Introduction

Elisa D. Harris

Since shortly after the first and, thus far, only use of atomic weapons, in 1945, scientists, policy analysts, and government officials have sought to identify measures to inhibit the further acquisition and use of the enormous destructive potential of nuclear technology. In the late 1960s, a similar group of stakeholders initiated efforts to prevent the biological sciences from being used to develop weapons whose destructive effects against humans, animals, and plants could, in some circumstances, rival those of nuclear weapons. Today, questions are being raised about how to manage the potential threat posed by information technology, whose growth and spread some believe may position cyber weapons alongside nuclear and biological weapons in the elite club of technologies capable of unleashing massive harm.

These technologies differ in their legal status and characteristics. But they also have one critically important similarity: each is what has come to be called dual-use. Over the years, this concept has been defined in various ways. The European Commission (EC), for example, defines dual-use goods as &dlquo;items, including software and technology, which can be used for both civil and military purposes.”¹ The U.S. government’s Code of Federal Regulations takes a similar approach, describing &dlquo;items that can be used both in military and other strategic uses . . . and commercial applications.”² These definitions focus on the inherent characteristics of the technology and are consistent with how the term dual-use is used in discussions of nuclear technology.

Other definitions, however, focus more on what one analyst has called externalities, such as the context in which the technology is used, or the users themselves.³ This is reflected in the 2004 National Academy of Sciences (NAS) report, Biotechnology Research in an Age of Terrorism, which describes the dual-use dilemma in biology as &dlquo;when the same technologies can be used legitimately for human betterment and misused for bioterrorism.”⁴ An externally driven approach is also evident in the work of analysts at the Center for International and Security Studies at Maryland, whose proposal for oversight of dual-use biotechnology research extends to research that is intended for beneficial purposes but can also cause harm, either inadvertently or as a result of deliberate malfeasance.⁵ This definition is even broader than that used by the NAS in that it includes not just deliberate misuse of dual-use technology but accidents and other unintended outcomes.

Whatever definition one uses, military measures such as deterrence, defense, and reprisal are clearly of limited value in preventing dual-use technologies that are widely available around the globe, such as biological and information technology, from being used for hostile purposes. In both of these areas, the difficulties associated with identifying the source of an attack, or what is called attribution, render deterrence and reprisal much less effective. The technology also favors the offense over defense; that is, a biological or cyberattack is generally easier to carry out than to defend against. The situation is different in the nuclear area, where the technology is not as broadly disseminated and where measures such as deterrence, defense, and reprisal have for almost seventy years played a major role in preventing the use of nuclear weapons. They also have helped convince at least some countries that their security does not require them to use their civilian nuclear technology to develop a nuclear weapons capability.

Today, the range of actors who could cause harm with these dual-use technologies includes not just state-level actors like national governments, but also nonstate actors such as terrorists or criminals. In the case of biological and information technology, private and commercial entities and even individuals must also be considered. Moreover, distinctions between these actors often are blurred, as in the case of biodefense research, which might be funded by a government agency but conducted at a private facility. The types of harm that can result from the misuse of these dual-use technologies are similarly wide ranging and include everything from mischief to loss of life to damage to commercial, macroeconomic, or national security interests.

Because of the complexities of the threat, a wide range of different governance measures have been developed to mitigate the risks from dual-use technologies. Like the term dual-use, the concept of governance has been defined in a variety of ways. Noah Webster’s 1828 dictionary, for example, describes it in terms of &dlquo;government; exercise of authority; direction; control.”⁶ Political scientist Mark Bevir has more recently defined governance more broadly, as &dlquo;all processes of governing, whether undertaken by a government, market or network, whether over a family, tribe, formal or informal organization or territory and whether through laws, norms, power or language.”⁷ This definition describes some of the potential sources, targets, and forms of governance, but its descriptions are more illustrative than comprehensive.

Bevir’s definition omits two elements that are important to the governance of dual-use technology: the levels at which governance is undertaken and the objectives it seeks to achieve. Each level of society is in fact potentially relevant to governance—the international, national, local, and individual. As for the objectives of governance of dual-use technologies, these can be thought of in terms of general concepts like nonproliferation, security, and safety, or in terms of more-specific goals, including:

• preventing dual-use technologies from being developed and used for hostile purposes;
• controlling access to the materials, equipment, and information or knowledge associated with dual-use technologies; and
• promoting the safe and secure handling and use of materials, equipment, or information associated with dual-use technologies.

As the following chapters show, just as no single definition of dual-use or governance is relevant to all three of these technologies, no single governance approach can mitigate the risks posed by different dual-use technologies. Nevertheless, the concept of dual-use technology is a useful organizing principle for examining governance efforts across different technology areas. This examination is especially important given the pace of technological developments and the continuing diffusion of dual-use materials, equipment, and information around the globe. These trends are playing out differently in each of the technology areas examined in this volume, but their potential consequences are the same: an increase in the risk that dual-use nuclear, biological, or information technology will cause harm, potentially on a massive scale.

Responding to this challenge requires a deeper understanding of how governance efforts in each of these areas have evolved: What types of governance measures have been adopted? What objectives have they sought to achieve? How have the technical characteristics of the technology affected governance prospects? Who are the key stakeholders and what has been their role? What have been the primary obstacles to effective governance? What gaps exist in the current governance regime? Are further governance measures feasible? These are among the questions that the following chapters on nuclear, biological, and information technology seek to address.

The discussion in each of these chapters will lay the foundation for an analysis of governance arrangements across the three dual-use technology areas: What are the most important differences among the technologies, and to what extent do they affect governance prospects? What are the most important similarities in the governance measures being used in the different technology areas? What factors account for the limitations in the various governance measures that have been adopted to date? Are further governance measures feasible in any of these technology areas? Finally, what lessons can be learned about dual-use technology governance from the experience of these particular dual-use technologies? These questions will be the focus of the volume’s concluding chapter.

ENDNOTES

1. &dlquo;Council Regulation (EC) No 428/2009 of May 5, 2009,” Official Journal of the European Union (May 29, 2009): L134/3, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:134:0001:0269:en:PDF.

2. &dlquo;Dual Use Exports,” Code of Federal Regulations, Title 15, § 730.3 (2000), https://www.law.cornell.edu/cfr/text/15/730.3.

3. Brian Rappert and Caitriona McLeish, A Web of Prevention: Biological Weapons, the Life Sciences and the Governance of Research (London: Earthscan, 2007), 196–199.

4. National Research Council, Biotechnology Research in an Age of Terrorism (Washington, D.C.: National Academies Press, 2004), 15.

5. John D. Steinbruner, Elisa D. Harris, Nancy Gallagher, and Stacy M. Okutani, Controlling Dangerous Pathogens: A Prototype Protective Oversight System (College Park: Center for International and Security Studies at Maryland, 2007).

6. Noah Webster, American Dictionary of the English Language (1828), http://webstersdictionary1828.com/Dictionary/governance.

7. Mark Bevir, Governance: A Very Short Introduction (Oxford: Oxford University Press, 2013), 1.