Identifying and classifying ambiguity for regulatory requirements

Software engineers build software systems in increasingly regulated environments, and must therefore ensure that software requirements accurately represent obligations described in laws and regulations. Prior research has shown that graduate-level software engineering students are not able to reliably determine whether software requirements meet or exceed their legal obligations and that professional software engineers are unable to accurately classify cross-references in legal texts. However, no research has determined whether software engineers are able to identify and classify important ambiguities in laws and regulations. Ambiguities in legal texts can make the difference between requirements compliance and non-compliance. Herein, we develop a ambiguity taxonomy based on software engineering, legal, and linguistic understandings of ambiguity. We examine how 17 technologists and policy analysts in a graduate-level course use this taxonomy to identify ambiguity in a legal text. We also examine the types of ambiguities they found and whether they believe those ambiguities should prevent software engineers from implementing software that complies with the legal text. Our research suggests that ambiguity is prevalent in legal texts. In 50 minutes of examination, participants in our case study identified on average 33.47 ambiguities in 104 lines of legal text using our ambiguity taxonomy as a guideline. Our analysis suggests (a) that participants used the taxonomy as intended: as a guide and (b) that the taxonomy provides adequate coverage (97.5%) of the ambiguities found in the legal text.

[1]  早稲田大学エンプソン研究会 エンプソン入門 : Empson:Seven types of ambiguity 第一章の研究と注釈 , 1972 .

[2]  Annie I. Antón,et al.  Addressing Legal Requirements in Requirements Engineering , 2007, 15th IEEE International Requirements Engineering Conference (RE 2007).

[3]  Imran Sarwar Bajwa,et al.  Minimizing ambiguity in natural language software requirements specification , 2011, 2011 Sixth International Conference on Digital Information Management.

[4]  Victor R. Basili,et al.  The TAME Project: Towards Improvement-Oriented Software Environments , 1988, IEEE Trans. Software Eng..

[5]  Ana I. Anton,et al.  Legal requirements metrics for compliance analysis , 2012 .

[6]  Peter Sells,et al.  Morphology and the web of grammar : essays in memory of Steven G. Lapointe , 2003 .

[7]  Nenad Medvidovic,et al.  Reducing Ambiguities in Requirements Specifications Via Automatically Created Object-Oriented Models , 2008, Monterey Workshop.

[8]  Travis D. Breaux,et al.  A cross-domain empirical study and legal evaluation of the requirements water marking method , 2013, Requirements Engineering.

[9]  Miles Osborne,et al.  Processing natural language software requirement specifications , 1996, Proceedings of the Second International Conference on Requirements Engineering.

[10]  Gruia-Catalin Roman,et al.  A taxonomy of current issues in requirements engineering , 1985, Computer.

[11]  Annie I. Antón,et al.  Precluding incongruous behavior by aligning software requirements with security and privacy policies , 2003, Inf. Softw. Technol..

[12]  Jacob Cohen,et al.  The Equivalence of Weighted Kappa and the Intraclass Correlation Coefficient as Measures of Reliability , 1973 .

[13]  Bhawna Nigam,et al.  Tool for Automatic Discovery of Ambiguity in Requirements Too l for Automatic Discovery of Ambiguity in Requirements Tool for Automatic Discovery of Ambiguity in Requirements Tool for Automatic Discovery of Ambiguity in Requirements , 2012 .

[14]  Hhs Centers for Medicare Medicare Services Medicare and Medicaid programs; electronic health record incentive program. Final rule. , 2010, Federal register.

[15]  Erik Kamsties,et al.  From Contract Drafting to Software Specification: Linguistic Sources of Ambiguity , 2003 .

[16]  Bashar Nuseibeh,et al.  Managing inconsistencies in an evolving specification , 1995, Proceedings of 1995 IEEE International Symposium on Requirements Engineering (RE'95).

[17]  William Empson,et al.  朦胧的七种类型 = Seven types of ambiguity , 1930 .

[18]  Erik Kamsties,et al.  Ambiguity in Requirements Specification , 2004 .

[19]  Annie I. Antón,et al.  Evaluating existing security and privacy requirements for legal compliance , 2009, Requirements Engineering.

[20]  Egon Berghout,et al.  The Goal/Question/Metric Method: , 2000 .

[21]  Bashar Nuseibeh,et al.  Extending Nocuous Ambiguity Analysis for Anaphora in Natural Language Requirements , 2010, 2010 18th IEEE International Requirements Engineering Conference.

[22]  Jeremy C. Maxwell Reasoning About Legal Text Evolution for Regulatory Compliance in Software Systems , 2013 .

[23]  Francis Chantree,et al.  Identifying Nocuous Ambiguities in Natural Language Requirements , 2006, 14th IEEE International Requirements Engineering Conference (RE'06).

[24]  Thomas Wasow,et al.  Ambiguity Avoidance is Overrated , 2015 .

[25]  K. McGraw,et al.  Forming inferences about some intraclass correlation coefficients. , 1996 .

[26]  H. D. Rombach,et al.  The Goal Question Metric Approach , 1994 .

[27]  Christine Nadel,et al.  Case Study Research Design And Methods , 2016 .

[28]  Annie I. Antón,et al.  Assessing the accuracy of legal implementation readiness decisions , 2011, 2011 IEEE 19th International Requirements Engineering Conference.