Proving liability for highly and fully automated vehicle accidents in Australia

This article considers how liability questions will be resolved under current Australian laws for automated vehicle (‘AV’) accidents. In terms of the parties that are likely to be held responsible, I argue that whether the human driver remains liable depends on the degree to which the relevant AV is automated, and the degree of control the human driver had over the events leading up to the particular accident. Assuming therefore that human drivers would not be held liable for the majority of highly and fully automated vehicle accidents, plaintiffs will have to establish liability on part of those who manufacture, maintain or contribute to the operation of AVs, under the claims available in Australia's product liability regime.This article then turns to the problems of proof that plaintiffs are likely to face in establishing AV manufacturer liability in negligence, or in a defective goods claim under Part 3–5 of the Australian Consumer Law (‘ACL’). Firstly, it may be difficult to determine the cause of the AV accident, due to the technical complexity of AVs and due to ongoing concerns as to the explainability of AI-decision making. Secondly, plaintiffs may struggle to prove fault in a negligence claim, or that the vehicle was defective for the purposes of Part 3–5 of the ACL. Essentially, under both actions, manufacturers will be held to a duty to undertake reasonable testing of their AVs. Given that it is currently impracticable to completely test for, and eliminate all AV errors, and due to the broader social utility the technology is likely to offer, plaintiffs may face evidentiary challenges in proving that the manufacturer's testing was unreasonable.     

Prevalence of organic gunshot residues in police vehicles

The present study investigated the organic gunshot residue (OGSR) background level of police vehicles in Switzerland. Specimens from 64 vehicles belonging to two regional police services were collected and analysed by LC-MS in positive mode. The driver’s and back seats were sampled separately to monitor potential differences between locations and to assess the risks of a suspect being contaminated by OGSR during transportation to a police station.The results showed that most of the 64 vehicles were uncontaminated (44 driver’s seats and 38 back seats respectively). Up to six of the seven targeted compounds were detected in a single sample, once on a driver’s seat and twice on back seats. The contamination frequency generally decreased as the number of compounds detected together increased. The amounts detected were in the low ng range and less than amounts generally detected just after discharge on a shooter. Our data indicated that detecting a combination of four or more compounds on a police vehicle seat appears to be a relatively rare occurrence. The background contamination observed was most probably due to secondary transfer from police officers (e.g. through recent participation in a shooting session or firearm manipulation) or from firearms stored in the vehicles. The present results might be used as a recommendation to minimize contact of a suspect with contaminated surfaces if OGSR is implemented in routine work in parallel to IGSR analysis.     

“In the public interest”: The privacy implications of international business-to-business sharing of cyber-threat intelligence

This article reports on preliminary findings and recommendations of a cross-discipline project to accelerate international business-to-business automated sharing of cyber-threat intelligence, particularly IP addresses. The article outlines the project and its objectives and the importance of determining whether IP addresses can be lawfully shared as cyber threat intelligence.The goal of the project is to enhance cyber-threat intelligence sharing throughout the cyber ecosystem. The findings and recommendations from this project enable businesses to navigate the international legal environment and develop their policy and procedures to enable timely, effective and legal sharing of cyber-threat information. The project is the first of its kind in the world. It is unique in both focus and scope. Unlike the cyber-threat information sharing reviews and initiatives being developed at country and regional levels, the focus of this project and this article is on business-to-business sharing. The scope of this project in terms of the 34 jurisdictions reviewed as to their data protection requirements is more comprehensive than any similar study to date.This article focuses on the sharing of IP addresses as cyber threat intelligence in the context of the new European Union (EU) data protection initiatives agreed in December 2015 and formally adopted by the European Council and Parliament in April 2016. The new EU General Data Protection Regulation (GDPR) applies to EU member countries, a major focus of the international cyber threat sharing project. The research also reveals that EU data protection requirements, particularly the currently applicable law of the Data Protection Directive 95/46/EC (1995 Directive) (the rules of which the GDPR will replace in practice in 2018), generally form the basis of current data protection requirements in countries outside Europe. It is expected that this influence will continue and that the GDPR will shape the development of data protection internationally.In this article, the authors examine whether static and dynamic IP addresses are “personal data” as defined in the GDPR and its predecessor the 1995 Directive that is currently the model for data protection in many jurisdictions outside Europe. The authors then consider whether sharing of that data by a business without the consent of the data subject, can be justified in the public interest so as to override individual rights under Articles 7 and 8(1) of the Charter of Fundamental Rights of the European Union, which underpin EU data protection. The analysis shows that the sharing of cyber threat intelligence is in the public interest so as to override the rights of a data subject, as long as it is carried out in ways that are strictly necessary in order to achieve security objectives. The article concludes by summarizing the project findings to date, and how they inform international sharing of cyber-threat intelligence within the private sector.     

车辆轨迹侦查

机动车的普及使得以机动车为交通工具或侵害目标的犯罪增加。对于涉车犯罪案件，通过车辆可识别特征对车辆进行追踪和认定，在此基础上进行车辆轨迹侦查有其现实必要性。从现场勘查、视频监控、交通违章、治安卡口等多方面可以获得车辆轨迹侦查的情报。车辆轨迹侦查的目标包括查清真实车牌、分析行驶轨迹、判断活动范围、查明附加特征、获取人员体貌以及关联其他轨迹等。探讨车辆轨迹侦查“从车到人”、多维轨迹拓展、“车案碰撞”串并案件侦查等三种侦查模式在侦查工作中的应用。     

Temperature variations in a parked vehicle

There were two reasons why this work was conducted. The first was to help determine the time of death of suicide and homicide victims inside vehicles. The second was to investigate the serious threat to life of children or pets left in stationary vehicles on a hot summers day. This paper demonstrates that when a vehicle is parked in the sun, temperature levels in the cabin of the vehicle can be more than 20°C above the ambient temperature. A simple 'greenhouse' model for predicting the daily internal vehicle temperatures, using readily available local meteorological data, was developed. This statistical model was calibrated using meteorological data and temperature data collected on parked vehicles over several summer seasons. The model uses environmental temperature and radiation data as input, and is shown to predict cabin temperatures to within about 1°C. Both the data collected and the model developed show that the temperature inside the cabin of a black vehicle is typically 5°C higher than that inside a white vehicle on a hot summer day. Also lowering the driver's window of the vehicle by 2.5 cm typically reduces cabin temperatures by about 3°C, which is not sufficient to reduce significantly the safety concerns for children or pets left in parked vehicles.     

Why fairness cannot be automated: Bridging the gap between EU non-discrimination law and AI

In recent years a substantial literature has emerged concerning bias, discrimination, and fairness in artificial intelligence (AI) and machine learning. Connecting this work to existing legal non-discrimination frameworks is essential to create tools and methods that are practically useful across divergent legal regimes. While much work has been undertaken from an American legal perspective, comparatively little has mapped the effects and requirements of EU law. This Article addresses this critical gap between legal, technical, and organisational notions of algorithmic fairness. Through analysis of EU non-discrimination law and jurisprudence of the European Court of Justice (ECJ) and national courts, we identify a critical incompatibility between European notions of discrimination and existing work on algorithmic and automated fairness. A clear gap exists between statistical measures of fairness as embedded in myriad fairness toolkits and governance mechanisms and the context-sensitive, often intuitive and ambiguous discrimination metrics and evidential requirements used by the ECJ; we refer to this approach as “contextual equality.”This Article makes three contributions. First, we review the evidential requirements to bring a claim under EU non-discrimination law. Due to the disparate nature of algorithmic and human discrimination, the EU's current requirements are too contextual, reliant on intuition, and open to judicial interpretation to be automated. Many of the concepts fundamental to bringing a claim, such as the composition of the disadvantaged and advantaged group, the severity and type of harm suffered, and requirements for the relevance and admissibility of evidence, require normative or political choices to be made by the judiciary on a case-by-case basis. We show that automating fairness or non-discrimination in Europe may be impossible because the law, by design, does not provide a static or homogenous framework suited to testing for discrimination in AI systems.Second, we show how the legal protection offered by non-discrimination law is challenged when AI, not humans, discriminate. Humans discriminate due to negative attitudes (e.g. stereotypes, prejudice) and unintentional biases (e.g. organisational practices or internalised stereotypes) which can act as a signal to victims that discrimination has occurred. Equivalent signalling mechanisms and agency do not exist in algorithmic systems. Compared to traditional forms of discrimination, automated discrimination is more abstract and unintuitive, subtle, intangible, and difficult to detect. The increasing use of algorithms disrupts traditional legal remedies and procedures for detection, investigation, prevention, and correction of discrimination which have predominantly relied upon intuition. Consistent assessment procedures that define a common standard for statistical evidence to detect and assess prima facie automated discrimination are urgently needed to support judges, regulators, system controllers and developers, and claimants.Finally, we examine how existing work on fairness in machine learning lines up with procedures for assessing cases under EU non-discrimination law. A ‘gold standard’ for assessment of prima facie discrimination has been advanced by the European Court of Justice but not yet translated into standard assessment procedures for automated discrimination. We propose ‘conditional demographic disparity’ (CDD) as a standard baseline statistical measurement that aligns with the Court's ‘gold standard’. Establishing a standard set of statistical evidence for automated discrimination cases can help ensure consistent procedures for assessment, but not judicial interpretation, of cases involving AI and automated systems. Through this proposal for procedural regularity in the identification and assessment of automated discrimination, we clarify how to build considerations of fairness into automated systems as far as possible while still respecting and enabling the contextual approach to judicial interpretation practiced under EU non-discrimination law.     

GDPR-compliant AI-based automated decision-making in the world of work

Artificial Intelligence is spreading fast in our everyday life and the world of work is no exception. AI is increasingly shaping the employment context: such emerging areas are augmented and automated decision-making. As AI-based decision-making is fuelled by personal data, compliance with data protection frameworks is inevitable. Even though automated decision-making is already addressed by the European norms on data protection – especially the GDPR –, their application in the world of work raises specific questions. The paper examines, in the light of the ‘general’ data protection background, what specific data protection challenges are raised in the field of AI-based automated decision-making in the context of employment. As a result of the research, the paper provides a detailed overview on the European legal framework on the data protection aspects of AI-based automated decision-making in the employment context. It identifies the main challenges, such as the applicability of the existing legal framework to the current use-cases and the specific questions relating to the lawful bases in the world of work, and provides guidelines on how to address these challenges.     

Balancing data protection and privacy – The case of information security sensor systems

This article analyses government deployment of information security sensor systems from primarily a European human rights perspective. Sensor systems are designed to detect attacks against information networks by analysing network traffic and comparing this traffic to known attack-vectors, suspicious traffic profiles or content, while also recording attacks and providing information for the prevention of future attacks. The article examines how these sensor systems may be one way of ensuring the necessary protection of personal data stored in government IT-systems, helping governments fulfil positive obligations with regards to data protection under the European Convention on Human Rights (ECHR), the EU Charter of Fundamental Rights (The Charter), as well as data protection and IT-security requirements established in EU-secondary law. It concludes that the implementation of sensor systems illustrates the need to balance data protection against the negative privacy obligations of the state under the ECHR and the Charter and the accompanying need to ensure that surveillance of communications and associated metadata reach established principles of legality and proportionality. The article highlights the difficulty in balancing these positive and negative obligations, makes recommendations on the scope of such sensor systems and the legal safeguards surrounding them to ensure compliance with European human rights law and concludes that there is a risk of privatised policymaking in this field barring further guidance in EU-secondary law or case law.     

From porn to cybersecurity passing by copyright: How mass surveillance technologies are gaining legitimacy … The case of deep packet inspection technologies

Recent coverage in the press regarding large-scale passive pervasive network monitoring by various state and government agencies has increased interest in both the legal and technical issues surrounding such operations. The monitoring may take the form of which systems (and thus potentially which people) are communicating with which other systems, commonly referred to as the metadata for a communication, or it may go further and look into the content of the traffic being exchanged over the network. In particular the monitoring may rely upon the implementation of Deep Packet Inspection (DPI) technologies. These technologies are able to make anything that happens on a network visible and recordable. While in practice the sheer volume of traffic passing through a DPI system may make it impractical to record all network data, if the system systematically records certain types of traffic, or looks for specific patterns in all traffic, the privacy concerns are highly significant. The aim of this paper is twofold: first, to show that despite the increasing public awareness in relation to the capabilities of Internet service providers (ISPs), a cross-field and comparative examination shows that DPI technologies are in fact progressively gaining legal legitimacy; second to stress the need to rethink the relationship between data protection law and the right to private life, as enshrined in Article 8 of the European Convention on human rights and Article 7 of the European Charter of fundamental rights, in order to adequately confine DPI practices. As a result, it will also appear that the principle of technical neutrality underlying ISP's liability exemptions is misleading.     

机动车犯罪防控对策——关于机动车强制安装卫星定位系统的思考

随着机动车犯罪案件数量的增多,犯罪手段的智能化、技术化、集团化趋势日益明显,公安机关的传统侦控方式已经不能满足遏制这类犯罪的需要,而追踪机动车的行动轨迹成为侦查此类犯罪的常用程序,故建议在全国机动车上强制安装卫星定位系统,以此来控制机动车犯罪.立法机关应当把“机动车上强制安装卫星定位系统”的建议写入《中华人民共和国道路交通安全法》.这一技术手段的应用可能会触及公民的隐私权,但其社会的公益性远远大于个人的隐私权,而且公民的隐私权也能够得到有效的充分保护.     

论自动驾驶汽车生产者的刑事责任

自动驾驶汽车是人类研发、制造、使用和管理的智能产品,不是犯罪主体或刑事责任主体。在自动驾驶汽车自主控制状态下发生交通事故的,其生产者、使用者和其他人员难以按照我国现有刑法的罪名定罪处罚。除非道路交通安全法和刑法有专门的规定,驾驶位人员不接管汽车或接管后无力改变交通事故结果的,不构成交通肇事罪或其他管理过失犯罪。驾驶位人员的注意义务是阻止自动驾驶汽车自主控制下发生交通事故,其注意义务不应过高。允许的风险、紧急避险理论不能为自动驾驶汽车紧急路况处理算法的生产与应用提供合法、合理的解决方案,生产者遵守算法安全标准仅可以使生产行为合法化。鉴于现行刑法不适应自动驾驶汽车应用的特性,我国应当建立以生产者全程负责为中心的新刑事责任体系,使之在自动驾驶汽车生产和应用两个阶段承担安全管理责任,生产者拒不履行自动驾驶汽车应用安全管理义务且情节严重的,应当承担刑事责任。     

The Patients’ Rights Directive (2011/24/EU) – Providing (some) rights to EU residents seeking healthcare in other Member States

This article presents the main elements of Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients’ rights in cross-border healthcare, commonly known as the Patient’s Rights Directive. It is the latest EU initiative with regard to European Health Care and the Single Market. The main elements of the Directive contain provisions related to the prior authorisation of health care in another Member State, the reimbursement of such health care and the removal of unjustified obstacles to achieving these aims.These provisions largely reflect the recent case law of the European Court of the Justice (ECJ). Amongst these are provisions involving the use of personal data. Such provisions will engage data protection issues and will have to be carried out according to the data protection directives. Alongside this primary aim of codifying ECJ case law the Patient’s Rights Directive also introduces novel initiatives aimed at fostering cross border cooperation between various elements of national healthcare systems.Part 1 of this contribution will describe the legal basis and the aims of the PRD, Part 2 will describe the principle obligations placed on the Member States with regard to reimbursement, Parts 3 and 4 will describe other informational and procedural requirements placed upon the Member States of Treatment and Affiliation. Finally Part 5 will outline some of the novel initiatives that have been included in the PRD.The increases in the frequency of cross border-treatment that this directive attempts to facilitate are likely to see a concurrent increase in cross-border patient information flows. Such data flows will be subject to the Union’s provisions on Data Protection. It remains uncertain whether the EU’s Data Protection regime will act as inhibitor to cross-border medical treatment or rather represent a gold standard that allows patients to engage in such activities with peace of mind. The Patient’s Rights Directive will form part of the EU’s future e-Health strategy which envisages a large increase in the fluidity of patient data. A discussion of this directive is therefore merited in this journal.     

“套牌车”的防范打击研究

近年来,国内“套牌车”日益增多,引发了各种社会危害,不仅给道路交通安全带来了威胁,损害了国家和群众的利益,还滋生出系列社会问题和法律问题。“套牌车”大量涌现主要是因为法律法规不完善和打击难度较大。防范打击措施是：完善立法,加大打击力度;严格执法,加强管控;提高车主的自我保护意识。     

Multi application smart card schemes: Data protection: multi-application smart cards: the use of global unique identifiers for cross-profiling purposes — Part I

This article, consisting of three parts, will comment on how the opportunities offered by multi-application smart card schemes can be reconciled with data protection requirements. In the first part, the focus will be on the regulatory framework of the smart card manufacturer and the legal requirements to develop less privacy-killing technologies. Hereafter, some technical solutions will be proposed to demonstrate that multi-application smart card technology can be reconciled with the principles of personal data protection legislation. In the third and final part, the communication of personal data through electronic communications networks will be analysed. In relation hereto, it must be indicated that intelligent servers will become increasingly important to assure the interoperability between different application providers and different smart card schemes.     

Humans in the GDPR and AIA governance of automated and algorithmic systems. Essential pre-requisites against abdicating responsibilities

The GDPR mandates humans to intervene in different ways in automated decision-making (ADM). Similar human intervention mechanisms can be found amongst the human oversight requirements in the future regulation of AI in the EU. However, Article 22 GDPR has become an unenforceable second-class right, following the fate of its direct precedent -Article 15 of the 1995 Data Protection Directive-. Then, why should European policymakers rely on mandatory human intervention as a governance mechanism for ADM systems? Our approach aims to move away from a view of human intervention as an individual right towards a procedural right that is part of the culture of accountability in the GDPR. The core idea to make humans meaningfully intervene in ADM is to help controllers comply with regulation and to demonstrate compliance. Yet, human intervention alone is not sufficient to achieve appropriate human oversight for these systems. Human intervention will not work without human governance. This is why DPIAs should play a key role before introducing it and throughout the life-cycle of the system. This approach fits better with the governance model proposed in the Artificial Intelligence Act. Human intervention is not a panacea, but we claim that it should be better understood and integrated into the regulatory ecosystem to achieve appropriate oversight over ADM systems.     

Computer simulation of the accident with nine victims

In the paper we wish to emphasise the significance of vehicle driving dynamics analysis in the collision phase and occupant load analysis by means of using a software environment. Thereby we also wish to present the results of the simulation of the course of a traffic accident with nine victims that arose from a collision between an Audi A6 passenger car and the VW Caravelle van. In treating the traffic accident the forensic expert was faced with the questions about what caused the injuries to the front passenger in the Audi A6 passenger car, about the way the two vehicles had collided, about their collision velocities, about the way the two vehicles were handled and about the causes that originated the traffic accident. The critical situation on the road was a consequence of the tiredness of the van driver, the inadequate use of the passive safety systems and overloading the van.     

骑跨伤在机动车碰撞自行车事故中的特征及生物力学分析

目的以真实案例为基础,研究自行车与机动车碰撞交通事故中,不同机动车型、交通方式等因子造成自行车骑车人下肢内侧骑跨伤的特征,分析其生物力学机制。方法选取上海地区发生的自行车与机动车碰撞交通事故案例140例,全面收集现场、自行车、机动车、人体、交通方向等信息,运用回顾性研究方法分析,同时,选取其中典型案例,通过计算机仿真技术模拟事故发生过程,提取人体各受伤部位的动力学响应数值,如加速度、力和力矩等,与案例研究结果对比。结果全部事故中出现骑跨伤与无骑跨伤案例频数相等;侧面撞击与前后方向撞击骑跨伤的发生情况无显著性差别;大型车辆撞击事故中出现骑跨伤频率较低;骑跨伤的发生频率随车速加大而增高;就骑跨伤的分布来说,撞击侧下肢骑跨伤位置低(链条、脚蹬管等损伤),而对侧骑跨伤位置高(鞍座损伤),在小型车辆撞击时该特点更明显。结论分析自行车骑车人的骑跨伤特征和生物力学机制有望对道路交通行为方式鉴定提供新依据。     

Merging self-driving cars with the law

Self-driving cars are gradually being introduced in the United States and in several Member States of the European Union. Policymakers will thus have to make important choices regarding the application of the law. One important aspect relates to the question who should be held liable for the damage caused by such vehicles. Arguably, product liability schemes will gain importance considering that the driver's fault as a cause of damage will become less likely with the increase of autonomous systems. The application of existing product liability legislation, however, is not always straightforward. Without a proper and effective liability framework, other legal or policy initiatives concerning technical and safety matters related to self-driving cars might be in vain. The article illustrates this conclusion by analysing the limitation periods for filing a claim included in the European Union Product Liability Directive, which are inherently incompatible with the concept of autonomous vehicles. On a micro-level, we argue that every aspect of the Directive should be carefully considered in the light of the autonomisation of our society. On the macro-level, we believe that ongoing technological evolutions might be the perfect moment to bring the European Union closer to its citizens.     

车外人员撞击伤特点分析

目的以真实案例为基础,研究汽车碰撞事故中,不同机动车车型、不同交通方式等因素造成车外人员撞击伤的特征。方法选取上海地区发生的汽车与车外人员碰撞事故案例200例,通过对事故中的人、车等检验对比,分析车外人员撞击伤的特点。结果车外人员撞击伤主要出现在下肢,其次为胸部和头部;行人（含推车人）撞击伤出现频次与骑车人（含自行车或摩托车后座乘员）无明显差异;小轿车和小客车事故中撞击伤多见于下肢,大客车多见于胸部;车外人员被撞击后发生抛甩频率随车速的加大而增高,且通过车体痕迹检验,人体与车辆挡风玻璃发生（二次）撞击伤匹配程度最高。结论分析汽车与车外人员碰撞事故人体撞击伤特点,对于交通伤法医学鉴定及深化交通伤机制研究具有参考价值。     

Gunshot residue in Chicago police vehicles and facilities: an empirical study

Suspects in shooting investigations in Chicago are routinely transported in department vehicles and detained in department facilities prior to gunshot residue (GSR) evidence collection. The GSR test results are used to associate the suspect with primary exposure to GSR. The potential for these vehicles and facilities being sources of secondary GSR contamination needed to be determined. A total of 201 samples were collected from randomly selected vehicles and detention facilities. The sampling collected trace materials from surfaces that suspects' hands may contact during the arrest process. These samples were examined for the presence of GSR particles using scanning electron microscopy. Upon completion of the automated analysis, those particles that met an initial GSR screening criterion were relocated and reanalyzed. The locations where GSR particles were recovered allowed us to make recommendations to the Chicago Police Department with regard to transporting and detaining these suspects. The low number of GSR particles recovered suggests that the potential for secondary contamination, although present, is relatively low.