IIW 2026 › Session 3 of 3

Session 3 of 3  ·  Internet Identity Workshop  ·  April 2026

The Inference Problem: Completing the Architecture

GAAFA compliance architecture, the Carpenter trajectory, and Article 3B procurement reform

Session Overview

Sessions 1 and 2 built a privacy architecture around what data gets collected and how it is held. Session 3 addresses the gap that architecture leaves open: a system that never collects a fact can still reconstruct it through AI inference over transaction patterns. The Supreme Court recognized this dynamic in Carpenter v. United States (2018), holding that aggregate data reveals the privacies of life in ways no single data point does, and declining to extend the Third Party Doctrine to digital-scale collection. GAAFA is the statutory mechanism that closes the gap between what government cannot collect and what government cannot infer. The session closes with Article 3B: the procurement reform that creates a legal pathway for compliant technology to actually enter government deployment, proposed to the ABA Model Procurement Code by Michael G. Leahy.

Key Arguments
1
The inference problem is structural, not incidental. A VIDA-compliant credential reveals nothing beyond what it is designed to reveal. But transaction logs assembled from correct presentations reconstruct the mosaic that the architecture was designed to prevent. The credential architecture was correct. The inference engine worked around it.
2
AI reconstruction of uncollectable data is a fiduciary breach. Government chose not to collect certain data because it had no constitutional right to collect it. Using AI to reconstruct from transaction patterns what the credential architecture was designed not to reveal bypasses the constitutional constraint without violating its letter. The method does not redeem the act.
3
GAAFA compliance is architecturally defined. Four properties: purpose-sequestered databases, cryptographic individual-controlled immutable audit trails, explainability by design, and inference prohibitions enforced architecturally rather than by policy attestation alone. These are design requirements, not compliance attestations.
4
Article 3B creates the procurement pathway. Compliant architecture cannot help practitioners if the procurement process cannot recognize or reward it. Article 3B’s phased multi-vendor competition, outcome-based specifications, and fiduciary-integrated acceptance criteria structurally advantage vendors who have invested in GAAFA-compatible architecture.
Downloads
PPTX
Session 3 Slide Deck  ·  18 slides
Complete presentation deck in Fiduciary Commons visual identity
Download PPTX →
DOCX
Session 3 Refresher
Two-page leave-behind for attendees: GAAFA compliance checklist, Article 3B summary, key terms
Download DOCX →
DOCX
Practitioner Reference Card
Three-page brief: core argument, three failure scenarios, GAAFA compliance properties, Article 3B summary, three specific actions. Designed to hand to a state CIO or procurement officer.
Download DOCX →
DOCX
GAAFA Draft Legislation
The AI accountability layer: deployment assessments, public registries, explainability duties, inference prohibition.
Download full draft (DOCX) →    View on Google Drive →
DOCX
ABA Model Procurement Code Working Paper
Full Article 3B working paper submitted to the ABA State and Local Government Procurement Law Review Committee. April 2026 draft. 80 pages.
Download full draft (DOCX) →