Can I ask you all for a quick review of this idea?
Threat Model and Attack Scenario:
PC member A and B agree to not mark each other as a conflict and write each other favorable reviews and fight for each others papers.
Proposed Mitigation:
Conclusion:
Our approach solves the problem. PC member A and B cannot write each other favorable reviews or fight for each other's paper anymore.
Hoping for typical reviews from security folks here that identify any weaknesses or potential side effects ;)
=> More informations about this toot | More toots from lavados@infosec.exchange
@lavados Assumptions: 1 you still allow bidding (as claimed later), 2 the second mitigation means that all review(er)s are anonymized (not just A and B). I don't think this helps: what stops A from bidding for B's paper, and fighting for it? A can still write favorable reviews, A can still fight; the only thing is that other reviewers now no longer know who's fighting for it?
This toot needs at least a major revision with better argumentation.
Score: 2. Weak reject
Expertise: 3. Knowledgeable
=> More informations about this toot | More toots from bartcopp@mastodon.social
@bartcopp Rebuttal:
However, we believe that the reviewer overlooked the subtleties of our design. In fact, we have proof that the system can be deployed as is because it is already deployed at conferences in practice. ;)
Also, at least it doesn't make things worse, right?
=> More informations about this toot | More toots from lavados@infosec.exchange
@lavados It might actually make it worse: because now other reviewers who might be aware of the conflict can no longer notice the conflicting paper assignment and report it to the chairs. (I'm not sure this would actually happen in practice if one assumes the bystander effect, but I'd be happy to be proven wrong.)
While I now see the subtleties of the design and why the authors are proposing it, unfortunately the rebuttal made it clear that this technique is not novel ;)
Score: 1. Reject
=> More informations about this toot | More toots from bartcopp@mastodon.social
@bartcopp maybe a different direction would be better... making conflicts of interest completely visible within the PC (so that other PC members can check and see if something is missing?)
=> More informations about this toot | More toots from lavados@infosec.exchange
@lavados That's definitely an interesting idea. I'm not sure how well it would scale to the extremely large PCs... But then again, if only the PC chairs can check them, that definitely doesn't scale.
=> More informations about this toot | More toots from bartcopp@mastodon.social
@bartcopp i would go for all PC members (chairs can see the conflicts anyway already) - what is secret about a conflict of interest?
=> More informations about this toot | More toots from lavados@infosec.exchange
@lavados Yes, that's how I understood it, and it makes sense to me :) I agree that conflicts of interests in principle shouldn't be secret. One exception I can imagine is people who otherwise would have no publicly-known (valid) conflict, but having a secret affair...? (But that can be dealt with in an ad-hoc fashion I would argue.)
=> More informations about this toot | More toots from bartcopp@mastodon.social
text/geminiThis content has been proxied by September (3851b).