We’ve all seen the screen. A list of permissions, formatted to look like disclosure.
You accept, because the alternative is not to proceed. The system records that consent has been given.
You did not read it. And even if you had, nothing you agreed to was meaningfully bounded.
Digital systems treat consent as a moment. A box is ticked. A document is signed. A wallet produces a cryptographic proof. The system records consent and proceeds.
But consent, in any meaningful sense, has never been a moment.
In law and institutional practice, consent is structured. It defines what is permitted, for how long, under what conditions, and with what ability to withdraw. It is bounded, contextual, and contingent. A signature records consent. It does not constitute it.
Digital systems invert this. They reduce consent to a single act and discard the structure that gives it meaning. Scope is implied. Duration is indefinite. Revocation, if it exists at all, sits outside the action itself.
What remains is not consent, but its performance. A ritual that signals agreement without encoding its substance.
At small scale, this produces friction and indifference. At system scale, it produces something else entirely: actions that appear authorised, grounded in consent that was never meaningfully defined.
You see the consequence in small ways.
You grant an application access to your data for a specific task. Months later, that access persists. The purpose has shifted. The data is used in new contexts. The system still treats the original act as valid.
Nothing new was agreed. Nothing was re-authorised.
The consent did not expand. The system simply continued. Nothing has expired because nothing was given a duration.
This is not an edge case. It is the default condition of most delegated access on the internet today. Consent was given once, as a moment, and the moment has been carrying forward ever since – detached from the circumstances that made it meaningful, incapable of reflecting their absence.
When autonomous agents enter this architecture, the problem compounds. An agent acting under a broad mandate will treat existing consent artefacts as current permissions. It has no mechanism for distinguishing between consent that remains contextually valid and consent that has simply not yet been revoked. The two look identical from inside the system.
This is consent drift. Not a breach. Not a malfunction. Just the slow divergence between what was once agreed and what is now being authorised – invisible to the system because the system was never designed to see it.
What structured consent requires is not more careful drafting or longer terms. It requires that the conditions of consent – scope, duration, the circumstances under which it may be varied or withdrawn – are encoded within the action itself, not appended to it as documentation.
This is what SILT is built to make possible. Not consent as a recorded moment, but consent as a live structure: bounded, inspectable, and capable of expiring when the conditions that grounded it no longer hold.
Until that layer exists, digital systems will continue to act on consent that has drifted beyond recognition – and call it authorisation.
Without structure, consent cannot bind. It can only be replayed.
This is the problem SILT Core is designed to address: making the conditions of action explicit, before execution.
This essay forms part of an ongoing research series exploring identity, authority, and governance in digital systems.
Explore the work:
SILT Core specification and documentation
https://siltcore.org
Technology, governance, and identity projects
https://www.garethfarry.com/technology
View The Release:
https://github.com/Sugarlicks/silt-identity-core/releases