0
E-services via the Internet and
compliance with the law
Vytautas ČYRAS
Vilnius University
Faculty of Mathematics and Infor...
Contents
1. Defining „compliance‟
– e-services are in the background
•

Each artefact can cause harm, for example:
–
–

A ...
1. Compliance

3
Compliance problem [Julisch 2008]
“Sell” compliance, not security.
Given an IT system S and an externally imposed set R of...
Comparison
Artificial Intelligence.
Alan Turing

Informatics and law.
Compliance

• “Can machines think?”

• “Does a softw...
Holistic view to compliance

Rasmussen
2005;
IT GRC
COSO

COBIT, ISO 17779, GORE

Regulation and IT alignment framework (B...
Machine-based or machineassisted decision making?
A case
factual
situation

Plantiff

Judge-machine
Formalistic approach t...
Different kinds of norms
Regimes, paradigms, ethics, professional morality

The Ought
realm

Rules 1.
Technical

Rules 2.
...
Principles of construction
Core ontology
Special ontology 1

Special ontology 2

Rules 1.
Technical

Rules 2.
Legal

Speci...
Technical rules
You cannot violate them.
Causation is formalised with the modus ponens rule:
(1) Rule(P→Q)
(2) Fact(P)
Con...
Legal rules
You can violate them.
(1) Permission(P iff Q)

Norm(¬P → ¬Q)
P denotes “green”,
Q denotes “cross”,
¬P denotes ...
Reputation/energy rules
Violating rules decreases your energy points.
(1) Norm(¬A)
(2) Fact(A)
Conclusion. Energy reductio...
Subsuming a fact to a legal term
Legal term
A:

Murder

Manslaughter

Aiding
suicide

Death
sentence

Military
act

instan...
2. Legal machines

14
Machines produce legal acts
(institutional facts)
1)

Actor
or

Examples:
• vending machines
• traffic lights
• computers ...
Factual acts (raw facts)
„Alice puts a coin in her piggybank‟

Condition

Actor
• human being
• machine

Action

Effect

1...
Legal acts: impositio
• „Chris puts a coin in a ticket machine‟
• „Policeman raises hand‟
Legal
condition

Condition

Lega...
Scenario
•

•

•
•

The fictitious
company, “KnowWhere” offers a
“Person Locator App” which can
track the user‟s location ...
Legal reasoning
Question 1. Which provision is applicable?
– Federal Data Protection Act. “Personal data”

Question 2: Is ...
Difficulties inherent in law
1.

2.
3.
4.
5.
6.

Abstractness of norms. Norms are formulated (on
purpose) in abstract term...
3. Legal machines
and transparency

21
Changeover

Text culture

Machine culture

22
Technical changeover ‘legal text’ ‘program’
General Norm
Law
Decree

Legal machine
program
No acess

Published

Text cult...
Technical changeover ‘legal text’ ‘program’
General Norm
Law
Decree

Legal machine
program
No acess

Published

Legal mac...
General Norm
Law
Decree

1. Transparency

Individual Norm
Court judgement
Administrative decision

2. Ex-post legal
protec...
Technical changeover ‘legal text’ ‘program’
General Norm

Legal machine
program

Law
Decree

No acess

1. Transparency

I...
Legal machine
program

1. Lack of
transparency

These 2 standards are missing in
the beginning of machine culture.
Therefo...
Requirement 1:
Legal machine
program

Die Programme für
Rechtsmaschinen sind
zumindest von ihrer Architektur
her zugänglic...
Goal:
Equal standard of transparency and legal protection
in text culture and machine culture
Technical transformation ‘legal text’ ‘program’
General Norm

Legal machine
program

Law
Decree

No acess

Individual Nor...
Thank you

Vytautas.Cyras@mif.vu.lt
Vytautas.Cyras@mif.vu.lt

31
Upcoming SlideShare
Loading in...5
×

(DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides

103

Published on

Presentation at DAMPS 2013, Druskininkai, Lithuania, 5-7.12.2013, http://www.mii.vu.lt/index.php?siteaction=news_notices.view&id=3198&lang=lt. Program see http://www.mii.lt/files/liks_mii_drusk_2013_programafinal.pdf.

Vytautas Čyras and Friedrich Lachmayer "E-services via the Internet and compliance with the law"

Pranešimas Penktajame tarptautiniame seminare "Duomenų analizės metodai programų sistemoms" (DAMPS 2013):

Vytautas Čyras „Paslaugų teikimo internetu atitikimo teisei problemos“

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
103
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "(DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides"

  1. 1. E-services via the Internet and compliance with the law Vytautas ČYRAS Vilnius University Faculty of Mathematics and Informatics Vytautas.Cyras@mif.vu.lt Friedrich LACHMAYER Vienna www.legalvisualization.com Druskininkai, 5-7.12. 2013
  2. 2. Contents 1. Defining „compliance‟ – e-services are in the background • Each artefact can cause harm, for example: – – A message can cause hart attack A pencil can serve as a murder tool 2. Legal machines – E-proceedings via formulars in the Internet • E.g. tax declarations – Making the architecture transparent 2
  3. 3. 1. Compliance 3
  4. 4. Compliance problem [Julisch 2008] “Sell” compliance, not security. Given an IT system S and an externally imposed set R of (legal) requirements. 1. Make S comply with R 2. Provide assurance that auditor will accept as evidence of the compliance of S with R 1. Formalise R 2. Identify which sub-systems of S are affected by R 3. Determine what assurance has to be provided to show that S is compliant with R 4. Modify S to become compliant with R and to provide the necessary assurance 4
  5. 5. Comparison Artificial Intelligence. Alan Turing Informatics and law. Compliance • “Can machines think?” • “Does a software system comply with law?” Definitions of the meaning of the terms: • „law‟ and „comply‟ • „machine‟ and „think‟ Both questions raise a (philosophical) problem are ill formulated in the sense that: - cannot be answered „yes‟/„no‟ - not a mathematical „decidable‟/„undecidable‟ problem Goal of AI: “enhancing rather than simulating human intelligence” - not to start programming human intelligence (and compliance) 5
  6. 6. Holistic view to compliance Rasmussen 2005; IT GRC COSO COBIT, ISO 17779, GORE Regulation and IT alignment framework (Bonazzi et al. 2009) 6
  7. 7. Machine-based or machineassisted decision making? A case factual situation Plantiff Judge-machine Formalistic approach to the law Mechanistic subsumption Defendant Law No! Legal decision 7
  8. 8. Different kinds of norms Regimes, paradigms, ethics, professional morality The Ought realm Rules 1. Technical Rules 2. Legal Factual limitations, e.g. to fence the grass. obligations, permissions, pro hibitions . Rules 3. Reputation economic, social, civic. … Rules n. Energy Authorities: procedures, e.g. online dispute resolution The Is realm Avatar 8
  9. 9. Principles of construction Core ontology Special ontology 1 Special ontology 2 Rules 1. Technical Rules 2. Legal Special ontology 3 … Special ontology n Rules 3. Reputation … Rules n. Energy Different modes of effect or relevance Barrier. Strict Occasional. Probability p% “Entering without Stag stop is refused” e “Policeman fines you for stepping the grass”. But this happens with p% probability – if you do not succeed. … Step-by-step. “Reputation/energy is decreased by 10 points” 9
  10. 10. Technical rules You cannot violate them. Causation is formalised with the modus ponens rule: (1) Rule(P→Q) (2) Fact(P) Conclusion. Fact(Q) Examples (pincode → money) & pincode • • • money if door = closed then factual_hindrance if number_ISI_articles < 2 then professor Constraints in technical standards Door is closed Room 10
  11. 11. Legal rules You can violate them. (1) Permission(P iff Q) Norm(¬P → ¬Q) P denotes “green”, Q denotes “cross”, ¬P denotes “red” Example. green iff cross ( red → do_not_cross ) (2) Fact(¬P) – red is on (3) Fact(Q) – you cross the street, nevertheless Interpretation. You are simply a bad guy. Nobody can stop you crossing. A punishment procedure is exercised with probability p%, e.g. by a policeman. 11
  12. 12. Reputation/energy rules Violating rules decreases your energy points. (1) Norm(¬A) (2) Fact(A) Conclusion. Energy reduction by 10% Formalisation: Norm(¬A), A ------------------A := 0.9*A Energy is reduced to A1, then A2 and so on to An. And at last ¬A. A A1 A2 An ¬A 12
  13. 13. Subsuming a fact to a legal term Legal term A: Murder Manslaughter Aiding suicide Death sentence Military act instance_of Fact a: Dead body A, C → D ... Legal term: A 2) Normative subsumption A→B 1) Terminological subsumption Faktas: a B(a) Conclusion, judgme nt 13 ...
  14. 14. 2. Legal machines 14
  15. 15. Machines produce legal acts (institutional facts) 1) Actor or Examples: • vending machines • traffic lights • computers in organisations • workflows • human being • machine 2) Actor Action Actor 15
  16. 16. Factual acts (raw facts) „Alice puts a coin in her piggybank‟ Condition Actor • human being • machine Action Effect 16
  17. 17. Legal acts: impositio • „Chris puts a coin in a ticket machine‟ • „Policeman raises hand‟ Legal condition Condition Legal actor Actor • human being • machine Legal action Action Legal effect Effect Institutional facts and legal institutions [McCormick & Weinberger 1992] 17
  18. 18. Scenario • • • • The fictitious company, “KnowWhere” offers a “Person Locator App” which can track the user‟s location who has installed the app on his smartphone. The app accesses the GPS module of the smartphone and sends the coordinates and a specific Facebook ID to the server. KnowWhere relies on Google Maps. The “Person Locator Portal” – – Shows maps with user positions and Facebook IDs The server collects all user locations that belong to the given group and uses Google Maps to highlight their positions on the map. (Oberle et al. 2013) 18
  19. 19. Legal reasoning Question 1. Which provision is applicable? – Federal Data Protection Act. “Personal data” Question 2: Is the disclosure of user data to Google lawful? Answer: No. – Question 2.1: Is permission or order by this Act or other law provided? No. – Question 2.2: Has the data subject provided consent? No. The users are not informed about the transfer of personal data from KnowWhere to Google. Therefore, effective consent is not given. Accept) Conclusion: the data transfer from KnowWhere to Google can neither be justified by law nor by consent. Therefore the conduct of KnowWhere violates data privacy law. 19
  20. 20. Difficulties inherent in law 1. 2. 3. 4. 5. 6. Abstractness of norms. Norms are formulated (on purpose) in abstract terms. Principle vs. rule. The difference in regulatory philosophy between the US and other countries. Open texture. H. L. A. Hart‟s example of “Vehicles are forbidden in the park”. The myriad of regulatory requirements. Compliance frameworks are multidimensional. Teleology. The purpose of a legal norm usually can be achieved by a variety of ways. They need not to be listed in a statute and specified in detail. Legal interpretation methods. The meaning of a legal text cannot be extracted from the sole text. Apart from the grammatical interpretation, other methods can be invoked, such as systemic and teleological interpretation. 20
  21. 21. 3. Legal machines and transparency 21
  22. 22. Changeover Text culture Machine culture 22
  23. 23. Technical changeover ‘legal text’ ‘program’ General Norm Law Decree Legal machine program No acess Published Text culture Machine culture
  24. 24. Technical changeover ‘legal text’ ‘program’ General Norm Law Decree Legal machine program No acess Published Legal machine Ticket machine Form proceedings  Problems
  25. 25. General Norm Law Decree 1. Transparency Individual Norm Court judgement Administrative decision 2. Ex-post legal protection Published These 2 means were not from the beginning. They were trained in the course of time, but now come as a standard. Party Text culture
  26. 26. Technical changeover ‘legal text’ ‘program’ General Norm Legal machine program Law Decree No acess 1. Transparency Individual Norm Court judgement Administrative decision 2. Ex-post legal protection Published However, these 2 standards are missing in the beginning of machine culture. Party Text culture Machine culture
  27. 27. Legal machine program 1. Lack of transparency These 2 standards are missing in the beginning of machine culture. Therefore we address them. Legal machine Ticket machine Form proceedings Party 2. No ex-ante legal protection No acess
  28. 28. Requirement 1: Legal machine program Die Programme für Rechtsmaschinen sind zumindest von ihrer Architektur her zugänglich zu machen 1. Lack of transparency Requirement 2: Legal machine programs shall provide a trained, effective and rapid legal protection Example1. The law provides 10 variations but the program contains only 9. Example 2. A ticket machine gives no money back. This makes a problem for customers expecting change from banknotes. Legal machine Ticket machine Form proceedings Party 2. No ex-ante legal protection No acess
  29. 29. Goal: Equal standard of transparency and legal protection in text culture and machine culture
  30. 30. Technical transformation ‘legal text’ ‘program’ General Norm Legal machine program Law Decree No acess Individual Norm Court judgement Administrative decision Party Text culture 1. Lack of transparency Legal machine Ticket machine Form proceedings Party Machine culture 2. No ex-ante legal protection 1. Transparency 2. Ex-post legal protection Published
  31. 31. Thank you Vytautas.Cyras@mif.vu.lt Vytautas.Cyras@mif.vu.lt 31
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×