(DAMPS 2013) E-services via the Internet and compliance with the law. File...
description
Transcript of (DAMPS 2013) E-services via the Internet and compliance with the law. File...
E-services via the Internet and compliance with the law
Druskininkai, 5-7.12. 2013
Friedrich LACHMAYERVienna
www.legalvisualization.com
Vytautas ČYRASVilnius University
Faculty of Mathematics and Informatics [email protected]
Contents
1. Defining ‘compliance’– e-services are in the background
• Each artefact can cause harm, for example:– A message can cause hart attack– A pencil can serve as a murder tool
2. Legal machines– E-proceedings via formulars in the Internet
• E.g. tax declarations
– Making the architecture transparent
2
1. Compliance
3
Compliance problem [Julisch 2008]
4
Given an IT system S and an externally imposed set R of (legal) requirements. 1. Make S comply with R2. Provide assurance that auditor will accept as evidence of the compliance of
S with R
“Sell” compliance, not security.
1. Formalise R2. Identify which sub-systems of
S are affected by R3. Determine what assurance has
to be provided to show that S is compliant with R
4. Modify S to become compliant with R and to provide the necessary assurance
ComparisonArtificial Intelligence.
Alan Turing
• “Can machines think?”
• ‘machine’ and ‘think’
Informatics and law.
Compliance
• “Does a software system comply with law?”
• ‘law’ and ‘comply’
5
Definitions of the meaning of the terms:
Both questions raise a (philosophical) problem are ill formulated in the sense that: - cannot be answered ‘yes’/‘no’ - not a mathematical ‘decidable’/‘undecidable’ problem
Goal of AI: “enhancing rather than simulating human intelligence” - not to start programming human intelligence (and compliance)
Holistic view to compliance
6Regulation and IT alignment framework (Bonazzi et al. 2009)
COBIT, ISO 17779, GORE
COSO
Rasmussen 2005;IT GRC
Machine-based or machine-assisted decision making?
7
A case factual
situation
Legaldecision
Judge-machine Law
No!
Plantiff Defendant
Formalistic approach to the law Mechanistic subsumption
Different kinds of norms
8
The Isrealm
Rules 1. Technical
Factual limitations, e.g. to fence the grass.
Rules 2. Legal
obligations,permissions, prohibitions .
Rules 3. Reputation
economic,social,civic.
Rules n.Energy
…
Regimes, paradigms, ethics, professional morality
Authorities: procedures, e.g. online dispute resolution
Avatar
The Oughtrealm
Principles of construction
9
…
…
Stage
Rules 1. Technical
Rules 2.Legal
Rules 3. Reputation
Rules n.Energy…
Core ontology
Special ontology 1 Special ontology 2 Special ontology 3 Special ontology n
Different modes of effect or relevance
Barrier.Strict
Occasional.Probability p%
Step-by-step.
“Entering withoutstop is refused”
“Policeman fines you for stepping the grass”.
But this happens with p% probability – if you do not succeed.
“Reputation/energy is decreased by 10 points”
10
Technical rules
Causation is formalised with the modus ponens rule:
(1) Rule(P→Q)
(2) Fact(P)
Conclusion. Fact(Q)
Examples
(pincode → money) & pincode money
• if door = closed then factual_hindrance• if number_ISI_articles < 2 then professor• Constraints in technical standards
RoomDoor is closed
You cannot violate them.
11
Legal rules
(1) Permission(P iff Q) Norm(¬P → ¬Q)
Example. green iff cross ( red → do_not_cross )
(2) Fact(¬P) – red is on
(3) Fact(Q) – you cross the street, nevertheless
Interpretation. You are simply a bad guy. Nobody can stop you crossing.
A punishment procedure is exercised with probability p%, e.g. by a policeman.
P denotes “green”,Q denotes “cross”,¬P denotes “red”
You can violate them.
12
Reputation/energy rules
(1) Norm(¬A)
(2) Fact(A)
Conclusion. Energy reduction by 10%
Formalisation:
Energy is reduced to A1, then A2 and so on to An. And at last ¬A.A
A1
A2
An
¬A
Norm(¬A), A-------------------A := 0.9*A
Violating rules decreases your energy points.
Subsuming a fact to a legal term
13
Dead bodyFact a:
Murder ManslaughterAiding suicide
Death sentence
Military act
Legal termA:
...
a
A
1) Terminological subsumption
Faktas:
Legal term:
A, C → D
A → B
...2) Normative subsumption
B(a)Conclusion, judgment
instance_of
2. Legal machines
14
Machines produce legal acts(institutional facts)
15
Examples:• vending machines• traffic lights• computers in organisations• workflows
• human being• machine
Actor
or
1)
Actor ActorAction
2)
Factual acts (raw facts)‘Alice puts a coin in her piggybank’
16
Condition• human being• machine
Actor Action Effect
Legal acts: impositio
• ‘Chris puts a coin in a ticket machine’• ‘Policeman raises hand’
17Institutional facts and legal institutions [McCormick & Weinberger 1992]
Condition• human being• machine
Actor
Legalactor
Action Effect
Legalaction
Legaleffect
Legalcondition
Scenario• The fictitious company,
“KnowWhere” offers a “Person Locator App” which can track the user’s location who has installed the app on his smartphone.
• The app accesses the GPS module of the smartphone and sends the coordinates and a specific Facebook ID to the server.
• KnowWhere relies on Google Maps.• The “Person Locator Portal”
– Shows maps with user positions and Facebook IDs
– The server collects all user locations that belong to the given group and uses Google Maps to highlight their positions on the map.
18(Oberle et al. 2013)
Legal reasoning
Question 1. Which provision is applicable?– Federal Data Protection Act. “Personal data”
Question 2: Is the disclosure of user data to Google lawful?
Answer: No.– Question 2.1: Is permission or order by this Act or other law
provided? No.– Question 2.2: Has the data subject provided consent?
No. The users are not informed about the transfer of personal data from KnowWhere to Google. Therefore, effective consent is not given.
Conclusion: the data transfer from KnowWhere to Google can neither be justified by law nor by consent. Therefore the conduct of KnowWhere violates data privacy law. 19
Accept)
Difficulties inherent in law
1. Abstractness of norms. Norms are formulated (on purpose) in abstract terms.
2. Principle vs. rule. The difference in regulatory philosophy between the US and other countries.
3. Open texture. H. L. A. Hart’s example of “Vehicles are forbidden in the park”.
4. The myriad of regulatory requirements. Compliance frameworks are multidimensional.
5. Teleology. The purpose of a legal norm usually can be achieved by a variety of ways. They need not to be listed in a statute and specified in detail.
6. Legal interpretation methods. The meaning of a legal text cannot be extracted from the sole text. Apart from the grammatical interpretation, other methods can be invoked, such as systemic and teleological interpretation.
20
3. Legal machinesand transparency
21
Changeover
22Text culture Machine culture
General Norm Law Decree
Published
Legal machine programNo acess
Technical changeover ‘legal text’ ‘program’
Text culture Machine culture
General Norm Law Decree
Published
Legal machine
Ticket machine Form proceedings
Legal machine programNo acess
Technical changeover ‘legal text’ ‘program’
Problems
1. Transparency
General Norm Law Decree
Published
Party
Individual Norm
Court judgement Administrative decision
2. E
x-p
ost
leg
al
pro
tect
ion
Text culture
These 2 means were not from the beginning.
They were trained in the course of time, but now come as a standard.
1. Transparency
General Norm Law Decree
Published
Party
Individual Norm
Court judgement Administrative decision
2. E
x-p
ost
leg
al
pro
tect
ion
Legal machine programNo acess
Technical changeover ‘legal text’ ‘program’
Text culture Machine culture
However, these 2 standards are missing in the beginning of machine culture.
Party
Legal machine
Ticket machine Form proceedings
Legal machine programNo acess
1. Lack oftransparency
2. No
ex-
ante
le
gal
pro
tect
ion
These 2 standards are missing in the beginning of machine culture.
Therefore we address them.
Party
Legal machine
Ticket machine Form proceedings
Legal machine programNo acess
1. Lack oftransparency
2. No
ex-
ante
le
gal
pro
tect
ion
Requirement 2:
Legal machine programs shall provide a trained, effective and
rapid legal protection
Example1. The law provides 10 variations but the program contains only 9.
Example 2. A ticket machine gives no money back. This makes a problem for customers expecting change from banknotes.
Requirement 1:
Die Programme für Rechtsmaschinen sind
zumindest von ihrer Architektur her zugänglich zu machen
Goal: Equal standard of transparency and legal protection
in text culture and machine culture
Party
1. Transparency
General Norm Law Decree
Published
Party
Individual Norm
Court judgement Administrative decision
2. E
x-p
ost
leg
al
pro
tect
ion
Legal machine
Ticket machine Form proceedings
Legal machine programNo acess
1. Lack oftransparency
2. No
ex-
ante
le
gal
pro
tect
ion
Technical transformation ‘legal text’ ‘program’
Text culture Machine culture