Navigating Challenges: National Security Aspects and Research
The government of Canada, in particular Innovation, Science and Economic Development Canada (ISED) and Public Safety Canada, have started to implement security measures in the context of academic research. The Computer Science community is particularly affected with the already existing and anticipated measures.
In here, we briefly outline the status of two initiatives, comment on CS-Can|Info-Can’s stance on these initiatives, and the information that we received from the Natural Sciences and Engineering Research Council of Canada (NSERC) and ISED in this regard.
First, the “National Security Guidelines for Research Partnerships” require researchers who apply to NSERC partnership programs (Alliance) to conduct a security-risk assessment. The process was in the pilot phase over the last years, and is now implemented in a revised version.
Second, ISED created a “Policy on Sensitive Technology Research and Affiliations of Concern”. This will affect not only partnership programs but all federal research funding (including NSERC programs). Following this policy, researchers that are associated with an organization that appears on a government managed list of “Named Research Organizations”, recently released, cannot apply for grants of the national research councils (NSERC, CIHR, SSHRC) or CFI.
Both measures were prompted by escalating concerns for national security, aiming to safeguard research activities that may entail potential risks. While the Canadian computer science research community acknowledges the necessity of such measures, there is a pressing need to enhance understanding, contribute to interpretation, and streamline the security-risk assessment process without hindering essential work.
Dr. Tamer Özsu, a member of the CS-Can|Info-Can Research Committee, offers a comprehensive personal opinion piece emphasizing the importance of striking a balance between protecting national interests and maintaining openness. The goal is to safeguard intellectual property, foster collaboration, and preserve Canada’s reputation as a welcoming and innovative research hub.
Impact of “National Security Guidelines for Research Partnerships” on Canadian Computer Science Researchers
As the collective voice for computer science departments and faculties nationwide, CS-Can|Info-Can recognizes the imperative nature of national security guidelines but calls for greater clarity and collaboration to ensure effective interpretation and implementation.
With the current process, all applicants have to conduct the risk assessment and submit it together with the application. NSERC then performs a pre-screening and for those where a risk is assumed, the application is forwarded to the Canadian Security Intelligence Service (CSIS) which conducts further assessment. Our understanding is that NSERC has a list of criteria / guidelines that helps in deciding, which applications will be moved forward for further review to CSIS, with these criteria containing more than just the research areas. But CS-Can|Info-Can could not receive any further information of how NSERC decides which applications are forwarded for extra review.
According to NSERC, during the pilot phase 48 of 1000 applications were evaluated by CSIS and 32 were rejected. It is the understanding of CS-Can|Info-Can that many of these applications involved Computer Science researchers.
CS-Can|Info-Can conducted a survey among researchers in 2023 which identified the following issues and provided feedback for this to both NSERC and ISED.
Issues Identified with the 2023 Pilot Project Guidelines:
- Proposal Rejections and Lack of Feedback: Numerous proposals faced rejection without clear feedback on reasons, with 32 out of 48 applications sent for extra review being rejected.
- Security Risk Assessment Delays: The security risk assessment process led to significant delays in the proposal evaluation timeline.
- Risk Assessment Form Documentation Burden: Researchers grappled with generic questions and a large documentation burden, fearing substantial workload, delays, and additional efforts for compliance.
- Feedback on Assessment Results: Lack of clarity on research topics and partners raised questions about risk mitigation and improving the overall process.
- Research and Researcher Screening: Concerns emerged regarding the screening of research partners and Canadian researchers. As there is no official list of problematic partners, researchers do not know whether the proposal itself or the partner organization or the combination of both were the problem in case of a rejection.
- Past Collaboration Screening: Some Ontario professors faced funding bans due to past collaborations with Chinese researchers.
Concerns:
CS-Can|Info-Can is concerned about the many challenges that were encountered in this first round of applying the guidelines for research partnerships. If there is no significant improvement, future impacts are far-reaching, impacting research competitiveness, funding opportunities, research collaborations, and High-Quality Personnel (HQP) recruiting crucial for the Canadian economy. To discuss these concerns, meetings were held with both ISED and NSERC.
Outcome of the meetings with ISED and NSERC in Summer/Fall 2023:
- Presumably the pilot project has ended and a report should have been made public. But CS-Can|Info-Can is not aware of such a report.
- The expectation is that risk assessment will continue for partnership programs.
- In regard to companies/partners that might be associated with a larger risk:
- As stated in the guidelines (Annex B), they do not aim any particular country or company. However: “Investments by partner organizations that are state-owned or subject to state-influence may be a key indicator of non-commercial interest motivations that could facilitate unwanted knowledge transfer in a manner that could harm Canada’s national security. Partner organizations that lack the autonomy and independence similar to public research institutions in Canada pose a greater risk of unwanted knowledge transfer. Some countries have laws or practices that compel entities and individuals to be subject to direction from their governments to provide Canadian information, research knowledge, technology, and its resulting intellectual property. Risks can also originate from personnel participating in the project, particularly if individuals have ties to foreign militaries or governments. It is important to identify and assess any potential conflicts of interest and commitment for all individuals involved in a research partnership.”
- There will be no list of companies/partners that are associated with a higher risk or that would basically always result in a rejection of the proposal.
- Researchers who want to know if a certain company they want to work with might be considered very high risk, they are welcome to contact the Research Security Center managed by ISED and Public Safety. Information about this Center should become public very soon.
In particular, there will be regional advisors that researchers can contact via:
researchsecurity-securiteenrecherche@ps-sp.gc.ca
- Guidelines and Processes: NSERC is very optimistic that processing will be faster in the future:
- All the infrastructure for the process is now in place.
- The aim is to ensure efficient processing, especially for low-risk cases.
- The guidelines are improved on a regular basis.
CS-Can|Info-Can asked that “simple guidelines” remain so that researchers with low risk don’t have to go through hundreds of pages.
- Training:
- NSERC has given training to Research Officers at most universities, who should now be better trained and provide better support. Risk assessment forms should be filled out with the support of these research officers. Thus, if any researcher finds that they don’t get the support from their officers, they should ask the officers to check with NSERC or complain to the universities.
NSERC will not give webinars or alike to individual researchers because universities themselves have their own guidelines so NSERC cannot be complete and prefers to only inform research officers. - The government offers research security workshops also to researchers. They can be found at https://science.gc.ca/site/science/en/safeguarding-your-research/general-information-research-security/research-security-training-courses
- Generally, the government has a whole web-site regarding safeguarding your research: https://science.gc.ca/site/science/en/safeguarding-your-research
- NSERC has given training to Research Officers at most universities, who should now be better trained and provide better support. Risk assessment forms should be filled out with the support of these research officers. Thus, if any researcher finds that they don’t get the support from their officers, they should ask the officers to check with NSERC or complain to the universities.
The “Policy on Sensitive Technology Research and Affiliations of Concern” Innovation, Science and Economic Development (ISED)
Introduction:
In summer 2023, CS-Can|Info-Can met with representatives from ISED who provided an overview of the then planned “Policy on Sensitive Technology Research and Affiliations of Concern”. This policy was supposed to be in place in Fall 2023 but only mid January 2024, the government announced it will apply. Here are the basic ideas that were conveyed in the summer 2023 meeting.
According to this policy, an application to any NSERC grant can only be submitted in the following cases.
- If the application does NOT cover any of the critical research themes (there will be 11 larger themes in total), then there is no further restriction. It appears that nearly all of Computer Science research will be part of one of the critical research themes.
- If the application covers one of the critical research themes, then neither the PI or any of the co-PIs (or probably also collaborators in the case, e.g. of CREATE) can be currently “affiliated” (either directly, funded or in-kind) with an entity on a “red-flag” list of “Named Research Organizations” and may not be affiliated throughout the duration of the grant.
- The red-flag list contains universities and other government entities (and not yet any companies) that are considered high-risk. The recently released list contains around 100 organizations, mainly universities from China, Iran and Russia. A fair amount of well-known research institutions are on this list.
- Affiliation in the past will not be relevant.
- At the time of application, each PI/co-PI has to sign online a statement indicating that they are not affiliated and will not be affiliated throughout the duration of the grant. If one is affiliated, the application cannot be submitted.
- The understanding of CS-Can|Info-Can is that for team grants, the PI should talk to all the co-PIs and inform them about this requirement so that there are no surprises at the time of grant submission.
- If it turns out that a submission is in violation of the requirement, opportunity should be given to readjust the team to exclude the person that has a forbidden affiliation.
- ISED / Public safety might make random tests whether these statements are true. Anyone willfully withholding information and misrepresenting themselves will be reviewed under the Responsible Conduct of Research (by the university?)
- Special measures for students / post-docs are taken. In particular, if they were students in the past at one of these institutions, this should not be a problem. Grad students who remain registered at their home institution on the list of prohibited institutions will not be accepted as part of a grant application.
- It is ok if not all HQP is known at time of application.
ISED has already created a draft document with FAQ.
Furthermore, ISED is in exchange with provinces and third-party funding agencies to also introduce a second layer of risk assessment. This might take different formats and can differ between provinces and funding agencies. In particular, entities that get a large amount of money from the government and manage their own application process where they distribute this money, might have to provide a Risk Assessment plan to ISED. It’s not clear how these plans look like. But it might lead to each of these 2nd tier agencies install their own risk assessment policies. This will make it even more difficult for the research community to understand the processes, understand the issues, and raise concerns.
Conclusion:
CS-CAN|INFO-CAN meetings with ISED and NSERC demonstrate a commitment to enhancing research security and efficiency. Ongoing efforts focus on streamlining processes, addressing concerns, and fostering collaboration with key stakeholders.
However, CS-CAN/INFO-CAN is concerned that the evaluation process, in particular in regard to risk-assessment, remains opaque, continues to have considerable hurdles and might impact Canadian research output.
CS-CAN|INFO-CAN is also concerned that affiliation to an organization on the list of affiliations of concern might not be well defined (e.g., regarding affiliation in the past, the impact of collaboration with people who are affiliated with organizations on the list, affiliation of possible HQP working on the project).
Furthermore, since our meetings in Fall CS-CAN/INFO-CAN has not heard anything new from neither NSERC nor ISED but will follow up with them this spring.