As software agents typically operate in a real-world environment there is a significant chance that they perform actions to which the law applies. The legal implications of their actions are, however, not well understood (Brazieret al., 2002). These legal implications touch upon a number of subjects that range from liability to intellectual property. In this thesis I shall confine myself to a discussion on those legal issues that are most relevant to the subject matter of this thesis. In my opinion there are four issues to be discussed, viz.(1) autonomy, (2) legal status of agents, (3) identification, authentication and authorisation, and (4) integrity.4
2.10.1 Autonomy
When it comes to discussing legal issues surrounding the use of software agents, the first issue that needs to be addressed is that of software agent autonomy. Above all, it is important to distinguish between what I will call thetechnicalnotion of autonomy and thelegalnotion of autonomy. From a computer science perspective the term autonomy is primarily concerned with a software agent’s ability to function without external help or guidance. However, from a legal point of view the notion of autonomy is less concerned with theabilityto act, but rather with theauthorityto act (Schermer, Durinck and Bijmans,2005, p. 14). The notions of technical and legal autonomy are closely entwined. A software agent capable of advanced autonomous actions must also have the authority to do so, and a software agent that has a broad mandate, must also have the technical means to fill in this mandate.
2.10.2 Legal status of agents
Closely related to the issue of autonomy is that of the legal status of software agents. With regard to the role of software agents in commercial transactions and criminal law it is still unclear whether an agent must be seen as a natural
4 These legal issues are closely related to Franken’s ‘Beginselen van behoorlijk ICT gebruik’ (principles of proper ICT use) (Frankenet al.2004, p. 57). The principles are: availability, confidentiality, integrity, authenticity, flexibility, and transparency.
person (which is unlikely), a legal person, or whether it has any legal subjectiv- ity at all.
In Dutch law the notion of a software agent as a separate legal entity has not yet arisen. In the United States however, there is a clear reference to the notion of software agency in theUniform Electronic Transaction Act (UETA), developed by the National Conference of Commissioners on Uniform State Laws (NCCUSL). Section 2 (6) of theUETAdefines an ‘electronic agent’ as:
“a computer program or an electronic or other automated means used independent- ly to initiate an action or respond to electronic records or performances in whole or in part, without review or action by an individual.”
When it comes to the legal status of a software agent, the notion of agency is important. Agency in a legal sense is the relationship between the principal and the agent, based on authority, or the power conferred on the agent to constitute legal relations between the principal and a third party (De Miglio et al., 2002).
2.10.3 Identification, authentication, and authorisation
The ability to identify and trace a software agent is important both from a technical and a legal point of view. From a technical standpoint the ability to identify an agent is necessary to coordinate the workings of a multi-agent system. Technical identifiers are used among other things for the discovery of agents and to coordinate communication between agents.
From a legal standpoint it is often beneficial, if not necessary or even compulsory, to be able to identify oneself. It is conceivable that software agents should carry some kind of marker (akin to a licence plate) that enables their identification and that of their principal in certain circumstances (Brazieret al. 2003, p. 37). Since an agent is capable of autonomous action, it might perform acts in law. An agent could, for instance, cause damage when it negotiates a contract but does not live up to it. Or an agent could use invest- igative powers, such as searching for information on certain individuals in a database, in which case an agent must identify itself to an agent platform in order to verify the authority of the agent. In all of these scenarios the ability to identify an agent (and its principal) is necessary.
In addition to identification, a process of authentication whereby the truth- fulness and validity of an agent’s identity are confirmed is necessary too. Authentication is needed to prevent rogue agents posing as other agents from entering an agent platform or accessing a database, or to verify whether an agent is still authorised to act on its principal’s behalf. Authentication features can be implemented in software agent design amongst other ways using public
key cryptography. On the basis of the verified identity, the agent can be authorised to perform certain tasks on the agent platform.
2.10.4 Integrity
Integrity of data is an important element of computer science in general and this is also the case for agent technology. An agent and the multi-agent system in which it operates must be protected from unwanted alterations, caused either by system malfunctions or by malicious intent, if the agent is to operate in a proper and trustworthy fashion (Brazieret al. 2003, p. 58). When the integrity of an agent is compromised it might act differently from its normal way of acting and could even cause damage or harm to its principal and other parties. Such behaviour will undermine an agent’s usefulness and trust- worthiness and put its reputation and that of its principal at risk. Therefore, adequate safeguards for the integrity of individual agents and the agent systems in which they operate must be put in place.