Daily Rambam (3 Chapters) · Techie Talmid · Standard

Mishneh Torah, Creditor and Debtor 13-15

StandardTechie TalmidDecember 24, 2025

Greetings, fellow digital archaeologists of ancient wisdom! Today, we're diving deep into the intricate data structures of the Mishneh Torah, specifically focusing on the fascinating algorithms Maimonides presents for handling an absentee debtor. It's a classic problem: when the data subject (the borrower) is offline, how does the system (the court) process a transaction (debt collection) initiated by a primary key (the lender with a promissory note)? Let's debug this sugya!

Problem Statement: The Absentee Debtor "Bug Report"

Imagine a distributed ledger system for loans. A lender, A, holds a signed transaction record (a promissory note) indicating that borrower, B, owes A a certain amount. Now, A wants to execute the "collect debt" function. The catch? B is currently offline, in a remote node, and unresponsive to standard pings. This creates a system integrity challenge:

  1. Data Inconsistency Risk: How can the system ensure B hasn't already settled the debt, but the transaction record (note) wasn't properly decommissioned (e.g., returned or shredded)? There's a "receipt-leak" vulnerability.
  2. Due Process Violation: Can the system unilaterally execute a debit from B's assets without B's explicit consent or opportunity to challenge the claim? This touches on fundamental fairness protocols.
  3. System Fluidity vs. Security Trade-off: If the system is too strict in B's absence, it could lead to "deadlock" – A can't collect, which discourages future lending transactions, crippling the entire financial network. If too lenient, it compromises B's asset security.

The Mishneh Torah, in Creditor and Debtor 13:1-2 and related sections, attempts to architect a robust protocol to resolve this "absentee debtor" bug, balancing the competing demands of transactional efficiency, claimant verification, and defendant protection. The core bug manifests as: How does a court process a debt claim against an individual who is not present and cannot be easily brought to court, without compromising the integrity of the judicial process or the wider credit system?

Text Snapshot

Our core dataset for this bug report comes from the following lines:

  • MT 13:1: "The following laws apply when a lender comes to expropriate property on the basis of a promissory note in his possession and the borrower is not present: If it is possible to send a messenger to the borrower and notify him so that he can confront the lender in judgment, we send a messenger and notify him. If it is impossible to notify the borrower speedily, we instruct the lender to take an oath, and then to expropriate property belonging to the borrower, either landed property or movable property. We do not consider the possibility that the borrower repaid the debt and the lender gave him a receipt."
  • MT 13:2: "This law is an ordinance of the Sages, enacted so that people at large would not take money belonging to a colleague and go to dwell in another city. For this would hinder the possibilities of loans being granted in the future,The lender must bring proof of three matters to the court before he can expropriate property from the borrower outside his presence: a) he must verify the authenticity of the promissory note in his possession; b) he must prove that the debtor is in another city and is not present to defend himself in court; c) he must prove that the property that he wishes to expropriate belongs to so-and-so, the borrower."
  • MT 14:7: "In the following situations, despite the fact that he possesses a promissory note, a lender may collect payment only after taking an oath that resembles one required by Scriptural Law: ... c) a person who seeks to collect payment outside the borrower's presence;"

Flow Model: The Absentee Collection Protocol (ACP)

Our system's decision-making process for an absentee debtor can be visualized as a flowchart or, more precisely, a decision tree, guiding the court's actions.

[Start ACP]
    ↓
    [Input: Lender (L) presents Promissory Note (PN) against Absentee Debtor (AD)]
    ↓
    [Pre-flight Checks (MT 13:2)]
        1. Verify PN Authenticity? (MT 13:2a)
            → NO: [Reject Claim]
            → YES: Proceed
        2. Verify AD is Absent from Court's Jurisdiction? (MT 13:2b)
            → NO: [Proceed to Regular Litigation]
            → YES: Proceed
        3. Verify Targeted Property Belongs to AD? (MT 13:2c)
            → NO: [Reject Property Expropriation]
            → YES: Proceed
    ↓
    [Notification Attempt (MT 13:1)]
        Can Messenger Notify AD *Speedily*?
        (i.e., establish communication channel within reasonable time/cost)
        ↓
        ├─── YES:
        │       ↓
        │       [Send Messenger to Notify AD]
        │       (L notifies AD of claim and summons to court)
        │       ↓
        │       [AD Response Timeout/Result]
        │           ├─── AD Appears in Court:
        │           │       ↓
        │           │       [Proceed to Regular Litigation]
        │           │       (AD can defend, bring proof of payment, etc.)
        │           │       [End ACP]
        │           │
        │           └─── AD Does NOT Appear (after notification attempts):
        │                   ↓
        │                   [Lender Oath Requirement (MT 13:1, 14:7c)]
        │                   (L takes an oath that debt is unpaid)
        │                   ↓
        │                   [Expropriate Property for L]
        │                   (Debt collected from AD's assets)
        │                   [End ACP]
        │
        └─── NO (Impossible to notify *speedily*):
                ↓
                [Lender Oath Requirement (MT 13:1, 14:7c)]
                (L takes an oath that debt is unpaid)
                ↓
                [Expropriate Property for L]
                (Debt collected from AD's assets)
                [End ACP]

This model highlights the critical juncture where "speedy notification" capability determines the next branch of execution. The system's default behavior, if notification fails or is impossible, shifts to an oath-based collection, explicitly bypassing the "receipt-leak" concern for system stability. This is a fascinating pre-emptive "bug fix" to prevent "ne'ilat delet" (locking the door before borrowers), a core principle for maintaining a functional credit economy.

Two Implementations: Algorithm A vs. Algorithm B

The Mishneh Torah's text, as interpreted by Maimonides, presents a clear, streamlined algorithm for handling absentee debtors. However, the Shorshei HaYam commentary reveals a profound debate among earlier authorities, highlighting alternative system architectures for the same problem. This isn't just a matter of different coding styles; it reflects fundamentally different philosophical choices about system priorities.

Algorithm A: The "Ne'ilat Delet" Protocol (Rambam's System)

Core Principle: System Fluidity Over Absolute Due Process (When Absent)

Rambam's implementation, as presented in MT 13:1-2, prioritizes the smooth functioning and trust within the credit economy. Its foundational "why" is explicitly stated: "This law is an ordinance of the Sages, enacted so that people at large would not take money belonging to a colleague and go to dwell in another city. For this would hinder the possibilities of loans being granted in the future" (MT 13:2). This is the famous concept of ne'ilat delet – preventing the "locking of the door" to borrowers. If lenders fear that a debtor can simply disappear and avoid repayment, the entire lending system would grind to a halt.

Algorithm Steps:

  1. Input Validation (Pre-Flight Checks): Before any collection, the system performs rigorous data validation:
    • Note Authenticity: The promissory note must be verified (MT 13:2a). This is a crucial "checksum" to prevent fraudulent claims.
    • Debtor's Status: The debtor must be genuinely absent and beyond the court's immediate reach (MT 13:2b). This confirms the "absentee" state.
    • Property Ownership: The property targeted for expropriation must demonstrably belong to the debtor (MT 13:2c). This ensures the correct asset is targeted.
  2. Notification Attempt (Conditional Execution): The system attempts to establish a communication channel with the absentee debtor.
    • IF Speedy Notification Is POSSIBLE: The court "sends a messenger and notifies him" (MT 13:1). This is the preferred path, providing the debtor a chance to present a defense or proof of payment. This is a "best-effort" delivery, ensuring that if the debtor can be reached without undue delay, due process is upheld.
    • ELSE IF Speedy Notification Is IMPOSSIBLE: This is the critical pivot. If establishing a timely communication channel is not feasible (e.g., debtor is too remote, communication infrastructure is lacking), the system proceeds directly to the next step.
  3. Lender's Oath (Trust Assertion): In cases where notification is impossible, or if the debtor was notified but failed to appear, the lender is required to take an oath. MT 13:1 states, "we instruct the lender to take an oath," and MT 14:7c clarifies this as "an oath that resembles one required by Scriptural Law." This oath serves as a high-integrity, system-level assertion by the lender that the debt is indeed outstanding.
  4. Collection (State Change): Once the oath is taken, the system executes the "expropriate property" function, allowing the lender to collect.

Key Design Choice: "Receipt-Leak" Ignored for System Stability

Crucially, Rambam's system explicitly de-prioritizes a potential "receipt-leak" vulnerability when speedy notification is impossible: "We do not consider the possibility that the borrower repaid the debt and the lender gave him a receipt" (MT 13:1). This is a calculated risk. While ordinarily, the concern for a lost receipt (shover) would be paramount, here, the imperative of ne'ilat delet outweighs it. The system implicitly assumes that the risk of a fraudulent claim after an oath is lower than the risk of widespread non-repayment due to debtors fleeing, which would destabilize the entire credit market. This is a classic systems trade-off: optimize for overall system health, even if it introduces a marginal, low-probability risk to an individual data point.

Connection to Shorshei HaYam: The Shorshei HaYam commentary identifies Rambam's position as aligning with the Rif and Rabbi Nachman, who prioritize ne'ilat delet. The commentary notes that Rav Hai Gaon, in his Sefer HaSha'arim, also appears to embrace this approach: "והנה ראיתי דברי רבינו האיי ז"ל בס' השערים י"ד די"ז ע"א שכתב דהנפרע שלא בפני בע"ח כגון ראובן שלוה משמעון והלך וישב לו במ"ה והאריך הזמן ולא בא אם נתקיים השט"ח בפני ב"ד נשבע בעל השטר ויורד בנכסי בע"ח כדתנן בכתובות והנפרעת שלא בפניו לא תפרע אלא בשבועה ואמרו בגמ' בזולתה מן החוב אמר רב אחא שר הבירה כו' ור"ן אמר אפי' בע"ח שלא יהא כל אחד כו' ואתה נועל דלת בפני לווין עכ"ל" (Shorshei HaYam on MT 13:1:1). This translates to: "And behold, I saw the words of Rabbeinu Hai Gaon z"l in Sefer HaSha'arim 14:17a, who wrote that one who collects from a debtor not in his presence, such as Reuven who borrowed from Shimon and went and settled overseas and much time passed and he did not come, if the promissory note is verified before the court, the holder of the note takes an oath and collects from the debtor's property, as we learned in Ketubot: 'One who collects from an absentee does not collect but with an oath.' And they said in the Gemara regarding debts: R. Nachman said, 'Even a creditor, so that not everyone... and you lock the door before borrowers.'" This explicitly ties Rambam's ruling and R. Hai Gaon in Sefer HaSha'arim to R. Nachman's rationale of ne'ilat delet.

Algorithm B: The "Due Process & Prior Engagement" Protocol (R. Chaim & Rav Hai Gaon's Teshuvot System)

Core Principle: Borrower Protection Over Unconditional Collection

In stark contrast to Algorithm A, an alternative implementation, championed by R. Chaim and (in his Teshuvot) Rav Hai Gaon, adopts a more conservative stance, heavily prioritizing the absentee debtor's due process rights. This system treats the "absentee" state with much greater caution, fearing wrongful expropriation.

Algorithm Steps (or lack thereof):

  1. Initial State: DEFAULT_NO_COLLECTION: Unlike Rambam's system, which defaults to collection with an oath if notification is impossible, this algorithm generally does not allow collection from an absentee debtor. The Shorshei HaYam cites R. Chaim and Tosafot as saying: "ודע דבעיקר דין זה דהבא ליפרע מנכסי הלוה שלא בפניו אי נחתינן לנכסיה או לא אפליגו רבוותא כמ"ש הטור בסימן ק"ו ודעת ר"ח ז"ל לפי מ"ש התוס' בפרק הכותב דפ"ח ע"א ד"ה ורבא כו' והרא"ש שם והרב העיטור בדס"ב ע"ג והרב התרומות בריש שער כ"א הוא דלא נחתינן לנכסיה שלא בפניו" (Shorshei HaYam on MT 13:1:1). This means: "Know that regarding this fundamental law, whether one collects from the debtor's property not in his presence or not, the great authorities disputed, as the Tur wrote in Siman 106. And the opinion of R. Chaim z"l, according to what Tosafot wrote in Perek HaKotev 88a (d.h. V'Rava, etc.), and the Rosh there, and Rav Ha'Itur on page 62b, and Rav HaTerumot at the beginning of Sha'ar 21, is that we do not collect from his property not in his presence." This sets a very high bar for collection.

  2. Strict Prerequisite: Prior Litigation (AD_STOOD_TRIAL_AND_FLED): This system introduces a critical conditional check that must be met before any collection from an absentee debtor. This condition is derived from the Jerusalem Talmud (Yerushalmi), as interpreted by these authorities. The Shorshei HaYam details this: "ק"ל טובא בדבריהם דמדברי הירושלמי שהביאו התוס' ראיה לדבריהם מבואר דדוקא כשעמד בדין וברח הוא דמזדקקינן ליה לשדורי ולהודועי וכי לא אתא מחלטי' נכסיה אבל כשלא עמד בדין כלל אלא ברח מעיקרא קודם עמדו לדין לא מזדקקינן ליה כלל" (Shorshei HaYam on MT 13:1:1). This means: "It is very difficult in their words, for from the words of the Yerushalmi that Tosafot brought as proof for their words, it is clear that only if he stood trial and fled do we proceed to send and notify him, and if he does not come, we confiscate his property. But if he did not stand trial at all, but fled from the outset before standing trial, we do not proceed with him at all."

    • Sub-Algorithm for AD_STOOD_TRIAL_AND_FLED: If this condition is met (i.e., the debtor was once present in court, engaged in litigation, and then fled), only then does the system consider further action.
      • Notification Attempts (Iterative Pings): The system then attempts a series of notifications. The Yerushalmi mentions sending "three letters" (shlosha igrot). The Shorshei HaYam explains this isn't just one attempt: "אלא הכי איתא התם אלדסא א"ל לר' מנא אנן עבדין טבאות סגי מנכון אנן כתבין די אתנמין אי אתא טבאות ואי לא אנן מחלטין נכסיה א"ל אוף אנן עבדין כן משגרין בתריה תלת אגרין אי אתא טב ואי לא מכרזינן נכסיה תלתין יומין אי אתא טב ואי לא אנן מחלטינן נכסוי" (Shorshei HaYam on MT 13:1:1). This describes a phased approach: send a letter, wait, if no response, then after 30 days, announce the property, and after another 30 days, confiscate. This is far more protracted than Rambam's "speedily."
      • Final Collection: Only after these multiple, prolonged notification attempts (and only if the debtor previously stood trial and fled) is collection permitted.

Key Design Choice: "Receipt-Leak" is a Major Vulnerability

This implementation is highly sensitive to the possibility of a "receipt-leak" (shover). The underlying assumption is that an absentee debtor might have paid and simply lost their receipt, or the lender might be acting fraudulently. Therefore, the system demands much higher certainty and engagement from the debtor before allowing expropriation. The ne'ilat delet concern, while acknowledged, is subordinated to the protection of individual property rights and the integrity of due process. This system prioritizes minimizing false positives (wrongful collection) even if it increases false negatives (legitimate debts uncollected).

Connection to Shorshei HaYam: The Shorshei HaYam deeply explores this view, presenting the Yerushalmi's arguments and the interpretations of R. Chaim, Tosafot, and Rav Hai Gaon (in his Teshuvot). It highlights the tension between this stricter approach and the more lenient one based on ne'ilat delet. The commentary even points out the apparent contradiction in Rav Hai Gaon's own writings (between his Teshuvot and Sefer HaSha'arim), indicating the complexity and strong arguments on both sides of this architectural debate. "ודברי רבינו האיי ז"ל בספר השערים לענין הלכה הן כדמוכח מתלמודא דידן וכמו שהוכיחו התוס' ז"ל בפ' הכותב אבל לענין מעשה העולם סמכו בזה על דברי הירושלמי ונדחקו לקיים דברי רבא ור"ן בשעמד בדין וברח כמ"ש בתשו' ועל כיוצא בזה אמרו מנהג מבטל הלכה" (Shorshei HaYam on MT 13:1:1). This suggests that while Rav Hai Gaon might have acknowledged the ne'ilat delet logic in theory (in Sefer HaSha'arim), in practice (Teshuvot), he might have leaned towards the Yerushalmi's stricter "stood trial and fled" rule, potentially even invoking the principle that "custom can override halakha" in practical application. This is a fascinating glimpse into the evolution and practical application of legal systems.

Edge Cases: Breaking Naïve Logic

Let's test our understanding of these algorithms with a couple of tricky inputs that might "break" a simple, surface-level interpretation of the rules.

Edge Case 1: The "Unconditional Trust" Stipulation (Ne'emanut)

Input: A lender comes to collect from an absentee debtor. The promissory note, which is verified, contains a ne'emanut clause stating: "The lender's word shall be accepted without an oath for any claim of non-payment." It is impossible to notify the borrower speedily.

Naïve Logic: "Ah, an explicit 'no-oath' directive! The lender can just collect without an oath." This interpretation treats the ne'emanut clause as an absolute override for all oath requirements.

Expected Output (Rambam's System - Algorithm A): The lender still must take an oath. Explanation: Rambam's system, despite the ne'ilat delet rationale, still mandates an oath for collection from an absentee debtor (MT 13:1, 14:7c: "a person who seeks to collect payment outside the borrower's presence"). The Shorshei HaYam commentary, discussing ne'emanut, states: "אם כתוב בשטר נאמנות לא מהני אלא לנפרע בפניו ממנו אבל שלא בפניו לא אלא ב"ד משביעין אותו" (Shorshei HaYam on MT 13:1:1). This translates: "If a trustworthiness (ne'emanut) clause is written in the note, it is effective only for collecting from him (the debtor) in his presence, but not in his absence. Rather, the court makes him (the lender) take an oath." Why? The commentary explains a subtle distinction: when the debtor is present, their presence allows for immediate rebuttal of the shover (receipt) concern. If the lender claims "I wasn't paid," and the debtor is there, the debtor can say "Yes, you were, here's my receipt!" or "Where's my receipt?" The ne'emanut then works to prevent the debtor's counter-oath. But when the debtor is absent, the court itself harbors a shover concern (the possibility the debt was paid and the receipt lost). An explicit ne'emanut clause, while strong, might not be sufficient to override the court's inherent duty to protect an absent party from potential fraud, especially given the explicit Rabbinic ordinance requiring an oath for absentee collection. Rambam's system prioritizes the court's protective mechanism (the oath) in this specific, high-risk "absentee" state, even over a general ne'emanut stipulation, because the shover concern is magnified by the debtor's absence.

Edge Case 2: The Lost Promissory Note

Input: A lender comes to court. The borrower is absent and cannot be speedily notified. The lender does not have the physical promissory note but has witnesses who can attest to the original loan and its terms.

Naïve Logic: "Witnesses are as good as a note! The core debt data is verified. Proceed with absentee collection." This assumes that the "promissory note in his possession" (MT 13:1) is merely one form of proof, interchangeable with witness testimony.

Expected Output (Rambam's System - Algorithm A): The court cannot proceed with absentee collection using the specific mechanism described in MT 13:1. Instead, the process shifts to a different, less direct collection method, usually requiring the lender to first establish the debt through witnesses and then potentially collect with an oath, but not through the "expropriate property directly from absentee" path. Explanation: MT 13:1 explicitly begins: "The following laws apply when a lender comes to expropriate property on the basis of a promissory note in his possession." This phrase "שטר שבידו" (a note in his hand/possession) is a critical system requirement. The system's design for absentee collection is hardcoded to interact with the promissory note as the primary "token" of the debt. Without this token, the specific absentee collection protocol (ACP) does not initiate. While MT 15:4 discusses a lost note where witnesses are present, it does so in a context where the borrower claims payment and is then required to take a sh'vuat hesset. This implies that establishing the debt with witnesses might allow for collection, but it's a different pathway than the direct expropriation from an absentee debtor with a note. The "absentee" scenario for lost notes isn't directly addressed in the expropriation rules of 13:1, suggesting the note's physical presence is a non-negotiable input for that specific, expedited absentee collection function. The system needs that specific data structure (the physical note) to execute the absentee collection algorithm.

Refactor: Clarifying the "Speedily" Parameter

Rambam's initial absentee collection protocol is elegantly concise, but its pivotal conditional statement – "If it is impossible to notify the borrower speedily" (MT 13:1) – relies on an undefined parameter: "speedily." This term, while intuitively understood, can lead to ambiguity in different contexts or jurisdictions. A minimal refactor would be to define this parameter, making the system's behavior more predictable and reducing interpretive overhead.

Current Code (MT 13:1 snippet): IF (IS_POSSIBLE(NOTIFY_BORROWER_SPEEDILY())) SEND_MESSENGER_TO_NOTIFY_BORROWER(); ELSE INSTRUCT_LENDER_TO_TAKE_OATH(); EXPROPRIATE_PROPERTY();

The "Bug": The function NOTIFY_BORROWER_SPEEDILY() lacks a clear, quantifiable definition for "speedily." What constitutes "speedy" in 12th-century Egypt might be different from 21st-century New York, or even from a neighboring town versus "overseas" (מדינת הים). The Shorshei HaYam commentary highlights this ambiguity by debating the Yerushalmi's implications for distance and time: "טפי מריחוק ט"ו יום ממקומו למקום ב"ד שהוא שיעור דרך רחוקה מב"ד של ירושלם לסוף גבול א"י כמו ששנינו בפ"ק דתעניות עד שיגיע אחרון שבא"י לנהר פרת והוא ט"ו יום" (Shorshei HaYam on MT 13:1:1). This suggests a historical benchmark of about 15 days as a "far distance."

Proposed Refactor (Minimal Change): Add a definition for "speedily."

We'd introduce a new constant or a clearly defined function for SPEEDILY_THRESHOLD into the system's configuration.

Refactored Code (Conceptual): # Define a system constant for "speedy" notification. # This could be a time duration (e.g., 30 days) or a geographic distance metric. # For this refactor, let's use a time-based metric derived from common legal practice and commentary. DEFINE_CONSTANT SPEEDILY_THRESHOLD_DAYS = 30; # Based on typical waiting periods in some contexts (e.g., three letters over 30 days)

FUNCTION IS_POSSIBLE_TO_NOTIFY_BORROWER_SPEEDILY() RETURNS BOOLEAN: # Check if a reliable notification can be delivered and acknowledged # within SPEEDILY_THRESHOLD_DAYS. # This involves assessing geographic distance, communication infrastructure, # and the likelihood of the borrower receiving and responding to the summons. RETURN (CALCULATE_NOTIFICATION_TIME() <= SPEEDILY_THRESHOLD_DAYS);

IF (IS_POSSIBLE_TO_NOTIFY_BORROWER_SPEEDILY()) SEND_MESSENGER_TO_NOTIFY_BORROWER(); ELSE INSTRUCT_LENDER_TO_TAKE_OATH(); EXPROPRIATE_PROPERTY();

Impact of Refactor: This single, minimal change significantly clarifies the rule. By defining "speedily," the system gains:

  1. Determinism: The outcome of the NOTIFY_BORROWER_SPEEDILY() check becomes less subjective. Courts in different locations or at different times can apply a consistent standard.
  2. Transparency: All stakeholders (lenders, borrowers, and judiciary) understand the exact parameters under which the "oath-and-expropriate" fallback mechanism will be triggered.
  3. Auditability: Future analysis of court decisions can reference this explicit threshold, ensuring consistency and allowing for easier identification of deviations.

While the Shorshei HaYam discusses more complex conditions like "stood trial and fled," that would be a more substantial architectural change, affecting the entire logic flow. Defining "speedily" directly addresses the ambiguity within Rambam's existing structure, making his elegant yet succinct system more robust.

Takeaway: Optimizing Justice in Distributed Systems

Our deep dive into the Mishneh Torah's absentee debtor protocols reveals a sophisticated approach to legal system design, akin to optimizing for efficiency and security in distributed computing. The core challenge is managing data (debt records) and transactions (collections) when a critical node (the debtor) is offline.

Maimonides' system (Algorithm A) prioritizes system availability and fluidity (ne'ilat delet). It acknowledges the risk of a "receipt-leak" but chooses to mitigate it with a high-integrity "trust assertion" (the lender's oath) rather than allowing the entire credit network to stall. This is a pragmatic choice, ensuring that the cost of debtor absence doesn't become prohibitive for the entire economy.

Conversely, the alternative view (Algorithm B) emphasizes data integrity and individual node protection, requiring more stringent pre-conditions (like prior litigation) and protracted communication attempts before any forced transaction. This system prioritizes minimizing false positives (wrongful collections) even at the cost of slower transaction processing.

The evolution and debate within the commentaries, especially around the meaning of "speedily" and the "stood trial and fled" condition, highlight the continuous process of system refinement and contextual adaptation. Just as a software architect must balance performance, security, and user experience, so too do legal scholars grapple with the trade-offs inherent in building a just and functional social system. The use of oaths acts as a cryptographic hash, providing a high-confidence, low-overhead verification mechanism where other forms of proof are unavailable or impractical. Ultimately, this sugya is a masterclass in designing robust protocols for managing trust and accountability across a potentially disconnected network of actors.