Centers for Disease Control and Prevention expected to register under the select agent rule had done so. In a 2010 study by M. Beatrice Dias and colleagues comparing publications to millions of dollars spent in research funding, they estimated a two- to five-fold increase in the cost of doing select agent research because of the additional expense of compliance with the legislation.
The Patriot Act’s requirements have also affected researchers themselves. Gaudioso and Salerno noted that “many researchers have decided to discontinue or not pursue research on regulated biological agents, rather than implement the new security regulations and bear the associated financial burden.” A survey conducted in 2004 and 2005 by Sandia National Laboratories found that “the time and effort required by staff to comply with the regulations, and the inconvenience of increased security were frequently cited as negative impacts” and that the rules were a “paradigm shift” for the research community. Moreover, the questions that researchers must answer to have access to select agents are potentially invasive and unrelated to an individual’s risk. These include queries about previous criminal convictions, past drug use (including marijuana), dishonorable discharges from the military, stays in mental institutions, and official residency in the United States.
There are real trade-offs for those in the life sciences who have engaged in this work. Those trade-offs have implications for how the country responds to future biosecurity threats. It is time to seriously consider whether the nation should continue these biosecurity programs as they stand today. Not only is the value proposition of the current regulatory framework unclear, and potentially deleterious, but it may not be up to the task of contending with new and emerging challenges. New technological advances, changes in the international regulatory environment, and the convergence of biology with other scientific disciplines has created a new array of biosecurity concerns different from those biologists faced two decades ago.
In the 20 years since the Patriot Act was passed, some aspects of biological work have become easier to execute. Once arcane information is now freely available on the internet. Genome-editing tools such as CRISPR are now ubiquitous in academic and non-academic environments. CRISPR’s relative ease led the intelligence community to conclude in its 2016 Worldwide Threat Assessment report that CRISPR’s “deliberate or unintentional misuse might lead to far-reaching economic and national security implications.” The jury is still out, however, as to whether these biological advances have changed the threat calculus for biological weapons produced by bad actors.
In addition, thanks to more readily accessible equipment, knowledge, and materials, new communities are engaging in life science work. These new actors, such as the do-it-yourself biology (DIYBio) movement, make the traditionally institution-based, top-down governance of the life sciences impossible. Such top-down governance may also stifle innovation, inhibit community-building, and even potentially drive activities underground.
At the international level, coordinated international governance is becoming more challenging to navigate. Strategic competition with China and Russia may stymie efforts to collaborate productively towards mutually beneficial ends. Consensus on biosecurity governance is made more difficult by variation in values, norms, and priorities that shape countries’ biosecurity interests.
Driven by anthropogenic effects such as climate change and ecological degradation, the global environment itself has also changed, with increasing rates of spillover events of epidemic and pandemic potential. One approach to mitigating these spillover outbreaks has been increased construction of high-containment research labs around the world. However, if not properly managed, these labs may themselves create new biological threats from accidental and deliberate sources.
Due to the global nature of travel and supply chains, society now requires a much broader capability to respond to outbreaks. Local communities need resources to respond to epidemics—not only to provide medical care but also to collect and distribute information to understand and halt the spread of virulent pathogens.
Finally, the life sciences no longer exist purely at the laboratory bench. Increasingly, biological information is digitized and biological skills have been automated to enable the sharing of knowledge, practices, and lab skills around the globe. Although training in biological methods might have prevented potentially dangerous practices in the past, the digital nature of the life sciences—including the potential ability to sequence, store, and synthetically create select agents using online and commercial entities—may exacerbate biosecurity risks.
The Patriot Act’s top-down approach cannot fully address this emerging reality. Despite 20 years of effort, some old biosecurity issues continue to plague the country, while a whole new biosecurity frontier is opening up. As a diverse team of biosafety and biosecurity practitioners, we intend our reflections on the Patriot Act as a call to action to consider, plan, and prepare to address ongoing and emergent risks from the life sciences and biotechnology.
First, the United States must move beyond a traditional biosecurity focus on guns, guards, gates, and pathogens: the increasing digitization of biology means that policymakers need to focus more attention on understanding and responding to threats stemming from the development, use, and sharing of biological data in its various forms and formats. This new data and operational frontier raises questions of how traditional biosecurity practices translate to the digital context, as well as the implications that access to virtual sequences have on existing practices such as list-based approaches for biosecurity.
Advances and developments in the life sciences are happening beyond traditional science institutions and extend to new actors and communities, complicating top-down approaches to security. While previous security efforts tried to limit who could work with sensitive pathogens, future efforts must expand the community of people who are watchful. Today’s proliferation of international DIYBio groups, computational biology entities, and synbio startup companies, as well as students involved in creating biological innovations through the International Genetically Engineered Machine (iGEM) Foundation, might be thought of as threats in the old model. New models could see them as partners in creating norms and providing information for enhancing biosecurity. As participant communities increase and diversify, traditional biosecurity networks must find ways to engage with and get buy-in from these new actors as stakeholders with skin in the game.
Secondly, policymakers and practitioners must expand the vision of biosecurity beyond high-security labs, to provide public health services to every community in the country, if not the world. The COVID-19 experience showed that the nation’s public health system and the supply chains that support it struggled in response to a large-scale disease threat. In addition, the pandemic demonstrated that local public health personnel can detect, respond to, and mitigate the effects of disinformation and misinformation campaigns as they emerge. Officials should explore lessons from COVID-19 and past events to better understand and build toward a new biosecurity ecosystem that leverages the role and strengths of public health preparedness and response.
The biosecurity field must also find ways to expand. Over the past five years the community has lost several leading biosecurity experts through death or retirement. Given the small and specialized nature of biosecurity, these losses have been painful. Biosecurity practitioners must find ways to retain and maintain the lessons of the past and impart knowledge and experiences to future generations. Furthermore, given the increasing diversity of those participating in the life sciences and the breadth of expertise needed to assess emerging threats, it is necessary to conduct outreach and engagement to a broader expert community around the world. The community needs to find ways to build more opportunities for present and future biosecurity experts to meet, interact, learn from one another, and build networks in advance of the anticipated—as well as the unanticipated—biological events we will face in the future.
Finally, the biosecurity community needs a much better international system for monitoring research with pathogens of high consequence, pathogens with pandemic potential, and biological weapons in order to build better biosecurity governance worldwide. The controversies over the China’s Wuhan Institute of Virology and the origins of COVID-19 have revealed that officials do not have a good handle on which labs around the world are engaged in high-risk research—and what biosecurity measures these facilities have in place. Such knowledge is needed to carefully interrogate rumors that China and possibly other nations pose increasing biosecurity threats, using solid empirical data and careful analyses that include a range of socio-technical considerations.
As the 2001 anthrax attacks revealed, leaders and practitioners do not even have a good understanding of what dual-use work is happening within the United States, because it is diffused across many agencies, programs, and entities. The country needs a unified system for reporting concerns as well as international mechanisms for information sharing and collaboration among researchers to help address these gaps in knowledge—gaps that may obscure vulnerabilities to biological threats from anthropogenic sources.
Global biosecurity treaties and mechanisms, such as the Biological and Toxin Weapons Convention (BTWC), have faced significant challenges, which have caused some observers to raise questions about the treaties’ continued efficacy in the modern era. However, there remain opportunities within the BTWC for governments to engage and enhance their own biosecurity, contribute to capacity building, and foster more transparency around dual-use research. This is particularly true given the BTWC will be holding its Ninth Review Conference in Geneva in 2022, which could allow the parties to develop additional understandings and agreements.
After two decades, we believe it is time to catalyze attention and action toward building the diverse communities, knowledge, and capabilities necessary to address contemporary biosecurity concerns in a more comprehensive, equitable, and holistic fashion. This will involve changing the way the United States regulates biosecurity, but it will also require understanding the changing meaning of biosecurity across different contexts. Biosecurity is an umbrella term used across multiple disciplines. Although we use it here to refer to securing materials, information, and knowledge against malicious ends, biosecurity in the agriculture context can mean taking steps to make sure that infectious disease does not get introduced to plants or animals. An example of this includes efforts to understand and control the transmission of bovine spongiform encephalopathy (more commonly known as mad cow disease) in cow populations—a problem that has cost the United Kingdom significant revenue since the 1990s, as countries, including the United States and China, have at times banned British beef imports because of the disease.
As the globe’s interconnections and frailties become more pronounced, society cannot afford to rely only on the definitions of biosecurity that made sense in previous decades. This is not to say that regulations based on those definitions do not continue to serve a purpose: restricting access to pathogens is an important part of biosecurity. However, as the contours of biological practices and threats change, biosecurity must change to address emergent concerns. This requires not only the methods of the past, but also new tools, expertise, and public-private partnerships. Only in this manner can the biosecurity community and policymakers simultaneously address new biological threats while harnessing the strengths that emerge from connecting and building diverse communities that are committed to keeping the life sciences safe and secure.