Normative Systems: the meeting point between Jurisprudence and Information Technology? - A position paper

It is argued that there are many concepts and methods in common between policy systems used in Information Technology and Jurisprudence, i.e. legal theory. These concepts are found in the research area of ‘normative systems’ which encompasses them and provides a framework for unifying research. It is further argued that advantages can be accrued to both research areas by favoring interchanges of methods and principles in this unifying framework. A distinction is made between norms in rule style and norms in requirements style. Issues of completeness, consistency and conflicts are considered. Concepts that are useful in this research area include defeasible logic and ontologies. Useful tools are theorem provers and model checkers. 1. Background and Motivation This paper presents the view that legal methodology, Jurisprudence, has many issues and concepts in common with software methodology. There is much that can be learned in both fields by a process of conceptual osmosis, or even convergence. This process will be encouraged by the fact that the behavior of computational agents is increasingly acquiring legal significance. There are several areas in which this is happening: e-business (including e-contracts and security) and IT governance. In these areas, it might even become desirable that laws can be formally translated into computer programs, or that the correspondence of an IT policy with law can be formally audited. For example, a law on privacy may have to be implemented in a set of policies in a language such as XACML [17]. This set of policies may have to be checked for conformance with the law. As the law changes, the XACML policies may have to be changed as well. A force acting in the converse direction is provided by the fact that computer networks are becoming like social systems, with their own internal norms [19]. At the same time, just as in IT software to help create systems of policies is being developed, in the area of jurisprudence legislative drafting systems are being developed [12]. XML is commonly used for syntactic support of both kinds of systems, however for now formal semantics and semantic validation are not primary goals in either field. Surely, developing the necessary formal models is a long-range research task in both areas. Motivated by these developments, this paper hinges on the view that information systems policies and legal systems have much in common, in fact are special cases of normative systems. We identify a rule style and a requirement style in both areas. Issues of completeness and consistency are discussed in relation to these two styles. Several concepts and tools of common interest are briefly discussed. It is important to note that we are not claiming to address all aspects of the systems we are discussing. Legal systems are extremely complex and have aspects that are quite difficult to formalize in any logic or any formal theory, since they have their roots in sociology, history, psychology, ethics and politics [9, 15]. Information systems policies are of many different types for many different applications, but they are all formalized because they are executed by machines. In order to identify similarities, we will schematize and simplify. However we claim and we shall show by examples, that there are common concepts for expressing and analyzing some aspects of these systems. From a Jurisprudence point of view, we are taking a formalistic approach by which laws are seen as having their own self-contained meaning as pure logical statements, outside of consideration of political, sociological, or moral nature. We recognize of course that these considerations exist and open the way to other types of discussion. 2. Normative systems In 1993, Jones and Sergot wrote: [8] “The general position which we here develop and illustrate is that---at the appropriate level of abstraction---law, computer systems, and many other kinds of organisational structure may be viewed as instances of normative systems. We use the term to refer to any set of interacting agents whose behaviour can usefully be regarded as governed by norms. Norms prescribe how the agents ought to behave, and specify how they are permitted to behave and what their rights are. Agents may be human individuals or collections of human individuals, or computer systems or collections of computer systems. Normative systems include systems of law, abstract models of computer systems, and hybrid systems consisting of human and computer agents in interaction.” We subscribe to this view, with two exceptions. First of all, are normative systems sets of interacting agents (legal institutions), or sets of norms? This question has been extensively debated in philosophy of law and therefore it should be avoided if possible. In this paper, we are mostly interested in sets of norms. Second, this view characterizes norms in terms of the deontic concepts of obligation (‘ought to’) and permission. This is a very common view, endorsed by the best authorities [9]. However in Section 3 we will see that normative systems can exist without deontic concepts. There are few attempts to define formally norms and normative systems. Most of these attempts take a limitative view, based on specific formalisms. A much-cited book by Alchourron and Bulygin [1], which claims application to social sciences only, loosely defines norms as statements that relate cases to solutions. As in Jones and Sergot, the solutions are expressed in deontic forms. We shall take the broad view that normative systems are man-made systems of logical statements, the norms, which relate facts to intended consequences. Their intention is to regulate the functioning of sets of interacting agents. Although they may be expressed in deontic terms, the norms can be translated into fact-consequence form. In this sense, normative systems are similar to rule-based systems. We shall see that the systems in this very general class have some common characteristics that are worth comparing and discussing. The similarities thus recognized can lead to the use of common principles and methods across different types of normative systems. Examples of policy systems encountered in information technology, and to which we will make further reference below, are: • Firewalls and routers • Telecommunications features, call control • Information access control systems (e.g. language XACML) • Security models (Bell-LaPadula, Chinese Wall, RBAC...) • Web services orchestration and choreography (e.g. language BPEL) • E-commerce policies and contracts, service-level agreements 3. Norms that are simple rules As biologists can learn much by studying elementary life forms, we can learn much by studying elementary normative forms. The Hammurabi code, written about 3,700 years ago, contains norms such as this: “If any one steals cattle or sheep, or an ass, or a pig or a goat, if it belong to a god or to the court, the thief shall pay thirty fold; if they belonged to a freed man of the king he shall pay tenfold; if the thief has nothing with which to pay he shall be put to death.” This can be recognized as written in the well-known ECA: format which is widely used in data bases, agent systems, etc. [18]: Event = any one steals cattle or sheep, or an ass, or a pig or a goat Condition = if it belong to a god or to the court Action = the thief shall pay thirty fold The Hammurabi code is an early example of coherence in legislative style, since it consists of about 300 articles which are almost all written in format, another witness of the greatness of the Babylonian culture. On the IT side, let us consider firewalls: DROP all -nuisance.com anywhere This is a rule in a Linux router to drop packets having any (“all”) protocol that come from node “nuisance.com” and go anywhere. This rule is again in the format , although the condition is empty (conditions compare the incoming events with facts that are known in the context, such as the time of occurrence, or the concepts of ‘god’ or ‘court’ in the previous example, which presumably are known in an implicit contextual ontology). These examples show that, in spite of prevalent opinion to the contrary, normative systems can exist without deontic concepts. In fact, we conjecture that all normative systems can be expressed as sets of rules in the ECA format, although this representation may not be finite. 4. Norms in the deontic context A commonly held view of norms interprets them in a deontic context, for which deontic logic is a frequently used formalization [14]. Deontic logic is a type of modal logic that uses modalities such as permitted and obligatory, which are mutually related by relationships such as: obligatory A = not permitted not A = forbidden not A In this interpretation, the Hammurabi norm above creates an obligation to pay thirty fold; the firewall norm creates an obligation to drop all nuisance.com packets. An early example of legal system that is explicitly based on deontic concepts is Moses’ law: Thou shalt not steal In other words, it is forbidden to steal. In this normative style, we gain abstraction, since the brief statement just given covers a dozen articles of the Hammurabi code, but we lose specificity: what happens if one steals? How is this norm enforced? In software engineering terminology, one could think of a compilation of the Moses Code into Hammurabi terms, or of a reverse engineering of the Hammurabi code into Moses terms. In IT one encounters deontic statements as part of documentation, or in the statement of requirements. For example, a policy in a hospital could be: The accounting department shall not have access to the parts of a patient’s record that deal with health history This requirement will be translated in terms of rules, e.g. if an employee of the accounting department attempts to access certain fields in the patient’s record, the request will be blocked. High-level languages that allow the direct expression of such requirements are becoming available, but eventually they must be translated into rules. Obligations can be specified in several policy languages for computing systems (notably access control [17] and business-to-business languages [13] ), however in this context they don’t seem to have the same meaning. In the computing context, to say that a behavior is forbidden simply means that it will not take place. To say that a behavior is compulsory means that it will take place if the conditions are verified. It could be claimed that such obligations or permissions are in fact rules. Therefore, there is a difference between the meaning of deontic modalities in law and in IT policies, difference that must be resolved before we can use such concepts interchangeably in the two domains. It is our view that, although modal logics have been used extensively in both Computing and Jurisprudence, the tendency to make them a ubiquitous paradigm should be resisted, because they add a level of complexity while many types of analysis can be done without them. 5. Rules and requirements We have therefore identified two normative styles: • The rule style (of which examples are the Hammurabi and the firewall style) • The requirements style (of which an example is the Moses style) This is consistent with the distinction between requirement and implementation in software methodology. The deontic style specifies requirements to be implemented by means of rules, just as software specifications must be implemented by means of programs. The distinction between ‘rules’ and ‘principles’ in legal theory is explored in [24]. This paper makes the point that rules and principles are the extremes of a spectrum, rather than two essentially different normative styles. This is reasonable, however we contend that in a well-structured normative system these two types of norms should be clearly identified and separated. There are of course many other normative styles, including styles that have a place between the two identified above, and others whose interpretation and classification could be the subject of endless discussion. However as mentioned we shall schematize and reason in terms of these two styles. 6. Common research topics Within this framework, there are several research topics that are equally relevant in the areas of law and in the area of policy systems in IT. In these topics, common methods can be used. These are the topics of Completeness, Consistency, and Conflicts. In law, as in software methodology, questions of completeness and consistency can arise: • Between rules • Between requirements • Between rules and requirements These questions may be difficult to answer because of logical interrelationships among norms. In an access control system, there may be a rule stating that only executives can access budget information, as well as definitions from which it is possible to deduce that receptionists are not executives, so it will be possible to conclude that receptionists cannot access budget information. This derived rule can be inconsistent with respect to others, or can fill an apparent gap.