Communications of the ACM

Committee on Disclosure of Findings

After the Complaint: What Should ACM Disclose?

By Marty J. Wolf, Joseph A. Konstan, Helena Mentis, Jane Prey, Harald Störrle
Communications of the ACM, March 2023, Vol. 66 No. 3, Pages 6-11
10.1145/3581640
Comments

ACM is a global organization impacting literally millions of computing scholars and professionals all over the world each year (see sidebar 1). Given this, it is not surprising that, every now and then, ACM is faced with cases of alleged wrongdoing, where somebody is said to have violated one of the ACM's policies. ACM takes these allegations very seriously, spending significant sums of money each year to support enforcement of its policies. Some of these cases are very serious, to the degree of affecting the careers, safety, or, indeed, the lives of members of the computing community. These concerns have raised calls for ACM to more publicly disclose more information surrounding cases of wrongdoing. Doing so can allow community leaders and those who face threats to make more informed decisions about the threats and increase safety.

While it is unusual for professional societies to disclose such information, ACM's pivotal role in the field of computing leads some to argue that ACM bears a responsibility to be more forthcoming about its findings of violations of its policies. In June 2021, the ACM Council formed the Committee on Disclosure and charged it with evaluating whether, under what circumstances, and to what degree the ACM should disclose information about people who have been found in violation of its policies. The committee has developed a draft policy (called Draft 2) for consideration and comment by ACM membership (see sidebars 2 and 3). Draft 2 represents a level of information disclosure that is beyond current ACM practice and also beyond standard practices for other professional societies. This article aims to explain Draft 2 (see the full draft on page 10) and the context in which it applies. Note that many of the terms used here are defined in the policy.

---

ACM's pivotal role in the field of computing leads some to argue that ACM bears a responsibility to be more forthcoming about its findings of violations of its policies.

---

Policies and Enforcement Today

Broadly speaking, ACM has three sets of policies that may lead to sanctions against a member of the computing community. These are

• the Publications Policies,^a
• the Policy Against Harassment at ACM Events,^b and
• the ACM Code of Ethics and Professional Conduct.^c

Complaints alleging violations of the Publications Policies are handled by the Publications Board and complaints alleging violations of the Anti-Harassment Policy and the Code are handled by the ACM Committee on Professional Ethics.

Each type of complaint is handled according to its own enforcement procedure, each of which has different guidance regarding what information about a complaint can be released to whom at which point in the process. Generally, the policies currently tend toward disclosing information on a "need to know" basis, however there are some exceptions. Draft 2 offers more disclosure than "need to know." The biggest change is that in more serious cases there is a more extensive sharing of information about the case (cf. Clauses 2.4.2, 2.5.2, 2.6.3, and particularly 2.6.6 of Draft 2). Such sharing increases the risk of reputational harm for violators of our policies and the legal risk of lawsuits for ACM. We are seeking input from all ACM members so that the final policy reflects the values of the membership, upholds the integrity of ACM, and holds the broader computing community to high professional standards (see sidebar 3).

While the numbers vary from year to year, the Ethics and Plagiarism Committee of the Publications Board receives approximately 100 complaints each year and of those, approximately 35 are actionable. The Policy Against Harassment was adopted in 2018 and the Code of Ethics and Professional Conduct was updated in 2018. Since that time there have been approximately 10–15 harassment complaints each year with 5–10 of them falling within the scope of the policy and having enough information to pursue an investigation. Code complaints come in at 5–10 each year, with 2–5 being within scope and with enough evidence to pursue an investigation (see the accompanying table). Complaint submissions are dismissed without an investigation if they fall outside the scope of the policy, are spurious, do not contain enough information to initiate an investigation, or appear to be using the complaint process to settle a disagreement among people. As a matter of principle, ACM cannot redress harm against individuals, but only violations of ACM policies. Individuals are always free to seek private resolution of their disputes.

Table. Average annual complaint submissions.

The Case for Disclosure of Information

In our analysis of the complaint processes used by ACM and input we have received from ACM and SIG members, there are three main reasons why information might be disclosed. The first is a matter of procedural equity. Disclosures to respondents, claimants, witnesses, and victims are important to allow individuals to decide how to best navigate our processes given their individual circumstances. The second is a matter of harm prevention. Certainly, limited disclosure of information is necessary to implement sanctions. For example, an editor must learn whether an individual has been barred from publishing in ACM journals. More extensive disclosure of information allows individuals and communities to take steps to reduce the chances of some forms of harm. Additional disclosure might include disclosure of information to other professional societies or even public disclosure by ACM. The third type of disclosure is as part of a sanction. For example, the papers that have been found to have been plagiarized are marked as such in the ACM Digital Library.

We know that more extensive disclosure also has a significant risk for harm to individuals. Except in the most severe cases, ACM's goal for policy violators is that they learn their lesson and return to being positive contributors to the community. Public disclosure can interfere with this return to good status. As we have seen in many sectors of society, public records of offenses are brought up long after the offender has made amends and changed behavior. Our experience with even limited disclosure has this effect. In some cases, limited disclosure is permitted by current policy (for example, to inform those with a direct connection to the incident or investigation), and even though such disclosure is always communicated confidentially, we have seen that word can spread. In some cases, we understand that mere suspicion of an investigation taking place has caused professional harm to the accused. In other cases, communities have informally enacted social penalties through isolating or shunning offenders in a way that was beyond the scope of ACM's official penalties.

More extensive disclosure also increases risk for ACM. We address this concern in the section "Potential Implicatons of the Draft Policy."

Draft 2 only addresses the first two types of disclosure of information (procedural equity and harm prevention) and does not impact the third type (as part of a sanction). Draft 2 is clear in that disclosures of these two types should not be more burdensome for the respondent than the sanction.

Disclosure for Procedural Equity

Each complaint and its investigation is unique. Evidence differs, witness testimony differs, witness credibility differs. Importantly, underlying context and external impacts of a case may make the disclosure of information about that case helpful in mitigating harm. Therefore, Draft 2 allows for deviation from it in order to accommodate these types of situations. The policy has safeguards in place:

• It requires that consultation take place.
• No one is to disclose information in a manner inconsistent with the policy unless others have weighed in and the harms and benefits are given due consideration.
• This sort of decision is not to be taken without input from others with knowledge of the case.

We recognize that, like most ethical decisions, there will be trade-offs and that occasionally people will make suboptimal decisions.

Many investigations do not result in evidence that leads to finding a policy violation. To prevent reputational harm to respondents, Draft 2 does not allow ACM to disclose any information to anyone making an inquiry about a claim. For example, should someone inquire whether a particular person is under investigation, disclosing that the person was under investigation might bring unwarranted harm to that person. Thus, the draft policy only allows for information disclosure outside of procedural equity after a case has been closed.

Often there is a power imbalance between the complainant and the respondent or between the respondent and witnesses. Because investigators may not be aware of these relationships, Draft 2 works to keep the identity of the complainant confidential. Often, the identity of the complainant doesn't matter: it is ACM determining whether the respondent has engaged in activities that are inconsistent with ACM policies.

In processing some complaints, it is clear the harm has been minimal. Further, some respondents are sorry for their policy breach and are interested in becoming better members of the computing community. In these cases, Draft 2 limits the disclosure of information to a manner consistent with current policies and practice in order to facilitate that professional growth.

Disclosure for Harm Prevention

In more serious cases, sanctions are intended to prevent additional harm. Examples include preventing someone who has been found to have violated harassment policies at a conference from attending future conferences and preventing someone who violated reviewer confidentiality from reviewing or serving as an editor or program committee member.

But sometimes merely pre-screening volunteers or attendees to exclude a sanctioned offender is not enough (see sidebar 4). Some violations do structural harm to our communities and activities. For instance, this may happen when an individual makes others feel threatened through harassment, abuse of power, and intimidation, or when an individual undermines confidence in a conference through unethical manipulation of the review process. In cases such as these, the community and venue are threatened, and greater disclosure of the findings and consequences can help reassure the community and strengthen it against future misconduct. Draft 2 takes steps to address these concerns.

While sanctioning bad actors and possibly excluding them from future participation is important, when the affected community is not informed of those sanctions, individuals may make assumptions about what has or has not happened. When ACM discloses that bad actions have taken place and the steps ACM has taken, people can be more confident that within venues with the ACM imprimatur, standards of the community are upheld, respectful dialog is promoted, and there are fewer opportunities for harassment and abuses of power. Such disclosure is a sign that ACM is living up to its stated values and puts other potential bad actors on notice that ACM will act when policies are violated. This creates a feedback loop where community members know that ACM takes these matters seriously. In turn, people are more willing to come forward to report bad actions. Over time the frequency of bad acts should go down.

---

We have commissioned additional analysis that identifies legal and ethical concerns this policy would raise outside the U.S.

---

Potential Implications of the Draft Policy

Should ACM adopt a policy that is more disclosive than current policy, ACM will break with the practice of other professional societies. Doing so is a statement to the community of what to expect from ACM, is an example of its leadership and its commitment to advance ACM's mission of "promoting the highest professional and ethical standards." Recognizing this as a step outside the norm for professional societies, Draft 2 includes a requirement for an evaluation of the policy after four years.

ACM has had Draft 2 reviewed by a top U.S. law firm that specializes in ethics and compliance from a legal perspective. Their analysis has concluded that "the risk of a defamation claim is significant" should Draft 2 be implemented. They have determined that it is also possible that individuals may "seek to challenge the very procedures put in place by ACM to guard against harassment and plagiarism." They also pointed out that "there is no duty to disclose the names and identities of known harassers." The legal team also concluded that "ACM's current practices and policies include disclosure options in the case of serious harm without the increased legal and reputational risk inherent in the currently contemplated draft Disclosure Policy" (that is, Draft 2). While Draft 2 does not require public disclosure of people's identities, their analysis pointed out that if enough information is revealed about a case so that those who are familiar with, but not part of, the case can reasonably determine who the respondent is, then the possibility of a lawsuit against ACM is increased.

We are also aware that norms, practices, and legal requirements vary throughout the world. We have commissioned additional analysis that identifies legal and ethical concerns this policy would raise outside of the U.S. We will make that analysis available on the Discourse site when it is completed. There are clearly new risks that ACM faces should certain provisions of Draft 2 be adopted.

Your Opinion Is Important

We want your input! Adopting this policy may have a substantial impact on ACM and many members of the computing community. Your thoughtful critique of Draft 2 will help illuminate potential advantages and potential pitfalls. You can leave your thoughts and analysis on the Discourse site^d from now until April 9, 2023. After that the committee will determine the level of support for provisions in the policy that is present in the comments, distill the comments and other input, and modify the policy to best reflect a consensus. Should there be unresolved issues, we will bring those issues to the ACM Council at the June 2023 meeting so that they can decide on the direction to take with the Disclosure Policy. So, now it's on you: let us know what you think!

As you consider the policy, we invite you to consider two cases in sidebars 5 and 6. One hypothetical, yet reflective of typical cases, and the other is the case that initiated this project. These cases are among the most egregious cases that ACM has dealt with. They are not representative of typical cases ACM receives. For more cases, please see the Discourse site.

Back to Top

DRAFT 2. ACM Policy on Complaint Process Disclosure

1 Preliminaries

This policy governs the disclosure of information in the context of complaints filed alleging violation of one of ACM's policies. Examples of applicable policies are the Code of Ethics,^e the Policy Against Harassment at ACM Events,^f and various Publication Policies.^g While each policy has different enforcement procedures, there are generally three different types of disclosures of information that are part of complaint processes:

• Disclosures as a matter of procedural equity, including disclosures to an accused individual and to the victim or complainant.
• Disclosures as a matter of harm prevention, including disclosures to an affected community, to other professional societies, or to the public.
• Disclosures as a matter of sanction, including disclosures to an employer or funder.

This policy addresses the first two types of disclosures. Generally speaking, disclosure decisions are to be made on a case-by-case basis with close adherence to the policy. Regardless of whether the disclosure is consistent with or deviates from the policy, the disclosure must be guided by words from the Preamble to ACM's Code of Ethics and Professional Conduct:

Questions related to these kinds of issues can best be answered by thoughtful consideration of the fundamental ethical principles, understanding that the public good is the paramount consideration. The entire computing profession benefits when the ethical decision-making process is accountable to and transparent to all stakeholders. Open discussions about ethical issues promote this accountability and transparency.

Principles from the Code that ask us to avoid harm, be honest and trustworthy, be fair, and respect privacy are also important to bear in mind. When complaints are filed, we presume that the complaint is legitimate, and we value the reputations of all parties. From the time of the filing of a complaint to when all appeals processes have been exhausted, those involved in handling the complaint must strive to limit information releases to a need-to-know basis always bearing in mind the need to minimize harm, maintain spaces that actively support the exchange of scientific ideas, and support strong science.

1.1 Definitions

• Enforcement Policy: An ACM policy that identifies the process for handling a complaint alleging violation of an ACM policy. Enforcement policies identify who is responsible for taking actions with respect to investigating the complaint, determining whether the policy was violated, and if so, what penalty ought to be applied. ACM has enforcement policies for the Code of Ethics, the Policy Against Harassment at ACM Events, and the Publication Policies.
• Complainant: Person filing the complaint.
• Respondent: Person who is accused of violating an ACM policy.
• Harmed individual: Person who was directly harmed by the violation of the policy. Often, this is the complainant, but an investigation may reveal others who were harmed. It may also be the case that the complainant was not harmed by the actions under investigation.
• Witness: Any person knowledgeable about the alleged activities or those involved who responded to questions raised by the investigation.
• Remediation: An outcome of a case in which the respondent has agreed to improve their actions in the future.
• Sanction: an outcome in a case in which the ACM imposes restrictions on how the respondent interacts with ACM or takes other actions that impact how others interact with the respondent.
• Penalty: a term that includes both remediation and sanction.
• Minor violation: The impact of the harmful action is repairable. Generally, in these cases, the respondent accepts responsibility for the action and demonstrates a willingness to engage in remediation that is intended to guide the respondent to being a better member of the computing community.

2 Rules for Disclosure in Particular Situations

Below are descriptions of how ACM will generally treat disclosure of information pertaining to complaints at various stages. Some general rules apply:

1. The respondent in each case should be informed of the complaint in a manner consistent with the enforcement policy that corresponds to the type of complaint.
2. Between the time that a complaint has been filed and it is resolved, any ACM or SIG Awards Committee making an inquiry about a particular individual will be informed the person is currently under investigation so as to remain consistent with the Policy for Honors Conferred by ACM.^h
3. While sanctions are in place, certain SIG and conference leaders are in a position to know whether particular individuals currently have a sanction. Those with that knowledge are not allowed to disclose that information beyond what is necessary to implement the sanction.
4. Disclosing the identity of a complainant, harmed individual, or witness to the respondent minimally requires the consent of the complainant or witness.
5. In particular cases, there may be reasons to deviate from this policy. Such deviations should be carefully considered by the group of individuals familiar with the complaint. The decision to deviate rests with the person identified by the corresponding enforcement policy as having authority as a decision maker in the case.
6. Different enforcement policies can limit the information shared by those involved in the complaint, e.g. whether a complainant is allowed to share publicly that the complaint has been filed.
7. In all requests for information regarding a complaint, people will be referred to this policy.
8. When a case is closed for any reason, the complainant and witnesses must be informed that the case has been concluded and of the nature of the violation that was found, if any.
9. Nothing in this policy prevents disclosure of information from being part of any penalties. Those considering penalties for a particular violation ought to include discussions of appropriate levels of disclosure commensurate with the details of the case.
10. When an investigation has been under way for six months without resolution, the Complainant should be contacted about the delay. Such contact should be repeated monthly until the case is resolved.

2.1 No complaint filed

No information is disclosed to those making inquiries about an accusation when no formal complaint has been filed.

2.2 Complaint dismissed prior to investigation

When complaints are filed without any evidence or anonymously such that no investigation is reasonably possible, the complaint will be dismissed without investigation and information disclosure will be treated as if no complaint has been filed (2.1).

2.3 Complaints under investigation

1. No information is disclosed publicly, including acknowledgment of the investigation.
2. Complainant should be informed when the start of the investigation will be delayed.
3. Witnesses are informed of the identity of the respondent when they are about to respond to questions related to the complaint, but not before.

2.4 Complaints where no violation is found

1. The respondent must be informed of the decision and that information will be shared with others according to this policy.
2. The complainant should be informed of the decision unless there is a justifiable expectation of unreasonable harm should any of the persons come to know of the decision.
3. In the event that the complaint becomes publicly known, ACM in consultation with the respondent, may make a public statement indicating that no violation has been found.

2.5 Complaints resolved with a finding of a minor violation

1. The respondent must be informed of the decision and the remediation and notified that information will be shared with others according to this policy.
2. The complainant and any harmed individuals should be informed of the decision and the penalty unless they have requested to not be informed or there is a justifiable expectation of unreasonable harm should any of the persons come to know of the decision.
3. Those responsible for implementing or overseeing the remediation must be informed of the penalty details.
4. Generally, no one else will be told of the finding or the penalty.

2.6 Complaints resolved with a finding more serious than a minor violation

1. The respondent must be informed of the decision, the penalty, and that information will be shared with others according to this policy.
2. The complainant and any harmed individuals should be informed of the decision and the sanction unless they have requested to not be informed or there is a justifiable expectation of unreasonable harm should any of the persons come to know of the decision.
3. The complainant and witnesses must be informed of the sanctions that have been applied.
4. Those responsible for implementing or overseeing the penalty must be informed of the penalty details.
5. The respondent's supervisor or employer may be informed of the identity of the respondent, the decision, and the penalty.
6. When the investigation has identified harm known to some members of a particular community, the identity of the respondent, the finding, and the penalty should be made known to leaders of that community, such as CARES groups, SIG executive boards, and conference leadership teams. They should be given guidance on how that information can be shared, if at all.
7. The respondent's name may be shared with other organizations when there is evidence that doing so will reduce harm and there is an agreement with the organization regarding the confidentiality of the matter.
8. ACM will disclose the identity of the respondent, the finding, and the sanction to particular individuals or groups of individuals when there is a credible case that the respondent may cause additional harm to any single person or group of individuals.

3 Reporting and Reflecting

1. ACM shall collect and make publicly available aggregate data summarizing the number of complaints filed, the category of complaints filed, and within each category, the number dismissed without investigation, the number investigated with no violation found, the number of minor violations, the number with more serious violations, and the number still open.
2. For complaints at a level above a minor violation, ACM will make publicly available information that includes the nature of the offending action, the date or general time frame of the offending action, the venue, and the policy violated.
3. ACM will inform the community of the results of applying this policy before June 30, 2027. The report will evaluate the effects of this policy and recommend changes that may need to be made.

Back to Top

Back to Top

Back to Top

Back to Top

Back to Top

Back to Top

Back to Top

The Digital Library is published by the Association for Computing Machinery. Copyright © 2023 ACM, Inc.

---

No entries found