2015-03-15

If you ran an EasyChair conference in the past, here's how to shut down access to past data

If you have published or reviewed computer science papers in the past years, you may have ran across EasyChair. EasyChair is a conference management system, storing and managing submitted papers, reviews, and final decisions. It is a great tool for anyone organizing a conference, and it is extremely popular: According to its own data, it has served over a million registered users since 2007.

The problem with EasyChair, however, is exactly that it is so popular.  Again since 2007, I have acted as reviewer in more than 50 conferences and workshops organized through EasyChair.  All their data is still there: As a reviewer, I have access to all papers and all reviews written for each of these conferences. This opens up interesting possibilities for misuse. For instance, I could download all reviews written by my colleagues, train a classifier on their writing styles, and identify them for my past and future papers. I could also check for papers of my colleagues submitted and rejected several years ago, and confront them with the sins of their youth.

This CACM article by Mark D. Ryan neatly summarizes the problem, but also points out that there may be benign uses of all this data.  Hence, the scientist in me thinks that deleting all this data may be a bad idea for future historians.  What we can and should do, though, is to limit access to it.  As a starter, after the conference is over, every program chair should take means that its submissions and reviews can only be accessed by a minimal set of people – in particular, excluding past reviewers to extract all data.  Here's how to do this for EasyChair:

  1. Log in as program chair.
  2. In the top menu, go to "Administration" → "Configure".
  3. Under "Access to Submissions", set
    • "Are submissions anonymous?" to "Yes"
    • "Can non-chairs see information on submissions not assigned to them?" to "No"
  4. Under "Paper bidding and assignment", set
    • "Is paper bidding enabled?" to "No"
    • "Is viewing bids of PC members by chairs enabled?" to "No"
    • "Is assignment of submitted papers to program committee enabled?" to "No"
  5. Under "Reviewing", set
    • "Are reviewer's names visible to PC?" to "No"
    • "Status menu is" to "disabled"
    • "Review menu is" to "disabled"
    • "Permit PC members to enter reviews" to "No"
    • "Permit non-chairs see and discuss reviews" to "only their own reviews"
To check the effect of these settings:
  1. In the top menu, go to "PC".
  2. Select any regular PC member and click on "login as" (the rightmost item)
  3. All the PC member should now be able to see are the submissions initially assigned to him or her.
You as a PC chair can still access all papers and reviews, and via the "Configure" menu, you can also re-enable access (for whatever reason).  If you configure the settings as above, though, the risk of data leaks will be greatly diminished.

If you have similar instructions for other conference management systems, let me know and I will link or include them here.  And if you as a reviewer find that your conference management system still grants you access to everything, tell your PC chair about this page.  Thanks a lot!

4 comments:

  1. Surely you only have access to old reviews where you were in the PC? I cannot even access my *own* old reviews on Easychair unless I was on the PC of a conference! But maybe things are different in your community, in which case a change is surely urgently needed :-)

    ReplyDelete
    Replies
    1. That is what he's saying. He was on 50 PCs since 2007. A PC member is the same as a reviewer in Easychair.

      Delete
    2. That is what he's saying. He was on 50 PCs since 2007. A PC member is the same as a reviewer in Easychair.

      Delete
  2. Hi there, how do I assign paper to external reviewer? Do I have to add all reviewers in easychair first?

    ReplyDelete