The Future of Violence

PART I

1

THE DISTRIBUTION OF OFFENSIVE CAPABILITY

USING GENE-SPLICING EQUIPMENT available online and other common laboratory equipment and materials, a disgruntled molecular biology graduate student undertakes a secret project to recreate the smallpox virus. Not content merely to bring back an extinct virus to which the general population has no immunity, he uses public-source material to enhance the virus’s lethality. His activities raise no eyebrows at his university lab, where synthesizing and modifying complex genomes is commonplace. Although time-consuming, the task is not especially difficult. He buys short pieces of the genome and strings them together—taking care not to order sequences long enough to alert the gene-synthesis companies from which he purchases, all of which screen orders for dangerous gene combinations. He synthesizes most of the virus himself to avoid detection. When he finishes, he infects himself and, just as symptoms begin to emerge, goes to an airport and has close contact with as many people as he can in a short time. He then kills himself before becoming ill and is buried by his grieving family; neither they nor the authorities have any idea of his infection.

The outbreak begins just shy of two weeks later and seems to come from everywhere at once. Because of the virus’s long incubation period, it has spread far by the time the disease first manifests itself. Initial efforts to immunize swaths of the population prove of limited effectiveness because of the perpetrator’s manipulations of the viral genome. Efforts to identify the perpetrator, once it becomes clear that the outbreak is not an accident, require many months of forensic work. In the meantime, authorities have no idea whether the country—and quickly the world—has just suffered an attack by a rogue state, a terrorist group, or a lone individual. Dozens of groups around the world claim responsibility for the attack, several of them plausibly.

Fantastic as this scenario sounds, there is nothing especially improbable or futuristic about it. The materials required to pull it off are already inexpensive, and the price of DNA synthesis continues to fall rapidly. People have already constructed viruses with long genetic sequences and have also modified existing organisms to enhance their propensity to kill. Although making these sequences behave like viruses still poses technical challenges, those challenges are fading quickly. As the National Science Advisory Board for Biosecurity bluntly put it in 2006, it is “possible to construct infectious agents from synthetic or naturally derived DNA. The technology for synthesizing DNA is readily accessible, straightforward and a fundamental tool used in current biological research. In contrast, the science of constructing and expressing viruses in the laboratory is more complex and somewhat of an art.”¹ The number of people who could pull off this nightmare scenario today is not huge, but it is growing fast. Today’s art will quickly become, like DNA synthesis itself, routine science, then just routine. Meanwhile, the number of people capable of less sophisticated biosecurity mischiefs, including some that could have devastating effects on significant quantities of people, is already large and far-flung geographically.

What is more, biotechnology is only one arena in which ever smaller groupings of people can leverage technology to attack ever larger entities—up to and including corporations, states, and societies at large. Cyberspace is another arena. The number of people capable of mounting a meaningful cyberattack has grown alongside the proliferation of globally networked computer systems. The opportunities for such attacks are themselves proliferating, becoming cheaper, and involving an increasingly diverse array of technologies.

The empowerment activities that these technologies enable run the gamut of morality—from welcome social and political innovations to attempted crimes against humanity. Indeed, how we feel about them—whether we view them as attacks or as an attractive form of people power—depends on who is employing them and for what ends. When Arab dissidents used social-networking platforms to organize, inform, and empower protesters at the expense of autocratic governments during the Arab Spring, we celebrated. When, beginning in 2008, the hacker collective known as Anonymous launched cyberattacks against corporations and entities offensive to its members, we responded with mixed feelings—with approbation for the honorable place of civil disobedience, on the one hand, and concerns about unaccountable mob rule, on the other. When Julian Assange, founder of WikiLeaks, created a computer system to distribute leaked material and individuals then used that system to expose US government secrets, we saw a lively debate between those who regard this as an attractive form of distributed journalism and those who regard it more dimly. When someone in 2001 milled and engineered anthrax spores for public dissemination, we responded with horror, as we did when, in 1993, the Aum Shinrikyo terrorist cult attempted biological attacks and then in 1995 successfully dispersed sarin gas on the Tokyo subway system.

The fact that technology can serve both useful and destructive purposes is as much a feature of fire, rocks, and spears as of any newfangled invention. In our modern age, however, new technologies are able to generate and channel mass empowerment, allowing small groups and individuals to challenge states and other institutions of traditional authority in ways that used to be the province only of other states. They are growing increasingly cheap and available. They defy distance and other physical obstacles. And, ultimately, they create the world of many-to-many threats, a world in which every individual, group, or state has to regard every other individual, group, or state as at least a potential security threat.

Modern technologies of mass empowerment have certain common features that warrant a close look: their rapid pace of growth and proliferation, their diffusion of power into individual hands, and their general trajectories of development. We focus here on three distinct technological spheres that exist today in different phases of development: networked computers, biotechnology, and robotics. An additional sphere, nanotechnology, is still in a more incipient phase, yet will likely affect all three other technological spheres in the foreseeable future. Other technologies of mass empowerment will surely develop in the years to come, but we focus on these three particular examples as illustrative of the class in an attempt to flesh out the sorts of threats this type of technological empowerment engenders. Rapid technological progress brings with it vast and definite advantages for huge numbers of people. But these technologies also have certain common features that, alongside the great good people can do with them, create a unique threat environment.

MODERN TECHNOLOGIES OF MASS EMPOWERMENT

Violence does not require fancy weapons. Seung-Hui Cho used widely available firearms to kill thirty-two people and wound twenty-five others at Virginia Tech in April 2007. It took only machetes to massacre most of the eight hundred thousand Tutsis and moderate Hutus during the hundred days’ genocide in Rwanda in 1994. From Columbine to the Congo, individuals have conducted all manner of attacks, as lone wolves or in organized groups. According to some estimates, there are about 90 guns for every hundred people in the United States, and more than 650 million civilian firearms worldwide. Between eight and ten thousand people were killed annually in gun-related homicides in the United States between 2008 and 2012, and those account for only two-thirds of all murder cases. When people want to kill other people, they can.²

But while technology is no kind of prerequisite for violence, it does facilitate a range of violent behaviors. The technologies that cause the greatest concern for security these days are, perhaps unsurprisingly, the same ones that offer the greatest promise to humanity. The concern and the promise emanate from the same source: the double-edged nature of technological advancement. As defense policy analyst Andrew Krepinevich observes, “All the military revolutions of the last two centuries are in a real sense spinoffs from the Industrial and Scientific Revolutions that have been central, defining processes of modern Western history.” There are, in effect, no walls separating the violent and the mundane. The iron forge used to cast church bells was instrumental in the development of the cannon in the fourteenth century. The telegraph and railroads were both driving forces in subsequent military revolutions. In the other direction, duct tape, the microwave, the Global Positioning System (GPS), and indeed computers were all originally developed, at least in part, for military use, only to find their way into everyday civilian life.³

By delivering dramatic new capabilities to humanity in general—and to individual humans in particular—technological development creates the certainty that some of those individuals will use those capabilities to do evil. When our ancestors lived in caves, most Australopithecines found the rock useful to crush berries, but a few used it to crush skulls; some honed the rock into a tool for hunting woolly mammoths, but a few turned that tool on each other. Most people now will use new biotechnologies to prevent disease; a few will use them to cause it. As businessman and former Microsoft technology chief Nathan Myhrvold put it, “Technology contains no inherent moral directive—it empowers people, whatever their intent, good or evil.”⁴

Because most people do not seek to harm others, the net impact of technological development is, in all probability, hugely positive for humanity. Socialization has always been essential to survival. Consequently, the Internet, media, telecommunications, travel, and commerce have greatly enhanced human well-being by making the world smaller and strengthening global interconnectedness and interdependence. They have toppled the barriers that, heretofore, had impeded global social development. In his majestic book on the history of violence, The Better Angels of Our Nature, Harvard psychologist Steven Pinker argues that our present international society is the least violent in recorded history, in part because technology, trade, and globalization have made us more reasoned and, in turn, more averse to violence. Fewer people in the modern world want to do bad things to others. Pinker’s thesis, powerful and persuasive as it is, only captures one side of the coin, however. The very same technologies that help account for our society’s relative peace now threaten to enable people to cause each other infinitely greater harm than ever before.⁵

In one sense, this is merely a feature of globalization. Although Pinker credits globalization with taming violence, legal scholar Philip Bobbitt and defense writer John Robb, in their respective books on globalization and terrorism, both link global communications, networking, and travel to a new era of terrorism and confrontation between the state and nonstate actors. And both make clear that technology and its proliferation are key features of this development.⁶ Similarly, in his paean to globalization, The World Is Flat, New York Times columnist Thomas Friedman pauses only a few times in his glee over what he terms the “flattening” of the world—that is, the geographical and social leveling associated with the proliferation of trade and technology around the globe and the accompanying distribution of capability. During one such pause, he briefly considers the security implications of the trend he otherwise celebrates: “Contemplating the flat world also left me filled with dread, professional and personal. My personal dread derived from the obvious fact that it’s not only the software writers and computer geeks who get empowered to collaborate on work in a flat world. It’s also al-Qaeda and other terrorist networks. The playing field is not being leveled only in ways that draw in and superempower a whole new group of innovators. It’s being leveled in a way that draws in and superempowers a whole new group of angry, frustrated, and humiliated men and women.”⁷ But there’s more going on here than simple globalization, and Friedman—in his description of the superempowerment of the world’s real or perceived underdogs—is actually conflating distinct phenomena. Globalization is fundamentally about connectivity and travel worldwide, the ability to move people, goods, and particularly information at a speed and cost sufficiently low to make the world a smaller place. The true superempowerment of individuals, however, involves an additional element: cheap, widely available, and destructive technologies of attack.

Modern technologies of mass empowerment are not fundamentally weapons systems, but they do take to their logical conclusions certain trends in weaponry: those toward increased lethality at greater distance and toward giving more individuals the power do ever greater harm. Specifically, technologies of mass empowerment put more power, potentially a lot more power, in the hands of more people, potentially a lot more people. They thus push toward an extreme in which we have to fear ever more remote and ever more lethal attacks from an ever wider array of ever less accountable people wielding what legal scholar and theorist of technology and law Lawrence Lessig has called “insanely destructive devices.”⁸

NETWORKED COMPUTERS

The most developed technology of mass empowerment is the planet’s networked computer infrastructure. Access to the Internet is ubiquitous in much of the world: according to some statistics, 40 percent of households globally are connected, reflecting explosive growth over a decade ago. An immense and ever growing number of people are capable of manipulating computers connected to the network. As a result, the expertise to launch cyberattacks and cyberexploitations is widely, though certainly not evenly, distributed, and the subject of cybersecurity has spawned an enormous literature. For our purposes, the most relevant points are that cyberintrusions—whether aimed at military systems, intended to disrupt social and economic activity, or used simply to steal information, data, or money—take place constantly. They come from governments of rival nations, from members of criminal gangs, from politically motivated hacker groups, or simply from disaffected individuals. Identifying perpetrators involves time, money, and significant doubt. The anonymity and accessibility of the Internet, together with the sheer volume of cyberattacks, makes deterrence and attribution of intrusions particularly difficult.⁹

The objectives behind cyberintrusions can vary as widely as the societal functions that now depend on computerized networks. Most involve garden-variety attempts at fraud and theft. Some, like Luis Mijangos’s crimes, involve more intrusive assaults on people’s personal dignity—something closer to online rape. In others, as in the case of Mona Jaud Awana, a Palestinian woman, who lured an Israeli teenager via Internet chat to meet with her and then killed him, cyberspace only serves to facilitate traditional criminal or terrorist activity. Cyberintrusions also involve espionage, as attackers regularly steal huge volumes of information from companies and governments alike.¹⁰

Some intrusions seek not merely to exploit information technology systems but to damage them or alter their functioning. So-called denial-of-service attacks against a variety of governmental and corporate targets have become common in recent years. More sophisticated attacks that exploit software vulnerabilities and human weakness have become prevalent as well, threatening military systems, vital infrastructure, and other crucial, network-dependent installations.

Although hard to assess, the probability of a truly catastrophic cyberattack, like a meltdown of the world’s financial system or a broad-based attack on the electric grid, is certainly not negligible. An attack of this magnitude will likely remain the province of professional intelligence services for some time to come. But a number of high-profile incidents in recent years have underscored the fact that such an attack cannot be ruled out. In 2007, the Department of Homeland Security conducted a test in which it hacked into a model power plant control system and destroyed a generator by changing its operating cycle. The nations of Georgia and Estonia found their government computers and Internet connectivity subject to systematic attack when they had political and military confrontations with Russia. And, of course, the possibility of cyberwarfare involving nuclear power plants was vividly on display in the case of the so-called Stuxnet worm, revealed in 2010 to have attacked the Iranian uranium-enrichment program by speeding up specific centrifuge models, and in other attacks of a similar nature dubbed “Olympic Games,” both reportedly launched by the United States and Israel.¹¹

While the highest-profile cybersecurity incidents of recent years have generally been state-to-state affairs, the power to conduct low- to medium-grade attacks and exploitations on a wide scale has clearly migrated to actors far below the level of sovereign states. The most famous example is the hacker group known as Anonymous, whose diffuse and largely uncoordinated membership has launched attacks on a range of targets—from Sony, to companies that refused to host WikiLeaks, to government websites, to the Church of Scientology. But it is not the only example. Consider the following, all of which took place in August 2013 alone: A hacker collective calling itself the Syrian Electronic Army launched successful attacks against Twitter, the New York Times, and the Washington Post, taking one newspaper off the Internet for the better part of a day and redirecting traffic from the other to its own site. Someone launched a denial-of-service attack on the entire Chinese Internet, slowing or stopping traffic for more than six hours (it was unclear whether the attack was the work of a nation-state). The press revealed “deep cyberattacks” against three banks over the previous three months, costing those institutions millions of dollars as hackers gained control of their wire-payments applications. A Pakistani hacker claimed credit for a series of hacks that affected 650 Israeli websites associated with the government, corporations, and individuals. A group of Afghan hackers, meanwhile, attacked Pakistani websites. One can compile a similar list for any month of any recent year.¹²

Of course, nonstate intrusions lie along a continuum, from entirely legitimate cyberactivism—which can often serve to erode government power in salutary ways—to cyberharassment and “hacktivism,” all the way to full-on attacks. What all have in common is the use of widely distributed networked computers and telecommunications to allow individuals—for good or ill, on their own or in formal or informal arrangements with one another—to engage in conflict against governments or other large entities that have traditionally wielded great power.

GENETIC ENGINEERING, SYNTHETIC BIOLOGY, AND BIOTECHNOLOGY

The life sciences present a somewhat less developed case of this sort of technological leveling. The technology tools and expertise associated with genetic engineering have penetrated society less deeply than have networked computers and computer-programming skills. Still, the number of people trained in genetics and synthetic biology is large and growing quickly. Education itself is becoming more globalized, with both domestic and foreign students benefitting from the most advanced institutions and laboratories. Even more than the ubiquity of networked computing, the growing availability of genetic-engineering technologies threatens to put the power to launch a weapon-of-mass-destruction (WMD) attack in the hands of a great many people around the world with relatively inexpensive equipment and basic training.

Biological weapons are unique among WMDs. Like nuclear weapons, they have the capacity to do truly catastrophic damage. And like chemical weapons they are comparatively inexpensive and easy to produce. But only biological weapons can produce destruction far beyond the point of first impact by dispersing contagious pathogens that spread through the human network. As Myhrvold has bracingly put it,

Modern biotechnology will soon be capable, if it is not already, of bringing about the demise of the human race—or at least of killing a sufficient number of people to end high-tech civilization and set humanity back 1,000 years or more. That terrorist groups could achieve this level of technological sophistication may seem far-fetched, but keep in mind that it takes only a handful of individuals to accomplish these tasks. Never has lethal power of this potency been accessible to so few, so easily. Even more dramatically than nuclear proliferation, modern biological science has frighteningly undermined the correlation between the lethality of a weapon and its cost, a fundamentally stabilizing mechanism throughout history.¹³

The long incubation periods for many pathogens mean that an infected individual, like the one we imagined at the beginning of this chapter, can travel and infect others before contamination becomes apparent, making it difficult to limit the impact of an attack. Moreover, illnesses caused by biological weapons are often hard to distinguish from naturally occurring outbreaks. It took investigators a year to realize that an outbreak of salmonella in Oregon in 1984 was the result of an attack by followers of Bagwan Shree Rajneesh. The converse risk also applies: authorities may wrongly attribute a natural outbreak to an act of terrorism. Although investigators eventually concluded that the outbreak of West Nile encephalitis in New York in 1999 stemmed from natural causes, the response by public health authorities had a lot in common with the response to a bioterrorism event because the natural outbreak presented similarly to one. The disease had never before occurred in the Western Hemisphere, and an Iraqi defector had claimed just months before the outbreak that Saddam Hussein was weaponizing the West Nile virus. The potential for mistakes can generate unwarranted conflict and undermine a government’s credibility.¹⁴

The technology required to produce biological weapons is generally the same as that used in legitimate life sciences research; indeed, it is the bread and butter of the biotechnology revolution. Precisely because modern biotechnology holds so much promise and offers so many benefits for so many walks of life, the materials and skills required to develop these weapons are not rare. So, while it is extremely difficult for even a highly trained individual to build his own nuclear weapon, someone with relatively modest expertise and resources could potentially obtain or develop a biological weapon—with global consequences. As costs for resources and research continue to fall, the number of people whom governments around the world have to regard as capable, at least in theory, of developing their own personal WMD program grows commensurately.¹⁵

This is happening fast. Bioterrorism expert Christopher Chyba has likened the proliferation of gene-synthesis capability to the exponential growth in computer technology as predicted by Moore’s law, named for Intel founder Gordon Moore, who observed in 1965 that the number of transistors on an integrated circuit, which is to say, the “power” of computers themselves, doubled every two years—a trend that has remained true ever since. Chyba states, “Just as Moore’s law led to a transition in computing from extremely expensive industrial-scale machines to laptops, iPods, and microprocessors in toys, cars, and home appliances, so is biotechnological innovation moving us to a world where manipulations or synthesis of DNA will be increasingly available to small groups of the technically competent or even individual users, should they choose to make use of it.”¹⁶ Chyba notes that the cost of synthesizing a human genome has plummeted and will continue to fall and that as cost decreases, the efficiency of biotechnology continues to increase. According to one calculation, the speed of DNA synthesis increased five hundred times from 1990 to 2000. Another expert calculated that by 2010, an individual working alone would be able to synthesize genetic materials one hundred times faster than he could in 2003, and the increase has indeed been dramatic. To give a sense of what this means for the ability to build a personal WMD arsenal, it took researchers at the State University of New York three years to synthesize the complete poliovirus in 2002, but the following year, a different group of researchers synthesized a viral genome of comparative length in only two weeks.¹⁷

What is more, deadly pathogens are not that hard to come by. Many of the most notable and terrifying pathogens even occur naturally: anthrax, bubonic plague, the Ebola and Marburg viruses, tularemia, and Venezuelan equine encephalitis can all be collected in the natural environment. That fact was not lost on the notorious Japanese cult Aum Shinrikyo, which attempted to obtain Ebola strains in Africa, though it did not successfully sicken anyone with them. In addition, many pathogens are stockpiled by commercial companies for legitimate purposes, even as governmental controls on these stockpiles have tightened in recent years. Moreover, even pathogens like smallpox and the 1918 flu virus, which have been wiped out in the wild, can now be re-created, as in the nightmare scenario described at the outset of this chapter. The literature available in the public domain describing—even routinizing—genetic-engineering projects involving the creation, modification, and enhancement of deadly pathogens should be at least as terrifying to policy makers around the world as box cutters or guns on airplanes. Viral genomes are relatively short. Many have already been mapped, and the materials required to synthesize or adapt them using related pathogens are commercially available.