(damps 2013) e-services via the internet and compliance with the law. file...

E-services via the Internet and compliance with the law

Druskininkai, 5-7.12. 2013

Friedrich LACHMAYERVienna

www.legalvisualization.com

Vytautas ČYRASVilnius University

Faculty of Mathematics and Informatics Vytautas.Cyras@mif.vu.lt

Contents

1. Defining ‘compliance’– e-services are in the background

• Each artefact can cause harm, for example:– A message can cause hart attack– A pencil can serve as a murder tool

2. Legal machines– E-proceedings via formulars in the Internet

• E.g. tax declarations

– Making the architecture transparent

2

1. Compliance

3

Compliance problem [Julisch 2008]

4

Given an IT system S and an externally imposed set R of (legal) requirements. 1. Make S comply with R2. Provide assurance that auditor will accept as evidence of the compliance of

S with R

“Sell” compliance, not security.

1. Formalise R2. Identify which sub-systems of

S are affected by R3. Determine what assurance has

to be provided to show that S is compliant with R

4. Modify S to become compliant with R and to provide the necessary assurance

ComparisonArtificial Intelligence.

Alan Turing

• “Can machines think?”

• ‘machine’ and ‘think’

Informatics and law.

Compliance

• “Does a software system comply with law?”

• ‘law’ and ‘comply’

5

Definitions of the meaning of the terms:

Both questions raise a (philosophical) problem are ill formulated in the sense that: - cannot be answered ‘yes’/‘no’ - not a mathematical ‘decidable’/‘undecidable’ problem

Goal of AI: “enhancing rather than simulating human intelligence” - not to start programming human intelligence (and compliance)

Holistic view to compliance

6Regulation and IT alignment framework (Bonazzi et al. 2009)

COBIT, ISO 17779, GORE

COSO

Rasmussen 2005;IT GRC

Machine-based or machine-assisted decision making?

7

A case factual

situation

Legaldecision

Judge-machine Law

No!

Plantiff Defendant

Formalistic approach to the law Mechanistic subsumption

Different kinds of norms

8

The Isrealm

Rules 1. Technical

Factual limitations, e.g. to fence the grass.

Rules 2. Legal

obligations,permissions, prohibitions .

Rules 3. Reputation

economic,social,civic.

Rules n.Energy

…

Regimes, paradigms, ethics, professional morality

Authorities: procedures, e.g. online dispute resolution

Avatar

The Oughtrealm

Principles of construction

9

…

…

Stage

Rules 1. Technical

Rules 2.Legal

Rules 3. Reputation

Rules n.Energy…

Core ontology

Special ontology 1 Special ontology 2 Special ontology 3 Special ontology n

Different modes of effect or relevance

Barrier.Strict

Occasional.Probability p%

Step-by-step.

“Entering withoutstop is refused”

“Policeman fines you for stepping the grass”.

But this happens with p% probability – if you do not succeed.

“Reputation/energy is decreased by 10 points”

10

Technical rules

Causation is formalised with the modus ponens rule:

(1) Rule(P→Q)

(2) Fact(P)

Conclusion. Fact(Q)

Examples

(pincode → money) & pincode money

• if door = closed then factual_hindrance• if number_ISI_articles < 2 then professor• Constraints in technical standards

RoomDoor is closed

You cannot violate them.

11

Legal rules

(1) Permission(P iff Q) Norm(¬P → ¬Q)

Example. green iff cross ( red → do_not_cross )

(2) Fact(¬P) – red is on

(3) Fact(Q) – you cross the street, nevertheless

Interpretation. You are simply a bad guy. Nobody can stop you crossing.

A punishment procedure is exercised with probability p%, e.g. by a policeman.

P denotes “green”,Q denotes “cross”,¬P denotes “red”

You can violate them.

12

Reputation/energy rules

(1) Norm(¬A)

(2) Fact(A)

Conclusion. Energy reduction by 10%

Formalisation:

Energy is reduced to A1, then A2 and so on to An. And at last ¬A.A

A1

A2

An

¬A

Norm(¬A), A-------------------A := 0.9*A

Violating rules decreases your energy points.

Subsuming a fact to a legal term

13

Dead bodyFact a:

Murder ManslaughterAiding suicide

Death sentence

Military act

Legal termA:

...

a

A

1) Terminological subsumption

Faktas:

Legal term:

A, C → D

A → B

...2) Normative subsumption

B(a)Conclusion, judgment

instance_of

2. Legal machines

14

Machines produce legal acts(institutional facts)

15

Examples:• vending machines• traffic lights• computers in organisations• workflows

• human being• machine

Actor

or

1)

Actor ActorAction

2)

Factual acts (raw facts)‘Alice puts a coin in her piggybank’

16

Condition• human being• machine

Actor Action Effect

Legal acts: impositio

• ‘Chris puts a coin in a ticket machine’• ‘Policeman raises hand’

17Institutional facts and legal institutions [McCormick & Weinberger 1992]

Condition• human being• machine

Actor

Legalactor

Action Effect

Legalaction

Legaleffect

Legalcondition

Scenario• The fictitious company,

“KnowWhere” offers a “Person Locator App” which can track the user’s location who has installed the app on his smartphone.

• The app accesses the GPS module of the smartphone and sends the coordinates and a specific Facebook ID to the server.

• KnowWhere relies on Google Maps.• The “Person Locator Portal”

– Shows maps with user positions and Facebook IDs

– The server collects all user locations that belong to the given group and uses Google Maps to highlight their positions on the map.

18(Oberle et al. 2013)

Legal reasoning

Question 1. Which provision is applicable?– Federal Data Protection Act. “Personal data”

Question 2: Is the disclosure of user data to Google lawful?

Answer: No.– Question 2.1: Is permission or order by this Act or other law

provided? No.– Question 2.2: Has the data subject provided consent?

No. The users are not informed about the transfer of personal data from KnowWhere to Google. Therefore, effective consent is not given.

Conclusion: the data transfer from KnowWhere to Google can neither be justified by law nor by consent. Therefore the conduct of KnowWhere violates data privacy law. 19

Accept)

Difficulties inherent in law

1. Abstractness of norms. Norms are formulated (on purpose) in abstract terms.

2. Principle vs. rule. The difference in regulatory philosophy between the US and other countries.

3. Open texture. H. L. A. Hart’s example of “Vehicles are forbidden in the park”.

4. The myriad of regulatory requirements. Compliance frameworks are multidimensional.

5. Teleology. The purpose of a legal norm usually can be achieved by a variety of ways. They need not to be listed in a statute and specified in detail.

6. Legal interpretation methods. The meaning of a legal text cannot be extracted from the sole text. Apart from the grammatical interpretation, other methods can be invoked, such as systemic and teleological interpretation.

20

3. Legal machinesand transparency

21

Changeover

22Text culture Machine culture

General Norm Law Decree

Published

Legal machine programNo acess

Technical changeover ‘legal text’ ‘program’

Text culture Machine culture

General Norm Law Decree

Published

Legal machine

Ticket machine Form proceedings

Legal machine programNo acess

Technical changeover ‘legal text’ ‘program’

Problems

1. Transparency

General Norm Law Decree

Published

Party

Individual Norm

Court judgement Administrative decision

2. E

x-p

ost

leg

al

pro

tect

ion

Text culture

These 2 means were not from the beginning.

They were trained in the course of time, but now come as a standard.

1. Transparency

General Norm Law Decree

Published

Party

Individual Norm

Court judgement Administrative decision

2. E

x-p

ost

leg

al

pro

tect

ion

Legal machine programNo acess

Technical changeover ‘legal text’ ‘program’

Text culture Machine culture

However, these 2 standards are missing in the beginning of machine culture.

Party

Legal machine

Ticket machine Form proceedings

Legal machine programNo acess

1. Lack oftransparency

2. No

ex-

ante

le

gal

pro

tect

ion

These 2 standards are missing in the beginning of machine culture.

Therefore we address them.

Party

Legal machine

Ticket machine Form proceedings

Legal machine programNo acess

1. Lack oftransparency

2. No

ex-

ante

le

gal

pro

tect

ion

Requirement 2:

Legal machine programs shall provide a trained, effective and

rapid legal protection

Example1. The law provides 10 variations but the program contains only 9.

Example 2. A ticket machine gives no money back. This makes a problem for customers expecting change from banknotes.

Requirement 1:

Die Programme für Rechtsmaschinen sind

zumindest von ihrer Architektur her zugänglich zu machen

Goal: Equal standard of transparency and legal protection

in text culture and machine culture

Party

1. Transparency

General Norm Law Decree

Published

Party

Individual Norm

Court judgement Administrative decision

2. E

x-p

ost

leg

al

pro

tect

ion

Legal machine

Ticket machine Form proceedings

Legal machine programNo acess

1. Lack oftransparency

2. No

ex-

ante

le

gal

pro

tect

ion

Technical transformation ‘legal text’ ‘program’

Text culture Machine culture

Thank you

Vytautas.Cyras@mif.vu.lt Vytautas.Cyras@mif.vu.lt 31