A fun houseboat is better
than a silent ocean liner.
Some have left my houseboat
or were never on board.
My destination is unknown
but I look forward to landing.
Who Travels With You?
Authenticator Assurance Levels (AALs) and Digital Identity
Back in December 2020, I dove into identity assurance levels (IALs) and digital identity, subsequently specifying the difference between identity assurance levels 2 and 3. These IALs are defined in section 4 of NIST Special Publication 800-63A, Digital Identity Guidelines, Enrollment and Identity Proofing Requirements.
It’s past time for me to move ahead to authenticator assurance levels (AALs).
Where are authenticator assurance levels defined?
Authenticator assurance levels are defined in section 4 of NIST Special Publication 800-63B, Digital Identity Guidelines, Authentication and Lifecycle Management. As with IALs, the AALs progress to higher levels of assurance.
- AAL1 (some confidence). AAL1, in the words of NIST, “provides some assurance.” Single-factor authentication is OK, but multi-factor authentication can be used also. All sorts of authentication methods, including knowledge-based authentication, satisfy the requirements of AAL1. In short, AAL1 isn’t exactly a “nothingburger” as I characterized IAL1, but AAL1 doesn’t provide a ton of assurance.
- AAL2 (high confidence). AAL2 increases the assurance by requiring “two distinct authentication factors,” not just one. There are specific requirements regarding the authentication factors you can use. And the security must conform to the “moderate” security level, such as the moderate security level in FedRAMP. So AAL2 is satisfactory for a lot of organizations…but not all of them.
- AAL3 (very high confidence). AAL3 is the highest authenticator assurance level. It “is based on proof of possession of a key through a cryptographic protocol.” Of course, two distinct authentication factors are required, including “a hardware-based authenticator and an authenticator that provides verifier impersonation resistance — the same device MAY fulfill both these requirements.”
This is of course a very high overview, and there are a lot of…um…minutiae that go into each of these definitions. If you’re interested in that further detail, please read section 4 of NIST Special Publication 800-63B for yourself.
Which authenticator assurance level should you use?
NIST has provided a handy dandy AAL decision flowchart in section 6.2 of NIST Special Publication 800-63-3, similar to the IAL decision flowchart in section 6.1 that I reproduced earlier. If you go through the flowchart, you can decide whether you need AAL1, AAL2, or the very high AAL3.
One of the key questions is the question flagged as 2, “Are you making personal data accessible?” The answer to this question in the flowchart moves you between AAL2 (if personal data is made accessible) and AAL1 (if it isn’t).
So what?
Do the different authenticator assurance levels provide any true benefits, or are they just items in a government agency’s technical check-off list?
Perhaps the better question to ask is this: what happens if the WRONG person obtains access to the data?
- Could the fraudster cause financial loss to a government agency?
- Threaten personal safety?
- Commit civil or criminal violations?
- Or, most frightening to agency heads who could be fired at any time, could the fraudster damage an agency’s reputation?
If some or all of these are true, then a high authenticator assurance level is VERY beneficial.
Why Does Outsourced Content Marketing Work?
WHY does outsourced content marketing work?
Because an outsourced content marketer can help you address gaps in your content.
For example, maybe you have NEVER posted to your company LinkedIn page.
An outsourced content marketer can help. After all, that blank company LinkedIn page isn’t going to fill itself.
Let Bredemarket work with you to create your content.
Reasonable Minds Vehemently Disagree On Three Biometric Implementation Choices
There are a LOT of biometric companies out there.
With over 100 firms in the biometric industry, their offerings are going to naturally differ—even if all the firms are TRYING to copy each other and offer “me too” solutions.
I’ve worked for over a dozen biometric firms as an employee or independent contractor, and I’ve analyzed over 80 biometric firms in competitive intelligence exercises, so I’m well aware of the vast implementation differences between the biometric offerings.
Some of the implementation differences provoke vehement disagreements between biometric firms regarding which choice is correct. Yes, we FIGHT.
Let’s look at three (out of many) of these implementation differences and see how they affect YOUR company’s content marketing efforts—whether you’re engaging in identity blog post writing, or some other content marketing activity.
The three biometric implementation choices
Firms that develop biometric solutions make (or should make) the following choices when implementing their solutions.
- Presentation attack detection. Assuming the solution incorporates presentation attack detection (liveness detection), or a way of detecting whether the presented biometric is real or a spoof, the firm must decide whether to use active or passive liveness detection.
- Age assurance. When choosing age assurance solutions that determine whether a person is old enough to access a product or service, the firm must decide whether or not age estimation is acceptable.
- Biometric modality. Finally, the firm must choose which biometric modalities to support. While there are a number of modality wars involving all the biometric modalities, this post is going to limit itself to the question of whether or not voice biometrics are acceptable.
I will address each of these questions in turn, highlighting the pros and cons of each implementation choice. After that, we’ll see how this affects your firm’s content marketing.
Choice 1: Active or passive liveness detection?
Back in June 2023 I defined what a “presentation attack” is.
(I)nstead of capturing a true biometric from a person, the biometric sensor is fooled into capturing a fake biometric: an artificial finger, a face with a mask on it, or a face on a video screen (rather than a face of a live person).
This tomfoolery is called a “presentation attack” (becuase you’re attacking security with a fake presentation).
Then I talked about standards and testing.
But the standards folks have developed ISO/IEC 30107-3:2023, Information technology — Biometric presentation attack detection — Part 3: Testing and reporting.
And an organization called iBeta is one of the testing facilities authorized to test in accordance with the standard and to determine whether a biometric reader can detect the “liveness” of a biometric sample.
(Friends, I’m not going to get into passive liveness and active liveness. That’s best saved for another day.)
Well…that day is today.
A balanced assessment
Now I could cite a firm using active liveness detection to say why it’s great, or I could cite a firm using passive liveness detection to say why it’s great. But perhaps the most balanced assessment comes from facia, which offers both types of liveness detection. How does facia define the two types of liveness detection?
Active liveness detection, as the name suggests, requires some sort of activity from the user. If a system is unable to detect liveness, it will ask the user to perform some specific actions such as nodding, blinking or any other facial movement. This allows the system to detect natural movements and separate it from a system trying to mimic a human being….
Passive liveness detection operates discreetly in the background, requiring no explicit action from the user. The system’s artificial intelligence continuously analyses facial movements, depth, texture, and other biometric indicators to detect an individual’s liveness.
Pros and cons
Briefly, the pros and cons of the two methods are as follows:
- While active liveness detection offers robust protection, requires clear consent, and acts as a deterrent, it is hard to use, complex, and slow.
- Passive liveness detection offers an enhanced user experience via ease of use and speed and is easier to integrate with other solutions, but it incorporates privacy concerns (passive liveness detection can be implemented without the user’s knowledge) and may not be used in high-risk situations.
So in truth the choice is up to each firm. I’ve worked with firms that used both liveness detection methods, and while I’ve spent most of my time with passive implementations, the active ones can work also.
A perfect wishy-washy statement that will get BOTH sides angry at me. (Except perhaps for companies like facia that use both.)
Choice 2: Age estimation, or no age estimation?
There are a lot of applications for age assurance, or knowing how old a person is. These include smoking tobacco or marijuana, buying firearms, driving a car, drinking alcohol, gambling, viewing adult content, using social media, or buying garden implements.
If you need to know a person’s age, you can ask them. Because people never lie.
Well, maybe they do. There are two better age assurance methods:
- Age verification, where you obtain a person’s government-issued identity document with a confirmed birthdate, confirm that the identity document truly belongs to the person, and then simply check the date of birth on the identity document and determine whether the person is old enough to access the product or service.
- Age estimation, where you don’t use a government-issued identity document and instead examine the face and estimate the person’s age.
I changed my mind on age estimation
I’ve gone back and forth on this. As I previously mentioned, my employment history includes time with a firm produces driver’s licenses for the majority of U.S. states. And back when that firm was providing my paycheck, I was financially incentivized to champion age verification based upon the driver’s licenses that my company (or occasionally some inferior company) produced.
But as age assurance applications moved into other areas such as social media use, a problem occurred since 13 year olds usually don’t have government IDs. A few of them may have passports or other government IDs, but none of them have driver’s licenses.
Pros and cons
But does age estimation work? I’m not sure if ANYONE has posted a non-biased view, so I’ll try to do so myself.
- The pros of age estimation include its applicability to all ages including young people, its protection of privacy since it requires no information about the individual identity, and its ease of use since you don’t have to dig for your physical driver’s license or your mobile driver’s license—your face is already there.
- The huge con of age estimation is that it is by definition an estimate. If I show a bartender my driver’s license before buying a beer, they will know whether I am 20 years and 364 days old and ineligible to purchase alcohol, or whether I am 21 years and 0 days old and eligible. Estimates aren’t that precise.
How precise is age estimation? We’ll find out soon, once NIST releases the results of its Face Analysis Technology Evaluation (FATE) Age Estimation & Verification test. The release of results is expected in early May.
Choice 3: Is voice an acceptable biometric modality?
Fingerprints, palm prints, faces, irises, and everything up to gait. (And behavioral biometrics.) There are a lot of biometric modalities out there, and one that has been around for years is the voice biometric.
I’ve discussed this topic before, and the partial title of the post (“We’ll Survive Voice Spoofing”) gives away how I feel about the matter, but I’ll present both sides of the issue.
No one can deny that voice spoofing exists and is effective, but many of the examples cited by the popular press are cases in which a HUMAN (rather than an ALGORITHM) was fooled by a deepfake voice. But voice recognition software can also be fooled.
(Incidentally, there is a difference between voice recognition and speech recognition. Voice recognition attempts to determine who a person is. Speech recognition attempts to determine what a person says.)
Finally facing my Waterloo
Take a study from the University of Waterloo, summarized here, that proclaims: “Computer scientists at the University of Waterloo have discovered a method of attack that can successfully bypass voice authentication security systems with up to a 99% success rate after only six tries.”
If you re-read that sentence, you will notice that it includes the words “up to.” Those words are significant if you actually read the article.
In a recent test against Amazon Connect’s voice authentication system, they achieved a 10 per cent success rate in one four-second attack, with this rate rising to over 40 per cent in less than thirty seconds. With some of the less sophisticated voice authentication systems they targeted, they achieved a 99 per cent success rate after six attempts.
Other voice spoofing studies
Similar to Gender Shades, the University of Waterloo study does not appear to have tested hundreds of voice recognition algorithms. But there are other studies.
- The 2021 NIST Speaker Recognition Evaluation (PDF here) tested results from 15 teams, but this test was not specific to spoofing.
- A test that was specific to spoofing was the ASVspoof 2021 test with 54 team participants, but the ASVspoof 2021 results are only accessible in abstract form, with no detailed results.
- Another test, this one with results, is the SASV2022 challenge, with 23 valid submissions. Here are the top 10 performers and their error rates.
You’ll note that the top performers don’t have error rates anywhere near the University of Waterloo’s 99 percent.
So some firms will argue that voice recognition can be spoofed and thus cannot be trusted, while other firms will argue that the best voice recognition algorithms are rarely fooled.
What does this mean for your company?
Obviously, different firms are going to respond to the three questions above in different ways.
- For example, a firm that offers face biometrics but not voice biometrics will convey how voice is not a secure modality due to the ease of spoofing. “Do you want to lose tens of millions of dollars?”
- A firm that offers voice biometrics but not face biometrics will emphasize its spoof detection capabilities (and cast shade on face spoofing). “We tested our algorithm against that voice fake that was in the news, and we detected the voice as a deepfake!”
There is no universal truth here, and the message your firm conveys depends upon your firm’s unique characteristics.
And those characteristics can change.
- Once when I was working for a client, this firm had made a particular choice with one of these three questions. Therefore, when I was writing for the client, I wrote in a way that argued the client’s position.
- After I stopped working for this particular client, the client’s position changed and the firm adopted the opposite view of the question.
- Therefore I had to message the client and say, “Hey, remember that piece I wrote for you that said this? Well, you’d better edit it, now that you’ve changed your mind on the question…”
Bear this in mind as you create your blog, white paper, case study, or other identity/biometric content, or have someone like the biometric content marketing expert Bredemarket work with you to create your content. There are people who sincerely hold the opposite belief of your firm…but your firm needs to argue that those people are, um, misinformed.
And as a postscript I’ll provide two videos that feature voices. The first is for those who detected my reference to the ABBA song “Waterloo.”
The second features the late Steve Bridges as President George W. Bush at the White House Correspondents Dinner.
How Bredemarket Helps in Early Proposal Engagement
Man, I’ve been negative lately.
I figure that it is time to become more positive.
I’m going to describe one example of how Bredemarket has helped its customers, based upon one of my client projects from several years ago.
I’ve told this story before, but I wanted to take a fresh look at the problem the firm had, and the solution Bredemarket provided. I’m not identifying the firm, but perhaps YOUR firm has a similar problem that I can solve for you. And your firm is the one that matters.
The problem
This happened several years ago, but was one of Bredemarket’s first successes.
I should preface this by noting that there are a lot of different biometric modalities, including some that aren’t even listed in the image above.
The firm that asked for my help is one that focuses on one particular biometric modality, and provides a high-end solution for biometric identification.
In addition, the firm’s solution has multiple applications, crime solving and disaster victim identification being two of them.
The firm needed a way to perform initial prospect outreach via budgetary quotations, targeted to the application that mattered to the prospect. A simple proposal problem to be solved…or so it seemed.
Why the obvious proposal solution didn’t work
I had encountered similar problems while employed at Printrak and MorphoTrak and while consulting here at Bredemarket, so the solution was painfully obvious.
Have your proposal writers create relevant material in their proposal automation software that could target each of the audiences.
So when your salesperson wants to approach a medical examiner involved in disaster victim identification, the proposal writer could just run the proposal automation software, create the targeted budgetary quotation, populate it with the prospect’s contact information, and give the completed quotation to the salesperson.
Unfortuntely for the firm, the painfully obvious solution was truly painful, for two reasons:
- This firm had no proposal automation software. Well, maybe some other division of the firm had such software, but this division didn’t have access to it. So the whole idea of adding proposal text to an existing software solution, and programming the solution to generate the appropriate budgetary quotation, wasn’t going to fly.
- In addition, this firm had no proposal writers. The salespeople were doing this on their own. The only proposal writer they had was the contractor from Bredemarket. And they weren’t going to want to pay for me to generate every budgetary quotation they needed.
In this case, the firm needed a way for the salespeople to generate the necessary budgetary quotations as easily as possible, WITHOUT relying on proposal automation software or proposal writers.
Bredemarket’s solution
To solve the firm’s problem, I resorted to Stupid Word Tricks.
(Microsoft Word, not Cameo.)
I created two similar budgetary quotation templates: one for crime solving, and one for disaster victim identification. (Actually I created more than two.) That way the salesperson could simply choose the budgetary quotation they wanted.
The letters were similar in format, but had little tweaks depending upon the audience.
The Stupid Word Tricks came into play when I used Word document property features to allow the salesperson to enter the specific information for each prospect, which then rippled throughout the document, providing a customized budgetary quotation to the prospect.
The result
The firms’ salespeople used Bredemarket’s templates to generate initial outreach budgetary quotations to their clients.
And the salespeople were happy.
I’ve used this testimonial quote before, but it doesn’t hurt to use it again.
“I just wanted to truly say thank you for putting these templates together. I worked on this…last week and it was extremely simple to use and I thought really provided a professional advantage and tool to give the customer….TRULY THANK YOU!”
Comment from one of the client’s employees who used the standard proposal text
While I actively consulted for the firm I maintained the templates, updating as needed as the firm achieved additional certifications.
Why am I telling this story again?
I just want to remind people that Bredemarket doesn’t just write posts, articles, and other collateral. I can also create collateral such as these proposal templates that you can re-use.
So if you have a need that can’t be met by the painfully obvious solutions, talk to me. Perhaps we can develop our own solution.
What You Don’t Know (About Your Identity/Biometric Company Website) Can Hurt You
The identity/biometric company (not named here) never formally learned why prospects shunned the outdated information on its website.
The identity/biometric company never formally learned how its references to renamed companies and non-existent companies were repelling those very companies…and the prospects who knew the website information was inaccurate.
With those types of mistakes, the entire company’s positioning became suspect.
It could have learned…if it had met with me. But it chose not to do so.
NOTE TO SELF: INSERT STRONG FEAR UNCERTAINTY AND DOUBT PARAGRAPH HERE. TAKE OUT THESE TWO SENTENCES BEFORE POSTING THE FINAL VERSION!!!
(By the way…while the identity/biometric company never received this information formally, it did receive it informally…because such information is presumably critically important to the company.)
How many other companies are in the same situation, with:
(T)here are clues within the content itself as to its age, such as “Our product is now supported on Windows 7.”
- Stale information (or lack of information)?
My mini-survey shows that of the 40+ identity firms with blogs, about one-third of them HAVEN’T SAID A SINGLE THING to their prospects and customers in the last two months.
Is there a 29-year veteran of the identity industry, an identity content marketing expert who can help the companies fix these gaps?
And yes, the ALL CAPS paragraph was a setup. But I’m sure you can compose a FUD paragraph on your own without my help.
Can Artificial Intelligence Reduce Healthcare Burnout?
Burnout in the healthcare industry is real—but can targeted artificial intelligence solutions reduce burnout?
In a LinkedIn post, healthcare company Artisight references an Advisory Board article with the following statistics:
(T)here were 7,887 nurses who recently ended their healthcare careers between 2018 and 2021….39% of respondents said their decision to leave healthcare was due to a planned retirement. However, 26% of respondents cited burnout or emotional exhaustion, and 21% cited insufficient staffing.
And this is ALL nurses. Not just the forensic nurses who have to deal with upsetting examinations that (literally) probe into sexual assault and child abuse. All nurses have it tough.
But the Artisight LinkedIn post continues with the following assertion:
At Artisight we are committed to reversing this trend through AI-driven technology that is bringing the joy back to medicine!!
Can artificial intelligence bots truly relieve the exhaustion of overworked health professionals? Let’s look at two AI solutions from 3M and Artisight and see whether they truly benefit medical staff.
3M and documentation solutions
3M, a former competitor to MorphoTrak until 3M sold its biometric offerings (as did MorphoTrak’s parent Safran), has invested heavily into healthcare artificial intelligence solutions. This includes a solution that addresses the bane of medical professionals everywhere—keeping up with the paperwork (and checking for potentially catastrophic errors).
Our solutions use artificial intelligence (AI) to alleviate administrative burden and proactively identify gaps and inconsistencies within clinical documentation. Supporting completeness and accuracy every step of the way, from capture to code, means rework doesn’t end up on the physician’s plate before or even after discharge. That enables you to keep your focus where it needs to be – on the patient right in front of you.
Artisight and “smart hospitals”
But what about Artisight, whose assertion inspired this post in the first place?
A recent PYMNTS article interviewed Artisight President Stephanie Lahr to uncover Artight’s approach.
The Artisight platform marries IoT sensors with machine learning and large language models. The overall goal in a hospital setting is to streamline safe patient care, including virtual nursing. Compliance with HIPAA, according to Lahr, has been an important part of the platform’s development, which includes computer vision, voice recognition, vital sign monitoring, indoor positioning capabilities and actionable analytics reports.
In more detail, a hospital patient room is equipped with Al-powered devices such as high-quality, two-way audio and video with multiple participants for virtual care. Ultra-wideband technology tracks the movement and flow of assets throughout the hospital. Remote nurses and observers monitor patient room activity off-site and interact virtually with patients and clinicians.
At a minimum, this reduces the need for nurses to run down the hall just to check things. At a maximum, tracking of asset flows and actionable analytics reports make the job of everyone in the hospital easier.
What about the benefits?
As Bredemarket blog readers have heard ad nauseum, simply saying that your health solution uses features such as artificial intelligence makes no difference to the medical facility. The facility doesn’t care about your features or your product—it only cares about what benefits them. (Cool feature? So what?)
So how can 3M’s and Artisight’s artificial intelligence offerings benefit medical facilities?
- Allow medical professionals to concentrate on care. Patients don’t need medical professionals who are buried in paperwork. Patients need medical professionals who are spending time with them. The circumstances that land a patient in a hospital are bad enough, and to have people who are forced to ignore patient needs makes it worse. Maybe some day we’ll even get back to Welbycare.
- Free medical professionals from routine tasks. Assuming the solutions work as advertised, they eliminate the need to double-check a report for errors, or the need to walk down the hall to capture vital signs.
- Save lives. Yeah, medical professionals do that. If the Marcus Welby AI bot spots an error in a report, or if the bot detects a negative change in vital signs while a nurse is occupied with another patient, the technology could very well save a life.
Now I am not a doctor and cannot evaluate whether these artificial intelligence solutions actually work (unlike some other so-called artificial intelligence solutions that were in reality powered manually). But if the solutions truly work, wonderful.
What’s YOUR healthcare story? And who can tell your story?
I Edited My “Customer Focus” Page
I just made a minor edit to my Customer Focus page.
In the introduction to the page, I previously talked about how adopting a customer focus leads you to address “what is important to the customer.”
I changed that phrase to reference “what is critically important to the customer.”
How Does Outsourced Content Writing Work?
How can your technology business work with an outsourced content writer?
Perhaps you should first ask WHY your technology business needs an outsourced content writer.
The need for content
Do your technology business website and social media channels DESPERATELY need written content?
- Is your website a dreary collection of facts and awards that don’t address what your prospects REALLY care about?
- Have you NEVER posted to your company LinkedIn page?
- Is your online presence a ghost town?
There may be a variety of reasons for this. Perhaps your current employees are too busy doing other things. Or perhaps writing terrifies them so much that they think ChatGPT-generated content is actually a GOOD thing. (Read the content. It isn’t good.)
So you’re thinking about outsourcing the work to a content writer. One who has created content for multiple technology firms, including 9 returning clients. Here are four examples.
But how does outsourced content writing work?
How Bredemarket works with you to create content
Maybe you need an outsourced content writer because your current textual content is not compelling to your prospects, or perhaps it’s non-existent (for example, a LinkedIn company page with zero posts).
If you approach Bredemarket with your outsourced content writing request, here’s how we will work together:
For this example, let’s assume that you need between 400 to 600 words of text to post to your company blog or to your company LinkedIn account, and therefore are purchasing my Bredemarket 400 Short Writing Service.
Step 1: Kickoff
This is the most important step in the entire process, and I don’t write a word of text until you and I have some agreement on WHAT I am going to write.
I start by asking seven questions about the content, your product, and your company.
- Why?
- How?
- What?
- Goal?
- Benefits?
- Target Audience?
- Emotions?
I ask some additional questions which I won’t discuss in detail here. For example, you may specify the subject matter experts or articles I need to consult.
Once we’ve worked through ALL the questions, either in a synchronous meeting or asynchronously via email, I have a good idea of what the written content needs to say.
Step 2: First draft
Now I write the first draft.
I don’t ask a bot to write the first draft; I write it myself.
Why? Because I’m an opinionated, crotchety, temperamental writer, and a “you can pry my keyboard out of my cold dead hands” type.
This benefits you because I love doing this, communicating your benefits to your prospects using the framework upon which we agreed in the kickoff.
Unless we agree on a different schedule, I get that first draft to you in three days for the next important step.
Step 3: First draft review
This is where you come in. Your task is to review my draft within three days and provide comments. And if I don’t hear from you within three days, you’ll hear from me. Why?
- The first reason is my pure self-interest. The sooner I complete the project, the sooner I get paid. Those cold dead hands need some nice gloves.
- The second reason is of mutual interest. We want to complete the project while we’re focused on thinking about it, and while it is critically important to us.
- The third reason is for your own self-interest. You have a content gap, and it’s in your interest to fill that gap. If we get this draft reviewed and move forward, that gap will be filled quickly. If we don’t move forward, the gap will remain, your efforts to contract with Bredemarket will be for naught, and you’ll still have an uninteresting website and dead social media accounts.
Step 4: It depends
What happens after the first draft review varies from client to client.
- Some of my clients love the first draft and don’t want to change a thing.
- Some of my first drafts have embedded questions that you need to answer; once those questions are answered, the content is ready.
- Some of my first drafts may need minor changes. In one case, I was asked to remove a reference to a successful hack that occurred at a well-known company; unbeknownst to me, the company was a customer of another division of the client in question. Whoops.
- Occasionally more substantive changes are required, and I end up creating a second draft in three days, and you review it in three days.
In the end, we have a piece of content that is almost ready for publication.
Step 5: Finalize and publish
While the words may be ready, the entire piece is not.
I’m not a graphics person, and usually a written piece needs some accompanying images to drive the message home. I may suggest some images, or I may suggest that the client reuse an image from their website, or I may just ask the client to select an appropriate image.
Once the text and images are ready, you publish the piece. Normally I don’t have access to your website or social media accounts, so I can’t publish the piece for you. Only one client has given me such access, and even for that client I don’t have COMPLETE publishing permission.
For short projects such as a Bredemarket 400 project, I usually bill you when you publish the piece, although in certain circumstances I may bill you once the text is complete.
Are you ready to outsource your content marketing?
While other content marketers may work differently, we all have some type of process for our outsourced content writing.
If you’re ready to move forward with Bredemarket for outsourced content writing, contact me.
Does Your Gardening Implement Company Require Age Assurance?
Age assurance shows that a customer meets the minimum age for buying a product or service.
I thought I knew every possible use case for age assurance—smoking tobacco or marijuana, buying firearms, driving a car, drinking alcohol, gambling, viewing adult content, or using social media.
But after investigating a product featured in Cultivated Cool, I realized that I had missed one use case. Turns out that there’s another type of company that needs age assurance…and a way to explain the age assurance method the company adopts.
Off on a tangent: what is Cultivated Cool?
Psst…don’t tell anyone what you’re about to read.
The so-called experts say that a piece of content should only have one topic and one call to action. Well, it’s Sunday so hopefully the so-called experts are taking a break and will never see the paragraphs below.
This is my endorsement for Cultivated Cool. Its URL is https://cultivated.cool/, which I hope you can remember.
Cultivated Cool self-identifies as “(y)our weekly guide to the newest, coolest products you didn’t know you needed.” Concentrating on the direct-to-consumer (DTC or D2C) space, Cultivated Cool works with companies to “transform (their) email marketing from a chore into a revenue generator.” And to prove the effectiveness of email, it offers its own weekly email that highlights various eye-catching products. But not trendy ones:
Trends come and go but cool never goes out of style.
From https://cultivated.cool/.
Bredemarket isn’t a prospect for Cultivated Cool’s first service—my written content creation is not continuously cool. (Although it’s definitely not trendy either). But I am a consumer of Cultivated Cool’s weekly emails, and you should subscribe to its weekly emails also. Enter your email and click the “Subscribe” button on Cultivated Cool’s webpage.
And Cultivated Cool’s weekly emails lead me to the point of this post.
The day that Stella sculpted air
Today’s weekly newsletter issue from Cultivated Cool is entitled “Dig It.” But this has nothing to do with the Beatles or with Abba. Instead it has to do with gardening, and the issue tells the story of Stella, in five parts. The first part is entitled “Snip it in the Bud,” and begins as follows.
Stella felt a shiver go down her spine the first time the pruner blades closed. She wasn’t just cutting branches; she was sculpting air.
From https://cultivated.cool/dig-it/.
The pruner blades featured in Cultivated Cool are sold by Niwaki, an English company that offers Japanese-inspired products. As I type this, Niwaki offers 18 different types of secateurs (pruning shears), including large hand, small hand, right-handed, and left-handed varieties. You won’t get these at your dollar store; prices (excluding VAT) range from US$45.50 to US$280.50 (Tobisho Hiryu Secateurs).
Stella, how old are you?
But regardless of price, all the secateurs sold by Niwaki have one thing in common: an age restriction on purchases. Not that Niwaki truly enforces this restriction.
Please note: By law, we are not permitted to sell a knife or blade to any person under the age of 18. By placing an order for one of these items you are declaring that you are 18 years of age or over. These items must be used responsibly and appropriately.
From https://www.niwaki.com/tobisho-hiryu-secateurs/#P00313-1.
That’s the functional equivalent of the so-called age verification scheme used on some alcohol websites.
I hope you’re sitting down as I reveal this to you: underage people can bypass the age assurance scheme on alcohol websites by inputting any year of birth that they wish. Just like anyone, even a small child, can make any declaration of age that they want, as long as their credit card is valid.
Now I have no idea whether Ofcom’s UK Online Safety Act consultations will eventually govern Niwaki’s sales of adult-controlled physical products. But if Niwaki finds itself under the UK Online Safety Act, or some other act in the United Kingdom or any country where Niwaki conducts business, then a simple assurance that the purchaser is old enough to buy “a knife or blade” will not be sufficient.
Niwaki’s website would then need to adopt some form of age assurance for purchasers, either by using a government-issued identification document (age verification) or examining the face to algorithmically surmise the customer’s age (age estimation).
- Age verification. For example, the purchaser would need to provide their government-issued identity document so that the seller can verify the purchaser’s age. Ideally, this would be coupled with live face capture so that the seller can compare the live face to the face on the ID, ensuring that a kid didn’t steal mommy’s or daddy’s driver’s license (licence) or passport.
- Age estimation. For example, the purchaser would need to provide their live face so that the seller can estimate the purchaser’s age. In this case (and in the age verification case if a live face is captured), the seller would need to use liveness dectection to ensure that the face is truly a live face and is not a presentation attack or other deepfake.
And then the seller would need to explain why it was doing all of this.
How can a company explain its age assurance solution in a way that its prospects will understand…and how can the company reassure its prospects that its age assurance method protects their privacy?
Companies other than identity companies must explain their identity solutions
Which brings me to the TRUE call to action in this post. (Sorry Mark and Lindsey. You’re still cool.)
I’ve stated ad nauseum that identity companies need to explain their identity solutions: why they developed them, how they work, what they do, and several other things.
In the same way, firms that incorporate solutions from identity companies got some splainin’ to do.
This applies to a financial institution that requires customers to use an identity verification solution before opening an account, just like it applies to an online gardening implement website that uses an age assurance method to check the age of pruning shear purchasers.
So how can such companies explain their identity and biometrics features in a way their end customers can understand?
Bredemarket 