Papers by Lyria Bennett Moses
Social Science Research Network, 2021
Submission on Australia's cyber security regulations and incentives About us The UNSW Allens Hub ... more Submission on Australia's cyber security regulations and incentives About us The UNSW Allens Hub for Technology, Law and Innovation ('UNSW Allens Hub') is an independent community of scholars based at UNSW Sydney. As a partnership between Allens and UNSW Law, the Hub aims to add depth to research on the diverse interactions among technology, law, and society. The partnership enriches academic and policy debates and drives considered reform of law and practice through engagement with the legal profession, the judiciary, government, industry, civil society and the broader community. More information about the UNSW Allens Hub can be found at http://www.allenshub.unsw.edu.au/. Question 5: What is the best approach to strengthening corporate governance of cyber security risk? Why? We prefer option 2 and make some suggestions as to how identified challenges can be managed. Question 6: What cyber security support, if any, should be provided to directors of small and medium companies? In addition to information and guidance, small and medium enterprises should be given financial incentives and practical support to take additional cyber security measures. Question 7: Are additional education and awareness raising initiatives for senior business leaders required? What should this look like? Relevant and high-quality education initiatives are required to support business leaders to prioritise investment in cyber security and to bring about the adoption of security culture across organisations from the top, in the same way the adoption of safety culture by leadership has uplifted transport and occupational safety. Question 8: Would a cyber security code under the Privacy Act be an effective way to promote the uptake of cyber security standards in Australia? If not, what other approach could be taken? It is a viable option to include a cyber security code under the Privacy Act and give concrete criteria for APP 11, but there are issues to consider and address should this be the preferred approach. Note that the 'cyber security code' could be a requirement to comply with internationally recognised standards. Question 9: What cost effective and achievable technical controls could be included as part of a code under the Privacy Act (including any specific standards)? While we make some specific suggestions here, our preference is for adoption of international standards. In that context, our suggestions could be factored into a broader standards development process. Question 11: What is the best approach to strengthening the cyber security of smart devices in Australia? Why? The status quo is inadequate; we suggest a better approach. Question 12 Would ESTI EN 303 645 be an appropriate international standard for Australia to adopt as a standard for smart devices The Department should consider a choice of standards, including but additional to ETSI EN 303 645. Additionally, the Department should consider the appropriateness of network-level security standards. Question 14: What would be the costs of a mandatory standard for smart devices for consumers, manufacturers, retailers, wholesalers and online marketplaces? Are they different from the international data presented in this paper? When considering this question, associated costs should be levelled against the prospect and scale of future harms. Question 16: What is the best approach to encouraging consumers to purchase secure smart devices? Why? Labelling may be helpful in encouraging consumers to become aware of cyber security in relation to smart devices, and consequently improving their purchasing choices in this area, but this is only a small part of a solution. Question 17: Would a combination of labelling and standards for smart devices be a practical and effective approach? Why or why not? Labels and standards are unlikely to be sufficient in themselves without some form of mandatory implementation.
SSRN Electronic Journal, 2021
SSRN Electronic Journal, 2021
Social Science Research Network, 2020
Governments are increasingly relying on algorithms to automate decision-making in diverse areas, ... more Governments are increasingly relying on algorithms to automate decision-making in diverse areas, including social welfare, criminal justice, healthcare, law enforcement and national security. This chapter sketches the way in which algorithms are or may be used across the spectrum of government decision making-from the drafting of legislation, to judicial decision making, to the implementation of laws by the executive branch. Then, based on scholarship in the field and our own empirical, doctrinal and theoretical work, the chapter examines the rule of law values affected by automated government decision making systems and the legal and practical issues that the implementation and supervision of such systems may pose in practice.
SSRN Electronic Journal, 2021
SSRN Electronic Journal, 2021
Social Science Research Network, 2020
SSRN Electronic Journal, 2021
This submission to the Australian Department of Home Affairs argues that: • The scope of what con... more This submission to the Australian Department of Home Affairs argues that: • The scope of what constitutes a critical infrastructure asset should be narrowed to ensure proportionality with respect to the grant of government powers contemplated by the Bill. • In deciding what is a critical infrastructure asset, it is important to understand network interactions; dependencies are relevant in determining which components are critical.
Metric Culture, 2018
Abstract Since the 1980s, higher education institutions in many developed Western countries have ... more Abstract Since the 1980s, higher education institutions in many developed Western countries have been facing competition for resources, have undergone economic rationalisation, adopted a New Public Management style of performance management and aspired to meet global standards of quality. This chapter explores the self-tracking practices of academic institutions and workers as they negotiate a field that has moved away from a quality evaluation system based primarily on social reputation towards one based increasingly on quantified outcome indicators. Universities typically measure research performance not only in terms of quantity of outputs but also the ‘attention capital’ they receive, for example, the number of citations or awards and prizes. These metrics and the emphasis on attention capital generally encourage a culture of competition rather than collaboration, while promoting the ‘celebrification’ of academic life. We argue that this trend has been intensified by technologies that gamify research achievements, continuously update citation and ‘read’ counts, and promote networked reputation. Under these conditions, academic institutions and workers have attempted to pursue a variety of positioning strategies that represent different degrees of conformity, resistance and compromise to the power of metrics.
Tulane Law Review, 2020
Can technology be deployed to promote, or even guarantee, the rule of law? Can the rule of law be... more Can technology be deployed to promote, or even guarantee, the rule of law? Can the rule of law be designed into technological systems? The idea of achieving legal objectives through technology 'by design' is not new. However, it has been vividly revived in debates around systems such as blockchain, which has been proclaimed as the 'killer app for corruption'. Other technologies have been used to 'modernise' elections, with claims of improved transparency and reduced human error and fraud. Panoptic governance mechanisms such as China's Social Credit System promise a perfectly predictable, consistent, and equal enforcement of the law. Technology thus is increasingly presented as a tool for fostering rule of law values-a rule of law 'by design'. In this paper we ask whether technological solutions that embed rule of law values do in fact promote the rule of law. Using case studies and analysing current developments, we explore the extent to which the promise of technologies as a means of delivering on the rule of law hold up in practice and what they mean for the idea of a society ruled by law.
Review of Identity-Matching Services Bill 2019 and the Australian Passports Amendment (Identity-m... more Review of Identity-Matching Services Bill 2019 and the Australian Passports Amendment (Identity-matching Services) Bill 2019 Submission 27 About Us The Allens Hub for Technology, Law and Innovation ('the Allens Hub') is an independent community of scholars based at UNSW Sydney. As a partnership between Allens and UNSW Law, the Allens Hub adds breadth and depth to research on the diverse interactions among technological change, law, and legal practice. The partnership enriches academic and policy debates and drives considered reform of law and practice through engagement with the legal profession, the judiciary, industry, government and the broader community. More information about the Allens Hub can be found at http://www.allenshub.unsw.edu.au/. Genna Churches is a PhD candidate at UNSW Law. Her thesis, 'The Evolution of Metadata Regulation in Australia: From Envelopes and Letters to URLs and Web Browsing', focuses on the access to, and retention of, telecommunications metadata, questioning if historical parliamentary debates and legislation of analogous technologies, such as the post and the telephone, have informed the balance between privacy protections and other social objectives in current telecommunications legislation.
SSRN Electronic Journal, 2021
This Submission to NSW Department of Communities and Justice Inquiry into Privacy and Personal In... more This Submission to NSW Department of Communities and Justice Inquiry into Privacy and Personal Information Protection Amendment Bill 2021, focuses on aspects of the Bill on which our research can shed light and is limited to: 1. reasons why we support a Mandatory Notification of Data Breach Scheme (MNDB scheme); 2. a suggestion for reframing the “serious harm” threshold in the definition of “eligible” data breach; 3. a suggestion to incorporate reflection on the extent to which encryption is protective in section 59G(c); and 4. a suggestion to remove “date of birth” from section 59Q(1). Our submissions reflect our views as researchers and is not an institutional position of UNSW Sydney, Allens or any other organization.
SSRN Electronic Journal, 2021
In this submission, we invite the UN Special Rapporteur to emphasize the significance of core rul... more In this submission, we invite the UN Special Rapporteur to emphasize the significance of core rule of law values, such as transparency, accountability, predictability and consistency, and equality before the law in the context of technical assistance and capacity building in counter-terrorism efforts. The adherence to the rule of law values is particularly important as decisions involving individual liberty are increasingly automated, often providing little to no recourse to those impacted. We have written about automation of government decision-making, including in the law enforcement and national security context, and the implications of various automation techniques on the core values of the rule of law. We have analysed in detail how various automation techniques, using machine learning and/or expert systems, can undermine rule of law values. We also asked whether new technologies, such as blockchain, can promote the rule of law values. We believe our analysis can be helpful when considering rule of law and human rights implications in the context of technical assistance and capacity building in counter-terrorism.
SSRN Electronic Journal, 2020
This submission to the Parliamentary Joint Committee on Human Rights sets out how the Australian ... more This submission to the Parliamentary Joint Committee on Human Rights sets out how the Australian government’s scheme around the COVIDSafe app can better align with the human right to privacy. We recognise the app pursues a legitimate objective and that the Biosecurity (Human Biosecurity Emergency) (Human Coronavirus with Pandemic Potential) (Emergency Requirements—Public Health Contact Information) Determination 2020 (Cth) and exposure draft of Privacy Amendment (Public Health Contact Information) Bill 2020 provide important protections. Nevertheless, we make a series of recommendations that would improve the transparency of the scheme and better protect the privacy of those downloading and using the app.
Big Data & Society, 2018
Social phenomena-or the condition of society-may be ''seized indirectly when there is a slight ch... more Social phenomena-or the condition of society-may be ''seized indirectly when there is a slight change in one older association mutating into a slightly newer or different one'' (Latour, 2005: 36). The aim of this special issue is to trace mutations underway in those associations rendered or experienced in data and to probe some patterns that these changing ties draw. In particular, contributors to this issue reflect upon associations traceable in data that are of a juridical nature (or could be so understood), or that have salience for legal institutions and norms. This is something other than inviting consideration of ''problems'' that technology makes for law. It is something other, too, than thinking about whether law does or does not determine or reflect socio-technical practice, or vice versa, and how such law-technology correspondence might ''properly'' be maintained. Instead, contributors engage here in a collective experiment of envisioning data as vectors of lawful relations on the global plane, and at other scales. This is unfinished business for Big Data & Society. In this journal's opening issue, Rob Kitchin argued that ''the development of digital humanities and computational social sciences.. . propose radically different ways to make sense of culture, history, economy and society'' (Kitchin, 2014: 1). But what ''sense'' could ''Big Data empiricism,'' as Kitchin described it, make in, of and for global law and policy? This is among the questions that the contributors to this special issue take up. Neither digital technology nor law is pivotal to this inquiry, so much as their irrepressible leaking and morphing into would-be or could-be versions of the other. As paradigmatic a shift as the turn to epistemologies of Big Data might seem, making connections between these emergent epistemologies and ''older association[s],'' in Latour's words, is also an important task of this collection. Sheila Jasanoff traces, for instance, the history of the production of ''a panoptic viewpoint from which the entire diversity of human experience can be seen, catalogued, aggregated, and mined'' from the mid-20th-century, especially in the emergence of the ''global environment'' as an ''actionable object for law and policy.'' Naveen Thayyil likewise draws an analogy between change in weather and climatological studies from the 1960s onwards (from instrument reading techniques to computer modeling) and parallel shifts in approaches to risk regulation (from conventional risk assessment to precautionary approaches, the latter increasingly advanced through ''Big Data'' automation). Ben Hurlbut similarly connects ''scientifically authorized imaginations of future risk'' on the global plane to earlier incarnations of the ''republic of science'' assembled around pandemic risk since the 19th-century. Other contributions to this volume re-frame contemporary phenomena by reference to associations of more recent provenance: Sarah Logan analyses ''post 9-11 mass surveillance'' and the ''anxious information state'' it enshrines. Likewise,
SSRN Electronic Journal, 2019
The Allens Hub for Technology, Law and Innovation is a community of scholars at UNSW Sydney aimin... more The Allens Hub for Technology, Law and Innovation is a community of scholars at UNSW Sydney aiming to add breadth and depth to research on the interactions among law, legal practice and technological change in order to enrich scholarly and policy debates and enhance understanding and engagement among the legal profession, the judiciary, industry, government, civil society and the broader community. The views of those participating in this submission are our own, based on our research, and do not represent the official
University of New South Wales Law Journal, 2020
This article addresses the real impacts of conceptual confusion surrounding statutory language li... more This article addresses the real impacts of conceptual confusion surrounding statutory language linking entities and information for purposes such as privacy, freedom of information, archiving, policing and evidence laws. The idea of ownership of information (which is assumed in the statutory allocation of powers of control and responsibilities) is captured in a confusing miscellany of terminology that differs across jurisdictions and contexts. It uses the example of information sharing for law enforcement purposes as a case study to highlight the practical challenges inherent in the diverse and vague statutory language linking entities and information. It then proposes a new taxonomy for attributing responsibilities and powers with respect to information that is consistent with the ephemeral nature of the subject matter.
The Cambridge Handbook of the Law of Algorithms
Co-authored submission from the Allens Hub for Technology, Law, and Innovation, UNSW in response ... more Co-authored submission from the Allens Hub for Technology, Law, and Innovation, UNSW in response to the Joint Standing Committee on Electoral Matters Inquiry into the 2019 Federal Election. We make the following points: 1. Technological innovation in Australian elections is already underway. 2. Australia should exercise caution in how new technologies are deployed in our elections. 3. The use of new technology should be guided by principles that respect the role that elections play in Australia and recognise the dangers and opportunities posed by technological innovation.
University of New South Wales Faculty of Law Legal Studies Research Paper Series, 2020
Information sharing has become a central concern for security agencies since 9/11. Previous resea... more Information sharing has become a central concern for security agencies since 9/11. Previous research has identified a number of barriers to information sharing among agencies: a combination of lega...
Uploads
Papers by Lyria Bennett Moses
关键词:法治;自动化决策;法治价值观;专家系统;机器学习
作者简介:莫妮卡·佐尼鲁特(Monika Zalnieriute),新南威尔士大学法学院阿朗技术、法律与创新中心博士后研究人员;莉亚·本内特·摩西(Lyria Bennett Moses),教授、新南威尔士大学法学院阿朗技术、法律与创新中心主任;乔治·威廉姆斯(George Williams),教授、新南威尔士大学法学院院长
译者简介:廖建凯,湖南株洲人,法学博士,西南政法大学人工智能法学院教师
• The scope of what constitutes a critical infrastructure asset should be narrowed to ensure proportionality with respect to the grant of government powers contemplated by the Bill.
• In deciding what is a critical infrastructure asset, it is important to understand network interactions; dependencies are relevant in determining which components are critical.
This document summarises the views presented at a consultation on 30 July 2018 in writing, taking account of the subsequent discussion at that event and conferral with colleagues after the event.
One of the case studies in the article is the Australian robodebt system. The article makes several findings about that system, particularly in contrast to how automated systems have been rolled out in other nations. In implementing automated systems such as the robodebt program, our research concludes that governments should ensure that these systems adhere to the following principles:
- designed in full compliance with the law (which may require changes to the law before the implementation of the system);
- provide at all key points for human judgement and decision-making to ensure the system remains accountable and operates in accordance with community and ethical standards, and democratic structures;
- be transparent by enabling users to understand its operation, including wherever possible by allowing access to the algorithms and other code underpinning the system; and
- be accountable and facilitate due process by anticipating that the system will incorporate errors, and so provide clear public information and easy to access dispute resolution processes.
1. the scope of the inquiry, particularly the focus on ad tech markets in isolation; and
2. the role and use of data and, in particular, transparency in how suppliers deal with consumer and other data.
Our submissions reflect our views as researchers and are not an institutional position.
- A reference to accountability should be inserted into the Bill’s Objects. This would strengthen the functionality of existing safeguards and ensure accountability plays a central interpretive role.
- Private sector organisations seeking to use data for research should be required to prove a rigorous ethics process before being granted accreditation.
- Accreditation of foreign entities should be subject to proof that the relevant foreign country has a comparable privacy law framework. • A tiered roll out of the data scheme should be considered to ensure the mechanics of the Bill operate effectively and as expected.
- Clause 15(4) should be removed from the Bill. In the alternative, it should be expressly distinguished from other permissible purposes in the mandatory terms of the DSA to reflect its true relationship with enforcement related activities.
- Further, the definition of “enforcement related purpose” should be clarified.
- Details of interaction with other legislation should be published, ideally within the Bill.
- Requirements on termination of a project or suspension of an accredited entity should be specified.
- Transparency and accountability should be enhanced through additional language in privacy policies and a requirement for data scheme entities to raise complaints.
- The scope of guidelines be amended to cover data procurement and pre-processing.
The three sections of the submission correspond to research projects that the researchers had undertaken, in particular in relation to:
Part 1: Technologies and the Rule of Law;
Part 2: Thesis research, ‘The Evolution of Metadata Regulation in Australia: From Envelopes and Letters to URLs and Web Browsing’;
Part 3: Data to Decisions Co-operative Research Centre; Articulating law and policy principles for guiding Big Data usage for defence, national security and law enforcement purposes.
The submission focuses on aspects of the department's questions that intersect with the Hub and Society's research, as listed below:
• Objectives the Privacy Act (Question 1)
• Definition of personal information (Questions 2-5)
• Flexibility of the APPs (Question 6)
• Exemptions, at a high level, and then specifically in relation to employee records and media (Questions 7-19)
• Limiting information burden (Questions 24, 25)
• Consent (Questions 26-30)
• Inferred sensitive information (Questions 35, 36)
• Access, quality and correction (Question 45)
• Right to erasure (Questions 46, 47)
• Direct right of action and statutory tort (Questions 57-62)
• Legislative complexity (Questions 66-68)
We also believe broader questions ought to be asked in the course of the consultation, including:
• whether privacy law should be modelled on Europe’s General Data Protection Regulation (GDPR);
• whether privacy law can be drafted, or guidance given, to avoid “because of the Privacy Act” excuses for poor cyber security practices (such as requiring individuals to provide identifying information in phone calls to that individual);
• whether privacy law can be better designed to integrate with related and pre-existing areas of governance such as media law, social media regulation, and competition law;
• whether there can be a co-ordinated and more centralised regulatory structure – at present a number of regulators overlap, but often without adequate control or resources; and
• whether privacy law reform can be leveraged to reduce the ability of foreign actors to interfere in domestic elections and politics.
1. revise existing telecommunications data access and retention laws under the Telecommunications (Interception and Access) Act 1979 (Cth) (‘TIA Act’) and the Telecommunications Act 1997 (Cth) (‘T-coms Act’) for consistency with our international human rights obligations under the International Covenant on Civil and Rights (‘ICCPR’) and Convention on Cybercrime, both for IPOs and for domestic access;
2. delay the IPO Bill until the reviews of the data retention regime and Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (Cth) (‘TOLA Act’) are complete to ensure compliance with US requirements for the bilateral arrangement under the ‘US CLOUD Act’;
3. ensure the IPO Bill is consistent with the government’s scheme for protecting COVIDSafe app data from access by domestic and international national security and law enforcement agencies;
4. ensure consistent protections for telecommunications data held domestically and data held offshore by making the domestic access regime consistent with the higher standards for an outgoing international production order (‘IPO’);
5. ensure the same protections are provided for both incoming and outgoing IPOs and that incoming IPOs are prohibited from being fulfilled where the investigation relates to a crime punishable by death;
6. provide a definition of ‘telecommunications data’ for the domestic metadata regime under either the TIA Act or T-coms Act;
7. confirm that a US CLOUD Act Agreement is necessary; and
8. change the terminology in the IPO Bill linking designated communications providers with stored communications and telecommunications data from a reference to data that is held to data that the provider is legally and practically able to access.