Compliance and software transparency for legal machines
description
Transcript of Compliance and software transparency for legal machines
![Page 1: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/1.jpg)
Compliance and software
transparency for legal machines
Tallinn, 8-11.06. 2014
Friedrich LACHMAYER Vienna
University of Innsbruck
www.legalvisualization.com
Vytautas ČYRAS Vilnius University
![Page 2: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/2.jpg)
Contents
1. Legal machines
– E-proceedings via forms in the Internet • E.g. tax declarations
– Making the architecture transparent
2. Defining compliance
– e-services are in the background
– Each artefact can cause harm, e.g.: • Message can cause hart attack
• Pencil can serve as a murder tool
3. The concept of subsumption
2
![Page 3: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/3.jpg)
1. Legal machines
3
![Page 4: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/4.jpg)
Machines produce legal acts
• Actions with legal importance and legal consequences
• Institutional facts
4
Examples:
• vending machines
• traffic lights
• computers in organisations
• workflows
• human being
• machine
Actor
or
1)
Actor Actor Action
2)
![Page 5: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/5.jpg)
Factual acts (raw facts)
‘Alice puts coins in her piggy bank’
5
Condition • human being
• machine
Actor Action Effect
![Page 6: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/6.jpg)
Legal acts: impositio
‘Chris puts coins in the ticket machine’
‘Policeman raises hand’
6 Institutional facts and legal institutions (McCormick & Weinberger 1992)
• human being
• machine
Actor
Legal
actor
Action Effect
Legal
action
Legal
effect
Condition
Legal
condition
![Page 7: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/7.jpg)
2. Legal machines
and transparency
7
![Page 8: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/8.jpg)
Machines are not flexible
• You can argue with an operator
• You cannot argue with a machine
– E.g. “credit card declined”
• You can violate legal rules
• You cannot violate technical rules
8
![Page 9: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/9.jpg)
Changeover
9 Text culture Machine culture
![Page 10: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/10.jpg)
10
General Norm Law
Decree
Published
Legal machine
program No access
Technical changeover ‘legal text’ ‘program’
Text culture Machine culture
![Page 11: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/11.jpg)
11
General Norm Law
Decree
Published
Legal machine
Ticket machine
Form proceedings
Legal machine
program No access
Technical changeover ‘legal text’ ‘program’
Problems
![Page 12: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/12.jpg)
12
1. Transparency
General Norm Law
Decree
Published
Party
Individual Norm
Court judgement
Administrative decision
2. E
x-p
ost
leg
al
pro
tecti
on
Text culture
These 2 means were not from the beginning.
They were trained in the course of time, but
now come as a standard.
![Page 13: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/13.jpg)
13
1. Transparency
General Norm Law
Decree
Published
Party
Individual Norm
Court judgement
Administrative decision
2. E
x-p
ost
leg
al
pro
tecti
on
Legal machine
program No access
Technical changeover ‘legal text’ ‘program’
Text culture Machine culture
However, these 2 standards are missing
in the beginning of machine culture.
![Page 14: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/14.jpg)
14
Party
Legal machine
Ticket machine
Form proceedings
Legal machine
program No access
1. Lack of
transparency
2. N
o e
x-a
nte
leg
al p
rote
cti
on
These 2 standards are missing in
the beginning of machine culture.
Therefore we address them.
![Page 15: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/15.jpg)
15
Party
Legal machine
Ticket machine
Form proceedings
Legal machine
software No access
1. Lack of
transparency
2. N
o e
x-a
nte
leg
al p
rote
cti
on
Requirement 2:
Software should provide a
trained, effective and rapid legal
protection
Example1. The law provides 10 variations but
the program contains only 9.
Example 2. A ticket machine gives no money
back. This makes a problem for customers
expecting change from banknotes.
Requirement 1:
The architecture of software
should be available
![Page 16: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/16.jpg)
Goal
Equal standard of transparency and legal
protection in text culture and machine culture
16
![Page 17: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/17.jpg)
17
Party
1. Transparency
General Norm Law
Decree
Published
Party
Individual Norm
Court judgement
Administrative decision
2. E
x-p
ost
leg
al
pro
tecti
on
Legal machine
Ticket machine
Form proceedings
Legal machine
program No access
1. Lack of
transparency
2. N
o e
x-a
nte
leg
al p
rote
cti
on
Technical transformation ‘legal text’ ‘program’
Text culture Machine culture
![Page 18: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/18.jpg)
3. Compliance
18
![Page 19: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/19.jpg)
Compliance problem (Julisch 2008)
19
Given an IT system S and an externally imposed set R of (legal) requirements.
1. Make S comply with R
2. Provide assurance that auditor will accept as evidence of the compliance of
S with R
“Sell” compliance, not security.
1. Formalise R
2. Identify which sub-systems of
S are affected by R
3. Determine what assurance
has to be provided to show
that S is compliant with R
4. Modify S to become compliant
with R and to provide the
necessary assurance
![Page 20: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/20.jpg)
Holistic view to compliance
20 Regulation and IT alignment framework (Bonazzi et al. 2009)
COBIT, ISO 17779, GORE
COSO
Rasmussen
2005;
IT GRC
![Page 21: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/21.jpg)
Comparison
Artificial Intelligence.
Alan Turing
• “Can machines think?”
• ‘machine’ and ‘think’
Informatics and law.
Compliance
• “Does a software system
comply with law?”
• ‘law’ and ‘comply’
21
Definitions of the meaning of the terms:
Both questions
are ill formulated in the sense that:
- can’t be answered ‘yes’/‘no’
- not a ‘decidable’/‘undecidable’ problem
an answer depends on philosophical assumptions
Goal of AI: “enhancing rather than simulating human intelligence”
- first understand then start programming
![Page 22: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/22.jpg)
Machine-based or machine-
assisted decision making?
22
Legal
decision
Law
Plaintiff Defendant
Formalistic approach to the law
Mechanistic subsumption No!
Judge-machine Judge-machine
Case
Factual situation
![Page 23: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/23.jpg)
Standard cases, hard cases,
emergency cases
23
Legal
decision
Judge-machine Legal machine
Case
Hard cases – “No” Standard cases – “Yes”
Emergency cases –
not applicable
![Page 24: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/24.jpg)
“Accept” ≠ effective consent
24
Accept)
![Page 25: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/25.jpg)
Noncompliant scenario • The fictitious company,
“KnowWhere” offers a “Person
Locator App” which can track the
user’s location who has installed the
app on his smartphone.
• The app accesses the GPS of the
smartphone and sends the
coordinates and a Facebook ID to
the server.
• KnowWhere relies on Google Maps.
• The “Person Locator Portal” – Shows maps with user positions and
Facebook IDs
– The server collects all user locations and
uses Google Maps to highlight their
positions on the map.
25 See Oberle et al. 2013, http://script-ed.org/?p=667
![Page 26: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/26.jpg)
Legal reasoning
Question: Is the disclosure of user data to Google lawful?
Answer: No. – Question 1: Is permission or order by the law provided? No.
– Question 2: Has the data subject provided consent? No. The users are not informed about the transfer of personal data from
KnowWhere to Google. Therefore, effective consent is not given.
Conclusion:
Data transfer from KnowWhere to Google cannot be justified.
Therefore KnowWhere violates data privacy law.
26
Accept)
![Page 27: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/27.jpg)
Modelling legal norms as rules
state_of_affairs → legal_consequences
if condition then effects
else sanction
27
((Collection(X) OR Processing(X) OR Use(X)) AND performedUpon(X,Y) AND PersonalData(Y))
AND
(Permission(P) OR Order(P)) AND givenFor(P,X)))
OR
(Consent(C) AND DataSubject(D) AND about(Y,D)
AND gives(D,C) AND permits(C,X))
→
Lawfulness(P) AND givenFor(P,X)
See also Kowalski, Sergot, etc.
![Page 28: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/28.jpg)
4. Subsumption
28
![Page 29: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/29.jpg)
Subsuming a fact to a legal term
29
Dead body Fact a:
Murder Manslaughter Aiding
suicide
Death
sentence
Military
act Legal term
A: ...
a
A
Fact:
Legal term: A & C → D A → B ...
B(a) Conclusion,
judgment
instance_of
1) Terminological
subsumption
2) Normative
subsumption
![Page 30: Compliance and software transparency for legal machines](https://reader033.fdocuments.us/reader033/viewer/2022051411/547d3f1ab379596a2b8b523e/html5/thumbnails/30.jpg)
Difficulties inherent in law
1. Abstractness of norms. Norms are formulated (on purpose) in abstract terms
2. Principle vs. rule. The difference in regulatory philosophy between the US and other countries
3. Open texture. Hart’s example of “Vehicles are forbidden in the park”
4. The myriad of regulatory requirements. Compliance frameworks are multidimensional
5. Legal interpretation methods. The meaning of a legal text cannot be extracted from the sole text
– grammatical interpretation,
– systemic interpretation
– teleological interpretation
30