GVU Center Brown Bag Seminar Series: Aaron Massey

Legal compliance is one of the most important and challenging problems in software engineering. Laws, regulations, and organizational policies codify societal values that software engineers must build into regulated systems. Methods, tools, and techniques for evaluating, establishing, or demonstrating regulatory compliance in software systems are critical for this effort. This relatively young area of research is known as Regulatory Compliance Software Engineering (RCSE).

This presentation examines RCSE research in two domains. The first domain applies traditional requirements engineering techniques to evaluate software requirements for compliance with electronic health records systems. I will begin by providing an overview of both a method for evaluating software requirements for compliance. Next, I will present our case studies examining how people actually make legal implementation readiness decisions for software requirements. The results of this work indicate that software engineers are ill-equipped to reason about regulatory compliance.

The second domain examines natural language processing as a part of the regulatory compliance process for privacy policies. I will begin with a study identifying software requirements in a set of over 2,000 privacy policies using topic modeling. This work may prove useful for both regulators and software engineers. Next, I will present our work examining how people identify and classify ambiguity in legal texts. The results of this work demonstrate the promise of natural language processing approaches to regulatory compliance software engineering.

Aaron Massey is a Postdoctoral Fellow at Georgia Tech's School of Interactive Computing, a research scientist at the Georgia Tech Research Institute, and the Associate Director of the Academic Privacy Research Center (ThePrivacyPlace.org). His research interests include computer security, privacy, and regulatory compliance software engineering. He is a recipient of both a Google Policy Fellowship and a Walter H. Wilkinson Graduate Research Ethics Fellowship. Aaron earned a PhD and MS in Computer Science from North Carolina State University and a BS in Computer Engineering from Purdue University. He is a member of the ACM,IEEE, IAPP, and the USACM Public Policy Council.