In the security world there is a concept called “Defense in Depth” that refers to setting up layers of defense so that if an attacker bypasses one layer there are other layers they must contend with. In physical security this might take the form of a lock on the outside door of an office building, a security guard inside the foyer who identifies a visitor, access to different floors in the building protected by keycards in the elevator, additional locked rooms or safes on a particular floor for particularly sensitive property, and security guards patrolling the building and reviewing security camera footage. In the digital world this might take the form of firewalls, network segmentation, multi-factor authentication, event log monitoring, and malware scanners.
A similar approach, which I’ll call “Privacy in Depth” applies the same principles to privacy. When you have an attacker who is attempting to violate your privacy, you can assume that at some point they may be able to bypass one layer of defense, and if they do, you want to have additional layers available to protect your personal data. Protecting our customers’ privacy is a core tenet in our Social Purpose and in this post I will describe the layers of privacy defenses we have built into the Librem 14, Librem Mini, Librem 5 and Librem 5 USA product lines.
Privacy and Security
As I go into our different defenses, something that you might notice is that there is a lot of overlap between defenses that help protect your security and your privacy. Yet there is a distinct difference as well. Privacy defenses help protect you from attacks that attempt to access your personal data without your consent. Security defenses help protect you from attempts to steal or harm your property (including data).
It may seem that security defenses encompass both privacy and security, but there are subtle differences and areas where the two diverge. You don’t always need to resort to security measures to protect privacy. To take an example from the physical world, most clothing serves a privacy function but not a security function. A bullet-proof vest, a helmet, or work gloves are examples of clothing that primarily serve a security function but not a privacy function. To take an example from the digital world, one can protect privacy simply by not collecting data to begin with, but to secure data you would likely resort to encryption or forms of access control.
Read the rest of the post here: