Section: Scientific Foundations

Formal methods as a link between ICT and law

Beyond their many differences, ICT and law share a strong emphasis on formalism. This commonality is not without reason: in both cases formalism is a way to avoid ambiguity and to provide the required level of rigour, transparency, and security. As an illustration, L. Fuller in his book “The morality of law”  [13] puts forward the following distinctive features of a legal system: (1) set of rules (2) without contradiction (3) understandable (4) applicable (5) predictable (6) publicized and (7) legitimate. Even though they were obviously not proposed with such a comparison in mind, it is interesting to note that, among these features, the first five are also often used in computer science to characterize a good software specification.

As far as software is concerned, the fact that both disciplines refer to the word “code” is not insignificant and the explorations of the commonalities can be very fruitful (and not only from a theoretical perspective). Indeed, there are many situations where the frontier between the two notions seems to be blurring  (Lawrence Lessig refers to East Coast Code and West Coast Code to denote respectively law and software code  [16] ). Just to take a few examples:

• Software contracts typically incorporate references to technical requirements or specifications which can be used, for example, to decide upon acceptance of the software by the customer or validity of an error correction request. In case of litigation, such specifications can also be used by the judges since they form part of the contract executed by the parties. In this perspective, the contract can thus be seen as an extension of the technical specification including further requirements such as use rights, delivery schedule, warranty, and liability.

• Several languages have been proposed to express privacy policies (e.g. P3P by the W3C Consortium and EPAL by IBM); they are used by some commercial sites and can be handled by popular browsers such as Mozilla Firefox or Internet Explorer. The policies published by these sites can be used both by software code - checked by browsers or enforced by Privacy Enhancing Technologies (PET) - and by judges, possibly interpreting them as commitments on the privacy policy of the company.

• The DRM technologies are supposed to implement legal provisions and contractual commitments about the use of digital content such as music or video.

• More and more transactions are performed on the basis of electronic contracts (SLA: Service Level Agreements for Web and grid services, electronic software licenses, e-commerce contracts, etc.).

In fact, the convergence has developed so much that legal experts have expressed worries that “machine code” might more and more frequently replace “legal code”, with detrimental effects on consumers. This topic has stirred up a series of discussions and publications in the legal community  [15] , [16] , [18] and is bound to remain active for quite a long time. Indeed, the implementation of contractual commitments by computer code raises a number of issues such as the lack of flexibility of automated tools, the potential inconsistency between computer code and legal code, the potential errors or flaws in computer code itself or the respective roles of human beings and computers in the process.

The position taken in Licit is that the first step for a fruitful and useful exploration of the relationships between legal and software code is the definition of a formal framework for expressing the notions at hand, understanding them without ambiguity, and eventually relating or combining them.