HJS: Human Judgment System (v0.3)
A Privacy-Preserving Accountability Layer for AI Agents
draft-wang-hjs-accountability-03

Internet-Draft                                               Y. Wang
draft-wang-hjs-accountability-03                 
Intended status: Standards Track                      March 2026
Expires: September 2026


Abstract

   This document defines the Human Judgment System (HJS) v0.3, a privacy-
   flexible accountability layer designed for AI decision systems. HJS
   enforces strict traceability and immutability for AI machine behavior,
   while supporting configurable human identity protection. AI decision
   chains are cryptographically verifiable and fully auditable, and human
   actors MAY remain anonymous, unlinkable, and free from permanent
   tracking.

   This protocol solves the critical flaw of conventional blockchain and
   audit frameworks (mandatory full transparency of all actors), aligning
   with global AI regulations (EU AI Act, national AI security rules) and
   privacy laws. HJS does not assign legal liability, does not implement
   surveillance, and does not govern authority allocation. It only
   provides verifiable records of AI behavior, with optional privacy
   protections for human participants to balance transparency and
   individual rights.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on September 30, 2026.

Copyright Notice

   Copyright (c) 2026 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.

Table of Contents

   1.  Introduction
     1.1.  Motivation
     1.2.  Scope
     1.3.  Requirements Language
   2.  Core Principles
   3.  Protocol Foundation: JEP Integration
     3.1.  JEP Core Verbs
   4.  HJS Event Specification
     4.1.  Immutable Fields (Machine Behavior)
     4.2.  Configurable Human Actor Fields
     4.3.  Full HJS Event Example
   5.  Privacy Extension Framework
     5.1.  Digest-Only Anonymity Extension
     5.2.  Time-To-Live (TTL) Extension
     5.3.  Identity Rotation Support
   6.  Verification Rules
   7.  Security and Privacy Considerations
   8.  IANA Considerations
     8.1.  HJS Extensions Registry
     8.2.  HJS Risk Level Registry
   9.  Normative References
   Acknowledgements
   Author's Address

1.  Introduction

1.1.  Motivation

   Existing AI accountability mechanisms often force mandatory full
   transparency of both machine actions and human operators.
   Blockchain-based provenance frameworks, conventional audit logs, and
   similar tools permanently bind human identities to decisions,
   creating risks of retaliation, harassment, undue liability, and mass
   surveillance.  Such rigid designs are incompatible with privacy
   norms, unappealing to enterprises, and unwelcome by regulators
   seeking stable, ethical AI governance.

   Many scenarios require AI behavior to be fully traceable for safety
   and compliance, while human operators need protection from undue
   exposure and permanent tracking.  A one-size-fits-all mandatory
   transparency model fails to balance regulatory accountability and
   personal privacy.

   HJS v0.3 resolves this conflict with two balanced core guarantees:

   1.  Machine Transparency: AI decision flows, execution chains, and
       event sequences are cryptographically immutable and fully
       traceable.

   2.  Optional Human Privacy: Human actor identities MAY be
       anonymized, rotated, and shielded from permanent traceability,
       based on deployment needs and regulatory requirements.

   This flexible balance enables regulatory compliance without
   sacrificing individual rights or operational utility, making safe AI
   deployment sustainable at scale.

1.2.  Scope

   HJS v0.3 defines:

   o  Cryptographic event structure for AI decision tracing and audit
   o  Immutable chain construction for machine behavior recording
   o  Optional privacy controls for human actor identification
   o  Verifiable receipt format (HJS Receipt) for cross-platform
      validation
   o  Full integration with Judgment Event Protocol (JEP) primitives
   o  Compliance-aligned verification, retention, and disposal rules

   HJS v0.3 explicitly does NOT define:

   o  Legal liability, guilt, or responsibility assignment
   o  Governance hierarchy or authority allocation
   o  Compulsory enforcement or punishment rules
   o  Jurisdictional policy or political constraints
   o  Mandatory surveillance or permanent tracking of natural persons

1.3.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
   this document are to be interpreted as described in RFC 2119 and
   RFC 8174.

2.  Core Principles

   HJS v0.3 is governed by four non-negotiable principles:

   1. Machine Immutability: AI decision events and chain integrity are
      cryptographically tamper-proof and fully traceable.  No
      modification or deletion of machine behavior records is allowed
      after signing and anchoring.

   2. Optional Human Anonymity: Human actors SHALL be represented by
      non-identifying, rotatable credentials.  Permanent traceability
      to a natural person is NOT mandatory; implementations MAY support
      full anonymity or pseudonymity.

   3. Technical Neutrality: The protocol records only objective
      events, without judgment of legitimacy, intent, or fault.  It
      serves as a neutral audit layer rather than a governance tool.

   4. Compliance Alignment: Designs satisfy global AI transparency
      mandates and privacy regulations including data minimization,
      right to be forgotten, and user consent requirements.

3.  Protocol Foundation: JEP Integration

   HJS v0.3 is built atop the Judgment Event Protocol (JEP) draft-
   wang-jep-judgment-event-protocol-03.  It reuses JEP core verbs,
   event structure, and security guarantees, adding privacy and
   accountability extensions tailored for AI governance.  JEP provides
   the minimal, secure event transport layer, while HJS adds the
   accountability and privacy logic for human-AI decision systems.

3.1.  JEP Core Verbs

   Four actionable verbs define all HJS events, inherited directly
   from JEP:

   o  J (Judge): Initiate a decision or establish a root audit event
   o  D (Delegate): Transfer or forward a decision authority to
      another actor
   o  V (Verify): Validate event authenticity and chain integrity
   o  T (Terminate): Close a decision lifecycle and mark audit
      boundaries

   All verbs follow JEP syntax and validation rules, ensuring
   interoperability across systems and platforms.

4.  HJS Event Specification

4.1.  Immutable Fields (Machine Behavior)

   Fields describing machine actions, event logic, and cryptographic
   proofs MUST NOT be altered after signing.  Any tampering with these
   fields invalidates the entire receipt and breaks the audit chain.

   o  jep: Protocol version (fixed to 1 for compliance)
   o  verb: J/D/V/T action identifier
   o  when: Unix timestamp (seconds since epoch)
   o  what: Cryptographic multihash of decision content
   o  nonce: Unique UUIDv4 identifier for replay protection
   o  based_on: Parent event hash for chain linkage
   o  sig: Digital signature over canonicalized event data

4.2.  Configurable Human Actor Fields

   The "who" field identifies an actor but is fully configurable for
   privacy.  It MUST NOT contain plaintext personally identifiable
   information (PII) in privacy-preserving modes.

   Permitted actor identifiers (implementations MAY support any or
   all):

   o  Ephemeral Decentralized Identifier (DID)
   o  Public key hash (no exposed private key)
   o  Temporary opaque identifier
   o  Salted identity digest (for limited auditability)

   This field is cryptographically signed but not permanently bound
   to a natural person.  Actors MAY rotate identifiers periodically
   to prevent long-term tracking.

4.3.  Full HJS Event Example

   A complete, valid HJS v0.3 event with privacy extensions (JSON):

   {
     "jep": "1",
     "verb": "J",
     "who": "did:hjs:tmp:abe72f9c4d8a1f3e",
     "when": 1743398400,
     "what": "sha256:f29bc64a96b7964da0551f3efa61e2ce964b874...",
     "nonce": "84d8c175-7b03-4b8d-9d27-1234abcd5678",
     "based_on": null,
     "sig": "Ed25519:23XdX9R7DF9jsH48sJ21kLbPzQ7xG6pS9aF4d...",
     "https://jep.org/priv/digest-only": {
       "identity_digest": "sha256:8b39f3c7d5e9a1f2g3h4j5k6l7m8n9p0",
       "salt_provider": "did:example:hjs-trusted-anchor"
     }
   }

5.  Privacy Extension Framework

   HJS v0.3 supports a suite of optional JEP-compatible privacy
   extensions.  These extensions are designed to be modular and non-
   intrusive, allowing deployers to balance transparency and privacy
   as needed.  None of these extensions alter the core auditability
   of machine behavior.

5.1.  Digest-Only Anonymity Extension

   Identifier: https://jep.org/priv/digest-only

   This extension allows actors to use a salted hash instead of a
   stable identifier, preventing casual identification while
   preserving audit validity.  The original identity MAY be recovered
   only via a trusted salt holder during formal investigations.

5.2.  Time-To-Live (TTL) Extension

   Identifier: https://jep.org/ttl

   This extension sets an expiry timestamp for human-readable
   metadata, enabling automatic anonymization or deletion after a
   defined period.  Core machine behavior hashes remain intact for
   long-term audit.

5.3.  Identity Rotation Support

   Implementations MAY support identifier rotation without breaking
   the audit chain.  Rotation does not erase past events but
   prevents linking multiple events to a single long-term identity.
   This feature is critical for protecting operators from harassment
   and undue liability.

6.  Verification Rules

   HJS verification enforces machine integrity without exposing human
   identity:

   1. Digital signature MUST be valid and match the actor credential
   2. Nonce MUST be unique and unused to prevent replay attacks
   3. Chain references (based_on) MUST be valid if present
   4. Root J events MUST have a null based_on field
   5. Immutable machine fields MUST remain unmodified
   6. Timestamp MUST fall within an acceptable clock skew window

   Verification confirms only that the event is authentic and
   untampered.  It does not reveal the real-world identity of the
   human actor, nor does it assign blame or liability.

7.  Security and Privacy Considerations

   HJS prioritizes AI auditability and human privacy equally,
   avoiding the extremes of full surveillance and unaccountable
   opacity.

   Key Security Rules:

   o  No plaintext PII storage in any event or receipt
   o  Immutable machine records cannot be overridden or deleted
   o  Signing keys SHOULD be rotated regularly to reduce compromise
      risk
   o  Nonces MUST be generated via a cryptographically secure random
      source
   o  Implementations MUST reject duplicate nonces to prevent replay

   Key Privacy Rules:

   o  Human actors MAY remain unlinkable across sessions by default
   o  Permanent tracking of individual users is NOT required
   o  Data minimization MUST be followed for all actor metadata
   o  Expired or unnecessary personal data SHOULD be anonymized or
      deleted

   This design avoids surveillance risks and regulatory rejection,
   making it suitable for public, private, and sensitive deployments.

8.  IANA Considerations

   This document requests IANA to maintain two registries under the
   HJS namespace, aligned with JEP registries for consistency.
   Registration policies follow Specification Required (RFC 8126).

8.1.  HJS Extensions Registry

   Initial registered entries:

   o  https://jep.org/priv/digest-only
   o  https://jep.org/multisig
   o  https://jep.org/ttl
   o  https://jep.org/storage
   o  https://jep.org/subject

8.2.  HJS Risk Level Registry

   Initial registered entries:

   o  low
   o  medium
   o  high
   o  critical

9.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, May 2017.

   [draft-wang-jep-judgment-event-protocol-03]
              Wang, Y., "Judgment Event Protocol (JEP v0.3)", Work in
              Progress, March 2026.

Acknowledgements

   The author acknowledges contributors to the HJS and JEP
   specifications, and reviewers in the fields of AI security,
   privacy engineering, and global regulatory compliance.

Author's Address

   Yuqiang Wang
   Email: signal@humanjudgment.org
   URI:   https://humanjudgment.org
   GitHub: https://github.com/hjs-spec