Collaborative Research: DASS: Legally Accountable Cryptographic Computing Systems (LAChS)

合作研究：DASS：法律责任加密计算系统 (LAChS)

• 批准号: 2131356
• 负责人: Joan Feigenbaum
• 金额: $ 16.56万
• 依托单位: Yale University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-10-01 至 2024-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2131356&HistoricalAwards=false
• 关键词: Collaborative; Research; DASS; Legally; Accountable

Society is having a hard time governing digital systems, and poorly governed systems lead to gaps in society's willingness to trust these systems with sensitive or high-priority tasks. Part of this challenge arises from the fact that law and software address rules and behavior at very different levels of detail. Laws must be general in their application and thus leave interpretation and detailed requirements to the discretion of software developers. This leaves software developers, who cannot be expected to be legal experts, having to decide what is the proper technical design to comply with often-complex legal rules. For example, when a privacy law such as the General Data Protection Regulation (GDPR) requires that users have a right to delete their data, does that mean all data, including backups? Without clear answers to such questions, developers can’t be confident that they have successfully complied with legal requirements, and then the public who uses these systems has little reason to trust them. This project's novelties are to introduce design patterns that help software developers assemble components reliably and purposefully, in the knowledge that they meet policy requirements effectively and thus warrant the confidence of the public. The project's impact benefits society in two ways. First, by closing the abstraction gap between law and systems, methods and tools developed in this project help software developers build systems that comply with legal obligations. Second, the project furthers the development of a research community in computer science and law. The LAChS (pronounced "lox") project makes two contributions toward better understanding of how to build accountable software systems. First, policy concepts allow software developers to identify the functional aspects of systems they are developing in order to assess whether the functions of the system are consistent with the policy constraints associated with the computations they are performing. Along with policy concepts, the project introduces policy standards -- functional descriptions of the requirements of law. Together, policy concepts and policy standards provide a software-engineering framework through which developers can more easily build systems that are accountable to legal requirements. Second, the project develops an integrated legal-technical methodology for assessing the accountability properties of a system with respect to a set of legal requirements. Prior work has generally sought to define accountability solely as a property of information systems. The project shows that a full understanding of accountability requires considering the properties of both law and computing systems. In sum, this research is premised on the view that, with respect to key societal priorities such as privacy, the law has actually made considerable progress in defining key rights for the digital, while underlying technology is still struggling to adapt to these challenges. Thus the project aims to bring more clear abstraction, modularization and composability to legal and technical methodologies in order to better meet these challenges.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

社会在管理数字系统方面遇到了困难，而管理不善的系统导致社会在信任这些系统处理敏感或高优先级任务方面存在差距。这种挑战部分源于法律和软件在非常不同的细节层次上处理规则和行为这一事实。法律在其应用中必须是通用的，因此将解释和详细需求留给软件开发人员自行决定。这就使得软件开发人员（不能指望他们成为法律专家）不得不决定什么是适当的技术设计，以遵守通常复杂的法律规则。例如，当《通用数据保护条例》（GDPR）等隐私法要求用户有权删除他们的数据时，这是否意味着所有数据，包括备份？如果对这些问题没有明确的答案，开发人员就不能确信他们已经成功地遵守了法律要求，然后使用这些系统的公众就没有理由信任他们。这个项目的新奇之处在于引入了一些设计模式，这些模式可以帮助软件开发人员可靠地、有目的地组装组件，从而有效地满足策略需求，从而保证公众的信心。该项目的影响在两个方面对社会有益。首先，通过缩小法律和系统之间的抽象差距，在这个项目中开发的方法和工具可以帮助软件开发人员构建符合法律义务的系统。第二，该项目促进了计算机科学和法律研究社区的发展。LAChS（发音为“lox”）项目为更好地理解如何构建负责任的软件系统做出了两项贡献。首先，策略概念允许软件开发人员识别他们正在开发的系统的功能方面，以便评估系统的功能是否与与他们正在执行的计算相关的策略约束一致。除了政策概念之外，该项目还引入了政策标准——对法律需求的功能描述。策略概念和策略标准一起提供了一个软件工程框架，通过这个框架，开发人员可以更容易地构建对法律需求负责的系统。第二，该项目开发了一种综合的法律-技术方法，用于根据一套法律要求评估一个制度的问责性质。以前的工作通常试图将问责制仅仅定义为信息系统的属性。该项目表明，充分理解问责制需要考虑法律和计算系统的特性。总而言之，本研究的前提是，就隐私等关键社会优先事项而言，法律实际上在定义数字的关键权利方面取得了相当大的进展，而基础技术仍在努力适应这些挑战。因此，该项目旨在为法律和技术方法带来更清晰的抽象、模块化和可组合性，以便更好地应对这些挑战。该奖项反映了美国国家科学基金会的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。