Date post: | 16-Dec-2015 |
Category: |
Documents |
Upload: | alban-oconnor |
View: | 218 times |
Download: | 1 times |
BLUR: Code and CodeHow technology is washing away traditional legal boundaries
K. Krasnow WatermanLawTechIntersect, LLC
Presented to TTI/VanguardFebruary 20, 2014
Impact of Tech on Law
Not Blur• Faster,
cheaper, more efficient
Blur• Change to
substance, process, philosophy
2/20/14
Automating Pre-existing Legal Process
Practice management• Time Keeping• Records Management• Email
Practice • Case & statute databases
Courts• eFiling• Video deposition• eEvidence
2/20/14
NOT BLUR
Boundaries that Blur
Substance• Change to the law or legal meaning of a term
Process• Change to how law or government is performed
Philosophy• Change to our concept of law or government
2/20/14
Have you ever been able to avoid using a lawyer because you could look something up online?
Process Change
2/20/14
• EXCEPT his..– 1986 - except his yard (Fly-over)– 2007 – email & web log
• But not his.. (warrant required)– 1967 – wired phone (Pen register)– 1999 – keystrokes – 2001 – heat signature– 2012 – ongoing auto location (gps tracking device)
• And, not sure about his– 2013 – phone metadata
Privacy“A man’s home is his castle”
2/20/14 [email protected] 9Substance
Genetic Code & Legal Code1902
• Discovery of XY
1959
• First chromosome anomaly discovered
1979
• Case law: “hermaphrodite” born & raised as a man couldn’t marry as a man under “one man, one woman” (Australia)
1990’s
• Increased study of intersex: estimated 2.7MM-10MM in US
2013
• Statute: Germany permits third gender designation on birth certificate & passport
Substance2/20/14
Big Data: Program Code & Code • How do we determine de facto discrimination trends growing in big
data?
“Unlike some websites claim, Hoffman is not Jewish since both of his parents have no Jewish
background and he was not raised Jewish.”
Process2/20/14
AngelList: 423 Legal Market Entities
Firms
Automation
Blur
StaffingLawyer referral networkseDiscoveryCase managementBilling & TrackingeSignaturesLaw School Ed Document managementContract generators
2/20/14
The Rise of LegalTech
1985“Public Image,” Larry Hunter
1989 “National Security in the Information Age: Applying Mosaic Theory to FOIA”
2001 CIO, Foreign Terrorist Tracking Task Force
2005Accountable Systems, DIG, CSAIL, MIT
2006“Knowledge Discovery in Corporate Email: the Compliance Bot meets Enron”
1970 Legal Journal articles
1981 Legal Tech Conference
1987 Internat’l Association of AI & Law
1992 LII – Free Access to Law Movement
2011 Reinvent Law
2014 Data Privacy Legal Hackathon
2/20/14
Process
Scenario• Massachusetts analyst (Mia) sends Request for Information
(RFI) to Department of Homeland Security agent (Feddy). • RFI contains criminal history info about a specific person
(RBGuy); regulated by Massachusetts General Law 6-172.
RFI re:RBGuy
MGL6-172
Mia Feddy
Simple Compliance Answer
“Transaction is compliant with Massachusetts General Law, Part I, Title II,
Chapter 6, Section 172.”
Program Code & Code
2005 •US Privacy Act
converted to a process flow diagram
2009 •Map US Privacy Act
& others to metadata structure
2010 •MIT prototype
Accountable System - reasons the US Privacy Act over data transactions and provides plain language explanations.
2013 •MIT prototype
reasons portion of HIPAA privacy rule over real data and addresses obscured dependencies.
2013 •All United States
Code published in XML
2014 •UK begins “Big Data
for Law” project analyzing search and considering law as pattern language
Process Philosophy2/20/14
QueryQuery About aperson?About aperson?
N
N
PA doesnot apply
2
PA doesnot apply
2
IsSOR?
IsSOR?
N
Disclose1,2
Disclose1,2
YUS
Person?3
USPerson?
3
Y
N
PA doesnot apply
4
PA doesnot apply
4
Individual’swritten request
or consent?
Individual’swritten request
or consent?
Y
N
Check applicability of other rules
DiscloseDisclose
Policy Restrictions
Y
N
Check applicability of other rules
Y
N
Within agencyfor officialduties?
Within agencyfor officialduties?
Restrictionsapply?
Restrictionsapply?
DiscloseDisclose
FLAGFLAG
Y
N
Check applicability of other rules
Requiredunder FOIA?
Requiredunder FOIA? DiscloseDisclose
PA Requirement (b)(2)
PA Requirement (b)(3)
PA Requirement (b)(1)
PA Requirement (b)
Y
N
Check applicability of other rules
To the Bureauof the
Census?
To the Bureauof the
Census?DiscloseDisclose Account for
disclosure
Y
N
Check applicability of other rules
Y
N
Non-identifiable
info for statisticalpurposes?
Non-identifiable
info for statisticalpurposes?
Adequatewritten
assurance?
Adequatewritten
assurance?
FLAGFLAG
DiscloseDisclose
Account for disclosure
Account for disclosure
Y
N
Check applicability of other rules
To NARA forarchiving
To NARA forarchiving DiscloseDisclose Account for
disclosure
Y
N
Check applicability of other rules
Y
N
For lawenforcementon request of
head ofagency
For lawenforcementon request of
head ofagency
Authorityverified?Authorityverified?
FLAGFLAG
DiscloseDisclose
Account for disclosure
Account for disclosure
Y
N
Check applicability of other rules
Compellingre: health or
safety?
Compellingre: health or
safety?
Account for disclosure
Transmitnotification
to individualslast known
address
Y
N
Check applicability of other rules
To Congress?To Congress? DiscloseDisclose Account for disclosure
Y
N
Check applicability of other rules
To the GAO?To the GAO? DiscloseDisclose Account for disclosure
PA Requirement (b)(4)
PA Requirement (b)(5)
PA Requirement (b)(6)
PA Requirement (b)(7)
PA Requirement (b)(8)
PA Requirement (b)(9)
PA Requirement (b)(10)
Y
N
Check applicability of other rules
Pursuant to court order?Pursuant to court order?
Forward court order to respondents agency’s legal
counsel
PA Requirement (b)(11)
Y
N
Check applicability of other rules
To aconsumerreportingagency?
To aconsumerreportingagency?
Account for disclosure
PA Requirement (b)(12)
Notes:1. Disclosures can be made from non-PA systems, e.g., NSEERS2. Policy Issue: Can disclosures be made from systems that are non-SOR because data is
not retrieved by individual ID?3. Policy Issue: Should an automatic query be made to determine immigration/citizenship
status?4. Policy Issue: Should information of non-US citizens/LPRs be treated as if it were
covered by PA?5. Rules of bulk data transfers may be different from rules for individual inquiries6. Accounting must be kept of all disclosures outside the agency
Receiving system checks
whether information
meeting query criteria is available
Y
N
Check applicability of other rules
Y
N
For routineuse?(note)
For routineuse?(note)
Restrictionsapply?
Restrictionsapply?
DiscloseDisclose
FLAGFLAG
Account for disclosure
Re: benefits?Re: benefits?
MatchingAgreement?
MatchingAgreement?
NoDisclose
NoDisclose
Note: Taxonomy of routine uses needs to be created. Request will need to be
checked against the taxonomy and then verified that the specific routine use is applicable to the system from which
information is being requested.
Note: Policy issue: can an individual’s request in an automated environment lead
to disclosure of data in other agencies’ databases? (In the non-automated
environment, generally agencies consult other agencies that serve as data sources;
in automated environment may need to metatag data with source and required
action(s)
Note: Restrictions may include MOU and special agreements, e.g., CBP
Undertakings on EU PNR
Note: Will need to create a mechanism to verify whether requesting entity is a
statistical agency or office and whether adequate rules are in place to de-identify
data for statistical purposes.
Note: How is authority verified, esp. in case of state and local law enforcement? (Possible verification mechanisms include the existence of an open case or filing of
specific forms or specific delegation authority.)
Note: What is the definition of “compelling circumstances affecting the health or safety
of an individual”? What evidence is required for verification?
“CoveredEntity”?
“CoveredEntity”?
Y
See rules for sharing when both PA and HIPAA apply
Y
ParticularRecord
Specified?
ParticularRecord
Specified?
NoDisclose
NoDisclose
N
Y
Agency withinRoutineUses?
Agency withinRoutineUses?
PurposeWithin RU
ForAgency?
PurposeWithin RU
ForAgency?
CriteriaMet?
2
CriteriaMet?
2
N N N
N
Y Y Y N
Y
Y
LawEnforcement?
LawEnforcement?
N
InvestigationOn Going?
InvestigationOn Going?
Y
QueryQuery About aperson?About aperson?
N
N
PA doesnot apply
2
PA doesnot apply
2
IsSOR?
IsSOR?
N
Disclose1,2
Disclose1,2
YUS
Person?3
USPerson?
3
Y
N
PA doesnot apply
4
PA doesnot apply
4
Individual’swritten request
or consent?
Individual’swritten request
or consent?
Y
N
Check applicability of other rules
DiscloseDiscloseIndividual’s
written requestor consent?
Individual’swritten request
or consent?
Y
N
Check applicability of other rules
DiscloseDisclose
Policy Restrictions
Y
N
Check applicability of other rules
Y
N
Within agencyfor officialduties?
Within agencyfor officialduties?
Restrictionsapply?
Restrictionsapply?
DiscloseDisclose
FLAGFLAG
Y
N
Check applicability of other rules
Requiredunder FOIA?
Requiredunder FOIA? DiscloseDisclose
Y
N
Check applicability of other rules
Requiredunder FOIA?
Requiredunder FOIA? DiscloseDisclose
PA Requirement (b)(2)
PA Requirement (b)(3)
PA Requirement (b)(1)
PA Requirement (b)
Y
N
Check applicability of other rules
To the Bureauof the
Census?
To the Bureauof the
Census?DiscloseDisclose Account for
disclosure
Y
N
Check applicability of other rules
To the Bureauof the
Census?
To the Bureauof the
Census?DiscloseDisclose Account for
disclosure
Y
N
Check applicability of other rules
Y
N
Non-identifiable
info for statisticalpurposes?
Non-identifiable
info for statisticalpurposes?
Adequatewritten
assurance?
Adequatewritten
assurance?
FLAGFLAG
DiscloseDisclose
Account for disclosure
Account for disclosure
Y
N
Check applicability of other rules
To NARA forarchiving
To NARA forarchiving DiscloseDisclose Account for
disclosure
Y
N
Check applicability of other rules
To NARA forarchiving
To NARA forarchiving DiscloseDisclose Account for
disclosure
Y
N
Check applicability of other rules
Y
N
For lawenforcementon request of
head ofagency
For lawenforcementon request of
head ofagency
Authorityverified?Authorityverified?
FLAGFLAG
DiscloseDisclose
Account for disclosure
Account for disclosure
Y
N
Check applicability of other rules
Compellingre: health or
safety?
Compellingre: health or
safety?
Account for disclosure
Transmitnotification
to individualslast known
address
Y
N
Check applicability of other rules
Compellingre: health or
safety?
Compellingre: health or
safety?
Account for disclosure
Transmitnotification
to individualslast known
address
Y
N
Check applicability of other rules
To Congress?To Congress? DiscloseDisclose Account for disclosure
Y
N
Check applicability of other rules
To Congress?To Congress? DiscloseDisclose Account for disclosure
Y
N
Check applicability of other rules
To the GAO?To the GAO? DiscloseDisclose Account for disclosure
Y
N
Check applicability of other rules
To the GAO?To the GAO? DiscloseDisclose Account for disclosure
PA Requirement (b)(4)
PA Requirement (b)(5)
PA Requirement (b)(6)
PA Requirement (b)(7)
PA Requirement (b)(8)
PA Requirement (b)(9)
PA Requirement (b)(10)
Y
N
Check applicability of other rules
Pursuant to court order?Pursuant to court order?
Forward court order to respondents agency’s legal
counsel
Y
N
Check applicability of other rules
Pursuant to court order?Pursuant to court order?
Forward court order to respondents agency’s legal
counsel
PA Requirement (b)(11)
Y
N
Check applicability of other rules
To aconsumerreportingagency?
To aconsumerreportingagency?
Account for disclosure
Y
N
Check applicability of other rules
To aconsumerreportingagency?
To aconsumerreportingagency?
Account for disclosure
PA Requirement (b)(12)
Notes:1. Disclosures can be made from non-PA systems, e.g., NSEERS2. Policy Issue: Can disclosures be made from systems that are non-SOR because data is
not retrieved by individual ID?3. Policy Issue: Should an automatic query be made to determine immigration/citizenship
status?4. Policy Issue: Should information of non-US citizens/LPRs be treated as if it were
covered by PA?5. Rules of bulk data transfers may be different from rules for individual inquiries6. Accounting must be kept of all disclosures outside the agency
Receiving system checks
whether information
meeting query criteria is available
Y
N
Check applicability of other rules
Y
N
For routineuse?(note)
For routineuse?(note)
Restrictionsapply?
Restrictionsapply?
DiscloseDisclose
FLAGFLAG
Account for disclosure
Re: benefits?Re: benefits?
MatchingAgreement?
MatchingAgreement?
NoDisclose
NoDisclose
Note: Taxonomy of routine uses needs to be created. Request will need to be
checked against the taxonomy and then verified that the specific routine use is applicable to the system from which
information is being requested.
Note: Policy issue: can an individual’s request in an automated environment lead
to disclosure of data in other agencies’ databases? (In the non-automated
environment, generally agencies consult other agencies that serve as data sources;
in automated environment may need to metatag data with source and required
action(s)
Note: Restrictions may include MOU and special agreements, e.g., CBP
Undertakings on EU PNR
Note: Will need to create a mechanism to verify whether requesting entity is a
statistical agency or office and whether adequate rules are in place to de-identify
data for statistical purposes.
Note: How is authority verified, esp. in case of state and local law enforcement? (Possible verification mechanisms include the existence of an open case or filing of
specific forms or specific delegation authority.)
Note: What is the definition of “compelling circumstances affecting the health or safety
of an individual”? What evidence is required for verification?
“CoveredEntity”?
“CoveredEntity”?
Y
See rules for sharing when both PA and HIPAA apply
Y
ParticularRecord
Specified?
ParticularRecord
Specified?
NoDisclose
NoDisclose
N
Y
Agency withinRoutineUses?
Agency withinRoutineUses?
PurposeWithin RU
ForAgency?
PurposeWithin RU
ForAgency?
CriteriaMet?
2
CriteriaMet?
2
N N N
N
Y Y Y N
Y
Y
LawEnforcement?
LawEnforcement?
N
InvestigationOn Going?
InvestigationOn Going?
Y
2/20/14 [email protected] 21
Process Flow Diagram
22
Party Subject to the Rule RULE VerbTransaction Verb Data Subject to the Rule
Party subject to the Rule
Attribute of Party subject to rule
Person Context Rule Type Activity Type
Data Category
Special Data Category Data Context
Government:Federal:Agency Prohibited Share Person
PII:US Person
Source:SystemOf Records
People Involved in the Data TransactionCircumstances in which the rule applies
Releasing EntityAttribute of Party subject to rule Context Accessing Entity
Attribute of Party subject to rule Context Authorized Purpose detail
Government:Federal:Agency
Person;Government: Federal:Agency
Administrative information that makes it possible to understand precedence, provenance, and linkages
Rule precedence type"Facilities" rule Document Document Citation
Document sub-Reference Dated
1.2a: Federal Statute The Privacy Act
The Privacy Act, 5 USC § 552a (b)
Administrative information that makes it possible to understand precedence, provenance, and linkages
Record Number
Old Record Numbers Linked to Rule Name
Linked to Records Link Reason
Changed Perspective Flag Perspective
180001
1) Definitions: Agency, System of Records, Record 1) AND,
2/20/2014 [email protected]
Mapping of the Statute
Cross-OntologyKB
MDCCL12.15.01.03(Definitions)
MGL6-172
MD MA
User Profiles
User Profiles
User Docs Policies
Policies
Mia
MGL 66A-1(Definitions)
MGLOntology
RFI
Reasoner
Maury
RBGuy
MDCCLOntology
Org. Admin.
CertifiedList
MGL6-172
Context Data Required
Computing Law
Startup converting case
law unstructured text to
structured
Linking things and the Law that relates to them (LII, 2013/2014)
Combining system capability
for brute force (Watson) &
nuanced interaction (MIT)
Law as pattern language (UK)
2/20/14
Near termData requests - What if my
system and your system can negotiate a data contract?
What if government can produce reports accounting for all data usage (purpose,
parties, volume, etc.)
FutureContracts – What if our
systems can negotiate other contracts? (Or partial
contracts?)
What if systems can find and compute law for you?
2/20/14
Jurisdiction: Zip Code & Legal CodeSubstance:
• Is data transferred to every location where someone can view it on a portal or web screen? YES
Process:• Can a lawyer telecommute from a location in which he is not licensed? YES• Process: Can a prosecutor in NJ serve a criminal subpoena on a student in MA to find out if the
student’s project traversed NJ servers? STAY TUNED
Philosophy:• Whose law applies when data is split and traverses through many countries? (Should we direct
packets or change the meaning of jurisdiction?)• What is the authority for establishing law if not jurisdiction?• Is this the basis for stateless currency?
2/20/14
Impact of Availability
What is the practice of law?
Eliminating specialties that
the public can now perform (e.g., looking up real estate records)
What is the role of criminal justice?
Changing notion of rehabilitation because the
record is persistent &
available
How public should our court system be?
Anonymizing sensitive personal
information in court records
Philosophy2/20/14
Collaborative Government
Judge Judy Budget Games
Legal Hackathons GPSJury
2/20/14Philosophy
Speed of BlurJan 19
Privacy: SCOTUS announces it will hear two cases on warrantless cell phone search
Feb 6
Code: UK announces “Big Data for Law” initiative
Feb 7
Code: ReInvent Law Conference – 1400 participants
Feb 8/9Code: Data Privacy Legal Hackathon – Producing new privacy technologies (encrypted communications& privacy policy visualization)
Feb 13Gender: Texas Court of Appeals overturns decision invalidating the marriage of an intersex widowJurisdiction: Received email notice of Tidbit case
2/20/14
CEO LawTechIntersect, LLC
Co-Investigator Big Data for Law National Archives, UK
Advisory Board, Prevoty, Tengah
Visiting Fellow MIT, Decentralized Information Group, CSAIL
Founder, Linked Data Ventures
Current:Global Head Anti-Money Laundering & Sanctions Infrastructure, Citigroup
CIO Foreign Terrorist Tracking Task Force, Department of Justice
Assistant Dean University of Arizona, Law
Litigator Brown & Bain
System design & IT Mgt JPMorgan & IBM
Former:
Bio - K. Krasnow Waterman
2/20/14