Fiduciary Commons
The Fiduciary Commons is a constitutional framework, and a set of specific proposed statutes, for changing that. It argues that the Constitution already requires government to handle your data the way a lawyer handles client confidences: with loyalty, with care, and without using it against you. The law just does not enforce that requirement yet.
A fiduciary is someone entrusted to act on your behalf, legally required to put your interests ahead of their own. Your lawyer is a fiduciary. So is your doctor. So is a financial advisor who manages your retirement savings. The law treats these relationships differently from ordinary transactions because there is a fundamental power imbalance: you are vulnerable, you cannot fully monitor what they are doing, and you have no practical choice but to trust them.
Fiduciary duties are specific and enforceable. The duty of loyalty means the fiduciary cannot use your information against you or for purposes you did not authorize. The duty of care means they must handle your affairs competently. The duty of confidentiality means they cannot share what they know about you without your consent. These are not aspirations. They are legal obligations you can enforce in court. The Fiduciary Commons argues that government's relationship to citizens with respect to personal data is already a fiduciary one, and that the law should treat it as such.
Think about what happens when you interact with government over the course of a few years. You get a driver's license. You apply for a permit. You file your taxes. You enroll a child in a public school. You use a Medicaid benefit. Each of these transactions requires you to share personal information, and you have no meaningful choice about it.
Every one of those transactions feeds a database. In a modern integrated government information system, those databases talk to each other. The result is a comprehensive profile of your identity, your finances, your family structure, your health history, your property, and your movements, assembled without any court order, governed by administrative policy rather than law, and accessible to officials and contractors you will never meet. The founders knew this architecture. They called it a general warrant. They fought a revolution in part to prohibit it. The Fourth Amendment was ratified specifically to make it unconstitutional. And yet here it is, rebuilt in digital form.
The problem is not that individual officials are malicious. The problem is structural: the architecture itself creates surveillance power that no court has authorized and no law has constrained. The Fiduciary Commons argues that the remedy must be architectural as well, built into how government digital systems are designed, not promised in how officials choose to use them.
These short presentations introduce the argument in plain language. No law degree required.
How modern government databases quietly recreate the founding-era surveillance architecture the Fourth Amendment was ratified to prohibit, and what to do about it.
Why digital identity is the load-bearing element of everything, and how citizen-controlled identity architecture changes the entire data relationship between you and government.
The fiduciary framework is not merely a theory. It is embodied in three specific draft statutes, each designed to be introduced in a state legislature. Together they constitute a complete legal architecture.
Requires that government digital identity systems be built on decentralized, citizen-controlled architecture. Prohibits centralized identity repositories. Mandates that you retain control of your own credentials.
In plain terms: when you prove who you are to a government system, the system should confirm the fact it needs, not collect and store everything about you.
Read VIDA → PDTAEstablishes citizens as the primary trustees of their own personal data. Imposes binding fiduciary duties of loyalty, care, and confidentiality on all government actors who handle that data.
In plain terms: government handles your data the way a lawyer handles client confidences. It cannot use it for unauthorized purposes, and you can sue if it does.
Read PDTA → GAAFAExtends fiduciary obligations to AI systems making decisions about citizens. Requires assessments before deployment. Establishes your right to know when an algorithm affected a decision about you, and why.
In plain terms: if a government algorithm decides you qualify for a benefit, flags you for audit, or affects your record, you have the right to know it happened and to challenge it.
Read GAAFA →The Fiduciary Commons was presented at the Internet Identity Workshop in April 2026 in three sessions covering the constitutional foundation, the case for complete uniform enactment, and the AI inference problem. All session materials, slides, and supporting documents are on the materials page.
Michael G. Leahy is an attorney and former Secretary of Information Technology for the State of Maryland, where he served as the state's Chief Information Officer and a member of the Governor's Cabinet from 2017 to 2023. He oversaw a team of more than 300 staff, a technology budget exceeding $160 million, and the state's IT infrastructure, data privacy policy, and cybersecurity posture across all executive branch agencies. He served as President of NASCIO, the National Association of State Chief Information Officers, in 2021 and 2022.
The Fiduciary Commons framework is a direct product of that experience: the product of watching, from the inside, how government technology procurement systematically purchases surveillance architecture without recognizing it as such, and concluding that the remedy has to be constitutional and architectural, not merely administrative.