Presentation at DAMPS 2013, Druskininkai, Lithuania, 5-7.12.2013, http://www.mii.vu.lt/index.php?siteaction=news_notices.view&id=3198&lang=lt. Program see http://www.mii.lt/files/liks_mii_drusk_2013_programafinal.pdf.
Vytautas Čyras and Friedrich Lachmayer "E-services via the Internet and compliance with the law"
Pranešimas Penktajame tarptautiniame seminare "Duomenų analizės metodai programų sistemoms" (DAMPS 2013):
Vytautas Čyras „Paslaugų teikimo internetu atitikimo teisei problemos“
(DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides
1. E-services via the Internet and
compliance with the law
Vytautas ČYRAS
Vilnius University
Faculty of Mathematics and Informatics
Vytautas.Cyras@mif.vu.lt
Friedrich LACHMAYER
Vienna
www.legalvisualization.com
Druskininkai, 5-7.12. 2013
2. Contents
1. Defining „compliance‟
– e-services are in the background
•
Each artefact can cause harm, for example:
–
–
A message can cause hart attack
A pencil can serve as a murder tool
2. Legal machines
– E-proceedings via formulars in the Internet
•
E.g. tax declarations
– Making the architecture transparent
2
4. Compliance problem [Julisch 2008]
“Sell” compliance, not security.
Given an IT system S and an externally imposed set R of (legal) requirements.
1. Make S comply with R
2. Provide assurance that auditor will accept as evidence of the compliance of
S with R
1. Formalise R
2. Identify which sub-systems of
S are affected by R
3. Determine what assurance
has to be provided to show
that S is compliant with R
4. Modify S to become compliant
with R and to provide the
necessary assurance
4
5. Comparison
Artificial Intelligence.
Alan Turing
Informatics and law.
Compliance
• “Can machines think?”
• “Does a software system
comply with law?”
Definitions of the meaning of the terms:
• „law‟ and „comply‟
• „machine‟ and „think‟
Both questions
raise a (philosophical) problem
are ill formulated in the sense that:
- cannot be answered „yes‟/„no‟
- not a mathematical „decidable‟/„undecidable‟ problem
Goal of AI: “enhancing rather than simulating human intelligence”
- not to start programming human intelligence (and compliance)
5
6. Holistic view to compliance
Rasmussen
2005;
IT GRC
COSO
COBIT, ISO 17779, GORE
Regulation and IT alignment framework (Bonazzi et al. 2009)
6
7. Machine-based or machineassisted decision making?
A case
factual
situation
Plantiff
Judge-machine
Formalistic approach to the law
Mechanistic subsumption
Defendant
Law
No!
Legal
decision
7
8. Different kinds of norms
Regimes, paradigms, ethics, professional morality
The Ought
realm
Rules 1.
Technical
Rules 2.
Legal
Factual
limitations, e.g. to
fence the grass.
obligations,
permissions, pro
hibitions .
Rules 3.
Reputation
economic,
social,
civic.
…
Rules n.
Energy
Authorities: procedures, e.g.
online dispute resolution
The Is
realm
Avatar
8
9. Principles of construction
Core ontology
Special ontology 1
Special ontology 2
Rules 1.
Technical
Rules 2.
Legal
Special ontology 3 … Special ontology n
Rules 3.
Reputation
…
Rules n.
Energy
Different modes of effect or relevance
Barrier.
Strict
Occasional.
Probability p%
“Entering without
Stag
stop is refused”
e
“Policeman fines you for
stepping the grass”.
But this happens with
p% probability – if you
do not succeed.
…
Step-by-step.
“Reputation/energy is
decreased by 10 points”
9
10. Technical rules
You cannot violate them.
Causation is formalised with the modus ponens rule:
(1) Rule(P→Q)
(2) Fact(P)
Conclusion. Fact(Q)
Examples
(pincode → money) & pincode
•
•
•
money
if door = closed then factual_hindrance
if number_ISI_articles < 2 then professor
Constraints in technical standards
Door is
closed
Room
10
11. Legal rules
You can violate them.
(1) Permission(P iff Q)
Norm(¬P → ¬Q)
P denotes “green”,
Q denotes “cross”,
¬P denotes “red”
Example. green iff cross
( red → do_not_cross )
(2) Fact(¬P)
– red is on
(3) Fact(Q)
– you cross the street, nevertheless
Interpretation. You are simply a bad guy. Nobody can stop
you crossing.
A punishment procedure is exercised with probability
p%, e.g. by a policeman.
11
12. Reputation/energy rules
Violating rules decreases your energy points.
(1) Norm(¬A)
(2) Fact(A)
Conclusion. Energy reduction by 10%
Formalisation:
Norm(¬A), A
------------------A := 0.9*A
Energy is reduced to A1, then A2 and so on to An. And at last ¬A.
A
A1
A2
An
¬A
12
13. Subsuming a fact to a legal term
Legal term
A:
Murder
Manslaughter
Aiding
suicide
Death
sentence
Military
act
instance_of
Fact a:
Dead body
A, C → D
...
Legal term:
A
2) Normative
subsumption
A→B
1) Terminological
subsumption
Faktas:
a
B(a)
Conclusion, judgme
nt
13
...
15. Machines produce legal acts
(institutional facts)
1)
Actor
or
Examples:
• vending machines
• traffic lights
• computers in organisations
• workflows
• human being
• machine
2)
Actor
Action
Actor
15
16. Factual acts (raw facts)
„Alice puts a coin in her piggybank‟
Condition
Actor
• human being
• machine
Action
Effect
16
17. Legal acts: impositio
• „Chris puts a coin in a ticket machine‟
• „Policeman raises hand‟
Legal
condition
Condition
Legal
actor
Actor
• human being
• machine
Legal
action
Action
Legal
effect
Effect
Institutional facts and legal institutions [McCormick & Weinberger 1992]
17
18. Scenario
•
•
•
•
The fictitious
company, “KnowWhere” offers a
“Person Locator App” which can
track the user‟s location who has
installed the app on his smartphone.
The app accesses the GPS module
of the smartphone and sends the
coordinates and a specific Facebook
ID to the server.
KnowWhere relies on Google Maps.
The “Person Locator Portal”
–
–
Shows maps with user positions and
Facebook IDs
The server collects all user locations that
belong to the given group and uses
Google Maps to highlight their positions
on the map.
(Oberle et al. 2013)
18
19. Legal reasoning
Question 1. Which provision is applicable?
– Federal Data Protection Act. “Personal data”
Question 2: Is the disclosure of user data to Google lawful?
Answer: No.
– Question 2.1: Is permission or order by this Act or other law
provided? No.
– Question 2.2: Has the data subject provided consent?
No. The users are not informed about the transfer of personal data from
KnowWhere to Google. Therefore, effective consent is not given.
Accept)
Conclusion: the data transfer from KnowWhere to Google can
neither be justified by law nor by consent. Therefore the
conduct of KnowWhere violates data privacy law.
19
20. Difficulties inherent in law
1.
2.
3.
4.
5.
6.
Abstractness of norms. Norms are formulated (on
purpose) in abstract terms.
Principle vs. rule. The difference in regulatory philosophy
between the US and other countries.
Open texture. H. L. A. Hart‟s example of “Vehicles are
forbidden in the park”.
The myriad of regulatory requirements. Compliance
frameworks are multidimensional.
Teleology. The purpose of a legal norm usually can be
achieved by a variety of ways. They need not to be listed in
a statute and specified in detail.
Legal interpretation methods. The meaning of a legal text
cannot be extracted from the sole text. Apart from the
grammatical interpretation, other methods can be
invoked, such as systemic and teleological interpretation.
20
23. Technical changeover ‘legal text’ ‘program’
General Norm
Law
Decree
Legal machine
program
No acess
Published
Text culture
Machine culture
24. Technical changeover ‘legal text’ ‘program’
General Norm
Law
Decree
Legal machine
program
No acess
Published
Legal machine
Ticket machine
Form proceedings
Problems
25. General Norm
Law
Decree
1. Transparency
Individual Norm
Court judgement
Administrative decision
2. Ex-post legal
protection
Published
These 2 means were not from the beginning.
They were trained in the course of time, but
now come as a standard.
Party
Text culture
26. Technical changeover ‘legal text’ ‘program’
General Norm
Legal machine
program
Law
Decree
No acess
1. Transparency
Individual Norm
Court judgement
Administrative decision
2. Ex-post legal
protection
Published
However, these 2 standards are missing
in the beginning of machine culture.
Party
Text culture
Machine culture
27. Legal machine
program
1. Lack of
transparency
These 2 standards are missing in
the beginning of machine culture.
Therefore we address them.
Legal machine
Ticket machine
Form proceedings
Party
2. No ex-ante
legal protection
No acess
28. Requirement 1:
Legal machine
program
Die Programme für
Rechtsmaschinen sind
zumindest von ihrer Architektur
her zugänglich zu machen
1. Lack of
transparency
Requirement 2:
Legal machine programs shall
provide a trained, effective and
rapid legal protection
Example1. The law provides 10 variations but
the program contains only 9.
Example 2. A ticket machine gives no money
back. This makes a problem for customers
expecting change from banknotes.
Legal machine
Ticket machine
Form proceedings
Party
2. No ex-ante
legal protection
No acess
29. Goal:
Equal standard of transparency and legal protection
in text culture and machine culture
30. Technical transformation ‘legal text’ ‘program’
General Norm
Legal machine
program
Law
Decree
No acess
Individual Norm
Court judgement
Administrative decision
Party
Text culture
1. Lack of
transparency
Legal machine
Ticket machine
Form proceedings
Party
Machine culture
2. No ex-ante
legal protection
1. Transparency
2. Ex-post legal
protection
Published