By Ian Harris & Professor Michael Mainelli

Introduction

With the advent of General Data Protection Regulation, but increasing consumer mistrust of information usage, and several issues to do with anti-money-laundering, know-your-customer, and ultimate-beneficial-ownership, attention has turned to the potential of smart ledger to provide a technical solution. Distributed ledgers seem ideal for private distributed identity systems, and many organizations are working to provide such systems to help people manage the huge amount of paperwork modern society requires to open accounts, validate yourself, or make payments. Taken a small step further, these systems can help you keep relevant health or qualification records at your fingertips.

Using “smart” ledgers, you can forward your documentation to people who need to see it, while keeping control of access, including whether another party can forward the information. You can even revoke someone’s access to the information in the future. However, what is ‘the universe’ of possible permissions? Can we construct a ‘permission algebra’ that allows us to code and set parameters for all possible use cases, or must we construct on a case-by-case basis and learn from failure?

Situation and Problems

Information management through physical and logical access control is a model for closed data systems, not the open information systems proliferating today. Distributed and web-based information systems have the potential to deliver huge benefits to individuals, organisations and society as a whole. Overly constraining rules on information use is a significant constraint on progress with potential benefits from distributed and open systems.

Individuals find it difficult enough to decide on express consents around personal data contained in closed systems. Optimising conflicting personal goals of convenience and privacy through express permissions for personal information use in open systems is at best tricky and imostly impossible. In most cases, either consent needs to be implied or the data cannot be used.

It is hard for corporates to resolve these issues through offerings with strong benefits. The problem domain is ill-defined, rapidly changing and confusing. In any case, corporates are not well-trusted in this space, neither by the general public nor by the regulatory authorities.

Regulatory regimes by their nature tend to fall behind when distruptive technologies are changing the regulatory environment rapidly. General Data Protection Regulation (GDPR) is a progressive step, but remains firmly rooted in the “access control” view of the world; a data protection rather than an information accountability paradigm. Further, there is a natural tendancy for regulators to take a precautionary approach; if anything, to err towrads “lowest common denominator” prohibition rather than a presumption of permission.

Possible Impacts and the Need For Research

Potentially society is missing out on a swathe of benefits from open information with implicit permission. Health information is often cited in this context and there are myriad examples, from improved diagnosis/prognosis for specific illnesses to more joined-up medicine and care, e.g. for the elderly and disabled. Education and civic planning are other areas where society could benefit from more pragmatic models for open information use. Consumers could also benefit if presented with a better blend of comprehensible choices and defaults for personal information use, such that informed consumers can try to optimise their personal “settings”.

Some Areas Ripe For Research

Are normative questions of permission and obligation solvable through algorithmic methods? Conventional algorithms are based on predicate logic, which does not fit easily with normative questions such as permission and obligation. An emerging school of thinking has latched on to deontic logic, which might hold part or all of the answer. But many supplementary questions remain:

1. Normative values around information permissions and obligations change rapidly and have many cultural variations – could systems based on deontic logic adapt easily to changes and variations in normative values?
2. “Common sense” and principlism ethics suggest that information permission and obligation questions might, in essence, be a combination of consequential issues (weighing up possible benefits against possible harm) and normative values (judgements pertaining to autonomy and justice). Traditional teaching of logic suggests that you cannot mix predicate “is” logic with deontic “ought” logic, but is that necessarily so?
3. Can we utilise the tools and techniques we are developing as and for open/distributed information systems, such as mutual distributed ledgers (MDLs) to help solve the problems around permissions and obligations? For example, MDL-based identity systems could readily be adapted to enable individuals to configure their own permissions regime (if they wish), although the problem of regulatory authority-based default settings would not be entirely resolved by such bottom-up methods.
4. Can we utilise the power of machine learning (such as support vector machines) to help build pragmatic models to solve information permission and obligation problems. John Dewey’s philosophy of pragmatism aims to bring consequentialist and deontic ethics and logic together through experimental logic. Bertrand Russell suggested that experimentation was, essentially a consequentialist construct; indeed many modern thinkers assert that machine learning is essentially a consequentialist construct. But perhaps we tend to pigeon-hole machine learning as consequentist because it emerges from predicate logic. But it is entirely possible that we haven’t yet deployed machine learning appropriately to grapple with problems that are potentially solveable through deontic logic and therefore pragmatically solveable.

Further Reading, Surfing & Browsing

Lokhorst, Gert-Jan C. Ernst Mally's Deontik (1926). Notre Dame J. Formal Logic 40 (1999), no. 2, 273--282. doi:10.1305/ndjfl/1038949542. https://projecteuclid.org/euclid.ndjfl/1038949542

A theory of permission based on the notion of derogation, Audun Stolpe, Journal of Applied Logic, Volume 8, Issue 1, March 2010, Pages 97-113

Deontology Or Trustworthiness? A Conversation Between Molly Crockett, Daniel Kahneman, The Edge, 16 June 2016, https://www.edge.org/conversation/molly_crockett-daniel_kahneman-deontology-or-trustworthiness

Inference of trustworthiness from intuitive moral judgments, Everett, Jim A. C.,Pizarro, David A.,Crockett, M. J.. Journal of Experimental Psychology: General, Vol 145(6), Jun 2016, 772-787

Permission to Speak: A Logic for Access Control and Conformance, Nikhil Dinesha, Aravind Joshia, Insup Leea, Oleg Sokolsky, Journal of Logic and Algebraic Programming, Volume 80, Issue 1, January 2011

A Modern Introduction To Moral Philosophy, Alan Montefiore, Routledge & Kegan Paul PLC, December 1958

Logical Method and Law, John Dewey, 10 Cornell Law Quarterly 17, 1924 – also see Dewey’s New Logic, Bertrand Russell, 1939 and Dewey's New Logic!: A Reply to Russell, Tom Burke, University of Chicago Press, 1994

Wikipedia definitions (links also placed within the paper):

https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

https://en.wikipedia.org/wiki/Predicate_(mathematical_logic)

https://en.wikipedia.org/wiki/Deontic_logic (for more on deontic logic, also see https://plato.stanford.edu/entries/logic-deontic/)

https://en.wikipedia.org/wiki/Principlism

https://en.wikipedia.org/wiki/Distributed_ledger

https://en.wikipedia.org/wiki/Support_vector_machine

Z/Yen Writings On Identity And Smart Ledgers

Mainelli M 2017 Blockchain Could Help Us Reclaim Control Of Our Personal Data Harvard Business Review, Harvard Business School Publishing Corporation (5 October 2017).

Mainelli M 2017 Blockchain Will Help Us Prove Our Identities In A Digital World Harvard Business Review, Harvard Business School Publishing Corporation (16 March 2017).

Mainelli M 2016 No More Mr And Mrs X (identity systems) Duke Dialogue, Lid Publishing (September 2016), pages 22-23.

Mainelli M and Gupta V 2016 Distributed Ledger Identity: Misplaced Trust Banking Technology (February 2016).

Mainelli M 2015 Stranger Danger – What’s The Identity Matter? Transaction Banking by D Sign (August 2015). This article is part of a series on the Transaction Banking.