I propose discussing and then implementing a number of measures that combined would help endow node operators with some form of plausible deniability.
What I mean here by plausible deniability is that node operators, to the furthest extent possible, will not be held responsible for the canisters that they host. This would hopefully simplify legal liability and compliance burdens of node operators, moving responsibility for removing or modifying offensive canisters to the canister author, the NNS, or enforcement outside of the protocol.
In the recent Super Mario 64 incident, apparently a DMCA takedown notice was served by Nintendo to a node operator. This is unfortunate, as the node operator was placed in an undesirable legal position, and the node operator could only practically comply by removing their node from the network. Also note that this would not have addressed Nintendo’s actual concern, which was the preservation of their IP. Removal of the canister would require consensus amongst a majority of the node operators in the subnet either through an NNS vote or through direct node operator manipulation of the state of their nodes.
I propose that plausible deniability might be practically achieved in the short-term through the following mechanisms:
More difficult mechanisms may be as follows:
- Multi-party computation
- Homomorphic encryption
- Decentralized boundary nodes
- Shielded IP addresses (NAT, the IC could be a giant intranet shielded by boundary nodes, IP address of canister never leaked)
There may be more mechanisms, which should be discussed in this thread.
Basically the node operators should know as little as possible about the canisters they run and vice versa. We should also know as little as possible about subnet membership.
Not only should the implementation of plausible deniability help with legal concerns, but the security of canisters on the network should be greatly increased as well. We want to avoid node operator collusion and targeted attacks on node operators hosting specific canisters.