An ethical data governance framework for confidential computing platforms

Anirban Basak
25 min readMar 16, 2023

Authors: Anirban Basak, Thomas Hardjono, and Richard Whitt

A laptop is seen from behind while a user has their hands on the keyboard and trackpad and security and privacy icons float above.

“Study the past if you would define the future.” –Confucius

Overview and Summary

The FortifID, Inc. confidential computing platform constitutes two cutting edge technologies: the open algorithm (OPAL), and the trusted execution environment (TEE). Taken together, the OPAL/TEE platform is designed to reverse the pernicious Web paradigm of extractive and manipulative data practices, by giving end users more control, privacy, and security over their personal data.

An explicit governance system is an especially critical component of a multisided platform. With FortifID’s platform, diverse sets of stakeholders — including data producers, data consumers, data subjects, and FortifID itself — operate under differing incentives and power asymmetries. To make the OPAL/TEE technology solution a commercially viable proposition, a necessary element is the ethical governance of data flows between and among those entities within the FortifID ecosystem, including its Circle of Trust (“CoT”).

If ultimately adopted by FortifID and its CoT members, such a governance paradigm could be rooted in two traditional concepts: (1) the multisided commercial platform (originally instantiated in the ancient Greek marketplace agora), and (2) entity-to-client duties of care and loyalty (originally found in common law fiduciary obligations). In turn, this ethical paradigm can become a key component of what can be considered a horizontal trust framework.

I. Governing at Multiple Levels

Governance essentially means the “rules of the road” pertaining to a particular system or service. Data governance refers to the principles, policies, and practices applicable to data — often personal or sensitive data — flowing through entities’ internal networks.

There are two general ways to think about the applicability of governance regimes. In the macro sense, data governance encompasses the government-based laws and regulations that mandate or preclude certain marketplace actions. Examples include GDPR in Europe, CCPA/CPRA in California, and sector-specific laws such as HIPAA (health care data) and COPPA (children’s data). In each case, the specific governance elements are imposed from outside an entity, typically unilaterally by government fiat.

In the micro sense, an entity agrees to embed certain elements of data governance into its daily offerings and activities. Examples include general terms of service, data protection policies, user privacy policies, authorized use policies, recommendation engine notifications, and third-party cookie notifications. In each case, the specific governance elements are adopted and implemented from inside an entity — often in response to a macro governance element.

When those micro practices are extended beyond the entity to third parties, they are said to be part of “horizontal” governance.

II. Unique Challenges of the Multisided Platform

The History of Platforms: Agoras Through the Ages

For thousands of years, economic markets were primarily physical and local. Buyers and sellers connected through innovations like farmers’ markets and trade exchanges. In ancient Greece, the agora also served a wider societal function as a gathering place for commerce, politics, discourse, and entertainment.

In time, this connectivity function became its own successful business model. These exchanges do not necessarily (or solely) produce goods or distribute services of their own; instead, their primary value can be found in their ability to directly connect different customer groups and enable transactions¹. In short, they are useful platforms for carrying out commerce.

While prevalent throughout history, these market exchanges have only recently received serious attention in the economic literature. Noted French economist and Nobel-winner Jean Tirole formalized research efforts back in 2002. He first used the phrase “multi-sided markets” in his analysis of modern-day platforms such as the credit card business.² Since then, the term “multi-sided platform” (MSP) has gained general uptake.

It turns out that precisely defining what a platform is can be surprisingly difficult. Some use the term to describe the foundation of a product, such as an automotive chassis platform. Others use it to refer to a broad-based technology, like the Intel platform. Another group employs the term to talk about economic transactions, such as the eBay online platform.³ Initially, it may be useful to think broadly about a platform as a nexus of standardized rules and infrastructure that facilitates interactions among different users of physical and virtual networks.

Reillier puts it squarely into a narrower, commercial context: platforms are “businesses creating significant value through the acquisition, and/or matching, interaction, and connection, of two or more customer groups to enable them to transact.”⁴ Examples include malls which link consumers and merchants, and newspapers which connect subscribers and advertisers. They also include operating systems, game consoles, payment systems, ride-share platforms, smart grids, healthcare networks, and social networks. If a network is a type of system, a platform can be considered one type of network.

The critical asset in a platform is the community, which includes its members’ resources. The more traditional pipeline model includes an enterprise that relies on a supply-chain to deliver goods and services to consumers in a retail market. When an entity decides to move instead to a platform model, three fundamental shifts in focus occur:

  • From controlling scarce and valuable resources, to orchestrating community resources;
  • From optimizing and dictating internal processes, to facilitating external interactions; and
  • From increasing customer value, to maximizing total ecosystem value.⁵

Similarly, the platform-powered ecosystem is a business comprised of a mix of business models, including platforms. Why then move from the traditional pipeline to a platform mentality? Perhaps because, as Van Alstyne and his colleagues have found, when platforms decide to enter into a market that relies on the pipeline business model, “the platforms virtually always win.”⁶

Apple’s iPhone is an example of a platform designed to facilitate a classic two-sided market for app developers and app users. The growth in participants on both sides of the market led to sizable networks effects, a key part of platform strategy. These demand-side economies of scale mean that firms attracting more platform participants than their competitors can offer a higher average value per transaction. The resulting virtuous feedback loop of greater scale generates more value, which attracts more participants, which creates more value, and so on, in an iterative fashion.⁷

The Economics: Data Harvesting Meets Network Science

Over the past twenty years, most public attention has focused on the economic shift from the physical to the digital world, as abetted by the Internet — a virtual platform in its own right. The Internet is a classic General Platform Technology (GPT), a generic technology that over time comes to be widely used across the economy. The GPT enables many different and innovative uses, facilitates complementarities with existing and emerging technologies, and produces many spillover effects.

However, another profound economic shift has occurred in tandem: from traditional linear markets to multi-sided, digital platform markets.⁸

In particular, two-dimensional pipeline business models (buyers and sellers) are being transformed into multi-dimensional commercial platforms and ecosystems. These new platforms constitute a novel type of commercial firm which uses digital infrastructure to enable groups to interact. The digital era, with its ubiquitous computing power, widespread online access, and growing roles for mobile and environmental devices, presents unprecedented opportunities to expand and deepen the world’s access to information.

As with defining platforms more generally, deciding which entities fit in the multi-sided platform (MSP) bucket is not an easy task. As Nick Srnicek identifies, an MSP has four key characteristics, it:

  1. positions itself as an intermediary between users and the ground upon which its activities occur;
  2. produces and is reliant on network effects;
  3. uses the cross-subsidization of different services; and
  4. controls the rules of governance of interactions.⁹

Harold Feld of Public Knowledge produced a three-pronged test of his own for what he calls “digital platforms” — they

  1. provide a two-sided or multi-sided market;
  2. are accessed via the Internet, and
  3. have at least one side that is marketed as a “mass market” service.¹⁰

There is no compelling need to settle here on any one particular formulation. Instead, we will employ the generic term “MSP” to describe these multifaceted online structures and processes utilized by networked emerging technologies.

The OPAL/TEE platform meets these various definitions of a MSP. The platform positions itself as an intermediary between its users — data producers, data consumers, end users, and other stakeholders — and operates as the ground upon which its activities occur. As more and more entities utilize the platform, it also produces network effects. The platform also controls the rules of governance of interactions.

III. Elements of a Trust Framework

A trust framework consists of a set of “system rules.” These consist of:

  • The set of specifications, rules and agreements
  • Used to govern a variety of multi-party systems
  • Bound by a set of requirements,
  • Where participants desire the ability to engage each other in a common type of transaction
  • In a consistent & predictable manner that is
  • Legally enforceable.

Examples include:

  • Credit Card systems (MasterCard, Visa)
  • Electronic payments (SWIFT, NACHA)
  • Domain name registration (ICANN)
  • Identity systems (FICAM, SAFE-BioPharma, OIX)

In each case, the common characteristic is that each participant needs assurances that other participants will follow the same set of rules applicable to its particular role.

IV. Tangible Commercial Benefits of a Trust Framework

By building stronger ties of mutual trust and support between CoT members, a horizontal trust framework offers important operational benefits. These include the opportunity and ability to develop uniform formats and functions for four key OPAL/TEE platform components: (1) APIs and other software interfaces, (2) consumer data, (3) decision-making algorithms, and (4) a secure enclave for data providers and data consumers.

In turn, the resulting fully standardized, interoperable, and accessible insights system can yield tangible commercial benefits, including:

  • reducing operational costs with uniform approaches to all OPAL/TEE functions, including standardizing data re-use;
  • reducing compliance costs and risks from holding consumer data, including dealing with consumer-granted rights to access and delete data;
  • designing new data-related service offerings which allow participants to offer unique insights and information derived from shared algorithmics on their respective (private) data sets; and
  • broaden market adoption of a participant’s existing services by enhancing it with additional functionalities, through combining with algorithms and data-sets from other participants.

A horizontal governance structure is an important step to explore regarding novel and effective ways of managing insights-based commercial relationships.

Today, with non-FCRA data and other use cases, the current agreements between FortifID and CoT members work well. In large part this stems from how the platform functions remain relatively circumscribed — with minimal interfaces, a narrow scope of data shared, and a limited number of algorithmic questions asked and answered.

With CRA data, however, a new type of horizontal agreement is necessary to facilitate the sharing of insights, between and among CoT members, and with the FortifID platform. The introduction of an MSP bring both new complexities, and new commercial opportunities.

In particular, more robust APIs, more types of consumer-related data, more algorithmic decisions, means the possibility of many more useful insights for CoT members. That immense commercial potential needs to be buttressed by the elevated levels of mutual trust and support that a new horizontal agreement can provide.

V. Devising System Rules for Open Algorithms (OPAL) and TEE

The FortifID platform facilitates an online environment for query/response transactions, based on the principles of Open Algorithms (OPAL) and trusted execution environment (TEE). The trust framework delineates those system rules where individuals, organizations, and services can trust each other. That trust stems in part from the notion that authoritative sources establish the algorithms, data-sets and the identification of entities permitted to participate in the system. Importantly, when the governance structure is built right into the platform, technology guarantees can be situated to support, if not supplant, business and legal guarantees.

Characteristics of an OPAL/TEE Trust Framework

The system rules instantiated in the OPAL/TEE trust framework define and govern the operation of that specific data sharing system, and the obligations of its participants. These rules define the roles and functions required for the operation of the data sharing system. Their purpose is to ensure both the functionality and trustworthiness of the system. These rules can be written by any one of a number of entities or organizations — a managing or controlling entity, a committee of participants, a consortium, or a government agency; or legislative body — and can take any written form. The common factor is that they legally bind participating entities with role-specific sets of duties and liabilities.

An OPAL/TEE trust framework should consist of:

  • Set of rules, methods, procedures and routines, technology, standards, policies, and processes,
  • Applicable to a group of participating entities,
  • Governing the collection, verification, storage, exchange of
  • Algorithms (for specific data-sets) which
  • Provide information and insights about an individual, a community, or organization
  • Under their consent
  • For the purpose of facilitating risk-based decisions.

Basis of Trustworthiness

Risk Management: addresses and manages risks inherent in participating in the data sharing system;

Legal Certainty and Predictability: it addresses the legal rights, responsibilities, and liabilities of the participants, and eliminates the uncertainty of the application of existing law not written for data sharing systems;

Transparency: by making the terms of the specifications, rules, and agreements comprising the system rules accessible to all participants.

VI. Defining Duties of Care and Loyalty

The law of fiduciary relationships is a complex one, entwined with centuries of equity, torts, and other common law doctrine.¹¹ Fiduciary law principles have been applied across a vast array of human endeavors,¹² and most major global cultures.¹³ More recently, elements of this private law regime have been extended by scholars to the public law realm, as articulated in the “fiduciary theory of government” for both citizens’ relationships to their own governments,¹⁴ and to human rights vis-à-vis international institutions.¹⁵ Some scholars even believe the U.S. Constitution itself should be viewed as a fiduciary instrument, premised on power of attorney-like obligations of care, loyalty, and impartiality.¹⁶

Recently, there has been a renaissance of sorts in the study and application of fiduciary doctrine. As leading fiduciaries law scholar Tamar Frankel has aptly noted, “throughout the centuries the problems that these laws were designed to solve are eternal, etched in human nature, derived from human needs, and built into human activities.”¹⁷ Over time, fiduciary duty has become a legal category unto itself, embracing a range of different types of entities and relationships. At its core, however, the law of fiduciaries provides for the assignment of certain moral and legal obligations to people and entities engaged in exchanges of value with each other.

Despite (or perhaps due to) the lengthy history of fiduciaries in common law, some find that “[t]here is considerable uncertainty over the basis, nature, and scope of fiduciary duties as well as their justification.”¹⁸ In part, “fiduciary obligation eludes theoretical capture because it arises in diverse types of relationships.”¹⁹ As a result, the doctrine is uniquely bound to the relevant context.²⁰ As one author has noted, translating fiduciary duties into various online settings can facilitate the creation of “digital trustmediaries” to serve as trusted online agents representing the best interests of individuals.²¹

A Basis in Entrusted Power

The crucial linchpin of every fiduciary obligation is what Frankel calls “entrusted power,” affecting the existence, nature, and rules of such relationships.²² The core concept is that an individual or entity (the “entrustor”) grants access to property, or some other thing of value, to specified fiduciaries, for the purpose of having them undertake tasks that benefit the entrustor.²³ Or as scholar Paul Miller puts it, a fiduciary relationship is one in which one party exercises discretionary power over the significant practical interests of another.²⁴ In fiduciary relationships, “entrustors are always the vulnerable party.”²⁵

To Frankel, “all definitions [of fiduciaries] share three main elements: (1) [the] entrustment of property or power; (2) [the] entrustors’ trust of fiduciaries, and (3) [the] risk to entrustors emanating from the entrustment.”²⁶ In particular, fiduciaries offer expert, and usually socially desirable, services, and are granted the property or power to carry out their duties. So, fiduciary relationships often carry a unique blend of the extent of entrustment, degrees of trust, and levels of risk. Likelihood of a failed relationship can come from entrustors failing to protect themselves, markets failing to protect entrustors, or where the costs for fiduciaries to establish their trustworthiness exceeds their benefits from the relationship.²⁷

These common law relationships can be translated effectively into the context of consumer retail financing. There, individual consumers (the entrustors) trust their personal information to fiduciaries (bureaus and financial institutions), who are responsible for safeguarding their interests. If operating correctly, this market would facilitate the offering of competitive financial instruments to benefit consumers, leading to an ecosystem of digital trustmediaries.²⁸ However, by their rampant sharing and selling of consumer raw data, the fiduciaries have failed to live up to consumer trust.

Deepening the Queries: Why, What, Who, and How

At this juncture it would be useful to break out fiduciary doctrine into its basic components. These include understanding why there are such duties in the first place, what are the interests at stake, who are the players involved, and how are the substantive standards defined and applied.

1. The Why: Trust versus Power

The simplest question is, why does fiduciary law exist in the first place? Frankel’s response is straightforward: the duty of loyalty is rooted in asymmetric power relationships between two parties.²⁹ Once a relationship has been established, fiduciaries enjoy power over beneficiaries.³⁰ Others concur.³¹ Miller observes that power may mean a number of things in different contexts, including “control, authority, strength, or influence,” among others.³²

Not surprisingly, entrusted power rises with the number of entrustors, and the amount of entrusted assets.³³ In turn, the formation of an actual fiduciary relationship involves three related structural properties between the fiduciary and the beneficiary/entrustor: inequality, dependence, and vulnerability.³⁴ One basis of the fiduciary’s power over the entrustor is the disparity of knowledge, expertise, and experience between the two parties.³⁵ Nonetheless, the source of entrusted power, and conflicting interests, often can be hidden from the beneficiaries.³⁶ As a result, the issue of trust emerges over and over again as the pivotal consideration.³⁷

For the most part, common law recognizes services that require certain levels of expertise or experience in the fiduciary, that otherwise are lacking in the beneficiary. Prime examples include the medical profession, the legal profession, and certain financial sectors. Entrustment of power or property to those providing these kinds of services triggers the obligation.

2. The What: Personal and Practical Interests

The entrustment of power means shifting decisional control over something. What is that something? Traditionally, the gravamen of the relationship has been a type of tangible asset, such as a financial instrument or real property. In some legal trusts, however, the healthcare of the entrustor is at issue; in others, the legal status.

Because fiduciary power is relational, the “what” is limited only by what is deemed important to the entrustor. As a result, often the relationship deals with, and profoundly affects, people’s practical interests, even to more intangible matters of personality, welfare, or rights.³⁸ D. Gordon Smith posits for example that the gravamen of fiduciary duties is a “critical resource,” which includes tangible property, but of which the most important category is confidential information.³⁹

So, the “what” of fiduciary power extends to information derived from the underlying relationship. Brooks points out that “relational knowledge” — special information that fiduciaries acquire about their beneficiaries — is key to the economic logic and the law supporting these relationships.⁴⁰ These entities “[o]ftentimes [have] even more knowledge, in some respects, than beneficiaries possess about themselves,” which includes “knowing their beneficiaries’ personal and otherwise private information ….⁴¹ But the reach is broader than that. As Brooks goes on to explain:

“In addition to knowing their beneficiaries’ personal and otherwise private information, fiduciaries normally have or should have superior knowledge concerning the external circumstances to which this information may be put to use in the context of their relationship as well as beyond.”⁴²

So, entrusted power relationships encompass many forms of tangible and intangible “stuff,” often of a deeply personal nature, subject to a defined range of discretionary decisions and actions.

3. The Who: Status and Consent

Another gating question is to whom fiduciary obligations should be applied in the first place. Generally speaking, fiduciary duties either can be imposed (based on an entity’s status, its specific role vis-à-vis its customers) or assumed (based on the entity’s consent to take on the enunciated duties.⁴³

The “status” finding often is based on the answer to the What question: an entity’s access to sensitive information about a person, such as health, wealth, and criminal or civil culpability. Such access entails a necessary degree of trust between the parties. So, attorneys and their clients, physicians and their patients, guardians and their wards, clergy and their parishioners, and (some) financial agents and their clients — all can be considered in more “formal” fiduciary relationships.⁴⁴

By contrast, “consent” status relates to an entity’s voluntary undertaking or “holding itself out” to, a specified fiduciary standard. These duties can be laid out in places like professional codes of conduct or industry principles. Scholars such as Edelman suggest that all meaningful forms of fiduciary relationships arise in consensual settings, where fiduciaries have voluntarily undertaken their obligations.⁴⁵ On the other hand, courts tend “to impose fiduciary duties where one party has a continuing authority or power over another, which is” difficult “to monitor and control, and which exposes the entrusting party to” domination, undue influence, or a special vulnerability.⁴⁶

According to one scholar, there are three principal modes of authorizing or requiring a fiduciary relationship: mutual consent of the parties, unilateral undertaking by one party, and legal decree.⁴⁷ The latter can be derived by court decisions, legislative acts, or regulations.

4. The How: Care and Loyalty — and Other Obligations

At the core of fiduciary obligation “lies a suite of duties designed to nullify any temptation to sacrifice the interests of the beneficiary.”⁴⁸ Precisely how potential fiduciary obligations are carried out typically boil down to two separate sets of duties,⁴⁹ both with roots in ancient concepts:

  • Duty of care: The fiduciary satisfies this standard by executing its services with prudence, attention, and proficiency. This standard relates to the quality of the fiduciary’s performance of its services. In some circles, this translates as well into not acting in a way that amounts to negligence, by not materially harming the entrustor.
  • Duty of loyalty: The fiduciary’s obligations relate directly to entrusted power and property, and amount to avowing conflicts of interest, as well as affirmatively promoting the interests of the client.

There is some lively scholarly dispute over how these two sets of duties play out in fiduciary relationships. Most scholars believe, however, that the “duty of loyalty” is the single distinctive obligation at the core of fiduciary relationships.⁵⁰ Indeed, “[a]cross jurisdictions and across theories, there is common ground on a basic conclusion: loyalty is vital in fiduciary relationships.”⁵¹ Indeed, “[w]ithout fiduciary loyalty, the relationships would arguably not be fiduciary at all.”⁵² Other experts acknowledge the fundamental divergence, but common fiduciary law foundations, between the two sets of duties.⁵³

The substance of these two duties is also less than perfectly settled. Nonetheless, the core components, rationale, and trendlines are relatively well established in many jurisdictions.

Fiduciary Care

While duties of care abound in private law, particularly tort law, many commentators highlight a distinctive version in fiduciary law doctrine.⁵⁴ In both versions, the party who exercises a sufficient degree of care is relieved of liability. In tort law, for example, this translates into the avoidance of injurious wrongs, or harm to the other party.⁵⁵

The more unique fiduciary component, however, creates an additional objective standard, one of ordinary care, prudence, and diligence by a party with particular knowledge or skills carrying out its assigned duties.⁵⁶ The rationale is that the fiduciary beneficiary is in a position of vulnerability vis-à-vis the fiduciary. So while the non-fiduciary version of the duty is ordinary care (“harm avoidance”), the fiduciary version adds in the exercise of diligence and skill in one’s conduct (what has been termed “prudent conduct” or “proper performance”).⁵⁷ In some legal circles this also can be seen as a variant on the standard of “gross negligence.”⁵⁸ As a result, a fiduciary duty of care can be breached by an entity’s mis-performance, even absent any injury to the beneficiary.⁵⁹

The content of the duty of care can be highly contextual. For example, the obligation can be quite lax as applied in corporate law (shielded in part by the business judgment rule), while highly stringent in trust law (amounting to a relatively strict standard of prudence).⁶⁰ The substantive difference in standards derives from the divergent interests of the parties.⁶¹

Fiduciary Loyalty

Fiduciary loyalty clearly constitutes a higher standard than fiduciary care. In comparing the two, Frankel makes clear that the duty of care is “not as weighty and prohibitory.”⁶²

One can consider this duty [of care] to be weaker than the duty of loyalty. In contrast to the duty of loyalty, which is linked to misappropriation of entrustment, a violation of the duty of care is linked to lack of expertise, inattention, and negligence.⁶³

Like the fiduciary duty of care, the fiduciary duty of loyalty contains its own core element. In this case, as Andrew Gold explains, the “no-conflicts” rule has been deemed proscriptive (a “thou shall not”). This so-called “thin” version, based in part on the law of trusts, is composed of two elements.

  • Conflicts of interest (between the pursuit of self-interest, and the fulfillment of a duty to act for the benefit of the beneficiary). The “no profits” rule (fiduciary cannot gain from a conflicted transaction) often is subsumed within this bucket.
  • Conflicts of duty (between duty, and pursuit of others’ interests). This comes into play in particular when the fiduciary is serving multiple beneficiaries.⁶⁴

In most cases, the duty of loyalty goes beyond its proscriptive foundation. Typically, it is combined with the related fiduciary duty of care (prudent conduct), duty of good faith (faithfulness and devotion to the beneficiary), and duty of disclosure (shares accurate information), to create a prescriptive obligation to act in the best interests of the beneficiary. Again, the rationale is to protect the vulnerable party from opportunistic behavior.⁶⁵ The content of the duty of loyalty “should depend on the potential for opportunism,” or abuse of power; the “duties become more intense as the fiduciary’s power grows.”⁶⁶

This “best interests” (sometimes referred to as “thick”)⁶⁷ notion is key to understanding the unique content of the loyalty obligation.⁶⁸ This composite form of loyalty “can be defined as a state of mind and a manner of behavior in which one person identifies with the other person’s interests.”⁶⁹ Smith explains further that “the duty of loyalty requires the fiduciary to adjust her behavior on an ongoing basis to avoid self-interested behavior that wrongs the beneficiary.”⁷⁰ To some, the duty amounts to advancing practical interests of beneficiaries;⁷¹ to others, adopting “other-regarding preference functions.”⁷² In perhaps more quantifiable terms, the duty amounts to “demonstrable partiality.”⁷³

So, in brief, the standalone, “thin” fiduciary duty of loyalty can be thought of as the “no conflicts” obligation. The more expansive, composite or “thick” fiduciary duty of loyalty amounts to a “best interests” obligation.

It is worth noting that the “fiduciaries governance theory” has been developed and applied to a variety of situations where there is no obvious designated individual or entity. While the loyalty standard itself largely remains the same, the object of the duty is an abstract, other-regarding purpose.⁷⁴ In practice, this can include “statements of common purpose” for a specific mission.⁷⁵ The classic example is the charitable purpose trust,⁷⁶ but public benefits corporations, non-profits, and even public corporations all can adopt such an object-oriented loyalty duty.⁷⁷

By way of comparison, then, the general and fiduciary duties of care, as well as the “thin” version of loyalty, present as objective, “reasonable person” standards, and proscriptive (something to be avoided) in nature. By contrast, the “thick” duty of loyalty is a more subjective standard, prescriptive in nature (something to be done), based on what is perceived to be in the beneficiary’s best interest.⁷⁸ Put in medical terms, getting more exercise is prescriptive; avoiding alcohol is proscriptive.

VII. Putting It All Together

How should we align the various entities and data flows, in a way that optimizes the salient duties between them, while still providing ample flexibility to accommodate pro-market arrangements? Here are the stakeholders who would be involved the OPAL/TEE platform:

  • Data providers: Entities with consensual access to personal data
  • Data consumers: Entities seeking consensual access to personal data
  • Data subjects: Entities with personal data
  • MSP Platform: Entity seeking to tie together the divergent yet related interests of the other stakeholders.

These four sets of stakeholders have varying expectations from the OPAL/TEE technology that drives the confidential compute platform. Obviously these expectations can be tied to their own commercial interests and financial incentives. At the core, however, the operative question at this stage is: what sorts of duties should bind these groups of entities, so that they function together as a legitimate circle of trust?

As noted above, the core fiduciary duties are those of confidentiality, care and loyalty. First, to work together effectively, it would seem that each stakeholder should adhere to a duty of confidentiality, keeping close the sensitive information that it might acquire as part of the intertwined relationships. Second, the duty of care — do no harm — would ensure that parties, even when acting in their own best interest, would not disrupt the interests of fellow stakeholders.

It is the third duty, of loyalty, that deserves to be applied more selectively. Loyalty is a strong bond between entities, one not easily forged without extensive trust. Mandating no conflicts of interest in every transaction and interaction is a tall order, one that likely would hamper the commercial viability of the ecosystem. For that reason, only certain of the interactions between the parties should be subject to a duty of loyalty. These would include, for example, situations where one entity’s sensitive data is being shared with others within the Circle of Trust — including by the FortifID platform itself. In those cases, the parties would be serving as “digital trustmediaries” to each other.⁷⁹


By combining the open algorithm and the trusted execution environment, the FortifID platform can give ordinary end users far more control, privacy, and security over their personal data. However, the platform’s functionality can only become viable commercially if an ethical governance framework is embedded into its core. This ethical paradigm can become a key component of what can be considered a horizontal trust framework.

Under such a framework, the data flows between and among the diverse entities within the FortifID ecosystem — including fiduciary data producers, data consumers, data subjects, and FortifID itself — would be governed by duties of confidentiality, care, and loyalty. If the framework is established correctly, these entities can become viable stakeholders in a virtuous Circle of Trust.


[1]: Laura Claire Reillier & Benoit Reillier, Platform Strategy: How to Unlock the Power of Communities and Networks to Grow Your Business 4 (2017).

[2]: See Jean Tirole & Steven Randall, Economics for the Common Good 378–400 (2017).

[3]: Reillier & Reillier, at 21–22.

[4]: Id. at 21–28.

[5]: See Geoffrey G. Parker et al., Platform Revolution: How Networked Markets are Transforming the Economy — And How to Make Them Work for You (2017); see also Marshall W. Van Alstyne et al., Pipelines, Platforms, and the New Rules of Strategy, Harvard Bus. Rev. (April 2016),,

[6]: Van Alstyne et al., at 174.

[7]: Id.

[8]: Reillier & Reillier, at 12.

[9]: Nick Srnicek, Platform Capitalism 43–48 (2016).

[10]: Harold Feld, Platform Regulation Part II: Defining “Digital Platform”, Public Knowledge (July 18, 2018),

[11]: Richard S. Whitt, Old School Goes Online: Exploring Fiduciary Obligations of Loyalty and Care in the Digital Platforms Era, 36 Santa Clare High Technology Law Journal 75 (December 2019).

[12]: The Oxford Handbook of Fiduciary Law (Evan J. Criddle, Paul B. Miller, & Robert H. Sitkoff eds., 2019). Entire book chapters separately cover agency, trust law, corporate law, nonprofits law, banking, pension law, employment law, bankruptcy, family law, legal representation, health care, public affairs, and international law. Id. at 23–363.

[13]: Legal systems discussed at length include English common law, canon law, Roman law, classical Islamic law, classical Jewish law, European civil systems, Chinese law, Indian law, and Japanese law. Id. at 471–663.

[14]: See Fiduciary Government (Evan J. Criddle, Evan Fox-Decent, Andrew S. Gold, Sung Hui Kim, & Paul B. Miller eds., 2018).

[15]: See Fiduciaries of Humanity (Evan J. Criddle & Evan Fox-Decent eds., 2016).

[16]: See Gary Lawson & Guy Seidman, A Great Power of Attorney: Understanding the Fiduciary Constitution (2017).

[17]: Tamar Frankel, Fiduciary Law 79 (Dec. 17, 2010).

[18]: Paul B. Miller, The Fiduciary Relationship, in Philosophical Foundations of Fiduciary Law 63 (Gold & Miller, 2014).

[19]: Deborah A. DeMott, Beyond Metaphor: An Analysis of Fiduciary Obligation, 1988 Duke L.J. 879, 908 (1988).

[20]: See id. at 909.

[21]: Whitt, Old School Goes Online, at 102–121.

[22]: Frankel, at 7.

[23]: See id. at 9.

[24]: Miller, at 69 (explaining the definition as part of his “fiduciary powers theory”).

[25]: Frankel, at 26.

[26]: Id. at 4. That risk in turn depends on the types of services provided, “the nature and magnitude of the entrusted property and power, and the efficient control over the fiduciaries’ ability to abuse the” entrustor. Id. at 25.

[27]: See id. at 6–9.

[28]: Whitt, Old School Goes Online, at 121–131.

[29]: See generally id. at 107–109.

[30]: Id.

[31]: See generally, Gold & Miller.

[32]: Miller, at 69–70.

[33]: Frankel, at 11.

[34]: Miller, at 73.

[35]: Frankel, at 18.

[36]: Tamar Frankel, The Rise of Fiduciary Law, 18–18 B.U. Sch. of L., Pub. L. Res. Paper, Aug. 2018, at 6 (hereinafter The Rise of Fiduciary Law).

[37]: Frankel, at 38; see also Rise of Fiduciary Law, at 9.

[38]: Miller, at 72–73.

[39]: See Smith, at 1441–1444.

[40]: Richard R W Brooks, Knowledge in Fiduciary Relations, in Philosophical Foundations of Fiduciary Law 241 (Gold & Miller, 2014).

[41]: Id. at 237–38.

[42]: Richard R W Brooks, Observability and Verifiability: Informing the Information Fiduciary, U. of Chi. L. Sch. 19 (Oct. 9, 2015),

[43]: Joshua Getzler, Ascribing and Limiting Fiduciary Obligations, in in Philosophical Foundations of Fiduciary Law 39–62 (Gold & Miller eds., 2014).

[44]: Smith, at 1402, 1441.

[45]: The Honorable Justice James Edelman, The Role of Status in the Law of Obligations, in Philosophical Foundations of Fiduciary Law 21 (Gold & Miller eds., 2014).

[46]: Getzler, at 43; Smith, at 1403–04.

[47]: Miller, at 74.

[48]: Getzler, at 41.

[49]: Frankel, at 106–07.

[50]: Gold & Miller, at 1.

[51]: Andrew Gold, The Fiduciary Duty of Loyalty, in The Oxford Handbook of Fiduciary Law 386 (Evan J. Criddle, Paul B. Miller, & Robert H. Sitkoff eds., 2019).

[52]: Id. at 385, 403.

[53]: See, e,g., Hanoch Dagan & Sharon Hannes, Managing our Money: The Law of Financial Fiduciaries as a Private Law, in Philosophical Foundations of Fiduciary Law 107–15 (Gold & Miller eds., 2014) (two distinctive duties of loyalty and of care are found in trust law/fiduciary doctrine).

[54]: John C.P. Goldberg, The Fiduciary Duty of Care, in The Oxford Handbook of Fiduciary Law 405, 405 (Criddle, Miller, & Sitkoff eds., 2019).

[55]: See id. at 405–407.

[56]: Id. at 408.

[57]: Goldberg, at 408 (citing Paul B. Miller, A Theory of Fiduciary Liability, 56 McGill L. J. 235, 282 (2011).

[58]: Goldberg, Fiduciary Duty of Care, at 414–15; Hillary A. Sale, Fiduciary Law, Good Faith, and Publicness, in The Oxford Handbook of Fiduciary Law 763, 765–66 (Criddle, Miller, & Sitkoff eds., 2019).

[59]: Goldberg, at 415.

[60]: Dagan & Hannes, at 99.

[61]: Id.

[62]: Frankel, at 171.

[63]: Frankel, at 169.

[64]: Gold, at 388.

[65]: Id. at 401.

[66]: Smith, at 1482.

[67]: Paul B. Miller & Andrew S. Gold, Fiduciary Governance, 57 Wm. & Mary L. Rev. 513, 557–59 (2015) From a Kantian philosophy perspective, one can discern the possibility of two types of loyalty at play. The “thin” sense of loyalty is a technical, state-enforced obligation, while the “thick” sense of loyalty implies a specific emotional and intellectual orientation of selflessness towards one’s principals. See Irit Samet, Fiduciary Loyalty as Kantian Virtue, in Philosophical Foundations of Fiduciary Law 139–40 (Gold & Miller eds., 2014).

[68]: To Frankel, the two key aspects of loyalty are that the fiduciary acts in the sole (or sometimes “best”) interest of the entrustor, and that there is no conflict of interests with the entrustor. Frankel, at 149–152.

[69]: Id. at 107.

[70]: Smith, at 1409.

[71]: Fiduciary Governance, at 556.

[72]: Smith, Critical Resource Theory, at 1407 (citation omitted).

[73]: Fiduciary Governance, at 547, 562–564.

[74]: Id. at 563.

[75]: Id. at 553 (emphasis in original).

[76]: Gold, at 390 n.33.

[77]: Relatedly, Lawson and Seidman believe that the relevant beneficiaries of the U.S. Constitution as a fiduciary instrument are “We the People … and our Posterity.” Gary Lawson & Guy Seidman, A Great Power of Attorney 145–46 (2017).

[78]: Lionel D. Smith, Can We Be Obliged to be Selfless, in Philosophical Foundations of Fiduciary Law 146–47 (Gold & Miller, 2014).

[79]: See generally Whitt, Old School Goes Online.

Other References:



Anirban Basak

Founder & CEO at FortifID Inc. Fellow at MIT Connection Science at MIT