The increasing harms caused by hate, harassment, and other forms of abuse online have motivated major platforms to explore hierarchical governance. The idea is to allow communities to have designated members take on moderation and leadership duties; meanwhile, members can still escalate issues to the platform. But these promising approaches have only been explored in plaintext settings where community content is public to the platform. It is unclear how one can realize hierarchical governance in the huge and increasing number of online communities that utilize end-to-end encrypted (E2EE) messaging for privacy. We propose private hierarchical governance systems. These should enable similar levels of community governance as in plaintext settings, while maintaining cryptographic privacy of content and governance actions not reported to the platform. We design the first such system, taking a layered approach that adds governance logic on top of an encrypted messaging protocol; we show how an extension to the message layer security (MLS) protocol suffices for achieving a rich set of governance policies. Our approach allows developers to rapidly prototype new governance features, taking inspiration from a plaintext system called PolicyKit. We build a prototype E2EE messaging system called MlsGov that supports content-based community and platform moderation, elections of community moderators, votes to remove abusive users, and more.

翻译：仇恨、骚扰及其他形式的网络滥用行为造成的危害日益加剧，促使各大平台探索分层治理模式。该模式允许社群指定成员承担内容审核与领导职责，同时成员仍可将问题上报至平台。然而，这些前景广阔的方法目前仅应用于明文场景，即社群内容对平台公开。对于大量使用端到端加密（E2EE）消息服务以保障隐私的在线社群，如何实现分层治理仍不明确。我们提出私有分层治理系统，旨在维持内容及未上报至平台的治理行为在密码学意义上的隐私性同时，实现与明文场景相当的社群治理水平。我们设计了首个此类系统，采用分层架构在加密消息协议之上叠加治理逻辑，并证明通过对消息层安全（MLS）协议进行扩展即可实现丰富的治理策略。该方法允许开发者借鉴名为PolicyKit的明文系统，快速构建新型治理功能原型。我们构建了名为MlsGov的原型E2EE消息系统，支持基于内容的社群与平台审核、社群审核员选举、驱逐滥用者投票等治理功能。