home / research / talks & slides / teaching / causeries

Information leak in NeurIPS 2018 review / CMT platform [Fixed]

2018-08-07 share

Below I am disclosing the essentials of my email correspondence with the NeurIPS 2018 chairs and the CMT support regarding an information leak in the NeurIPS 2018 review process and the CMT platform. It is only fair to transparently inform submitters about the potential leak and the precautions that are now in place.

Disclosing the correspondence gives deserved credit to both the NeurIPS 2018 chairs and the CMT support: While problems like the one at hand are often belittled and remain unaddressed (or are not even being reported), the responsibles have been dealing with the issue timely and adequately. This is ideal practice. It may seem tempting to save time and avoid unpleasant work/discussion, but it is important to not rely on the (arguably small) chance of abuse never actually being realised.

The Issue.

Issue Description
The list of submissions shown to reviewers is updated as individual/domain conflicts are updated. A simple diff between lists when different conflicts are active is enough for a one-to-one matching between submissions and authors/institutions/companies. This compromises anonymity of all submitting authors/institutions/companies who are assuming a double-blind review. For more details see the first email below.
29 May 2018 to NeurIPS 2018 chairs and CMT support
Resolved as of 2 August 2018
Disclosed publicly
7 August 2018 via this website


From: sweichwald
To: NeurIPS chairs <jira@nipsworkflow.atlassian.net>, CMT support <support@msr-cmt.org>
Date: 29 May 2018
Subject: Fix required: Information leak in NeurIPS review / CMT3 platform compromising review process

Dear NeurIPS chairs, dear CMT3 responsibles,

I am serving as a reviewer for this year's edition of the NeurIPS conference. Like at many other conferences, the CMT3 platform is used for handling submissions and reviews.

As a member of the research community it is my duty to inform you about the following severe flaw in the implementation that systematically compromises authors'/institutions'/companies' anonymity and thus the fairness/quality of the (double-blind) review process.

The problem lies in the fact that the list of all submitted papers is not static. Instead, it is updated as the reviewer's domain and individual conflicts are updated.* An easy diff between two lists can reveal all papers corresponding to Author X or Company Y. Allowing this form of queries to the list of submitted papers systematically compromises anonymity while it provides no (obvious) benefit.**

The problem of compromised anonymity is even more pressing since reviewers can bid on papers to express preferences about which papers to review; this way the review process is prone to systematic bias and potential abuse. This is unacceptable, especially for a conference with high stakes, high number of submissions, many individual/institutional/business interests, and submitters being under the impression that they are submitting to a platform handling a double-blind review.

Note that the outlined problem is fundamentally different from the problem with preprints or other individual situations that may accidentally reveal identities. An author/institution/company can decide on whether to make available a preprint or not and individual situations of accidentally infringed anonymity can be dealt with in line with the reviewer instructions.
However, an author/institution/company cannot submit to NeurIPS (or any other conference that uses CMT3 this way) without being exposed to the possibility of systematic abuse of the outlined information leak.
Despite the reviewer instructions on double-blind reviewing, it is culpable negligence to actively expose submitters to this leak by providing means for exact paper-author and paper-institution/company matching for every single paper (sic!) on the very conference platform itself. Furthermore, since reviewers' paper bids influence the reviewer assignment process globally, the leak may have indirect consequences for all authors/reviewers even when only some reviewers abuse the leak.

I ask you to respond to my concerns as well as adopt means to counteract this problem; the easiest solution being to show the same static list of submitted papers to each reviewer and take individual/domain conflicts into account only for the paper matching.

I intend to publicize and disclose this issue once you have implemented such measures or once the review process is completed and the paper decisions are public.

Best regards,

* In fact, this is how I accidentally noticed the problem when I had to add another domain conflict that I had previously forgotten and saw the total number of listed submissions had dropped.
** I confidentially confirmed this problem with a colleague of mine, identifying title and abstract of her submission without her telling me. Complying with the reviewer instructions, it goes without saying that I re-entered the relevant domain conflict and will not review that very paper.

From: NeurIPS chair
To: sweichwald, NeurIPS chairs <jira@nipsworkflow.atlassian.net>, CMT support <support@msr-cmt.org>
Date: 19 July 2018
Subject: RE: [Confirm receipt] Information leak in NeurIPS 2018 review / CMT3 platform compromising review process

Hi Sebastian,

Thanks for reaching out. ​Actually, I believe [NeurIPS chair] had already replied to you, on May 31st. Here's the message, in case you can't find it:

Hi Sebastian,

Thanks for your email. You're not the only person to point this out.
We have turned off the ability to enter individual conflicts and have
notified the CMT developers, who have said they will make sure this
does not happen in the future. Because CMT is used by many
conferences, I suggest you not disclose this until they have fixed the
issue for all conferences.

Also note that for NeurIPS 2018 we've even disabled the possibility for anyone to update their conflict domains, since a few weeks ago (and any new reviewer only gets one shot at entering their domain conflicts, before seeing any of the papers).

As for the implications of disclosing how CMT treats conflicts and whether/how it affects other conferences, we recommend you discuss it with CMT directly.


[NeurIPS chair]

From: sweichwald
To: CMT support <support@msr-cmt.org>
Date: 23 July 2018
Subject: Fwd: [Confirm receipt] Information leak in NeurIPS 2018 review / CMT3 platform compromising review process

Dear CMT3 responsibles,

following up on [NeurIPS chair] (cf. below): "[...] have notified the CMT developers, who have said they will make sure this does not happen in the future. Because CMT is used by many conferences, I suggest you not disclose this until they have fixed the issue for all conferences."

Has the issue been fixed for all conferences?

I still intend to disclose this -- confirmation that issues like this are properly and timely been dealt with on your end would send a credible signal to the research community trusting in a closed-source conference management toolkit.

Best regards,

From: CMT support <support@msr-cmt.org>
To: sweichwald
Date: 2 August 2018
Subject: About your feedback for CMT / NeurIPS2018

Hi Sebastian,

We appreciate your feedback for CMT.

Background: CMT is a service that we run (free of charge) for the benefit of the academic community – in the past one year we have hosted more than 1000 conferences. CMT supports single-blind and double-blind conferences via a menu of configuration settings that we expose to Chairs, who are responsible for configuring the system to suit the workflow needs of their specific conference. In single-blind conferences, since reviewers can see author names, it is ok for Chairs to configure CMT to allow reviewers to edit conflicts while bidding is still ongoing. For double-blind conferences however, simultaneously allowing reviewers to edit conflicts and bid on papers leaks author information to reviewers. CMT code did not have check to prevent this as it is not a common setup.

NeurIPS 2018: NeurIPS conference is double-blind. The CMT code did not prevent conflicts from being edited while bidding was ongoing for a double-blind conference.

Action taken by CMT: We have now added logic in CMT that will programmatically prevent such a situation from occurring. We have added constraints to prevent reviewer bidding while conflicts can still be edited. Thus, when the Chair of a double-blind conference attempts to configure these two actions for reviewers simultaneously, CMT will disallow them from doing so.

If you would like to chat in more details over the phone, please let us know a phone number to call.

If you have any suggestions or feedback about the platform, please feel free to share them with us; and we will do our best to incorporate them.


CMT Support

Imprint & Credits