Author Archives: bredemarket

Marketing and writing services.

Notice ID 70RDA126RFI000003: WIRED Overstates the Case

Remember my February 16 post “Notice ID 70RDA126RFI000003: Yes, It’s an RFI, But That May Be a HUGE Multi-Biometric Matching System”? Note that I used the words “RFI” and “May,” because it’s not a done deal.

When Biometric Update reported on this same RFI, it used similar qualifiers such as “If DHS proceeds to a formal solicitation.”

WIRED? Not so restrained.

“THE DEPARTMENT OF Homeland Security is moving to consolidate its face recognition and other biometric technologies into a single system capable of comparing faces, fingerprints, iris scans, and other identifiers collected across its enforcement agencies, according to records reviewed by WIRED.”

But those very “records reviewed by WIRED” include this statement:

“This RFI is for planning purposes only and shall not be construed as an obligation on the part of the Government. This is NOT a Request for Quotations or Proposals. No solicitation document exists, and a formal solicitation may or may not be issued by the Government as a result of the responses received to this RFI.”

And even if this actually WAS a true procurement…HART was originally announced during the Obama administration in 2016. Ten years later, it still hasn’t happened.

My Biometric Video One-Two Punch

Different moods, but both videos emphasize (not empathize) Bredemarket’s biometric product marketing expertise.

So what?

If your firm wants to speak to biometric prospects and customers, you need someone who speaks the language.

As a customer whose name I won’t mention recently said to me, “You have to know what FRTE [VENDOR NAME REDACTED] [NUMBER REDACTED] means.” (An algorithm submission to the U.S. National Institute of Standards and Technology Facial Recognition Technology Evaluation (FRTE), either the 1:1 test or the 1:N test.)

But even more important is why a vendor’s algorithmic submission matters…and why it may not matter. Ah, the nuances…

I’ve written about these nuances for almost two dozen firms. Perhaps I can write for your firm. Click below and book a free meeting with Bredemarket.

Stop losing prospects! Use Bredemarket content for tech marketers

On Ex-Evangelists

Many companies, Bredemarket included, have benefited from the efforts of evangelists. But don’t take those efforts for granted.

I recently said good-bye to a former Bredemarket evangelist who became silent and indifferent over time. I positively thanked them for their past support, carefully avoiding the topic of why and how that support ended.

(Maybe I should have asked, but I doubt I would have received an answer.)

And I remain thankful for the Bredemarket evangelists who are still there.

Data Centers: NIMBY?

There are many controversial uses of land, one of which is data centers. And most of us use them.

When I use SaaS resources or generative AI tools, I’m making use of a data center…somewhere. For example, when I created the image at the top of this post with Google Gemini…and when I uploaded this post to WordPress so you could read it.

But what if the data center was next door to ME? Would I feel differently about data center use?

Warren County, Virginia (Front Royal) is more rural than other counties in the state, such as Fairfax County. And someone is proposing a data center in Warren County.

This prompted a letter to the editor from Cara Aldridge Young, a former high school classmate of mine. (And a talented editor herself, if your company needs one.) Young examined the negatives surrounding data centers:

“Data centers are not quiet, invisible neighbors. They are warehouse-scale buildings surrounded by substations, transmission lines, backup generators, cooling systems, security fencing, and 24-hour lighting. They require enormous amounts of electricity and millions of gallons of water for cooling. In a county that has already experienced drought restrictions and ongoing grid concerns, it’s fair to question whether we are equipped to support that scale of development without long-term environmental and infrastructure consequences.”

I don’t have a feel how Warren County will respond to this request; I haven’t visited Front Royal in decades. But Young presumably isn’t the only resident with concerns about power, water, and the environment.

But I’m sure there are counties that would welcome the economic development, the tax revenue, and the jobs. (Well, not that many jobs.)

On my side of the country, the big infrastructure concern is warehouses, such as the Amazon distribution center in Eastvale, California.

One of Amazon’s buildings in Eastvale, California.

But at least warehouses employ people.

IPOs New and Old (ROC, Printrak)

Earlier this morning, ROC (formerly Rank One Computing) made an announcement:

“#ROC announces the pricing of its Initial Public Offering of 4,000,000 shares of its common stock at a public offering price of $6.00 per share, which was the high end of the range, for total gross proceeds of $24 million, before deducting underwriting discounts and commissions and other offering expenses.”

Six dollars a share doesn’t seem that impressive, but all companies have to start somewhere. If I recall correctly, Printrak’s price was in that range when it started public trading (under the then-trendy ticker “AFIS“) back in 1996.

ROC was able to secure its preferred ticker “ROC.” (Sorry Alcatraz.) And the stock is already trading; see Yahoo Finance for the latest movements.

Incidentally, I should state my views on the success of an IPO.

  • Many think that if a stock is initially priced at $6.00, and the price zooms to $100 by the end of the day, the IPO is a success.
  • I maintain that it’s a failure. A company wants to maximize its revenue, and if the stock was truly worth $100, it should have priced its IPO at $100 to realize maximum revenue.
  • Conversely, if the stock opens at $6 and the end of day price is at about that level, then the IPO is a success because the company received the maximum revenue.
  • Needless to say this doesn’t take employee holdings into account. But if the goal is to maximize IPO revenue, then a price that DOESN’T shoot up is a sign of success.

Digital Identity: Endorsed, Or Bestowed?

Joel R. McConvey’s recent article in Biometric Update made my head spin.

“Utah’s state legislature has voted unanimously to pass SB 275, the State-Endorsed Digital Identity Program Amendments bill. The law makes Utah unique among states, in that it defines identity as something that is inherent to a person and endorsed by the state rather than bestowed by the state.

“The distinction has implications for discussions about data sovereignty – who gets to control a person’s personal information – as well as for other states pursuing digital identity programs.”

Endorsed? Bestowed? What’s up? An earlier McConvey article quotes from Utah’s Chief Privacy Officer Christopher Bramwell:

“Part of Utah’s history,” Bramwell says – “why we care so much about privacy, and this does translate directly to digital identity – is when pioneers came to Utah, it was literally for autonomy, and it was to be left alone to live their life according to the dictates of their heart. That’s why many people came to America, whether as pilgrims or pioneers or immigrants: because you want something better and you want to do it according to your conscience.”

For those whose history is rusty, Bramwell is referring to the migration of the Mormons out west. As he points out, the Mormons are not the only ones in U.S. history who came to a new land to enjoy freedom from the perceived oppressive state. The original inhabitants of Massachusetts, Rhode Island, Maryland, and Pennsylvania also fall within this tradition.

Bramwell continues:

““And that’s a lot of what we’re talking about with digital ID. You need to engage in the free market, but do it according to your choice without being tracked, without being surveilled, without undue influence on how you’re operating. So you can live your life in the digital realm according to the dictates of your heart and how you and your family see fit.”

“Our approach is to separate identity from any privileges or licenses that are given by government. Identity should be separate, so that it is not something that there’s any reason to ever take away.”

But this is not just a religious issue, as the American Civil Liberties Union points out.

“The philosophical underpinning of the state’s SEDI concept is that “identity” is not something bestowed by the state, but that inherently belongs to the individual; the state merely “endorses” a person’s ID.”

Of the six major underpinnings of SEDI, the third is of interest here:

“Individual control,” in which the state throws its weight behind a movement known as “user-centric” or “self-sovereign” identity, that strives to ensure that government identification systems are used to empower individuals, not to control them.

So what does self-sovereign, endorsed identity mean from a legal standpoint? Let’s look at the opening section of the most recent bill, Utah’s SB 275:

63A-20-101. Digital identity bill of rights.

The following rights constitute the digital identity bill of rights in this state:

(1)An individual possesses an individual identity innate to the individual’s existence and independent of the state, which identity is fundamental and inalienable.

(2)An individual has a right to the management and control of the individual’s digital identity to protect individual privacy.

(3)An individual has a right to choose, receive, and use a physical form of identity assertion that is endorsed by the state.

(4)An individual has a right to not be compelled by the state to possess, use, or rely upon a digital form of identity assertion in place of a physical form of identity assertion that is endorsed by the state.

(5)An individual has a right to state endorsement of the individual’s digital identity upon meeting objective, uniform standards for eligibility and verification established by law, and a right to not have such endorsement arbitrarily or discriminatorily withheld or revoked.

(6)An individual has a right to have the state’s operation of digital identity systems governed by clear standards established by the Legislature, including for eligibility, issuance, endorsement, acceptance, revocation, or interoperability of digital identityassertions.

(7)An individual has a right to transparency in the design and operation of a state digital identity, including the right to access, read, and review the standards and technical specifications upon which the state digital identity is built and operates.

(8)An individual has the right to choose what identity attributes are disclosed by the individual’s state digital identity in accordance with standards established by theLegislature.

(9)An individual has the right to any service or benefit to which the individual is otherwise lawfully entitled based on the individual’s choice of a lawful format or means of identity assertion without denial, diminishment, or condition.

(10)An individual has a right to be free from surveillance, profiling, tracking, or persistent monitoring of the individual’s assertions of digital identity by the state, except as authorized by law.

(11)An individual has a right to not be required by the state to surrender the individual’s device in order to present the individual’s digital identity.

Of course, once you leave the state of Utah and reside in another state, that state will BESTOW an identity upon you.

And while this controls what the state of Utah can do, it does not apply to a FEDERAL digital identity, such as a future digital U.S. passport.

Bash Script Vulnerabilities

I can’t say WHY I’m looking at bash script vulnerabilities, but they’ve been around since…well, this Kaspersky article is based upon CVE-2014-6271.

The “bash bug,” also known as the Shellshock vulnerability, poses a serious threat to all users. The threat exploits the Bash system software common in Linux and Mac OS X systems in order to allow attackers to take potentially take control of electronic devices. An attacker can simply execute system level commands, with the same privileges as the affected services….

“But just imagine that you could not only pass this normal system information to the CGI script, but could also tell the script to execute system level commands. This would mean that – without having any credentials to the webserver – as soon as you access the CGI script it would read your environment variables; and if these environment variables contain the exploit string, the script would also execute the command that you have specified.”

An authorization nightmare as a hostile non-person entity runs amok.

And it’s still a threat, as two recent CVEs attest…and that’s all I’ll say.

Today’s Acronym is PADFAA. And It Has Nothing To Do With Liveness Detection or Airplanes.

TAA.

Too many acronyms.

And this one, PADFAA, sounds like a mashup of presentation attack detection and the Federal Aviation Administration.

It isn’t.

PADFAA stands for the “Protecting Americans’ Data from Foreign Adversaries Act of 2024.”

So while it doesn’t involve PAD or the FAA, it does involve PII (personally identifiable information) and the FTC (Federal Trade Commission).

“The Federal Trade Commission sent letters to 13 data brokers warning them of their responsibility to comply with the Protecting Americans’ Data from Foreign Adversaries Act of 2024 (PADFAA).

“PADFAA prohibits data brokers from selling, releasing, disclosing, or providing access to personally identifiable sensitive data about Americans to any foreign adversary, which include North Korea, China, Russia, and Iran, or any entity controlled by those countries. The law defines personally identifiable sensitive data to include health, financial, genetic, biometric, geolocation, and sexual behavior information as well as account or device log-in credentials and government-issued identifiers such as Social Security, passport, or driver’s license numbers.”

Although frankly it’s not a good idea to sell PII to our friends either, but that’s another topic.