Envied the world over, U.S. institutions of higher learning have taught millions of undergraduate and graduate students, nurtured scores of scientists and entrepreneurs, advanced medical science, and incubated many leading technology companies -- all of which makes them top targets for foreign intelligence services and nongovernmental actors.
As America and the world start to reopen for business, and college and university leaders are rightly focused on the safe and healthy reintroduction of students and faculty members to campuses, the perfect opportunity for the resumption -- and, more likely the acceleration -- of widespread academic espionage has materialized. College and university leaders will lack the time, attention and potentially the budget to zero in on this critical issue. But this is exactly the time for the greater higher education community to strengthen its commitment to ensuring that adequate controls and monitoring are in place to stem the tide of academic espionage.
Inculcated by their core missions of education and research as the means to bring nations and peoples together, solve the thorniest problems, and create prosperity for as many as possible, colleges and universities have welcomed students, researchers and professors from around the globe with largely positive results for all concerned. Sadly, such lofty ambitions are now juxtaposed against the long-term strategic efforts by China, Iran, North Korea, Russia and numerous other antagonistic actors to penetrate leading U.S. institutions of higher learning with a focused effort to appropriate the expertise and information they seek, regardless of its proprietary, confidential or classified nature.
The January arrest of Charles Lieber, the chairman of Harvard University’s chemistry department, by the FBI on charges of lying about receiving millions of dollars in Chinese funding is but one high-profile example. The federal criminal complaint was blunt in its allegations that Lieber misled the U.S. Department of Defense and the National Institutes of Health about his participation in China’s Thousand Talents Plan while those U.S. agencies were spending more than $15 million to fund his research group in this country.
Following the indictment, the U.S. Department of Education announced the launch of investigations of both Harvard and Yale Universities for apparently failing to properly disclose transparently hundreds of millions of dollars in foreign gifts and contracts as required under Section 117 of the Higher Education Act. These are merely the most recent of the eight civil compliance investigations launched by the department since the end of June 2019.
Last year, a Hoover Institution study reported that more than 350,000 Chinese students currently study in U.S. universities, with a focus on STEM-related courses of study. Starkly, this analysis concluded, “China’s expropriation of American technology is an example of how it leverages its influence among universities, corporations and diaspora communities to further strategic objectives.” Although over the past few months, American colleges and universities have canceled in-person classes, moved to online instruction and temporarily suspended certain research activities due to the unprecedented COVID-19 pandemic, the risk of academic espionage has not abated. While the majority of international students and researchers pose no threat to our institutions of higher learning -- including those who have remained on campus during the pandemic due to travel restrictions and visa concerns -- history has shown that an ever-present danger of espionage remains.
With specific warnings from the U.S. intelligence community and the FBI and admonitions from Senator Mark Warner, vice chairman of the Senate Intelligence Committee, the time has come for America’s colleges and universities to see the protection of intellectual property and the need to guard against the compromise of researchers through the lens of national security. Institutions must each put in place a robust threat analysis and risk mitigation program to meet the challenge of the advanced persistent threat of academic espionage.
Our higher education leaders must act swiftly. To be effective, a threat analysis and risk mitigation program should be fully transparent (which will help deter criticism about intrusions on academic freedom), apply evenly to all concerned and let antagonists know that this heightened diligence now exists. The key elements include:
Funding transparency. For grants and donations from overseas entities, care should be taken to track the true source of these funds, understand any conditions attached to them and commit to the public release (on the college or university’s website, for example) of this information. The addition of totals for each donor from across all institutional programs will make clear the level of their overall donations and influence. Professors and researchers must also understand the severe consequences they may face for anything less than 100 percent transparency. Full and complete reporting and disclosure must be made for gifts from, and contracts with, any foreign source that, alone or combined, exceed $250,000 in value during a calendar year in accordance with the requirements of Section 117 of the Higher Education Act.
Enhanced background checks. Given the value of the research that colleges and universities oversee and the key role students play in that process, appropriately reviewing the backgrounds of those who participate in such projects is prudent and responsible.
Travel and workflow. Especially with respect to students and professors/researchers who are involved in research projects and still plan to travel outside the United States, it is reasonable to understand their destinations, the duration of their visits and whether other students joined them. Similarly, it is logical to implement and review a clear audit trail for information that is disseminated by the college or university’s team, and to catalog the information that is being shared, the frequency with which it is being sent and its destination.
It is understandable that some people may see this initiative as overly intrusive, but applied evenly, it is a key element in an appropriate program of oversight and compliance and in keeping with the standards that the United States and numerous state governments adhere to. The Treasury Department’s Office of Foreign Asset Control (OFAC) also may require that if travel is conducted to a U.S.-sanctioned country, their institutions must make sure that they are in compliance with reporting such trips. The U.S. government also requires that if any of the data/information from the underlying programs the professors/researchers are working on is subject to export control requirements, there is compliance with all the attendant regulations.
Diligence. Effective compliance programs are not static; their impact is specifically designed to be ongoing and coincide with evolving multiyear research programs that add new team members even as others depart. Consequently, the backgrounds of new team members should be reviewed and held to the same standard as those who were associated with the program when it began. Colleges and universities should keep track of departures and determine where those individuals go and the location of all data, notes and other research that students, researchers and professors developed. Ideally, the tracking of this information should continue in perpetuity.
Management and oversight. The asymmetrical risks that colleges and universities face in this area necessitate that the continuing management of this regulatory and compliance function become part of the portfolio of a senior administrator, such as the chief compliance officer -- along with the necessary budget. Working with outside, independent counsel, that officer should make semiannual reports to the Board of Trustees with specific recommendations for all necessary program modifications.
The voluntary implementation of self-directed oversight and compliance protocols -- before they are thrust upon colleges and universities in the context of an escalating trade war, national security imperatives or other drivers -- provides the opportunity for institutions to strike the right balance between responsible oversight and intellectual exploration and freedom. Indeed, the framework included in the passage of the National Defense Authorization Act for Fiscal Year 2020, which provides for the protection of federally funded research from foreign interference, cyberattacks, theft and espionage and development of best practices for federal science agencies and grantees is already in place. The law also requires the secretary of defense to establish streamlined procedures to collect appropriate information relating to individuals, including United States citizens and foreign nationals, who participate in defense research and development activities (other than basic research).
In short, the future is here -- and colleges and universities that act now will be best positioned to ensure the protection of the vital intellectual capital they help germinate, as well as to continue to nourish innovation; fulfill their core educational and research mission for students, researchers, scientists and professors from around the world; and be effective sentinels in the protection of U.S. intellectual property and research.