1. What is the role of SIGSAC PROTECT?

SIGSAC PROTECT is an advisory committee established by ACM SIGSAC to uphold and promote professional conduct and academic ethics within the security and privacy research community. Its mission is to preserve the integrity of the peer review process and maintain community trust by engaging with members, responding to ethical risks, and developing mechanisms for scientific integrity. It monitors concerns, collects feedback, and facilitates the reporting of credible ethical issues to the appropriate formal ACM committees, as well as committees outside ACM (e.g., IEEE, USENIX, ISOC etc.). Crucially, it does not act as an enforcement body. The goal of ACM PROTECT is, among others, to formulate guidelines and provide suggestions to secure the review process and to ensure ethical conduct.

2. Is PROTECT a policy-making or enforcement body?

No. PROTECT does not make policies or enforce sanctions. Its role is primarily advisory and supportive. It aims to suggest, design, and promote best practices, facilitate communication, provide resources, and guide formal complaints to the correct bodies (like ACM COPE or the Publication Ethics Committee) which do have the authority to investigate and act on ethical violations.

3. What happens when someone submits a report to PROTECT?

Reports submitted to sigsac.protect@acm.org are handled confidentially by the PROTECT Chair, Vice Chairs, and Secretary. When submitting a report, please include as much detail as you can such as the conference, the year, a description of the unethical behavior along with verifiable evidence that you can provide and potentially other witnesses to contact. Please also mention if you want to remain anonymous.

• Formal Complaints: If a report includes specific, verifiable evidence of unethical behavior, a team of non-conflicted PROTECT members reviews it. If deemed viable, PROTECT assists the reporter in preparing materials and directs the formal complaint to the appropriate committee (e.g., ACM COPE or the Publication Ethics Committee) for formal investigation and decision-making. PROTECT itself does not conduct the formal investigation.
• Informal Complaints: Concerns raised without sufficient formal evidence can still help PROTECT identify broader systemic risks or emerging trends within the community. When appropriate, the committee may take proactive measures to address and mitigate these risks, such as proposing policy improvements or raising awareness. Informal complaints may also evolve into formal complaints if further investigation uncovers verifiable evidence. However, recognizing the potential for false or unsubstantiated accusations, PROTECT will exercise due diligence and retain the discretion not to pursue informal complaints if warranted.

4. Can PROTECT investigate or penalize individuals?

No. PROTECT does not have investigative authority or punitive powers. It cannot determine guilt or administer sanctions. Its role is focused on promoting ethical conduct, facilitating the reporting process to ACM, and advising on best practices. While it can advise actions like the removal or limitation of PC members found to be involved in unethical behavior, the decisions regarding PC members are ultimately up to the program committee chairs and steering committees for the conferences.

5. Why might it take time to get an outcome after submitting a formal report?

SIGSAC PROTECT forwards formal complaints with credible evidence to the relevant committees (like ACM COPE https://www.acm.org/code-of-ethics/cope, or IEEE EMCC https://www.ieee.org/content/ieee-org/en/about/ethics/). The investigation timeline depends entirely on the formal processes of these bodies, which are designed to ensure fairness, thoroughness, and due process for all parties involved. PROTECT does not control this timeline. For non-anonymized reports, the reporter will be notified when PROTECT forwards to other committees.

6. Can PROTECT intervene in specific paper reviews or change publication decisions?

No. PROTECT is separate from the Technical Program Committees (TPCs) and conference review processes. It cannot intervene in specific paper reviews, influence author rebuttals, or overturn publication decisions. Its focus is on the broader ethical conduct within the community, not individual review outcomes. PROTECT primarily focuses on the greater impact on the public, not individual decisions. For individual paper decisions, your best contacts remain the TPC chairs.

7. What if my concern is about a specific review I received or a reviewer's conduct during a review?

Concerns about the content or outcome of a specific review should generally be directed to the relevant Technical Program Committee (TPC) Chair or the conference's Steering Committee. While PROTECT can listen to concerns to understand systemic issues or trends in reviewer behavior, it does not intervene in individual review disputes. If the concern involves potential unethical conduct by a reviewer (e.g., disclosure of confidential information such as reviewer's identity), reporting it to PROTECT would be appropriate, especially if it points to a pattern or requires formal escalation beyond the PC Chair.

8. Can I report concerns anonymously?

Yes. PROTECT accepts anonymous reports submitted to sigsac.protect@acm.org. However, for a report to be forwarded as a formal complaint to ACM, it must contain verifiable evidence. All reports are treated with confidentiality to protect reporters. Partial information can be provided if needed to protect the reporter's identity.

9. How is confidentiality maintained when submitting a report?

Confidentiality is a key principle. Access to the reporting email (sigsac.protect@acm.org) is restricted to the PROTECT Chair, Vice Chairs, and Secretary. All reports and committee discussions about them are kept confidential to protect the privacy of everyone involved, including whistleblowers.

10. What's the difference between formal and informal complaints submitted to PROTECT?

• Formal Complaints: These are structured reports containing specific, verifiable evidence detailing alleged unethical behavior. PROTECT reviews these for viability and, if appropriate, facilitates their submission to the relevant bodies for formal investigation.
• Informal Complaints: These might be discussions or reports about perceived unethical behavior that lack formal, verifiable evidence. PROTECT uses these to understand community concerns and potential systemic risks, potentially taking steps to mitigate risks or address issues informally. They may lead to a formal complaint if more evidence emerges.

11. How does PROTECT work with ACM?

PROTECT functions as a SIGSAC committee that collaborates closely with, but is distinct from, ACM's formal ethics bodies like the Committee on Professional Ethics (COPE) and the Publication Ethics and Plagiarism Committee. PROTECT acts as a facilitator, helping to channel formal ethical complaints from the SIGSAC community to these ACM committees, ensuring they are handled by the bodies with the proper authority for investigation and enforcement.

12. What kind of ethical issues does PROTECT address?

PROTECT was formed in response to growing concerns about unethical behaviors in security and privacy conferences. Examples include, but are not limited to: improper disclosure of review contents or reviewer identities, authors seeking favoritism from reviewers, collusion rings among reviewers, manipulation of conflicts of interest, reviewers allowing authors to write their own reviews, coercion, issues with reproducibility, and misuse of AI in papers or reviews.

13. What proactive steps does PROTECT take to promote ethical conduct?

Beyond handling reports, PROTECT focuses on proactive measures. Key missions include promoting principles for fair peer review (like expertise-based matching, AI-aided matching, and better COI detection), advocating for a wide range of reviewer pools, developing resources like best practice guides, collecting community feedback, and promoting transparency.

14. Besides handling reports, what specific initiatives does PROTECT undertake?

PROTECT actively works on several initiatives to improve the integrity of the peer-review process and support the community. These include:

• Promoting fair peer review principles like better paper-reviewer matching and stricter Conflict of Interest (COI) detection methods.
• Creating and suggesting guidelines to harden the review process against collusion, sharing, and extortion.
• Advocating for a wide range of reviewer pools.
• Developing an online resource hub with best practices and FAQs.
• Collaborating with conference PC chairs to standardize and share best practices.

15. Who serves on the SIGSAC PROTECT committee?

The committee is composed of a Chair, Vice Chairs, and a Secretary appointed by the SIGSAC Executive Committee. In addition, each major security conference (S&P, CCS, NDSS, USENIX Security) may designate one representative. For regional representation, the Chair and Vice Chairs nominate one representative each from North America, Asia, and Europe, subject to confirmation by the SIGSAC Executive Committee. All chairs of the major security conferences scheduled to occur within the next 24 months (if already selected) are also invited to serve as ex-officio members.

16. How does PROTECT handle Conflicts of Interest (COI) among its own members?

PROTECT has clear procedures for managing COIs. Members must disclose any potential personal, financial, or professional conflicts. If a conflict exists regarding a specific case or discussion, the member must recuse themselves from that matter to ensure impartiality. Failure to disclose a COI can lead to removal from the committee.

17. Which community does SIGSAC PROTECT serve?

SIGSAC PROTECT serves the ACM SIGSAC community and the broader security and privacy research community. Its goal is to uphold professional conduct and ethics across this entire field.

18. How does PROTECT interact with major security conferences?

PROTECT includes representatives designated by the steering committees of major conferences (S&P, CCS, NDSS, USENIX Security) to ensure broad input. It also collaborates with Program Committee (PC) chairs across conferences to help standardize review policies and share ethical best practices. Furthermore, PROTECT may advise Steering Committees on selections for key roles like Program Chairs based on ethical considerations.

19. How does PROTECT share information or insights with the community?

While maintaining strict confidentiality regarding individual reports and deliberations, PROTECT aims for transparency by sharing aggregated data and general insights about ethical trends or issues with the community (e.g., during the opening remarks of the major conferences). This helps promote awareness and trust.

20. What is the term length for PROTECT committee members?

Committee members serve for a term of two years. They can be renewed for one additional two-year term, serving a maximum of two consecutive terms.

21. Can PROTECT be dissolved?

SIGSAC PROTECT can be dissolved by following a specific procedure outlined in Article XIII in its bylaw:

• Procedure: The committee may be dissolved by a two-thirds majority vote of its members.
• Continuity: If dissolved, any ongoing issues the committee was handling will be transferred to the appropriate ACM committees or other designated bodies to ensure continued oversight.