I do advocacy work to make sure digital identity legislation is human-centric and rights-first. My deepest work has been in Wyoming and Switzerland. You can support this advocacy by supporting @blockchaincommons.com. github.com/sponsors/Blo...
Utah joins Wyoming in building a model for identity legislation that treats people as principals, not products. If you're in another state, point your legislators at SB 275 and Wyoming's SF39. /7
That's what we need to watch for now. Beware platforms bearing gifts. The Googles and Facebooks will push for carve-outs that make the Duty of Loyalty optional. Regulatory capture is the real fight going forward. /6
And these aren't guidelines — they're statutory obligations. They can't be waived by clickwrap. As long as carve-outs aren't created in future sessions, the Duty of Loyalty is protected. /5
But the Duty of Loyalty is what really caught my eye. Wallet providers, verifiers, and relying parties must work in the "best interests of an individual." Compare that to today, where you create an identity on Facebook or Google and they extract from it mercilessly. SB 275 says no. /4
Other rights require architectural transparency, preserve management control for the user, disallow state surveillance, and require selective disclosure. You choose what to disclose. You can verify your age without handing over your birth date. /3
SB 275 has a digital bill of rights for identity. The first entry recognizes that identity is innate to the individual, not bestowed by the state. That's pretty close to the existence principle from my self-sovereign identity principles a decade ago. Great to see it in statute. /2
Utah just passed SB 275 unanimously — Senate 25-0, House 70-0. Their State-Endorsed Digital Identity (SEDI) program is now law. This is a big win for self-sovereign identity. I wrote about it at @blockchaincommons.com. 🧵… /1 www.blockchaincommons.com/musings/Musi...
(1)conflict with the best interests of an individual;
(2)take advantage of or otherwise exploit an individual;
(3)result in a disproportionate risk to an individual;
(4)are to an individual's detriment; or
(5)cause harm to an individual."
"**Duty of loyalty** The department, a digital wallet provider, a verifier, a relying party, and a digital guardian shall refrain from practices or activities related to the processing of an individual's identity attributes that: …
But it is the addition of "Duty of Loyalty", which like Wyoming's "Principal Authority" evokes agency law, which as I understand it (but IANAL) makes it hard to use contract law to abrogate these duties…
👍 The new Utah #SEDI draft SB0275 has the essence of my first #SSI principle that I wrote 10 years ago:
"(1) An individual possesses an individual identity innate to the individual's existence and independent of the state, which identity is fundamental and inalienable."
le.utah.gov/~2026/bills/...
Next year it’ll be 10 years since @christophera.bsky.social wrote The Path to Self-Sovereign Identity along with a definition and 10 principles of SSI.
A group is now being convened to refine these principles. Hope to see some atproto folks get involved here, including @bnewbold.net & co.
Support our work to create infrastructure that can't be taken from us. Become a GitHub Sponsor of Blockchain Commons. Help us build autonomous infrastructure for coordination, collaboration, and identity beyond Bitcoin. [19/19] github.com/sponsors/Blo...
These aren't Bitcoin-specific features. They're the architecture of autonomy itself. QR codes, Bluetooth, threshold signatures, Gordian Envelope, XIDs. Technologies that enable Exodus Protocols for coordination, identity, and collaboration beyond value transfer. [18/19]
A journalist stores sources in a Gordian Club. One permit for their key, SSKR shares to their editors. Even if seized, encrypted information is protected. A protest group coordinates when messaging app becomes surveillance. Immigrants have credentials with no phone-home. [17/19]
Gordian Clubs use a permit system where different people access the same content different ways: private keys, XIDs, or secret shares. Multiple permits mean resilience. Transport neutral: internet, thumb drive, QR code in a newspaper, even @Blockstream Satellite. [16/19]
Gordian Clubs shows these principles: an “Exodus Protocol” built on Autonomous Cryptographic Objects—self-contained, cryptographically secure, resilient when infrastructure fails. Unencrypted data isn’t safe; centralized servers aren’t reliable. [15/19] www.blockchaincommons.com/musings/musi...
Principle 5: work offline and across time. Bitcoin transactions can be signed offline and broadcast later. The protocol doesn't care about internet connectivity for core operations. True autonomy works with whatever channels remain available when coercion denies others. [14/19]
Principle 4: preserve exit through portability. Bitcoin keys work in any wallet. Open protocol means freedom to switch implementations. Without the ability to walk away, consent collapses into coercion. Lock-in is the opposite of sovereignty. [13/19]
Principle 3: make constraints load-bearing. Bitcoin can’t reverse transactions, so your funds can’t be seized by fiat. Rule changes require consensus, so your holdings can’t be inflated away. What can’t be changed can’t be weaponized. [12/19]
Principle 2: encode rules in mathematics, not policy. Math doesn’t discriminate, take sides, or change under pressure. Cryptographic proof replaces administrative decision-making: verification is deterministic. Code can be coerced, but mathematics cannot. [11/19]
Principle 1: operate without external dependencies. If it requires permission to operate, it's not autonomous. If it stops working when a company fails or a government objects, it's infrastructure built on sand. We need self-contained cryptographic objects. [10/19]
In my new Musings article, I lay out five principles required to build Exodus Protocols. They define what makes infrastructure truly autonomous and resilient against centralized control or sudden disappearance. [9/19] www.blockchaincommons.com/musings/musi...
Unfortunately Bitcoin only creates an Exodus Protocol for value transfer. We need the same architectural patterns for coordination, collaboration, and identity. We need to protect activists, empower journalists, enable disaster response, preserve long-term archives. [8/19]
Bitcoin is an Exodus Protocol: a system that frees us from external control by creating infrastructure without infrastructure. Miners can come and go. Transactions can be signed air-gapped and transferred using QR codes. It's generally hard to censor, unthinkable to kill. [7/19]
Bitcoin demonstrated something profound: fundamental capabilities can exist as mathematical rights rather than centralized privileges. When your ability to transact depends on a bank's approval, it's not a right but permission. Bitcoin restored transaction as a right. [6/19]
So how do we create digital infrastructure that can't be taken from us? Bitcoin answered that question. For fifteen years it has demonstrated autonomous infrastructure that works. No servers to shut down, no administrators to pressure, no companies whose failure matters. [5/19]
By now everyone has a story of infrastructural loss. Google Plus circles. Internet radio. MP3s. This pattern has a name: #enshittification. A service becomes essential, companies collect rent, reduce features, increase surveillance, then kill it when profits fade. [4/19]
Advocacy and activist groups blockaded by Visa, Mastercard, or PayPal without charge or trial. Platforms locking out regions citing “legal risk.” Canadian truckers with frozen accounts, professionals losing workspaces overnight. Access became permission. [3/19]
