Reciprocal Negotiated Accountability


Summary

The self-sovereign internet underscores a tension between those who desire perfect oversight of society and those who desire perfect privacy. In this post, I explore a method for conditional legibility of private communications.

3D Tin Can Phones

In Self-Sovereign Communication, Oskar Van Deventer, discusses the communications layer enabled by DIDs. This is the same layer that I've labeled the self-sovereign internet.

Oskar lays out nine requirements for self-sovereign communications (emphasis added):

  1. The communication channel shall be usable for machine-readable issuer-holder-verifier interactions .
  2. The communication channel shall be protected against eavesdropping, impersonation, message modification and repudiation.
  3. Parties shall be able to digitally find each other and to establish a communication channel.
  4. The communication channel between counterparties shall be persistent.
  5. The communication channel shall be intrinsically symmetrical.
  6. The communication channel shall not unnecessarily disclose information between counterparties or to third parties.
  7. The communication channel shall be unilaterally closable.
  8. The communication channel shall not depend on third parties more than needed.
  9. The communication channel shall enable compliance with legal requirements, like legal intercept.

I was pleased to see these principles laid out clearly because many of them are often discussed (including by me) as properties of DIDComm, without the precision Oskar imposes.

The last, as Oskar concedes, is likely to be the most controversial. Indeed, when I read it my first reaction was to start arguing. If complying with legal requirements means creating backdoors to DIDComm, I'd oppose it.

The problem with backdoors for complying with legal requirements is that now developers and cloud operators are left with the task of determining who the good guys are. The whole point of decentralized communication systems is to avoid the kind of centralized, single-point-of-failure that backdoors imply.

Reciprocal Negotiated Accountability

In Reciprocal Negotiated Accountability, Daniel Hardman proposes an alternative to backdoors.

Daniel's idea is to combine two capabilities to create a decentralized system for enabling accountability.

The first is digital watermarks and data terms of service. The watermark is a cryptographically signed addition to the original document that states the terms behind the sharing. For example, a sales agreement could include data sharing terms that state the recipient may not disclose named aspects of the document except under legal subpoena.

The second is provisional anonymity where identifying information is encrypted and the encrypted packaged is shared with the recipient. The keys to decrypt the identifying information are shared with a third party under escrow with legal requirements that the keys only be reveled to the recipient under specific conditions.

Daniel combines these into a decentralized system of opt-in agreements between parties that are tailored to the context and circumstances of the specific communications channel and data sharing. The legal agreement defines the requirements that must be met for access.

Daniel calls this "reciprocal negotiated accountability" because both parties negotiate an agreement about how shared data will be treated.

Daniel's solution won't make those who wish for unfettered access to communications channels happy. But it represents an alternative to backdoors that solves many of the problems backdoors present while protecting privacy for legitimate uses–as negotiated by the parties sharing data.


Photo Credit: 3D Tin Can Phones from Chris Potter (CC BY 2.0)


Please leave comments using the Hypothes.is sidebar.

Last modified: Mon Jun 21 13:12:12 2021.