I’m an EA lawyer with an interest in legal routes to reduce biorisk. In the course of some research, I’ve come to think the Bureau of Industry and Security at the U.S. Department of Commerce may have significant power to reduce risks from biotechnology. (I think the same is true of artificial intelligence, and know some other EAs are working on export controls in that context.) The goal of this post is to briefly summarize my research and thinking so that others interested in these ideas can vet and/or benefit from them.
How Export Controls Work
“Export controls” are laws and regulations that restrict release of critical tech, information, and services to nationals of and persons located within certain foreign countries. (I’ll mostly be ignoring a distinction here where sometimes controls are focused on the country to which items/info are exported, and sometimes (with “deemed exports”) to nationals of those countries, even when located in the U.S. Apologies for some imprecision here.) Most countries impose such controls in some form, and they’re the subject of multiple (nonbinding) agreements between nations, such as the Wassenaar Arrangement for arms control and the Australia Group for biological and chemical dual-use technologies. The U.S. generally seeks multilateral agreements like these before adding items to its domestic export control lists, but can and does act unilaterally when it wants to impose additional controls (see here for a recent example concerning software designed to automate analysis of geospatial imagery).
Within the U.S., export controls are largely governed via (1) the Munitions List (ML), a State Department-administered program directed at technology that is “inherently for military end use” (this is construed pretty narrowly, and most tech not funded by the military will not qualify), and (2) the Commerce Control List (CCL), a Department of Commerce-administered program covering a vast array of potential dual-use tech (see here and here to get a sense of the categories addressed).
When an item is placed on the CCL, it cannot be “exported” or “released” in a manner that would make it available to certain countries or their nationals except under a license issued by Commerce. Export includes physical shipment of goods as well as distribution of information by electronic transmission or publication, and it extends from the specific items placed on the list down to any information required for designing, developing, creating, or using such an item, including instructions, models, and technical know-how. See 15 C.F.R. § 774 Appendix 2. Violation of the licensing requirement carries massive penalties, including fines up to $300,000 (or 2x the value of the offending transaction) and up to 20 years in prison.
Commerce has extremely broad discretion to place any item on the CCL that could be used militarily by another country or otherwise impair U.S. security, and its decision to do so is “in effect judicially unreviewable.” State v. United States Dep’t of State, 996 F.3d 552, 564 (9th Cir. 2021). This means that Commerce can restrict access (including via publication) to certain types of technology or information by a method that’s less time-consuming and fraught with uncertainty than legislative or judicial action.
Using the CCL to Reduce Biorisk
The CCL already addresses a number of biosecurity-relevant items, including pathogens and genetic material from pathogens on the Australia Group list and CDC Select Agents list, plus tech for their development/production.* 15 C.F.R. § 742.2(a)(1); CCL §§ 1C351, 1C353, 1E001 (search in this doc). Recently, however, Congress has explicitly expanded Commerce’s mandate to “emerging technologies” that are “essential to the national security of the United States,” and asked it to establish licensing policies for such items (Export Control Reform Act of 2018).
The BIS, the division within Commerce responsible for the CCL, has interpreted “emerging technologies” to include “biotechnology” as well as “advanced computing technology” and “artificial intelligence and machine learning,” and has begun the process of issuing rules to address specific technologies within these categories. Recently (after negotiating similar controls for other Australia Group participants), BIS released a final rule placing controls on software for nucleic acid assemblers and synthesizers “capable of designing and building functional genetic elements from digital sequence data,” i.e. software that could be used to generate pathogens for biological weapons. (Full text of rule available here.)
I’m not going to discuss specific items that might be added to the CCL to reduce biorisk in this post, and would encourage people to use good judgment in avoiding info hazard territory in the comments; please feel free to DM me if you want to talk about specific tech instead. For purposes of thinking about potential applications and impact, I’ll say I’m particularly interested in export controls because I think they might help reduce information hazards by constraining publication of certain material,* which is an extremely difficult nut to crack under U.S. First Amendment law, no matter the circumstances—and changing incentives around publication has potential to change incentives around research. Likewise beyond the scope of this post, but potentially important, is the fact that the Foreign Investment Risk Review Modernization Act of 2018 requires companies developing technologies placed on the CCL to undergo an onerous national security review before accepting investment from many foreign nationals.
Potential Limitations on Use/Usefulness
Finally, a few notes on constraints that apply to BIS and might be relevant to work to reduce serious risks from biotech:
Preference for multilateral action: As noted, BIS prefers to implement controls that have multilateral support, although it can do so unilaterally. Expansion of export controls might require BIS either to depart from this general policy or to successfully seek multilateral agreements, which might make the process slower and more difficult than ideal. (The end of this article describes some impatience on the part of Congress with the delays here.)
Other agency involvement: Although Commerce has authority to decide what goes on the CCL, for items that aren’t addressed by multilateral agreements or other regimes like the Select Agents program there’s an ambiguous multi-agency consultation process involving DoD, Energy, the State Department, and others—it’s unclear whether that has any teeth, but anything inter-agency has the potential to create hassle.
Exception for “fundamental research”: An exception to the export control regulations applies to technology “that is released to conduct fundamental research”—i.e. research for non-commercial purposes “the results of which ordinarily are published and shared broadly within the research community.” 15 C.F.R. § 734.8. This might reduce the capacity of export controls to prevent publication in scientific journals. On the other hand, (1) the exception wouldn’t apply to large swaths of technology of concern, (2) I think there are medium-good arguments for construing the exception to exclude some of the highest-risk material, and (3) my current understanding (I don’t have a background in admin law—please chime in if you do!) is that Commerce could simply override this exemption as part of the rulemaking where it adds items to the CCL.
Constitutionality: As noted, it’s very hard to restrain publication of pretty much anything in the U.S. given how expansive our First Amendment is. This concern may be surmountable both for practical (lack of review mechanisms) and fundamental (based on narrow categories of case law) reasons, but I’d expect it to be an uphill battle to secure durable restrictions in some circumstances.
Feedback welcome!
Thanks to Andrew Snyder-Beattie, Jake Swett, and Helen Toner for helpful comments.
* Analogous EU rules were interpreted in 2012 by the Dutch government to require licensing for information related to genetic modification of the H5N1 flu before it could be published in Science. Christian Enemark, Influenza Virus Research and EU Export Regulations: Publication, Proliferation, and Pandemic Risks, 25 Med. Law R. 293, 294 (2017).
Using Export Controls to Reduce Biorisk
I’m an EA lawyer with an interest in legal routes to reduce biorisk. In the course of some research, I’ve come to think the Bureau of Industry and Security at the U.S. Department of Commerce may have significant power to reduce risks from biotechnology. (I think the same is true of artificial intelligence, and know some other EAs are working on export controls in that context.) The goal of this post is to briefly summarize my research and thinking so that others interested in these ideas can vet and/or benefit from them.
How Export Controls Work
“Export controls” are laws and regulations that restrict release of critical tech, information, and services to nationals of and persons located within certain foreign countries. (I’ll mostly be ignoring a distinction here where sometimes controls are focused on the country to which items/info are exported, and sometimes (with “deemed exports”) to nationals of those countries, even when located in the U.S. Apologies for some imprecision here.) Most countries impose such controls in some form, and they’re the subject of multiple (nonbinding) agreements between nations, such as the Wassenaar Arrangement for arms control and the Australia Group for biological and chemical dual-use technologies. The U.S. generally seeks multilateral agreements like these before adding items to its domestic export control lists, but can and does act unilaterally when it wants to impose additional controls (see here for a recent example concerning software designed to automate analysis of geospatial imagery).
Within the U.S., export controls are largely governed via (1) the Munitions List (ML), a State Department-administered program directed at technology that is “inherently for military end use” (this is construed pretty narrowly, and most tech not funded by the military will not qualify), and (2) the Commerce Control List (CCL), a Department of Commerce-administered program covering a vast array of potential dual-use tech (see here and here to get a sense of the categories addressed).
When an item is placed on the CCL, it cannot be “exported” or “released” in a manner that would make it available to certain countries or their nationals except under a license issued by Commerce. Export includes physical shipment of goods as well as distribution of information by electronic transmission or publication, and it extends from the specific items placed on the list down to any information required for designing, developing, creating, or using such an item, including instructions, models, and technical know-how. See 15 C.F.R. § 774 Appendix 2. Violation of the licensing requirement carries massive penalties, including fines up to $300,000 (or 2x the value of the offending transaction) and up to 20 years in prison.
Commerce has extremely broad discretion to place any item on the CCL that could be used militarily by another country or otherwise impair U.S. security, and its decision to do so is “in effect judicially unreviewable.” State v. United States Dep’t of State, 996 F.3d 552, 564 (9th Cir. 2021). This means that Commerce can restrict access (including via publication) to certain types of technology or information by a method that’s less time-consuming and fraught with uncertainty than legislative or judicial action.
Using the CCL to Reduce Biorisk
The CCL already addresses a number of biosecurity-relevant items, including pathogens and genetic material from pathogens on the Australia Group list and CDC Select Agents list, plus tech for their development/production.* 15 C.F.R. § 742.2(a)(1); CCL §§ 1C351, 1C353, 1E001 (search in this doc). Recently, however, Congress has explicitly expanded Commerce’s mandate to “emerging technologies” that are “essential to the national security of the United States,” and asked it to establish licensing policies for such items (Export Control Reform Act of 2018).
The BIS, the division within Commerce responsible for the CCL, has interpreted “emerging technologies” to include “biotechnology” as well as “advanced computing technology” and “artificial intelligence and machine learning,” and has begun the process of issuing rules to address specific technologies within these categories. Recently (after negotiating similar controls for other Australia Group participants), BIS released a final rule placing controls on software for nucleic acid assemblers and synthesizers “capable of designing and building functional genetic elements from digital sequence data,” i.e. software that could be used to generate pathogens for biological weapons. (Full text of rule available here.)
I’m not going to discuss specific items that might be added to the CCL to reduce biorisk in this post, and would encourage people to use good judgment in avoiding info hazard territory in the comments; please feel free to DM me if you want to talk about specific tech instead. For purposes of thinking about potential applications and impact, I’ll say I’m particularly interested in export controls because I think they might help reduce information hazards by constraining publication of certain material,* which is an extremely difficult nut to crack under U.S. First Amendment law, no matter the circumstances—and changing incentives around publication has potential to change incentives around research. Likewise beyond the scope of this post, but potentially important, is the fact that the Foreign Investment Risk Review Modernization Act of 2018 requires companies developing technologies placed on the CCL to undergo an onerous national security review before accepting investment from many foreign nationals.
Potential Limitations on Use/Usefulness
Finally, a few notes on constraints that apply to BIS and might be relevant to work to reduce serious risks from biotech:
Preference for multilateral action: As noted, BIS prefers to implement controls that have multilateral support, although it can do so unilaterally. Expansion of export controls might require BIS either to depart from this general policy or to successfully seek multilateral agreements, which might make the process slower and more difficult than ideal. (The end of this article describes some impatience on the part of Congress with the delays here.)
Other agency involvement: Although Commerce has authority to decide what goes on the CCL, for items that aren’t addressed by multilateral agreements or other regimes like the Select Agents program there’s an ambiguous multi-agency consultation process involving DoD, Energy, the State Department, and others—it’s unclear whether that has any teeth, but anything inter-agency has the potential to create hassle.
Exception for “fundamental research”: An exception to the export control regulations applies to technology “that is released to conduct fundamental research”—i.e. research for non-commercial purposes “the results of which ordinarily are published and shared broadly within the research community.” 15 C.F.R. § 734.8. This might reduce the capacity of export controls to prevent publication in scientific journals. On the other hand, (1) the exception wouldn’t apply to large swaths of technology of concern, (2) I think there are medium-good arguments for construing the exception to exclude some of the highest-risk material, and (3) my current understanding (I don’t have a background in admin law—please chime in if you do!) is that Commerce could simply override this exemption as part of the rulemaking where it adds items to the CCL.
Constitutionality: As noted, it’s very hard to restrain publication of pretty much anything in the U.S. given how expansive our First Amendment is. This concern may be surmountable both for practical (lack of review mechanisms) and fundamental (based on narrow categories of case law) reasons, but I’d expect it to be an uphill battle to secure durable restrictions in some circumstances.
Feedback welcome!
Thanks to Andrew Snyder-Beattie, Jake Swett, and Helen Toner for helpful comments.
* Analogous EU rules were interpreted in 2012 by the Dutch government to require licensing for information related to genetic modification of the H5N1 flu before it could be published in Science. Christian Enemark, Influenza Virus Research and EU Export Regulations: Publication, Proliferation, and Pandemic Risks, 25 Med. Law R. 293, 294 (2017).