From Data Protection to Knowledge Machines
The Study of Law and Informatics (*)
Extract from pp. 1-9.
INTRODUCTION
Peter Seipel
AFTER TWENTY YEARS: WHERE DO WE STAND?
In 1988 the Swedish Law and Informatics Research Institute of the University of Stockholm (IRI) celebrated its 20th anniversary.(1) To commemorate the event a Nordic symposium was held at the Hässelby castle in November 1988. The symposium was devoted to the whole field of law and informatics and attempted to survey the overall state of the young discipline devoted to the legal aspects of information and information technology.(2) The proceedings of the symposium were published in the Scandinavian languages only.(3) Since the issues are most likely of interest to a broader international community it was, however, decided to invite a number of experts to write in English about some of the main topics which were treated at the symposium. The result is the present collection of articles.
The articles have all been written by persons with whom the IRI has had long scholarly contacts and some of us are presently attached to the IRI as researchers and teachers.
The topics treated in this book have been selected with care. The purpose is to present both the richness of the field of study and the "embarras de richesse", the embarrassment with regard to methods and paradigms which this richness may lead to. In brief; does a data inspectorate have to concern itself withmethods of representing legal knowledge in computers? The following, personal reflections will provide some limited answers to basic questions of this kind. They will also explain the logic of the sequence of the articles and distinguish some common themes which contribute to keeping the articles together. A brief sketch also presents each individual author.
PRIVACY PROTECTION AND ACCESS TO INFORMATION
If you ask a lawyer in general what he or she thinks that "law and informatics" may be about, one likely answer (if there is one) will be "the issue of how to protect the individual's privacy in a computerized society". The answer is both well-chosen and correct but, of course, far from complete. It is also natural that the first article in this collection deals with data protection. Its author is professor Knut Selmer of the Oslo University. Knut Selmer was one of the founders of the Norwegian Research Center for Computers and Law in 1970 - an institution which under the leadership of himself and professor Jon Bing (see below) has gained wide-spread international recognition. Its successes are due not least to Knut Selmer's both visionary and practical mind. His contribution to this book, which is partly based on his own personal experience as a member of the Norwegian Data Inspectorate, deals with a number of problems that are met by data inspection authorities both in his own country and generally. He examines these problems in the light of e.g. law-making strategies and the position of data inspection authorities within the administration. Among other things, the discussion focuses attention on the interests which ought to guide the construction of vague concepts in privacy protection laws. These interests are probably more controversial than a first glance would reveal; in sum, are they to be interpreted narrowly or broadly? Selmer's discussion points in the latter direction when he brings up subjects such as vulnerability, data quality and information system transparency.
Precisely these issues are also taken up by professor David H.Flaherty of the University of Western Ontario, London, Canada. David Flaherty is professor of history and law and has published a number of comprehensive studies of the protection of personal data. He has prepared official reports for such organs as the Federal Privacy Commissioner in Canada. In particular, professor Flaherty emphasizes comparative aspects and places the issues into the broader framework of national policies and strategies for the development and management of information resources.(4) In the present article he penetrates the question of the scope of "data protection". He seeks an answer by reviewing relationships between protection of personal data and information access laws in general. His advice is that, for a number of reasons, data inspection authorities should stick to their primary task of protecting the individual's privacy. At the same time the article strongly advocates the need to develop broader and coherent national information policies.
The third contribution also addresses issues of privacy protection and access to data. Its author is Herbert Burkert who is attached to the West-German National Research Center for Computer Science in Cologne. One of his fields of expertise within law and informatics concerns data security and confidentiality. Among other things he has been the main responsible author of a report on freedom of information and data protection sponsored by the Commission for the European Communities.(5) In the present article Herbert Burkert clarifies the differences between legislation on data protection and legislation on access to government information. The perspective is different from the one found in David Flaherty's contribution: where Flaherty discusses national policies and related subjects, Burkert deals with the concept of "information laws" from a methodological point of view. More precisely, Burkert turns his attention to the characteristics of contemporary information systems which are based on computer technology. He examines certain consequences of the technological development with regard to the granting of requests for access and the traditional objectives of information access laws. He concludes that the emergence of "electronic documents" gives rise to new legal trends where "dynamic fictional" possibilities of information handling play an increasingly important role. That the consequences may be far-reaching is indicated by the concluding part of the article which deals with, among other things, possible commercial uses of existing large databanks in the public sector.
LEX COMPUTATIONIS
Although all three articles presented so far deal primarily with data protection and information access laws they all in one way or another comment upon the broader field of "information law" or "data law" in general. For example, Selmer discusses the normative task of achieving a "citizen-friendly administration", Flaherty emphasizes the need to co-ordinate different categories of information-related legal regulation, and Burkert comments on the notion of "general public information law" with a suggested primary concern for information management issues.
This broader perspective is further developed in the four articles which follow. Professor emeritus Jan Hellnertreats the notion of tort liability in the computer context. Intentionally, Jan Hellner is perhaps best known as an eminent expert in private law. However, his occupation with law and informatics dates back a long time: together with Peter Seipel he started the activities of the Swedish Law and Informatics Research Institute in 1968 and - although many competing demands have always been made on his time - he has since then repeatedly chosen to devote himself to work on different problems in the field: analyses of legal texts with computers, issues of legal steering, data protection etc. The topic of his present article brings together issues of privacy protection and liability issues. Valid Swedish law poses the problem of why activities which are conducted with the technical aid of computers should be treated in a special way with regard to tort liability. In this respect Hellner is critical: his analysis illustrates risks of incoherent and piecemeal legal regulation. At the same time he indicates other law-making strategies that may be more fruitful, viz. control of certain permanent features of information systems and systematic treatment of the problem of incorrect information in general regardless of the means of information processing. In brief, Hellner's contribution raises the important issue whether and to what extent "information law" should be regarded as "computer law" in a narrow sense.
From the point of view of the practising lawyer this issue may seem to have a clear answer. Susan Colman elaborates on it in her article titled "Practising Computer Law". Susan Colman belongs to the circle of computer law experts that may now be found in many countries. She once worked as a computer specialist in Stockholm when coincidence brought her in contact with the IRI. The incident gave her career a new turn which after some years led to law practice in Washington, D.C. specializing in computer law. But her Scandinavian contacts have always remained strong and her visits pleasantly frequent. In this article Colman chooses to discuss the clients' needs for legal expertise in computer law. One of the conclusions supported by her account is that specialist knowledge in this field takes time to acquire: it presupposes more than theoretical insights based on handbooks and checklists - in addition, insights into technology, programming and system design methods, the market for computers and data processing services etc. are more or less necessary attributes. Thus, even a discussion of the law of computation (lex computationis) in its practical setting reveals the interdisciplinary nature of the field.
The last-mentioned characteristic is further developed in the following two articles which also connect on to, above all, Burkert's contribution. Peter Seipel, who is professor of law and informatics at the University of Stockholm and also the director of the IRI, treats in a general way the disappearance of traditional paper documents. Two particularly important areas are singled out for more detailed treatment, viz. general laws on access to information held by public authorities and the regulation of various processes in commerce, administration, and transport where electronic messages are rapidly beginning to replace traditional paper-bound communication. The inquiry is carried further to a general discussion of the notion of "legal system management which Seipel views as one of the key sub fields of law and informatics. Briefly, legal system management has to do with the design, development, standardization, maintenance, and control of information processing systems so as to ensure that they are compatible with general legal requirements and can also fulfil specific, area-dependent legal functions. According to the view advocated in the article, the concept of legal system management constitutes an important part - perhaps the most important part - of the intersection between the two classical domains of law and informatics, viz. information law (lex computationis) and the application of information technology to the law (computatio legis).
Further support for such a view may be found in the contribution by Cecilia Magnusson where a number of fundamental connections between law and automation are treated. Magnusson is attached as research associate to the IRI and is presently about to complete her doctoral thesis on automation in public administration. Her article deals with a number of fundamental issues associated with automation in contexts where legal norms are created and applied. For example; how can or how should legal sources of different nature and formal standing be taken into consideration and integrated into the system development process when decision-making in the administration is to be automated? Magnusson examines issues of this kind which are all related to what she chooses to call "a new legal infrastructure". The discussion, thus, serves as a suitable bridge to the next set of articles which all deal with various aspects of this new infrastructure but which treat it primarily from the viewpoint of use, representation, and retrieval of legal sources.
COMPUTATIO LEGIS
Peter Blume is lecturer in law at the University of Copenhagen. He is one of the leading Danish specialists in law and informatics and in his numerous writings he has treated many of its central topics, including privacy protection and computer contracts; his doctoral thesis "From Speech to Data"(6) deals with the general problem of understanding how the dissemination of information about legal rules is related to different kinds of communication technologies and forms of human communication. His present contribution also addresses this problem. Among other things, it serves as a reminder that law and informatics has both a long and a short perspective. The long perspective is - for obvious reasons - not so occupied with the particular issues raised by the use of information technology. Instead, it attempts to bring up issues of access to the sources of the law, the quality of legal decisions, the rule of law etc. in the light of the long history of social steering by legal means. From this point of view, law and informatics may be seen as an offshoot of the traditional disciplines of legal history and general theory of law.
A similar comment could be made about Peter Wahlgren's article. Peter Wahlgren is attached to the IRI as research associate and is working on a doctoral thesis on law and artificial intelligence. His work so far has involved both theoretical inquiries and design of a number of small scale, experimental knowledge-based systems intended to support different kinds of legal decision-making.(7) The present paper deals with the legal reasoning process in a markedly general way. It attempts to distinguish various elements of legal professional knowledge, such as the ability to bring together "norm fragments" from diverse legal sources and to skilfully apply "meta norms" when interpreting vague concepts in legal texts. The description is of evident general interest and can without difficulty be fitted into a traditional legal discourse of a well-known kind. At the same time it may be seen as an attempt to create a necessary basis for attempts to develop advanced computerized tools for legal problem solving.
The latter aspect is even more salient in professor Jon Bing's contribution. As mentioned earlier, Jon Bing, is one of the cofounders of the Norwegian Research Center for Computers and Law. He holds a chair in law and informatics at the Oslo University and is internationally well-known for his numerous and eminent contributions to the field. In this paper Bing elaborates on the notions of decision processes and information systems and uses them to closely examine the interpretation of vague legal concepts. Above all, this leads to a discussion of practical and theoretical limits to formalization of legal knowledge and, not least, of the possibilities of creating models of legal reasoning which may be used in computers. One common characteristic of such "reasoning" models is that they should be capable of determining the similarity or closeness between different cases or situations. As Bing's article indicates, this leads to a discussion of different methods of formalization and thereby serves as yet another reminder of the interdisciplinary nature of law and informatics.
The issue of interdisciplinarity may be said to characterize the last contribution to the collection. Its author is Benny Brodda, associate professor in computational linguistics at the University of Stockholm. Brodda has for many years co-operated with the IRI in various projects involving legal text processing and legal text retrieval. He is particularly involved in creating computerized methods for text processing and text analyses which are suited to large volumes of text – megabytes and gigabytes rather than the tiny samples that often occupy linguists. Here he describes a suggested mathematical method for finding documents similar to the one or ones retrieved; in short an automated procedure to generate an answer to the query: "gimmie more o'that!" Thus, the problem is akin to the one taken up by Bing - to design procedures for finding similar items. However, Brodda's discussion is mathematicary deeper and it may safely be assumed that many readers of this book will find it easier to grasp the general ideas behind it than the detailed format reasoning suggested by Brodda. Thus, if the introductory article on data protection laws served as a natural and uncontroversial entrance into the study of law and informatics, one may say that Brodda's article can equally well serve as an exit - whether natural and uncontroversial remains to be discussed. It does, however, suggest a border, viz. a border where methods and results begin to be imported from neighbouring sciences such as computational linguistics rather than being independently developed by law and informatics experts themselves.
DATA INSPECTORATES AND LEGAL KNOWLEDGE REPRESENTATION
To conclude, let us return to the issue of embarras de richesse.
It may be maintained that the broad spectrum of issues treated in the articles that follow should be split into at least two distinct groups: legal regulation of information technology and methodological issues concerning legal uses of information technology. The radical version of this view implies that data inspectorates have nothing to learn about representation of legal knowledge.
This view has at least two weaknesses:
(a) A full understanding of many regulatory matters is not possible if computerized information systems are treated as (legal) black boxes. For example, to the extent that we wish to discuss regulatory aspects of automated administrative decisions (cf. Selmer, Flaherty, Magnusson) it is also necessary to have a pretty clear and constructive idea about, for example, modern decision support systems in terms of "knowledge engineering" and system design principles and problems (cf Wahlgren, Bing). And the "electronic document" is neither an isolated legal matter nor a pure technical invention. Its nature and legal consequences may be fully understood only through a combined legal/technical discussion combining regulatory and methodological aspects (cf Burkert, Seipel).
(b) It is my personal view that it is in the very center of law and informatics that we find the combinations of substantive legal aspects and methodological issues. From this point of view certain "pure" regulatory issues as well as certain "pure" methodological issues may well be considered peripheral and their study less relevant for the development of the paradigms of law and informatics. Consider, for example, the issue of taxation of computer equipment and programs and the issue of how to construct a multi-purpose utility program suited to legal work.
The viewpoints above should not be pressed too far. But neither should the attempt to streamline the study of law and informatics into a narrow study of how computers may be applied in the field of law. On the contrary, the richness of law and informatics ought to be regarded as a challenge both to develop the complex kind of interdisciplinary expertise that its study presupposes and to keep working on paradigms and research strategies.
(*) Prof. Peter Seipel, editor. Computer/Law series 5. Deventer, The Netherlands. Kluwer Law and Taxation Publishers 1990.
(1) In the autumn of 1968 the Faculty of Law of the University of Stockholm formally decided to create a small body devoted to the study of "computers and law". From this rather humble beginning the activity has grown into one of the major specialized research institutes of the law faculty. A description of the current work and organisation of the Institute is appended. See pp. 271-282.
(2) I am aware of the lack of an internationally accepted name for the field (and often troubled by it). "Informatics" is not a very good English term but its equivalents in many other European languages ("informatique", "Informatik", "informatica", "informatikk" etc) appear to be quite accepted. The uncertainty about the name of the field reflects the remaining uncertainty about its scope and structure. To some extent, it is this uncertainty which the Introduction addresses.
(3) Det goda kunskapssamhället. Peter Wahlgren, editor. IRI-rapport 1988:5. Stockholm: Institutet för rättsinformatik 1988.
(4) See David H. Flaherty, Protecting Privacy in Surveillance Societies: The Federal Republic of Germany, Sweden, France, Canada, and the United States. Chape Hill: North Carolina Press 1989.
(5) Freedom of Information and Data Protection. A joint Research Programme between ADI, GMD and NCC sponsored by the Commission for the European Communities and National Governments. Bonn: GMD 1983.
(6) In Danish: "Fra tale til data" (with an English summary). Copenhagen: Akademisk Forlag 1989.
(7) See for details the references appended to Wahlgren's article.