Powered by
Conference Publishing Consulting

2014 IEEE 7th International Workshop on Requirements Engineering and Law (RELAW), August 26, 2014, Karlskrona, Sweden

RELAW 2014 – Proceedings

Contents - Abstracts - Authors

2014 IEEE 7th International Workshop on Requirements Engineering and Law (RELAW)


Title Page

The Seventh International Workshop on Requirements Engineering and Law (RELAW'14) is a multi-disciplinary, one-day workshop that brings together practitioners and researchers from two domains: Requirements Engineering and Law, with the objective of fostering discussion related to requirements engineering for systems governed by any legal regulation, policy, or law.


An Open Source Perspective on Innovative Societal Applications and Policy Making (Keynote)
Cedric Thomas
(OW2 Paris, France)
This keynote address takes the perspective of open source software to look at some of the policy issues arising from the ever increasing impact of software systems on people's lives. It contends that open source can facilitate public regulation by fostering open cooperation and counter-balancing current oligopoly and vertical integration trends in the IT industry. Thirty years ago, Richard Stallman, and then the Free Software Foundation, invented free software, an efficient techno-legal construct to share code development efforts with traces of anti-monopolistic values. Thanks to new permissive licenses some 15 years later, free software was forked into open source – a business movement and outsider's strategy par excellence. And now, a third kind of open source is emerging, driving innovation as IT applications become increasingly social, diverse and complex. Developers "scratching an itch”, investors copying leaders in existing market segments, and committees exploring new grounds, requirement management are always a reflection of current industry drivers. Moreover, while dominant vertically integrated oligopolistic players with no incentive for transparency nor regulation are re-shaping the IT industry and our digital economy, open source collaborative R&D provides an alternative evolution path based on open standards and componentized software stacks. Identifying the issues at stake and implementing the mechanisms to interact with the industry, without interfering with market forces, are some of the greatest challenges facing policy makers.

Compliance in Practice

Experiences from an Industry-Wide Initiative for Setting Metadata for Regulatory Requirements in the Nuclear Domain
Eero Uusitalo, Mikko Raatikainen, Mikko Ylikangas, and Tomi Männistö
(Aalto University, Finland; University of Helsinki, Finland)
Abstract—The industrial organizations involved in developing and maintaining nuclear power plants need to comply with the requirements coming from the legislative regulation. In the newly renewed Finnish guidelines, there are over 6500 such requirements, which are not always easy to interpret. The industrial stakeholders particularly find the situation highly challenging. Therefore, the Finnish nuclear industry and regulators formed a joint task force to clarify the new requirements by attaching metadata to regulatory requirements. We observed the work process and created tooling to support this work. We present the initial results of the ongoing work of the task force at its halfway milestone, the KLAD tool and experiences on its usage. In the process of setting metadata, the industrial stakeholders reported increasing understanding of the content meaning of the requirements, and regulatory requirement authors learned about writing good requirements. The tool was successful, and in addition, it provides good opportunities for further analysis of the requirements and metadata.

Current and Necessary Insights into SACM: An Analysis Based on Past Publications
Jose Luis de la Vara
(Simula Research Laboratory, Norway)
SACM (Structured Assurance Case Metamodel) is a standard for assurance case creation and exchange. Although it is a promising initiative towards providing common system assurance practices and improving them, the document of the standard provides little information about how to use SACM, its benefits, and its limitations. Consequently, it is difficult to determine what SACM can be used for and what needs to be investigated about the standard. This position paper aims to address this issue by reviewing 28 publications that have referred to SACM. Based on the insights gained, we propose a set of aspects that need to be further studied. This information can be valuable for anyone interested in the standard.

A Critical Analysis of Legal Requirements Engineering from the Perspective of Legal Practice
Guido Boella, Llio Humphreys, Robert Muthuri, Piercarlo Rossi, and Leendert van der Torre
(University of Torino, Italy; University of Luxembourg, Luxembourg; University of Eastern Piedmont, Italy)
This paper reviews existing approaches to representing legal knowledge for legal requirements engineering. Legal requirement methodologies are rarely developed together with legal practitioners, with the result that often approaches are based on a simplified view of law which prevents their acceptance by legal practitioners. In this paper, we analyse how legal practitioners build legal knowledge and possibilities for existing approaches in RELaw to mirror legal practice.

New Theoretical Directions

The Thing Itself Speaks: Accountability as a Foundation for Requirements in Sociotechnical Systems
Amit K. Chopra and Munindar P. Singh
(Lancaster University, UK; North Carolina State University, USA)
We consider sociotechnical systems (STSs) that facilitate social interaction among autonomous principals (either humans or organizations). Although accountability is a foundational concept in such systems, established requirements engineering methods do not support accountability in the broad sense of calling to account of one party by another. To address this shortcoming, we propose the notion of accountability requirement. Further, we claim that to model an STS means to precisely capture the accountability requirements between its principals.

The Role of Power in Legal Compliance
Robert Muthuri, Sepideh Ghanavati, André Rifaut, Llio Humphreys, and Guido Boella
(University of Torino, Italy; CRP Henri Tudor, Luxembourg; University of Luxembourg, Luxembourg)
Many jurisdictions devote a significant portion of their legislation to powers. This reality is yet to be reflected in Requirements Engineering (RE) where more familiar deontic notions have prevailed for years. We explore different kinds of power and crucial factors to be considered for modeling them.

On Lawful Disclosure of Personal User Data: What Should App Developers Do?
Yung Shin Van Der Sype and Walid Maalej
(KU Leuven, Belgium; University of Hamburg, Germany)
The proliferation of mobile devices and apps together with the increasing public interest in privacy and data protection matters necessitate a more careful precaution for legal compliance. As apps are becoming more popular, app developers can expect an increased scrutiny of privacy practices in the future. In this paper, we focus on the problem of the disclosure of personal data to third parties and the role of app developers to enhance user privacy and data protection in the app ecosystem. We discuss the EU data protection principles and apply them to the mobile app context. We then derive requirements and guidelines for app developers on how to contribute to the protection of their users’ data.

Models and Processes

Usability Issues for Systems Supporting Requirements Extraction from Legal Documents
Nicola Zeni and Luisa Mich
(University of Trento, Italy)
Usability as ease of use and learnability, is critical for systems supporting requirements elicitation for regulatory compliance. The main problem is that these systems have to analyze documents in a specialized natural language, a task that is far from being completely automated. Usability issues are also related to a variety of other characteristics of such systems. Reasons why an early adoption of usability practices is desirable and beneficial in their development are described. Main lessons learned in developing and applying a complex framework for requirements elicitation from regulatory documents are presented to illustrate some of the most relevant usability concerns.

Towards a Legal Compliance Verification Approach on the Procurement Process of IT Solutions for the Brazilian Federal Public Administration
Lamartine da Silva Barboza, Gilberto A. de A. Cysneiros Filho, and Ricardo A. C. de Souza
(Federal Rural University of Pernambuco, Brazil)
The Brazilian federal government regulates the process for procurement of Information Technology (IT) solutions through specific legislation named Regulatory Instruction - RI Nº 04/2010. This process consists of three phases: procurement planning, supplier selection and contract management. This work helps (i) specify and validate an approach for traceability between legal requirements and documents created in the procurement process of IT solutions; (ii) reduce manual work for the verification of legal compliance in the set of artifacts produced; and (iii) support activities of auditing and inspection during and after the procurement of IT solutions by the Brazilian federal government.

proc time: 0.56