---
# System prepended metadata

title: Revisiting the Ten Principles of Self-Sovereign Identity (part one)

---

---
robots: noindex, nofollow
---

# Revisiting the Ten Principles of Self-Sovereign Identity (part one)

(see [Overview](https://hackmd.io/oUIM9j8TTa-wvhBvvO5vZA))

# Outline

## I. Introduction  
- **The challenge:**  
  - Today’s identity systems too often treat identifiers and credentials as commodities to be owned, traded, or controlled like property.  
  - This “ownership” framing undermines user empowerment, allows exclusionary gatekeeping, and repeats the same ad-tech abuses we see in data markets.  
- **Link to original essay:**  
  - [Path to Self-Sovereign Identity (2016)](https://www.blockchaincommons.com/articles/Path-to-SSI/)  
- **Key quote:**  
  > “For Self-Sovereign Identity (aka #SSI) to truly achieve international success, it needs…to have a basis under law.”  
  > — Christopher Allen, “[Principal Authority](https://www.blockchaincommons.com/articles/Principal-Authority/)”  

---

## II. From 10 Principles to Principal Authority  
- **Recap of the original ten principles:**  
  1. **Existence** – Every person has an identity.  
  2. **Control** – Users must control their identities.  
  3. **Persistence** – Identities must outlive ephemeral sessions.  
  4. **Consent** – No use without explicit user permission.  
  5. **Access** – Users see all data about themselves.  
  6. **Transparency** – Issuance and verification must be visible.  
  7. **Portability** – Data moves under user direction.  
  8. **Interoperability** – Systems work across contexts.  
  9. **Minimization** – Only the necessary data is shared.  
  10. **Protection** – Credentials must be cryptographically secure.  
- **Why they needed a stronger legal backbone:**  
  - Shortcomings in enforcement: principles alone lack teeth when challenged by powerful intermediaries.  
  - Ambiguity in delegation: who legally owes duties to the user when identity is shared?  
- **Key quote:**  
  > “The use of Principal Authority to empower self-sovereign identity provides a legal foothold for many of my original 10 principles…”  
  > — Christopher Allen, “[Principal Authority](https://www.blockchaincommons.com/articles/Principal-Authority/)”  

---

## III. Why Property Law Misframes Identity  
1. **Elizabeth M. Renieris (2018)**  
   - **Quote:**  
     > “A property law–based, ownership model of our data risks extending this broken ad tech model of the Internet to all other facets of our digital identity…”  
   - **Link:** [Do We Really Want to Sell Ourselves?](https://www.linkedin.com/pulse/do-we-really-want-sell-ourselves-risks-property-law-data-greenwood)  
   - **Implication:** Commodifying identity invites the same surveillance and exploitation we castigate in social media.  

2. **Margaret Jane Radin (1982)**  
   - **Quote:**  
     > “Some objects are so bound up with our personhood that they should not be alienable commodities.”  
   - **Link:** [Property and Personhood](https://law.stanford.edu/publications/property-and-personhood/)  
   - **Implication:** Core identity attributes must be recognized as inherently non-tradeable.  

3. **Cheryl I. Harris (1993)**  
   - **Quote:**  
     > “Through slavery, race and economic domination were fused; whiteness became a form of property.”  
   - **Link:** [Whiteness as Property](https://harvardlawreview.org/wp-content/uploads/1993/06/1707-1791_Online.pdf)  
   - **Implication:** Property models can cement systemic bias and exclusion.  

4. **Helen Nissenbaum (2010)**  
   - **Quote:**  
     > “Information flows must obey the norms of each social context, not blanket ownership rules.”  
   - **Link:** [Privacy in Context](https://crypto.stanford.edu/portia/papers/privacy_in_context.pdf)  
   - **Implication:** Identity governance needs context-specific norms, not one-size-fits-all.  

5. **Julie E. Cohen (2019)**  
   - **Quote:**  
     > “Code and law co-construct the resource that is personal data—transforming identity into capital.”  
   - **Link:** [Between Truth and Power](https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2346459)  
   - **Implication:** We must resist turning identity into a marketable asset subject to speculative extraction.  

6. **Nadezhda Purtova (2015)**  
   - **Quote:**  
     > “Personal data already lies within overlapping property regimes; the question is whose rights prevail.”  
   - **Link:** [Illusion of Personal Data as No One’s Property](https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2346693)  
   - **Implication:** Absent clear legal defaults, corporate interests will dominate.  

---

## IV. Principal Authority & Wyoming’s SF0039  
- **Summary:**  
  - Wyoming’s SF0039 (effective July 1, 2021) is the first U.S. law to define “personal digital identity” by **Principal Authority** rather than property.  
- **Statutory definition:**  
  > “‘Personal digital identity’ means the intangible digital representation of…a natural person, over which he has principal authority…”  
  > — Wyoming SF0039  
- **Key features:**  
  - **Delegation:** Principals can appoint agents under established agency law.  
  - **Fiduciary duties:** Agents must act with loyalty, care, and full accounting.  
  - **Non-alienability:** Identity cannot be sold or transferred as property.  
- **Link:** [Principal Authority article](https://www.blockchaincommons.com/articles/Principal-Authority/)  

---

## V. Integrating Critiques into a Revised SSI Framework  
- **Market-Inalienability** *(Principle 11)*  
  > “Identity attributes cannot be sold, leased, or assigned—ever.”  
  *(Radin & Renieris)*  
- **Equity** *(Principle 12)*  
  > “No credential framework may entrench systemic bias.”  
  *(Harris)*  
- **Contextual Integrity** *(Principle 13)*  
  > “Data flows must match the social norms of each context.”  
  *(Nissenbaum)*  
- **Agency & Accountability** *(Principle 14)*  
  > “Issuers and verifiers owe fiduciary-style duties.”  
  *(Cohen & Purtova)*  
- **Mapping back:**  
  - Show how each new principle augments or replaces one of the original ten.  

---

## VI. Layering Legal Safeguards  
1. **Human-Rights-First Governance** *(Principle 15)*  
   - **Quote:**  
     > “Our obsession with data has failed and distracted us…we need to return to the pillars of basic human rights law.”  
   - **Link:** [How Data Distracts Us From Human Rights](https://www.su.org/resources/how-data-distracts-us-from-human-rights)  
   - **Approach:** Anchor SSI in UDHR, ICCPR non-derogable rights.  

2. **Statutory Data-Protection Regime** *(Principles 9 & 13)*  
   - **Quote:**  
     > “Information flows must obey the norms of each social context, not blanket ownership rules.”  
   - **Link:** [Privacy in Context](https://crypto.stanford.edu/portia/papers/privacy_in_context.pdf)  
   - **Approach:** Embed GDPR’s purpose limitation, minimization, consent.  

3. **Trust & Fiduciary Law Models** *(Principles 5–10)*  
   - **Quote:**  
     > “Between truth and power is the code… and the code has fractal effects on both power and truth.”  
   - **Link:** [Between Truth and Power](https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2346459)  
   - **Approach:** Legally define issuers/verifiers as fiduciaries with duties of loyalty, care, accounting.  

4. **Contract & Consumer-Protection Defaults** *(Principles 4 & 6)*  
   - **Quote:**  
     > “Personal data already lies within overlapping property regimes; the question is whose rights prevail.”  
   - **Link:** [Illusion of Personal Data as No One’s Property](https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2346693)  
   - **Approach:** Use unfair-terms prohibitions to mandate clear, revocable consent and forbid hidden clauses.  

5. **Anti-Discrimination & Equity Mandates** *(Principle 12)*  
   - **Quote:**  
     > “Through slavery, race and economic domination were fused; whiteness became a form of property.”  
   - **Link:** [Whiteness as Property](https://harvardlawreview.org/wp-content/uploads/1993/06/1707-1791_Online.pdf)  
   - **Approach:** Mirror Title VII/ADA to ban SSI designs causing disparate impact.  

6. **Tort Remedies for Identity Harms** *(Principle 10)*  
   - **Quote:**  
     > “Between truth and power is the code… and the code has fractal effects on both power and truth.”  
   - **Link:** [Between Truth and Power](https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2346459)  
   - **Approach:** Establish torts for negligent issuance, misrepresentation, unauthorized disclosure.  

---

## VII. Policy Roadmap for DC  
- **Federal adoption:**  
  - Draft model language to insert SF0039’s Principal Authority definition into REAL ID and e-ID statutes.  
- **Regulatory duties:**  
  - Mandate that all identity issuers/verifiers operate under fiduciary and data-protection standards.  
- **Human-rights overlay:**  
  - Codify inalienable identity rights in new federal guidelines (e.g., NIST SP 800-63 update).  
- **Equity safeguards:**  
  - Require automated disparate-impact assessments and independent anti-bias audits.  
- **Immediate next step:**  
  - Commission a joint NIST–DHS working group to draft and pilot the model language.  

---

## VIII. Conclusion  
- **Reiterate:**  
  - Moving beyond property metaphors to a Principal Authority core, bolstered by layered legal regimes, is how we deliver durable, equitable SSI.  
- **Call to action:**  
  - Urge policy-makers to adopt this comprehensive rights-and-duties framework as the national standard.