Permissioned Tier 3 configurations restrict access while preserving redundancy and integrity

A second common objection to applying Tier 3 to scientific data: much scientific data is sensitive — clinical records under HIPAA, embargoed pre-publication results, indigenous data sovereignty obligations, classified observations — and cannot be distributed on the kind of network that carries movies and music.

The objection conflates Tier 3 architecture with public distribution. Permissioned variants of every major protocol exist and are in production use:

• Private BitTorrent trackers restrict which clients can join the swarm.
• Federated Matrix homeservers restrict which servers federate with each other.
• Permissioned IPFS clusters restrict which nodes can hold copies.

Each restricts which nodes can hold copies while preserving the protocol's redundancy and integrity properties. Sensitive scientific data does not require Tier 3 to be abandoned; it requires the permissioned configuration of the same architecture.

Access control and structural redundancy are independent properties. Three orthogonal techniques compose: client-side encryption keeps data unreadable on every replica (institutional keys never leave the institution); permissioned networks bound which partners hold copies and constrain jurisdictional exposure; content addressing separates integrity from access — any node can verify integrity by recomputing a hash without being able to read the underlying data.

The same techniques are already deployed for HIPAA-covered records, FERPA-covered student data, export-controlled research, and embargoed datasets in Tier 2 contexts (the Electronic Medical Records and Genomics Network, the All of Us Research Program). The architectural question is whether to apply them at Tier 3 as well, where the resilience properties of the protocol compound the access controls already in use.