This thread relates to an idea I’ve had that can be summarized as “Polite DRM”.
I started by thinking about using IPFS as a HIPAA compliant data store, where encryption keys within a personal medical data IPNS manifest would always be controlled by the patient themselves, and only temporarily and selectively loaned to care providers as needed. These loans would obviously require repository segment distribution reporting back to key control nodes, with full revocation and secure deletion on demand based on HIPAA compliance contracts.
After thinking this through further, I realized this would also be a solution for Netflix style rentals and DMCA compliant media distribution, without the inherent insecurity of trying to keep any purchased hardware outside of its owner’s control (the core defect in the appropriate Defective By Design label).
The core element needed in both use cases is some method of distributing encryption keys independently of the data they decrypt, and a manner to request full key and decrypted-version deletion by [smart] contractual demand. This sort of deletion request mechanism is the polite part, and the DMCA enforcing contract over key distribution is the DRM part, or in HIPAA and similar use cases the privacy-preserving part. The EU Right To Be Forgotten and “whoops” version tree pruning use cases could also be addressed in this system.
I have more ideas about key-revocation enforcement via Filecoin incentives and a sort of “auto-snitch” distributed reporting system, but those can be addressed elsewhere in a similar manner to how Bitswap is a pluggable feature of IPFS.