Legal Layer of the Stack
From IIW
Attendees:
- Scott David (Convener)
- J. Trent Adams (Scribe)
- Judith Bush
- Rick Smith
- Julie Martin
- Mawaki Chango
- Mason Lee
- Steve Greenberg
Session Objectives:
- Overview of concepts relating to legal/technology interfaces of identity
- Identify potential useful work to "Map the Gap" between technology and law/regulation
- Feed session results into a "Map the Gap" event planned for technologists and lawyers in Washington DC scheduled for February, 2010
General Discussion:
- Linked information systems are "porous"
- it is possible for data to be shared beyond the intended acquisition
- Rapid technical innovation accelerating rate of information exchange
- Law and culture lag behind technology advancement
- Lawyers aren't in the business of predicting the future
- Question of how to manage for "social" stability
- Technology supports what are essentially "social" interactions / transactions
- Business systems (driven by technology) require people to function
- Interactions between people are codified by agreements (convention and contractual)
- Interfaces between people are codified by legal agreements
- "Lawyers are in the people-programming business" - Scott David
- Part of effectively "mapping the gap" involves both technologists and lawyers
- People need to understand both the technologies and laws
- corollary: people need to understand technologists and lawyers
- corollary: technologists and lawyers need to understand people (their needs & wants)
- corollary: technologists and lawyers need to understand each other
Identified Needs:
- Common nomenclature and/or translation scheme
- Agreements for technology interoperability
- Agreements for data-sharing interoperability
- Guidelines for:
- Effective interaction (technical and operational)
- Violation monitoring / handling
- Mitigation responses
- Dispute resolution
- Identifying cross-jurisdictional issues
- Research & Evaluate Existing International Work:
- Policies and regulations (legal)
- Recommended guidelines (consortia)
- Best practices (technology)
Next Steps:
- Identify pain points
- Potential solutions for the pain:
- Taxonomy / common terminology across legal/technology gap
- Scenario planning to understand long-range needs
- Simple "test case" solution as starting point
- E.g. Legal boiler plate defining the Attribution - Authentication - Authorization process in line with OMB 04-04 and NIST SB 800-63