BMT-04.06 Executive Summary#
BlueMirror.tech | May 2026#
Yolanda runs enterprise risk for a major health insurer. She started her review of BlueMirror with the refusals rather than the capabilities, knowing that a system without hard limits will find its way to behaviors its designers did not intend. The refusals are where the architecture reveals what it actually values.
Most ethical decisions in the architecture are soft constraints: adjustable, tunable, person-configurable. Hard constraints exist for the narrow category of actions where no adjustment is safe. Actions that cause irreversible harm the person may not be able to assess. Actions that violate third-party rights. Actions that exploit the person’s vulnerability even at her own request. Actions that compromise the system’s integrity for all users.
Eight refusals define the floor. The system will not share health data with the person’s employer, regardless of consent, because employment discrimination based on health data is a structural harm that individual consent cannot remedy. It will not optimize for engagement: no session length, return frequency, or notification response metric is optimized, because a system that makes itself more compelling to use is creating dependency. It will not make irreversible financial commitments without human confirmation, at any autonomy level. It will not continue routing earning activities when cognitive assessment indicates risk, though the person can override with documented awareness. It will not suppress safety alerts to avoid inconvenience. It will not build or share a composite behavioral profile. It will not discriminate in service quality based on payment tier. It will not retain personal data after account closure beyond the legally required period.
Hard constraints are enforced at the infrastructure level through three redundant mechanisms: the Safety Filter SLM validates every output against the constraint list, the Audit Trail Logger records every attempted violation, and the deployment pipeline rejects code modifications that alter enforcement without ethics review board approval. The failure of any one mechanism does not create a gap.
When the person disagrees with a refusal, the system explains why it cannot comply, grounded in her interests rather than policy citations, and offers an alternative that serves her underlying goal. Margaret who wants her employer to see her health data is redirected to preparing a health summary she shares directly, on her own terms, including only what she chooses. The refusal comes with a redirect. Neither alone is sufficient.
Yolanda’s review noted that every item on the constraint list corresponded to a pattern she had seen cause real harm in existing health technology. The sign that it had been written by people who were paying attention.
The full article is available at bluemirror.tech.