Brendan Walker-Munro, Southern Cross University

When we think of spies, we may go to images of people in trench coats and dark glasses, trying to steal government papers. Or someone trying to tap the phone of a senior official.

The reality of course can be much more sophisticated. One emerging area of concern is how countries protect their university research from foreign interference. And how we safely do research with other countries – a vital way to ensure Australia’s work is cutting edge.

This week, research security experts including myself will meet in Brussels to talk about how to conduct free and open research in the face of growing security risks around the world.

What does Australia need to do to better protect its university research?

What is research security?

Research security means protecting research and development (R&D) from foreign government interference or unauthorised access. It is especially important in our universities, where the freedom to publish, collaborate, and work together is seen as a virtue.

Australia’s universities face escalating, deliberate efforts to steal commercially or militarily valuable research, repress views critical of foreign regimes, and database hacking.

As my July 2025 report found, adversaries are no longer just stealing data or cultivating informal relationships. We’re seeing deliberate efforts to insert malicious insiders, target researchers and exploit data and cyber vulnerabilities.

ASIO head Mike Burgess has stressed there is an incredible danger facing our academic community from spies and secret agents.

In 2024, Burgess warned of an “A-team” of spies targeting academia:

leading Australian academics and political figures were invited to a conference in an overseas country, with the organisers covering all expenses […]. A few weeks after the conference wrapped up, one of the academics started giving the A-team information about Australia’s national security and defence priorities.

But Australia can’t just stop collaborating with foreign nations. Some are far more scientifically advanced than we are, and we risk cutting ourselves off from developments in the latest technology.

In other cases, we might be unfairly discriminating against researchers from other countries.

The international research landscape is changing

Since January, US President Donald Trump has slashed university funding, banned foreign students and orchestrated a campaign of lawsuits and investigations into campus activities.

This has a huge flow-on effect to Australia, as we have tied ourselves strongly to the US for science and technology funding.

So Australia is looking to the EU as a more reliable and sustainable funding partner.

It has reactivated talks to join the €100 billion (A$179 billion) Horizon Europe fund. Australia abandoned its original attempt in 2023 citing “potential cost of contributions to projects”.

Horizon Europe isn’t just a massive pot of money for Australian researchers. It’s also a way to bring Australia closer to the EU on other initiatives, like the EU Science Diplomacy Alliance, which ensures scientific developments are pursued for the safety, security and benefits for all people.

Yet if Australia wants to join Horizon Europe, it will need to prove it takes research security as seriously as other EU nations. In April 2024, Australia and the EU agreed to strengthen research security and

measures to protect critical technology and to counter foreign interference in research and innovation.

Australia does not have an adequate policy

But Australia does not have a proper national policy on research security. It also does not have a proper guide for our 43 universities in how they should approach it or what the minimum standards are.

The guidelines we have for “countering foreign interference” are entirely voluntary, and not centrally monitored for compliance in any way.

A 2022 federal parliamentary report detailed a litany of attempts by foreign agents to get access to our universities. It made 27 recommendations about improving that situation. To date, the federal government has not yet acted on about three quarters of these.

These included a recommendation to ban involvement in “talent recruitment programs”, where academics are offered vast sums of money or other benefits to duplicate their research in countries like China.

The EU approach

Australia’s approach is in stark contrast to the EU, which has made research security a priority.

In May 2024, the European Commission directed all 27 member states to adopt laws and policies to “work together to safeguard sensitive knowledge from being misused”.

Germany has since adopted “security ethics committees” – modelled on human and animal ethics committees – to scrutinise potential projects for dangerous or high-risk research.

The Netherlands, Denmark and United Kingdom all set up government contact points to help academics answer questions about research security practices.

It will take more than just policies

Australia needs clearer, stronger national policies for research security. But if we are going to take this seriously, we need more than just policy guidance.

To properly scrutinise and set up research, universities need time, support and information. This also means they need more funding.

In some universities there might be one person responsible for research security, and this may not be their sole job.

So we also need funding to give academics a way to identify and manage risks in research and support information sharing across institutions.

Through these measures we will be able to demonstrate to the world we are doing research securely – and it is safe to fund and work with Australia.

Brendan Walker-Munro, Senior Lecturer (Law), Southern Cross University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Graham Greenleaf, Macquarie University and Katharine Kemp, UNSW Sydney

Right now, more than 311,000 Australian Facebook users can apply for a slice of a A$50 million compensation fund from tech giant Meta – the largest ever payment for a breach of Australians’ privacy.

But the clock is ticking. Even if you’re eligible, you only have until December 31 2025 to make your claim. Similar payouts have already begun in the United States.

From who’s eligible, to how to make a claim, to how much the eventual payout might be: here’s what you need to know.

Why so many Australians can apply

The landmark settlement arose from Meta’s involvement in the Cambridge Analytica scandal: a massive data breach in the 2010s, when a British data firm harvested private information from 87 million Facebook profiles worldwide.

It led to a record-breaking US$5 billion penalty (about $A7.7 billion today) in the US against Meta as Facebook’s parent company, and the creation of a US$725 million (A$1.1 billion) compensation scheme for affected Americans.

Here in Australia, an investigation by the national privacy regulator – the Office of the Australian Information Commissioner – found Cambridge Analytica used the This Is Your Digital Life personality quiz app to extract personal information.

That investigation found just 53 Australian Facebook users installed the app. But another 311,074 Australian Facebook users were friends of those 53 people, meaning the app could have requested their information too.

In December 2024, the Information Commissioner announced she had settled a court case with Meta in return for an “enforceable undertaking”, including a record A$50 million payment program.

Claims opened on June 30 this year and close on December 31.

Who can apply?

You can apply if you:

• held a Facebook account between 2 November 2013 and 17 December 2015 (the eligibility period)
• were in Australia for more than 30 days during that period, and
• either installed the Life app or were Facebook friends with someone who did.

How to apply – but watch for scams

The Facebook Payment Program is being administered by consultants KPMG. (Meta has to pay KPMG to run it; that doesn’t come out of the $50 million fund.)

That website is where to go with questions or to lodge a claim.

Meta has sent all Australians it knows may be eligible this “token” notification within Facebook:

You may be entitled to receive payment from litigation recently settled in Australia. Learn more.

Try this link to see if the company has records of you or your friends logging into the Digital Life app. If there are, you should be able to use the “fast track” application.

If you didn’t get that notification but you think you were affected, you can make a claim using the standard process by proving:

• your identity, such as with a passport or driver’s licence
• you held a Facebook account and were located in Australia during the eligibility period.

But watch out for scammers pretending to be from Facebook or to be helping with claims.

Which payout could you be eligible for?

You need to choose to apply for compensation under one of two “classes”, requiring different types of proof.

Class 1: the harder option, expected to get higher payouts

To claim for “specific loss or damage”, you’ll need to provide documented evidence of economic and/or non-economic loss or damages. For example, this could include out-of-pocket medical or counselling costs, or having to move if your personal details were made public.

You’ll also need to show that damage was caused by the Cambridge Analytica data breach. For many people, proving extensive loss or damage may be difficult.

Class 1 claims will be decided first. There are no predetermined payout amounts; each will be decided individually.

If your class 1 claim is unsuccessful, but you’re otherwise eligible for a payout, you will be able to get a class 2 payout instead.

Class 2: the easier option, likely to get smaller payouts

Alternatively, you can choose to claim only for loss or damage based on “a generalised concern or embarrassment” caused by the data breach.

It’s a much easier process – but also likely to be a much smaller payment.

All class 2 claimants will receive the same amount, after the class 1 payouts.

These claimants only need to provide a statutory declaration that they have a genuine belief the breach caused them concern or embarrassment.

In Meta’s enforceable undertaking with the Information Commissioner, it states KPMG is able to apply a cap on payments to claimants. It also says if there is money left after all the payouts, KPMG will pay that amount to the Australian government’s Consolidated Revenue Fund.

Meta told The Conversation:

There is not a pre-determined cap on payments. The appropriate time to determine whether any cap should apply to payments made to claimants is following the end of the registration period [December 31].

So it’s not yet clear how much of the $50 million fund will go to Australian claimants versus how much could end up going to the federal government.

Payments are expected to be made from around August 2026.

How much are payouts likely to be?

Payouts from similar settlements by Meta elsewhere have been very small. For example, US Facebook users eligible for their US$725 million compensation scheme have expressed surprise at the size of their payouts. One report suggests the average US payment is around US$30 (A$45) each.

Here in Australia, a lot will depend on how many people bother to register between now and December 31.

Graham Greenleaf, Honorary Professor, Macquarie Law School, Macquarie University and Katharine Kemp, Associate Professor, Faculty of Law & Justice; Lead, UNSW Public Interest Law & Tech Initiative, UNSW Sydney

This article is republished from The Conversation under a Creative Commons license. Read the original article.

The spectacular heist of jewellery from the Louvre museum in Paris has many people wondering how a theft like this could occur in broad daylight and what might happen to the items that were stolen from the museum.

In a matter of minutes, four thieves were able to enter through a first-floor window, break into secure glass displays, and take nine items of jewellery of immeasurable value.

Although an alarm was set off and museum guards were nearby, the thieves were able to escape quickly, using motor bikes to get away. They dropped one stolen item, a diamond and emerald-encrusted royal crown that had belonged to Empress Eugénie, Napoleon III’s wife.

Their loot include jewellery from French imperial times – brooches, necklaces, earrings and a tiara. The French prosecutor’s office said the jewels were worth some 88 million euros (A$157 million), not including their historical value.

The speed and professionalism of the heist shows this was a well-planned crime, carried out by highly skilled perpetrators. That suggests they are linked to organised criminal groups.

Several media outlets reported a number of smaller thefts from French museums in recent weeks, including gold nuggets from the Paris Natural History Museum. There is no suggestion these thefts were linked to the Louvre heist.

What might happen to the loot?

The stolen jewellery includes well-known pieces that are easily recognisable. This will make it difficult, if not impossible, to sell them on the black market, even to well-heeled collectors and buyers.

This problem is well-known from other museum heists – such as the theft of the Canadian “Big Maple Leaf” giant gold coin from Berlin’s Bode Museum in 2017 or the famous heist of 13 masterpieces by Degas, Manet and Rembrandt from the Isabella Stewart Gardner Museum in Boston in 1990. Those paintings have never been recovered.

Instead, most experts believe one of two scenarios are more likely.

In the first, the jewellery would be broken down into smaller pieces. Diamonds and other gemstones may be taken out, altered and then offered for sale. Silver and gold may be used to manufacture other pieces or may be sold separately.

This scenario would make it easy to conceal the origin of the pieces and sell them openly or online. The combined value, however, would be significantly lower compared to leaving the pieces intact. It is thus doubtful the thieves targeted the specific jewellery for this purpose.

Scenario two would involve the thieves, or more likely the masterminds behind them, trying to sell the pieces back to the Louvre or trying to extort money from the French government for their return.

This may be done through brokers or other middlemen and may not happen for a while, until there is less public and media attention and the perpetrators feel sufficiently safe to contact – directly or indirectly – museum or state authorities.

Given the historical significance of the pieces coupled with the embarrassment caused by the heist, the Louvre and the French government would be keen to have the pieces returned as swiftly as possible and might be willing to negotiate, albeit secretively.

Much of this remains, however, speculation. Only a few days have passed since the heist occurred and many questions about the events, perpetrators and their motives remain unanswered. And just who may be behind this spectacular heist from France’s largest museum has everyone guessing.

Similarities with a Dresden museum heist

The Louvre theft brings to mind the jewellery heist at the Green Vault at the Zwinger Palace in Dresden, Germany, in 2019.

In this case, the perpetrators had closely examined the museum’s security system for many days and were able to enter the building without being caught on camera. They entered through a window on the first floor and within minutes stole 21 pieces of jewellery from several displays.

Unlike the Paris heist, the Dresden thieves entered at night and used brute force to damage the displays to take their loot.

Some years after the robbery, German authorities were able to identify and arrest the thieves involved in the heist – all five were members of a notorious Berlin-based crime family.

The perpetrators have since been tried and convicted and are serving long jail times. Most of the jewellery was retrieved and returned – unaltered – to its famous home.

It is hoped the French authorities will soon be similarly successful.

Andreas Schloenhardt, Professor of Criminal Law, The University of Queensland

This article is republished from The Conversation under a Creative Commons license. Read the original article.