Abstract
Information systems are increasingly distributed and pervasive, enabling organizations to deliver remote services and share personal information, worldwide. However, developers face significant challenges in managing the many laws that govern their systems in this multi-jurisdictional environment. In this paper, we report on a computational requirements document expressible using a legal requirements specification language (LRSL). The purpose is to make legal requirements open and available to policy makers, business analysts and software developers, alike. We show how requirements engineers can codify policy and law using the LRSL and design, debug, analyze, trace, and visualize relationships among regulatory requirements. The LRSL provides new constructs for expressing distributed constraints, making regulatory specification patterns visually salient, and enabling metrics to quantitatively measure different styles for writing legal and policy documents. We discovered and validated the LRSL using thirteen U.S. state data breach notification laws.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Allen, L.E., Saxon, C.S.: Better language, better thought, better communication: the a-hohfeld language for legal analysis. In: 5th Int’l Conf. AI & Law, pp. 219–228 (1995)
Biagioli, C., Mariani, P., Tiscornia, D.: ESPLEX: A rule and conceptual model for representing statutes. In: Proc. 1st Int’l Conf. AI & Law, pp. 240–251 (1987)
Bourcier, D., Mazzega, P.: Toward measures of complexity in legal systems. In: Int’l Conf. AI & Law, pp. 211–215 (2007)
Breaux, T.D., Antón, A.I.: Analyzing Regulatory Rules for Privacy and Security Requirements. IEEE Transactions on Software Engineering 34(1), 5–20 (2008)
Breaux, T.D., Antón, A.I., Doyle, J.: Semantic parameterization: a process for modeling domain descriptions. ACM Trans. Soft. Engr. Method. 18(2), 5 (2008)
Breaux, T.D., Vail, M.W., Antón, A.I.: Towards compliance: extracting rights and obligations to align requirements with regulations. In: 14th IEEE Int’l Req’ts Engr. Conf., pp. 49–58 (2006)
Breaux, T.D.: Exercising due diligence in legal requirements acquisition: a tool-supported, frame-based approach. In: IEEE 17th Int’l Req’ts Engr. Conf., pp. 225–230 (2009)
Breaux, T.D.: Legal requirements acquisition for the specification of legally compliance informaiton systems, North Carolina State Univ. Ph.D. thesis (2009)
Bench-Capon, T.J.M.: Deep models, normative reasoning and legal expert systems. In: Proc. 2nd International Conference on Artificial Intelligence and Law, Vancouver, British Columbia, Canada, pp. 37–45 (1989)
Corbin, J., Strauss, A.: Basics of Qualitative Research, 3rd edn. Sage Pubs (2008)
Dardenne, A., Fickas, S., van Lamsweerde, A.: Goal–directed requirements acquisition. Sci. Comp. Prog. 20, 3–50 (1993)
Dulac, N., Viguier, T., Leveson, N., Storey, M.-A.: On the use of visualization in formal requirements specification. In: IEEE Joint Int’l Conf. Req’ts Engr., pp. 71–80 (2002)
Fraser, M.D., Kumar, K., Vaishnavi, V.K.: Informal and formal requirements specification languages: bridging the gap. IEEE Trans. Soft. Engr. 17(5), 454–466 (1991)
Fuxman, A., Liu, L., Mylopoulos, J., Pistore, M., Roveri, M., Traverso, P.: Specifying and analyzing early requirements in Tropos. Req’ts Engr. Journal 9(2), 132–150 (2004)
Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Modeling security requirements through ownership, permissions and delegation. In: IEEE 13th Int’l Req’ts Engr. Conf., pp. 167–176 (2005)
Greenspan, S., Mylopoulos, J., Borgida, A.: On Formal Requirements Modeling Languages: RML Revisited. In: 6th IEEE Int’l Soft. Engr. Conf., pp. 1–13 (1994)
Glinz, M., Berner, S., Joos, S.: Object-oriented modeling with ADORA. Info. Sys. 27, 425–444 (2002)
Hohfeld, W.N.: Some fundamental legal conceptions as applied in judicial reasoning. The Yale Law Journal 23(1), 16–59 (1913)
Lauritsen, M., Gordon, T.F.: Toward a general theory of document modeling. In: Int’l Conf. AI & Law, pp. 202–211 (2009)
Levene, A.A., Mullery, G.P.: An investigation of requirement specification languages: theory and practice. IEEE Computer 15(5), 50–59 (1982)
Massey, A.K., Anton, A.I.: Triage for legal requirements. NCSU Technical Report #TR-2010-22 (October 11, 2010)
Maxwell, J., Anton, A.I.: Developing production rule models to aid in acquiring requirements from legal texts. In: IEEE 17th Int’l Req’ts Engr. Conf., pp. 101–110 (2009)
Maxwell, J., Anton, A.I., Swire, P.: A legal cross-references taxonomy for identifying conflicting software requirements. In: IEEE 19th Int’l Req’ts Engr. Conf., pp. 197–206 (2011)
Martinek, J., Cybulka, J.: Dynamics of legal provisions and its representation. In: Int’l Conf. AI & Law, pp. 20–24 (2005)
Mernik, M., Heering, J., Sloane, A.M.: When and how to develop domain-specific languages. ACM Computing Surveys 37(4), 316–344 (2005)
Mylopoulos, J., Borgida, A., Jarke, M., Koubarakis, M.: Telos: representing knowledge about information systems. ACM Trans. on Info. Sys. 8(4), 325–362 (1990)
Romanosky, S., Telang, R., Acquisti, A.: Do data breach disclosure laws reduce identity theft? In: W’shp Econ. of Info. Sec. (WEIS), June 25-28 (2008)
Rubinstein, I.: Privacy and Regulatory Innovation: Moving Beyond Voluntary Codes. I/S: A Journal of Law and Policy for the Information Society (April 2011) (in press)
Sergot, M.J., Sadri, F., Kowalski, R.A., Kriwaczek, F., Hammond, P., Cory, H.T.: The British Nationality Act as a logic program. Communications of the ACM 29(5), 370–386 (1986)
Sergot, M.: A computational theory of normative positions. ACM Transactions of Computational Logic 2(4), 581–622 (2001)
Siena, A., Jureta, I., Ingolfo, S., Susi, A., Perini, A., Mylopoulos, J.: Capturing variability of law with Nomós 2. In: 31st Int’l Conf. Conc. Mod., pp. 383–396 (2012)
Stamper, R.K.: LEGOL: Modelling legal rules by computer. In: Proc. Advanced Workshop on Computer Science and Law, pp. 45–71 (September 1979)
Wasson, K.S.: A case study in systematic improvement of language for requirements. In: Proc. IEEE 14th Int’l Req’ts Engr. Conf., pp. 6–15 (2006)
Winkels, R., Boer, A., de Maat, E., van Engers, T., Breebaart, M., Melger, H.: Constructing a semantic network for legal content. In: Int’l Conf. AI & Law, pp. 125–132 (2005)
Yin, R.K.: Case study research, 4th edn. Applied Social Research Methods Series, vol. 5. Sage Publications (2008)
Yu, E.: Modeling organizations for information systems requirements engineering. In: Int’l Symp. Req’ts Engr., pp. 34–41 (1993)
Zave, P., Jackson, M.: Four dark corners of requirements engineering. ACM Trans. Soft. Engr. & Method. 6(1), 1–30 (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Breaux, T.D., Gordon, D.G. (2013). Regulatory Requirements Traceability and Analysis Using Semi-formal Specifications. In: Doerr, J., Opdahl, A.L. (eds) Requirements Engineering: Foundation for Software Quality. REFSQ 2013. Lecture Notes in Computer Science, vol 7830. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37422-7_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-37422-7_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-37421-0
Online ISBN: 978-3-642-37422-7
eBook Packages: Computer ScienceComputer Science (R0)