A trio of Ministers, Champagne for Innovation, Science and Economic Development Canada (ISED), Holland for Health, and LeBlanc for Public Safety, recently issued a flurry of new directives aimed at tightening up research security at Canadian universities.[1] This is the latest is a process dating back several years designed to “safeguard” Canadian university research in the face of the trifecta of rising espionage dangers, intellectual property theft, and foreign interference. The focus of concern is China, although officially the scheme is meant to be country “agnostic.” Fig leaf alert!
The build has involved numerous challenges. They include a desire to balance measures for research security against the need to maintain an open and collaborative research ecosystem. Any enhanced research security scheme needs to avoid discriminatory practices. Then there is the challenge to create a working partnership between the federal government and Canadian research universities to arrive at some common understanding of research security risks. A key is the need to solve the problem of intelligence sharing between national security agencies and University administrations and faculty staff on threats. There is the bedrock principle of avoiding anything that would undermine the nature and culture of Canadian universities themselves, not least their autonomy and independence as centres of learning. Last, but not least, Canada needs to move in step with its allies.
The government has adopted an incremental approach in the face of these multiple challenges. Don’t get me wrong. I don’t want to suggest that an incremental, learn-as-you-go, process is a bad thing. But it can serve to deflect criticism of the overall scheme, and mask broader issues, to the extent that the ultimate structure that gets built may not be one that meets all the objectives of creating a research security ecosystem in a reasonable, responsible and proportional way.
With that marker, let’s see how the research security plan has evolved. The first thing that needs to be noted is that it focuses on elements that are in control of the federal government. In the Canadian setting, education is a provincial responsibility. But the feds operate a major funding pipeline that provides support for research projects across all the University disciplines. Sponsorship of that pipeline, which involves research “councils” that adjudicate research proposals and allocate research grants, gives the federal government its entrée, which it can then match with its expertise and knowledge with regards to national security threats.
The research councils themselves are divided according to academic disciplines. There is the Natural Sciences and Engineering Research Council (NSERC); the Canadian Institutes of Health Research (CIHR); and the Social Sciences and Humanities Research Council (SSHRC). In addition to this big three, there is the Canada Foundation for Innovation, which is an independent, not-for-profit organization that helps fund research infrastructure costs in keeping with an agreement with the federal government.
In terms of sensitivity of research and concerns about vulnerability to espionage, IP theft and foreign interference, the focus should be on research funding that flows through NSERC. But the federal government, while it wants to start there, does not intend to stop there. This is part of its gradualism. Mission creep? More thoughts on that later.
An early step by the federal government involved the creation of a risk assessment framework that research proposals seeking funding through the federal councils must comply with. The framework was incorporated into a document called “National Security Guidelines for Research Partnerships” issued in July 2021.[2] The Guidelines were developed in collaboration with representative of what are called the U15—the leading research-intensive Universities in Canada
The key working principle of the Guidelines was to make Universities and their faculty responsible for assessing security risks associated with research projects and partnerships. The task was, effectively, to be downloaded. This principle was an important and necessary recognition of University independence and autonomy, but placed a significant burden on researchers applying for federal grants and on the administrations that support them. The burden was two-fold—additional, labour-intensive, requirements added to research funding applications and, more broadly, the big ask that University staff be able to properly assess risks. Research grant applications are burdensome enough, but I don’t suppose one more straw will break anyone’s back. The more challenging proposition was the downloading of risk assessment responsibility on the Universities. As a generalization, but perhaps not too gross a one, Canadian universities are not well equipped in terms of knowledge or organizational structure to assume this relatively unfamiliar mission.
In recognition of the need to create an internal system to better scrutinize University research for security risks, many of the research-intensive Universities have created research security units in their administration. But these units face a fundamental reality of University culture, which is that tenured faculty members cherish their independence and autonomy, and their command of their subject matter, and don’t like to be dictated to by administration staff, who don’t always have their academic credentials. This is the creative anarchy of the University system, well known within, a secret without. For University researchers, especially in STEM, national security issues will be in the wheelhouse of few; many will be among the 70% of Canadians who, when polled, could not identify CSIS. A similar poll found that only 3% of Canadians could name CSE as the organization responsible for foreign SIGINT and cyber security. Most academic researchers will not be far behind.
University self-education and consciousness-raising are not the answer, though the government would like to think it should be. Awareness can only come from a greater interchange of knowledge about national security threats between the University community and the federal government agencies responsible, but here generalized security briefings are more of a hindrance than a help and anything more specific runs into problems of sharing sensitive intelligence.
The government, perhaps aware of this challenge, proceeded slowly, starting by applying the July 2021 guidelines to a limited pilot project. The pilot involved a specific research funding stream under NSERC called the Alliance grants. These grants are uniquely designed to involve research with partner entities who can contribute to cost sharing. They run from one to five years and can involve funding ranging from $20,000 to $1 million per year. [3]
The Alliance pilot lasted for a year, from July 2021 to July 2022. The statistics involving the test use of the national security guidelines indicated that only 4 % of the total number of applications required assessment by government national security officials, but that two-thirds of those subject to additional security agency scrutiny were deemed to pose “unmitigable risks.” [4]
Overall, the government deemed the pilot a success, both in identifying security risks posed by a small number of applications, but also in a finding that the overall application of the national security guidelines had not skewed the success rate. But at least one researcher, Tamer Ozsu, who fell into the category of applicants denied funding on national security grounds, was reported to have found the process lacking in transparency.[5] Ozsu directed the Waterloo-Huawei Joint Innovation Lab at the time, which was established in 2016 with generous funding from Huawei, but was ended in 2023, marking a trend demonstrated by other Canadian universities in abandoning partnership arrangements with the Chinese telecommunications giant.[6]
While it was scarcely surprising that funding applications involving Huawei as a partner would be denied, other commentators in the scientific research community called for greater clarity and more information about the national security decision-making process.
The 2021 guidelines encouraged researchers to familiarise themselves with a whole range of existing laws and regulations, including the Export Control List, Export and Import Permits Act, the Nuclear Non-Proliferation Import and Export Control Regulations, the Defence Production Act, the Controlled Goods Program and be aware of entities sanctioned under the Canadian Special Economic Measures Act or the United Nations Act. Sheesh, sounds like a full-time job.
On top of this, the guidelines listed an array of research areas deemed “sensitive” or potentially “dual-use” (e.g. with military or intelligence applications).
There were 15 areas on the list, which cover a lot of ground. A couple were specific and easily understood, such as ”advanced weapons” or “advanced sensing and surveillance.” But the majority of areas on the list were very broad, including advanced materials and manufacturing, AI, biotechnology, medical technology, energy generation, storage and transmission, space technology. In addition to the list, there were other research areas “considered sensitive,” including those related to critical minerals, all aspects of critical infrastructure, research using large datasets or personal data. The catchment was very wide.
It should have been clear all along that something more precise and targeted by way of federal government guidance was going to be necessary, particularly as the application of the guidelines moved beyond a limited pilot project. The government would also have to move away from a country agnostic approach, even if it wasn’t prepared to say so openly.
These steps were taken, or so it was suggested, with the Ministerial announcement on January 16, 2024.[7]
The announcement included a list of “Named Research Organizations,” accompanied by a stricture that partnerships with any entity on the list involving research “to advance a sensitive technology research area” will be denied funding. The list was drawn up to identify foreign entities “connected to military, national defence or state security…that could pose a risk to Canada’s national security.” [8]
The list contains 103 names. The vast majority are Chinese entities, 82%. So much for the fig leaf of “country agnostic.” Iran takes second place with 12 listed entities; followed by Russia with 6. Many of the Chinese institutions listed have direct links to the Chinese military and state security, spelled out in their institutional titles—I counted 52 out of the total Chinese list of 85. You might not want, for example, to link up with a research partner from the PRC Army Special Operations Academy, or the PRC Navy Submarine Academy. There are some Chinese universities and STEM institutes listed. While the government promises to keep the list evergreen, only time will tell how useful or substantive it is. At first blush, it seems to have overwhelmingly captured the obvious candidates.
The second significant step that was announced by the Ministers was a new, or apparently new, description of “Sensitive Technology Research Areas.” [9] This was presumably meant as a refinement of the barebones list provided in the 2021 guidelines, designed to meet criticisms of the original list’s breadth and generality. The original list, as noted above, contained 15 research areas. The new list contains 11. Is it slimmed down—tightened and more focused? The smaller number of research areas is, in fact, a bit deceiving.
The 2024 list of sensitive research areas, on examination, differs little from that provided in 2021. There is a greater emphasis on break-through research of “advanced and emerging technologies;” while talk of dual-use technologies has been dropped. But the 2024 list essentially just shuffles the deck.
Four sensitive research areas are carried over from 2021 unchanged; most of the others are renamed slightly from 2021 or have elements bundled together. There are no new additions to the list. Deletions are few.
The most interesting deletion appears to be “Advanced ocean technologies.” No explanation for its disappearance from the list as a sensitive technology area is provided. There is also no mention of critical infrastructure, presumably dropped because it was simply too broad to be meaningful.
The 2024 list of sensitive technology areas does provide short descriptions of each area, but it is unlikely that any of this would be news to researchers in these fields, though they sound exotic to non-scientists (ever heard of “auxetic materials” or “high entropy materials” or “4D printing”?—me neither).
If the 2024 list differs only marginally from the original 2021 version, there will be a significant change in application. Starting in 2024, all research grants submitted to NSERC will be subject to security scrutiny, initially by universities, matched against the list of “Named Research Organizations” and ‘Sensitive Technology Research Areas.” The small-scale pilot project is over.
Whether in future the statistical pattern of research funding denied because of national security concerns will replicate the findings of the pilot remains to be seen. So, too, does the question of whether the new lists prove any more helpful to hard-pressed University scrutineers and national security officials in Ottawa.
I don’t mean to disparage the potential value of lists, if they are fit for purpose. But the real bedrock of any scheme for university research security is to be found in intelligence and counter-intelligence, and the ability of national security agencies to meaningfully share what they know with the university research community. Despite efforts to date, I think there is much that remains to be done to ensure that we have the best available intelligence on foreign espionage, IP theft and interference and are creating the secure informational pipelines to allow for knowledge transfer to the university community. Proposed CSIS Act amendments could help in that regard. Downloading research security to the universities is a fine principle, but it won’t work if starved of oxygen.
Expanding the application of national security risk assessments to all NSERC funding is not meant as the end of the story. At some future date, so the government promises, the envelope will swell, massively, to include funding provided by the Canadian Institutes for Health Research (CIHR) and the Social Sciences and Humanities Research Council (SSHRC).
There may be some justification for extending national security scrutiny to CIHR funding related to Life Science Technology, but extending the process to SSHRC funding makes no sense to me, and threatens to dilute and confuse the intended focus on STEM research in advanced and emerging areas. While this idea has been mooted for some time, no rationale has ever been provided. SSHRC disciplines are precisely those where the open research concept should be left untouched. They are also the disciplines where research funding is in vastly shorter supply compared to STEM fields and where Canadian scholars can and should benefit from international exchanges. The idea that the world needs more Canada may be overwrought and silly, but there can be no harm and much benefit in giving the world a better sense of Canada as seen through the many disciplines, from anthropology to sociology, that comprise the social sciences and humanities.
Ministerial trio, please rethink this piece of nonsense.
Ministerial trio, look to your own department’s intelligence capabilities and to your ability to share necessary information with the Universities. Upload, don’t just download.
[1] Statement from Minister Champagne, Minister Holland and Minister LeBlanc on new measures to protect Canadian research, January 16, 2024, https://www.canada.ca/en/innovation-science-economic-development/news/2024/01/statement-from-minister-champagne-minister-holland-and-minister-leblanc-on-new-measures-to-protect-canadian-research.html
[2] National Security Guidelines for Research Partnerships, July 2021, https://science.gc.ca/site/science/en/safeguarding-your-research/guidelines-and-tools-implement-research-security/national-security-guidelines-research-partnerships
[3] NSERC, “Alliance Grants,” https://www.nserc-crsng.gc.ca/Innovate-Innover/Alliance-Alliance_eng.asp
[4] ISED, “Progress Report on the Implementation of Canada’s National Security Guidelines for Research Partnerships and Supporting Research Security Efforts,” January 2024, https://science.gc.ca/site/science/en/safeguarding-your-research/general-information-research-security/additional-resources/annual-reports/progress-report-2021-2023
[5] University Affairs magazine, “Researchers decry a lack of clarity under national security risk assessments,” March 21, 2023, https://www.universityaffairs.ca/news/news-article/researchers-decry-a-lack-of-clarity-under-national-security-risk-assessments/#:~:text=He%20noted%20that%20the%20biggest,Özsu%20added.
[6] Joe Friesen, “After Cutting Ties with Huawei, University of Waterloo must find funding elsewhere,” The Globe and Mail, May 5, 2023, https://www.theglobeandmail.com/canada/article-after-cutting-ties-with-huawei-university-of-waterloo-must-find/
[7] Statement from Minister Champagne, Minister Holland and Minister LeBlanc on new measures to protect Canadian research, January 16, 2024, https://www.canada.ca/en/innovation-science-economic-development/news/2024/01/statement-from-minister-champagne-minister-holland-and-minister-leblanc-on-new-measures-to-protect-canadian-research.html
[8] ISED, “Named Research Organizations,” January 2024, https://science.gc.ca/site/science/en/safeguarding-your-research/guidelines-and-tools-implement-research-security/named-research-organizations
[9] ISED, “Sensitive Technology Research Areas,” January 2024, https://science.gc.ca/site/science/en/safeguarding-your-research/guidelines-and-tools-implement-research-security/sensitive-technology-research-areas
All Chinese companies and universities are effectively under the control of the Chinese government and Chinese Communist party so any research goes to aid the anti-democratic Chinese government.
Research with any and all Chinese entities should be forbidden unless there is a demonstrated net benefit to Canada and there are no security risks.
Thanks for making an otherwise obscure, technical and complex initiative understandable. It’s an important initiative but one that our media doesnt have the expertise to evaluate and report on. Demonstrates the value of your publication.