ACM Symposium on Computer Science and Law

By examining the historical and doctrinal response of copyright law to new technologies, this Article offers a new analytical framework for determining liability for what it terms artificial infringement, or copyright infringement perpetrated through generative AI systems. Time and again, new technologies have posed challenges to existing copyright law, straining its capacity to balance protecting authors’ rights to incentivize new expression and providing public access to their works. Courts and Congress have been able to maintain this balance by using a variety of doctrinal tools, including fair use, compulsory licensing, and secondary liability. One underexamined tool, however, is the refinement of direct liability. This Article reveals how courts introduced the causation requirement to maintain copyright’s balance in response to complex machine-generated infringements.

Together, direct liability’s causation requirement and other doctrinal tools provide a viable framework for maintaining copyright’s incentives-access balance despite the acute challenges of artificial infringement. By holding the AI system directly liable as an artificial legal person, courts can utilize and refine secondary liability doctrines to conduct a more nuanced analysis of user and developer liability for AI-generated infringements. Along with fair use, these refinements to copyright doctrine provide a more comprehensive resolution to the battles between copyright and AI.

Government investigatory and surveillance powers are important tools for examining crime and protecting public safety. However, since these tools must be employed in secret, it can be challenging to identify abuses or changes in use that could be of significant public interest. One approach to address these concerns is increased transparency — either via statutory requirements for disclosure/documentation (e.g., mandated disclosure of wiretaps or the use of National Security Letter) or via private sector reporting (e.g., transparency reports). The implicit reasoning is that even without detailed information, large-scale abuses will become evident under careful public scrutiny, and will thus deter such behavior. The power of this hedge against abuse is predicated on two key assumptions. The first assumption is that such disclosures contain sufficient data, documentation and context such that an unprivileged third-party could easily audit them for compliance. The second assumption is that there are third-parties with the funding, focus and expertise necessary to do such work on a routine basis. If both assumptions held true in practice, inconsistencies in disclosures would be identified swiftly and any limitations in reporting processes would be public and well understood. In this paper, we evaluate this phenomenon in the context of National Security Letters (NSLs). By carefully analyzing the full range of publicly available data related to NSL use, we demonstrate that both assumptions may fail to hold in this case. We document the need for better curation and documentation in statutorily mandated NSL reports, demonstrated by the significant manual effort required to collect, parse, and normalize their contents (as well as changes and ambiguity in how the source data is encoded). Through our analysis of this data, we discovered and now document data discrepancies (subsequently fixed after our reporting to the ODNI), suggesting the lack of active auditing and checking from the public. Taken together, we believe our work illustrates how transparency mechanisms must be constructed with an eye towards making public audit easy and straightforward if they are to be effective in their goals.

For many years, data has been considered a non-rival good, which means that one person’s use of data does not inherently diminish its availability for others. Building on research in privacy and statistics, we argue that there exist many settings in which data should be
treated as a rival good.
Our argument takes into account modern uses of data for statistics, machine learning, and other purposes, in conjunction with requirements of privacy protection and statistical
validity. Excessive sharing or reuse of data about individuals can lead to leakage of sensitive data, potentially causing harm to those whose information is included in the data. Overuse of data in statistics or machine learning can lead to overfitting, i.e., models that perform well on training data but poorly on fresh unseen data.
Recognizing the rival nature of data offers an opportunity to rethink the way data are managed and used. In an age where the training of AI models generates a massive appetite for data, this perspective has the potential to inform the creation of new regulation and technical infrastructure that will be able to safely and responsibly manage data, track their various uses, and ensure that privacy and statistical usefulness are respected and preserved.
We observe that current EU regulation and existing approaches to science seeking to increase opportunities for data-sharing and reuse of data misconstrue the complex nature of data, inadvertently creating risks of privacy harms and overfitting, hence squandering
the societal benefits that can be derived from data.
Recognizing the rival nature of data has implications for policy and practice. Regulation should address the limitations and risks associated with data reuse and facilitate technological measures to track, analyze, and manage data usage with the goal of ensuring
that privacy and statistical validity are maintained.

On June 8, 2023, a US Supreme Court ruling preliminarily enjoined Alabama from implementing its recent congressional district plan. The court deemed the plan to be in violation of Section~2 of the Voting Rights Act, which prohibits discriminatory election laws against minority communities. This ruling is related to a century-old problem known as gerrymandering, for which many have sought solutions with the help of mathematics. One key remedy to gerrymandering has been the Markov Chain Monte-Carlo (MCMC) redistricting algorithm, widely employed in partisan gerrymandering litigations to detect outliers in district plans. This study introduces a novel MCMC redistricting algorithm for outlier analysis specific to racial gerrymandering. Our innovative approach, the Partial Map MCMC algorithm, utilizes a subset of districts for plan generation while keeping others static. Testing Alabama’s congressional district plan against a standard MCMC algorithm designed for partisan gerrymandering reveals significant differences. Both algorithms were evaluated based on their success in generating district plans with a minimum of two majority-minority districts while maintaining all other constraints constant. Results indicate that the Partial Map MCMC algorithm produces 90\% of plans with two majority-minority districts, in stark contrast to the standard MCMC algorithm’s less than 1\%. This outcome underscores the suitability of our algorithm in generating a diverse set of district plans for outlier analysis in racial gerrymandering litigations. In conclusion, our research represents a crucial step towards addressing the nuanced challenges of gerrymandering, emphasizing the importance of tailored algorithms to promote equitable representation and safeguard the principles of the Voting Rights Act.

The paper addresses the challenge of ensuring that increasingly powerful autonomous maritime vessels operate safely and conform to regulatory standards. We presents Legata, a domain language designed to ensure regulatory compliance in autonomous maritime vessels. By leveraging large-scale simulations, Legata translates legal regulations into computable terms, enabling precise evaluation of vessel behavior across diverse scenarios. The framework quantifies risk based on regulatory violations, providing a structured method for assessing compliance. A case study on the Istanbul Strait demonstrates Legata’s practical application.

Disparate impact doctrine offers an important legal apparatus for targeting discriminatory data-driven algorithmic decisions. A recent body of work has focused on conceptualizing one particular construct from this doctrine: the less discriminatory alternative, an alternative policy that reduces disparities while meeting the same business needs of a status quo or baseline policy. However, attempts to operationalize this construct in the algorithmic setting must grapple with some thorny challenges and ambiguities. In this paper, we attempt raise and resolve important questions about less discriminatory algorithms (LDAs). How should we formally define LDAs, and how does this interact with different societal goals they might serve? And how feasible is it for firms or plaintiffs to computationally search for candidate LDAs? We find that formal LDA definitions face fundamental challenges when they attempt to evaluate and compare predictive models in the absence of held-out data. As a result, we argue that LDA definitions cannot be purely quantitative, and must rely on standards of “reasonableness.” We then raise both mathematical and computational constraints on firms’ ability to efficiently conduct a proactive search for LDAs, but we provide evidence that these limits are “weak” in a formal sense. By defining LDAs formally, we put forward a framework in which both firms and plaintiffs can search for alternative models that comport with societal goals.

Websites’ privacy policies and terms of service constitute valuable resources for scholars in various disciplines. Nonetheless, there exists no large, multilingual database collecting these documents over the long term. Therefore, researchers spend a lot of valuable time collecting them for individual projects, and these heterogeneous methods impede the reproducibility and comparability of research findings. As a solution, we introduce a long-term scraper of privacy policies and terms supporting 37 languages. We run our scraper on a monthly basis on 800’000 websites, and we publish the dataset for the twelve crawls in 2024. Our manual evaluation of the end-to-end extraction of the documents demonstrates F1 scores of 79% for privacy policies and 75% for terms of service in five sample languages (English, German, French, Italian, and Croatian). We present several broad potential applications of our database for future research.

Over its decades long history, the field of AI and Law has made significant progress developing and researching formal models of case based reasoning that are capable of producing legal argument. These models replicate legal argument by following argument schemes. Although accurate and explainable these systems are costly to produce and maintain, having required manual case representations and expert-crafted algorithms that mimic argument. We address these limitations by producing a methodology that enforces an argument scheme linguistically, through prompt engineering. Ultimately we show that using state of the art reasoning LLMs it is feasible to enforce and produce basic argument.

We study the regulation of algorithmic (non-)collusion amongst sellers in dynamic imperfect price competition by auditing their data as introduced by Hartline et al. [2024].

We develop an auditing method that tests whether a seller’s pessimistic calibrated regret is low. The pessimistic calibrated regret is the highest calibrated regret of outcomes compatible with the observed data. This method relaxes the previous requirement that a pricing algorithm must use fully-supported price distributions to be auditable. This method is at least as permissive as any auditing method that has a high probability of failing algorithmic outcomes with non-vanishing calibrated regret. Additionally, we strengthen the justification for using vanishing calibrated regret, versus vanishing best-in-hindsight regret, as the non-collusion definition, by showing that even without any side information, the pricing algorithms that only satisfy weaker vanishing best-in-hindsight regret allow an opponent to manipulate them into posting supra-competitive prices. This manipulation
cannot be excluded with a non-collusion definition of vanishing best-in-hindsight regret.

We motivate and interpret the approach of auditing algorithms from their data as suggesting a per se rule. However, we demonstrate that it is possible for algorithms to pass the audit
by pretending to have higher costs than they actually do. For such scenarios, the rule of reason can be applied to bound the range of costs to those that are reasonable for the domain.

When does a digital image resemble reality? The relevance of this question increases as the generation of synthetic images—so called deep fakes—becomes increasingly popular. Deep fakes have gained much attention for a number of reasons—among others, due to their potential to disrupt the political climate. In order to mitigate these threats, the EU AI Act implements specific transparency regulations for generating synthetic content or manipulating existing content. However, the distinction between real and synthetic images is— even from a computer vision perspective—far from trivial. We argue that the current definition of deep fakes in the AI act and the corresponding obligations are not sufficiently specified to tackle the challenges posed by deep fakes. By analyzing the life cycle of a digital photo from the camera sensor to the digital editing features, we find that: (1.) Deep fakes are ill-defined in the EU AI Act. The definition leaves too much scope for what a deep fake is. (2.) It is unclear how editing functions like Google’s “best take” feature can be considered as an exception to transparency obligations. (3.) The exception for substantially edited images raises questions about what constitutes substantial editing of content and whether or not this editing must be perceptible by a natural person.
Our results demonstrate that complying with the current AI Act transparency obligations is difficult for providers and deployers. As a consequence of the unclear provisions, there is a risk that exceptions may be either too broad or too limited. We intend our analysis to foster the discussion on what constitutes a deep fake and to raise awareness about the pitfalls in the current AI Act transparency obligations.

As the legal community increasingly examines the use of large language models (LLMs) for various legal applications, legal AI developers have turned to retrieval-augmented LLMs (“RAG” systems) to improve system performance and robustness. An obstacle to the development of specialized RAG systems is the lack of realistic legal RAG benchmarks which capture the complexity of both legal retrieval and downstream legal question-answering. To address this, we introduce two novel legal RAG benchmarks: Bar Exam QA and Housing Statute QA. Our tasks correspond to real-world legal research tasks, and were produced through annotation processes which resemble legal research. We describe the construction of these benchmarks and the performance of existing retriever pipelines. Our results suggest that legal RAG remains a challenging application, thus motivating future research.

We develop a set of technical requirements for data anonymization rules and for other rules governing the release of regulated data. The requirements are derived by situating within a simple abstract model of data processing a set of general guiding principles put forth in previous work [Altman et al. 2022]. We describe an approach to evaluating proposed subject-effect regulations using these requirements, thus enabling the application of the general principles for the design of mechanisms. As an exemplar, we evaluate competing interpretations of regulatory requirements from the EU’s General Data Protection Regulation (GDPR).

Data from the Decennial Census is published only after applying a disclosure avoidance system (DAS). Data users were shaken by the adoption of differential privacy in the 2020 DAS, a radical departure from past methods. The change raises the question of whether redistricting law permits, forbids, or requires taking account of the effect of disclosure avoidance. Such uncertainty creates legal risks for redistricters, as Alabama argued in a lawsuit seeking to prevent the 2020 DAS’s deployment. We consider two redistricting settings in which a data user might be concerned about the impacts of privacy preserving noise: drawing equal population districts and litigating voting rights cases. What discrepancies arise if the user does nothing to account for disclosure avoidance? How might the user adapt her analyses to mitigate those discrepancies? We study these questions by comparing the official 2010 Redistricting Data to the 2010 Demonstration Data—created using the 2020 DAS—in an analysis of millions of algorithmically generated state legislative redistricting plans. In both settings, we observe that an analyst may come to incorrect conclusions if they do not account for noise. With minor adaptations, though, the underlying policy goals remain achievable: tweaking selection criteria enables a redistricter to draw balanced plans, and illustrative plans can still be used as evidence of the maximum number of majority-minority districts that are possible in a geography. At least for state legislatures, Alabama’s claim that differential privacy “inhibits a State’s right to draw fair lines” appears unfounded.

The New York Times’s copyright lawsuit against OpenAI and Microsoft alleges that OpenAI’s GPT models have “memorized” Times articles. Other lawsuits make similar claims. But parties, courts, and scholars disagree on what memorization is, whether it is taking place, and what its copyright implications are. Unfortunately, these debates are clouded by deep ambiguities over the nature of “memorization,” leading participants to talk past one another.

In this Essay, we attempt to bring clarity to the conversation over memorization and its relationship to copyright law. Memorization is a highly active area of research in machine learning, and we draw on that literature to provide a firm technical foundation for legal discussions. The core of the Essay is a precise definition of memorization for a legal audience. We say that a model has “memorized” a piece of training data when (1) it is possible to reconstruct from the model (2) a near-exact copy of (3) a substantial portion of (4) that specific piece of training data. We distinguish memorization from “extraction” (in which a user intentionally causes a model to generate a near-exact copy), from “regurgitation” (in which a model generates a near-exact copy, regardless of the user’s intentions), and from “reconstruction” (in which the near-exact copy can be obtained from the model by any means, not necessarily the ordinary generation process).

Several important consequences follow from these definitions. First, not all learning is memorization: much of what generative-AI models do involves generalizing from large amounts of training data, not just memorizing individual pieces of it. Second, memorization occurs when a model is trained; it is not something that happens when a model generates a regurgitated output. Regurgitation is a symptom of memorization in the model, not its cause. Third, when a model has memorized training data, the model is a “copy” of that training data in the sense used by copyright law. Fourth, a model is not like a VCR or other general-purpose copying technology; it is better at generating some types of outputs (possibly including regurgitated ones) than others. Fifth, memorization is not just a phenomenon that is caused by “adversarial” users bent on extraction; it is a capability that is latent in the model itself. Sixth, the amount of training data that a model memorizes is a consequence of choices made inthe training process; different decisions about what data to train on and how to train on it can affect what the model memorizes. Seventh, system design choices also matter at generation time. Whether or not a model that has memorized training data actually regurgitates that data depends on the design of the overall system: developers can use other guardrails to prevent extraction and regurgitation. In a very real sense, memorized training data is in the model—to quote Zoolander, the files are in the computer.

Algorithmic discrimination is a critical concern as machine learning models are used in high-stakes decision-making in legally protected contexts. Although substantial research on algorithmic bias and discrimination has led to the development of fairness metrics, several critical legal issues remain unaddressed in practice. To address these gaps, we introduce a novel decision-theoretic framework grounded in anti-discrimination law of the United Kingdom, which has global influence and aligns more closely with European and Commonwealth legal systems. We propose the “conditional estimation parity’” metric, which accounts for estimation error and the underlying data-generating process, aligning with legal standards. Through a real-world example based on an algorithmic credit discrimination case, we demonstrate the practical application of our formalism and provide insights for aligning fairness metrics with legal principles. Our approach bridges the divide between machine learning fairness metrics and anti-discrimination law, offering a legally grounded framework for developing non-discriminatory automated decision systems.

Annotation and classification of legal text are central components of empirical legal research. Traditionally, these tasks are often delegated to trained research assistants. Motivated by the advances in language modeling, empirical legal scholars are increasingly turning to prompting commercial models, hoping that it will alleviate the significant cost of human annotation. Despite growing use, our understanding of how to best utilize large language models for legal tasks remains limited. We conduct a comprehensive study of 260 legal text classification tasks, nearly all new to the machine learning community. Starting from GPT-4 as a baseline, we show that it has non-trivial but highly varied zero-shot accuracy, often exhibiting performance that may be insufficient for legal work. We then demonstrate that a lightly fine-tuned Llama 3 model vastly outperforms GPT-4 on almost all tasks, typically by double-digit percentage points. We find that larger models respond better to fine-tuning than smaller models. A few tens to hundreds of examples suffice to achieve high classification accuracy. Notably, we can fine-tune a single model on all 260 tasks simultaneously at a small loss in accuracy relative to having a separate model for each task. Our work points to a viable alternative to the predominant practice of prompting commercial models. For concrete legal tasks with some available labeled data, researchers are better off using a fine-tuned open-source model. Finally, we make our classification tasks available as an easy-to-use benchmark. An intercoder reliability analysis suggests that our benchmark tasks are neither too hard nor too easy for state-of-the-art models, thus providing a valuable addition to the benchmark ecosystem.

This work introduces a new hand-coded dataset for the interpretation of privacy policies. The dataset captures the contents of 149 privacy policies, including documents they incorporate by reference, on 64 dimensions that map onto commonly found terms and applicable legal rules. The coding approach is designed to capture complexities inherent to the task of legal interpretation that are not present in current privacy policy datasets. These include addressing textual ambiguity, indeterminate meaning, interdependent clauses, contractual silence, and the effect of legal defaults.

While the dataset presented is specific to the task of interpreting online privacy policies, the method and software we provide are intended for reuse. Our project models one practical avenue for legal experts to engage directly with AI development by developing a novel dataset directed towards AI applications like training and validation.

In 2022, generative model based coding assistants became widely available with the public release of GitHub Copilot. Approaches to generative coding are often critiqued within the context of advances in machine learning. We argue that tools such as Copilot are better understood when contextualized against technologies derived from the same communities and datasets. Our work traces the historical and ideological origins of free and open source code and characterizes the process of centralization. We examine three case studies —Dependabot, Crater, and Copilot— to compare the engineering, social, and legal qualities of technical artifacts derived from shared community-based labor. Our analysis focuses on the implications these artifacts create for infrastructural dependencies, community adoption, and intellectual property. Reframing generative coding assistants through a set of peer technologies broadens considerations for academics and policymakers beyond machine learning, to include the ways technical artifacts are derived from communities.