New Scientist (pg. 8) November 12, 2005 THE BIOWEAPON IS IN THE POST Firms that make DNA to order could unwittingly find themselves doing business with terrorists. By Peter Aldhous You might think it would be difficult for a terrorist to obtain genes from the smallpox virus, or a similarly vicious pathogen. Well, it's not. Armed with a fake email address, a would-be bioterrorist could probably order the building blocks of a deadly biological weapon online, and receive them by post within weeks. That's the sobering reality uncovered by a New Scientist investigation into the bioterror risks posed by the booming business of gene synthesis. Dozens of biotech firms now offer to synthesise complete genes from the chemical components of DNA (See "A dollar a base pair"). Yet some are carrying out next to no checks on what they are being asked to make, or by whom. It raises the frightening prospect of terrorists mail-ordering genes for key bioweapon agents such as smallpox, and using them to engineer new and deadly pathogens. Customers typically submit sequences by email or via a form available on a company's website. The companies then construct the specified genes and mail them back a few weeks later, usually spliced into a bacterium such as Escherichia coli. New Scientist approached 16 such firms, identified by a Google search, to ask whether they screened orders for DNA sequences that might pose a bioterror threat. Of the 12 companies that replied, just five said they screen every sequence received. Four said they screen some sequences, and three admitted not screening sequences at all (see Table). The risks posed by gene synthesis first hit the headlines in 2002, when a team from the State University of New York at Stony Brook made infectious polioviruses from synthetic DNA. And just last month, researchers with the US Centers for Disease Control and Prevention in Atlanta, Georgia, said that they had used similar means to recreate the virus that caused the 1918 flu (New Scientist, 8 October, p 16). In theory, a terrorist group could try to emulate the latter feat, or create a virus such as Variola major, which causes smallpox. However, the Variola genome comprises some 190,000 base pairs of DNA, and while some companies will make sequences 20,000 or more base pairs long, an attempt to order all the genes necessary to launch a smallpox attack would probably arouse suspicion. "That would stand out from a technological point of view," suggests Drew Endy, a bioengineer at the Massachusetts Institute of Technology. ======================================================= Sidebar: A Dollar a Base Pair Biochemists have long known how to build DNA from its components "bases" -- the chemical letters of the genetic code. By adding the bases in a prescribed order and carefully performing a series of chemical reactions, they can create precisely tailored stretches of DNA. The process became significantly less laborious with the debut of the automated DNA synthesiser in the 1980s. But a full gene -- a DNA sequence up to several thousand base pairs long -- involves a formidable jigsaw puzzle. Commercial gene synthesis has only really taken off in the past few years with advances in automating this assembly process. As they main players jostle for position, the costs of gene synthesis are plummeting. Prices have dropped about tenfold in five years, and some firms now supply genes for less than $1.50 per base pair. ======================================================== A more realistic risk is that terrorists could order genes that confer virulence to dangerous pathogens such as the Ebola virus, and engineer them into another virus or bacterium. They could also order genes for a hazardous bacterial toxin -- although many of these are also available by isolating the microorganisms from the environment. Virulence genes are typically no more than a few thousand base-pairs long. Their sequences are publicly available, so screening gene- synthesis orders for potential bioweapons shouldn't pose a huge challenge. Indeed, a company called Craic Computing, based in Seattle, has written open-source software called Blackwatch that does just that. It is used by one of the leading gene-synthesis companies, Blue Heron Biotechnology of Bothell, Washington. Robert Jones, president of Craic Computing, says that Blackwatch "casts a wide net", comparing orders against sequences from organisms identified by the US government as "select agents" that raise bioterror concerns. But not all of these sequences are dangerous, and some customers may have the clearance to work with those that are. So even legitimate orders may be flagged up as suspicious, and that means companies must employ biologists to carefully examine any matches that crop up. ======================================================== Sidebar: Gene Screens How 12 companies answered when asked if they screen orders for sequences that bioterrorists could turn into weapons BaseClear, Leiden, The Netherlands -- Not routinely Bio Basic, Markham, Canada -- No Bionexus, Oakland, California -- Not routinely Bio S&T, Montreal, Canada -- No Blue Heron Biotechnology, Bothell, Washington -- Yes DNA 2.0, Menlo Park, California -- Yes Entelechon, Regensburg, Germany -- Yes Geneart, Regensburg, Germany -- Yes Genemed Synthesis, South San Francisco, California -- No GenScript, Piscataway, New Jersey -- Usually Integrated DNA Technologies, Coralville, Iowa -- Yes Picoscript, Houston, Texas -- Not routinely ======================================================== The need for expert human checks may be one factor deterring some companies from screening orders. Others like to reassure customers who may be worried about commercial confidentiality that their sequence data will remain secret. But whatever the reasons, some firms freely admit that they run no sequence screens. "That's not our business," says Bob Xue, a director of Genemed Synthesis in South San Francisco. Even if they don't routinely perform sequence checks, some companies say that they do investigate their customers. But the scope of these checks varies widely. While some firms say they conduct thorough probes into customers' affiliations and scientific publications, others are less exhaustive. For instance, Jennifer Wang, general manager of Bio Basic, based in Markham, Canada, says that her company examines email addresses to see if orders come from a legitimate research organisation. Such a check would have spotted one suspicious order, sent from a Hotmail address to BaseClear of Leiden, the Netherlands. This was for a modified sequence from a hepatitis-like virus. BaseClear itself rejected the order after the would-be customer failed to respond to requests for more information, says Gerben Zondag, the firm's scientific director. But email addresses are notoriously easy to fake. And even orders from legitimate institutions may not be what they seem. Alfred Lasher, who manages Picoscript in Houston, Texas, says that he turned down one order placed by an individual at a US biotech firm, after Picoscript's enquiries revealed the gene was being ordered on behalf of a friend in another country. Experts are concerned that the checks currently employed by some companies aren't sufficient to exclude orders placed by terrorists. "We're taking this very seriously," says Endy. Together with the J. Craig Venter Institute in Rockville, Maryland, and the Center for Strategic and International Studies in Washington DC, Endy's research group at MIT has launched a study into the risks and benefits of synthetic genomics, and aims to produce a set of policy recommendations by late 2006. The US National Science Advisory Board for Biosecurity, setup last year to advise the US government on which advances in biology could be exploited by terrorists, is also considering the issue. Some gene synthesis companies say they would welcome more detailed rules. John Mulligan, president of Blue Heron, says it would be helpful to have a list of "select sequences" that are off-limits for gene synthesis without explicit government permission, rather than having to make difficult judgments based on the list of select agents. "Tell us what we can't make," he implores. But with gene synthesis firms springing up all over the world, and the underlying technology becoming cheaper and more widely available, it is unclear whether regulations enacted in any one country will be enough. "It's going to be virtually impossible to control," predicts David Magnus, director of the Stanford Center for Biomedical Ethics in Palo Alto, California. Endy argues that what's needed is better self-regulation: if researchers only do business with companies that are diligent in sequence screening and other security checks, then terrorists would soon find themselves unable to place orders for dangerous genes. Otherwise, he fears a crackdown that could close valuable avenues of research. For instance, gene synthesis can be used to make DNA vaccines, which may eventually provide a means of responding rapidly to emerging diseases -- or bioterrorist attacks. "As soon as people start dying from a bioengineered organism, there will be a huge security response and research will be clamped down," warns Endy.