A student’s visa has been cancelled for links to ‘weapons of mass destruction’. What’s going on with Australian research security?

Drones are an example of the ‘dual-use technologies’ that can fall foul of research security concerns. Goh Rhy Yan / Unsplash

Over the weekend, Queensland University of Technology PhD student Xiaolong Zhu became national news – and not for a good reason. Zhu is a Chinese citizen, and his visa to study in Australia has been denied on the grounds of being “directly or indirectly associated with the proliferation of weapons of mass destruction”.


  • Brendan Walker-Munro

    Senior Lecturer (Law), Southern Cross University

The story begins in October 2019, when the university offered Zhu a scholarship to undertake a PhD in robotics. His research would focus on how drones navigate in urban environments without access to GPS.

But in June 2020, Zhu was told the foreign minister had ruled him a risk of proliferation of weapons of mass destruction, specifically missiles and rockets. That decision may be in part motivated by Zhu’s prior education at Beihang University, an institution closely aligned with China’s military and a lead developer of ballistic missiles and stealth aircraft.

Zhu’s appeal is ongoing, and he has done nothing obviously wrong and has not been charged with or convicted of any crime. So why is his story such a big deal? Zhu’s case, the fifth in which a researcher has been barred from the country on suspicion of links to weapons of mass destruction, is just the latest outcome of Australia’s patchy and irregular approach to “research security”.

Australia’s approach to research security

Australia’s approach to protecting certain types of research from national security threats is inconsistent and out of step with that of many of our allies.

The United States, United Kingdom, Canada, the European Union and New Zealand all have national policies on research security. Australia does not.

Instead, we have voluntary University Foreign Interference Taskforce guidelines, first written in 2019 and updated in 2021. These guidelines were originally written before COVID, the US-China “chip war” and the announcement of AUKUS.

One of Australia’s biggest funders of university research – the Australian Research Council – has only just published a research security framework in the past six months. Our other major research funders, CSIRO and the National Health and Medical Research Council, don’t appear to have anything similar.

At the same time, most, if not all, Australian universities are increasingly turning to foreign funding in response to government cutbacks.

Blunt instruments

At present, the Australian government seems intent on using blunt instruments to regulate research security.

For example, the foreign minister can refuse or cancel a visa if a person poses a risk to security, fails the “good character” test or (as in Zhu’s case) is deemed to be potentially associated with weapons of mass destruction. Since April 2024, the foreign minister can also refuse or cancel visas if the person poses “an unreasonable risk of an unwanted transfer of critical technology“.

Such controls can be incredibly risky when universities are also facing potentially crippling limitations on international student numbers, and where international education is one of Australia’s biggest exports.

Australian university researchers also face export controls. They must seek a permit if they share or publish military or “dual use” technology (research with both military and civilian applications, such as radar).

Many countries have similar controls, but the definition of “dual use” technologies can be incredibly subjective. In 2012, a Dutch researcher was infamously taken to court after publishing influenza research that allegedly could have been used to make biological weapons.

Universities in Australia are also required to publicly list every arrangement with a foreign government entity. A recent study of these arrangements found a disturbing number of potentially high-risk ventures at our universities.

Disclosure doesn’t appear to stop questionable research associations going ahead. A parliamentary inquiry has even found the public register to be no longer fit for purpose.

What Australia could be doing better

There has been a lack of consolidated action on research security.

Two years ago, a parliamentary inquiry heard of sustained and repeated acts of foreign interference at our universities. To date, fewer than a quarter of the committee’s recommendations have been acted upon.

The final report of the Universities Accord, released this year – which Federal Education Minister Jason Clare called “a blueprint for the next decade and beyond” – doesn’t mention research security at all. In fact, it mentions national security only three times in 408 pages.

Another problem is the complete secrecy surrounding these kinds of cases. Had Zhu not appealed, we might never have heard about it.

Neither the government nor the university made substantial public statements about the case. And Zhu himself will probably never even know what information the minister considered to ban him. Instead, the government issued a variety of certificates to protect “lawful methods for preventing, detecting, and investigating breaches or evasions of the law” and “confidential sources”.

Where to from here

Australia could take some lessons from our allies.

In Canada, any federal funding involving a “sensitive technology” will be refused if it involves association with anyone on a list of specific organisations. In New Zealand, high-risk research can be secured by the use of encrypted devices, security clearances, and keeping all research data offline. In the US, universities can be fined or even have their funding suspended if they do not comply with disclosure rules.

That said, our universites are unlikely to welcome more regulation. Such rules may infringe on academic freedom – the protection of academics’ rights to pursue risky or controversial topics.

Universities already complain they are one of the most “over-regulated” sectors in the country. Worse yet, universities say stifling international competition could stunt our innovation and “leave us worse off”.

But these objections shouldn’t be the end of the story. In 2021, ASIO head Mike Burgess said that “taking a sensible approach to national security risks shouldn’t stop [universities] from getting on with their core roles”.

Three years on, even discussion of this “sensible approach” seems to have fallen by the wayside. It needs to start again – or any “Future Made in Australia” might stall before it even gets started.

The Conversation

Brendan Walker-Munro is affiliated with Southern Cross University, the Australian Cyber Defence Alliance and the Social Cyber Institute. The views expressed here are personal and are not necessarily the views of any institution or organisation.

/Courtesy of The Conversation. View in full here.