The bioweapon is in the post

You might think it would be difficult for a terrorist to obtain genes from the smallpox virus, or a similarly vicious pathogen. Well, it's not. Armed with a fake email address, a would-be bioterrorist could probably order the building blocks of a deadly biological weapon online, and receive them by post within weeks.

That's the sobering reality uncovered by a New Scientist investigation into the bioterror risks posed by the booming business of gene synthesis. Dozens of biotech firms now offer to synthesise complete genes from the chemical components of DNA (See "A dollar a base pair"). Yet some are carrying out next to no checks on what they are being asked to make, or by whom. It raises the frightening prospect of terrorists mail-ordering genes forkey bioweapon agents such as smallpox, and using them to engineer new and deadly pathogens.

Customers typically submit sequences by email or via a form available on a company's website. The companies then construct the specified genes and mail them back a few weeks later, usually spliced into a bacterium such as Escherichia coli. New Scientist approached 16 such firms, identified by a Google search, to ask whether they screened orders for DNA sequences that might pose a bioterror threat. Of the 12 companies that replied, just five said they screen every sequence received. Four said they screen some sequences, and three admitted not screening sequences at all (see Table).

The risks posed by gene] synthesis first hit the headlines in 2002, when a team from the State University of New York at Stony Brook made infectious polioviruses from synthetic DNA. And just last month, researcherswith the US Centers for Disease Control and Prevention in Atlanta, Georgia, said that they had used similar means to recreate the virus that caused the 1918 flu (New Scientist, 8 October, p 16).

In theory, a terrorist group could try to emulate the latter feat, or create a virus such as Variola major, which causes smallpox. However, the Variola genome comprises some 190,000 base pairs of DNA, and while somecompanies will make sequences 20,000 or more base pairs long, an attempt to order all the genes necessary to launch a smallpox attack would probably arouse suspicion. "That would stand out from a technological point ofview," suggests Drew Endy, a bioengineer at the Massachusetts Institute of Technology.

A more realistic risk is that terrorists could order genes thatfconfer virulence to dangerous pathogens such as the Ebola virus, and engineer them into another virus or bacterium. They could also order genes for a hazardous bacterial toxin – although many of these are also available by isolating the microorganisms from the environment.

Virulence genes are typically no more than a few thousand base-pairs long. Their sequences are publicly available, so screening gene-synthesis orders for potential bioweapons shouldn't pose a huge challenge. Indeed, a company called Craic Computing,based in Seattle, has written opensource software called Blackwatch that does just that. It is used by one of the leading gene-synthesis companies, Blue HeronBiotechnology of Bothell, Washington.

Robert Jones, president of Craic Computing, says that Blackwatch "casts a wide net", comparing orders against sequences from organisms identified by the US government as "select agents" that raise bioterror concerns. But not all of these sequences are dangerous, and some customers may have the clearance to work with those that are. So even legitimate orders may be flagged up as suspicious, and that means companies must employ biologists to carefully examine any matches that crop up.

The need for expert human checks may be one factor deterring some companies from screening orders. Others like to reassure customers who may be worried about commercial confidentiality that their sequence data will remain secret. But whatever the reasons, some firms freely admit that they run no sequence screens. "That's not our business," says Bob Xue, a director of Genemed Synthesis in South San Francisco.

Even if they don't routinely perform sequence checks, some companies say that they do investigate their customers. But the scope of these checks varies widely. But email addresses are notoriously easy to fake. And even orders from legitimate institutions may not be what they seem. Alfred Lasher, who manages Picoscript in Houston, Texas, says that he turned down one orderplaced by an individual at a US biotech firm, after Picoscript's enquiries revealed the gene was being ordered on behalf of a friend in another country.

Experts are concerned that the checks currently employed by some companies aren't sufficient to exclude orders placed by terrorists. "We're taking this very seriously," says Endy. Together with the J. Craig Venter Institute in Rockville, Maryland, and the Center for Strategic and International Studies in Washington DC, Endy's research group at MIT has launched a study into the risks and benefits of synthetic genomics, and aims to produce a set of policy recommendations by late 2006. The US National Science Advisory Board for Biosecurity, set up last year to advise the US government on which advances in biology could be exploited by terrorists, is also considering the issue.

Some gene synthesis companies say they would welcome more detailed rules. John Mulligan, president of Blue Heron, says it would be helpful to have a list of "select sequences" that are off-limits for gene synthesis without explicit government permission, rather than having to make difficult judgments based on the list of select agents. "Tell us what we can't make," he implores.

But with gene synthesis firms springing up all over the world, and the underlying technology becoming cheaper and more widely available, it is unclear whether regulations enacted in any one country will be enough."It's going to be virtually impossible to control," predicts David Magnus, director of the Stanford Center for Biomedical Ethics in Palo Alto, California. Endy argues that what's needed is better self-regulation: ifresearchers only do business with companies that are diligent in sequence screening and othersecurity checks, then terrorists would soon find themselves unable to place orders for dangerous genes. Otherwise, he fears a crackdown that could close valuable avenues of research. For instance, gene synthesis can be used to make DNA vaccines, which may eventually provide a means of responding rapidly to emerging diseases – or bioterrorist attacks. "As soon as people start dying from a bioengineered organism, there will be a huge security response and research will be clamped down," warns Endy.

Source : New Scientist Boston office