Collaborative Research: DASS: Legally Accountable Cryptographic Computing Systems (LAChS)
Massachusetts Institute Of Technology, Cambridge MA
Investigators
Abstract
Society is having a hard time governing digital systems, and poorly governed systems lead to gaps in society's willingness to trust these systems with sensitive or high-priority tasks. Part of this challenge arises from the fact that law and software address rules and behavior at very different levels of detail. Laws must be general in their application and thus leave interpretation and detailed requirements to the discretion of software developers. This leaves software developers, who cannot be expected to be legal experts, having to decide what is the proper technical design to comply with often-complex legal rules. For example, when a privacy law such as the General Data Protection Regulation (GDPR) requires that users have a right to delete their data, does that mean all data, including backups? Without clear answers to such questions, developers can’t be confident that they have successfully complied with legal requirements, and then the public who uses these systems has little reason to trust them. This project's novelties are to introduce design patterns that help software developers assemble components reliably and purposefully, in the knowledge that they meet policy requirements effectively and thus warrant the confidence of the public. The project's impact benefits society in two ways. First, by closing the abstraction gap between law and systems, methods and tools developed in this project help software developers build systems that comply with legal obligations. Second, the project furthers the development of a research community in computer science and law. The LAChS (pronounced "lox") project makes two contributions toward better understanding of how to build accountable software systems. First, policy concepts allow software developers to identify the functional aspects of systems they are developing in order to assess whether the functions of the system are consistent with the policy constraints associated with the computations they are performing. Along with policy concepts, the project introduces policy standards -- functional descriptions of the requirements of law. Together, policy concepts and policy standards provide a software-engineering framework through which developers can more easily build systems that are accountable to legal requirements. Second, the project develops an integrated legal-technical methodology for assessing the accountability properties of a system with respect to a set of legal requirements. Prior work has generally sought to define accountability solely as a property of information systems. The project shows that a full understanding of accountability requires considering the properties of both law and computing systems. In sum, this research is premised on the view that, with respect to key societal priorities such as privacy, the law has actually made considerable progress in defining key rights for the digital, while underlying technology is still struggling to adapt to these challenges. Thus the project aims to bring more clear abstraction, modularization and composability to legal and technical methodologies in order to better meet these challenges. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →