A Human-Centered Paradigm for the Web

Richard Whitt
17 min readAug 17, 2020


HAACS in Action: Digital Fiduciaries, plus Personal AIs

Article Three (of Six)

“Trust can only be strengthened when people and systems actually have a reason to trust each other more.” -Lee McKnight, Syracuse University

Quick recap

In the first and second articles in this series, we looked at the desirability of replacing the Web’s exploitative “SEAMs” paradigm, which treats mere “users” to constant feedback cycles of surveillance, extraction, analysis, and manipulation. In its place was proposed a new “HAACS” ethos — fostering human autonomy and agency, via computational systems. We also noted how analog world concepts of trust and support, derived from the judge-made common law of fiduciaries, offer one way to elevate our rights in the digital world (or, D>=A). In this article, we will explore how those agential aspirations can become reality.

Carla’s digital days continue

Early March 2020. Several days after visiting her doctor, Carla isn’t feeling any better — in fact, somewhat worse — so she decides to return for further tests. In the meantime, she tries to learn more about this new outbreak of something called COVID-19. Is this what she might have? She discusses it with the doctor’s assistant, confides in two close friends, reads the headlines on the cable news. Ultimately, Carla goes online to try to get more information.

As Carla browses on websites about this strange new virus, and its symptoms, treatment, and testing, she begins to feel a bit overwhelmed, and frustrated. From both her computer and her smartphone, Carla sends some emails, undertakes a few searches, browses some sites, clicks on several apps. Various legal-sounding notices keep popping up, asking her to accept a privacy policy, a data protection notification, some lengthy terms of service. In each case, she pauses but then reluctantly clicks through to get to the desired content.

Advertisements begin appearing on Carla’s screen, for dubious-sounding wellness tonics, and supplemental medical insurance — from companies she’s never heard of. Her social media feed starts filling with people offering heated political commentary, and warning passionately against future vaccinations. Videos emerge of world leaders, urging their citizens to ignore this “flu bug” and return to work — or, alternately, to stock up on toilet paper to prepare for the end times.

Back to SEAMs cycles (surveillance > extraction >analysis >manipulation)

As we saw in the previous article, in the world outside the Web, Carla has invested considerable time and effort to develop trustworthy and supportive human relationships. In her mind, she has conferred well-earned trust to certain people and entities: close circles of friends, several local community groups, reputable businesses, worthy non-profits.

But in the digital world, Carla’s experiences seem to raise many more questions than answers. What’s with those ads for stuff she doesn’t want or need? And then there is all that social media chatter. What debates about something like COVID-19 are legitimate conversations, and what are hyped-up nonsense to serve someone’s bottom line? When is something online a person, and when is it a bot? What is a legitimate news story, versus clickbait? What is a real video, versus a deepfake? Carla is also vaguely aware that online her personal information is being collected and circulated among a shadowy throng of companies — and that in return she is receiving, not just the services she seeks, but lots of other stuff that suits those companies’ pecuniary motivations.

No one would blame Carla for sometimes wanting to turn off her computer and walk away. And yet, much as the situation exasperates her, realistically she cannot exist in the modern world without continuing to be an active presence on the Web. And her more optimistic side continues to believe that the Web can be a positive force in the world, for herself and so many others. But what legitimate recourse does she have?

Enter niece Ada’s analytics

While Carla is describing her situation over the phone with older brother Charles, his daughter Ada pipes up from the kitchen table next to him. “Hey Aunt Carla!”

Ada is a second-year student at Valley Community College, majoring in business administration. She’s currently taking a course on various ways that companies organize themselves to serve their customers. She just completed a set of readings about professional entities called fiduciaries, like doctors and lawyers, and so she mentions this to her father and aunt.

Carla is intrigued. While frankly she would welcome anything and anyone that will lessen the persistent slights she experiences whenever she goes online, she wants something more than that. As she conceives it, she wants a personal agent, working on her behalf to help sort through the Web’s confusion, and engage on her own terms. Basing their activities on providing trustworthy practices, and tangible support.

“Hmm,” said Carla. “Maybe what I really need is something like an online loyalty agent. Providing me with a digital life support system.”

“Hey, yeah,” exclaims Ada. “A Web fiduciary.” Silent for a moment, she then speaks up. “I have an assignment due next week, where I’m supposed to analyze ways that the Web is changing people’s interactions with each other online. I think this would be a neat research paper: making the case for having your very own digital fiduciary. Aunt Carla, after you’re done talking with Dad, can we do some brainstorming?”

Later, Ada bikes over to Carla’s apartment. Carla is still feeling under the weather, but she agrees to help Ada sketch out a blueprint for her class assignment. In mid-afternoon, Ada’s boyfriend DeShawn, a computer science major at state college, drops by. He listens intently as Ada and Carla continue talking.

Sketching out the “PEP” model

Ada’s project analysis begins taking shape, focused on creating a new online entity she is calling a digital fiduciary. The two women work in tandem. Carla describes the many ways that she wants this kind of entity to vigorously protect her online, and actively promote her interests. Ada then matches them up with various traditional common law-type obligations that fiduciaries typically operate under — in particular, the duties of care and loyalty. DeShawn chimes in every now and then with a technical observation about how the Web works.

After some rough sketches, Ada produces what she calls her “PEP model.” DeShawn quickly corrects her, nicknaming it “Ada’s algorithm.” Ada chuckles, and reads aloud.

The PEP model is premised on introducing a digital fiduciary (DF), an entity that provides Web services intended to protect, enhance, and promote its client’s interests.

The notion is to develop the DF-client relationship over time, in three separate phases, to gradually build client trust, increase the level of fiduciary duties, and add more supportive services and advanced tech offerings. This phased approach is just a suggestion, however. Importantly, the duties themselves need not rely on the existing laws of a particular jurisdiction. Instead, the digital fiduciary would commit to serving its clients through a formal agreement, buttressed by accountability mechanisms like a professional code of conduct and certification regime.

1. Protecting with Care: a bodyguard

In the Protect Phase, the digital fiduciary provides fundamental client protections, focused on engendering greater privacy, enhanced security, and safeguarded online interactions. Generally speaking, this would mean establishing a virtual zone of trust and accountability around the client, to ward off intrusive actors and actions. The digital fiduciary would operate under a general duty of care (do no harm), derived from the common law of torts, as well as a fiduciary duty of care (act prudently).

The general duty of care amounts to protecting against harm. In the digital environment, this translates into: don’t deliberately leave my personal data unsecured, don’t sell my personal data to third parties you know likely will use it against me. The higher fiduciary duty of care amounts to acting in a prudent manner in protecting me and my personal data. This translates into: don’t be sloppy in securing my data on your server, don’t leave your server farms understaffed by poorly-trained employees.

More specifically, this Phase I services could include:

  • Privacy: fully implement legal requirements, such as data protection laws and regulations, analyze/improve client’s privacy settings on Web browsers and other applications, and commit to not surveilling or tracking the client.
  • Security: update software, patch security holes, manage passwords, provide VPNs, and establish end-to-end encryption.
  • Interactions: shoulder cognitive burdens regarding the client’s dealings with third party websites and applications, such as providing machine-readable guidance on terms of service and end user agreements, managing online consents, flagging the use of bots and other automated influence software, and establishing more user-responsive applications.

2. Enhancing without Conflicts: a mediator

In the Enhance Phase, the digital fiduciary acts as a filtering conduit, through which flows all of the client’s online life. In addition to operating under both duties of care, the digital fiduciary also would be bound by the “thin” version of the fiduciary duty of loyalty (having no conflicts of interests). This translates into: do not have any conflicts between your digital interests and my own, or between different sets of clients. Do filter out harmful or unwanted content from my online feeds. Do present me with advertising and marketing options tailored to my particular wants or needs — or, no ads at all.

More specifically, this role could include developing client “alt-consent” choices, requiring that third party computational systems access the client’s data locally, and sending tailored notifications about circulating disinformation. As one intriguing example, Web users could establish their own terms of service, that a digital fiduciary then can project (or “intent-cast”) to websites and applications, as a basis for their approval or negotiation.

3. Promoting Best Interests: an advocate

In the Promote Phase, the digital fiduciary operates under both duties of care, and the thin duty of loyalty, and now utilizes the “thick” version of the fiduciary duty of loyalty (promote my client’s best interests). This highest standard translates to: do inform me about online risks. Do keep my data in a safe location (i.e., not a vulnerable server farm). Do arm me with tech tools to protect my interests.

On the technology side, the digital fiduciary could employ emerging software applications and platforms to fully protect, enhance, and promote the client’s interests. These could include privacy-enhancing personal data pods (the SOLID project), decentralized application platforms (such as digi.me), localized cloudlets, sovereign identity layers, portable connectivity, and modular devices. Some of these technologies are available now, with many more on the way.

Mixing and matching a Digital Fiduciary’s incentives

As Ada finishes reading aloud her draft, Carla smiles appreciatively. “Really nice work, Ada. Congrats.”

Ada smiles back, as she stares at her laptop screen. “Thanks, Aunt Carla. Sounds like a great deal for users. But I have a question. How exactly do we get anyone to volunteer to be a digital fiduciary? What would be in it for them?”

Carla considers her niece’s query. “Well, I think the notion of being someone’s digital agent, with or without the fiduciary duties, is still a new one. If I were thinking about setting up that kind of business, however, I suppose the best place to start is with preexisting trustworthy and supportive relationship, and then build the opportunities from there. Or, maybe it’s a non-profit, or even the government. Like with everything else involving humans, it boils down to the incentives on both sides. Once you’ve established that basic trust and support, though, the rest should just follow.”

As Ada listens intently, she makes some notes and adds them to her draft. “Looks like we need to explain more about why an entity would agree to become some type of digital fiduciary who are some likely candidates, and what ways they would make money.”

Incentives to Become a Digital Fiduciary

As the PEP model (protect, enhance, promote) shows, digital fiduciaries and clients together can explore any number of desired services and duties. Importantly, as the digital fiduciary-client relationship progresses, a likely outcome in complex systems terms is a “macro” feedback loop. This would harness similar dynamics as the SEAMs cycles (surveillance, extraction, analysis, manipulation), but in fully accountable and user-empowering ways. As greater levels of trust and support are established over time, the client consensually can share more personal information, which in turn spurs the addition of still more empowering service offerings.

The digital fiduciary concept conceivably could be embraced by a wide range of entities willing to take on the new trust and support-based value propositions with clients. Nonetheless, initial research suggests a current paucity of such entities. The supposition here is that the novelty of the concept should give way soon enough to a variety of entities exploring their options. Below are some suggested considerations as to why an entity willingly would take on the fiduciary mantle. In brief, the entity presumably would perceive tangible enough benefits — whether profit-based, or mission-based — from providing such digital services. The precise mix of incentives would vary from one sector, and entity, to another.

1. Profit-primary companies

At the outset, one question pertains to the traditional American for-profit corporation, operating under what some have perceived as the “shareholder” form of modern capitalism. Put simply, whether/how can the new role of digital fiduciary successfully fit within this corporate model? After all, the duty of loyalty in particular goes above and beyond the traditional corporate injunction to maximize short-term profits. It remains unclear as well whether even newer “stakeholder” versions of corporations, taken seriously, could entail fiduciary-type duties.

Nonetheless, the thesis to be tested is that there appear to be adequate pecuniary motivations to induce profit-seeking participation, pursuant to current forms of capitalism. Under the right circumstances, many corporations could voluntarily participate in this new fiduciaries-based ecosystem. There are a number of specific reasons for this supposition.

First, potential market entrants could include larger companies seeking additional services to both retain existing customers and attract additional ones. These companies could range from retailers of goods and services, to news organizations, broadband providers, entertainment companies, and financial firms. Many such entities continue to struggle to find relevance and revenue in a market dominated by the platforms and their SEAMs-based ecosystems. Digital offerings, provided under a new “race-to-the-top” business ethos, could complement current service offerings, and tap into the network effects of having an existing customer base.

Second, a variety of compensation mechanisms are open for exploration by for-profit entities, well beyond the extractive designs of the platform companies and their partners. By gaining purely consensual access to a client’s most personal data and information, the digital fiduciary could create innovative new products and services that otherwise might not be possible, even for the platform companies.

This approach could support higher quality advertising, marketing, and branding arrangements, built for example on the client “intent-casting” her aspirations into the Web, rather than the other way around. Even the current advertising and marketing approach has shown increasingly obvious viability issues. Higher quality commercial brands may welcome the opportunity to explore alternative, mutually-beneficial arrangements with their customers. Countless other funding models, from monthly subscriptions to per-transaction fees to blockchain utility tokens, are possible as well.

Third, enhancing trust with clients can foster its own attractive incentives. The corporate world is beginning to take notice of the financial value to companies of generating “trust-as-a-service” in the deployment of digital services. In Accenture’s recent 2020 Vision report, the intended audience of global corporate leaders reads:

“In the future, people don’t just want more technology in our products and services; we want technology that is more human… Trust and accountability are the new litmus tests for businesses in a world where digital is everywhere.”

Fourth, companies who care especially about bolstering their branding may find the fiduciary mantle an attractive one. Some financial advisors today emphasize in their marketing how they voluntarily operate under fiduciary obligations. Adopting fiduciary duties could be one way for an entity to stand out in a crowded marketplace.

Fifth, entrepreneurial opportunities abound in such a nascent sector. Smaller entities, including start-ups, may perceive niche opportunities. This could include pursuing disruptive market options, such as the blockchain-based tokenization of data, and developing the advanced technology tools that larger client-facing companies will want to employ.

Sixth, another set of incentives is a favorite of lawyers: risk mitigation. The Web involves an increasingly complicated and messy set of legal and regulatory compliance obligations. One example is data protection regulations, now in place in many countries, and the State of California, and being considered as federal law in the United States. A fiduciary-based model, which includes limited control over the client’s data, could provide a feasible way to minimize liability and compliance risks. Such a model also could be a useful way to influence future legislative efforts.

Seventh and finally is the reality of bandwagon effects. Once a sufficient number of entities enter the market, others may do so as well, motivated to prevent competitors from seizing early market advantage.

At least one other open question remains: whether platforms themselves should be welcome into the field of digital fiduciaries. Operating as they now do under the SEAMs paradigm, and its control feedback cycles, the answer surely is no. That reality does not preclude, however, their renunciation of that paradigm, taking affirmative steps, in whole or in part, to accept their end users as actual clients, and themselves become bona fide fiduciaries. As with so much else, the context and details will matter.

2. Mission-primary entities

Putting aside purely pecuniary incentives still leaves many social mission-driven entities with their own motivations to become digital fiduciaries. Less conventional corporate structures are possible. In particular, the certified “b-corp” model requires companies to balance purpose and profit. These entities are legally required to consider the impact of their decisions on their workers, customers, suppliers, community, and the environment.

An interesting option worth exploring is to advocate for creating a wholly novel type of corporation: what could be called the “D-corp.” This for-profit company would be in the business of providing data-based digital services to clients. Importantly, these digital corporations would be chartered to operate under express fiduciary duties of care and loyalty. Operating much like a partnership firm of attorneys or doctors, the D-corp potentially could become the basis of a new profession of digital fiduciaries.

Other entities with more community-focused charters can include credit unions and agricultural co-ops. Membership organizations and trade unions too could find the digital fiduciaries model an appealing one to pursue. Non-profit organizations seeking to become digital fiduciaries could be supported in whole or in part by foundations and other charitable entities.

Two legacy institutions particularly bear mentioning. In many countries, public libraries are chartered to provide the general public with knowledge and information, and are managed by professional librarians who already act as quasi-fiduciaries towards their patrons. Public universities also may be looking for opportunities beyond the traditional in-person student education structures.

Government role

Governments can use a variety of mechanisms to incentive new digital ecosystems founded on fiduciary obligations. Public-private partnerships between government agencies and commercial firms could be one compelling fit. Utilizing the power of the public purse, agencies could attach fiduciary-style conditions to their procurement activities. To help avoid creation of a new class of “digital left-behinds,” governments also could create targeted subsidies to benefit economically disadvantaged citizens,

Government bodies also can supply discrete market inputs to spur new forms of competition and innovation. This could include, for example, giving digital fiduciaries the rights to interoperate with platform companies, to port client data away from platforms, and otherwise act under express delegation on behalf of their clients. In the United States, the ACCESS Act of 2019, and the Data Care Act of 2018, are but two solid examples.

In adopting any/all such measures, the government can serve its own unique purposes. This could include facilitating an alternative digital services sector based on fiduciary obligations, as one way to tackle enduring policy concerns about data protection, content moderation, and market competition.

Empowering fiduciary clients with Personal AIs

When Ada finishes typing, she reads out to Carla and DeShawn what she has compiled. She frowns a bit. “I’m pretty convinced about this digital fiduciary model, at least in theory. It’s just not clear to me that traditional companies are all that willing to take that ethical high road. But we’ll see what my professor says.”

DeShawn chimes in. “That’s great stuff, Ada. And I have one more idea you might add. What about pairing up your digital fiduciary with an artificial intelligence bot that actually works on behalf of ordinary people? So, you would have both the trusted human-facing entity, and some cool AI agent. That might also make the whole package more attractive, both for companies and their clients.”

Ada and Carla are a bit puzzled, but also intrigued. DeShawn explains further. . . .

Part of the problem with the existing Web is that the computational power rests in the hands of a very few. And the technology is advancing quickly. AI and machine learning already are at the point where recommendation agents can learn from a user’s decisions, and make increasingly sophisticated matches to what a person might also be interested in. Deep neural networks too are increasing in power and sophistication, to the point where they can learn without requiring human input.

Today, artificial intelligence networks being created, trained, and deployed by corporations and governments can be thought of as “Institutional AIs.” Familiar examples from everyday life include Alexa on the living room device, and Google Assistant on the smartphone. In each instance, these Institutional AIs obey their corporate designers, churning through data to discern insights that can help develop tactics to get people to make one set of decisions over another.

While the digital fiduciary by itself can find many meaningful ways to protect, enhance, and promote the interests of ordinary people, an ideal combination is with an advanced technology tool like a Personal AI. Recent articles in Medium (one, two, and three) explore at some length the rationale for the Personal AI. Some of the more obvious use cases include managing and protecting the client’s data flows, interpreting website and app terms of service, setting content site filters and defaults, and mediating directly with Institutional AIs in the environment. Importantly, in every instance these Personal AIs would represent the human client — not the corporations or governments on the other ends of Institutional AIs.

The Personal AI is not a pipe dream; today, applications are being built, and standards developed. For example, Project PAI is “founded on the belief that every person in the world should have their own digital avatar.” Similarly, Guardian AI is “built around the concept that everyone should have their own personal AI agents working with them through human-AI collaboration.” Other similar projects are well underway. The global standards-making body IEEE is also exploring ways to create and grant access to a Personal Data AI Agent.

Regardless of the approach, fiduciary concepts can be applied to the rules that govern Personal AIs. In the simplest terms, a combination of trustworthy human agent (digital fiduciary), and virtual agent (PAI) can be situated as new intermediaries, operating between the ordinary person (Carla) and the Web.

Conclusion: More trust(s) up next

Ada finishes typing and stands up resolutely. “Thanks guys — that was awesome. I need to clean this up a bit, but I think this is a winning project paper.”

Carla slowly makes her way to the sofa. “Happy to have helped, Ada. But I’m still not feeling one hundred percent. So, if you don’t mind, we can catch up further some other time.”

In the next two articles, we will explore more of Carla’s interactions with the digital world. As a teaser, one can imagine Carla employing a mix of fiduciaries and trusts to manage her complicated digital life. For example, a digital fiduciary could handle her individual online matters. That digital fiduciary in turn could negotiate on Carla’s behalf with a data trust seeking to pool together somatic data for important health care research. The digital fiduciary also could mediate for Carla with a civic data trust that is governing a nearby smart city environment.

In the sixth and final article, we will unveil an action plan proposing to bring us closer to this type of HAACS-based ecosystem. And the Web many of us want, and deserve.


For previous installments in this six-part series, please see Article One and Article Two.

For more information on digital fiduciaries, please see Richard Whitt, OLD SCHOOL GOES ONLINE: EXPLORING FIDUCIARY OBLIGATIONS OF LOYALTY AND CARE IN THE DIGITAL PLATFORMS ERA, 36 SANTA CLARA HIGH TECH. L.J.75 (2020). Available at: https://digitalcommons.law.scu.edu/chtlj/vol36/iss1/3.

The Author gratefully acknowledges:

— Content and graphics contribution by Todd Kelsey

— Art contribution by Martha Sperry

— Article series supported by Omidyar Network



Richard Whitt

Richard is a former Googler with a passion for making the open Web a more trustworthy and accountable place for human beings.