Revisiting the Ten Principles of Self-Sovereign Identity (part one)

--- robots: noindex, nofollow --- # Revisiting the Ten Principles of Self-Sovereign Identity (part one) (see [Overview](https://hackmd.io/oUIM9j8TTa-wvhBvvO5vZA)) # Outline ## I. Introduction - **The challenge:** - Today’s identity systems too often treat identifiers and credentials as commodities to be owned, traded, or controlled like property. - This “ownership” framing undermines user empowerment, allows exclusionary gatekeeping, and repeats the same ad-tech abuses we see in data markets. - **Link to original essay:** - [Path to Self-Sovereign Identity (2016)](https://www.blockchaincommons.com/articles/Path-to-SSI/) - **Key quote:** > “For Self-Sovereign Identity (aka #SSI) to truly achieve international success, it needs…to have a basis under law.” > — Christopher Allen, “[Principal Authority](https://www.blockchaincommons.com/articles/Principal-Authority/)” --- ## II. From 10 Principles to Principal Authority - **Recap of the original ten principles:** 1. **Existence** – Every person has an identity. 2. **Control** – Users must control their identities. 3. **Persistence** – Identities must outlive ephemeral sessions. 4. **Consent** – No use without explicit user permission. 5. **Access** – Users see all data about themselves. 6. **Transparency** – Issuance and verification must be visible. 7. **Portability** – Data moves under user direction. 8. **Interoperability** – Systems work across contexts. 9. **Minimization** – Only the necessary data is shared. 10. **Protection** – Credentials must be cryptographically secure. - **Why they needed a stronger legal backbone:** - Shortcomings in enforcement: principles alone lack teeth when challenged by powerful intermediaries. - Ambiguity in delegation: who legally owes duties to the user when identity is shared? - **Key quote:** > “The use of Principal Authority to empower self-sovereign identity provides a legal foothold for many of my original 10 principles…” > — Christopher Allen, “[Principal Authority](https://www.blockchaincommons.com/articles/Principal-Authority/)” --- ## III. Why Property Law Misframes Identity 1. **Elizabeth M. Renieris (2018)** - **Quote:** > “A property law–based, ownership model of our data risks extending this broken ad tech model of the Internet to all other facets of our digital identity…” - **Link:** [Do We Really Want to Sell Ourselves?](https://www.linkedin.com/pulse/do-we-really-want-sell-ourselves-risks-property-law-data-greenwood) - **Implication:** Commodifying identity invites the same surveillance and exploitation we castigate in social media. 2. **Margaret Jane Radin (1982)** - **Quote:** > “Some objects are so bound up with our personhood that they should not be alienable commodities.” - **Link:** [Property and Personhood](https://law.stanford.edu/publications/property-and-personhood/) - **Implication:** Core identity attributes must be recognized as inherently non-tradeable. 3. **Cheryl I. Harris (1993)** - **Quote:** > “Through slavery, race and economic domination were fused; whiteness became a form of property.” - **Link:** [Whiteness as Property](https://harvardlawreview.org/wp-content/uploads/1993/06/1707-1791_Online.pdf) - **Implication:** Property models can cement systemic bias and exclusion. 4. **Helen Nissenbaum (2010)** - **Quote:** > “Information flows must obey the norms of each social context, not blanket ownership rules.” - **Link:** [Privacy in Context](https://crypto.stanford.edu/portia/papers/privacy_in_context.pdf) - **Implication:** Identity governance needs context-specific norms, not one-size-fits-all. 5. **Julie E. Cohen (2019)** - **Quote:** > “Code and law co-construct the resource that is personal data—transforming identity into capital.” - **Link:** [Between Truth and Power](https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2346459) - **Implication:** We must resist turning identity into a marketable asset subject to speculative extraction. 6. **Nadezhda Purtova (2015)** - **Quote:** > “Personal data already lies within overlapping property regimes; the question is whose rights prevail.” - **Link:** [Illusion of Personal Data as No One’s Property](https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2346693) - **Implication:** Absent clear legal defaults, corporate interests will dominate. --- ## IV. Principal Authority & Wyoming’s SF0039 - **Summary:** - Wyoming’s SF0039 (effective July 1, 2021) is the first U.S. law to define “personal digital identity” by **Principal Authority** rather than property. - **Statutory definition:** > “‘Personal digital identity’ means the intangible digital representation of…a natural person, over which he has principal authority…” > — Wyoming SF0039 - **Key features:** - **Delegation:** Principals can appoint agents under established agency law. - **Fiduciary duties:** Agents must act with loyalty, care, and full accounting. - **Non-alienability:** Identity cannot be sold or transferred as property. - **Link:** [Principal Authority article](https://www.blockchaincommons.com/articles/Principal-Authority/) --- ## V. Integrating Critiques into a Revised SSI Framework - **Market-Inalienability** *(Principle 11)* > “Identity attributes cannot be sold, leased, or assigned—ever.” *(Radin & Renieris)* - **Equity** *(Principle 12)* > “No credential framework may entrench systemic bias.” *(Harris)* - **Contextual Integrity** *(Principle 13)* > “Data flows must match the social norms of each context.” *(Nissenbaum)* - **Agency & Accountability** *(Principle 14)* > “Issuers and verifiers owe fiduciary-style duties.” *(Cohen & Purtova)* - **Mapping back:** - Show how each new principle augments or replaces one of the original ten. --- ## VI. Layering Legal Safeguards 1. **Human-Rights-First Governance** *(Principle 15)* - **Quote:** > “Our obsession with data has failed and distracted us…we need to return to the pillars of basic human rights law.” - **Link:** [How Data Distracts Us From Human Rights](https://www.su.org/resources/how-data-distracts-us-from-human-rights) - **Approach:** Anchor SSI in UDHR, ICCPR non-derogable rights. 2. **Statutory Data-Protection Regime** *(Principles 9 & 13)* - **Quote:** > “Information flows must obey the norms of each social context, not blanket ownership rules.” - **Link:** [Privacy in Context](https://crypto.stanford.edu/portia/papers/privacy_in_context.pdf) - **Approach:** Embed GDPR’s purpose limitation, minimization, consent. 3. **Trust & Fiduciary Law Models** *(Principles 5–10)* - **Quote:** > “Between truth and power is the code… and the code has fractal effects on both power and truth.” - **Link:** [Between Truth and Power](https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2346459) - **Approach:** Legally define issuers/verifiers as fiduciaries with duties of loyalty, care, accounting. 4. **Contract & Consumer-Protection Defaults** *(Principles 4 & 6)* - **Quote:** > “Personal data already lies within overlapping property regimes; the question is whose rights prevail.” - **Link:** [Illusion of Personal Data as No One’s Property](https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2346693) - **Approach:** Use unfair-terms prohibitions to mandate clear, revocable consent and forbid hidden clauses. 5. **Anti-Discrimination & Equity Mandates** *(Principle 12)* - **Quote:** > “Through slavery, race and economic domination were fused; whiteness became a form of property.” - **Link:** [Whiteness as Property](https://harvardlawreview.org/wp-content/uploads/1993/06/1707-1791_Online.pdf) - **Approach:** Mirror Title VII/ADA to ban SSI designs causing disparate impact. 6. **Tort Remedies for Identity Harms** *(Principle 10)* - **Quote:** > “Between truth and power is the code… and the code has fractal effects on both power and truth.” - **Link:** [Between Truth and Power](https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2346459) - **Approach:** Establish torts for negligent issuance, misrepresentation, unauthorized disclosure. --- ## VII. Policy Roadmap for DC - **Federal adoption:** - Draft model language to insert SF0039’s Principal Authority definition into REAL ID and e-ID statutes. - **Regulatory duties:** - Mandate that all identity issuers/verifiers operate under fiduciary and data-protection standards. - **Human-rights overlay:** - Codify inalienable identity rights in new federal guidelines (e.g., NIST SP 800-63 update). - **Equity safeguards:** - Require automated disparate-impact assessments and independent anti-bias audits. - **Immediate next step:** - Commission a joint NIST–DHS working group to draft and pilot the model language. --- ## VIII. Conclusion - **Reiterate:** - Moving beyond property metaphors to a Principal Authority core, bolstered by layered legal regimes, is how we deliver durable, equitable SSI. - **Call to action:** - Urge policy-makers to adopt this comprehensive rights-and-duties framework as the national standard.