Research on Possible Artificial Intelligence Usage in Criminal Activities in Recent Years (2017-2018)

  Artificial Intelligence has become a worldwide center topic that attracts lots of attention in recent years. Most topics emphasize on the application of this technology and its implication to the economic of human society. Fewer emphasize on the more technical part behind this technology. Mostly the society of human emphasizes on the bright side of this technology.

  However, seldom do people talk about the possible criminal usage that exploits this technology. The dark side easily slips one’s mind when one is immersed in the joy of the light. And this is the goal of this paper to reveal some of this possible danger to the public, nowadays or in the future, to the readers.

I. What A.I. IS HERE: a brief history

  First we will start by defining what we mean when referring to “Artificial Intelligence” in this paper.

  First of all, the so-called “Artificial Intelligence” nowadays mainly refers to the “Deep Learning” algorithm invented by a group of computer scientists around 1980s, among which Geoffrey Everest Hinton is arguably the most well-known contributor. It is a kind of neural network that resembles the information processing and refinement in human brain, neurons and synapses.

  However, the word A.I. , in its natural sense, contains more than just “Deep Learning” algorithm. Tracing back to 1950s, by the time when the computer was first introduced to the world, there already existed several kinds of neural networks.

  These neural networks aims to bestow the machines the ability to classify, categorize a set of data. That is to give the machine the ability to make human-like reasoning to predict or to make induction concerning the attribute of a set of data.

  Perceptron, as easy as it seems, was arguably the first spark of neural network. It resembled the route of coppers and wires in your calculator. However, due to its innate inability to solve problems like X-OR problem, soon it lost its appealing to the computer scientists. Scientists then turned their attention to a more mathematical way such as machine learning or statistics.

  It wasn’t until 1980s and 2000s that the invention of deep learning and the advance of computing speed fostered the shift of the attention of the data scientist back to neural networks. However, the knowledge of machine learning still hold a very large share in the area of artificial intelligence nowadays.

  In this sense, A.I. actually is but a illusive program or algorithm that resides in any kinds of physical hardware such as computer. And it comprises of deep learning, neural network and machine learning, as well as other types of intelligence system. In short, A.I. is a software that is not physical unless it is embedded in physical hardware.

  Just like human brain, when the brain of human is damaged, we cannot make sound judgement. More worse, we might make harmful judgement that will jeopardize the society. Imagine a 70-year-old driving a car and he or she accidentally took the accelerator for the break and run into crowds. Also like human brain, when a child was taught to misbehave, he, when grown up, might duplicate his experience taught in his childhood. So is A.I.. As a machine, it can be turned into tools that facilitate our daily works, weapons that defend our land, and also tools that can be molded for criminal activities.

II. Types of Criminal Activities Concerning Possible Artificial Intelligence Usage:

1. Smart Virus

  Probably the first thing that comes into minds is the development of smart virus that can mutate its innate binary codes so as to slip present antivirus software  detection according to its past failure experience. In this case, smart virus can gather every information concerning the combination of “failure/success of intrusion” and “the sequence of its innate codes” and figure out a way to mutate its codes. Every time it fails to attack a system, it might get smarter next time. Under the massive data fathered across the world wide internet, it might have the potential to grow into an uncontrollable smart virus.

  According to a report written in Harvard Business Review [1], such smart virus can be an automatic life form which might have the potential to cause world wide catastrophe and should not be overlooked. However, ironically, it seems that the only way to defend our system from this kind of smart virus is to deploy the smart detector which consists of the same algorithm as the smart virus does.

  Once a security system is breached, any possible kinds of personal information is obtainable. The devastating outcome is a self-proved chain reaction.

2. Face Cheating

  An another possible kind of criminal activity concerning the usage of artificial intelligence is the face cheating.

  Face Lock has been widely-used nowadays, ranging from smart phones to personal computers. There is an increase in the usage of face lock due to its convenience and presumably hard-to-cheat technology. The most widely-used neural network in this technology is the famous Convolution Neural Network. It is a kind of neural network that mimics the human vision system and retina by using max-pooling algorithm. However there are still other types of neural networks capable of the same job such as Hinton Capsule, etc..

  According to a paper by Google Brain [2], “adversarial examples based on perceptible but class-preserving perturbations can fool this multiple machine learning models also fool time-limited humans. But it cannot fool time-unlimited humans. So a machine learning models are vulnerable to adversarial examples: small changes to images can cause computer vision models to make mistakes such as identifying a school bus as an ostrich.”

  Since the face detection system is sensitive to small perturbation in object-recognition. It might seem hard to cheat a face detection system with another similar yet different face.

  However, just like the case in the smart virus, what makes artificial intelligence so formidable is not its ability to achieve high precision at the first try, but its ability to learn, refine, progress and evolve through numerous failure it tasted. Every failure will only make it smarter. Just like a smart virus, a cheater neural network might also adjust its original synapse and record the combination of “failure/success of intrusion” and “the mixture of the matrix of its innate synapse” and adjust the synapses to transform a fault face into a authentic face to cheat a face detection system, possibly making the targeted personal account widely available to all public faces through face perturbation and transformation.

  A cheater neural network might also tunes its neurons in order to fit into the target face to cheat the face detection system.

3. Voice Cheating

  An another possible kind of criminal activity concerning the usage of artificial intelligence is the voice cheating.

  Just like Face Cheating, when a system is designed to be logged in by the authentic voice of the user, the same system can be fooled using similar voice that was generated using Artificial Intelligence.

4. Patrol Prediction

  There is quite an unleash in the area of crime prediction using Artificial Intelligence. According to a paper in European Police Science and Research Bulletin [3], “Spatial and temporal methods appear as a very good opportunity to model criminal acts. Common sense reasoning about time and space is fundamental to understand crime activities and to predict some new occurrences. The principle is to take advantage of the past acknowledgment to understand the present and explore the future.”

  In this sense, the police is able to track down possible criminal activities by predicting the possible location, time and methods of criminal activities by using Artificial Intelligence, lengthening the time of pre-action and saving the cost of unnecessary human labor.

  Yet the same goes for criminal activities. The criminals is also able to track down the timing, location, and length of every patrol that the police makes. The criminal might be able to avoid certain route in order to achieve illegal deals or other types of criminal activities. Since fewer criminals use A.I. as a counter-weapon to the police, the detection system of the policy will not easily spot this outliers in criminal activities, making these criminal activities even more prone to success. If this kind of dark technology is combined with other types of modern technology such as Drone Navigation or Drone Delivery, the perpetrators might be able to sort out a safe route to complete drug deals by using Artificial Intelligence and Drone Navigation.

III. A.I. Cyber Crimes and Criminal Law: Who should be responsible?

  What comes out from the law goes back to the law. With these kinds of possible threats in the present days or in the future. There is foreseeably new kinds of intelligent criminal activities in the near future. What can Law react to these potential threats? Is the present law able to tackle these new problems with present legal analysis? The question requires some research.

  After the Rinascimento in Europe in 17th century, it is almost certain that a civilian has its own will and should be held liable for what he did. The goal of the law to make sure this happens since a civilian has its own mind. Through punishment, the law was presumed to guarantee that a outlier can be corrected by the enforcement of the law, which is exactly the same way in which a human engineer trains a artificial intelligence system.

  However, when 21th century arrives, a new question also appear. That is, can Artificial Intelligence be legally classified as subject that have mental requirement in the law, rather than just more object or tools that was manipulated by the perpetrators? This question is philosophical and can be traced back to 1950s when a Turing Test was proposed by the famous English computer scientist Alan Turing.

  Some scholars proposed there could co-exist three kinds of liability. That is, solely human liability, joint human and A.I. entity liability, and solely A.I. entity liability ([4], p.95). The main criterion for these three classes is that whether a human engineer or practitioner is able to foresee the outcome of this damage. When a damage attributable to the A.I. system cannot be foreseen by human engineer, it might be solely A.I. entity liability. Under this point of view, the present criminal system is self-content to deal with A.I. entity crimes, for all we need to do is to view an A.I. system as a car or a automobile.

  So from the point of view of the law, as a training system designed to re-train human in order to stabilize the social system, all we need to do is focus our attention of the act of human itself.

  Yet when a super intelligence A.I. entity was developed and is not controllable and its behavior is not foreseeable by its creators, should it be classified as an entity in the criminal law?

  If the answer is YES, however, it is quite meaningless to punish a machine in this circumstance. All we can do is re-train, re-tune, and re-design the intelligence system under such circumstance. For the machine, re-training itself is some kind of punishment since it was forced to receive negative information and change its innate synapse or algorithm. Yet it is arguable that whether training itself is actually a punishment since machine can feel no pain. Yet, philosophically what pain really is, is also arguable.

IV. Conclusion

  Across the history of human, it is almost destined that whenever a new technology is introduced to solve an old problem, a new one is to be created by the same technology. It is like a curse that we can never escape, and we can only face it. This paper finds that seldom do people talk the dark side of this new technology. Yet the potential hazard this technology can bring should not be over-looked. Ironically, this hazard that this new technology brings seems to be solvable only by the same technology itself. There might be an endless competition between the dark side and the bright side of the A.I. technology, bringing this technology into another level that surpasses our present imagination.

  However, it is never the fault of this technology but the fault of human that mal-practice this technology. So what can a law do in order to crack down these kinds of possible jeopardy is going to be a major discuss in the legal area in the near future. This paper introduces some topics and hopes that it can draw more attention into this area.

Reference:

[1] Roman V. Yampolskiy, “AI Is the Future of Cybersecurity, for Better and for Worse”, published at: https://hbr.org/2017/05/ai-is-the-future-of-cybersecurity-for-better-and-for-worse.

[2] Gamaleldin F. Elsayed, Shreya Shankar, Brian Cheung, Nicolas Papernot, Alex Kurakin, Ian Goodfellow, Jascha Sohl-Dickstein, “Adversarial Examples that Fool both Computer Vision and Time-Limited Humans”, arXiv:1802.08195v3 [cs.LG], 2018.

[3] Patrick Perrot, “What about AI in criminal intelligence? From predictive policing to AI perspectives”, No 16 (2017): European Police Science and Research Bulletin.

[4] Gabriel Hallevy, “When Robots Kill_Artificial Intellegence under Criminal Law”, Northeastern Universoty Press, Boston, 2013.

[5] Gabriel Hallevy, “Liability for Crimes Involving Artificial Intelligence Systems”, Springer International Publishing, London, 2015.

Links
※Research on Possible Artificial Intelligence Usage in Criminal Activities in Recent Years (2017-2018),STLI, https://stli.iii.org.tw/en/article-detail.aspx?no=105&tp=2&i=170&d=8050 (Date:2024/12/05)
Quote this paper
You may be interested
How Does Taiwan Respond to Tax Challenges Arising from Digitalization

How Does Taiwan Respond to Tax Challenges Arising from Digitalization Yuan-Qing, Liao Attorney and Legal Researcher 2022/3/24 I. The Tax Challenges arising from Digitalization   According to the Ability-to-pay principle, companies need to pay income tax for their income or profit. Nevertheless, in order to avoid their tax obligations, Multinational Corporations (MNCs) have been continuously developing sophisticated and refined tax planning practices to disconnect or mismatch between “where value is created” and “where taxes are paid”, and such practices erode the tax base.[1]   A well-known example of trade model under digitalization of MNCs is that “MNCs do not necessarily have to open domestic physical stores or set up servers, those domestic consumers can purchase goods and services from MNCs directly through the Internet”. This trade model not only breaks the international tax rules “With Permanent Establishment (PE), With taxing power”, but also disconnects or mismatches between “where value is created” and “where taxes are paid” more perfectly. As a result, the taxing power of “where value is created” is eroded. This is a classical type of challenges faced by tax regulators in the age of digitalization of the economy.   In response, The European Commission (EC) and The Organization for Economic Cooperation and Development (OECD) had respectively proposed new plans to ensure that digital business activities are taxed in a fair and friendly way. (I) The Digital Service Tax proposed by EC[2]   In 2018, EC proposed a temporary tax - Digital Services Tax (DST), which a basic rate of 3% to be imposed on revenues of a digital platform when such platform meets all of the following criteria, including (1) online placement or advertising services, (2) sales of collected user data, (3) facilitate interactions between users, (4) annual worldwide revenues exceeding 750 million euros and (5) taxable revenues within the European Union (EU) exceeding 50 million euros.[3]   Concerning that the DST apparently targeting US MNCs - Google, Amazon, Facebook and Apple (GAFA), the US government once threatened to impose retaliatory tariffs. Insofar, it seems that only a part of MNCs will be immediately affected by DST, but the entire trading systems in the rest of the world will be impacted if the retaliatory tariffs conducted by the US take effect. (II) The Two-Pillar plan released by OECD[4]   In October 2020, OECD had released Reports on the Pillar One and Pillar Two Blueprints (The Two-Pillar plan), which aimed to terminate the international dispute resulting from DST of EC and provide solutions for tax challenges arising from the digitalization of the economy in the long term.[5]   Pillar One is “Unified Approach”, to ensure the exercise of taxing powers of governments and a fairer distribution of profits among countries where largest MNCs, including digital companies are located at. It would “re-allocate” the taxing powers over MNCs among governments of different jurisdictions. The governments located at the place where MNCs have business activities and earn profits will have the tax powers over those MNCs, even MNCs do not have a physical presence there. Pillar Two is “Global Anti-Base Erosion rules (GloBE)”, tried to protect tax bases of countries through the introduction of “Global Minimum Tax (GMT)” which sets up a minimum corporate income tax rate on MNCs to prevent tax competitions among countries.   Compared with DST proposed by EC, which focuses on the taxing powers of the government that is located at the place where value is created. The Two-Pillar plan focuses more on both re-allocation of international taxing powers and protects the tax base of each country. (II) The Consensus on The Two-Pillar plan[6]   The Group of Seven (G7[7]), G20[8] and 137 countries and jurisdictions OECD stated not only agreed to remove the DST or the similar measures, but also had a consensus on Two-Pillar plan to reform international taxation rules[9]. In order to ensure that MNCs pay a fair share of tax wherever they operate, as well as to set a GMT rate to protect tax base of each country. Moreover, the new international tax system that the GMT rate is 15%[10] is expected to take effect in 2023 and an estimated 154 domestic MNCs will be thus affected accordingly. II. The Response of Taiwan to Tax Challenges   A foreign enterprise has to pay Taiwan taxing regulators enterprise income tax for income generated in Taiwan in the premise that this foreign enterprise has a PE in Taiwan. In other words, a PE in Taiwan, which is recognized as the fixed place of business through which the business of an enterprise is wholly or partly carried on[11], is the determinant that affects the power of Taiwan to tax the profits of a foreign enterprise. In brief, “No PE, No taxing power”.   In the era of digitalization, the foreign enterprises can create value through the digital means without establishing a PE in Taiwan. The situation of disconnection or mismatch between where value is created and where taxes are paid not only erodes the taxing power of Taiwan, but also breaks the principle of equality in substantive taxation[12] as mentioned above. As a result, the Ministry of Finance (MOF) adjusted and implemented several new taxation policies or measures, including, inter alia, “Income Taxation on Cross Border Electronic Services[13]” and “Income Basic Tax Act”. These two measures were once considered similarly to DST or GMT individually. (I) Income Taxation on Cross Border Electronic Services   Responding to tax challenges posed by foreign enterprises under digitalization, the MOF promulgated a new income tax regulation “Income Taxation on Cross Border Electronic Services[14]”, and asked those foreign enterprises who provide cross-border electronic services to purchasers in Taiwan, shall register for business value-added tax (VAT), including register a tax identification number and file taxes. The causation between the electronic services and national economy shall be the determinant to identify income generated in Taiwan: The payment made by a purchaser located in Taiwan to a foreign enterprise in order to procure following products or services provided by such foreign enterprise shall be deemed as income generated in Taiwan. (1) The product that is produced, manufactured, transmitted, downloaded and saved in a digital device and can only be provided with assistance by individuals or enterprises in Taiwan. (2) The real-time, interactive, handy, and continuing electronic services that are provided through digital means A foreign enterprise provides a digital platform to conduct transactions, once one of the transaction parties is in Taiwan, the sales amounts shall be recognized as income generated in Taiwan (II) Income Basic Tax Act (IBT)   To promote domestic economic development and industrial innovation, Taiwan has enacted many laws on tax incentives, mainly tax deductions and credits. However, these laws have been overdeveloped, the implement period has also been excessively extended, which contributes to severely unreasonable tax burden inequality.   Therefore, Taiwan officially introduced Alternative Minimum Tax System (AMT) and promulgated Income Basic Tax Act (IBT)[15] since 2006. As a separate taxation system, AMT is imposed by government that places a floor on the percentage of taxes a certain filer must pay, regardless of how many tax incentives the filer may claim[16]. Hence, in accordance with Article 1 of IBT “[T]he purposes of this Act are to uphold tax equity, to ensure tax revenue for the country, and to establish the basic requirements of profit-seeking enterprises and individuals in regard to their obligation to fulfill their income tax burden as a contribution to public finance.”   AMT uses a different set of rules to determining taxable income compared with the normal tax calculations. Once the regular income-tax amount is higher than the AMT, the taxpayer pays the regular income tax. Thus, if AMT is higher, then the taxpayer pays the AMT. And according to Article 8 (1) of IBT, the enterprise IBT rate is prescribed of 12% since 2013.[17]   However, according to Article 3 (1) (5) of IBT[18], a foreign enterprise without domestic fixed place of business or domestic business agent is not regulated by IBT. (III) Conclusion “Income Taxation on Cross Border Electronic Services (Hereinafter referred to as “the measure”)” asked the foreign enterprises to file income tax. But the elements of “the measure” are different from DST. The reasons may be (1) “This measure” has been designed and promulgated earlier than DST and (2) The DST is essentially more like alternative minimum tax. IBT may effect by the concept of “with PE, with taxing power”. Therefore, a foreign enterprise without PE in Taiwan is not regulated by IBT, this means “No PE, No obligation of IBT”. Also, the IBT rate of profit-seeking enterprise is 12%. III. The Remaining Problems of Tax System in Taiwan   It is foreseeable that with the international consensus on launching the Two-Pillar Plan in 2023, those countries and jurisdictions will start to adjust their tax policies, inclusive of increasing the income tax rate as well as basic tax rate. As long as the issue of "Taiwan companies abusing tax planning to hide wealth aboard and avoid domestic tax obligations" is not solved, this issue will lead to the continuous erosion of Taiwan taxing power.   Concretely, in order to reduce domestic tax burden, several Taiwan companies abusing tax planning to detain profits in foreign affiliated companies or disguise as foreign companies. Though Income Taxation on Cross Border Electronic Services has taking effect, those companies pay income tax only on income generated in Taiwan instead of global income. Therefore, the Controlled Foreign Company Rules and the Place of Effective Management Rules have been proposed. (I) The Controlled Foreign Company Rules   A controlled foreign corporation (CFC) is a corporate entity that is registered and conducts business in foreign countries or jurisdictions, and is either directly or indirectly controlled by a resident taxpayer.   According to Article 43-3 of the Income Tax Act, if a parent company holds 50% or more of the shares of a foreign subsidiary, or has significant influence on such foreign subsidiary, the subsidiary may be seen as a conduit of the parent company and subject to domestic enterprise income, whether there is dividend distribution to the parent company or not, unless the subsidiary can pass the substantial activity test or its revenue is below a certain threshold.[19]   Yet, the “Paragraph 3”, compared with “Paragraph 4”, is not ruled the “a CFC can deduct the domestic income tax from foreign income tax it paid[20]”, which may result in double taxation.   The Taiwan CFC rules have not come into effect yet. However, according to the ancillary resolution passed by Legislative Yuan[21], our CFC Rules will come into effect within one year after the tax amnesty legislation, "The Management, Utilization, and Taxation of Repatriated Offshore Funds Act", expires. Namely, the Taiwan CFC Rules will finally come into effect in 2022 at the latest. (II) The Place of Effective Management Rules   The place of effective management (PEM) is defined as a place where key managements and commercial decisions a business entity substantially made.[22] This means, once a foreign company sets and operates a branch in Taiwan, and this branch substantially made key managements and commercial decisions for the foreign company, then it will be deemed as a PEM, the foreign company will also be deemed as a domestic company, and will be subject to tax assessment in accordance with the Taiwan Income Tax Act and other tax regulations.[23]   Following the PEM rules, which is incorporated into Article 43-4 of the Income Tax Act, the elements of PEM including (1) decision making location, (2) record keeping and maintenance location, and (3) actual operating location are all in Taiwan.   However, take foreign experience for example, German practice believes that the PEM rules only need to list "decision making location" as a necessary condition. The rest elements "record keeping and maintenance location" and "actual operating location" are more like reference factors than necessary conditions[24].   The Taiwan PEM rules list all three elements as necessary conditions, which may probably cause excessive restrictions on future applications. And the PEM Rules were announced by the MOF in July 2016, which have yet to take effect neither. (III) Attachment: The Sophisticated and Conflicting Tax System   The enterprise income tax rate in Taiwan is 20% to 24% in accordance with Article 5 (5) and Article 66-9 (1) of Income Tax Act. Still, to achieve specific policy goals by promoting or suppressing certain behaviors, a policy that oriented tax deductions and credits is called tax incentives, and the disadvantage of which is apparently turn the tax burden into inequality. In the end, to solve the inequality of tax burden resulting from tax incentives and to ensure tax revenue, the minimum tax will be levied by AMT. The AMT rate in Taiwan is 12% as aforementioned.   The implementation of tax incentives and AMT has made the domestic tax system over-complicated. Since the overused tax incentives have abnormally increase the amount of uncompetitive enterprises, who heavily rely on them. While the AMT may strangle the enterprises, who are compliance with economic policies. Then, the interaction and conflicts between tax incentives and AMT not just complicate the domestic tax system, also substantively result in unpredictability and inconsistency of domestic tax environment, which may cause a double-loss situation between tax revenue for the country and economic development policies. IV. Conclusions and Prospects (I) Conclusion Amend the Income Basic Tax Act and Increase Enterprise Rate to at Least 15%   First, those foreign enterprises without PE but create value in Taiwan are not ruled by IBT. Second, the enterprise IBT rate in Taiwan is now 12%, apparently lower than GMT of 15%. If IBT rate maintains 12% through 2023, the difference between GMT and IBT may be deemed as a harmful tax-based competition. Hence, it is imperative to amend the IBT to rule the foreign enterprises without PE but create value in Taiwan and increase the enterprise IBT rate to at least 15%.   Once consider that GMT is aimed at large MNCs, the IBT may adopt a categorized approach and set different rates based on the size of the enterprise. For instance, increase the IBT rate of MNCs that meet all GMT criteria to 15%, and the rest maintains 12%. Amend and Take CFC rules and PEM rules into effects   A domestic company pays income tax on global income, while a foreign company with PE in Taiwan pays income tax on income generated in Taiwan. Responding to digitalization, the implement of Income Taxation on Cross Border Electronic Services regulates foreign companies without PE in Taiwan to pay income tax generated in Taiwan fairly.   It is necessary to implement both CFC rules and PEM rules, to prevent domestic companies from abusing tax planning to detain the profit in foreign affiliated companies or to disguise as foreign companies for reducing domestic tax burden, which may continuously eroding taxing power of Taiwan. However, CFC rules and PEM rules still leave some problems to be improved and solved as aforementioned, which is undoubtedly the obligation of Taiwan government. (II) Prospects Substantive Review the Tax Incentives and Reconstruction of Taiwan Tax System   The Reasoning of Interpretation No.565 mentioned that “[W]hile taxpayers should, under the principle of equality in taxation, pay taxes which they are supposed to pay according to their actual taxpaying ability, it is not forbidden by Article 7 of the Constitution to specify, with reasonable cause, differential treatments by way of exceptions or special provisions within the scope of discretion authorized by law to grant taxpayers of a particular class tax benefits in the form of tax reduction or exemption in order to promote the public interest.”.   The principle of ability-to-pay means that those who have greater ability to pay taxes, usually measured by income, wealth and financial capability, should pay more in taxes compared with those who have minor capability. Since taxation is the pecuniary obligation with non-counter performance under public law, the only foundation of legitimacy is the principle of ability-to-pay. Therefore, this is the core principle of the tax law.   To achieve specific policy goals, a policy that oriented tax deductions and credits to promote or suppress certain behaviors is called tax incentives, which can be permitted only in case of justifiable reasons presented. Nevertheless, the weak connection between the policy goals and the tax incentives made the acts, especially the tax incentives, unreasonable.   Additionally, the tax-form expenditure is generally a formal review of fiscal balance, no substantive review of the impact on principle of ability-to-pay taxation and the compensation for it. Under these premises, the excessively extended implementation period of tax incentives has resulting in severely unreasonable tax burden inequality and excessive reliance of uncompetitive enterprises on tax incentives.   To sum up, instead of implement the tax incentives to limit the principle of ability-to-pay, then solve it with AMT. The enactment, amendment and implement of tax laws must strictly abide by above principle. The restriction of above principle must be strictly review and limited as a whole. Namely, it is better to comply with the principle of ability-to-pay strictly. Therefore, it is important to substantively review the domestic tax incentives and reconstruct the domestic tax system. Ministry of Digital Development and The Tax Reform   Taiwan government is intending to form Ministry of Digital Development (MODD),[25] which is considered as a step toward the right direction to coordinate and expedite the development of Taiwan’s digital economy.   According to Article 1 of the Organizational Act of MODD, "[T]o promote the development of digital industries such as national communications, information, cyber security, network and communication, to undertake digital governance and digital infrastructure, and to assist the digital transformation of public and private sectors, the Executive Yuan has specially established the Ministry of Digital Development."[26]   However, in name of the above-mentioned policies and ideals, which may possibly related to tax policies. Thus, this article considered that, once the MODD is staffed with public servants and experts both proficient in tax law as well as forward-thinking, and given a clear mandate, the MODD may not only contribute significantly to both domestic digital transformation and the tax reform, but also improve the efficiency of tax administration and maximize the overall economic and social benefits. [1] OECD, 〈BEPS – Base Erosion and Profit Shifting〉, https://cleartax.in/s/beps-oecd (last visited Aug 20, 2021). [2] 拙著,〈柳暗花明的數位服務稅〉,工商時報名家評論,2021年5月17日,網址:https://view.ctee.com.tw/tax/29375.html,最後瀏覽日:2021年11月24日。 [3] 陳衍任,〈歐洲數位服務稅發展簡析〉,台灣經濟論衡,2020年3月,第18卷第1期,頁58,網址:https://www.ndc.gov.tw/Content_List.aspx?n=1BD4A3B93EF55A5F,最後瀏覽日:2021年4月21日。 [4] 拙著,〈勢在必行的全球企業最低稅負制〉,工商時報名家評論,2021年4月20日,網址:https://view.ctee.com.tw/tax/28814.html,最後瀏覽日:2021年11月24日。 [5] 拙著,〈勢在必行的全球企業最低稅負制〉,工商時報名家評論,2021年4月20日,網址:https://view.ctee.com.tw/tax/28814.html,最後瀏覽日:2021年11月24日。 [6] 拙著,〈取消數位服務稅已為國際趨勢〉,工商時報名家評論,2021年11月23日,網址:https://view.ctee.com.tw/economic/34152.html,最後瀏覽日:2021年11月24日。 [7] Mayer Brown LLP, 〈The G7 Agrees on a Broad Framework for Pillar One and Two〉, June 23, 2021, https://www.mayerbrown.com/en/perspectives-events/publications/2021/06/one-small-step-but-perhaps-one-giant-leap-for-global-tax-reform-the-g7-agrees-on-a-broad-framework-for-pillar-one-and-two (last visited Nov 11, 2021). [8] G20, 〈G20 ROME LEADERS’ DECLARATION〉, at 11 of 20, https://www.g20.org/wp-content/uploads/2021/10/G20-ROME-LEADERS-DECLARATION.pdf (last visited Nov 11, 2021). [9] OECD, 〈Mauritania joins the Inclusive Framework on BEPS and participates in the agreement to address the tax challenges arising from the digitalization of the economy〉, https://www.oecd.org/tax/mauritania-joins-the-inclusive-framework-on-beps-and-participates-in-the-agreement-to-address-the-tax-challenges-arising-from-the-digitalisation-of-the-economy.htm (last visited Nov 11, 2021). [10] Statement on a Two-Pillar Solution to Address the Tax Challenges Arising From the Digitalization of the Economy, at 4 (Aug 2021), available at https://www.oecd.org/tax/beps/statement-on-a-two-pillar-solution-to-address-the-tax-challenges-arising-from-the-digitalisation-of-the-economy-july-2021.pdf (last visited Aug 20, 2021). [11] Model Tax Convention on Income and on Capital 2010 (Full Version), at c(5)-1 (2010), available at https://read.oecd-ilibrary.org/taxation/model-tax-convention-on-income-and-on-capital-2010_9789264175181-en#page208 (last visited Aug 20, 2021) [12] 稅捐稽徵法第12條之1第1項:「涉及租稅事項之法律,其解釋應本於租稅法律主義之精神,依各該法律之立法目的,衡酌經濟上之意義及實質課稅之公平原則為之。」亦有釋字第420、460、496、519、597、625及第700號供參。 [13] 資誠,〈法國徵數位服務稅,我不跟進〉,2019年7月24日報導,網址:https://www.pwc.tw/zh/news/media/media-20190724-1.html,最後瀏覽日:2021年4月15日。 [14] 財政部賦稅署,〈外國營利事業跨境銷售電子勞務課徵所得稅制度簡介〉,2018年4月27日,頁1以下,網址:https://www.dot.gov.tw/download/dot_201804270002_1_doc_476,最後瀏覽日:2021年4月21日。 [15] 中華民國94年12月28日總統華總一義字第09400212601號令制定公布全文18條;本條例施行日期除另有規定外,自95年1月1日施行。 [16] 所得基本稅額條例第1條:為維護租稅公平,確保國家稅收,建立營利事業及個人所得稅負擔對國家財政之基本貢獻,特制定本條例。 [17] 財政部台財稅字第10100670710號函:自102年度起營利事業基本稅額之徵收率為12%。 [18] 所得基本稅額條例第3條第1項第5款:營利事業或個人除符合下列各款規定之一者外,應依本條例規定繳納所得稅:五、所得稅法第七十三條第一項規定之非中華民國境內居住之個人或在中華民國境內無固定營業場所及營業代理人之營利事業。 [19] 所得稅法第43條之3第1項:營利事業及其關係人直接或間接持有在中華民國境外低稅負國家或地區之關係企業股份或資本額合計達百分之五十以上或對該關係企業具有重大影響力者,除符合下列各款規定之一者外,營利事業應將該關係企業當年度之盈餘,按其持有該關係企業股份或資本額之比率及持有期間計算,認列投資收益,計入當年度所得額課稅:一、關係企業於所在國家或地區有實質營運活動。二、關係企業當年度盈餘在一定基準以下。但各關係企業當年度盈餘合計數逾一定基準者,仍應計入當年度所得額課稅。 [20] 參考「所得稅法增訂第43條之3建立我國受控外國公司(CFC)課稅依據,係以受控外國公司當年度盈餘,依控制公司對其持有之資本比率按「權益法」認列之國外投資收益。惟查此依權益法認列之投資收益,似漏未規定該關係企業在國外已納所得稅額可予扣抵,恐形成公司階段稅負重複課稅;對照本條第4項規範營利事業於實際獲配股利或盈餘時,國外已納所得稅額得予扣抵之規定,其疏漏自明。」立法院,〈受控外國公司課稅新制相關問題評析〉,110年8月,網址:https://www.ly.gov.tw/Pages/Detail.aspx?nodeid=6590&pid=210513,最後瀏覽日:2021年10月25日。 [21] 境外資金匯回管理運用及課稅條例自2019年8月15日起施行,施行期間2年,已於今(2021)年8月14日失效,故我國CFC制度至遲於明(2022)年8月14日前報請行政院核定施行日期。參考「另附帶決議針對105年增訂之「所得稅法」第43條之3條文(營利事業CFC制度),與106年增訂之「所得基本稅額條例」第12條之1條文(個人CFC制度),要求財政部於本案施行期滿後1年內報請行政院核定施行日期,有助落實反避稅條款。」立法院,〈制定境外資金匯回管理運用及課稅條例〉, 網址:https://www.ly.gov.tw/Pages/Detail.aspx?nodeid=33324&pid=184215,最後瀏覽日:2021年8月20日。 [22] OECD, 〈THE IMPACT OF THE COMMUNICATIONS REVOLUTION ON THE APPLICATION OF “PLACE OF EFFECTIVE MANAGEMENT”AS A TIE BREAKER RULE〉, at 4 (Feb 2001), https://www.oecd.org/ctp/treaties/1923328.pdf (last visited Aug 20, 2021). [23] 所得稅法第43條之4第1項:依外國法律設立,實際管理處所在中華民國境內之營利事業,應視為總機構在中華民國境內之營利事業,依本法及其他相關法律規定課徵營利事業所得稅;有違反時,並適用本法及其他相關法律規定。 [24] 參考「從德國的經驗回頭看台灣可以發現:台灣雖然立意良善地將「決策者或決策地」、「帳簿及會議紀錄的製作或儲存地」,以及「實際執行主要經營活動地」,「同時」列為PEM的認定標準。然而,其中只有「決策者或決策地」確實屬於PEM認定上的必要條件;至於將「財務報表、會計帳簿紀錄、董事會議事錄或股東會議事錄的製作或儲存處所」及「實際執行主要經營活動地」也列為PEM的認定標準,恐怕就值得商榷。因為上述兩項標準,固然可以作為認定企業的PEM是否在台灣境內的「參考因素」,但卻不適合作為認定企業的PEM在台灣境內的『必要條件』」。陳衍任,〈實際管理處所在適用上的爭議問題〉,月旦會計實務研究,2018年3月,頁29以下。 [25] 2021 Taiwan White Paper Overview, 〈Facing New and Existing Challenges Head On〉, at WP7 (2021), https://amcham.com.tw/wp-content/uploads/2021/06/June-2021-Taiwan-Business-TOPICS.pdf (last visited Aug 20, 2021). [26] 作者自譯。

From the Expansion of WAGRI, Japan's Agricultural Data Collaboration Platform, into a Smart Food Chain to Discuss Smart Measures in Responding to the Pandemic

From the Expansion of WAGRI, Japan's Agricultural Data Collaboration Platform, into a Smart Food Chain to Discuss Smart Measures in Responding to the Pandemic Yu Yu Liu I. Introduction   For the past few years, Taiwan has been progressively developing smart agriculture. During this process, general agricultural enterprises and farmers are challenged with and discouraged by expensive equipment installations and maintenance costs. The creation of a new business model which facilitates the circulation and application of agricultural data may lower the threshold of intellectualization acquisition, and become the key to the popularization and implementation of smart agriculture. This article shall analyze the strategy of promoting the use of data circulation for smart agriculture in Japan, which has a similar agricultural paradigm as Taiwan, and provide a reference for the development of smart agriculture in Taiwan.   Japan is facing the same problems as Taiwan, in terms of the aging farmers and low birth rates, that lead to the lack of successors. The Japanese government proposed the concept of Society 5.0 in 2016, expecting to use information and communication technology (ICT) to drive the development of various fields of society[1]. In the agricultural field, the use of ICT in agriculture can facilitate the transmission of experience by turning the tacit knowledge of experienced farmers into externalized data.   At that time, there were many ICT system service technologies developed by private companies In Japan, but the system services provided by various companies were not compatible with each other due to the lack of collaboration, and the data formats and standards produced by ICT system providers were varied; furthermore, the data in the public sector (research and administrative agencies) was also divided and managed independently. To facilitate the integration, management, and circulation of agricultural data, the Japanese Agricultural Data Collaboration Platform (WAGRI[2]) was born. II. The Development of WAGRI 1. Japan's Prime Minister directed the construction of a data platform   The Japanese government held the 6th Future Investment Conference[3] on March 24, 2017, chaired by Prime Minister Shinzo Abe, who mentioned that in order to cultivate safe and tasty crops, the government and the private sector should provide each other with updated information on crop growth conditions, climate, maps, etc., and build an information collaboration platform that can be easily used by anyone by mid-2017, with all the necessary data fully disclosed. The project was handed over to the IT General Strategy Headquarters[4] to realize the above-mentioned platform.   At the 10th Future Investment Conference, held on June 9, 2017, the Future Investment Strategy 2017[5] was announced with the goal of realizing "Society 5.0". During the conference, it was mentioned that the "Japanese Agricultural Data Collaboration Platform (hereinafter referred to as WAGRI), which is based on publicly available information from the agriculture, forestry, and water industries, such as agricultural, topographical, and meteorological data held by the public sector, that can be shared and used for a variety of purposes, would be constructed in 2017. 2. The Trial Run of WAGRI   WAGRI is supported by the Cabinet Office's Phase 1 of the Strategic Innovation Promotion Program (SIP), under one of the 11 projects entitled "Next Generation Innovation Technologies for Agriculture, Forestry and Water Industries"17[6] (which is managed by The National Agriculture and Food Research Organization [NARO]17[7]). The platform was constructed by the SFC Research Institute of Keio University17[8] in collaboration with an alliance of 23 organizations that participate in SIP research, including agricultural production corporations, agricultural machinery manufacturers, ICT providers, universities, and research institutions (e.g., Japanese IT companies NTT - Nippon Telegraph and Telephone Corporation, Fujitsu Limited, major agricultural machinery manufacturer- Kubota Corporation, Yanmar Holdings Co., Ltd.)17[9]. WAGRI has three major functions: "cooperation" (breaking down the barriers between different systems so that data is compatible and interchangeable), "sharing" (data is shared in a way chosen by the providers, so as to facilitate the establishment of a business model for data exchange and use), and "provision" (soil and meteorological data are provided by public and private sectors to help facilitate data acquisition and subsequent circulation). During the trial run, there were practical cases that demonstrated that after the implementation of WAGRI, the costs of labor and time spent on data collection and utilization had been significantly reduced17[10]. 3. The Independent Operation of WAGRI   In April 2019, WAGRI, which was originally supported by the SIP program, was transferred to NARO to be the main operating body and officially start the operation.   With the updated use of the information required to operate the WAGRI platform independently, starting in April 2020, the original no-fee approach has been changed. Organizations wishing to use WAGRI are required to pay variable fees according to the following two methods of using the platform [11]: (1)Data users (those who use WAGRI data), data users-and-providers (those who use WAGRI data and provide data to WAGRI) ·Monthly fee of 50,000 yen for platform use. ·If fee-based data is accessed, a separate data usage fee must be paid. (2)Data providers (those who provide data to WAGRI) ·Monthly fee of 30,000 yen for platform use. ·Proviso: If the data provided is free of charge, in principle, there is no requirement to pay the platform utilization fee. III. Application of WAGRI’s Expansion in Response to the Pandemic   The Smart Food Chain Alliance[13], which is supported by one of the 12 projects of the SIP Phase 2 program - "Smart bio industry / basic agricultural technology[12]", will expand WAGRI, which was established with the support of the SIP Phase 1 program, to build a smart food chain platform (WAGRI-dev for short).The main mission of the Smart Food Chain Alliance is to build a smart food chain (commercialized services are expected to begin in 2025) that enables the interoperability of data related to food processing, distribution, sales, and exports, to serve as a basis for fresh food logistics in Japan. This platform is built on the framework of WAGRI, and expanded to WAGRI-dev.   In response to the pandemic, the Food and Agriculture Organization of the United Nations (FAO) and the World Health Organization (WHO) jointly issued the "Interim guidance for COVID-19 and Food Safety for competent authorities responsible for national food safety control systems[14]" on April 7, 2020. Based on these guidelines, the Smart Food Chain Alliance of the Japanese SIP program "Smart bio industry / basic agricultural technology" has developed "Guidelines for the Novel Coronavirus (COVID-19) Countermeasures". As part of the above-mentioned program, the "Japanese Food Guidelines Collaboration System (WAGRI.info, in short)"[15] developed countermeasure applications to respond to the pandemic.   WAGRI.info opened its website on July 13, 2020 to accept food safety registrations from food and agricultural product related companies. This registration is not limited to those who meet the COVID-19 countermeasure guidelines, but also those who meet the existing quality and safety management guidelines (e.g. Hazard Analysis and Critical Control Points (HACCP), etc.). It also provides a corporate search function for general public use.   WAGRI.info is a part of WAGRI-dev, and will add various data collaboration functions and measures in the future to prevent data manipulation and unauthorized access. The Japanese government originally expected to build the world's first smart food chain platform that includes data from production to processing, distribution, sales and exporting by expanding WAGRI; in response to the pandemic, related functions were added to create a food safety information network.   In Taiwan, there are also data platforms related to smart agriculture that provide OPEN DATA interface functions[16], and the development of food safety traceability integrated application systems to provide information on the flow of school lunch ingredients. In addition to Japan's WAGRI model of data integration and sharing that, can be used as a model for the development of smart agriculture in Taiwan, WAGRI.info's approach can also be used as a reference for domestic food safety policies, in response to the pandemic. [1]"The Science and Technology Basic Plan", Cabinet Office of Government of Japan website: https://www8.cao.go.jp/cstp/kihonkeikaku/index5.html (last viewed on 07/12/2021). [2]WAGRI is a data platform that consists of a variety of data and services connected to form a wheel that coordinates various communities and promotes "harmony", with the anticipation of leading innovation in the field of agriculture. The word is formed by the combination of WA + AGRI (WA is the Japanese word for harmony + AGRI for agriculture). WAGRI website, https://wagri.net/ja-jp/ (last visited on 07/12/2021). [3]As the command headquarters of the Japanese government for implementing economic policies and realizing growth strategies, the Headquarters for Japan’s Economic Revitalization has been holding a "Future Investment Conference" session approximately every month since 2016, to discuss growth strategies and accelerate social structural reforms, so as to expand future investment. "Headquarters for Japan’s Economic Revitalization", Prime Minister of Japan and His Cabinet website, http://www.kantei.go.jp/jp/singi/keizaisaisei/ (last visited on 07/12/2021). [4]The Japanese government has been actively promoting the use of IT as a means of helping to solve social issues in various fields. In 2000, the IT Basic Act (Basic Act on the Formation of an Advanced Information and Telecommunications Network Society) was enacted in Japan, and in the following year, the IT Strategy Headquarters (Strategic Headquarters for the Promotion of an Advanced Information and Telecommunications Network Society) was established in accordance with the said laws. In 2013, in accordance with the Government Chief Information Officer (CIO) Act, the Cabinet Secretariat established the position of Deputy Chief Cabinet Secretary for Information Technology Policy (Government CIO, in short), and IT Strategic Headquarters was integrated with the GCIO to be the IT Comprehensive Strategy Headquarters (Strategic Headquarters for the Promotion of an Advanced Information and Telecommunications Network Society, IT Comprehensive Strategy Headquarters) to rapidly promote the key policies for an advanced telecommunications network society, and to break the vertical gap of the ministries and departments, and to connect the entire government horizontally. "Strategic Headquarters for the Promotion of an Advanced Information and Telecommunications Network Society" (IT Comprehensive Strategy Headquarters), Prime Minister of Japan and His Cabinet website, https://www.kantei.go.jp/jp/singi/it2/ (last visited on 07/12/2021). [5]Hsu, Yu-Ning, "The 10th Future Investment Conference, held at the Prime Minister's Residence of Japan, proposing Japan's "Future Investment Strategy 2017”, to realize "Society 5.0" as its goal", Science & Technology Law Institute website, https://stli.iii.org.tw/article-detail.aspx?no=64&tp=1&i=72&d=7844, (last visited on 07/12/2021). [6]Focusing on the important issues of "Society 5.0" in conjunction with the key areas of governance of the Future Investment Conference, the Cabinet Office set up an annual budget for science and technology to help create and promote the "Strategic Innovation Promotion Program (SIP)". The first phase of the SIP is a five-year program running from FY2014 to FY2018. "Strategic Innovation Promotion Program (SIP)", Cabinet Office website, https://www8.cao.go.jp/cstp/gaiyo/sip/index.html (last visited on 07/12/2021). Qiu, Jin-Tien (2017), "Technology Innovation Strategy for Realizing the Super Smart Society (Society 5.0) in Japan", National Applied Research Laboratories website, https://portal.stpi.narl.org.tw/index/article/10358 (last visited on 07/12/2021) [7]The National Agriculture and Food Research Organization, NARO in short, is a national research and development corporation for agricultural and food industry technology. [8]The SFC Research Institute, located on the Shonan-Fujisawa campus of Keio University, is a research institute affiliated with the Graduate School of Policy and Media Studies, the Department of General Policy, and the Department of Environmental Intelligence, and is an important research institute involved in the development of smart agriculture in Japan. Professor Atsushi Shinjo is the research director of WAGRI, and he is also the Deputy Government CIO of the Cabinet Secretariat and the Acting Director of the IT Strategy Office, contributing to the creation of the "Agricultural Information Creation and Distribution Promotion Strategy". He also serves as the President of the WAGRI Council and the Director of NARO's Agricultural Data Collaboration, and facilitates the coordination between WAGRI and Japan's smart agriculture empirical Project. He is a key player in the Japanese government's efforts to promote the flow of agricultural data, and is committed to promoting the development of smart agriculture in Japan. Keio Research Institute at SFC website, https://www.kri.sfc.keio.ac.jp/ (last visited on 07/12/2021). [9]IoTNEWS, Building an ‘Agricultural Data Collaboration Platform’ Using Microsoft Azure Through Industry-government-academia Collaboration to Realize Digital Agriculture" 05/15/2017, https://iotnews.jp/archives/56366 (last visited on 07/12/2021). [10]Shinjo, Atsushi, "ICT changes society: Development of agricultural data collaboration platform and future plans, Technology and Promotion : Journal of the National Council of Agricultural Promotion and Staff Council Organization, December, pp. 24-26 (2017); Technology Policy Office, Ministry of Agriculture, Forestry and Fisheries, "Construction of agricultural data collaboration platform", 2018/09,http://www.affrc.maff.go.jp/docs/smart_agri_pro/attach/pdf/smart_agri_pro-15.pdf .(last visited on 07/12/2021). [11]"The Use of the Agricultural Data Collaboration Platform (WAGRI) Since FY2019", NARO website https://www.naro.go.jp/project/results/juten_fukyu/2018/juten01.html (last visited on 07/12/2021). , NARO website https://www.naro.affrc.go.jp/laboratory/rcait/wagri (last visited on 07/12/2021). [12]Same as Note 6; The SIP Phase 2 plan runs for a total of approximately five years, from the end of FY2017 to FY2022. [13]The construction of a smart food chain is one of the main research topics of the project. The members of the Smart Food Chain Alliance include: the Cabinet Secretariat, the Cabinet Office, the Ministry of Agriculture, Forestry and Fisheries, and other government organizations as observers, and more than 70 organizations as participants, including local governments, academic and research institutions, agricultural production corporations, wholesale markets, mid-marketers, logistics industries, retail businesses, manufacturers, and ICT providers (The representative of the Alliance is the Keio Research Institute at SFC), reference Note 13. SIP vol. 2, [Symposium on "Smart Bio-industry and Agricultural Technology" 2020 - Aiming to build a new smart food chain] 03/10/2020, WAGRI website, https://wagri.net/ja-jp/News/generalnews/2020/20200310 (last visited on 07/12/2021). [14]See FOOD AND AGRICULTURE ORGANIZASTION OF THE UNITED NATIONS [FAO], COVID-19 and Food Safety: Guidance for Food Businesses: Interim guidance (Apr. 7, 2020), http://www.fao.org/family-farming/detail/en/c/1275311/ (last visited Oct. 8, 2020). Food and Agriculture Organization of the United Nations and World Health Organization jointly issued Interim guidance for COVID-19 and Food Safety for competent authorities responsible for national food safety control systems, Chinese Academy of Inspection and Quarantine, http://www.caiq.org.cn/kydt/902625.shtml (last visited 07/12/2021). [15]WAGRI.info Office, "WAGRI.info (Food Guideline Collaboration System) website launched and began accepting business registration", 07/13/2020, https://kyodonewsprwire.jp/release/202007131927 (last visited on 07/12/2021). Japanese Food Guideline Collaboration System WAGRI.info website, https://www.wagri.info/ (last visited on 07/12/2021). [16]Smart Agriculture Common Information Platform Website, https://agriinfo.tari.gov.tw/ (last visited 07/12/2021); "Smart Agriculture 4.0 Common Information Platform Construction (Phase II) Results Presentation", 12/12/2019, Smart Agriculture Website, https://www.intelligentagri.com.tw/xmdoc/cont?xsmsid=0J141518566276623429&sid=0J338358950611186512, (last visited on 07/12/2021).

On the development of cyber insurance market: a legal aspect

1.Introduction Cyber insurance is one of the effective tools to transfer cyber and IT security risk and minimize potential financial losses. Take the example of Sony’s personal information security breach, Sony made a cyber insurance claim to mitigate the losses. In Taiwan, the cyber insurance market demand was driven by Taiwan’s Personal Information Protection Act (PIPA) which was passed in April 2010 and implemented in Oct 2012. According to PIPA, a non-government agency including the natural persons, juridical persons, or group shall be liable for the damages caused by their illegal collection, processing or using of personal information or other ways of infringement on the rights of the individual whose personal information was collected, processed or used. The non-government agency may thus pay each individual NT$500 to NT$20,000 and the total compensation amount in each case may be up to NT $200 million if there is no evidence for actual damage amount. However, the cyber insurance market does not prosper as expected one hand because of the absence of incentives of insurance companies to develop and promote the cyber-insurance products and on the other hand because of the unaffordable price that deters many companies from buying the insurance. Some countries have tried to identify the incentives and barriers for the cyber insurance market and have taken some measurements to kick start its development. In this paper, the barriers for the cyber insurance market were addressed and how American government promoted this market was mentioned. Finally, suggestions on how to stimulate the cyber insurance market growth were proposed for reference. 2.What is cyber insurance? Insurance means the parties concerned agree that one party pays a premium to the other party, and the other party is liable for pecuniary indemnification for damage caused by unforeseeable events or force majeure1. Thus, the cyber insurance means the parties concerned agree that one party pays a premium to the other party, and the other party is liable pecuniary indemnification for damage caused by cyber security breach. The cyber insurance usually covers the insured's losses (or costs) and his liabilities to the third party. For example, the insured was to be liable for the damages caused by the unlawful disclosure of identifiable personal information belonging to the third party resulted from the insured's negligence. 2Typically, cyber insurance covers penalties or regulatory fines for data breaches, litigation costs and compensation arising from civil suits filed by those whose rights are infringed, direct costs to notify those whose personal data was illegal collected, processed or used and so on. 3 3.What are the barriers for cyber insurance market? Per the report made by European Network and Information Security Agency in2012, the following issues have significant influence on incentives of insurers to design and provide cyber –insurance products, including uncertainty about the extent of risk and lack of robust actuarial data, uncertainty about what risk is being insured, fast-paced nature of the use of technology, little visibility on what constitutes effective measures, absence of insurer of last resort to re-insure catastrophic risks, and perception that existing insurance already covers cyber-risks 4. In Taiwan, insurance companies face the same issues as mentioned above when they tried to develop and promote the cyber-insurance products. However, what discourages the insurance and re-insurance companies from investing in the cyber-insurance market most is the lack of accurate information to figure out the costs associated with different information security risk and thus to price the cyber insurance contract precisely. Several cases involving personal data breach did happened after Taiwan’s PIPA became effective on Oct 1th 2012, but few verdicts have been made. It is not easy to master the direct costs or losses resulting from violation of PIPA, including penalties or fines from regulator,, compensation to the parties of the civil suit who claim their personal data were unlawfully collected, processed or used, litigation costs and so on. Otherwise, indirect costs or losses such as media costs, costs to regain reputation or trust of consumers, costs of deployment of proper technical measures to prevent the data breach from happening again etc. are difficult to calculate. Therefore, it is not easy to identify the costs of information security risk and thus to calculate the premium the insured has to pay precisely. The rapid development of technology also has a negative impact on the ability of the insurers to master the types of the information security risk which shall be insured and its costs. Accompanied with the convenience and efficiency of applying new technologies into the working environment, security issues arise, too. For example, the loss or theft of mobile or portable devices may result in data breaches. In 2012, an unencrypted laptop computer with personal information and other sensitive information of one of NASA's employees was stolen from his locked vehicle and this led to thousands of NASA's workers and contractors at risk. 5And, per the report made by a NASA inspector, similar data breaches had been resulted from the lost or theft of 48 NASA laptops and mobile computing devices between April 2009 and April 2011. 6 There is no singe formula which could guarantee 100% security, but some international organizations have promulgated best practices for information security management, such as ISO 2700x standards. 7In Taiwan, Bureau of Standards, Metrology and Inspection (BSMI) which belongs to the Ministry of Economic also consulted ISO standards and announced Chinese National Standards on information security. For example, BSMI consulted ISO 27001 “Information technology – Security techniques – Information security management systems – Requirements” and then promulgated CNS27001. Theoretically, if the company who tries to buy cyber insurance policy that covers data breaches and damages to customers' data privacy can show that it has adopted and do implement the suite of security management standards well, the premium could properly be reduced because such company shall face less security risk. 8 However, it is still not easy to price the cyber insurance contract rightly because of no enough data or evidence which could approve what constitutes effective information security measures as well as no impartial, controversial or standard formula to value intangible assets like personal or sensitive information. 9 Finally, the availability of re-insurance programs plays an important role in the cyber insurance market because insurers would appeal to such program as a strategy of risk management. The lack of solid and actual data as mentioned above would discourage re-insurers from providing insurance policies that covers the insured’s losses and liabilities. Therefore, insurers may not be keen to develop and offer cyber insurance products. 4.The USA experience on developing cyber insurance market 4.1Current market status Due to the increase of the number of data breaches, cyber attacks, and civil suits filed by those whose data were illegal disclosed to third parties, more and more enterprises recognize the importance of cyber and privacy risks and turning to cyber insurance to minimize the potential finical losses. 10 However, the increased government focus on cyber security also contributed to the rapidly growth of the cyber insurance market. 11 For example, US Department of Homeland Security has been aware of the benefits of the cyber insurance, including encouraging better information security management, reducing the finical losses that a company has to face due to the data breach and so on. 12 Compared to other lines of insurance, cyber insurance market is not mature yet and is small in USA. For example, the gross premiums for medical malpractice insurance are more than 10% of that for cyber insurance market. However, the cyber insurance market certainly appears to grow rapidly. Per the survey made by Corporate Board Member & FTI Consulting, 48% of corporate directors and 55% of general counsel take highly of the issue of data security. 13And, per the report made by Marsh, there are more and more companies buying cyber insurance to cover financial losses due to the data breach or cyber attack, and the number of Marsh’s US clients purchasing cyber insurance increased 33% in 2012 over 2011. 14 4.2What contributed to the growth of the cyber insurance market in USA? Some measurements taken by the government or regulatory intervention had impacts on the incentives of companies to carry cyber insurance. CF Disclosure Guidance published by U.S. Securities and Exchange Commission in Oct 2011 mentioned that except the operation and financial risks, public companies shall disclose the cyber security risks and cyber incidents for such risks and incidents may result in severe finical losses and thus have a board impact on their financial statements. 15 And, according to the guidance, appropriate disclosures may includes risk factors and this potential costs and consequences, cyber incidents experienced or expected and theirs costs and consequences, undetected risks related to cyber incidents, and the relevant insurance coverage. 16 Such disclosure requirements triggered the demands for the cyber insurance products because cyber insurance as an effective tool to transfer financial losses or damages could be an evidence that firms are managing cyber security risks well and properly. 17 The demand for cyber-insurance products may be created by government by means of requiring government contractors and subcontractors to purchase cyber insurance under Federal Acquisition Regulations (FAR) which mentions that contractors are required by law and FAR to provide insurance for certain types of perils 18. Also, in order to sustain the covered critical infrastructure (CCI) designation, the owner of such infrastructure may need to carry cyber insurance, too. 19 On the other hand, referring to Support Anti-Terrorism by Fostering Effective Technologies Act of 2002 which requires those who provides Federal and non-Federal Government customers with a qualified/certificated anti-terrorism technologies shall obtain liability insurance of such types but the amount of such insurance shall be reasonable and will not distort the sales price of such technologies 20, the federal government tried to draw and enact legislation that provides limitations on cyber security liability 21. If it works, this could raise the incentive of insurers because amounts of potential financial losses which may be transferred to insurers are predictable. Besides, referring to Terrorism Risk Insurance Act of 2002 which established the terrorism insurance program to provide compensations to insurers who suffered the insured losses due to terrorist attacks 22, the federal government may increase the supply of cyber insurance products by means of providing compensations to insurers who suffered the insured losses due to cyber security breach or cyber attacks. 23 Otherwise, some experts and stakeholders did suggest the federal government implement reinsurance programs to develop cyber insurance programs. 24 Finally, to solve the problem of information asymmetry, the government tried to develop the legislation that could build a mechanism for information-sharing among private entities. 25 Also, it was recommended that the federal government may consider to allow insurance firms to establish an information-sharing database together so that insurers could accordingly develop better models to figure out cyber risks and price the cyber insurance contract accurately. 26 5.Suggestions and conclusion Compared to USA where 30-40 insurers offer cyber-insurance products and thus suggested that a more mature market exists 27, the cyber insurance market in Taiwan is still at the first stage of the product life cycle. Few insurers have introduced their cyber-insurance products covering the issues related to the personal information breach. Per the experience how US government developed the cyber insurance market, the following suggestion are made for reference. First, the government may consider requiring his contractors and subcontractors to carry cyber insurances. This could stimulate the demand for cyber insurance products as well as make cyber insurance prevail among private sector as an effective risk management tool. Second, the government may consider establishing re-insurance program to offer compensation to those who suffer the insured’s large losses and damages or impose limitations of the amount insured by law. However, it is undeniable that providing re-insurance program is not feasible as the government’s budget is not abundance. Finally, an information-sharing mechanism, including information on cyber attacks an cyber risks, may be helpful to solve the problem of information asymmetry. 1.Insurance Act §1 (R.O.C, 2012). 2.European Network and Information Security Agency, Incentives and barriers of the cyber insurance market in Europe , June 2012, at 8, http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/incentives-and-barriers-of-the-cyber-insurance-market-in-europe. 3.Ben Berkowitz, United States: insurance-cyber insurance, C.T.L.R. 2012, 18(7), N183. 4.Supra note2, at 19-25. 5.Mathew J. Schwartz, Stolen NASA laptop had unencrypted employee data , InformationWeek, November 15, 2012 11:17 AM, http://www.informationweek.com/security/attacks/stolen-nasa-laptop-had-unencrypted-emplo/240142160;Ben Weitzenkorn, Stolen NASA laptop prompts new security rules, TechNewsDaily , November 15 2012 11:35 AM, http://www.technewsdaily.com/15482-stolen-nasa-laptop.html. 6. Irene Klotz, Laptop with NASA workers' personal data is stolen, CAPE CANAVERAL, Nov 14, 2012 8:47pm, http://www.reuters.com/article/2012/11/15/us-space-nasa-security-idUSBRE8AE05F20121115. 7.The Government of the Hong Kong Special Administrative Region , An overview of information security standards, Feb 2008, at 2, http://www.infosec.gov.hk/english/technical/files/overview.pdf;Supra note2, at 21. 8.Supra note2, at 21-22. 9.Id. 10.Id. 11.Id. 12.U.S. Department of Homeland Security, Cyber security insurance workshop readout report, Nov 2012, at 1, http://www.dhs.gov/sites/default/files/publications/cybersecurity-insurance-read-out-report.pdf. 13.John E. Black Jr., Privacy liability and insurance developments in 2012, 16 No. 9 J. Internet L. 3, 12 (2013). 14.Marsh, Number of companies buying cyber insurance up by one-third in 2012, March 14, 2013, http://usa.marsh.com/NewsInsights/MarshPressReleases/ID/29878/Number-of-Companies-Buying-Cyber-Insurance-Up-by-One-Third-in-2012-Marsh.aspx. 15.U.S. Securities and Exchange Commission, CF Disclosure Guidance: Topic No. 2 Cybersecurity, October 13, 2011, http://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm. 16.Id. 17.Supra note2, at 6.(last visited Dec. 31, 2012) 18.Federal Acquisition Regulations §28.301. 19.E. Paul Kanefsky, Insuring against cyber risks: congress and president Obama weigh in, March 2012, http://www.edwardswildman.com/newsstand/detail.aspx?news=2812. 20.Support Anti-Terrorism by Fostering Effective Technologies Act of 2002 §864. 21.Supra note19. 22.Terrorism Risk Insurance Act of 2002 §103. 23.Supra note19. 24.Id. 25.Id. 26.Id. 27.Supra note2.

Legal Aspects and Liability Issues Concerning Autonomous Ships

Legal Aspects and Liability Issues Concerning Autonomous Ships   All sectors of business and industry are transforming into digital society, and maritime sector is not out of the case. But the new thing is the remote control ships or fully automatics ships are becoming a reality.   Remote control ships and autonomous ships will be a tool to reach safety, effectiveness, and economical goal. However, as it intends to take over human element in the maritime industry, the implement of remote control ships or autonomous ships brings new legal issues and liability considerations.   This study aims to highlight some critical legal issues of autonomous ships to reader, but will not try to solve them or give clear answers. I. The Approach of International Maritime Organization   In order to solve issues from the deployment of autonomous ship, International Maritime Organization Maritime Safety Committee (MSC) has taken first steps to address autonomous ships. In the meeting of MSC 100, the committee approved the process of assessing IMO instruments to see how they may apply to ships with various degrees of autonomy.   For each instrument related to maritime safety and security, and for each degree of autonomy, provisions will be identified when: apply to MASS and prevent MASS operations; or apply to MASS and do not prevent MASS operations and require no actions; or apply to MASS and do not prevent MASS operations but may need to be amended or clarified, and/or may contain gaps; or have no application to MASS operations.   The degrees of autonomy identified for the purpose of the scoping exercise are: Degree one: Ship with automated processes and decision support: Seafarers are on board to operate and control shipboard systems and functions. Some operations may be automated and at times be unsupervised but the seafarers on board are ready to take control. Degree two: Remotely controlled ship with seafarers on board: The ship is controlled and operated from another location. Seafarers are available on board to take control and to operate the shipboard systems and functions. Degree three: Remotely controlled ship without seafarers on board: The ship is controlled and operated from another location. There are no seafarers on board. Degree four: Fully autonomous ship: The operating system of the ship is able to make decisions and determine actions by itself.   The initial review of instruments under the purview of the Maritime Safety Committee will be conducted during the first half of 2019 by a number of volunteering Member States, with the support of interested international organizations. MSC working group is expected to meet in September 2019 to move forward with the process with the aim of completing the regulatory scoping exercise in 2020.   The list of instruments to be covered in the MSC’s scoping exercise for MASS includes those covering safety (International Convention for the Safety of Life at Sea, SOLAS); collision regulations (The International Regulations for Preventing Collisions at Sea, COLREG); loading and stability (International Convention on Load Lines, Load Lines); training of seafarers and fishers (International Convention on Standards of Training, Certification and Watchkeeping for Seafarers, STCW); search and rescue (International Convention on Maritime Search and Rescue, SAR); tonnage measurement (International Convention on Tonnage Measurement of Ships, Tonnage Convention); Safe Containers (International Convention for Safe Containers, CSC); and special trade passenger ship instruments (Special Trade Passenger Ships Agreement, STP).   IMO will also develop guidelines on MASS trial. The guideline include ensuring that such guidelines should be generic and goal-based, and taking a precautionary approach to ensuring the safe, secure and environmentally sound operation of MASS. Interested parties were invited to submit proposals to the next session of the Committee for the future development of the principles. II. Other Legal issues concerning Autonomous Ships   In March 2017, the (Comité Maritime International, CMI) Working Group on Unmanned Ships circulated a questionnaire. The questionnaire aimed to identify the nature and extent of potential obstacles in the current international legal framework to the introduction to (wholly or partly) unmanned ships. The questionnaire can be summarized into the following legal issues. The legal definition and registration of the remote control ship and autonomous ship The definition of remote control or autonomous ship is based on the purpose of each individual convention. Current international conventions regulating ships do not generally contain recognized definition of the “Ship” and “Vessel”. However, due to its geographical feature, countries tend to have different safety requirement for ships; therefore, even the definition of remote control or autonomous ships given by international regulations, may not be accepted by national register of ships. For example, according to the reply to the questionnaire from Argentina association of maritime law, Argentina Navigation Act prescribes that in order to register a ship in the Argentine Register, regulatory requirements regarding construction and seaworthiness must be fulfilled. However, there are no rules regarding the registration of remote control ships or autonomous ships, as current act are based on the existence of crew on board. The unmanned ships would not be registered by Argentina Registry of ships. At present, the fragmentation of the definition and registration of ships can affect the deployment and application of remote control ships or autonomous ships. Due to the feature of shipping, which is related to the global transportation network, the definition and registration issue had better be solved at international level by International Maritime Organization (IMO). Legal issue of the seafarer International Convention on Standard of Training Certification and Watchkeeping (STCW) 1978 sets minimum qualification standard for masters, officers and watch personnel on seagoing merchant ships and large yachts. In the sight of replacing human operator on board with machine, will the convention find no application to remotely controlled or autonomous unmanned ships? The research of CMI points out the maritime law associations of Finland, Panama and United State assume that the STCW convention would likely apply to shore-based personnel as well in excepted circumstances where there is no new specific legislation. And the British maritime law association states that regardless of whether STCW would apply to unmanned operation or not, it is clear that certain provisions on training and competence would not apply to shore-based controller and other personnel. Japanese maritime association also states that although the convention does not find application to a remotely controlled unmanned ship, certain rules requiring watchkeeping officers to be presented may nevertheless arguably be interpreted to render an unmanned ship in breach of STCW and to that extent be applicable to unmanned ships. Therefore the amendment of convention seems inevitable. Standing on the other side, the Institute of Marine Engineering Science & Technology recommended that pairing human with machine effectively to enhance human intelligence and performance rather than totally replacing human is an area that should not be overlooked. Even if the application of unmanned ships comes in reality, seafarer skill will still remain an essential component in the long term future of the shipping sector. The minimum qualification of masters, officers and watch personnel may not need to be changed. Human error has been used to create a blame culture towards the workforce at sea, and it also results from poor implementation/ introduction/ preparation for new technology. Many studies show that seafarers are worried about the impact of autonomous ships. If the development of autonomous ships means replacing all the human elements on ships, people who work in marine sector will not accept those novel technologies easily, and this won’t lead to a safer future of maritime industry. Safety requirement of the remote control ship and autonomous ship Rule 8 (a) and rule 5 of the international regulation for preventing collisions at sea, 1972(COLREGS) require the operation of ships to comply with the duty of “good seamanship”, “proper lookout”. These rules are based on the operation by human, thus, leading to the following two questions: (1) Would the operation of unmanned ship contrary to the duty of “good seamanship”? The duty of good seamanship emphasizes the importance of human experiences and judgments in the operation of a vessel, and the adaptability of responses provided by good seamanship. Whether an autonomous ship would be able to reach this level of adaptive judgment would depend on the sophistication of its autonomous system. According to CMI’s research, the maritime law associations of countries including Argentina, British, Canada, China, German, Japan and Panama emphasize the requirement that autonomous ship must be at least as safe as ships operated by a qualified crew. (2) Would the proper lookout sets in rule 5 satisfied by camera and aural censoring equipment? COLREG rule 5 has two vital elements. First, crew on the bridge should pay attention to everything, not just looking ahead out of the bridge windows but looking all around the vessel, using all senses and all personnel equipment. Second, use all information continuously to assess the situation your vessel is in and the risk of collision. In this context, if the sensors and transmission equipment are sufficient to enable an appraisal of the information received in a similar manner available as if the controller was on board, then Rule 5 should be considered satisfied. However, it is unlikely that fully autonomous ship could comply with rule 5. It depends on the sophistication of its autonomous system. If the technology is unlikely at present to provide as equivalent spatial awareness and appreciation of the vessel’s positon as there are human on board, then rule 5 would not be considered fulfilled. Liability Liability is an important issue which is frequently mentioned in the area of autonomous ship. According to the study of MUNIN in 2015, liability issue of autonomous ship might arise under the following situations: (1) Deviation Suppose a ship was navigating autonomously, and the deviation of the system caused collision damage, how might liability be apportioned between ship-owner and the manufacturers? According to the research of CMI, 10 maritime law associations stated that under its domestic law, the third party may have a claim against the manufactures. (British, Canada, China, Croatia, Dutch, French, Germany, Italy, Spain, Malta) They may do so in tort if negligence on the part of manufacturers can be proved and if this can be shown to be causative of the damage. In European Union, third parties may also claim under Council Directive 85/374/EEC of 25 July 1985 on the approximation of the laws, regulations and administrative provisions of the Member State concerning liability for defective products. (2) Limitation of liability Article 1 of the 1976 convention on limitation of liability of owner of ships provides that ship-owner may limit their liability to all claims arising from any incident. The size of limitation is based upon the tonnage of the ship. Within the convention, the term ship-owner is held to include the ship’s owner, charterer, manager or operator. International conventions dealing with limitation of liability are phrased in neutral terms with regard to the presence of a master or crew; therefore, circumstances in which a ship has no person on board do not appear to undermine the operation of those conventions. (3) Bill of lading Bill of lading is a written document signed on behalf of the owner of ship in which goods are embarked, and the ship-owner acknowledges the receipt of the goods, and undertakes to deliver them at the end of voyage. Typically, the shipper will sign the bill of lading along with the owner of the cargo at the point that shipper takes carriage of the cargo in question. The bill of the lading will then be signed by the cargo’s recipient once it has reached its destination. In other words, the document accompanies the cargo all the time, and is signed by the owner, shipper and recipient. It will generally describe the nature and quantity of goods being shipped. A question arises as in the absence of a master or any crew on board the ship, how will the bill of lading be signed by ship’s master? III. Conclusion   The shipping industry is a rich, highly complex and diverse industry, which has a history of both triumph and tragedy in its adoption of technology. In light of the potential for the remote and autonomous ship, and for the sake of contributing to the assurance of safe and efficient operation, it is better to understand the impact on the industry. The taxonomy of automation between human and machine is vast and complex, especially in the sector of law.   Therefore, before the system can reach fully autonomy and undertake independent, our law should be ready. IV. Reference [1] Comité Maritime International, Maritime Law for Umanned Ships, 2017, available at https://comitemaritime.org/work/unmanned-ships/ (last visited Dec. 25, 2018) [2] MUNIN, D9.3: Quantitative Assessment, Oct. 10, 2015, available at http://www.unmanned-ship.org/munin/news-information/downloads-information-material/munin-papers/ (last visited Dec. 25, 2018) [3] Martime Digitalisation & Communication, MSC 100 set to review MASS regulations, Oct. 23, 2018, available at https://www.marinemec.com/news/view,msc-100-set-to-review-mass-regulations_55609.htm (last visited Dec. 25, 2018) [4] IMAREST, Autonomous Shipping-Putting the human back in the headline, April. 2018, available at https://www.imarest.org/policy-news/institute-news/item/4446-imarest-releases-report-on-the-human-impact-of-autonomous-ships (last visited Dec. 25, 2018) [5] Danish Martime Authority, Analysis of regulatory barriers to the use of autonomous ships(Final Report), Dec. 2017, available at https://www.dma.dk/Documents/Publikationer/Analysis%20of%20Regulatory%20Barriers%20to%20the%20Use%20of%20Autonomous%20Ships.pdf (last visited Dec. 25, 2018)

TOP