1.
Introduction ^
There are simple legal machines, such as traffic lights, barriers and vending machines, and complex ones, such as the electronic forms that are used in tax and finance. An example of the latter is FinanzOnline1 in Austria. A legal machine can be defined as a machine in a system whose actions have legal importance and legal consequences [Čyras & Lachmayer 2012]. Legal machines shift raw facts into institutional facts. The raw facts come from the Is world, whereas the institutional facts come from the Ought. Legal machines contribute to law enforcement, and their programs implement legal norms.
- A general norm which is formulated in a legal text such as a law or a by-law; and
- An individual norm which is formulated in a court judgement or an administrative decision.
The following means of legal protection serve the different parties in the context of a text culture:
- Transparency of law. Legal texts are made accessible to citizens. An example is the Austrian e-government application (portal) HELP,2 which states the applicable law for various situations and supports ex-ante analysis; and
- Ex-post legal protection. An example of this is RIS,3 which publishes cases and supports ex-post analysis.
2.
The context of justice in the paradigm change to electronic procedures ^
Hans Kelsen (1967) pursued several objectives in his Pure Theory of Law:
- First, a paradigm shift in legal theory. The Pure Theory of Law became a new jurisprudential standard and in this respect shaped the twentieth century.
- Second, the overcoming of the natural law. Since the second edition of the Pure Theory of Law, it has not quite been possible to argue using the natural law, and thus this theory has outlived the natural law.
- Third, to stop argue using the concept of justice; but he did not succeed with this objective. Despite his long and learned essay on justice, the focus of his attack has survived and continues to be a common theme.
- The meaning of legal material can be made «law» by justice. This is achieved from the law through autopoiesis. Alternatively, justice can be made into a legally external system.
- Traditionally, justice also includes the meta-norms of the law, i.e. how to shape the law and especially how to apply it. These aspects can be either just or unjust. As the examples of the past show, a correct general text can be perverted when it is enforced by the law. Also a general text may be formulated in an unfair way from the outset.
The e-procedures are likely to prevail in the middle areas of all kinds of proceedings. More and more situations are standardized and can be handled abstractly. However, things are different in the two peripheral areas. The hard cases will be handled as before with manual legal work. An example of non-compliant software design is provided in [Oberle et al. 2012]. This example demonstrates legal reasoning that leads to a violation of data privacy law. The running example in [Oberle et al. 2012] is a situation in which a user’s consent, given by clicking «yes» on his mobile phone, is not treated as an effective consent in the legal sense.
3.
Transparency in software engineering ^
Requirements 1 and 2 in Section 1 are formulated on a very high level. The next question is how they can be implemented in a legal machine. In principle, the architecture of the legal machine can be made available to the user. Designing legal machines is a subject for software engineering (SE). Transparency of computer programs is a concern of both SE and human-computer interaction.4 Here transparency is combined with the principles of information hiding5 and separation of concerns.6 On different abstraction levels, a software element is treated as a black box which can be viewed in terms of its input, its output and its transfer characteristics without any knowledge of its internal workings.
However, the story above is in practice rarely so simple. There may be a wide span between the legal requirements and the technical specifications. Failure to understand the law is one of the reasons why the program may be non-compliant [Silverman 2008, pp. 59–61]. On the one hand, legal texts constitute only a part of the whole legal system. The meaning of the law – the Ought realm – can scarcely be understood from a single legal text. Therefore it is difficult for a beginner to understand the spirit of law while reading a statute in isolation. For this reason only well-defined compliance problems can be implemented by ticking boxes in an audit document.
3.1.
On implementing Requirement 2 – legal protection ^
4.
Formulating program transparency as compliance ^
We now attempt to formulate program transparency as a problem of compliance with the law. Klaus Julisch (2008) suggests that academia should undergo a paradigm shift, from «selling» security when organizations seek to «buy» compliance to complementing current security research with additional research into security compliance:
«[A]s long as careers are terminated and people go to jail…for failures in compliance – rather than security – the commercial world will continue to pursue compliance rather than security as their primary goal.» [Julisch 2008, p. 71]
Julisch defines security compliance as follows: «security compliance, in IT systems, is the state of conformance with externally imposed functional security requirements and of providing evidence (assurance) thereof» [Julisch 2008, p. 72]. He defines the security compliance problem as follows:
Bonazzi-Hussami-Pigneur IT compliance framework. There is no silver bullet to solve the compliance problem. This is also explained in the IT compliance framework, which is worth special attention; see [Bonazzi et al. 2009]. Two dimensions, Legal and IT, and two kinds of source for regulations with which a company must comply, External and Internal, are depicted by squares (Fig. 3). Different alignments are represented by arrows that point to the artefact that is defined.
5.
Conclusions ^
6.
Acknowledgement ^
7.
References ^
Bonazzi, Riccardo; Hussami, Lotfi; Pigneur, Yves, Compliance management is becoming a major issue in IS design. In: D’atri, Alessandro; Saccà, Domenico (eds.) Information Systems: People, Organizations, Institutions, and Technologies, Springer, pp. 391–398 (2009).
Čyras, Vytautas; Lachmayer, Friedrich, Multisensory legal machines and legal act production. In: 25th IVR World Congress: Law, Science and Technology, 15–20 August 2011, Paper Ser. No. 026/2012, 18 p., Goethe University Frankfurt am Main. http://publikationen.ub.uni-frankfurt.de/files/24884/IVR_World_Congress_2011_No_026.pdf (2012).
Julisch, Klaus, Security compliance: the next frontier in security research. In: Proceedings of the 2008 workshop on New security paradigms, NSPW’08, 71–74, ACM (2008).
Kelsen, Hans, Pure Theory of Law. 2nd ed., Max Knight, trans. (Reine Rechtslehre, 2. Auflage. Deuticke, Wien, 1960) University of California Press, Berkeley (1967).
Oberle, Daniel; Drefs, Felix; Wacker, Richard; Baumann, Christian; Raabe, Oliver, Engineering compliant software: advising developers by automating legal reasoning. SCRIPTed 9:3, 280–313, DOI: 10.2966/scrip.090312.280 [interactive]. http://script-ed.org/wp-content/uploads/2011/12/oberle.pdf [accessed 1 January 2014] (2012).
Silverman, Michael, Compliance Management for Public, Private, or Nonprofit Organizations, McGraw-Hill, New York (2008).
Vytautas Čyras
Associate Professor, Vilnius University
Faculty of Mathematics and Informatics
Naugarduko 24, 03225 Vilnius, Lithuania
Vytautas.Cyras@mif.vu.lt; http://www.mif.vu.lt/~cyras/
Friedrich Lachmayer
Professor, University of Innsbruck
Innrain 47, 6020 Innsbruck, Austria
Friedrich.Lachmayer@uibk.ac.at; http://www.legalvisualization.com
- 1 FinanzOnline provides a one-click link to the Austrian tax administration; see https://finanzonline.bmf.gv.at/.
- 2 HELP.gv.at – a government agency help site on the Internet, which offers necessary information for living and working in Austria.
- 3 The Legal Information System of the Republic of Austria; http://www.ris.bka.gv.at/.
- 4 Transparency means that a distributed system hides its distributed nature from its users, appearing and functioning as a normal centralized system. In software engineering, it is also considered good practice to use different abstraction layers. There are many types of transparency, see (http://en.wikipedia.org/wiki/Transparency_(human%E2%80%93computer_interaction).
- 5 In computer science, information hiding is the principle of the segregation of the design decisions in a computer program that are most likely to change. This protects other parts of the program from extensive modification if the design decision is changed. The protection involves providing a stable interface which protects the remainder of the program from the implementation (the details that are most likely to change), see http://en.wikipedia.org/wiki/Information_hiding.
- 6 In computer science, separation of concerns (SoC) is a design principle for separating a computer program into distinct sections, such that each section addresses a separate concern, see http://en.wikipedia.org/wiki/Separation_of_concerns.