Mariachi Spoof - Blanco
Mariachi Spoof – Blanco (Photo credit: Larry1732)

Yesterday, our friends at Retraction Watch broke a story about Elsevier’s peer review systems being spoofed, leading to at least 11 retractions thus far. It appears that one or more people, yet to be identified, were able to become reviewers in the system using someone else’s name and a fake email address in order to give positive reviews to papers.

In the past few years, other journals from other publishers have also been spoofed. This is not just a problem for Elsevier.

There seems to be at least two ways to spoof your way into an editorial system:

  • Offer a bogus identity as a potential reviewer on your papers, so that you can secretly become your own peer-reviewer
  • Pose as a well-known new reviewer, but give a bogus email address, so you can do reviews under that person’s name, even if you don’t end up reviewing your own paper; chances are, by identifying areas of expertise, a spoofer would be in a position to review friends’ or competitors’ papers, skewing publication one way or another

As ORCID rolls out, it has the potential to also cut down on this type of fraud. In creating an ORCID record, you have to put in your email address. Integrating this into manuscript submission and tracking systems seems like a good way to prevent one or both of these tactics (although, creating a bogus ORCID record is certainly a possible work-around).

However, I always like to isolate the effects of technology by recalling what the system was like before the technology. In this case, when peer-review required paper, postage, and a physical mailing location, spoofing like this would have been much more expensive and difficult to undertake. Now, with email addresses easily obtained, cut-and-paste making plausible reviews possible in much less time, and no expense other than time, spoofing is a practical fraud.

At a meeting last week of thought-leaders in scientific publishing technologies, one of the themes was how editorial offices aren’t being served as well as they could be by technology solutions. This is perhaps one area to explore. After all, if intrusions into the peer-review process are occurring, we should build some alarms and defenses for our editors and reviewers.

Enhanced by Zemanta
Kent Anderson

Kent Anderson

Kent Anderson is the CEO of RedLink and RedLink Network, a past-President of SSP, and the founder of the Scholarly Kitchen. He has worked as Publisher at AAAS/Science, CEO/Publisher of JBJS, Inc., a publishing executive at the Massachusetts Medical Society, Publishing Director of the New England Journal of Medicine, and Director of Medical Journals at the American Academy of Pediatrics. Opinions on social media or blogs are his own.


15 Thoughts on "Editorial Spoofing in the Age of Electronic Peer-Review"

Some times it seems nothing changes. Years ago I got to know some of the people who worked on the US medical license exams. It was really interesting to get a few beers in them and talking about the cheating scams people tried. Some of them were just amazing. If they put half the energy and creativity into just trying to pass the exam, they probably do just fine. As it is, if caught and I expect most were but who knows, they guaranteed they would never ever be a physician in the US.

Yes, technology has enabled more cheating, but whatever happened to good editorial practice? What editor worth his or her salt sends a paper out to a reviewer whom they haven’t independently verified as being a decent choice? (or indeed an existent person?) A bad workman blames his tools…

Yes, a very good point. Speed and quantity pressures are leading to mistakes.

Maybe journals should make having an ORCID record or ResearcherID a required field when creating a reviewer account? This would at least allow editors to check the publication record associated with that ID, and would also greatly increase the uptake of these identifiers.

As an aside, near universal use of ORCID would make studying the peer review process so much easier, as one could then accurately track the same person across multiple journals.

Thanks, Tom. I guess I need to add a third way to spoof a review — steal the username/password information for someone, then pose as them.

What is wrong with people?!

While I am a big fan of ORCID, I still do not think ORCID will address this problem as ORCID can still be a victim of identity theft. Until two forms of ID are required (e-mail + credit validation of a nominal amount or e-mail + cell phone # that requires delivery and re-keying of a SMS sent PIN, etc.) identity theft will still be possible… it will just be further back at the ORCID stage vs. the submission system.

In general, ethics needs to be taught at an early age and often…

Of course, you’re right, especially as the technique used (identity theft) became clear. Technologies aren’t the solution to ethics. They usually just reflect or enable them.

A number of these cases have been reported this year. They’ve come from different publishers and different journals, and in some cases have involved large numbers of papers, e.g. the 28 from Hyung-In Moon retracted because the peer-review process “was found to have been compromised and inappropriately influenced by the corresponding author” .

This is shocking. My concern is that there may be many more cases – how many of the authors who have been getting away with this sort of behaviour have told their colleagues about an easy way they’ve found to get published? Every case that comes to light damages confidence in journals and peer review. Some cases are due to genuine security breaches, but in others publishers/journals have admitted that their processes weren’t rigorous enough. Looking at the cases, some must have lacked even basic reviewer checks before sending out manuscripts. There is no excuse for this. All journals should have rigorous checking procedures in place, good (and regular) database housekeeping (e.g. for duplicate accounts), reviewer report checking, and training of new editors, associate editors and editorial staff. I know from experience that this too often doesn’t happen.

ORCID – which is being integrated into manuscript submission workflows – is a great potential tool in reviewer identity validation. Is the functionality in place, if not, how long until it is?

Oh in an ideal world. I have four editorial coordinators for 33 journals and that ain’t changing anytime soon. We don’t pay our editors anything and they typically see double-digit percent increases in submissions every year. We have literally almost 1000 associate editors and editorial board members responsible for oversight of review. Some are good, some are not. Our turn-around time is not competitive and the entire process is being compressed out of sheer necessity. So yes, it would be wonderful to not have any duplicate accounts in our databases (we have 33 separate ones to work with) amoung our tens of thousands of reviewers. It would be awesome to have staff review each reviewer picked and make sure nothing is fishy. It would be great if the EIC could read all the papers. It would also be nice if ORCID had a way to prevent duplicate accounts via an email check but I understand that it not coming until phase 2. Until then, I see no point in insisting on it, though I support the mission. It would be wonderful if society journal publishers could focus on advancing the professions and the science and publishing the best content out there without having to worry all time and react all the time to people lying and cheating the system while others tell us we aren’t doing enough, we aren’t doing it fast enough, and we should be better. Good Lord if Elsevier can’t do it better than I am sunk.

My invented reviewer alias is regularly invited to review, presumably by careless administrators who do not take the time to at least google a potential reviewer to see if they exist. I think that to some extent this shows the conveyor belt nature of publishing. I know that’s not at the core of the above, but I find it surprising that there doesn’t seem to be too much concern about how little concern there is with reviewer quality at times..

(A couple of years ago, I was asked to compare different journals’ submissions sites, so I created accounts for myself under a nonsense alias. This wasn’t malicious. A lot of these sites force you to pick your area of expertise as well, with n/a not being a an option. I’m still baffled by how often these requests come in.)

Comments are closed.