Kevin Butler's Candidate Statement and Platform for ACM SIGSAC Chair

Table of Contents

1 Candidate Statement

I am honored to have served ACM and the security community at large through my involvement with the WiSec community (steering committee member since 2019, program co-chair in 2018), serving multiple other conferences as general chair (IEEE S&P 2017, ACSAC 2020 and 2021) and program co-chair (ACSAC 2013 and 2014, SecureComm 2020, USENIX Security 2022) as well as serving on over 100 program committees, and through editorial board memberships (ACM TOPS, JCS, ACM DTRAP, IEEE TDSC). I have been a beneficiary of the SIGSAC community since early in my academic career and have welcomed opportunities to contribute. The events of the past year have brought into stark relief the opportunities and challenges for the security community; we have seen computer scientists of diverse backgrounds come together to address the security and privacy of our most critical processes and systems, but many injustices have also been laid bare. I want to work closely with the steering committees of SIGSAC conferences and journal editorial to ensure the community grows in a scalable way that increases engagement and representation. It is critical that diverse perspectives are reflected as befitting the global and wide-ranging nature of the community. Additionally, as conferences have taken a drastically different form this year, I want to work with the SIGSAC conferences to determine how to adapt lessons from the virtual setting as we eventually move back to in-person meetings, particularly given concerns such as the carbon footprint of travel and ensuring access for disadvantaged groups.

2 Extended Platform for ACM SIGSAC Chair

2.1 Charting the Future of Academic Conferences

The COVID-19 pandemic has laid bare a number of issues relating to conference attendance and organization. The inability to travel over the past year has led to the creation of online conferences and there are lessons that can be taken from virtual events that will persist when the pandemic passes. We must balance the desire for community that is at the heart of research culture with issues of equity and access, as well as environmental concerns associated with conference travel. As chair, I plan to discuss with the steering committees of the SIGSAC conferences how to plan for the future and to understand the needs and desires of our attendees, which could potentially differ by conference, and to determine the best way to support post-pandemic conference organization. The results of these conversations will be a report that considers opportunities and risks associated with new strategies based on feedback from steering committees and input from the community.

2.2 Diversity and Inclusion

A strength of the security community is its diversity and global reach, and we are fortunate to see it vastly expanding. As more researchers enter the security field, we have more authors and more publications, and it is important that, commensurately, we cultivate reviewers, editors, and organizers. I plan to discuss with SIGSAC conferences and journals plans to increase diversity in its many forms and ensuring inclusion of under-represented voices, as well as the best ways to assist researchers as they take on these new roles. To ensure our community remains an inclusive environment, I propose that SIGSAC engages with CARES, the joint subcommittee of SIGARCH and SIGMICRO, to develop a similar resource of security community members willing to help anyone who experiences or witnesses discrimination or harassment. I also propose the development of a committee similar to the ACM SIGPLAN Long-Term Mentoring Committee (SIGPLAN-M) to develop long-term connections in the security community for junior researchers.

2.3 Supporting parents and caregiving obligations

The years pursuing tenure in academia often coincide with the years in which faculty are starting families or raising small children. Similar pressures can often exist in industry. While companies have parental leave programs and in academia, the tenure clock can be "stopped" for a period of time, these measures do not address the reality that academics are often engaged with their research and desire connection with the larger community during these periods. Similarly, these researchers may also be supporting other family members, requiring similar time and emotional commitment. These can be particularly important for service roles where advancement to conference chairships and larger roles within organizations can depend on a strong record of past service. As SIGSAC chair, I plan to examine how our community can better support these researchers to allow them to take roles in conferences and journals while balancing their obligations and to develop best practices across our community for editors and chairs to consider such that we can best ensure engagement of early and mid-career researchers.

2.4 Supporting an Environment for Performing and Evaluating Ethical and Transparent Research

Throughout the history of science, there has been a dichotomy between the scientific inquiries that are feasible to pursue those that are acceptable; these decisions have been made through ethical review. Our community is comprised of immensely talented domain experts and it is our role as members of this committee, whenever we evaluate the work of both ourselves and others, to closely examine its ethical implications. The demands on reviewers are already considerable, though, and it may be the case that while reviewers feel equipped to assess technical concerns, they are outside of their primary expertise when it comes to assessing nuances of ethics. Furthermore, there are cultural and geographical differences in terms of procedures for assessing ethical impact, e.g., the institutional review board (IRB) is a concept found in North America but not necessarily used globally. In my term as chair, I plan to spearhead an initiative in conjunction with my counterparts in IEEE and USENIX that addresses current best practices for assessing ethics, informed by sources such as the Menlo Report as well as case studies from the community that have arisen in the nine years its publication. While every program committee and editorial board makes its own decisions, it is my hope that such a guide can help inform discussion when questions of ethics and research transparency arise.

2.5 Supporting Best Practices for Reviewing in the Security Community

Recent clarifications to ACM's policies about reviewing are at odds with practices established at other top-tier venues in the security community - specifically, the reviewer copyright on their reviews appears to preclude sending or receiving reviews for resubmitted papers at ACM conferences, which is contrary to policies established by USENIX Security, IEEE Security and Privacy, and NDSS. It is important to understand what this means for SIGSAC conferences and their relationship with other conferences. As chair, I will investigate the basis of these policies, discuss how their enforcement may have implications on submissions and community through discussion with other top-tier conference organizers, and determine what course of action to pursue that is in the best interests of the security researchers that comprise the SIGSAC community.

2.6 Modernizing our SIG

Names matter, which is something that the computer science community has been grappling with for the past few years. We have seen conferences modify their name, the nomenclature around intrusion detection systems and device security has been changing, and we have seen changes elsewhere as well. These changes are important as the community grows and evolves, and I believe the time has come to consider a new name for our special interest group that does not provide unpleasant connotations. During my term as chair, I plan to investigate naming alternatives, e.g, Special Interest Group on Computer and Communication Security (SIGCCS) or Special Interest Group on Security and Privacy of Information (SIGSPI), discuss the logistics of making a change with ACM, and soliciting feedback and a vote from the community. Associated with this initiative, I plan to oversee modernization of the SIG web presence and assure financial transparency to SIG members.