Security & Safety¶
BNI builds software for populations whose physical safety depends on the security of their tools — people experiencing houselessness, domestic violence, addiction recovery, incarceration, and cognitive decline. Security is not a feature layer added after launch; it is a foundational design constraint.
This section covers the threat model, authentication and lockout design, and the accessibility-security framework that guides every product decision.
Design principles¶
Never lock out — always degrade gracefully. Full authentication gives full access. Partial or failed authentication gives reduced but still useful access. No authentication gives emergency-only access. A user should never be blocked from getting help.
Device security serves the user, not the platform. Authentication protects the user from others accessing their data. It must not become a barrier between the user and safety.
The attacker is often known to the victim. For this user base, the most likely attacker is an intimate partner, family member, trafficker, or institution — not a remote hacker. The threat model reflects this.
Privacy and security are inseparable. Metadata is as dangerous as content. Knowing who is in someone's circle, when they send messages, and where they are from can endanger them even if message content is encrypted.
Legal exposure is a security issue. Law enforcement access, subpoenas, and mandated reporting obligations are part of the threat model, not separate from it.
Priority features by phase¶
| Phase | Feature | Project | Status |
|---|---|---|---|
| MVP | Biometric + PIN dual auth with grace period | MPowerUP | Planned |
| MVP | No client-side auth on RlivN tablet (MDM) | RlivN | Planned |
| Phase 2 | 3-strike biometric lockout → emergency-only mode + circle notification | MPowerUP | Planned |
| Phase 2 | Duress PIN with silent distress signal | MPowerUP | Planned |
| Phase 2 | Circle vouch recovery | MPowerUP | Planned |
| Phase 3 | Risk-based contextual authentication | MPowerUP | Future |
| Phase 3 | Proximity trust via Bluetooth circle detection | MPowerUP | Future |
| Phase 3 | Relay metadata minimisation — no persistent connection logs | MPowerUP | Future |
| Phase 4 | DID key backup and recovery via circle quorum | MPowerUP | Future |
| Phase 4 | Caregiver portal 2FA + session audit log | RlivN | Future |
Pages in this section¶
- Threat Model — physical, cyber, and legal threats per project
- Authentication & Lockout — biometric lockout spec, duress mode, recovery paths
- Circle-Initiated Revocation — tiered remote revocation, consensus model, coercion handling, and attack surface
- Accessibility Framework — balancing security and usability for vulnerable populations