Biometric (and other) authentication CAN be spoofed…but it isn’t easy

A few days ago, Liam Tung of ZDNet wrote an article entitled “Windows 10 security: Here’s how researchers managed to fool Windows Hello.”

Those who read the title of the article may conclude that biometrics is a terrible authentication method because it can be spoofed.

Just a picture of candy. Nothing special. By Jebulon – Own work, CC0, https://commons.wikimedia.org/w/index.php?curid=27753729

Well, until they come to the third paragraph of the article.

The attack is quite elaborate and would require planning, including being able to acquire an infrared (IR) image of the target’s face and building a custom USB device, such as a USB web camera, that will work with Windows Hello. The attack exploits how Windows 10 treats these USB devices and would require the attacker to have gained physical access to the target PC.

Of course, if the target is a really important target such as a world leader, it might be worth it to go to all of that effort to execute the attack.

However, the difficult attack would be much more difficult to execute if the authentication system required multiple biometrics, rather than just one.

And the attack would be even more difficult still if the authentication system employed multiple authentication factors, rather than the single “something you are” factor. If you have to spoof the fingerprint AND the face AND the driver’s license AND the five digit PIN AND the geolocation, and you don’t know in advance WHICH factors will be requested, it’s still possible to gain access, but it’s not easy.

(Bredemarket Premium) Getting competitive proposals WITHOUT submitting a FOIA request

One of the best ways to get competitive intelligence on a competitor is to request the competitor’s response to a government agency procurement, such as a proposal submitted in response to a Request for Proposal. This is done by submitting a request via the Freedom of Information Act (FOIA) or equivalent.

One note: this technique primarily applies to government agency procurements, since governments are often required by law to disclose this information. Bids submitted to private entities usually remain private.

Of course, actually getting the competitor’s response isn’t easy.

  • First, you have to submit the request in the proper format.
  • Second, you have to be detailed in what you are requesting, and you need to request everything that you want: the actual proposal itself, any follow-up correspondence such as a best and final offer, the agency’s evaluation score, and everything else. If you only request the original proposal, the agency is only obligated to provide the original proposal, and nothing else.
  • Third, you have to wait for the agency to prepare a copy of the proposal. Depending upon applicable law, the bidder may be able to redact portions of the proposal, and it usually takes some time for the agency and the bidder to agree on what can legally be redacted.
  • Fourth, you may have to pay (usually on a per-page basis) to receive the materials.

This entire process may take several months, and you can’t even request the material until after the procurement has been awarded, or perhaps contracted.

But guess what? You don’t always have to submit a FOIA-like request to get a copy of a proposal submitted to a government agency.

By Neep at the English-language Wikipedia, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=3309749

And no, you don’t have to break the law; these proposals (and other valuable documents) can be obtained legally and ethically.

Subscribe to get access

Read more of this content when you subscribe today.

Subscribe to Bredemarket Premium to access this premium content.

  • Subscriptions just $5 per month.
  • Minimum 4 posts per month.
  • Access Bredemarket’s expertise without spending hundreds or thousands of dollars.

I just re-rejoined the Association of Proposal Management Professionals. So what?

Remember my Tuesday post about the controversy regarding the possible name change of the Association of Proposal Management Professionals to the Association of Winning Business Professionals? And how the upcoming Denver conference of the organization (whatever its name is by October) might be…interesting?

By Billy Hathorn – Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=11357434

Anyway, it turns out that I will have an inside view of all the brouhaha.

Why?

Because I have rejoined (actually RE-rejoined) the Association of Proposal Management Professionals. (Or at least that’s what the organization is called right now. The name may change, of course.)

Why does my renewed membership in the Association of Proposal Management Professionals matter to Bredemarket clients? And how can it benefit those who DON’T use Bredemarket for proposal services?

I’ll tell you why/how in this post.

So I re-rejoined the APMP

As I previously noted, this will be my third term as a member of the APMP (or, membership Version 3.0).

Covers from early APMP conference booklets, including the cover for the conference that I attended in San Diego in 1999. From https://www.apmp.org/page/ConferenceArchive
  • I initially joined the APMP while I was a proposal writer at Printrak, but I let my membership lapse when I became a product manager. I couldn’t justify having my employer pay for a proposal organization membership when I was a product manager who only occasionally contributed to proposals. (Although some of those proposals, such as West Virginia’s first state AFIS, were critical to the company.)
  • I subsequently rejoined the APMP when the initial MorphoTrak corporate reorganization resulted in my move from product management to proposal management. After joining in 2012, I (again) let my membership lapse in 2015 after I became a strategic marketing manager, because (again) I couldn’t justify having my employer pay for a proposal organization membership when I was a marketing manager who only occasionally contributed to proposals. (Although some of those proposals, such as Michigan’s first cloud AFIS, were critical to the company.)

Obviously, back in those days corporate reimbursement for professional memberships depended upon the policies of the corporation in question. Well, now I’m not an employee of a large corporation, so I don’t have to justify my memberships to a corporate supervisor or accountant. Instead, as a sole proprietor I have to justify my memberships to myself (and the Internal Revenue Service, and the California Franchise Tax Board).

And since much of Bredemarket’s consulting revolves around proposal services, it makes sense for me to re-rejoin the APMP.

But it turned out that I couldn’t just send money to the APMP and be done with it. As an ex-member, there was an additional step involved.

If you are a former member but cannot access your account, PLEASE: Do not register as a new member….If you cannot access your past email address, contact our Member Services team (or call +1 866/466-2767, then dial 0). Within one business day (or sooner), you will receive a link with which you can pay for a new membership using your existing account.

So I contacted APMP’s Member Services team, who associated my lapsed membership with my NEW email address.

And I paid my dues, time after time, I’ve done my sentence but committed no crime…whoops, I seem to have digressed from the discussion of my new APMP membership. But in my defense, I’m not the first to associate the old Queen song with the APMP.

Anyway, I’m now an APMP member…again.

Just call me 3143. (Want to fire up a copy of Microsoft Word 97 while you do that?)

The one big difference between APMP Membership Version 3.0 and Versions 1.0 and 2.0 is that these days I am not EXCLUSIVELY dedicated to proposals. After all, I am not only the (self-styled) biometric proposal writing expert, but also the biometric content marketing expert. (With similar expertise in marketing and writing for technology firms and general business firms.)

In fact, I guess you could say that I am a general expert in…winning business.

So what?

Since I spend so much of my time talking about benefits, I’m sure that some Bredemarket clients are asking about the benefits to THEM of my APMP/AWBP/whatever membership. Yes, this internal dialogue is taking place with some of you right now.

ME: “I am a member of the Association of Proposal Management Professionals again!”

YOU: “So what?”

Yours truly in a small group (I’m on the right) at the 2014 APMP Bid & Proposal Con in Chicago. Photo source: the gallery at https://www.apmp.org/events/event_photos.asp?eid=379324&id=130518 Fair use.

To answer this, I’ll state that my APMP membership will benefit my clients because I can provide them with superior services—superior proposal services, AND superior non-proposal services—that will help my clients to, um, win business. (As you’ve probably already noticed, I’ve found myself using those words a lot over the last few weeks.) My renewed affiliation with APMP will reintroduce me to beneficial outside education, general knowledge, and contacts.

  • For my Bredemarket clients who depend upon me for proposal support, the benefits are obvious. The things that I learn (and relearn) from APMP will help me provide better contributions to my clients’ proposals, hopefully helping the clients secure more proposal awards and business.
  • But there are benefits for my Bredemarket clients who DON’T depend upon me for proposal support, but instead depend upon me for content marketing or other marketing and writing services. The same strategies and tactics that contribute to a more effective proposal can be extrapolated to apply to other areas, thus contributing to better white papers, better case studies, better blog posts, better social media posts, better marketing plans, etc., etc., etc. Again, this can help my clients win business.

We’ll have to see exactly HOW my APMP membership directly benefits my Bredemarket clients.

Stay tuned.

How can small and smaller businesses market themselves?

While Bredemarket sends its solicitations to a (targeted) group of businesses, Bredemarket itself receives solicitations from other businesses. However, sometimes it seems that the solicitations that I receive aren’t targeted that well.

(Of course, perhaps some of the recipients of my solicitations would claim that my targeting attempts are also deficient, so I should watch out about casting stones.)

If you ignore the completely off-the-wall solicitations that I receive, some of the more serious solicitations just do not match Bredemarket’s needs.

For example, I’ve received at least one pitch from a company that offers to provide all of the human resources services that Bredemarket needs for a low monthly fee.

By Alan Cleaver from Whitehaven, United Kingdom – Interview, CC BY 2.0, https://commons.wikimedia.org/w/index.php?curid=57309901

A fine service to be sure…but since Bredemarket is a sole proprietorship that doesn’t engage other people as either employees or subcontractors, a human resources service would be overkill.

The United States Small Business Administration (SBA) defines a “small business” as a company with fewer than 1,500 employees and an average of $38.5 million in average annual receipts. My one-person company certainly has fewer than 1,500 employees, and I’m probably not revealing any confidential information when I say that Bredemarket’s average annual receipts are less than $38.5 million.

So I guess Bredemarket is a “very” small business.

But there are even smaller businesses.

Nano-small businesses of the past

Just to put things into perspective, Bredemarket has a city business license, has filed a fictitious business name statement with San Bernardino County, has a published address at which it receives mail, has received an Employer Identification Number from the Internal Revenue Service (IRS), and files quarterly estimated taxes with both the IRS and California’s Franchise Tax Board.

Years ago, I operated a much smaller business that didn’t have any of those things.

Specifically, I was a paperboy.

Several decades before my time, but you get the drift. By Ruddy, Marjorie Georgina (1908-1980) – Whitby Public Library, Reference No. ruddymg_050_002, Public Domain, https://commons.wikimedia.org/w/index.php?curid=4548723

Way back in the Dark Ages (before the Kardashian/Jenner women became famous independent of O.J. Simpson), newspapers were delivered by people under the age of 18. These days, the few physical newspaper deliveries that I see are performed by adults driving cars and throwing papers out the window. Former papergirl Molly Snyder explains the shift:

The shift in carriers’ age was due partly to the disappearance of evening newspapers that provided student-friendly delivery times. The accessibility of internet news, growing concerns for the safety of un-escorted kids, and new distribution procedures also affected the change.

“To remain profitable, we phased out the ‘neighborhood shacks’ and home drop offs and migrated to larger distribution centers dealing solely with adult distributors,” said Ronald Zinda, distribution supervisor for the Milwaukee Journal Sentinel of 45 years.

Nano-small businesses of the present

Even with the disappearance of paperpeople, there are a number of jobs today that fly under the radar of the Internal Revenue Service, city business license departments, and other government regulatory bodies. Here are a few examples; while some of these types of business may actually comply with government reporting requirements, many of them don’t.

By Nalbarian – Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=95136303
  • The person on the street corner selling fruit treats.
  • The person on the street corner selling flowers.
  • The teenager who comes up to your door selling candy for a school club, a sports team, or as part of a supposed program to keep kids out of trouble by having them walk around neighborhoods and sell stuff after dark.
  • The person who sells homemade crafts.

Bredemarket can’t really serve these nano-small businesses. When your products (fruit treats, flowers, or whatever) only cost a few dollars, you’re not going to pay Bredemarket hundreds of dollars to create content for your website or social media outlet. In fact, you probably don’t even HAVE a website or a social media outlet.

Which businesses NEED Bredemarket’s services?

Let’s move up a step and look at small businesses that have an established online identity, do their best to comply with business requirements, and meet the IRS definition of a (non-hobby) ongoing concern.

Now any of those businesses COULD use Bredemarket’s services…but many of them don’t NEED Bredemarket. A number of small businesses are doing just fine in meeting their business goals, and are perfectly capable of taking care of the written communications necessary to keep the business profitable.

But what about the businesses that have particular goals that they can’t meet? Specifically, what about businesses that need targeted, regular online content to make customers aware of the business, but the business owners don’t have the time (or the inclination) to create the necessary online content?

By Unknown author – postcard, Public Domain, https://commons.wikimedia.org/w/index.php?curid=7691878

If you own a business and need a consultant to help you create online content for your website, your Facebook or LinkedIn page, or for another communication method (even paper), Bredemarket can help. My “What I Do” page lists the types of written content that I can create for your business, including both short length (400-600 word) and medium length (2800-3200 word) content. (No, I don’t author individual tweets, but I guess I could author a thread if you like.)

If you’re interested in using my marketing and writing services, talk to me. I can collaborate with you to ensure that your business goals are met and your business messages are disseminated.

My minority opinion on the APMP-AWBP brouhaha

About a month ago, the Association of Proposal Management Professionals posted this video on its YouTube channel.

It did not go over well.

Before discussing what the video said and why it’s controversial, I’ll explain my perspective on proposals, which helps to explain why I am happier about the move than some other people.

My five year itch, times two

Back in the summer of 1994 I had left my previous job and was consulting when I learned about an opportunity to write proposals for a company called Printrak. I had never written a proposal before, and the one Request for Proposal (RFP) that I had written basically consisted of a long checklist for which prospective vendors indicated what they could and couldn’t do. (Some vendors checked every box without reading them. None of them won the bid.)

I didn’t get that consulting opportunity, but Printrak had a second opportunity later in the year and I got that one. (Yes, proposal manager Laurel Jew was so outstanding that it took two people to replace her when she went on maternity leave.)

As it turned out, both myself and the other consultant ended up becoming employees at Printrak, and (if I may say so myself) valuable members of Printrak’s Proposals Department. The company was winning bids, and after a few years I joined the Association for Proposal Management Professionals, eventually going to the San Diego conference.

But after five years, I got an itch. (Five years, not seven years.)

By Published by Corpus Christi Caller-Times-photo from Associated Press – Corpus Christi Caller-Times page 20 via en:Newspapers.com, Public Domain, https://commons.wikimedia.org/w/index.php?curid=37860629

I began to feel that there were limitations in proposals. The process that LEADS to a proposal is a long process; those familiar with the 96-step Shipley Business Development Process know that the Request for Proposal isn’t even released until around step 64. Yet in most cases, the proposals team didn’t even get involved until step 64, when the salesperson announced, “Hey, here’s an RFP. Win it.”

I wanted to move to the left of the timeline.

So I became a product manager.

I was a product manager for about a decade, but due to a corporate reorganization, I landed back in Proposals again. I enjoyed the work, and got to manage proposals for some new products, including my company’s first cloud solutions. My APMP membership had long since lapsed, but I rejoined the organization, ending up at the Chicago conference. I also participated in local chapter events, first via ESRI headquarters in Redlands, and later at my own company’s headquarters in Anaheim.

But after five years…I got the itch again.

This time I ended up in strategic marketing, and also performed significant work in product marketing, event marketing, and later competitive analysis and corporate strategy.

After leaving IDEMIA, I’ve found myself doing a variety of things, some of which involves proposal work. In some cases I’ve been confined to responding to RFPs or writing sole source letters, but at other times I’ve been able to perform more strategic duties that affect in the long term how companies…um, win business.

So from my perspective, the name change of the Association of Proposal Management Professionals to the Association of Winning Business Professionals appealed to me. There are a variety of ways to win business, and proposals is just one of them. From my perspective, it even tied in to past APMP efforts, including the 2013 creation of the Center for Business Development Excellence.

So I was delighted with the news.

But others weren’t.

The majority opinion on the APMP-ABWP brouhaha (but is it truly the majority?)

In this section of my post, I will be quoting liberally from a petition entitled “Call to stop rebranding and to commission an external audit.”

Note that this isn’t just a call to stop the rebranding. It’s one thing to object to an organization’s decision. It’s another thing when there’s a demand for “an external audit.” Money talks.

This is the expressed opinion of a number of APMP members. As you’ll see below, it’s not necessarily the opinion of ALL of the APMP members. Nevertheless, the petition writers are not happy.

To set the stage, the video at the beginning of my blog post appeared with great fanfare on June 21….and appears to be a surprise to the petition writers and the APMP members in general.

The APMP Board of Directors (BoD) led by the CEO (‘the Leadership Team’) has attempted to change APMP’s long-established name, brand, and positioning – the name change undermines the very purpose of the organization and the voluntary work that many of us have done over more than 20 years to promote the profession of proposal management….They announced this fundamental ‘rebrand’ through a faceless, poorly crafted 2-minute-video on social media. When members began airing their concerns on the very same platforms, the Leadership Team largely refused to openly address these concerns.

For what it’s worth, that original 2-minute video currently has 6 likes and 23 dislikes. Not a huge sample, but clearly those 29 people who chose to express an opinion expressed a negative one.

Incidentally, as of today, the most recently posted minutes for the Board of Directors dates from March 2021. The rebrand was NOT mentioned in those minutes.

By June 24 (three days after the original 2-minute video announcement) another video was posted to the APMP account, announcing a “pause” in the rebranding and the establishment of a “brand transition council.”

That video currently has 36 likes and 4 dislikes. Of course, it’s impossible to tell whether people liked it because of the promise of more deliberation, or that the people liked it because they hoped that the APMP would stay the APMP.

But wait, there’s a more!

A new video was posted on June 28, with twice the number of speakers (Rick Harris joined Krystn Macomber). Macomber repeated her comments from June 24, and Harris emphasized this, while using the words “moving forward” to describe where the APMP (or whatever it will be called) is going.

That video currently has 16 likes and 2 dislikes. The one thing that you can conclude from this is that there is now YouTube fatigue from all of these videos being posted.

But the positive reactions (albeit in limited numbers) to the most recent videos didn’t stop the petitioners from developing their petition.

Even after the members voted “no” to the proposed name change, the Leadership Team wants the Brand Transition Council to come up with suggestions on next steps to find a ‘compromise middle ground solution’. The survey results and the reaction of a large number of members on social media channels should be enough to illustrate to the leadership that this proposed change is ill-considered and ill-judged to say the least.

The petition goes on to request “an immediate and complete stop of the entire rebranding initiative for at least 1 year,” and also requests that the Brand Transition Council appoint an independent auditor. (It’s not exactly clear how the Brand Transition Council can do anything if all rebranding activities are being stopped, but that’s a semantic quibble. And why should proposal/winning business professionals care about semantics?)

As of now, the petition has 185 signatures.

As of 2019. the APMP had 9,487 members. Even if all the YouTube likes, LinkedIn votes. and petition signatures are all added up, the vast majority of the thousands of APMP members has not expressed ANY opinion on the issue.

It’s a safe bet that a large number of the members aren’t aware of either the proposed name change or the controversy surrounding it, since they’re busy…writing proposals and winning business (in one order, or in the opposite order).

But as more and more members hear about the controversy, I expect that there will be renewed interest in this October’s Bid & Proposal Con in Denver.

By Billy Hathorn – Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=11357434

This year’s conference will be…interesting.

The multiple self interests of AFIS customers and vendors

In a prior post, I spent some time identifying the multiple stakeholders at a city police department (in my example, my hometown of Ontario, California) that is procuring an automated fingerprint identification system.

By Coolcaesar at the English-language Wikipedia, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=15739992

If I may recycle what I previously said, here are those stakeholders:

  • The field investigators who run across biometric evidence at the scene of a crime, such as a knife with a fingerprint on it or a video feed showing someone breaking into a liquor store.
  • The examiners who look at crime scene evidence and use it to identify individuals.
  • The people who capture biometrics from arrested individuals at livescan stations.
  • The information technologies (IT) people who are responsible for ensuring that Ontario, California’s biometric data is sent to San Bernardino County, the state of California, perhaps other systems such as the Western Identification Network, and the Federal Bureau of Investigation.
  • The purchasing agent who has to make sure that all of Ontario’s purchases comply with purchasing laws and regulations.
  • The privacy advocate who needs to ensure that the biometric data complies with state and national privacy laws.
  • The mayor (Paul Leon as I write this), who has to deal with angry citizens asking why their catalytic converters are being stolen from their vehicles, and demanding to know what the mayor is doing about it.
  • Probably a dozen other stakeholders that I haven’t talked about yet, but who are influenced by the city’s purchasing decision.

Why is this important? And who are the multiple stakeholders OUTSIDE of the city police department?

Subscribe to get access

Subscribe to Bredemarket Premium to access this premium content.

  • Subscriptions just $5 per month.
  • Minimum 4 posts per month.
  • Access Bredemarket’s expertise without spending hundreds or thousands of dollars.

The ITIF, digital identity, and federalism

I just read an editorial by Daniel Castro, the vice president of the Information Technology and Innovation Foundation (ITIF) and director of the Center for Data Innovation. The opinion piece, published in Government Technology, is entitled “Absent Federal IDs, Digital Driver’s Licenses a Good Start.”

You knew I was going to comment on this one.

Why Daniel Castro supports a national digital ID

Let me allow Castro to state his case.

After Castro identifies the various ways in which people prove identity online, and the drawbacks of these methods, here’s what Castro says about the problem that needs to be addressed:

…poor identity verification is one of the reasons that identity theft is such a growing problem as more services move online. The Federal Trade Commission received 1.4 million reports of identity theft last year, double the number in 2019, with one security research firm estimating $56 billion in losses.

Castro then goes on to state his ideal solution:

The best solution to this problem would be for the federal government to develop an interoperable framework for securely issuing and validating electronic IDs and then direct a federal agency to start issuing these electronic IDs upon request. 

Castro then notes that the federal government has NOT done this:

But in the absence of federal action, a number of states have already begun this work on their own by creating digital driver’s licenses that provide a secure digital alternative to a physical identity document.

Feel free to read the rest of the story.

“Page two.” By Shealah Craighead – The original was formerly from here and is now archived at georgewbush-whitehouse.archives.gov., Public Domain, https://commons.wikimedia.org/w/index.php?curid=943922

But for me I’m going to stop right there.

Why Americans oppose mandatory national physical and digital IDs

Castro’s proposal, while ideal from a technological standpoint, doesn’t fully account for the realities of American politics.

Many Americans (regardless of political leanings) are strongly opposed to ANY mandatory national ID system. For example, many Americans don’t want our Social Security Numbers to become mandatory national IDs (even though they are de facto national IDs today). And while the federal government does issue passports, it isn’t mandatory that people GET them.

And many Americans don’t want state driver’s licenses to become mandatory national IDs. I went into this whole issue in great detail in my prior post “How 6 CFR 37 (REAL IDs) exhibits…federalism,” which made the following points:

  1. States are NOT mandated to issue REAL IDs. (And, no citizen is mandated to GET a REAL ID.)
  2. The federal government CAN mandate which IDs are accepted for federal purposes.
  3. Because the federal government can mandate the IDs to use when entering a federal facility or flying at a commercial airport, ALL of the states were eventually “persuaded” to issue REAL IDs. (Of course, it has take nearly two decades, so far, for that persuasion to work, and it won’t work until 2023, or later.)

So, considering all of the background regarding the difficulties in mandating a national PHYSICAL ID, imagine how things would erupt if the federal government mandated a national DIGITAL ID.

It wouldn’t…um…fly.

Transportation Security Administration Checkpoint at John Glenn Columbus International Airport. By Michael Ball – Own work, CC0, https://commons.wikimedia.org/w/index.php?curid=77279000

And this is why some states are moving ahead on their own with mobile driver’s licenses.

LA Wallet Louisiana Digital Driver’s License. lawallet.com.

However, there’s a teeny tiny catch: while the states can choose to mandate that their mDLs be accepted at the STATE level, states cannot mandate that their digital identities be used for FEDERAL purposes.

Here we go again.

Of course, federal government agencies are starting to look at the issues with a mobile version of a “REAL ID,” including the standard(s) to which any mobile ID used for federal purposes must adhere.

Improving Digital Identity Act of 2020, or 2021, or 2025…

While the government agencies are doing this work, another government agency (the U.S. Congress) is also working on this. Castro mentions Rep. Bill Foster’s H.R. 8215, introduced in the last Congress. I’m not sure why he bothered to introduce it in September 2020, when Congress wasn’t going to do anything with it. As you may have heard, we had an election at that time.

Of course, he just reintroduced it last month, so now there’s more of a chance that it will be considered. Or maybe not.

Regardless, the “Improving Digital Identity Act” proposes the creation of a task force at the federal level with federal, state participants, and local participants. It also mandates that NIST create a digital identity “framework,” with an interim version available 240 days after the Act is passed. Among other things, the ACT also mandates that NIST Special Publication 800-63 become “binding operational directives” for federal agencies.

(Does that mean that it will be illegal to mandate password changes every 90 days? Woo hoo!)

Should this Act actually pass at some point, its directives will need to be harmonized with what the Department of Homeland Security is already doing, and of course with what the states are already doing.

Oh, and remember my reference to the DHS’ work in this area? Among those who have submitted verbal and/or written comments, several (primarily from privacy organizations) have stated that the government should NOT be promoting ANY digital ID at all. The sentiments in this written comment, submitted anonymously, are all too common.

There are a lot of security and privacy concerns with accepting digital ID’s. First and foremost, drivers licenses contain a lot of sensitive information. If digital ID’s are accepted, then it could potentially leak that info to hackers if it is not secured properly. Plus, there is the added concern that using digital ID’s will lead to extra surveillance where unnecesary. Finally, digital ID will not allow individuals who are poorer to be abele to submit an ID because they might not have access to the same facilities. I am strongly against this rule and I do NOT think that digital ID should be an option.

I expect other privacy organizations to submit comments that may be better-written, but they echo the same sentiment.

Pangiam, CLEAR, and others make a “sporting” effort to deny (or allow) stadium access

Back when I initially entered the automated fingerprint identification systems industry in the last millennium, I primarily dealt with two markets: the law enforcement market that seeks to solve crimes and identify criminals, and the welfare benefits market that seeks to make sure that the right people receive benefits (and the wrong people don’t).

Other markets simply didn’t exist. If I pulled out my 1994-era mobile telephone and looked at it, nothing would happen. Today, I need to look at my 2020-era mobile telephone to obtain access to its features.

And there are other biometric markets also.

Pangiam and stadium bans

Back in 1994 I couldn’t envision a biometrics story in Sports Illustrated magazine. But SI just ran a story on how facial recognition can be used to keep fans out of stadiums who shouldn’t be there.

Some fans (“fanatics”) perform acts in stadiums that cause the sports teams and/or stadium authorities to officially ban them from the stadium, sometimes for life.

John Green is the man in the blue shirt and white baseball cap to Artest’s left. By Copyright 2004 National Basketball Association. – Television broadcast of the Pacers-Pistons brawl on ESPN., Fair use, https://en.wikipedia.org/w/index.php?curid=6824157

But in the past, these measures were ineffective.

For a long time, those “measures” were limited at best. Fans do not have to show ID upon entering arenas. Teams could run checks on all the credit cards to purchase tickets to see whether any belonged to banned fans, but those fans could easily have a friend buy the tickets. 

But there are other ways to enforce stadium bans, and Sports Illustrated quoted an expert on the matter.

“They’ve kicked the fan out; they’ve taken a picture—that fan they know,” says Shaun Moore, CEO of a facial-recognition company called Trueface. “The old way of doing things was, you give that picture to the security staff and say, ‘Don’t let this person back in.’ It’s not really realistic. So the new way of doing it is, if we do have entry-level cameras, we can run that person against everyone that’s coming in. And if there’s a hit, you know then; then there’s a notification to engage with that person.”

This, incidentally, is an example of a “deny list,” or the use of a security system to deny a person access. We’ll get to that later.

But did you notice the company that was mentioned in the last quote? I’ve mentioned that company before, because Trueface was the most recent acquisition by the company Pangiam, a company that has also acquired airport security technology.

But Pangiam/Trueface isn’t the only company serving stadium (and entertainment) venues.

CLEAR and stadium entry

Most of the time, sports stadiums aren’t concentrating on the practice of DENYING people entry to a stadium. They make a lot more money by ALLOWING people entry to a stadium…and allowing them to enter as quickly as possible so they can spend money on concessions.

One such company that supports this is CLEAR, which was recently in the news because of its Initial Public Offering. Coincidentally, CLEAR also provides airport security technology, but it has branched out from that core market and is also active in other areas.

For example, let’s say you’re a die-hard New York Mets fan, and you head to Citi Field to watch a game.

By Chris6d – Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=101751795

The Mets don’t just let anyone into the stadium; you have to purchase a ticket. So you need to take your ticket out of your pocket and show it to the gate staff, or you need to take your smartphone out of your pocket and show your digital ticket to the gate staff.

What if you could get into the stadium without taking ANYTHING out of your pocket? Well, you can.

In the CLEAR Lane, your fingerprint is all you need to use tickets in your MLB Ballpark app – no need to pull out your phone or printed ticket as you enter the game.

Now that is really easy.

Pangiam and CLEAR aren’t the only companies in this space, as I well know. But there’s the possibility that biometrics will be used more often for access to sports games, concerts, and similar events.

How and why a company should use LinkedIn showcase pages

This post explains what LinkedIn showcase pages are, how Bredemarket uses LinkedIn showcase pages, and (a little more importantly) how YOUR company can use LinkedIn showcase pages.

What are LinkedIn showcase pages?

LinkedIn offers a variety of ways to share information. Two of those ways are as follows:

  • A personal LinkedIn page. This allows an individual to share their job history and other information. Here’s an example.
  • A company LinkedIn page, which contains information about a company, including “about” details, jobs, employees, and other facts. Here’s another example.

A third method is a LinkedIn showcase page. This is tied to a company page, but rather than telling EVERYTHING about the company, a showcase page allows the company to zero in on a PARTICULAR aspect of the company’s product/service offering.

How Bredemarket uses LinkedIn showcase pages

Most companies, even very small ones like Bredemarket, can segment their products and services in various ways. In Bredemarket’s case, the company offers some prepackaged services, such as a “short writing service” and a “medium writing service.”

However, it didn’t make sense for me to segment my services in this way. The people who are interested in 400 word written content are not dramatically different from the people who are interested in 2800 word written content. So instead of segmenting by service, I chose to segment by market.

I started by addressing one of my potential markets, the identity market (biometrics, secure documents, and other identity modalities). Back in November, I created a Bredemarket Identity Firm Services showcase page on LinkedIn, which eventually became a place for me to share information about the identity industry, both content generated by me and content generated by others.

Bredemarket Identity Firm Services on LinkedIn. https://www.linkedin.com/showcase/bredemarket-identity-firm-services/

Since then I’ve expanded my offerings. On LinkedIn, I presently have TWO showcase pages, one concentrated on the identity market, and one concentrated on the more general technology market.

Bredemarket Technology Firm Services on LinkedIn. https://www.linkedin.com/showcase/bredemarket-technology-firm-services/

These concentrations made the most sense to me, although I could segment even further if I chose to do so (separate showcase pages for fingers and palms, anyone?).

An aside for Facebook users

Incidentally, you can perform similar segmentation in Facebook. In Facebook terms, you can have a page associated with a particular company, and then (rather than showcase pages) you can have groups that link to the company page and delve into topics in more detail.

So Bredemarket (which is committed to disseminating information via multiple communication streams; see my goal number 3 here) has Facebook groups that are somewhat similar to the Bredemarket LinkedIn showcase pages. One difference is that I have three groups on Facebook. In addition to the identity and technology groups, I also have a general business group. At this point it didn’t make sense to create a LinkedIn showcase page for general business, but it did make sense for Bredemarket to have such a group on Facebook.

Enough about me. What about you?

Obviously Bredemarket is an unusual case, although for some of you it may make sense to segment based on markets.

Most companies, however, will choose to segment based upon products or product lines. This especially makes sense for multinational companies that offer a slew of products. However, even smaller companies with multiple product lines may benefit from showcase page segmentation. If a potential customer is only interested in your square blue widgets, but doesn’t care about your other widgets, a showcase page allows the customer to read about blue widgets without having to wade through everything else.

Some of you may have received a pitch from me suggesting how a showcase page can help you highlight one product or product line in this way.

Perhaps it’s best to show an example. I’ve previously highlighted Adobe as an example of a company with showcase pages, but for now I’d like to highlight another company with a similar issue.

Let’s look at Microsoft, which has an obvious interest in using LinkedIn to its fullest potential. Microsoft’s product and service lines have expanded over the years, and while some Microsoft entities (such as LinkedIn itself) have their own regular LinkedIn pages, Microsoft uses showcase pages for other entities, products, and services.

For example, Microsoft has a showcase page for Microsoft Dynamics 365.

But here’s a showcase page that has nothing to do with a product, service, or market: “Microsoft On the Issues.”

So there are a variety of ways that a company can slice and dice its communications, and LinkedIn showcase pages provide an ideal way to do that.

Does this interest you?

Of course, setting up a LinkedIn showcase page is only the beginning of the battle. If you set up a showcase page and don’t publish anything to it, your efforts are wasted. Potential customers look at your company’s online presence, after all.

If your company has established a showcase page, has set goals for how the showcase page will benefit the company, and now needs to generate content at a regular clip, Bredemarket can assist with the creation of the content, working with internal company subject matter experts as needed. If this service interests you, contact me. We will collaborate to ensure that your LinkedIn showcase page includes the best possible content.

Are unified digital IDs a thing?

I’ve been busy helping a client who needed summer fill-in help, but I’m finally making the time to catch up on my reading. And this article from Government Technology was on my reading list.

When I read the title “Mobile Driver’s Licenses Pave the Way for Unified Digital IDs,” I was intrigued by the last three words. I mean, there are more and more states releasing (non-pilot) mobile driver’s licenses, and the standard is coming along, and work is being done to prepare for federal acceptance.

But what about the “unified” part? How did David Raths address that?

Government uses of digital ID

Well, he listened to Eric Jorgensen, director of Arizona’s Department of Transportation.

“I actually hate the term ‘mDL’ because it doesn’t recognize the power of what we’re doing here….The whole concept is that we’re providing a way to remotely authenticate a person, to provide a trusted digital identity that doesn’t exist today. Once we provide that, we’re opening doors to enhanced government services. Also, the government can play a key role in facilitating commerce, providing a better citizen experience and providing for the security of that citizen — that goes way beyond what a driver’s license is about.”

Although all that Jorgensen is discussing is providing a trusted digital identity that is equivalent to a trusted physical identity. If you have to show your driver’s license when visiting a government office’s physical location, conceivably you can show your digital driver’s license when visiting a government office’s website.

Enterprise uses of digital ID

And there are applications beyond government. Delaware and other states are persuading private businesses to accept mobile driver’s licenses as valid forms of identification. There’s a powerful use case for age-restricted products, of course; since all that an alcohol-selling business needs to know is whether you are over the age of 21, the mobile driver’s license ONLY shows that you are over the age of 21. It doesn’t show your address, your weight, or even your birthdate.

But what about a true UNIFIED digital ID?

However, I semantically question whether this is truly a “unified” ID. This is just digitization of an existing government-endorsed ID. A “unified” ID would be one that would not only let me drive, vote, and buy alcohol, but would also serve as my ID to log into Facebook or buy Bitcoin. (Yes, I realize that use of a government ID to buy Bitcoin violates the space-time continuum in some way.)

And for that to happen, work may need to be done to make mobile IDs compatible with existing authentication/authorization methods such as OAuth and OpenID Connect.

And the whole “but what if I don’t have a digital ID?” question must be addressed.

And the whole “but what if I want to use a self-sovereign ID that is NOT government endorsed?” question must be addressed.

And presumably a myriad of other questions would need to be addressed also.

But for me, I can’t address unified digital IDs today. Just got a message from my summer-challenged client…