Supporting the Legal Identities of Contracting Agents with

Supporting the Legal Identities of Contracting Agents with an Agent Authorization Platform Dickson K. W. CHIU Dickson Computer Systems kwchiu@acm. org, dicksonchiu@ieee. org Changjie Wang, Ho-fung Leung Dept of Comp Science and Engineering, The Chinese University of Hong Kong, {cjwang, lhf}@cse. cuhk. edu. hk Irene Kafeza Eleanna Kafeza Faculty of Law, University of Hong Kong Department of Marketing and Communications, Athens University of Economics and Business kafeza. e@dsa. gr Agent Authorization Platform kafeza@aueb. gr 1

Motivation and Background n No legislations governing automatic agent transactions except one preliminary attempt in the USA n n What happen if the agent does not act as the user’s expectation n n n Wrong user instructions? Malfunction of the agent? The agent is manipulated by a third party? System failure? … ? ? ? Difficult to proof Key problem rooted at the necessary means of trust n n n Can be used easily as a means for fraud and deception The rules are not clear: lack of adequate legal response, international standards, and the cross-border nature of electronic trade Hinders massive adoption Authorization management in agent delegation Legal identity of agents Proposed solution: Agent Authorization Platform 2

Elements of a Contract “A contract is a promise or a set of promises for the breach of which the law gives a remedy, or the performance of which the law in someway recognizes as a duty. ” (US Laws of Contracts) (1) An agreement n Examine whether the negotiations that have taken place between the parties (offeror / offeree) can be defined as an offer and acceptance (2) An intention from both parties to be legally bound n n Attribute to the person his executed intention and not what was present in his mind For agents, check how it acted on relevant situations and what are the parameters of the user’s instructions on how to react under these situations. (difficult!) (3) A valuable consideration Agent Authorization Platform 3

Valid and enforceable contracts n n n Requires persons with contractual capacity Legal obligations are connected to contracts USA: Uniform Computer Information Transactions Act (UCITA) – n n provides a full set of commercial law rules for computer information transactions An “Electronic agent” is defined as a computer program, or electronic or other automated means, used by a person to initiate an action, or to respond to electronic messages or performances, on the person’s behalf without review or action by an individual at the time of the action or response to the message or performance Agent Authorization Platform 4

Agents as legal person n n Physical Persons vs. Legal Persons Debatable … Examples of legal persons - a corporation, a government entity, a ship Exist only when they have assets Legal personality will enable agents to n n n have rights and duties to sue and be sued to own assets Agent Authorization Platform 5

Can agents convey a promise? n n n When intelligent agents negotiate a deal, they cannot manifest assent in the same way as humans. A party that enters into a contract has to be aware of the commitment and this is guaranteed if the party manifests assent of the terms. Many law scholars point out that we can assume that a person manifests assent by conduct when using an electronic agent. One might consider that intelligent agents serve the same function as human agents => legal personality. Difficulty: a mutual assent on the nature and scope of the rights and obligations between the parties (meeting of the minds) is necessary – need a new technical solution for the case of agents Agent Authorization Platform 6

Solution Overview n Legal Solution: Proper legal identity of agents n n n Compare agents with a registered corporation Possibility of real asset granted from owner Agents then sue and be sued Future work … Technical Solution: Agent Authorization Platform for agent authorization and identity management Agent Authorization Platform 7

Overview of Agents’ Contractual Capability Authorized Agents Agreement Agents Communication Tool Contract Agents with Customized Delegation Agents with Legal Personality Increasing Autonomous Capability Agent Authorization Platform 8

Major Functions of the AAP n n n Issue of electronic agent certificates Authentication of the users and their agents through electronic certificates Validation of agents’ bids Witness of electronic contracts with validation to ensure contract terms are with the agents’ authorization limits Alert agents’ owners in case of authorization violations Non-repudiation support Agent Authorization Platform 9

A Conceptual Model for Agent Authorization Platform 10

AAP System Architecture AVR = Authorization validation request Human Users Laptop Desktop PDA Ale Front-end Tier AAP Portal Agent Programmatic Interface Internet Alert Sender Authorization profile Authorization Profile Editor Logical Tier Authorization profile Back-end Tier Agent Authorization Platform Agents rt Web / WAP Access Mobile Ale rt Certificate Authorities Agent registration request AVR Alert Management System AVR Authorization Violation Authorization Validator Authorization profile Authorization Database Agent cert Agent Certification Center Agent cert E-contracts Validation logs Non-Repudiation Server 11

AAP Protocol Overview (3)Agent issuing Verification Module (1)Agent request Customer (2)Agent preparation agent (5)Negotiation Agent certificate center (6)Authorization validation Authorization Database (7)Contract signing Non-repudiation Database (4)Agent verification Seller agent (8)Agent return Authorization Platform (AAP) Agent Authorization Platform 12

Agent Request Flow Chart Customer C Customer request Req. C Verification Module Record agent authorization Verification failed, reject the request Authorization Database Record non-repudiation data Non-repudiation Database Agent generation receipt Inform agent formatting Agent certificate center Agent Authorization Platform (AAP) Agent Authorization Platform 13

Agent Certificate Agent identification number (AIN) Buying description Authorization Profile Time stamp and the period of validity Agent public key Other static data Public Key Algorithm specification Sig. AAP(Above data) Agent Authorization Platform 14

Authorization Validation Protocol Verification Module Agent Authorization validation request Agent certificate center Authorization Database Pre-contract signing Host Authorization confirmation and final contract signing Non-repudiation Database Authorization profile update Agent Authorization Platform (AAP) Agent Authorization Platform Customer 15

Advantages of our approach n AAP provides a solid foundation for establishing enforceable trust n n n proper encoding of users’ requirements, intention, and preferences ensure whatever happens cannot violate the agents’ authorization limit the final electronic contract is validated against the agents’ authorization or with the users’ explicit consent adequate evidences to avoid most of the legal ambiguities Technical aspects - agent reliability Social aspects - build up of trust and a positive image of technical reliability Agent Authorization Platform 16

Summary n Various legal ambiguities rooted at n n AAP provides a technical solution Legal solution n n Authorization management in agent delegation Legal identity of agents We do not intend to solve all the legal issues immediately but we propose a solid foundation Expect gradual adoption, cf. adoption of PKI in e-commerce Agent Authorization Platform 17

Future Work n Maintaining legal personality n n n Transfer of assets to agents Insurance for agents Contributions to reliability Constraints and requirement specifications Application of Semantic Web and ontology Enactment of new legislations similar to the legal acceptance of e-certs in electronic transactions Agent Authorization Platform 18

Question and Answer Thank you! Agent Authorization Platform 19