A decidable policy language for history-based transaction monitoring

Online trading invariably involves dealings between strangers, so it is important for one party to be able to judge objectively the trustworthiness of the other. In such a setting, the decision to trust a user may sensibly be based on that user's past behaviour. We introduce a specification language based on linear temporal logic for expressing a policy for categorising the behaviour patterns of a user depending on its transaction history. We also present an algorithm for checking whether the transaction history obeys the stated policy. To be useful in a real setting, such a language should allow one to express realistic policies which may involve parameter quantification and quantitative or statistical patterns. We introduce several extensions of linear temporal logic to cater for such needs: a restricted form of universal and existential quantification; arbitrary computable functions and relations in the term language; and a "counting" quantifier for counting how many times a formula holds in the past. We then show that model checking a transaction history against a policy, which we call the history-based transaction monitoring problem, is PSPACE-complete in the size of the policy formula and the length of the history. The problem becomes decidable in polynomial time when the policies are fixed. We also consider the problem of transaction monitoring in the case where not all the parameters of actions are observable. We formulate two such "partial observability" monitoring problems, and show their decidability under certain restrictions

Comprehensive Monitor-Oriented Compensation Programming

Compensation programming is typically used in the programming of web service compositions whose correct implementation is crucial due to their handling of security-critical activities such as financial transactions. While traditional exception handling depends on the state of the system at the moment of failure, compensation programming is significantly more challenging and dynamic because it is dependent on the runtime execution flow - with the history of behaviour of the system at the moment of failure affecting how to apply compensation. To address this dynamic element, we propose the use of runtime monitors to facilitate compensation programming, with monitors enabling the modeller to be able to implicitly reason in terms of the runtime control flow, thus separating the concerns of system building and compensation modelling. Our approach is instantiated into an architecture and shown to be applicable to a case study.Comment: In Proceedings FESCA 2014, arXiv:1404.043

Secure and Trustable Electronic Medical Records Sharing using Blockchain

Electronic medical records (EMRs) are critical, highly sensitive private information in healthcare, and need to be frequently shared among peers. Blockchain provides a shared, immutable and transparent history of all the transactions to build applications with trust, accountability and transparency. This provides a unique opportunity to develop a secure and trustable EMR data management and sharing system using blockchain. In this paper, we present our perspectives on blockchain based healthcare data management, in particular, for EMR data sharing between healthcare providers and for research studies. We propose a framework on managing and sharing EMR data for cancer patient care. In collaboration with Stony Brook University Hospital, we implemented our framework in a prototype that ensures privacy, security, availability, and fine-grained access control over EMR data. The proposed work can significantly reduce the turnaround time for EMR sharing, improve decision making for medical care, and reduce the overall costComment: AMIA 2017 Annual Symposium Proceeding

ERISA and the Limits of Equity

The extent to which the Employee Retirement Income Security Act (ERISA) is a statute that sounds in equity is considered. It is argued that Congress should revisit basic issues of benefits policy for which judicial reliance has not furnished fully considered answers

A Regulatory Retreat: Energy Market Exemption from Private Anti-Manipulation Actions Under the Commodity Exchange Act

In order to facilitate greater reform in energy markets, Dodd-Frank granted the CFTC wide-ranging powers as part of the greater mandate given to the CFTC in relation to OTC-swaps and the daily derivatives trading activity in commodities futures and options markets. As a result, Dodd-Frank subjected electricity market transactions—which traditionally occur under the oversight of the Federal Energy Regulatory Commission in markets organized around independent system operators and regional transmission organizations—to the anti-manipulation prohibitions of the Commodity Exchange Act. Thus, differently from FERC’s regime, the post-Dodd-Frank statutory framework opened the way for enforcement of market discipline in electricity markets through a private right of action under Section 22 of the CEA. This development drew strong opposition from the industry, and also caused a conflict between courts and the CFTC in the interpretation of the relevant law. In October of 2016, the CFTC stepped back by issuing a final exemptive order to the participants of seven national energy markets, which constitute almost the entire U.S. wholesale electricity market. The withdrawal of the private right of action conflicts with the position previously advocated by the CFTC itself. It also raises questions about the CFTC’s use of its exemptive powers, as the removal of a statutory right through agency rulemaking may potentially be in conflict with the text and statutory purpose of the CEA as amended by Dodd-Frank. The exemption not only removes an important tool in enforcing market discipline, but also has the potential to undermine the reform efforts in the transition of U.S. energy markets to a smart grid. This Note will provide a history of the developments that have unfolded since the enactment of Dodd-Frank in relation to the availability of a private right of action under the CEA in energy markets. The Note also analyzes commonly raised arguments against the availability of a private right of action and presents the various counter-arguments

Watching You: Systematic Federal Surveillance of Ordinary Americans

To combat terrorism, Attorney General John Ashcroft has asked Congress to "enhance" the government's ability to conduct domestic surveillance of citizens. The Justice Department's legislative proposals would give federal law enforcement agents new access to personal information contained in business and school records. Before acting on those legislative proposals, lawmakers should pause to consider the extent to which the lives of ordinary Americans already are monitored by the federal government. Over the years, the federal government has instituted a variety of data collection programs that compel the production, retention, and dissemination of personal information about every American citizen. Linked through an individual's Social Security number, these labor, medical, education and financial databases now empower the federal government to obtain a detailed portrait of any person: the checks he writes, the types of causes he supports, and what he says "privately" to his doctor. Despite widespread public concern about preserving privacy, these data collection systems have been enacted in the name of "reducing fraud" and "promoting efficiency" in various government programs. Having exposed most areas of American life to ongoing government scrutiny and recording, Congress is now poised to expand and universalize federal tracking of citizen life. The inevitable consequence of such constant surveillance, however, is metastasizing government control over society. If that happens, our government will have perverted its most fundamental mission and destroyed the privacy and liberty that it was supposed to protect

Beyond Bitcoin: Issues in Regulating Blockchain Transactions

The buzz surrounding Bitcoin has reached a fever pitch. Yet in academic legal discussions, disproportionate emphasis is placed on bitcoins (that is, virtual currency), and little mention is made of blockchain technology—the true innovation behind the Bitcoin protocol. Simply, blockchain technology solves an elusive networking problem by enabling “trustless” transactions: value exchanges over computer networks that can be verified, monitored, and enforced without central institutions (for example, banks). This has broad implications for how we transact over electronic networks. This Note integrates current research from leading computer scientists and cryptographers to elevate the legal community’s understanding of blockchain technology and, ultimately, to inform policymakers and practitioners as they consider different regulatory schemes. An examination of the economic properties of a blockchain-based currency suggests the technology’s true value lies in its potential to facilitate more efficient digital-asset transfers. For example, applications of special interest to the legal community include more efficient document and authorship verification, title transfers, and contract enforcement. Though a regulatory patchwork around virtual currencies has begun to form, its careful analysis reveals much uncertainty with respect to these alternative applications