Summary

Aurora is a citizen of the digital world. She is threatened. The digital systems that surround her are increasingly able to make autonomous decisions over and above her and on her behalf. She feels that her moral rights, as well as the social, economic and political spheres, can be affected by the behavior of such systems. Although unavoidable, the digital world is becoming uncomfortable and potentially hostile to her as a human being and as a citizen. Notwithstanding the introduction of the GDPR and of initiatives to establish criteria on software transparency and accountability, Aurora feels vulnerable and unprotected.
EXOSOUL will build a software personalized exoskeleton that enhances and protects Aurora by mediating her interactions with the digital world according to her own ethics of actions and privacy of data. The exoskeleton disallows or adapts the interactions that would result in unacceptable or morally wrong behaviors according to the ethics and privacy preferences of Aurora. With her software shield, Aurora will feel empowered and in control, and more in balance of forces with the other actors of the digital world.
To reach the breakthrough result of automatically building a personalized exoskeleton, EXOSOUL will address multidisciplinary challenges never touched before: (i) defining the scope for and inferring citizens ethical preferences; (ii) treating privacy as an ethical dimension managed through the disruptive notion of active data; and (iii) automatically synthesizing ethical actuators, i.e., connector components that mediate the interaction between the user and the digital world to enforce her ethical preferences. EXOSOUL will deliver the first concrete contribution to an ethical approach to regulate the digital world in line with the goals of the European Data Protection Supervisor strategy 2015-2019.

Project

Exosoul is an overarching project funded by the University of L’Aquila. The project is about building a software personalized exoskeleton that enhances and protects human beings by mediating their interactions with the digital world according to their own ethics of actions and privacy of data.

Motivation – In their ordinary life, citizens in the digital world continuosly interact with software systems, e.g., by using a mobile device or from on board of a (autonomous) car. These systems are increasingly autonomous in making decisions over and above the users or on behalf of them. Often, their autonomy exceeds the system boundaries and invades user prerogatives. As a consequence, ethical issues – privacy ones included (e.g., unauthorized disclosure and mining of personal data, access to restricted resources) – are emerging as matters of utmost concern since they impact on the moral rights of each human being and affect the social, economic, and political spheres [
1EDPS. Leading by example, The EDPS Strategy 2015-2019. https://edps.europa.eu/sites/edp/files/publication/15-07-30_strategy_2015_2019_update_en.pdf, 2015.
], [
2J. P. Burgess, L. Floridi, A. Pols, and J. van den Hoven. Towards a digital ethics – edps ethics advisory group. https://edps.europa.eu/sites/edp/files/publication/18-01-25_eag_report_en.pdf, 2018.
], [
3European Group on Ethics in Science and New Technologies. statement on artificial intelligence, robotics and ‘autonomous’ systems. https://ec.europa.eu/research/ege/pdf/ege_ai_statement_2018.pdf, 2018.
], [
4Inverardi, P. (2019). The European perspective on responsible computing. Communications of the ACM, 62(4), 64-64
], [
5Autili, M., Di Ruscio, D., Inverardi, P., Pelliccione, P., & Tivoli, M. (2019). A Software Exoskeleton to Protect and Support Citizen’s Ethics and Privacy in the Digital World. IEEE Access, 7, 62011-62021.
]. Besides the philosophical aspects, the way to approach these problems is twofold: regulatory and technical. Europe has recently introduced the GDPR legislation for data protection [
6European Commission. General Data Protection Regulation, 2018.
], Sweden and Germany are at the forefront on the regulation of autonomous vehicles, while a common EU approach to liability rules and insurance for connected and autonomous vehicles is under discussion [
7T. Evas, C. Rohr, F. Dunkerley, and D. Howarth. A common eu approach to liability rules and insurance for connected and autonomous vehicles. DOI: 10.2861/282501, March 28, 2018.
]. The scientific community and some big companies are proposing initiatives to identify problems and establish criteria to develop algorithms and systems that embed autonomous capabilities [
8Association for Computing Machinery US Public Policy Council (USACM). Statement on algorithmic transparency and accountability. https://www.acm.org/binaries/content/assets/public-policy/2017_usacm_statement_algorithms.pdf, 2018.
], [
9Partnership on AI. https://www.partnershiponai.org/, 2018.
], [], [
11J. L. et al. When computers decide: European recommendations on machine-learned automated decision making. http://www.acm.org/binaries/content/assets/public-policy/ie-euacm-adm-report-2018.pdf, 2018.
]. As a matter of fact, the digital world is being recognized as potentially hostile to citizens. The initiatives proposed so far go in the direction to make the world less hostile by introducing new laws, from the regulatory side, and transparency and accountability criteria in software development, from the technical side. Regulation is important as well as in-depth insights into the technology. However, we are fully aware that achieving full adherence to regulation and transparency criteria is very difficult or even impossible in practice. We are facing a paradox: human beings are recognized as central actors, the sensitive targets; but they are passive consumers in the digital world, and the power and the burden to preserve their rights remain in the hands of the (software-) systems producers. In the mangrove societies – Floridi’s powerful metaphor
2In the digital world it is impossible to distinguish whether we are online or offline – instead we are onlife, as it is impossible to understand whether the water in the estuary – where the river meets the sea – is sweet or salty – Ref. L. Floridi. Soft ethics and the governance of the digital. Philosophy & Technology, 31(1):1–8, Mar 2018.
– human beings are unprotected in their interactions with the digital world. The great challenge, unattempted so far, is to comprehensively empower them.

The vision – The goal of EXOSOUL is to equip humans with an automatically generated exoskeleton, a software shield that protects them and their personal data via the mediation of all interactions with the digital world that would result in unacceptable or morally wrong behaviors according to their ethical and privacy preferences. The exoskeleton can take a whole spectrum of forms: from customized soft-libraries that the individual may deploy on the machines being used, to a sophisticated software interface that an individual may “wear”, eventually deployed on a body chip. Empowering the users with a personalized exoskeleton will introduce more symmetry of power in the present digital world and will effectively put humans in the center. Exoskeletons development also opens unprecedented business opportunities in the same way open source software did, which promoted the ethical principles of free software against the monopoly proprietary software producers. The European Union (EU) with its companies can become the scientific and technological leader of the future user-driven privacy and ethics systems. Furthermore, bringing back to the user part of the (digital) control helps to solve liability issues in autonomous systems by readdressing responsibility to users according to their specified ethics.

The challenges ahead – We address the challenge of automatically synthesizing a software exoskeleton starting from the ethics and privacy preferences of the user. In the ethical sphere, this requires to answer several cutting edge research questions concerning the need to: (i) identify a space of ethics and privacy preferences for users, to assess their compatibility with regulations, and to orchestrate interactions of users endorsing different preferences, so as to prevent deadlocks and to promote best ethical practices in digital societies; (ii) infer ethics and privacy preferences from the user, given that neither a person nor a society apply moral categories separately, rather everyday morality is in constant flux among norms, utilitarian assessment of consequences, and evaluation of virtues. We define the exoskeleton by considering two specific classes of interactions that citizens have with the digital world. The first one concerns interactions that involve the exchange of personal data, and that as such impact the privacy dimension, notably interactions with mobile apps through mobile devices. Until now, data are considered as passive entities and the logic implementing their life-cycle is decoupled from the data itself. For each datum that is shared over the Internet, the owner loses its track and control [
12B. Krishnamurthy and C. E. Wills. Characterizing privacy in online social networks. In Proceedings of the First Workshop on Online Social Networks, WOSN ’08, pages 37–42, New York, NY, USA, 2008. ACM.
]. Such problems have been mitigated by means of regulatory (e.g., GDPR) and technical attempts. Unfortunately, these attempts solve the mentioned issues only partially. We propose a disruptive approach that changes the passive nature of data by introducing active data. As part of the exoskeleton, active data encapsulate data with mechanisms that govern their creation, destruction, use, and sharing according to the owner ethical preferences. Destruction is the basic means to provide the right to be forgotten, which requires to equip data with an apoptosis mechanism
3In biological terms, apoptosis, also called programmed cell death, is a mechanism that allows cells to self-destruct when stimulated by the appropriate trigger, internal or external to the cell – ref. Encyclopædia Britannica.
– synthesized from the user’s ethical and privacy preferences – whose enactment depends on the use the digital world makes of the data, beyond parameters like time. The second one concerns the interaction with systems that are equipped with some degree of autonomy and that a user may want to ethically control to some extent. Autonomous vehicles and the so-called trolley problem represent a well-known limiting case, but other more ordinary cases exist [
13G. Contissa, F. Lagioia, and G. Sartor. The ethical knob: ethically-customisable automated vehicles and the law. Artificial Intelligence and Law, 25(3):365–378, 2017.
]. As part of the exoskeleton, we will address the challenge of synthesizing, out of the user’s ethical preferences, an ethical actuator able to intercept the interactions between the autonomous engine and the machine actuators and to prevent behaviours that are not admissible by the ethical preferences. Since this approach cannot be independent from the software the citizens are interacting with, by-product results of the project will be requirements on the way the digital world needs to conform in order to interact with exoskeletons. This is as important as developing the shield since it establishes architecture and protocol requirements the systems producers need to comply with. EXOSOUL citizens will interact only with the part of the digital world that accepts their requirements. This breaks the monopoly of producers by introducing symmetry in the producer/user roles and new economic drivers in the digital market. At the same time, producers can be relieved from the liability burden by readdressing responsibility to users.

Our features

Ethics

Defining the scope for and inferring citizens ethical preferences

Automation

Automatically synthesizing ethical actuators

Privacy

Treating privacy as an ethical dimension managed through the disruptive notion of active data

Research Themes