Research Paper on Intelligent Agent

INTELLIGENT AGENTS: A CURSE OR A BLESSING?

Submitted to

Prof.Sanskritirani Desai

Digital Business in the Transforming Economy

Submitted By:

Auronil Dutta
Roll No. 8,
PGDM (3 Year) (2007-2010)

XAVIER INSTITUTE OF MANAGEMENT,

BHUBANESWAR
Article Outline

Abstract

Intelligent agents: the legal dimension

Agents and ‘ordinary’ software

Security aspects

Competition

Liability

Privacy

Intellectual property

A first step towards agent specific

legislation: the UCITA

CONCLUSION
INTELLIGENT AGENTS: A CURSE OR A
BLESSING? A STUDY ON THE LEGAL
ASPECTS OF THE APPLICATION OF
INTELLIGENT AGENTS

Abstract: Intelligent agents represent a new spawn of software with significant potential
for a wide range of Internet applications. They have been successfully used for personal
assistances, intelligent user interfaces, and managing electronic mail. Recently, agents
have been applied to electronic commerce, promising a revolution in the way we conduct
business, whether business-to-business, business-to-customer or customer-to-customer.
Agents are a key component in the Internet wide information and electronic commerce
systems that are currently being developed across the globe. But it is not an easy task to
predict how agents will develop into the future. There is still a long way before software
agents transform how businesses conduct business. The greatest change will occur once
standards are adopted and evolved to unambiguously and universally define goods and
services, consumer and merchant profiles, value-added services, secure payment
mechanisms, complex goals, changing environment. The ultimate test of agent's success will
be the acceptance and (mass) usage by users. The road to the success is most likely to be
laid by developers, suppliers, and many commercial companies, who will join in, as there
are many interesting opportunities for them.

This article encompasses various legal facets of intelligent agents. While dealing with the
legal dimension the article starts with a consideration of a number of avenues that are
common to intelligent agents. Following this, a number of issues will be probed that are
related to the use of intelligent agents. Finally, a number of conclusions and
recommendations will be contrived pertaining to the significance of the advent of agents
for specific consumers. The aim of this article is to explore this largely new field from a
legal perspective. It is therefore designed specifically to the identifying factors relevant to
the application of intelligent agents and is meant to pose questions rather than supply
answers.

Key words: Agent, intelligent agent, and electronic commerce

INTELLIGENT AGENTS:THE LEGAL DIMENSION

Magnitude and nature of the legal dimension of the use of intelligent agents are
ascertained by the practicality of the agents involved and the functions that are
performed.
For the purposes of this article we have produced a simplified categorization which
distinguishes between three types of agents:
(a)Passive agents: agents whose functioning and interaction is limited to the user's own
environment: an example is an agent which assists in organizing data on the computer of
the user.
(b)Active agents: agents that are active in gathering and selecting information, filtering
news lists, processing E-mail etc.
(c)Transaction agents: agents of this kind go one step further than active agents by
performing transactions for or with the consumer. An example is an agent which, on the
basis of a profile of the consumer, orders a CD with music.

On legal aspects, there is a clear difference between the passive agent, and the active
agent and the transaction agent. The passive agent engages in an environment fully
controlled by its user; the active agent and the transaction agent move into the outside
world.

As regards the passive agent: the legal issues involved majorly reflect those of traditional
software. In case of active agents, especially transaction agents, the situation is, however,
different. The following paragraph will deal with a number of issues that are particularly
relevant for the latter two types of agents. Finally, a number of issues will be studied that
are specific for transaction agents.

Agents and ‘ordinary’ software

Agents are intelligent computer programs. As far as the relationship between the supplier
of this software and the user is concerned, the principle is that the user acquires a license
to use the relevant software. The relationship between the user and the supplier will in
principle be regularized by the normal mix of copyright and contract law. The nature and
scope of this license are therefore also relevant to agents. The right to a backup of the
agent applies to the legal interpretation of the contract between the user and the supplier
of the agent software. This situation will hold in particular if the agent software can be
compared with other standard applications such as a word processing package or a
browser and in principle to be appropriate for various passive agents.

However, agents will not be available exclusively as ready-made applications. In the case
of the standard software packages we see a striking development in the form of
Application Service Providers (ASPs), which allow users access for a given period to the
functionality needed. The distribution of software packages is thus being replaced by the
provision of functionality. A similar situation occurs when agent functionality is provided
temporarily for the performance of a task. A temporary license could apply here.
Depending on the circumstances there may be an affinity with contracts for services.

SECURITY ASPECTS

Security is an important matter throughout the different stages of development of

intelligent agents. Security could even come to play a very prominent role since in the
case of active and transaction agents, a portion of the user’s environment will roam
actively around the Internet without the user being able to monitor directly what is
happening. Furthermore, particularly active agents and transaction agents will carry with
them valuable information for the user, say for example, search profiles. Transaction
agents will in few cases even carry with them their ‘purchase information’ in a digital
form.

However it is not suitable or even possible to foresee all developments in relation to

agents, it seems naturalistic to consider that, account must be taken of the development of
‘agent killers’, in other words virus-like software applications that are able to obliterate
agents totally or partially or to defile or modify their instructions or other information.
For those who at present go to significant lengths to hack the security systems around
websites and servers, attacking agents would seem to present a real challenge.

It remains to be ascertained to what extent the present criminal laws offer the right
instruments to address this new form of crime adequately. It is not very improbable that
far reaching security systems will be synthesized for agents. Firstly a security
classification has to be developed and then the certification of agents by reference to a
particular category of security standards and protocols has to be met. Requirements could
then be levied in respect of the security level which the agent must satisfy if it is to be
authenticated or accepted for certain activities. For example, if an agent wants to obtain a
permit from the municipality — by that time the permit would automatically be issued in
digital form! — maybe required to meet a minimum level of security. Such a system will
require surveillance, at least in the form of a concrete examination to determine whether
the agent complies with the specified level of security. Consequently it will lead to the
evolution of a system of independent check marks for agent security features.

COMPETITION

Various problems centering around competition law can possibly affect the deployment
of agents. Within the agent industry, control over how the process standards are set is
likely to be of major importance. It is therefore not unlikely that there could be a battle of
standards comparable to the browser war or the battle of the operating systems. If so,
issues related to the role of consortium, availability to standards, reverse engineering etc.
will be relevant. Of course the ‘traditional’ competition law issues like the distribution of
agents, pricing, tie-in sale etc. will be of importance as well.
Actual deployment of agents can be pertinent as well from a competition law perspective,
like a supplier’s refusal to communicate with a certain type of agents, the setting of safety
standards for a certain transaction not objectively justifiable. The application of agents
could alter the competition landscape in various branches significantly. Agents will allow
for price comparisons on a scale that is so far unprecedented.

LIABILITY

The development and application of agents results in many potential liability issues. The
more the independence of agents the more truthful this is.

Attention has already been paid on various occasions concerning this liability issues
which can come up through the application of artificial intelligence. However,
publications about these particular liability issues happened by the use of intelligent
agents are just hardly.

The application of autonomous agents could give rise to formation of interesting liability
premises. Because, these agents will travel around independently on the Internet in
conformity with the instructions stored on them and will execute acts in accordance with
these instructions. Numerous potential cases of damage are imaginable in this connection:

• as a result of its activities the agent spoil a databank consulted by it

• as a result of a fault in its software application the agent performs an incorrect
transaction and starts selling shares rather than buying them.
• the agent becomes corrupted by a virus and subsequently infects a website which it
visits
• the agent has collected a music file for its owner but is ‘kidnapped’ by a killer agent
before it reaches its owner.

Following factors are of particular relevance to these scenarios:

1. Autonomy of the agent
2. Mobility of the agent
3. Dynamics of the environment in which they operate.

The autonomy of the agent implies that they function or can function without repeated
feedback from the user. This potential degree of independence means that in the event of
any damage the user will have tendency to blame this on a design fault. This may involve
a ‘logical’ error or a defect in the process of protection of the agent. Naturally, it is also
considered that the user may be responsible for causing the damage, for example by using
an agent in an environment for which it was definitely not suitable (e.g. lack of training
or insufficient protection levels).

The mobility of the agent indicates that particular attention must be given to the security
of the agent and the privacy of the user. Two examples have already been sufficed above
of circumstances in which the security of the agent is primary (the examples of the virus
infection and the kidnapping of an agent). In order to get into transactions that are not
executed on an unidentified basis, an agent will often have to resort to identifying
particulars of its principal. The principal thus will have an express interest to ensure
good security of his agent.

The expression dynamics of the environment connotes that the agent operates in an
environment that is irregular and in a state of constant flow. An agent must be prepared to
interact with a wide range of logical objects and data. Possible protection against related
risks could be provided by confining the scope of the agent to interact with its
environment. A balance must be maintained between the limitations to be enforced in the
interests of security and the flexibility which is essential to operate successfully.

The risks and dangers identified above can be reduced in various ways. For example, the
agent could be planned in such a way that its flexibility is limited, thereby increasing the
level of security. A finite lifespan could also be integrated into the design of the agent in
order to forbade it from leading a life of its own forever on the Internet. Alternatively, the
agent could be constructed in such a way that it can interact with other objects only if it is
under the control of its user. This could be achieved, for example, by a requirement that
the agent reports back if it wishes to engage in a dialogue with another object. The user
can then authorize this dialogue and, if desired, monitor it. The incorporation of a recall
mechanism and the possibility for the user to destroy the agent by remote control could
help to limit the risks.

These restrictions could, however, also result from the environment in which the agent
runs. For example a system could be configured in which both agents and the objects
sought by them are ascribed a given certificate. These credentials could then carry data
about authorization, security and so forth. This would be a simple way of forbidding an
agent from interacting with an object whose security level is such that it constitutes a
threat to the agent. Finally, the user naturally imposes great influence on the risk profile
of the agent. The choice of an agent for a given function and instructions given to the
agent obviously determine to a large extent the likelihood of the occurrence of damage.

Karnow has proposed that the complex debate about the attribution of liability for
damage in relation to the use of agents could be nullified by the introduction of a ‘Turing
Registry’, a system by which agents can be used only after they have been licensed. This
certification authority (the Turing Registry) would then evaluate in the risks attached to
the use of the agent in the certification process. This would give rise to questions such as
the probability of the interaction with the agent beyond the domain intended for it, the
situation if the agent contains a virus, how the agent responds to orders given remotely,
whether the agent requires an oversight, what decisions it can make itself, etc. On the
basis of this evaluation the Registry will then issue a certificate for the agent. The agent
will then interact only with systems that also bear a similar certificate issued by the
Registry. If any damage occurs the Registry will make payment without any probe into
such matters as fault or causal relation.

PRIVACY
The successful implementation of intelligent agents indicates that they require a personal
profile of the user containing adequate information to enable it to perform its allocated
functions. Depending on the type of agent this profile will vary in the degree of detail and
could contain a wide range of information. In addition to the name and E-mail address of
the user the profile will, for example, contain particulars of his preferences in the fields of
news, sport and literature. More confidential information too may be included in or
inferred from the profile concerning, for example, a person's health, religion, financial
position and social contacts. Intelligent agents may pose a threat to the privacy of the user
in view of their properties (autonomy, pro-activeness, social ability and reactivity), their
inability to function properly without possessing a personal profile, and the extent to
which data for the profile are supplied and collected independently.

Research on the subject of intelligent agents and privacy was performed in 1999 by the
Dutch Data Protection Authority in cooperation with TNO, A Dutch research institute,
and the Canadian Information and Privacy Commissioner. They identified two types of
threats associated with the application of intelligent agents. Firstly, a threat induced by
agents that carry out functions for the user and make personal information available for
this purpose. Second, the threat posed by agents which perform functions for others, for
example when they monitor data traffic, apply ‘data-mining’ techniques or attempt
without any basis to draw out personal information from the agent of the user. Moreover,
when an agent is followed by another agent to collect information concerning its task or
user; the ‘privacy’ of the agent comes at stake. On the basis of various conventions,
statutes and privacy guidelines, a number of basic principles have been formulated that
need to be observed by users, developers, suppliers and providers in the application and
development of intelligent agents. These basic principles are as follows:

• Anonymity: prior to processing of the data it is to be determined whether it is

necessary to process personal data rather than anonymous data.
• Purpose specification: the aggregation of personal data must serve a specific,
explicit and lawful purpose.
• Legitimate grounds: there must be a lawful cornerstone for the processing of
personal data.
• Compatible use: the personal data must not be processed if this is in contrary to
the objective for which they have been collected.
• Proportionality: the processing of the personal data must be essential and must
be proportionate to the pre-determined objective.
• Data quality: the personal data must be adequate, relevant and not surplus in
relation to the objective for which they have been gathered.
• Data subject’s rights: the person to whom the data relate has the right to
scrutinize the data and to correct them if they are incomplete or inaccurate.
• Transparency: if personal data are processed it must be clear to the person
concerned what will be done with the data.
• Security: adequate technical and organizational measures must be adopted to
protect personal data against loss or destruction which is unlawful or caused by
unanticipated factors and against amendment, unauthorized publication or access
and all forms of wrongful processing.
 • Accountability: someone must be responsible for the acts executed by agents in
the course of their duties.
• Supervision: an independent regulatory body is required to investigate whether
the principles referred to above are being honored or not.

As the magnitude of the application of intelligent agents will make it very difficult to
monitor them adequately, the research lists in addition to the principles mentioned above
a series of technologies which can guarantee secrecy in the application of intelligent
agents. These include certification of the working method of agents, recording the actions
of agents, access control, identification and authentication of agents, and integrity
mechanisms for data. It is also recommended that so-called ‘Privacy-Enhancing
Technologies’ be implemented, which can be incorporated into the intelligent agents
themselves, or a special intelligent agent be developed for this purpose example of which
would be an intelligent agent which has a pseudo identity.

The debate on privacy has intensified as a result of the application of information

technology and will certainly be diversified to include new aspects as a result of the
advent of intelligent agents.

INTELLECTUAL PROPERTY

Intellectual property is relevant in various ways in relation to intelligent agents. This

concerns both the possible intellectual property rights in respect of agents and the results
of the work of agents. Furthermore, the use of agents may have logical implications for
the enforcement of intellectual property rights relating to the work of third parties where
agents play a role in obtaining access to these works.

The first aspect, the intellectual property protection of agents as such, is not a completely
new concept. Agents consist essentially of software. However, the debate is more rarified
because agents cannot be compared with ordinary application software. A better
comparison is with expert systems. In the debate on the security of these systems a
distinction is generally made between the shell and the knowledge base. The shell
consists of an inference engine, a knowledge editor and an explanation facility and can be
regarded as an ordinary software application. It indicates that the possibilities for the
legal protection of agents do not constitute a special case.

The situation is however different in the case of a knowledge base. This involves
protection of the knowledge and it is necessary to ascertain what options are offered by
patents, copyright and the database rights. A complication in this respect is the
complexity of the process by which the knowledge is collected and registered. Various
parties play a role in this connection. Apart from the question of the possible scope of
protection, there is also the issue of who can be regarded as the rightholder(s).

As observed above, this debate is not new. This also directs to the second aspect
described above: the protection of the output of agents. Certain types of agents will be
able not only to acquires information independently, but also to process it to a greater or
lesser level. From the point of view of protection it is possible to draw a comparison with
the debate on the legal protection of ‘computer-generated works’. Since 1988 the British
‘Copyright Act’ has contained a special provision for the protection of these works; the
protection is afforded to “the person by whom the arrangements necessary for the
creation of the work are undertaken”.
Third, the use of agents may have possible repercussions for the enforcement of
copyright. For example, can agents differentiate between material that may be copied
(and, if so, to what extent) and material which may not be copied? To enable them to do
so, the relevant material must first be coined in an internationally accepted manner.
Allowance for the deployment of agents will also have to be made in the development
and use of copyright management systems.

A first step towards agent specific legislation: the UCITA

The proposition for a ‘Uniform Computer Information Transactions Act’ (UCITA) is the
first to incorporate a provision governing the consequences of the use of intelligent
agents in carrying out transactions.

The UCITA is aimed at ‘computer information transactions’, which are deemed to

include “an agreement or the performance of it to create, modify, transfer, or license
computer information or informational rights in computer information”. The latter
concept (‘computer information’) is taken to mean information in electronic form which
is obtained from a computer or by the use of computer or which is suitable to be
processed by a computer.

The term ‘electronic agent’ is employed in the UCITA. This is taken to mean “a
computer program, or electronic or other automated means, used by a person to initiate an
action, or to respond to electronic messages or performances, on the person’s behalf
without review or action by an individual at the time of the action or response to the
message or performance.” The UCITA is therefore based on the concept of an
autonomous agent.

Agents may therefore also conclude contracts. It is interesting that the moment of the
formation of the contract is made dependent on the occurrence of acts evidencing the
establishment, with a let-out in cases where the act of an agent results from fraud,’
electronic mistake or the like’.

A separate arrangement is included for cases in which an agent concludes a contract with
any natural person. The moment of formation is once again made dependent on
observation of acts of the agent: “A contract is formed if the individual takes an action or
makes a statement that the individual can refuse to take or say and that the individual has
reason to know will:

(1) cause the electronic agent to perform, provide benefits, or allow the use or access that
is the subject of the contract, or send instructions to do so; or
(2) indicate acceptance, regardless of other expressions or actions by the individual to
which the individual has reason to know the electronic agent cannot react.”

Negotiations about the contents of a contract will be possible only if the agent can
understand what is meant by the other party. The extent of the knowledge of the agent
therefore plays a definite role. This immediately raises the question of whether the extent
of this knowledge can be known to the other party — the individual.Here too, the
development of a classification of agents and a system of certificates based on this could
provide a solution.

As regards the acquisition of information by the agent, the UCITA introduces the concept
of ‘a reasonably configured electronic agent’. A term included in an ‘electronic record’ in
order to elicit a reaction from an agent is deemed to be ‘conspicuous’ if “it is presented in
a form that would enable a reasonably configured electronic agent to take it into account
or react to it without review of the record by an individual”.

CONCLUSIONS

The advent of intelligent agents will be the subject of the next hype once the dust thrown
up by the advent of ‘traditional’ E-commerce and E-business has settled.. A great deal of
attention is being devoted both in the academic world and in industry for development of
the different forms of intelligent agents. The functional possibilities also seem
impressive. Intelligent agents can become an important and convenient instrument in
dealing with transaction processes in a truly global and digital economy.

The legal study of intelligent systems is not new. The next generation of intelligent
systems has many more possibilities than traditional, offline systems. This naturally
applies to active agents and transaction agents. The fascinating feature of the transaction
agents is that they provide to create a virtual world in which software robots can imitate
human actions. Agents negotiate and cooperate with one another and even develop a
‘will’ of their own. This is of great interest to lawyers. In some areas there will be a need
for new rules, whether recorded in legislation or otherwise. Existing concepts might also
require a new definition to do justice to the advent of intelligent agents. Thus the advent
of intelligent agents will be of great significance to the development of the cyber law.
The consequences will be comparable to those of the digital revolution in the second half
of the 20th century. Intelligent agents can become an important ‘ease of use’ factor while
dealing transaction processes. At the same time, from a consumer perspective a number
of issues need close attention. First consumers have to become comfortable with the
intelligent systems concept. Nowadays the trust of consumers in the digital environment
is won with some difficulty. Usage of agents needs further confidence in the possibilities
of the technology. It is the agent that determines the choices on the basis of the users’
instructions. Furthermore it is likely that the rise of intelligent agents will increase the
requirement for privacy protection. Presently a reasonable level of security can be
obtained by creating numerous ‘identities’ through E-mail addresses with several
providers. With the rise of real intelligent systems this form of protection is probably of
no use anymore. The concept of an ‘electronic tail’ to follow one’s behavior in detail
seems uncomfortable. It can be foreseen that the necessity to be active on the Internet
unknowingly will increase. Also some sort of (traffic) rules has to be formulated for the
behavior of agents. In addition to this close attention has to be paid to the security,
identification and authorization of agents.

The developments in these areas will determine whether or not the rise of intelligent
agents will be seen as a curse or a blessing.

“Agents are here to stay, not least because of their diversity, their wide
range of applicability and the broad spectrum of companies investing in
them. As we move further and further into the information age, any
information-based organization which does not invest in agent technology
may be committing commercial hara-kiri”

References:

1. Article on legal aspect of intelligent agent

2. Intelligent agents and the teaching of e-governance
3. Intelligent agent
4. Article on consumer protection
5. Article on legal issues of e-commerce
6. Article on the ICT Law and Artificial Intelligence and Law Group
7. Article on enhancing e-Commerce with Intelligent Agents in collaborative
e-community
8. Article on Intelligent Agent and Internet commerce
9. Article on Agent-Based Engineering, the Web, and Intelligence
10. Article on Intelligent agents and e-commerce
11. Article on Intelligent Agents for computer and network management
12. Article on Intelligent agents, markets and competition