Musings of a Trust Architect: The Internet as a Rivalrous Commons & the Power of Secrets

--- robots: noindex, nofollow --- # Musings of a Trust Architect: The Internet as a Rivalrous Commons & the Power of Secrets > **ABSTRACT:** The Internet presents us with a profound paradox: while appearing to be an infinite, non-rivalrous space, control over digital existence has become intensely rivalrous, concentrated in the hands of platforms and institutions. This article examines how the Internet evolved from an open commons to a collection of rivalrous fiefdoms, and how physical secrets—private keys, passwords, and offline objects—provide both escape from institutional control and foundation for digital sovereignty. Through analysis of technical, legal, and social dimensions, we explore how physical secrets enable individuals to carve out spaces of true autonomy within an otherwise permission-based digital world. In my decades of work on digital identity and privacy, I've encountered a persistent paradox: while the Internet appears to be an infinite, non-rivalrous space, the reality is far different. What we think of as "our" digital presence—our accounts, our data, our online identities—exists primarily as entries in databases controlled by others. This realization emerged gradually through my work on self-sovereign identity and digital rights, leading me to a striking conclusion: true digital ownership can only be achieved through physical secrets. ## The Myth of Digital Property and the Great Digital Enclosure In my decades of work on digital identity and privacy, I've witnessed a remarkable transformation. The Internet was born as a genuine commons—a space where information could flow freely and be replicated without diminishing anyone else's use. This was the essence of a non-rivalrous good: my consumption didn't prevent yours. A digital file could be copied infinitely, a message could reach millions simultaneously, a program could run on any compatible machine. But something profound has changed. While bits themselves remain infinitely copyable, control over digital existence has become intensely rivalrous. Your social media presence, your online financial activity, your digital identity—these can only be controlled by one entity at a time. And increasingly, that control rests not with individuals but with institutions. Platform operators determine what content can exist and who can see it. Payment processors decide whose transactions are permitted. Cloud providers control access to stored information. Identity providers grant or revoke digital existence itself. Consider what happens when you "own" something online. Your email account, your social media presence, your cryptocurrency—none of these exist as possessions in the traditional sense. Instead, they are permissions granted by various authorities: tech companies, service providers, governments, and even blockchain networks. These entities can revoke access, modify terms, or even delete your digital existence entirely. This transformation represents a kind of digital enclosure movement, turning what was once a commons into a series of private estates. Just as the historical enclosure of physical commons turned open fields into private property, the digital world has been carved into corporate and institutional domains where access exists only by permission. ## The Paradox of Digital Rivalry This creates a striking paradox. The underlying technology of the Internet still enables infinite replication of information, yet actual participation in digital life has become highly rivalrous. Consider how this plays out across different domains of digital life. In economic activity, payment information is increasily just bits. In the US and Europe, the ability to transact is controlled by a handful of regulated payment processors. In other countries it can be incredibly restricted. Despite the reported utility of online banking, account control remains almost exclusively institutional congtrol. For personal expression, while social media posts can be viewed by millions simultaneously, the right to post is controlled by platforms. Though digital words can be copied endlessly, visibility is governed by rivalrous algorithmic systems. Despite the infinite nature of digital space, presence on major platforms is a rivalrous good. In matters of identity and privacy, while identity credentials are just information, the power to assert identity is rivalrous. Though encryption makes perfect copies possible, access to keys is necessarily exclusive. Despite the Internet's boundless nature, reputation and trust have become platform-controlled resources. ## The Consequences of Rivalrous Control This transformation from commons to rivalrous control isn't merely theoretical—it has profound real-world consequences. A Hong Kong journalist watches years of work vanish when cloud storage providers respond to political pressure. A Venezuelan merchant loses access to payment systems due to international sanctions, despite having committed no crime. A privacy researcher finds their social media presence erased for discussing encryption, cutting them off from their professional network. A human rights organization's fundraising infrastructure disappears overnight when payment processors withdraw support. These are not isolated incidents but manifestations of a fundamental shift in the nature of digital space. An artist's entire portfolio vanishes when a platform decides their work violates ever-changing guidelines. A community organizer loses access to years of contacts when their email provider suspends their account. A refugee finds themselves unable to prove their credentials when an identity system refuses service. In each case, the fundamental rivalrous nature of digital control becomes clear: despite the infinitely copyable nature of digital information, actual agency in digital spaces is both finite and concentrated. Someone must ultimately have final control, and increasingly, that someone is not the individual user. ## Physical Secrets as Digital Circuit Breakers This reality led me to a crucial insight: physical secrets—things that exist in the tangible world rather than the digital—provide the only reliable circuit breaker in this system of rivalrous control. Their power lies in their physical nature. Unlike digital records that can be modified or deleted by authorities, physical secrets require actual physical access to control. They exist independent of institutional permission and can be verified without institutional participation. Physical secrets take many forms, each serving as a foundation for digital sovereignty: Hardware Protection: - Hardware security modules (HSMs) providing tamper-resistant environments for cryptographic operations - Air-gapped computers maintaining complete separation from networked threats - Cold storage offline devices protecting keys from online access - Biometric systems offering convenient authentication but requiring careful design: - Must augment rather than replace other authentication methods - Need fallback mechanisms since biometrics can be compromised or lost - Should avoid centralized storage of biometric data - Must protect against replay attacks and spoofing - Cannot be the sole source of authentication as they're identifiers, not secrets - Cognition & Memory: - Structured Memory Techniques: - Strong passphrases using word lists like PGP Word List or Diceware - Encoding secrets in memorable stories or poems using fixed algorithms - Using visual memory through structured image-based techniques - Hybrid Memory Systems: - Combining physical objects with memorized transformations - Using memory to decrypt or transform stored physical secrets - Splitting secrets between mind and physical storage. - Physical Backups: - Paper wallets and recovery phrases - Steel plates for fire-resistant storage - Offline NFC devices for convenient but secure access - Geographically distributed physical copies - Multi-Party Security: - Multi-party computation (MPC) distributing cryptographic operations - Social recovery systems spreading risk across trusted parties - Physical key sharding across multiple locations - Threshold signature schemes requiring multiple real-world participants Each of these methods preserves sovereignty by anchoring control in the physical world, beyond the reach of remote institutional control. The variety of options allows individuals to choose security methods appropriate to their needs while maintaining the core principle that digital rights must have physical anchors to remain truly sovereign. The physical nature of these secrets creates a fundamental shift in power dynamics. Instead of asking permission from a platform to access your own resources, you maintain direct sovereign control through physical possession. This transforms digital rights from institutional permissions into tangible capabilities. ## Breaking Free from Rivalrous Control Through physical secrets, individuals can establish genuine sovereignty across multiple domains of digital life. The connection between physical secrets and human rights runs deep, enabling fundamental freedoms: Personal Rights: - Freedom of expression without fear of platform censorship - Privacy through selective disclosure and information control - Protection against coercion through plausible deniability - Individual dignity through genuine ownership of digital presence Social and Political Rights: - Freedom of association through encrypted communications - Democratic participation through cryptographically secured voting - Community organizing through peer-to-peer coordination - Cultural preservation through encrypted autonomous archives Economic Rights: - Financial autonomy through self-custodied digital assets - Independent transactions without institutional gatekeepers - Credential verification without central authorities - Asset control resistant to arbitrary seizure These aren't theoretical possibilities but practical realities. Consider an activist organizing peaceful protests in a restrictive regime. Their ability to maintain control of encryption keys stored on airgapped devices enables secure communication with allies while protecting against surveillance. Or consider a refugee who can prove their credentials and access financial services using private keys backed up on paper, independent of any government's approval. The technical implementations support these rights in concrete ways. End-to-end encryption with physically secured keys ensures genuine communication privacy. Local-first data storage with offline backups preserves information independence. Identity assertions through zero-knowledge proofs, grounded in physical secrets, allow selective disclosure without institutional mediation. Community governance through offline voting systems ensures democratic resilience. By anchoring these capabilities in physical secrets rather than institutional permissions, we create genuine sovereignty that cannot be arbitrarily revoked. This transforms digital rights from granted privileges into inherent capabilities, fundamentally altering the power dynamic between individuals and institutions. Consider an activist organizing peaceful protests in a restrictive regime. Their ability to maintain control of encryption keys stored on airgapped devices enables secure communication with allies while protecting against surveillance. Or consider a refugee who can prove their credentials and access financial services using private keys backed up on paper, independent of any government's approval. Through physical secrets, individuals can establish genuine sovereignty across multiple domains of digital life. In economic matters, self-custodied digital assets through offline private keys enable true financial autonomy. Peer-to-peer transaction capabilities, secured by physical secrets, operate independent of traditional payment processors. Verifiable credentials, backed by offline keys, prove status without requiring institutional validation. For personal expression, encrypted communication channels backed by offline keys ensure continued ability to speak freely. Content distribution systems based on local signing enable platform-independent publishing. Identity assertions through zero-knowledge proofs, grounded in physical secrets, allow selective disclosure without institutional mediation. Privacy and security take on new dimensions when anchored in physical secrets. End-to-end encryption with physically secured keys ensures genuine communication privacy. Local-first data storage with offline backups preserves information independence. Identity management through sovereign hardware enables genuine control over personal data. Even social organization benefits from physical secrets. Peer-to-peer coordination tools with local key management enable community autonomy. Community governance through offline voting systems ensures democratic resilience. Cultural preservation through encrypted local archives maintains independence from platform control. ## Technical Foundations and Future Directions Implementing this vision of sovereignty through physical secrets requires sophisticated technical approaches. True random number generation from physical sources ensures strong cryptographic foundations. Air-gapped key creation processes maintain separation from networked threats. Multiple signature schemes provide resilience against loss or compromise. Hardware-based key protection offers tangible security guarantees. Equally important are backup and recovery systems that respect physical control. Shamir's Secret Sharing enables distributed backup without sacrificing sovereignty. Paper wallet protocols preserve critical information in human-readable form. Physical authentication factors combine convenience with security. Offline recovery procedures ensure resilience against digital disruption. The future development of these systems must focus on enhancing usability without compromising sovereignty. Better tools for managing offline secrets will make physical control more accessible. Improved backup systems will reduce the risk of loss. More robust recovery methods will provide safety without centralization. Enhanced verification systems will enable trust without dependence. ## Legal Frameworks and Social Evolution The use of physical secrets to escape rivalrous digital control requires appropriate legal frameworks. The stakes are extraordinarily high: As Wyoming State Legislature Majority Whip Jared Olsen noted during legislative hearings, a judicial assistant could accidentally delete a key and cause an $8 billion loss in Bitcoin when there was only a $100,000 judgment at stake. As former federal prosecutor Mary Beth Buchanan observed, "Evidence is lost all the time." With private keys, such routine mishaps could have devastating consequences far beyond the scope of any particular case. Courts are often using the wrong tools to achieve their goals. As EFF Director Jon Callas points out, demanding private keys is like "asking for the filing cabinet rather than the file," creating unnecessary risks in the process. Private key signatures must receive recognition as legally binding, but the right to maintain offline backups needs protection, and limits on compelled key disclosure must be established. Support for sovereign identity systems should be codified. Progress is already being made in establishing these protections. Wyoming has taken the lead with two groundbreaking laws: one protecting private keys from forced disclosure in court proceedings, and another establishing Principal Authority for digital identity. The private key protection recognizes that these secrets are not assets themselves but rather the means of controlling assets - exactly the distinction needed to preserve digital sovereignty. Meanwhile, the Principal Authority framework moves beyond traditional property law to enable agency law in digital spaces, providing a more nuanced and appropriate legal model for digital rights. Some jurisdictions are already evolving to meet these challenges. Wyoming's specialized chancery courts, for example, are breaking new ground with electronic filings and other innovations that demonstrate how legal systems can adapt to handle digital assets and rights appropriately. Beyond pure law, institutional relationships must evolve. Digital service providers should embrace fiduciary duties toward users. Platforms must respect the right to exit with data intact. Systems should support rather than resist user sovereignty. The focus must shift from control to empowerment. This transformation also demands social and cultural adaptation. Communities need education about physical security principles and digital rights. Support networks must develop for managing sovereign digital presence. New cultural practices must emerge around key custody and recovery. The relationship between individuals and institutions must fundamentally shift. ## The Role of Agency Law in Digital Relationships While physical secrets provide the foundation for individual control in digital spaces, agency law offers a crucial framework for managing relationships with others who help us navigate the digital realm. When we must delegate access to our digital lives—whether to service providers, digital wallets, or identity systems—we need more than just technical controls. We need legal frameworks that recognize and enforce fiduciary responsibilities. The laws of agency, particularly through the concept of Principal Authority, provide a powerful complement to physical secrets. While secrets establish our baseline control, agency law helps ensure that when we do delegate access—which is often necessary in our complex digital world—those delegations serve our interests: - Service providers become fiduciaries, not mere platform operators - Digital wallet providers become agents with clear duties to their principals - Identity verifiers become bound by responsibilities to protect and serve - Data processors become accountable for their use of delegated authority For example, when a digital wallet provider holds backup encryption keys for emergency recovery, they aren't just providing a service—they're acting as an agent with fiduciary responsibilities to the principal (the user). Their duties include: - Using the delegated authority only as specifically directed - Maintaining security of the entrusted secrets - Acting in the principal's best interest - Providing transparency about their actions - Accepting revocation of their authority This combination of physical secrets and agency law creates a powerful framework for digital rights: - Physical secrets establish our baseline sovereignty - Agency law governs necessary delegations - Fiduciary duties protect our interests - Principal Authority ensures we retain ultimate control Consider a digital identity system: the user maintains their core private keys as physical secrets, while service providers who help manage aspects of their identity are bound by fiduciary duties. This creates multiple layers of protection—technical control through secrets, and legal protection through agency law. ## Looking Forward As our lives become increasingly digital, the power to control these spaces will only become more crucial. Physical secrets offer the only genuine path to sovereignty in an otherwise permission-based digital world. This protection extends beyond mere economic rights - it safeguards our our very identities in digital space and our civil and human rights there, forming a comprehensive foundation for digital sovereignty. Through them, we can establish islands of genuine individual control within the broader sea of institutional digital power. These aren't just theoretical proposals. Wyoming's recent legislation protecting private keys from court disclosure and establishing Principal Authority for digital identity shows how legal frameworks can evolve to recognize and protect digital sovereignty. These early successes demonstrate that progress is possible when we properly understand the role of physical secrets and the nature of digital rights. The Internet may have evolved into a rivalrous space dominated by institutional control, but physical secrets provide a way forward. They enable genuine sovereignty while preserving the essential benefits of digital connection. They allow us to participate in the digital world without surrendering our fundamental rights to institutional control. The challenge ahead lies not just in developing better technical tools, though that remains important. We must build understanding of why physical secrets matter, create cultures that support sovereign digital existence, and establish frameworks that protect individual rights. Only then can we ensure that the digital world remains a space where individual sovereignty and human dignity can flourish, grounded in the tangible reality of physical secrets that no remote authority can revoke.