The Committee considered the adequacy and effectiveness of existing Government policies, legislation and programs in relation to the identified national security risks. In doing so, it considered the efficacy of existing arrangements to determine whether they were sufficient to meet the requirements identified in earlier chapters. The metric for determining efficacy was qualitative and based on submissions and evidence from hearings.
Whilst the previous chapter primarily discussed the sector’s awareness of the issues and their own responses, this chapter focusses on existing government policies and programs and considers their sufficiency to address the issues identified in earlier chapters. In measuring the sufficiency of these policies and programs, the Committee relied upon a number of submissions and hearings from the sector and government.
National security legislation: Espionage and foreign interference
Submissions said espionage and foreign interference were clearly legislated against in the EFI Act. The Attorney-General’s Department (AGD) said the Foreign Influence Transparency Scheme Act 2018 (the FITS Act) was designed to make transparent the nature and extent of influence by foreign government organisations in Australia, amongst other things. AGD said the purpose of the Scheme was to address foreign influence as opposed to foreign interference which is dealt with elsewhere in the Commonwealth legal system. AGD said the Scheme applied to the sector where a foreign partner met the definition of a foreign principal under the Act.
AGD provided an example where disclosure would be required when an Australian researcher formed a partnership with a foreign government-established entity whereby the Australian researcher would apply for Commonwealth funding or the research would focus on an issue relevant to Australian policy and the research would be designed to influence that policy. AGD said they had issued an information-gathering notice to the Confucius Institute within the University of Sydney as part of the Scheme.
The University of Tasmania recommended a government review to determine whether the ‘influence test’ in FITS adequately deals with the intent of the legislation, and clear policy guidance to universities on how to assess foreign relationships that are not in the national interest.
The Australian Federal Police (AFP) said they were responsible for investigating allegations of criminal activity relating to espionage and foreign interference in Australia. The AFP noted the establishment of the Counter Foreign Interference Taskforce (CFITF) and the complex and sensitive nature of EFI related offences. Mr Alex Joske, in discussing CCP talent-recruitment programs, questioned this and said:
The ability of law enforcement agencies to tackle crimes associated with talent recruitment has not yet been demonstrated.
Western Sydney University said Australian government legislation had informed their development of compliance measures. WSU said the National Security Legislation Amendment (Espionage and Foreign Interference) Act 2018 and the FITS Act had assisted their institution. UNSW noted the UFIT Guidelines complemented both FITS and the Defence Export Control regime.
The Australian Academy of Science said they had no cause to believe the existing espionage and foreign interference legislation was inadequate. Ms Sarah Kendall and Dr Rebecca Ananian-Welsh said existing espionage and foreign interference legislation was sufficient to address the identified threats, and no additional legislation was required. A component argument of this submission was while the legislation was adequate, it was potentially over-reaching. The authors of this submission said Australia’s existing espionage laws undermined basic rights and freedoms through their breadth and complexity.
AGD said ‘undisclosed foreign influence’ was not a term specifically referred to in the FITS Act and could apply to situations that would not fall within the Scheme.
Ms Kendall and Dr Ananian-Welsh said the definitions of espionage encompassed the wide variety of ways in which information was handled in the sector which extended to research, discussions, and products that emanate from the former. Ms Kendall and Dr Ananian-Welsh said the core offence of espionage, which relies on the provision of security classified information, was unlikely to occur in the sector. They said however the espionage offence that related to national security information was far broader than security classified information and could encompass much information within the sector. Ms Kendall and Dr Ananian-Welsh said the publication of research would amount to ‘communicate to a foreign principal’ under the espionage offence legislation.
While not specific to EFI and FITS, The University of Tasmania said the current approach by government in assessing foreign relationships was too focussed on explicitly state objectives in agreements. The University of Tasmania observed a paradox in lower risk persons such as allies tended to be more explicit in their written objectives and higher risk persons tended to conceal their approach. The University of Tasmania recommended a more sophisticated response that took into account the broader considerations.
The existing legislative framework
Submissions argued government policies and legislation in this area were complex and disconnected. To this end Griffith University suggested the government publish an overarching foreign influence and interference strategy across whole-of-government to map out various pieces of legislation that sit within that broader concept. Griffith postulated this would support a more workable and proportionate response. Innovative Research Universities agreed and also suggested the Government create a clear, overarching foreign influence and interference strategy across all of government, including mapping out component legislation. IRU also suggested considering internal university processes to identify whether these measures can be simplified and ensure there is no national security harm.
The University of Sydney said they had 120 Commonwealth and State Acts listed on their compliance framework, a similar refrain offered by several other institutions as illustration of the significant compliance framework they sat within. La Trobe noted the universities complied with a large amount of legislation including the: FITS Act, Autonomous Sanctions Act, Defence Trades Control Act, and Australia’s Foreign Relations (State and Territory Arrangements) Act. They noted other policies were also complied with including the: UFIT guidelines, Defence Industry Security Program membership requirements, ARC grant application requirements relating to foreign interference, and recommendations from the TEQSA integrity unit which manages UFIT recommendations. As discussed in earlier chapters, multiple submissions highlighted the substantial amount of legislation the sector was required to adhere to.
The ANU contextualised the legislative environment and noted the universities derived their functions from legislation, saying:
Australian higher education and research organisations are empowered by the legislative and regulatory framework in which they operate. Governments, informed by inquiries such as the one we are participating in today, create the environment that supports our mission as educators and researchers.
Monash University said legitimate foreign engagement and influence activities had been mischaracterised as foreign interference which had given rise to an increased number of legislative and policy approaches across the entire Australian government which affected the sector. Monash said this included the Australia’s Foreign Relations (State and Territory Arrangements) Act, as well as proposed critical infrastructure legislation. Monash said the cumulative effect of Australian interventions could risk the sector’s position on the global stage and had created a climate of fear within academics who engage internationally.
In response to these issues The University of Melbourne recommended an implementation taskforce to provide ‘clear and pragmatic guidance at earliest opportunity’ from government on how to understand, apply and meet any new legislative requirements.
Adelaide University on a similar topic urged the consideration of legislation in totality and said:
We urge the Committee to reflect on such unintended consequences and recommend an urgent holistic review of the multitude of legislative requirements and how they must be administered.
Western Sydney University said the numerous acts, policies and guidelines highlighted the numerous obligations universities had to comply with, and these requirements were largely effective in reducing foreign interference risks. UQ concurred and said the existing regulatory framework was comprehensive and adequate. Science and Technology Australia took this argument further and described the existing legislative framework as ‘extensive and effective’. UWA in a slightly different argument said they supported the general direction of the various national security legislative measures the government was taking.
Risks associated with uncoordinated policy and legislation
Griffith said the sector was subject to significant legislative requirements and additional regulations could lead to fragmentation, confusion and duplication. Griffith commented:
A fragmented approach with duplicate responsibilities across multiple government departments would result in unnecessary bureaucracy and cost.
The University of Melbourne discussed the importance of getting regulatory frameworks right saying:
The shared challenge is ensuring that the compliance regimes of these measures adds to universities’ robustness in managing the risk of foreign interference rather than diverting resources too broadly towards monitoring activities with a very low risk of negative impact on the national interest.
La Trobe said because of this increasing legislative complexity, the national security risks faced by the Sector could actually be amplified. A common response from the Sector was Australia’s academic freedoms could be hampered by legislation.
We urge the Committee to consider the possibility that the increasing complexity of compliance obligations could not only undermine the objective of promoting national security but could also pose a threat to the free exchange of ideas and to Australia’s contribution to open science.
More pointedly, La Trobe described the current situation as complex and said:
The Sector’s perspective is that there are many overlapping and disjointed processes without any apparent central coordination. At best, this is an increased regulatory burden and resourcing issue for universities. At worst, it risks diverging interest and creating confusion on an issue of critical national importance.
This view was also shares by QUT who said:
Most gravely, there are legitimate emerging concerns across the sector about a lack of coordination and mutual awareness across government with respect to the application national security and foreign influence measures to universities. This not only presents universities with serious compliance challenges; it also constitutes a significant source of real risk that has the potential to undermine our collective efforts in resisting foreign interference. This Government-generated risk is currently in play, and requires urgent action to eliminate or mitigate it. The heightened risk is rendered all the more dangerous because many parts of Government seem to be unaware of it: fortunately, it is as readily eradicable as it is unnecessary.
QUT said there appeared to be a lack of mutual understanding within government on these topics. QUT identified what it considered as three possible risks from this approach. Firstly an uncoordinated approach would produce an increase in real terms to the sector’s exposure to foreign influence and interference as universities’ resources become engaged in addressing multiple compliance protocols. QUT observed if they were focussed on these requirements, they would not be spending enough time ‘watching the gate’. QUT said:
Vigilance will suffer unless we can instead agree on a set of common activities, protocols, concerns and measures that cover all needs with good visibility for all relevant interested parties. We have a far greater likelihood of achieving the overarching policy objective of protection from harm under a single overarching regime that meets everyone’s needs than through a collection of poorly conceived, uncoordinated and blunt instruments which is the current scenario.
The second and third risks QUT identified were tension with other government policy priorities, and unnecessary regulatory impact. QUT recommended addressing this via the establishment of an effective inter-agency collaboration mechanism, in combination with UFIT, to harmonise regimes. QUT recommended UFIT be the preferred body for any additional work within the sector and government.
University of Canberra requested the government consider the cost of ensuring effective mitigation of national security risks as public funded universities would receive no financial support for complying with a ‘growing list of requirements’. La Trobe recommended the Australian Government consider existing obligations universities are bound by and ensure any additional requirements are aligned and consider the impacts and obligations which would arise from new bills and legislation.
Griffith University concurred and recommended the Government consider a more holistic approach to these issues. UWA echoed these arguments and said the Government should ensure its approach to legislation on national security risks was coordinated and appropriately targeted. Universities Australia recommended there be a greater focus by Government on ensuring policies across departments and agencies are coordinated, coherent and proportionate to risk.
ANU recommended the government undertake a Regulatory Impact Assessment covering all foreign interference legislation through UFIT.The University of Melbourne said ‘unnecessary over-regulation of low risk activity’ could lead to a greater risk of inconsistency and systemic oversights, perversely moving the focus away from higher risk activities.
UNSW noted the possibility of duplication with legislation on these issues. A common submission from the Sector was to avoid onerous new measures. The University of Melbourne recommended interventions relating to these risks be ‘consistent, coherent and complementary’ and build upon existing frameworks tailored to the sector where possible. Innovative Research Universities put the situation bluntly and said:
We need a stop to the endless production of piecemeal laws with little or no reference to each other or to the powers needed to achieve the outcomes required.
Specifically IRU noted three factors compounded this point. Firstly, they said there was a ‘notable lack of discussion with universities in advance of legislation being tabled’. Secondly, communication across government departments appeared lacking on this legislation. Thirdly, the various schemes disclosure requirements were not clear and coherent.
The University of Sydney noted the ‘extraordinary variability in how laws are developed by different government agencies with responsibility for aspects of its national security framework’.
Some universities argued if international collaboration was hampered (by legislation from the government) then this would cause significant financial loss to universities as well as adversely affecting their reputation and research opportunities. La Trobe said this could have a ripple effect on the attraction of foreign students, researchers and foreign investment.
The Australian Academy of Science said government regulation needed to be evidence-based, proportional and designed to encourage the continuation of productive international scientific engagement, rather than hinder it.
The University of Sydney cited the Defence Trade Controls Act Amendment Bill 2015 as a good example of collaboration with the sector, and the Australia’s Foreign Relations (State and Territory Arrangements) Act 2020 as a bad example. The Queensland University of Technology appeared to argue for country-specific policies or legislation, saying:
The sector will be able to come to the point of the inquiry much more effectively if candour about specific jurisdictions of concern is forthcoming. The attempt to frame this discussion in country-agnostic terms has the potential to consume enormous energy to nil effect, by capturing some activities that are technically encompassed but pragmatically of little to no concern.
The Department of Home Affairs said the whole-of-government approach to this issue would continue be country agnostic.
In a broader discussion around government legislation the Department of Home Affairs said the Security Legislation Amendment (Critical Infrastructure) Bill 2020 would cover the sector with government assistance in the event of a serious cyber security incident. The Department of Home Affairs noted universities may be required to adopt risk management programs, report cyber security incidents and provide information. ECU said national security bills such as this bill would place additional administrative burdens on universities.
The CSCRC however said this Bill would establish minimum security standards which would greatly enhance their capacity to protect sensitive IP.
Defence processes, programs and sanctions
Defence Industry Security Program (DISP)
Several submissions discussed policies and measures relating to defence. Department of Defence said their Defence Industry Security Program (DISP) was designed to strengthen industry security resilience to protect the integrity of Australia’s defence capability. The Department of Defence said they could use DISP as a tool to improve both security posture and cultures within the sector.
CQU and WSU discussed their implementation of DISP accreditation and the steps they had to take in order to achieve this. WSU said this had required intensive internal security and risk procedures be adhered to.
Defence Export Control Office
Submissions discussed the Defence Export Control Office (DECO) and the particular role it played within the sector on the topic of technology transfer and international research. The Department of Defence said the Australian export control system was designed:
To ensure military and dual-use exports are consistent with Australia’s national interests and international obligations. A robust system protects against unwanted transfer of technology and intellectual property theft.
The Department of Defence said a 2018 independent review of the Defence Trade Controls Act 2012 ( the Defence Trade Controls Act) had identified several gaps which were currently being addressed.
The University of Melbourne, amongst other submissions, noted the relative maturity of their processes to manage export control and sanctions risks. CSCRC said Australia’s defence export control system aimed to stop military goods and technology from being transferred to individuals, states or groups with interests prejudicial to Australian interests. CSCRC said the 2018 Independent Review of the Defence Trade Controls Act 2012 had flagged there were several loopholes in the Defence Trade Controls Act. CSCRC suggested more stringent oversight and compliance enforcement of the provisions of the Defence Trade Controls Act were required due to several limitations. CSCRC suggested these loopholes were the: exemption for publication; exemption for verbal supply; exemption for basic scientific research; and the exemption for work in the public domain. UNSW said they had ceased a research proposal in 2020 after proactively raising it with Defence who raised concerns.
CSCRC said while open collaboration was an important part of technology research, the sober reality of the changing geopolitical and security environment required consideration. CSCRC said this was important to ensure the Defence Trade Controls Act required this consideration to ensure it remained fit for purpose. CSCRC suggested looking to the best practices as outlined in the export regime of the United States which whilst not entirely suitable to the Australian context could lead to a stronger enforcement approach to ensure wider awareness and greater compliance.
The Australian Academy of Science said they had no cause to believe the existing defence export control and sanctions legislation was inadequate. However, CSCRC suggested more stringent oversight and compliance enforcement of the Defence Trade Controls Act was required.
Universities Australia said feedback from government officials indicated an ‘abundance of caution’ rather than a dearth in relation to defence export trade control matters.
UWA suggested additional support for universities in making assessments for DTCA or autonomous sanctions permits would be advantageous. UWA said if the government agencies had more dedicated staff working on these topics it would ensure a faster turnaround and more specific (and applicable) advice. The University of Sydney said advice from the Defence Export Control Office was not timely and provided ‘meagre’ information due to security classification constraints.
The University of Sydney discussed the independent review of the Defence Trade Controls Act and recommended the Department of Home Affairs block persons of concern from entering Australia as otherwise would lead to an increased administrative burden on the sector.
UWA said recent Department of Foreign Affairs and Trade (DFAT) advice had pointed UWA back to legislation rather than providing assistance. The University of Sydney said advice from DFAT on this topic could take up to 12 months.
WSU said the Autonomous Sanctions Act 2011 as well as the aforementioned the Defence Trade Controls Act had assisted in informing their own compliance measures.
University Foreign Interference Taskforce (UFIT)
The Committee examined the UFIT guidelines as part of this inquiry. Submissions from the sector cited their adherence to the guidelines as a measure of sufficiency to address the national security risks outlined in this inquiry. Strong support for UFIT was common across sectoral responses. Griffith University described how the sector spent considerable time in 2019 working with key government agencies on the UFIT guidelines. The guidelines are divided into four thematic ‘strategic areas’ of cyber security, research and intellectual property, foreign collaboration, and culture and communications.
Mr Alex Joske disagreed with these arguments in favour of the UFIT Guidelines and said he did not believe the UFIT guidelines were sufficient for addressing the issues associated with talent recruitment programs.
The Group of Eight (Go8) highlighted the world-leading nature of UFIT and said:
No other Five Eyes Plus nation, to the Go8’s knowledge – certainly not the US, UK or Canada – has yet achieved this trusted, collaborative approach between Government, agencies and universities.
ANU stressed the importance of UFIT saying:
Of all the initiatives and legislative reforms designed to strengthen the sector’s resilience to foreign interference, ANU believes that UFIT has been the most successful. It has effectively balanced the need for action with the autonomy cherished by the sector.
WSU said the UFIT guidelines had assisted in informing their development of compliance processes. Australian Catholic University supported UFIT and said:
The work undertaken by UFIT has sought to determine how universities can counter foreign interference while recognising the value and importance of international collaborations, academic freedom and an open research culture.
Universities Australia recommended the UFIT be the primary mechanism to improve the sector’s defences against national security risks. UA noted within its engagement with counterparts in Five Eyes nations, the ‘Australian model’ was being considered as the preferred one due to its collaborative approach. Universities Australia described the UFIT mechanism as the clearest illustration of government and the sector working collaboratively on these issues. Macquarie University noted working with UFIT could ensure they found the balance between a ‘restrictive administrative burden’ and the development of processes that enabled them to adhere to government requirements.
Griffith University said the UFIT cyber-security guidelines were ‘world-leading’. CSCRC said they were highly supportive of the UFIT guidelines as they related to cyber. CSCRC did note however cyber security needed to be viewed as more than just a compliance issue and cyber security ‘never stops’.
Human Rights Watch provided a more critical view and said UFIT needed to focus more on issues of censorship and academic freedom and recommended the compile an annual report that documents the number of those incidents and how they are being handled by individual universities.
The sector broadly argued engagement between the sector and government needed to be deepened. In general this was argued to be best placed via UFIT and better use was made of UFIT. UWA said UFIT, and the expanded networks UFIT created, had been extremely beneficial in particular for the sharing of information and best practices. UWA also noted the UFIT process had brought government security and intelligence professionals into the process which was beneficial.
Griffith University said the government should engage the sector via existing channels and UFIT should be regarded as the primary mechanism to bolster the defences of Australian universities against foreign interference. They noted:
A renewed UFIT forum, potentially with deeper expertise around specific threats, would serve as the vehicle for identifying and fixing any further national security gaps that relate to universities, and a more effective response to those issues than the imposition of further regulations.
La Trobe recommended the Australian Government take a streamlined approach to the management of foreign interference risk for Australian universities. La Trobe said government should work with the higher education sector via the UFIT and strike a balance between safeguarding Australia’s national security and universities’ international cooperation.
As well as engagement being deepened, some submissions called for greater clarity in the engagement between the sector and government. UNSW recommended clear advice be provided from government to the sector in relation to risk assessments undertaken against collaborative activities. UNSW did note they had close engagement with the government at both the collective UFIT level, and through individual briefings and close individual engagement.
Griffith University proposed UFIT was the appropriate body to provide assurance on national security risks for the sector. Griffith said UFIT worked well in part due to how it was able to recognise the specific context and characteristics of the sector. Griffith said as a strong collaboration already exists between government and the Sector in UFIT, a renewed UFIT forum would be ‘an appropriate mechanism of identifying and proposing actions with respect to further national security gaps that relate to universities’.
Queensland University of Technology said to maintain currency, ongoing updating and regular communication with the Commonwealth agencies monitoring these risks would be required.
Broad support for UFIT was given, with ECU saying:
The University Foreign Interference Taskforce provided a welcome opportunity for collaboration between the Australian Government and the higher education sector on national security and foreign interference issues.
Some universities noted they had not been consulted on other government legislation not subject to this inquiry, and recommended this be done via UFIT.
Several universities discussed the causal relationship between UFIT and their own institutional improvements on these issues. UWA said all of their actions were in response to UFIT. UQ said they had carefully mapped their adherence to the UFIT guidelines. The University of New South Wales (UNSW) said they had updated their risk management policies and due diligence practices following the release of the UFIT guidelines. UNSW noted this was ongoing and sought government input. Monash University said they had aligned their own risk management frameworks with the UFIT guidelines, as well as the Defence Trade Controls Act, Foreign Influence Transparency Scheme Act and the Autonomous Sanctions Act.
DESE provided examples of individual university actions taken as a result of the UFIT guidelines. These included: implementing a global information technology security standard across all regions and campuses; adopting a globally-recognised industry cyber security framework to measure security maturity and identify areas for improvement; establishing and maintaining an online register for current and proposed international engagements at individual researcher level; requiring staff to complete annual online registrations of disclosure and ensuring staff were aware of their obligations on a variety of relevant topics; and mandating online awareness training for staff and higher degree research candidates.
Next steps for UFIT
DESE said the clear intention for UFIT now to focus on developing a forward work program and driving the implementation of these guidelines.
Whilst the Committee attempted on numerous occasions to obtain firms answers about improvements to UFIT and what the next steps for UFIT were, answers were unsatisfactory, vague or not forthcoming. The Department of Home Affairs offered the suggestion of sharing best practice as one method that could be used.
As the Department of Home Affairs noted, to perform a ‘self-critique’ would be dangerous on the efficacy of UFIT. No clear response was given as to the future direction, lessons learned or next steps of UFIT.
La Trobe University discussed transparency and accountability of UFIT Guideline implementation and said:
It’s a possibility that, following the review of UFIT after the first 18 months, we might need to think about more transparency in measuring the progress of individual institutions.
UQ recommended the UFIT guidelines be updated with particular attention to: clarifying processes on sensitive technologies; providing guidance concerning collaboration with high risk (but non-sanctioned) countries particularly regarding the admission of students to work on sensitive projects; and greater clarity about what appointments and activities are appropriate whilst holding Commonwealth funding. UQ also requested the UFIT guidelines address several cyber topics such as: initiatives to assist university to safely invest in cloud-based application; investment in expanding and strengthening networks to disseminate security intelligence; government support for development and improvement of security services delivered by the Australian Academic and Research Network; and a national identity service (as used in New Zealand) to verify the identity of staff, students and collaborators.
The University of Sydney recommended including the Department of Foreign Affairs and Trade in UFIT with the passage of the Australia’s Foreign Relations (State and Territory Arrangements) Act 2020.
The University of Melbourne discussed future legislation and regulation and the importance of co-design with government on these topics saying:
Future regulation should be co-designed through the partnership prism, proportionate to the risks and balanced against the significant value that international engagement delivers to Australian society and beyond…a joined-up and collaborative partnership approach between universities and government should be further developed, through which improved communications and timely information flows can be achieved. This could be facilitated by the Australian Government adopting a whole-of-government approach to how it engages and operates on managing risks relating to universities.
The University of Melbourne, and several other institutions, recommended the government ‘adopt the UFIT model’ to address these national security risks into the future. The University of Melbourne suggested UFIT be a standing forum through which ‘timely, detailed, two-way information’ is shared and used and to align whole-of-government policy development as it relates to the sector. The University of Melbourne said the UFIT model was good for ‘problem solving, effect[ing] change and rais[ing] awareness and preparedness across the sector’.
The Group of Eight said it would be beneficial to have DFAT, the ARC and the National Health and Medical Research Council (NHMRC) in UFIT. QUT said in support of this:
It might be of benefit to have the funding agencies at the table, because the funding agencies, through the reviewing process and through the way in which individual researchers interact with them, often receive information that universities may not.
Australian Research Council grant processes
Closely related to the discussions around talent recruitment programs were the topic of Australian Research Council (ARC) grant processes and the ability of the ARC to assist in responding to the national security risks. Where earlier chapters have discussed specific ARC-related incidents, this section focusses on the ability of the ARC to identify national security risks and the processes employed by the ARC in this regard.
The Committee heard evidence from several universities who had grants rejected by the ARC recently on national security grounds. ANU said they had two grants refused on ‘national security grounds’. ANU said they did a full audit of both grants and identified that one of the grants would have failed their own internal processes but believed the other should have passed based on their internal processes. UTS said they had one grant refused on ‘national security grounds’. UTS said they did a full review and found nothing problematic. QUT said they had a grant refused because of the combination of the institution and the area of research, in their opinion, and the institution was in China.
The ARC said the ARC had a historical process for identifying potential sensitivities when it briefed the Minister for Education on grant recommendations. They said this included scanning the media and checking internal ARC holdings. The ARC said as part of the 2020 grant rounds, sensitivity checks and briefings to the Minster were performed. They said the Minister sought further advice on 18 particular grants from the Department of Home Affairs which led to the Minister making the decision of refusing five grants. ARC said this was the first instance that grants were referred for national security advice. The ARC said previously they had sought information on batches of grants rather than individual grants.
The ARC said their organisation was not a national security specialist and required active engagement with stakeholders to identify and mitigate national security risks. ARC noted approximately 76 per cent of ARC-funded projects in 2020 involved an intention to collaborate internationally.
The ARC said they had been working with national security agencies since 2018, firstly with ASIO. The ARC said ASIO assisted them develop processes on how to collect more information to identify potential issues. The ARC said ASIO then put the ARC in contact with the Department of Home Affairs and since May 2020 they had been actively working with the Department of Home Affairs. The ARC said ASIO was constrained by their legislation and probably wanted to assist more than they were able to due to legislative constraints.
ARC said their process for declaring interests was consistent with that of other countries, most notably the United States. The ARC said it had updated its’ Conflict of Interest and Confidentiality Policy’ in late 2020 as part of a broader effort to develop initiatives relating to foreign interference risks. The ARC said:
The ARC now requires that additional, specific information about the personal interests of researchers named on ARC grant applications are appropriately declared. This includes foreign financial support, and affiliations with foreign sponsored talent programs, governments, political parties, state-owned enterprises, military or policy organisations as part of their declaration of material personal interests.
The ARC said this additional information was useful in increased dialogue and specific threat assessments from Government with little additional administrative burden. The ARC said the primary responsibility for due diligence on applications rested with universities rather than individual researchers as the funding requests were on behalf of the university. It was clear from these submissions that ownership over the disclosure risk was not owned by a particular party and several organisations were attempting to shift responsibility and accountability.
The ARC said if an issue was identified with a researcher or research being undertaken the ARC would investigate the situation. The ARC said they were undertaking this process for the five refused grants of 2020. The ARC said consequences for not adhering with grant conditions could include termination and the money being repaid, and this would not be made public. The ARC said they recovered funding on approximately 57 individual grants over the period 2016-2020 and none related to a breach of national security. The ARC said these recoveries related to issues such as expenditure on ineligible items, leaving the country for extended periods of time, or having a dual appointment.
WSU said the inclusion of questions relating to foreign interference and a requirement to state how the proposed research met the national interest test in all ARC grant applications had also assisted in their development of compliance measures. However the University of Melbourne, in discussing the additional questions the ARC included, said there was now a ‘risk of duplication and potential uncertainty’ with these questions with existing university policies.
Mr Alex Joske submitted on ARC grants in relation to participation in CCP talent-recruitment programs. Mr Joske said ARC fellowships generally required recipients not to take on additional employment and disclose any conflicts of interest (including work on the same topic). Mr Joske said since 2009 at least 12 recipients of ARC Australian Laureate Fellowships had shown evidence of overlapping involvement in talent-recruitment programs, including filing patents in China while being the recipient of this funding. Additionally, Mr Joske said at least 23 recipients of ARC Future Fellowship funding, worth $19 million, appeared to concurrently hold appointments in China through talent-recruitment programs.
Mr Joske recommended consideration to whether the ARC (as a grant funding organisation) was sufficiently resourced and capable of auditing and detecting breaches of these grants.
Tertiary Education Quality and Standards Agency (TEQSA) processes and Model Code implementation
DESE said they had established a Higher Education Integrity Unit within TEQSA to identify and respond to risks in the sector. DESE said this would cover topics such as: admission standards; academic and research governance integrity; student safety; foreign interference and cyber security. WSU submitted the establishment of an integrity unit within TEQSA to manage UFIT guideline recommendations and implementation had assisted in WSU’s development of compliance processes.
DESE said in relation to the TEQSA integrity unit:
It wasn’t established as a unit to police the integrity of providers’ responses to things like foreign interference and the like. At its core, it’s a research, analytical and best practice effort to make sure that systematic issues and the way that the sector is delivering the education that we expect it to deliver to students is being delivered in very high quality.
DESE said they had established an independent review to evaluate the progress the sector had made on the model code on freedom of speech and academic freedom. DESE noted the 2018 Model Code on freedom of speech and academic freedom, which all universities undertook to adopt. DESE noted the Australian Government position that adoption of the model code would support higher education providers in resisting pressures that could diminish academic freedom and freedom of speech on campus. DESE noted the 2020 review found 9 of 40 universities had fully implemented the code.
The University of Sydney offered a direct view on the appropriateness of TEQSA’s role on these issue, saying:
I don’t think TEQSA is an appropriate body for national security issues.
Mr Alex Joske broadly concurred with this view of TEQSA and said:
The TEQSA Higher Education Integrity Unit does not appear to have been active in counter foreign interference efforts or responding to national security threats. Public information about the Unit indicates that its focus is currently on acting against cheating.
Critical technologies and areas of threat
ASIO said the sector could be further assisted if they were provided with information as to what areas of research required protection. ASIO said government policy to provide clarity on this topic would allow both the sector and ASIO to prioritise their activities to focus on the threats that carried the greatest potential for harm.
In agreement Adelaide University said a sensitive technologies list would assist them greatly. This related to the layered defence model proposed by the University of Tasmania in their efforts to protect their ‘crown jewels’. Adelaide University discussed the approach they would take to this issue:
We have to ask, ‘what are the things around which we have to build really, really high fences so that it’s impenetrable to anybody other than our allies.’ If we don’t clearly define what that is, we’ll probably do none of the protective arrangements efficiently, where they’re really required. I think that’s the big challenge we have to meet: high fences around things we only want to share and co-develop with certain partners, and collaborative measures in areas where a global effort, such as beating a pandemic, would require us to collaborate very readily and swiftly.
CSIRO said they were working closely with PM&C currently to develop a list of critical technologies. Adelaide University discussed the importance of government and the sector collaborating on critical technology policy saying:
One of the outcomes of this inquiry we would be very pleased to see is that government really sits down and works with the sector to make this something that facilitates collaboration where it is of benefit to our national makes it very clear what collaboration is deemed not to be in the national interest.
Adequacy of communication and engagement between the Australian Government and the sector
The Committee considered the adequacy of communication and engagement between government and the sector as it related to the terms of reference. The sector broadly agreed their existed significant existing contact between the sector and government. The University of Melbourne outlined their existing arrangements which were largely mirrored in other submissions. This included engagement with: the Department of Home Affairs and Attorney-General’s Department on international engagement; the Department of Defence and Department of Foreign Affairs and Trade on export control and sanctions matters; the Department of Education on security and policy matters; and operationally with the Australian Security Intelligence Organisation, Australian Signals Directorate and Australian Cyber Security Centre as required. The University of Melbourne cited these engagements as proof of collaborative and appropriate engagement with government to reduce the national security risks.
UNSW expressed their satisfaction with the engagement they had with ASIO, DFAT, Department of Home Affairs and DESE. UNSW indicated they would continue engagement of this nature.
In discussing the best point of contact for many of these issues ASIO suggested the National Counter Foreign Interference Coordinator in the Department of Home Affairs was the best central point of advice for the sector with respect to these issues. In doing so ASIO highlighted its role as an intelligence agency rather than as a policy agency.
The University of Melbourne further stressed the importance of this partnership and said:
The Australian Government and its agencies are uniquely positioned to share crucial information and expertise that can assist universities’ work to manage day-to-day decision-making. Likewise, universities are aware of the need to improve lines of communication and collaboration with the Government and other stakeholders. It is this working relationship and goodwill that will drive an improved two-way culture of awareness and compliance in managing risks associated with the potential for foreign interference.
QUT suggested greater communication with Commonwealth agencies and suggested dedicated liaison positions between the sector and key government agencies and identification of single points of senior contact in each higher education institution.
When discussing the adequacy of existing policies and programs ASIO recommended continuing the education and messaging campaign of what the national security risks are.
University of Sydney said there was a shift from ‘passive and reactive to proactive and engaged’ between the sector and government agencies. They said of this:
Our engagement at the University of Sydney with the security agencies and also through the Group of Eight has been very productive. As I said, they have been active in engaging the sector, in convening regular and informed discussions about the risk environment. Of course there are constraints on what they can tell us, and we understand that.
UNSW discussed the evolution of the engagement and highlighted the importance of the relationship between ASIO in particular and the sector:
The first interaction I had with the security service was at a Group of Eight meeting where the head of ASIO attended. That was somewhat of a surprise to the vice-chancellors in 2016. Now we have a dialogue with the security services at all levels of the university on a regular basis, which is extremely reassuring and helpful to us.
UQ, when discussing the timeline for engagement and critical points along this timeline, said:
I think there was a very significant meeting in 2018…that was followed up with the establishment of UFIT in 2019.
Universities Australia characterised the relationship as positive, saying:
Respectful relationships have been built between agencies and the sector as whole and individual institutions over many years. Universities look to the intelligence agencies as their primary source of information regarding the scale and extent of threats.
UA noted a key challenge to be:
The delineation of roles and responsibilities around the points where university capabilities to manage foreign interference reach their limit and where Government responsibilities begin or complement university activities.
ANU said a fundamental conceptual shift at this point was to shift the emphasis in the harm statement:
The shift removed a fundamental conceptual difference between the sector and agencies that the real value – and therefore the target of foreign actors – was not the scientific knowledge contained in university information systems but in the expertise of our scientists. A point which is exemplified in the fact that the threat actors who breached ANU systems in November 2018, deliberately targeted systems holding data on our people and ignored digital repositories of scientific knowledge.
Edith Cowan University recommended an additional committee be formed on these topics:
A committee composed of members from the higher education sector, research institutions, and the relevant Australian Government departments, is established through legislation to work together on national security issues, and to provide a proportionate, connected approach to national security affecting universities.
UWA said assistance of national security agencies had greatly benefited universities:
Despite these measures there naturally remain limits to how well UWA or any university is able to identify and respond to national security risks, and Government support and guidance is needed to manage more serious risks and incidents…Universities rely on our national security agencies to provide information and insights based on their professional experience and on intelligence which is not publicly available.
UWA noted a distinction between government writ large and individual officers within government at this point:
Despite the generally excellent assistance that individual officers provide universities, there is more the Government could do, both in creating a more coordinated legislative framework and agency response, and in assisting individual universities with particular issues.
UNSW said threat mitigation measures were most likely to be successful when developed in partnership between the sector and the government. Specifically UNSW recommended the establishment of clear roles and responsibilities of both the sector and government. UNSW noted collaboration between government, the sector and industry would be required to ‘accelerate our sovereign capability and to sustain Australia’s strategic and competitive advantage in the Indo-Pacific region’.
Monash University said they regularly engaged with the Department of Defence and the Australian Research Council on these topics as well as a variety of other government agencies on advisory and technical support.
The University of Melbourne, along with several other submissions, requested timely and clear intelligence/information from government on these risks, and guidance on assessment tools to be used in this topic. Generally, this was supported with the argument the government is best placed to know and understand the characteristics and manifestation of risks rather than the sector.
ATNU noted Australia’s policy framework was in line with allied countries and where it has exceeded allied measures there has been frank discussion between the sector and government.The Australian Technology Network of Universities said:
It is important to acknowledge that, to date, the interests of both the Government and the university sector have been met, where the risk protection framework has been co-designed by both parties.