Legal counsel + CCO
AWS Defense Framework
How JIL's separation-of-concerns architecture keeps AWS services (Bedrock, SageMaker, Textract) in Zone 2 preprocessing and OUT of the evidence-producing Zone 4 rule engine.
The 4 zones
Understanding the Four Zones of JIL's AWS Architecture
JIL's architecture is designed with a clear separation of concerns, dividing operations into four distinct zones to ensure the integrity and admissibility of evidence produced. Each zone has a specific role and is subject to different legal standards.
Zone 1: Source Data - Original records are stored in Customer Snowflake and never leave the environment. Each record is hash-anchored on CourtChain at ingestion.
Zone 2: ML Preprocessing - AWS managed services are used for operations such as entity resolution, document extraction, format normalization, schema mapping, and pre-screening. This zone does not produce findings.
Zone 3: Deterministic Firewall - A validation layer that performs schema compliance verification, source record hash integrity check, cross-validation against secondary sources, and suspicious-divergence detection.
Zone 4: Deterministic Check Engine - The evidence-producing engine that applies 234 declarative rules (growing to 456) using formal logic.
The separation between Zone 2 and Zone 4 is critical, ensuring that AWS services are used for preprocessing and not for producing the determination that becomes evidence.
5 engineering prohibitions
Five Engineering Prohibitions to Maintain Integrity
To uphold the separation of concerns and ensure the admissibility of evidence, JIL enforces five strict engineering prohibitions:
1. No findings produced in Zone 2: AWS services are restricted to preprocessing tasks only.
2. No direct data flow from Zone 2 to Zone 4: All data must pass through the deterministic firewall in Zone 3.
3. No changes to source records: The original records remain unchanged and are preserved with hash integrity.
4. No reliance on AWS proprietary algorithms for determinations: The deterministic check engine in Zone 4 uses declarative rules.
5. No opaque transformations: All transformations are documented and verifiable.
These prohibitions ensure that the evidence produced is independently verifiable and not subject to heightened scrutiny under Daubert or Proposed FRE 707.
Discovery response protocol
Discovery Response Protocol for AWS Usage
In response to discovery demands regarding JIL's use of AWS services, the following protocol should be followed:
1. Disclose the four-zone architecture and the role of AWS services within it.
2. Provide documentation of the boundary hash and firewall audit between Zone 2 and Zone 3.
3. Offer access to the deterministic check engine rules and the preserved source records.
4. Explain the five engineering prohibitions and how they maintain the integrity of the evidence.
This protocol ensures transparency and provides a clear defense against challenges to the admissibility of JIL's evidence.
Cross-examination playbook
Cross-Examination Playbook for Defending AWS Usage
Prepare for cross-examination with the following playbook:
1. Emphasize the separation of concerns between preprocessing and determination zones.
2. Highlight the role of the deterministic firewall in Zone 3 to ensure data integrity.
3. Demonstrate the bit-identical reproducibility of findings using the deterministic check engine.
4. Address each variant of the AWS question with specific responses mapped to the four-zone architecture.
This playbook provides a structured approach to defending JIL's use of AWS services in court.
Independent verifiability
Ensuring Independent Verifiability of Evidence
JIL ensures the independent verifiability of its evidence through the following measures:
1. Preservation of source records alongside findings in every CREB packet.
2. Documentation of the boundary hash and firewall audit between Zone 2 and Zone 3.
3. Bit-identical reproducibility of findings using the deterministic check engine.
These measures allow any auditor to re-run the deterministic check against the preserved source record and obtain the same result, ensuring the evidence is independently verifiable.
Source record preservation
Preservation of Source Records for Audit and Verification
JIL preserves source records with the following practices:
1. Hash-anchoring of original records on CourtChain at ingestion.
2. Unchanged preservation of source records throughout the preprocessing and determination stages.
3. Inclusion of source records alongside findings in every CREB packet.
This preservation ensures that the source records are available for audit and verification, maintaining the integrity and admissibility of the evidence produced.