0. Security Scope Note

This entry is conceptual and systems-oriented.

It does not treat all consent forms, authorization records, access approvals, contracts, terms of service, role permissions, delegation, identity verification, data processing agreements, or security approvals as inherently failed.

Security needs authorization.

Authorization may be valid when it is:

• informed
• specific
• voluntary
• revocable
• scope-bounded
• time-bounded where needed
• auditable
• traceable
• non-coerced
• non-bundled across incompatible uses
• understandable to the affected party
• compatible with refusal
• compatible with exit
• updated when scope changes
• linked to real boundary integrity

The failure begins when an authorization artifact is treated as consent even when consent conditions are absent.

A valid security system distinguishes formal authorization from valid consent.

A failed security system treats recorded acceptance as enough.

Consent Theater / Invalid Authorization occurs when a system uses consent-looking artifacts to authorize access, extraction, control, data use, surveillance, participation, or processing that the affected node could not meaningfully understand, refuse, limit, revoke, or contest.

The problem is not authorization.

The problem is authorization being declared valid when consent is structurally invalid.

1. Definition

Consent Theater / Invalid Authorization occurs when a system presents access, use, extraction, surveillance, participation, processing, contract, or control as authorized through formal consent artifacts while the underlying consent is coerced, uninformed, bundled, stale, non-revocable, dependency-bound, procedurally buried, or outside valid scope.

Consent theater may appear through:

• checked boxes
• accepted terms
• signed contracts
• buried clauses
• dark-pattern consent flows
• bundled permissions
• forced opt-in
• impossible opt-out
• dependency-bound access
• non-negotiable agreements
• vague data use language
• broad future-use clauses
• implied consent
• proxy consent
• stale authorization
• role-based authorization overreach
• default settings
• consent banners
• forced arbitration
• employment-based consent
• platform participation
• institutional intake forms
• AI data use agreements
• surveillance notices
• “continued use means acceptance” clauses

The invalid authorization may enable:

• data extraction
• access escalation
• surveillance
• profiling
• resale or reuse
• model training
• automated decisioning
• coercive contract terms
• platform lock-in
• identity binding
• behavioral manipulation
• cross-context data sharing
• institutional control
• repair denial
• unilateral policy changes
• access revocation
• hidden dependency
• risk transfer
• liability transfer
• affected-state burden

The core failure is:

system wants access or control
→ consent artifact is created
→ refusal or understanding is weak
→ scope expands or dependency forms
→ artifact is treated as authorization
→ affected boundary is crossed
→ hidden consent debt accumulates

Consent Theater / Invalid Authorization is not merely bad paperwork.

It is formal authorization being used to bypass consent reality.

2. Core Pattern

The core pattern is:

1. A system seeks access, data, participation, authority, or control.
2. A formal consent or authorization step is inserted.
3. The consent step is shaped by dependency, complexity, pressure, asymmetry, bundling, or opacity.
4. The affected node accepts, continues, signs, clicks, participates, or is represented by proxy.
5. The system records authorization.
6. Scope expands, persists, or becomes difficult to revoke.
7. Consent reality weakens or disappears.
8. The authorization artifact remains valid in system records.
9. Access, processing, extraction, or control proceeds.
10. Affected-state burden accumulates.
11. The system defends the action as authorized.
12. Security boundary integrity fails under formal legitimacy.

A healthy system says:

authorization is valid only when consent remains informed, voluntary, revocable, and scope-bounded

A theater system says:

the record shows consent, therefore authorization is valid

Consent Theater is especially dangerous when refusal threatens access to necessities.

Work.

Communication.

Identity.

Money.

Healthcare.

Housing.

Education.

Legal standing.

Safety.

Public services.

Platform participation.

When dependency controls refusal, consent artifacts become weak evidence.

3. Failure Signature

Typical signature:

formal consent artifacts↑
actual consent validity↓
authorization scope↑
revocation viability↓
refusal cost↑
dependency coercion↑
scope drift↑
consent-use divergence↑
affected-state burden↑
O↓

Extended signature:

checkbox present,
choice absent

terms accepted,
understanding absent

authorization recorded,
scope exceeded

notice given,
refusal impossible

continued use,
dependency hidden

consent claimed,
boundary crossed

Common verbal signatures include:

they agreed to the terms
consent was obtained
continued use means acceptance
users can opt out
the policy disclosed this
the authorization is on file
the contract permits it
participation is voluntary
they clicked accept
the notice was provided
the data use is covered
that is within scope

Common system signatures include:

a platform requires acceptance of broad data use terms for basic access
an employer obtains consent under dependency conditions and treats it as voluntary
an AI system uses historical data for new purposes under vague prior authorization
a security system expands monitoring and cites old policy acceptance
a contract bundles unrelated permissions into one required agreement
a public service requires consent to surveillance as condition of access
a user can revoke consent formally but loses essential functionality in practice
a proxy authorizes use on behalf of affected nodes without meaningful representation

The defining condition is not that consent was recorded.

The defining condition is that the recorded consent cannot carry the authorization claimed from it.

4. Primary U-Layer Origin

Common origin layers:

• U1 — Power / Budgets: access, revenue, control, liability transfer, or data value depends on broad authorization.
• U2 — Configuration / Boundaries: authorization boundaries are too broad, unclear, or misaligned with affected boundaries.
• U3 — Execution / Runtime: workflows process access or extraction based on stored artifacts rather than current consent.
• U4 — Information / Truth: consent records replace consent reality.
• U5 — Coordination / Time: consent becomes stale as scope, dependency, or use changes.
• U6 — Coherence Field: participation is socially or institutionally interpreted as agreement.
• U7 — Memory / Recurrence: old authorizations persist in records, contracts, datasets, and policies.
• U8 — Environment / Field: legal, market, platform, or institutional norms reward formal acceptance over real consent.

Common manifestation layers:

• U1 — Power: formal authorization shields extraction or control.
• U2 — Boundaries: affected boundaries are crossed under recorded consent.
• U3 — Execution: systems act on stale or invalid authorization.
• U4 — Truth: consent artifact substitutes for consent state.
• U5 — Time: scope drift accumulates.
• U6 — Field: legitimacy language masks coercion.

Consent Theater / Invalid Authorization is primarily a BΣ / Au / O / M failure.

Boundary integrity fails because the system mistakes the meaning of consent artifacts for consent reality.

5. Typical Development Sequence

A common development sequence is:

1. A system creates an access, participation, data, or control pathway.
2. A consent artifact is added to legitimize the pathway.
3. The artifact is broad, complex, bundled, or required.
4. Users or affected nodes accept because refusal is costly, unclear, impossible, or dependency-bound.
5. The artifact enters records as authorization.
6. The system expands use, scope, duration, or third-party access.
7. Revocation is difficult or partial.
8. Affected nodes discover the scope after burden appears.
9. The system cites the authorization artifact.
10. Consent reality is no longer inspected.
11. Hidden consent debt accumulates.
12. Boundary violations become normalized.
13. Trust and legitimacy degrade.
14. The consent system becomes theater.

The loop often looks like:

access needed → terms required → acceptance recorded → scope expands → authorization defended

Another common loop is:

consent challenged → artifact cited → reality ignored → consent debt grows

Consent Theater becomes durable when the cost of refusal is high and the evidentiary value of the artifact is treated as total.

6. Diagnostic Markers

Diagnostic markers include:

• Consent is recorded but cannot be meaningfully refused.
• Consent is required for unrelated access.
• Opt-out exists formally but is costly, degraded, confusing, or hidden.
• Terms are too broad to support specific authorization.
• Permissions bundle incompatible uses.
• Authorization persists after scope changes.
• Revocation does not remove downstream use.
• Affected nodes cannot identify what they agreed to.
• Proxy consent excludes affected-state reality.
• Consent records are easier to retrieve than consent context.
• Continued participation is cited as consent despite dependency.
• Users report surprise about authorized uses.
• Security access expands through old authorization.
• Consent artifacts are used to transfer liability.
• Authorization is treated as valid even when boundaries are crossed.

Useful diagnostics:

• Consent Validity: Tests whether consent is informed, voluntary, revocable, and scope-bounded.
• Authorization Scope Integrity: Measures whether authorization matches actual use.
• Revocation Viability: Tests whether withdrawal works in practice.
• Refusal Cost: Measures the practical burden of saying no.
• Dependency Coercion: Measures whether access, livelihood, safety, or identity pressures consent.
• Bundling Pressure: Measures forced combination of unrelated permissions.
• Scope Drift: Tracks expansion beyond original consent.
• Consent-Use Divergence: Measures gap between consented use and actual use.
• Affected-State Burden: Tracks burden produced by invalid authorization.
• Authorization Traceability: Tests whether authorization source, scope, and context remain known.

7. Related Gates

Relevant gates include:

• Consent Validity Gate: Fails when consent is uninformed, coerced, bundled, stale, or non-revocable.
• Authorization Scope Gate: Fails when action exceeds consented scope.
• Revocation Gate: Fails when withdrawal does not function.
• Refusal Availability Gate: Fails when refusal is not practically available.
• Dependency Coercion Gate: Fails when necessity converts acceptance into compulsion.
• Consent Artifact Gate: Fails when recorded artifacts substitute for consent reality.
• Scope Creep Gate: Fails when use expands beyond original authorization.
• Affected-State Burden Gate: Fails when consented action creates unaccounted burden.
• Authorization Traceability Gate: Fails when scope, source, time, and context cannot be reconstructed.
• Boundary Integrity Gate: Fails when affected boundaries are crossed under invalid authorization.

The first common gate failure is usually the Consent Validity Gate.

Once consent validity is not tested, authorization can be built on an empty form.

8. Related Operators

Relevant operators include:

• BΣ — Boundary Integrity: Primary operator; determines whether access respects affected boundaries.
• Au — Auditability: Determines whether authorization and consent context remain inspectable.
• O — Coherence: Declines when authorization diverges from consent reality.
• M — Meaning: Consent language loses meaning when it becomes artifact-only.
• Ψ — Observation / Interface: Presents consent prompts, terms, notices, and permissions.
• H — Hidden Debt: Accumulates as consent debt, trust debt, and affected-state burden.
• K — Constraint / Load: Rises when refusal, revocation, or appeal becomes burdensome.
• Γ — Selection: Selects consent evidence favorable to system access.
• G — Gain: Rewards broad authorization, extraction, data reuse, and liability transfer.
• Φ — Flow / Resource Movement: Routes data, access, value, or control after authorization.
• Λ — Compatibility: Tests whether authorized use is compatible with consent scope.
• R — Restoration Capacity: Needed to repair invalid authorization and affected burden.
• Τ — Trajectory / Time: Tracks staleness, scope drift, and consent decay.
• E — Exit: Measures ability to refuse, withdraw, or leave.

Common operator pattern:

G rewards broad authorization
Ψ presents consent artifact
K makes refusal costly
Au records acceptance but not context
BΣ is crossed
Φ routes data/control
H accumulates
O declines

The core operator inversion is:

consent artifact → valid authorization

instead of:

informed consent + viable refusal + revocation + scope integrity + traceability → valid authorization

Consent Theater lets systems cross boundaries while preserving the appearance of permission.

9. Related Laws and Invariants

Related Laws

• Authorization Requires Valid Consent: authorization cannot exceed consent conditions.
• Consent Must Remain Informed, Revocable, and Scope-Bounded: consent must retain operational meaning.
• Formal Acceptance Must Not Substitute for Consent: records cannot replace reality.
• Access Must Not Be Authorized Through Dependency: necessity weakens voluntariness.
• Consent Must Not Be Bundled Across Incompatible Scopes: unrelated uses require separable choice.
• Revocation Must Remain Operationally Real: withdrawal must affect system behavior.
• Security Must Not Treat Coercion as Authorization: coercive acceptance is not clean permission.
• Authorization Must Remain Auditable: scope, source, and context must remain traceable.
• Consent Drift: consent decays when scope, context, or dependency changes.
• Forced Coupling: imposed coupling invalidates alignment claims.
• Manufactured Consent: formal agreement can be produced under distorted conditions.
• U4 Truth Substitution: records can replace truth-bearing consent state.

Related Invariants

• Consent Must Remain Valid Over Time: stored consent must be revalidated under changed conditions.
• Authorization Must Match Scope: action must not exceed the consented domain.
• Consent Must Be Revocable: withdrawal must be practical and effective.
• Consent Must Not Be Dependency-Coerced: necessity cannot be disguised as choice.
• Consent Artifacts Must Not Override Consent Reality: forms cannot substitute for valid relation.
• Affected-State Burden Must Be Consent-Audited: burden must be checked against consent conditions.
• Authorization Must Remain Traceable: source, scope, time, and context must remain recoverable.
• Refusal Must Remain Practically Available: consent requires a real no.

10. Common False Positives

Not every formal authorization is Consent Theater.

Common false positives include:

• Clear permission for a narrow, understandable action.
• Role-based access with bounded scope and audit.
• Terms that are specific, separable, and revocable.
• Contracts with real negotiation and fair alternatives.
• Consent flows that preserve refusal without disproportionate loss.
• Data use limited to the stated purpose.
• Security authorization tied to least privilege.
• Proxy authorization with accountable representation and affected-state safeguards.
• Emergency access with strict logging, time limits, and review.
• Continued use after meaningful notice and viable exit.
• Bundled permissions that are genuinely inseparable from the requested function.
• Consent renewal when scope changes.

Clarifying rule:

This is not Consent Theater / Invalid Authorization unless formal consent or authorization artifacts are used to justify action where consent is not informed, voluntary, revocable, scope-valid, or refusal-compatible.

Authorization can be legitimate.

It fails when the artifact replaces the consent relation.

11. Common False Repairs

Common false repairs include:

• adding longer terms
• adding more consent banners
• adding broad disclosures
• requiring more checkboxes
• changing interface wording without changing refusal power
• adding opt-out links that do not work in practice
• making revocation partial or delayed
• creating consent dashboards that preserve broad defaults
• reauthorizing old uses through vague updates
• using proxy consent to avoid affected-state review
• treating notice as consent
• treating continued use as agreement under dependency
• separating permissions visually while processing them together
• adding legal review without consent redesign
• apologizing while preserving invalid authorization

False repair often produces the loop:

invalid consent exposed
→ disclosure expanded
→ refusal remains costly
→ authorization continues
→ consent debt grows

Another common loop is:

scope creep challenged
→ terms updated retroactively
→ old data/use remains active
→ scope drift persists

The repair fails because it improves consent appearance without restoring refusal, revocation, and scope integrity.

12. Restoration Direction

Restoration requires auditing consent validity, reconstructing authorization scope, restoring refusal and revocation, separating bundled permissions, repairing affected burden, and stopping uses that exceed valid consent.

Primary restoration direction:

make authorization depend on real consent again

A fuller restoration path includes:

1. Identify the authorization artifact. Name the terms, contract, checkbox, role permission, policy, proxy, or approval.
2. Trace the consent context. Recover who consented, when, under what conditions, and for what scope.
3. Audit consent validity. Test informedness, voluntariness, revocability, dependency pressure, and clarity.
4. Map actual use. Identify all access, processing, sharing, extraction, surveillance, or control enabled by the artifact.
5. Compare use to scope. Determine where authorization exceeds consent.
6. Measure refusal cost. Determine whether saying no is practical.
7. Restore revocation paths. Make withdrawal operationally effective.
8. Separate bundled permissions. Split unrelated uses into independent choices.
9. Pause invalid uses. Stop processing or access where consent fails.
10. Repair affected-state burden. Address harm, extraction, or boundary violation caused by invalid authorization.
11. Revalidate consent where needed. Seek clear, specific, current consent under fair conditions.
12. Update authorization records. Preserve scope, context, expiry, and revocation state.
13. Limit future scope drift. Require reauthorization for new purposes.
14. Restore exit paths. Ensure refusal does not create disproportionate loss.
15. Monitor consent degradation. Watch for dependency, bundling, or artifact substitution returning.

A valid restoration path should reduce:

consent-use divergence
scope drift
refusal cost
dependency coercion
bundling pressure
revocation failure
affected-state burden
consent debt

Consent Theater / Invalid Authorization is not repaired by asking for agreement again under the same conditions.

It is repaired by changing the conditions so agreement can mean consent.

13. Cross-Module Links

• Security: Primary family; authorization is a security boundary, and invalid authorization is a boundary failure.
• Core: Strongly linked to Forced Coupling and U4 Truth Substitution when records replace consent state.
• Interactions: Consent Drift and Scope Creep are direct operator-level expressions.
• Justice / Contracts: Manufactured consent, coercive contracts, and locked-in renegotiation failures often preserve invalid authorization.
• AI Governance: Data use, model training, memory, profiling, safety intervention, and automated decisioning can be authorized through weak consent artifacts.
• Platforms: Platform participation can turn dependency into apparent agreement.
• Privacy: Consent artifacts often govern data flows beyond meaningful user understanding or revocation.
• Economy: Dependency lock-in and forced profit can make refusal economically impossible.
• Interfaces: Consent interfaces can hide scope, defaults, bundling, and revocation friction.
• Coherence: Coherence requires authorization to remain tied to valid consent, boundary integrity, and affected-state reality.

14. Relationship to Parent / Child Modes

Production treatment: Standalone Entry / Canon-Aligned

This mode maps upward to:

• FM-ISC-009 — Consent Drift
• FM-CORE-008 — Forced Coupling
• FM-JC-007 — Manufactured Consent
• FM-S-013 — Forced Participation Trap
• FM-REI-003 — Unbounded Extraction

Sibling or related Security modes include:

• FM-SEC-001 — Security Theater / Φ Substitution
• FM-SEC-002 — Audit Suppression Inversion
• FM-SEC-003 — Rule-Stacking Wall
• FM-SEC-005 — Interface Capture
• FM-SEC-007 — Silent Extraction / Parasitic Coupling
• FM-SEC-008 — Proxy-Relay Drift
• FM-SEC-009 — Over-Surveillance Inversion
• FM-SEC-010 — Emergency Normalization
• FM-SEC-011 — Representation / Proxy Abuse / AIM Failure
• FM-SEC-012 — Exit Failure / Recapture

Related cross-family modes include:

• FM-CORE-008 — Forced Coupling
• FM-ISC-009 — Consent Drift
• FM-ISC-010 — Scope Creep
• FM-S-013 — Forced Participation Trap
• FM-JC-007 — Manufactured Consent
• FM-JC-011 — Locked-In Renegotiation Failure
• FM-JC-012 — Parasitic Contracting
• FM-ECOX-021 — Coercive Contract
• FM-ECOX-022 — Dependency Lock-In
• FM-REI-003 — Unbounded Extraction
• FM-SEC-007 — Silent Extraction / Parasitic Coupling
• FM-AIX-016 — Standingless Instrumentalization

Aliases preserved from source material:

• Consent Theater
• Invalid Authorization
• Consent Theater / Invalid Authorization
• Authorization Theater
• Pseudo-Consent
• Formal Consent Substitution
• Coerced Authorization
• Bundled Consent Failure
• Stale Consent Authorization
• Scope-Invalid Consent

15. Minimal Entry Version

Definition: Consent Theater / Invalid Authorization occurs when a system presents access, use, extraction, surveillance, participation, processing, contract, or control as authorized through formal consent artifacts while the underlying consent is coerced, uninformed, bundled, stale, non-revocable, dependency-bound, procedurally buried, or outside valid scope.

Signature:

formal consent artifacts↑
actual consent validity↓
authorization scope↑
revocation viability↓
refusal cost↑
dependency coercion↑
scope drift↑
consent-use divergence↑
affected-state burden↑
O↓

Restoration direction:

• identify the authorization artifact
• trace the consent context
• audit consent validity
• map actual use
• compare use to scope
• measure refusal cost
• restore revocation paths
• separate bundled permissions
• pause invalid uses
• repair affected-state burden
• revalidate consent where needed
• update authorization records
• limit future scope drift
• restore exit paths
• monitor consent degradation

16. Machine-Readable Summary

failure_mode:
  id: "FM-SEC-004"
  name: "Consent Theater / Invalid Authorization"
  family: "Security"
  production_treatment: "Standalone Entry / Canon-Aligned"
  parent_modes:
    - "FM-ISC-009 — Consent Drift"
    - "FM-CORE-008 — Forced Coupling"
    - "FM-JC-007 — Manufactured Consent"
    - "FM-S-013 — Forced Participation Trap"
    - "FM-REI-003 — Unbounded Extraction"
  primary_failure: "A system presents access, use, extraction, surveillance, participation, processing, contract, or control as authorized through formal consent artifacts while the underlying consent is coerced, uninformed, bundled, stale, non-revocable, dependency-bound, procedurally buried, or outside valid scope."
  source: "UTS — Failure Modes Registry"
  source_id: "FM-SEC-004"
  scope_note: "Conceptual and systems-oriented; does not treat all consent forms, authorization records, access approvals, contracts, terms of service, role permissions, delegation, identity verification, data processing agreements, or security approvals as inherently failed."
  aliases:
    - "Consent Theater"
    - "Invalid Authorization"
    - "Consent Theater / Invalid Authorization"
    - "Authorization Theater"
    - "Pseudo-Consent"
    - "Formal Consent Substitution"
    - "Coerced Authorization"
    - "Bundled Consent Failure"
    - "Stale Consent Authorization"
    - "Scope-Invalid Consent"
  signature:
    - "formal consent artifacts↑"
    - "actual consent validity↓"
    - "authorization scope↑"
    - "revocation viability↓"
    - "refusal cost↑"
    - "dependency coercion↑"
    - "scope drift↑"
    - "consent-use divergence↑"
    - "affected-state burden↑"
    - "O↓"
  primary_layers:
    origin:
      - "U1 — Power / Budgets"
      - "U2 — Configuration / Boundaries"
      - "U3 — Execution / Runtime"
      - "U4 — Information / Truth"
      - "U5 — Coordination / Time"
      - "U6 — Coherence Field"
      - "U7 — Memory / Recurrence"
      - "U8 — Environment / Field"
    manifestation:
      - "U1 — Power"
      - "U2 — Boundaries"
      - "U3 — Execution"
      - "U4 — Truth"
      - "U5 — Time"
      - "U6 — Field"
  state_variables:
    - "BΣ"
    - "Au"
    - "O"
    - "M"
    - "Ψ"
    - "H"
    - "K"
    - "Γ"
    - "G"
    - "Φ"
    - "Λ"
    - "R"
    - "Τ"
    - "E"
  first_gate_failure: "Consent Validity Gate"
  restoration:
    - "Consent Validity Audit"
    - "Authorization Scope Review"
    - "Revocation Path Restoration"
    - "Refusal Availability Restoration"
    - "Dependency Coercion Reduction"
    - "Consent Artifact Revalidation"
    - "Scope Creep Reversal"
    - "Affected-State Burden Repair"
    - "Authorization Trace Reconstruction"
    - "Boundary Re-Separation"