Q. Lawyers like the term “trust framework.” Is there a better framing?
I prefer “accountability framework.” Here’s why.
Trust is a meta-goal for the overall system and transactions within it. I think naming the techno-legal policy sandwiches “trust frameworks” is a mistake.
These frameworks, which are the Identity Ecosystem’s default, connect the Identity Ecosystem’s participants through technology, contractual, and economic layers. Each of these layers have their own design and implementation challenges. Making the layers support each other is another kind of challenge. We expect accountability framework layers to complement each other, reinforcing constructive behavior, leading to a healthy ecosystem.
Credit card networks work this way. They connect banks, merchants, and individuals to each other in ways that build trust in the network, pay for the network, and manage individual and network risks.
Legal liability and political concerns are thorny. If a citizen uses a bank-issued digital identity credential to login to the IRS, who is liable if something goes wrong? These “trust frameworks” combine technology interop and contractual policy frameworks that help the parties “trust” identities (believe they are accurate) issued by another party in the system. Within a section of my NSTIC NOI response, I suggested a better name for the frameworks might be “accountability frameworks.” The Trouble With Trust: The Case For Accountability Frameworks is my post on the topic.
The issue at its core is about how “trust” means different things in different contexts at different scales. Regular citizens participating in a “trust framework” will think all the people and entities within a “trust framework” are trustworthy and the underlying policies are good and respect people’s data and identities. That’s not necessarily true. All a trust framework’s rules do is name the policies for a particular system; these may not be good for users or organizations within them.
The path to bringing a thriving personal data ecosystem into being will be through the development of multi-party networks using rules (accountability frameworks) in alignment with people, and that respect the individual. Let’s look for inspiration to the ways the banking/credit card network exchange valuable information/currency. You can see designs that manage risk and liability, and create accountability with trust-frameworks/system rules for digital systems.