General concerns and reflections

If you wish to contribute to this section: Reply to this post with your suggestions for the overall policy. Please provide justification for your proposed changes. We are also interested in knowing whether or not you generally support ACM disclosing more information about the results of investigations and why.

Overall I feel that this process of community involvement in big questions of balancing harm prevention, remediation and legal liability is essential. I am encouraged to see the issues being laid out clearly for the community to debate openly.

I do support ACM disclosing more information about the results of investigations.

I think that this distinction in the handling of minor violations vs more serious violations is essential. The line between them might be difficult to draw at times, but lumping them together is worse. In recent years, we have seen real cases of serious violations that I think demand a reaction that prioritizes harm prevention, even if it is at some risk of legal liability.

I would personally suggest some modifications to this draft, but I would support it even if changes are not possible right now. One change I would make is to 2.6 “Different enforcement policies can limit the information shared by those involved in the complaint, e.g. whether a complainant is allowed to share publicly that the complaint has been filed.” I think ACM can limit what they share publicly but I think complaintant should also be free to share that they have filed a complaint.


I appreciate the time and effort put into examining changes to ACM policies and the engagement with the community to collect feedback.

I am strongly in favour of more disclosure by ACM especially for serious violations. I support the proposed policy. We need to consider harm prevention and ensure that more junior members of the community are protected (e.g., potential graduate students who may be considering working with someone who has been found guilty of professional misconduct). Our communities need to have trust in our review and publication processes and that research integrity, ethics and professionalism are being maintained. Lack of disclosure will breed mistrust.

For context – I am a member of the SIGARCH community and a mid-career academic in North America. These issues have deeply impacted SIGARCH in recent years and I believe the proposed changes move us in the right direction.


As the article points out “…even though such disclosure is always communicated confidentially, we have seen that word can spread.” Considering the serious harm to both reputation and livelihood that can result from disclosure, we should clarify whether unauthorized disclosure is itself a sanctionable violation of the Code of Ethics. Inclusion in the Code might provide some protection to ACM as an organization, highlighting individual responsibility for disclosing confidential information without approval.

For context, I am an ACM Fellow and have been recognized by both the Programming Languages and Computer Human Interaction SIGs for professional and technical contributions. My current work is in the area of AI ethics, trust, and regulation.

1 Like

I agree, but I think clarity on what detail can/cannot be disclosed regarding one’s having posted a complaint is necessary. Part of my concern around disclosure of the fact of a complaint having been filed is in follow-up responses - there could be many reasons one might disclose the fact of having submitted a complaint. Also, as @John_Richards pointed out, is disclosure a sanctionable offense?

A Chinese student’s perspective: I am a junior researcher in North America working in Systems/Networking. Being from the same cohort as Huixiang, I was deeply disappointed during the first 12 months after the tragic incident.

I want to make an important observation: the risk of being sued for defamation has prevented many, if not all, organizations and entities initially involved in the immediate aftermath of the incident (the University, the Grad Worker Union, the Media, other students and researchers, etc.) to speak up about the misconduct. Most only issued legally-sound statements. The Professor even wrote an email with exactly this legal threat, in an attempt to keep other students’ mouth shut.

Despite such risk, a brave group of anonymous students started to publicly and persistently accuse the Professor and whistleblow on the (then alleged) academic misconduct. These individual students are much more vulnerable to lawsuits compared to, say, a University, yet they also took the most risky route because this is the right thing to do. We won’t be discussing this issue here today if they didn’t sacrifice by taking that risk.

Understandably, ACM faces the same legal threat of defamation lawsuits. I wish such risk would not hinder ACM from supporting academic integrity, especially in the most extreme cases, because 1) once the fact is clear, the benefit outweights the risk; and 2) the complaining party, often students, is even more vulnerable to this risk. In many cases, victims choose to stay silent, and only went public after a failed complaint case or insufficient sanction.


I am concerned with ACM taking a policy of releasing more information than is customary for professional societies. As noted in the legal analysis, this exposes ACM to more legal liability. Further Sidebar 5 - Actual Case is for a Joint Investigation conducted by the ACM and IEEE. I would be concerned future joint efforts would be precluded when the Societies/Bodies involved have conflicting disclosure rules.

As chair of SIGEVO, I agree with the comments of Jeanna.

As additional comment, I want to raise the point that the policy puts additional work as well as responsibility on the shoulder of volunteers in ACM. Nevertheless, disclosing more information is the right way to go.

@dchen’s response is very important when considering this policy. One of the themes from comments and from the related article in CACM is around concerns of the legal exposure changes in policy would have on ACM as a professional society. But from @dchen’s response, when the legal system is used as a threat against those that witnessed academic misconduct, especially students that are in vulnerable positions, as a professional society we need to put policies and procedures in place to ensure they have a voice. If they see academic misconduct, they should not fear reporting it as they are taking the actions we should expect as a professional society.

While I realize that policy changes do not address this specific issue of shielding members from retaliation, I believe having more transparency may decrease the occurrence of severe violations and limit repeat offenders. To ensure members can report misconduct, can we not add standard ACM language to conference registrations, publications, etc, that authors/attendees/program chairs would have to agree to before participating? Would this not then shield ACM from having more transparency?


This is a response of a subset of the SIGACT board members (Tal Rabin and Ken Clarkson) and members of the SafeToC committee (Yuval Rabani, Sandy Irani, Martin Farach-Colton, Erin Wolf Chambers)

Our comments do not directly relate to disclosure but more to the use and transparency of the processes that lead to the decisions. Of course, all the following recommendations should be followed only if they do not put ACM at legal risk.

More oversight of the ACM processes is needed. There should be a weekly report (or a bit sparser, i.e. monthly, if there aren’t many complaints) that indicates:

  • the number of the complaint (so that the complainer can identify it);
  • what the complaint is (in very broad terms); and
  • When it was submitted
  • Is it still open and if it closed since the last report, the resolution

From the examples that we have seen of complaints, it seems that there is no feedback from the committee, and it takes a long time for responses to be delivered. Most of the time, the complainer needs to contact the committee multiple times. The proposed oversight will give the community a sense that things are being addressed in a respectful and appropriate manner.

Also, there should be meta-data made available to the community about the people in the DB, the number of plagiarism reports, sexual harassment complaints, violation of COI, etc. This should be given out periodically as well.

To the best of our knowledge, currently the DB is queried for program committee members and awards. We think that it should be queried more extensively, and in some instances combined with some automated processes, as follows.

  1. When people register to a conference on the website it will indicate on the registration form that the DB will be queried to determine whether they can attend or not. This will be done automatically by the registration software at registration time.
  2. Query the DB for violations by authors. Have conferences notify authors that when they submit a paper the DB will be queried for the name for submission violations. There needs to be some mechanism to automate this as well at paper submission time. This might be a bit more challenging as different software systems are used by different conferences.
  3. The general and program chair will be queried.

Note that such processes could reduce the need to disclose sanctioned violations more broadly.

Other organizations, such as SIAM/IEEE and independent conferences, would be allowed to query the DB as well, according to the same processes that are in place for ACM. This would protect our ACM members also when they attend conferences of other organizations.

1 Like

I don’t see why the ACM should gag complainants, there are already other mechanisms in place (e.g. the legal system) to deal with false accusations. If the ACM process is failing complainants then this could become a real problem. Better to keep things simple and let the complainant decide what they want to do with information that concerns them. The ACM may give privileged access to the details of ongoing procedures to the complainant and the accused, that information could be provided confidentially and it would then be unethical to disclose that information.

1 Like

This seems very important - transparency of members (the benefits of professionalism should also entail consequences for unprofessionalism) and transparency of the process (the aplpied ethics of the ACM should align with the professional ethics expected of members)

Both the CACM article and the draft policy are well written and thoughtfully implemented. Thanks to the committee!

The policy lets ACM committees publicly disclose information about violations, where previously they could not. That’s great and public disclosure will likely benefit the computing community at large. Even anonymized case studies could help explain and demonstrate ACM values.

If I understand the policy correctly, then for the most part, it says (1) the respondent’s identity shall not be publicly disclosed for a minor violation, but (2) it may be publicly disclosed for a major violation. Great!

However, the policy may imply some requirement to disclose, or a requirement for disclosure to take a particular form (e.g. containing a respondent’s identity). Two bullets in §2.6 appear to require disclosure to wider circles: when “harm [is] known to some members of a particular community”, then “the identity…, the finding, and the penalty should be made known” to that community (emphasis added); and “when there is a credible case that the respondent may cause additional harm to any single person or group of individuals”, “ACM will disclose the identity” to that individual or group.

I do not think that ACM should impose upon itself any affirmative requirement to disclose the identity, finding, or penalty of any violation to any broader group. I’d change both of those phrases to “may”, not “should” or “will”.

Requiring disclosure feels unnecessary and a little dangerous. Grievance procedures can be weaponized, and the discretion of ACM’s boards is critical to the process. That discretion should be proscribed only when absolutely required.

(For context, I’m Eddie Kohler, ACM member and also author and maintainer of the HotCRP conference review package. Because ISCA/HPCA use, I was quite involved in the investigation referenced in Sidebar 5, and have changed HotCRP to make future investigations easier, as well as (hopefully) to reduce the chance that reviewers will violate policies unintentionally. I admire ACM COPE’s work, but also feel that sanctions are sometimes applied in ambiguous cases. ACM’s policies on peer review have multiplied in number and length over the years; changes are not well publicized. Very few members of our community know these policies, or have even read them, and norms in sub-communities often differ from one another and from ACM-wide standards.)


There would never be any moral progression if everyone adopted that attitude. If there is no potential downside to an action then it is not a moral decision. Taking a moral decision involves risk. Following social norms is exactly that - it is not moral decision making.

1 Like

I am supportive of greater disclosure, particularly on major violations. Often ACM is in the best or only position to investigate a concern, because of its role in the publication review process data. But if ACM finds someone responsible for research misconduct, right now it is difficult for non-ACM entities to learn about the issue and take it into account in other decision-making. For example, ACM might ban someone from participating in its conferences and review processes, but if other entities like USENIX or IEEE aren’t aware, then the person can keep on publishing and reviewing elsewhere.

I am likewise concerned about how employers and funders will learn about investigations and their outcomes. I understand this policy states that it does not apply to that type of disclosure, but I remain concerned about the implications in such cases. The research community is an ecosystem that includes ACM and others – without coordination across entities in that ecosystem, I worry about the trustworthiness of our publication process, and indeed the trustworthiness of our science itself.

For context, I am an ACM Fellow, and a long-time researcher in the ACM SIGARCH community. I am also a former co-chair of the ACM SIGARCH CARES committee which played a role in receiving concerns from the community related to Huixiang Chen’s tragic death by suicide.


I just want to say that I really appreciate the great effort by the committee and I appreciate that ACM opens this channel and solicits community feedback on this important issue. Thanks!

I really like that the draft separates severe violations from less severe violations. Just like @dchen mentioned earlier, I think our responsibility to protect the more vulnerable groups in our community in case of confirmed severe violations should be our/ACM’s top priority!

Earlier this year, I heard an alternative proposal of disclosing less than what currently is done, like not even notifying the employer of a severe offender, for legal liability concerns. I prefer this draft MUCH more than that alternative proposal. That alternative proposal would only cause damage to our community and our students.

(For context, I am currently the chair of SIGOPS, and also the co-chair of SIGARCH/SIGMICRO CARES committee.)


Thank you @dchen for your comment. Your comments almost moved me to tears. Thanks!


Although I find it personally sometimes very helpful to store information about researcher that play the system, the suggested policy is against European law. Thus, it can not put into action.

Article 17 of the GDPR says: “The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay” if one of a number of conditions applies.

see Everything you need to know about the "Right to be forgotten" -

As I do not see a lawful basis for processing the data, individuals can withdraw their consent to collect the data. In this case, the data collected about individuals has to be erased on request.

This makes the database useless.

Thank you ACM and the people behind this proposal for putting this together. This is a huge and necessary step in the right direction, which is harm prevention and protection of vulnerable individuals within our community. Also, thank you @dchen for speaking up - it’s stories like this that we need to keep in mind in deciding to take this important step.

I am glad that the proposal differentiates between minor and major offences. Drawing a line between these will not always be easy, but that should not stop us and the ACM from having this policy and ultimately drawing such lines. True, there is an elevated risk of litigation that comes with the disclosure for major violations. But isn’t there a similar risk of litigations from victims in cases where there is no disclosure and a victim finds out that ACM concluded through a robust investigation that an individual has committed a major violation yet took no steps to protect others? And what about ACM’s moral obligation toward its members in terms of protecting them from harm?

One particular case to consider is that of an academic being heavily sanctioned and not being allowed to publish in ACM conferences and journals. If such an individual recruits new PhD students after the sanctions have gone into effect and the students don’t know about the sanctions, they may well be doomed career-wise through an inability to publish unless the sanctioned supervisors agrees to not be listed as a co-author on their papers. Intuitively, it feels like PhD applicants need to have knowledge about such sanctions before agreeing to work with a sanctioned supervisor. Note that in many universities, particularly in Europe, profs recruit students to directly to work with them (i.e., “marriage at admission time”). Does the current policy allow for disclosure to students or applicants in cases of major violations?


@rothlauf - there are clauses in GDPR that trump the right to erasure. One of these is “The data is being used to perform a task that is being carried out in the public interest or when exercising an organization’s official authority.” I am not a legal or GDPR expert, but I feel that this clause would be sufficient to permit data to be retained.