![Page 1: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/1.jpg)
E-services via the Internet and compliance with the law
Druskininkai, 5-7.12. 2013
Friedrich LACHMAYERVienna
www.legalvisualization.com
Vytautas ČYRASVilnius University
Faculty of Mathematics and Informatics [email protected]
![Page 2: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/2.jpg)
Contents
1. Defining ‘compliance’– e-services are in the background
• Each artefact can cause harm, for example:– A message can cause hart attack– A pencil can serve as a murder tool
2. Legal machines– E-proceedings via formulars in the Internet
• E.g. tax declarations
– Making the architecture transparent
2
![Page 3: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/3.jpg)
1. Compliance
3
![Page 4: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/4.jpg)
Compliance problem [Julisch 2008]
4
Given an IT system S and an externally imposed set R of (legal) requirements. 1. Make S comply with R2. Provide assurance that auditor will accept as evidence of the compliance of
S with R
“Sell” compliance, not security.
1. Formalise R2. Identify which sub-systems of
S are affected by R3. Determine what assurance has
to be provided to show that S is compliant with R
4. Modify S to become compliant with R and to provide the necessary assurance
![Page 5: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/5.jpg)
ComparisonArtificial Intelligence.
Alan Turing
• “Can machines think?”
• ‘machine’ and ‘think’
Informatics and law.
Compliance
• “Does a software system comply with law?”
• ‘law’ and ‘comply’
5
Definitions of the meaning of the terms:
Both questions raise a (philosophical) problem are ill formulated in the sense that: - cannot be answered ‘yes’/‘no’ - not a mathematical ‘decidable’/‘undecidable’ problem
Goal of AI: “enhancing rather than simulating human intelligence” - not to start programming human intelligence (and compliance)
![Page 6: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/6.jpg)
Holistic view to compliance
6Regulation and IT alignment framework (Bonazzi et al. 2009)
COBIT, ISO 17779, GORE
COSO
Rasmussen 2005;IT GRC
![Page 7: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/7.jpg)
Machine-based or machine-assisted decision making?
7
A case factual
situation
Legaldecision
Judge-machine Law
No!
Plantiff Defendant
Formalistic approach to the law Mechanistic subsumption
![Page 8: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/8.jpg)
Different kinds of norms
8
The Isrealm
Rules 1. Technical
Factual limitations, e.g. to fence the grass.
Rules 2. Legal
obligations,permissions, prohibitions .
Rules 3. Reputation
economic,social,civic.
Rules n.Energy
…
Regimes, paradigms, ethics, professional morality
Authorities: procedures, e.g. online dispute resolution
Avatar
The Oughtrealm
![Page 9: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/9.jpg)
Principles of construction
9
…
…
Stage
Rules 1. Technical
Rules 2.Legal
Rules 3. Reputation
Rules n.Energy…
Core ontology
Special ontology 1 Special ontology 2 Special ontology 3 Special ontology n
Different modes of effect or relevance
Barrier.Strict
Occasional.Probability p%
Step-by-step.
“Entering withoutstop is refused”
“Policeman fines you for stepping the grass”.
But this happens with p% probability – if you do not succeed.
“Reputation/energy is decreased by 10 points”
![Page 10: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/10.jpg)
10
Technical rules
Causation is formalised with the modus ponens rule:
(1) Rule(P→Q)
(2) Fact(P)
Conclusion. Fact(Q)
Examples
(pincode → money) & pincode money
• if door = closed then factual_hindrance• if number_ISI_articles < 2 then professor• Constraints in technical standards
RoomDoor is closed
You cannot violate them.
![Page 11: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/11.jpg)
11
Legal rules
(1) Permission(P iff Q) Norm(¬P → ¬Q)
Example. green iff cross ( red → do_not_cross )
(2) Fact(¬P) – red is on
(3) Fact(Q) – you cross the street, nevertheless
Interpretation. You are simply a bad guy. Nobody can stop you crossing.
A punishment procedure is exercised with probability p%, e.g. by a policeman.
P denotes “green”,Q denotes “cross”,¬P denotes “red”
You can violate them.
![Page 12: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/12.jpg)
12
Reputation/energy rules
(1) Norm(¬A)
(2) Fact(A)
Conclusion. Energy reduction by 10%
Formalisation:
Energy is reduced to A1, then A2 and so on to An. And at last ¬A.A
A1
A2
An
¬A
Norm(¬A), A-------------------A := 0.9*A
Violating rules decreases your energy points.
![Page 13: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/13.jpg)
Subsuming a fact to a legal term
13
Dead bodyFact a:
Murder ManslaughterAiding suicide
Death sentence
Military act
Legal termA:
...
a
A
1) Terminological subsumption
Faktas:
Legal term:
A, C → D
A → B
...2) Normative subsumption
B(a)Conclusion, judgment
instance_of
![Page 14: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/14.jpg)
2. Legal machines
14
![Page 15: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/15.jpg)
Machines produce legal acts(institutional facts)
15
Examples:• vending machines• traffic lights• computers in organisations• workflows
• human being• machine
Actor
or
1)
Actor ActorAction
2)
![Page 16: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/16.jpg)
Factual acts (raw facts)‘Alice puts a coin in her piggybank’
16
Condition• human being• machine
Actor Action Effect
![Page 17: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/17.jpg)
Legal acts: impositio
• ‘Chris puts a coin in a ticket machine’• ‘Policeman raises hand’
17Institutional facts and legal institutions [McCormick & Weinberger 1992]
Condition• human being• machine
Actor
Legalactor
Action Effect
Legalaction
Legaleffect
Legalcondition
![Page 18: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/18.jpg)
Scenario• The fictitious company,
“KnowWhere” offers a “Person Locator App” which can track the user’s location who has installed the app on his smartphone.
• The app accesses the GPS module of the smartphone and sends the coordinates and a specific Facebook ID to the server.
• KnowWhere relies on Google Maps.• The “Person Locator Portal”
– Shows maps with user positions and Facebook IDs
– The server collects all user locations that belong to the given group and uses Google Maps to highlight their positions on the map.
18(Oberle et al. 2013)
![Page 19: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/19.jpg)
Legal reasoning
Question 1. Which provision is applicable?– Federal Data Protection Act. “Personal data”
Question 2: Is the disclosure of user data to Google lawful?
Answer: No.– Question 2.1: Is permission or order by this Act or other law
provided? No.– Question 2.2: Has the data subject provided consent?
No. The users are not informed about the transfer of personal data from KnowWhere to Google. Therefore, effective consent is not given.
Conclusion: the data transfer from KnowWhere to Google can neither be justified by law nor by consent. Therefore the conduct of KnowWhere violates data privacy law. 19
Accept)
![Page 20: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/20.jpg)
Difficulties inherent in law
1. Abstractness of norms. Norms are formulated (on purpose) in abstract terms.
2. Principle vs. rule. The difference in regulatory philosophy between the US and other countries.
3. Open texture. H. L. A. Hart’s example of “Vehicles are forbidden in the park”.
4. The myriad of regulatory requirements. Compliance frameworks are multidimensional.
5. Teleology. The purpose of a legal norm usually can be achieved by a variety of ways. They need not to be listed in a statute and specified in detail.
6. Legal interpretation methods. The meaning of a legal text cannot be extracted from the sole text. Apart from the grammatical interpretation, other methods can be invoked, such as systemic and teleological interpretation.
20
![Page 21: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/21.jpg)
3. Legal machinesand transparency
21
![Page 22: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/22.jpg)
Changeover
22Text culture Machine culture
![Page 23: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/23.jpg)
General Norm Law Decree
Published
Legal machine programNo acess
Technical changeover ‘legal text’ ‘program’
Text culture Machine culture
![Page 24: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/24.jpg)
General Norm Law Decree
Published
Legal machine
Ticket machine Form proceedings
Legal machine programNo acess
Technical changeover ‘legal text’ ‘program’
Problems
![Page 25: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/25.jpg)
1. Transparency
General Norm Law Decree
Published
Party
Individual Norm
Court judgement Administrative decision
2. E
x-p
ost
leg
al
pro
tect
ion
Text culture
These 2 means were not from the beginning.
They were trained in the course of time, but now come as a standard.
![Page 26: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/26.jpg)
1. Transparency
General Norm Law Decree
Published
Party
Individual Norm
Court judgement Administrative decision
2. E
x-p
ost
leg
al
pro
tect
ion
Legal machine programNo acess
Technical changeover ‘legal text’ ‘program’
Text culture Machine culture
However, these 2 standards are missing in the beginning of machine culture.
![Page 27: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/27.jpg)
Party
Legal machine
Ticket machine Form proceedings
Legal machine programNo acess
1. Lack oftransparency
2. No
ex-
ante
le
gal
pro
tect
ion
These 2 standards are missing in the beginning of machine culture.
Therefore we address them.
![Page 28: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/28.jpg)
Party
Legal machine
Ticket machine Form proceedings
Legal machine programNo acess
1. Lack oftransparency
2. No
ex-
ante
le
gal
pro
tect
ion
Requirement 2:
Legal machine programs shall provide a trained, effective and
rapid legal protection
Example1. The law provides 10 variations but the program contains only 9.
Example 2. A ticket machine gives no money back. This makes a problem for customers expecting change from banknotes.
Requirement 1:
Die Programme für Rechtsmaschinen sind
zumindest von ihrer Architektur her zugänglich zu machen
![Page 29: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/29.jpg)
Goal: Equal standard of transparency and legal protection
in text culture and machine culture
![Page 30: (DAMPS 2013) E-services via the Internet and compliance with the law. File 20131203-Druskininkai-Cyras-EServicesCompliance-slides](https://reader035.vdocument.in/reader035/viewer/2022081518/5539c1c6550346b82d8b4add/html5/thumbnails/30.jpg)
Party
1. Transparency
General Norm Law Decree
Published
Party
Individual Norm
Court judgement Administrative decision
2. E
x-p
ost
leg
al
pro
tect
ion
Legal machine
Ticket machine Form proceedings
Legal machine programNo acess
1. Lack oftransparency
2. No
ex-
ante
le
gal
pro
tect
ion
Technical transformation ‘legal text’ ‘program’
Text culture Machine culture