related to national security (and therefore not classifiable) but with possible national security implications. In 1985, Kerr noted, NSDD-189 declared that “to the maximum extent possible, the [communication of] products of fundamental research [should] remain unrestricted.” Kerr stated that federal agencies were responsible for reviewing research projects at the time of a funding decision and for periodically reviewing research findings. Shortly after the events of September 11, 2001 and the subsequent anthrax mailings, Kerr said, National Security Advisor Condoleezza Rice reaffirmed that NSDD-189 would remain in effect.
Kerr proceeded to discuss “risk” as a function of the threat, vulnerability, and consequence of or to an action. Kerr noted that vulnerability and consequences (or impact) can be discussed and sometimes measured. Regarding infectious diseases, vulnerability can be measured on the basis of a population’s past experience (or lack of experience) with a particular pathogen. Vulnerability, he said, can be mitigated by the public health community’s possession of countermeasures and its ability to deliver them effectively. Consequences, he continued, are the magnitude of the damage, given a specific attack type at a specific time that damages a specific target. Threat, Kerr observed, is more difficult to forecast. Threat is the probability that a specific target will be attacked in a certain way during a specific time period, and includes a consideration of the intent of a person seeking to do harm and that person’s capability to do such harm. Threat, he argued, is therefore extremely difficult to predict because intent is an emotional state, and thus, the assessment of “threat” is beyond the purview of most scientists.
Kerr discussed levels of risk associated with three situations and suggested how risk might be mitigated in each case: (1) unintentional risk associated with the research and technologies themselves (e.g., accidental exposure, contamination, accidental release) and intentional risk from outside of the laboratory (e.g., people gaining access to the pathogens) and inside the laboratory (e.g., lab workers being bribed); (2) risk associated with the information obtained from research (e.g., ill-willed people using that information for nefarious purposes or loss of public trust in the government and scientific establishment); and (3) risk associated with the withholding of dual-use research and information (that might, for example, hinder planning and implementation of preparedness and response plans, impede surveillance activities and the development of countermeasures, or harm international relationships of the United States).
How will federal agencies and departments acquire the expertise necessary to make the regulatory decisions with which they will be tasked?