The NIST Test You Choose Matters

(Baby smoking image designed by Freepik)

As I’ve mentioned before, when the National Institute of Standards and Technology (NIST) tests biometric modalities such as finger and face, they conduct each test in a bunch of different ways.

One of the ramifications of this is that many entities can claim that they are “the best, according to NIST.”

For example, when NIST released its first version of the age estimation tests, 5 of the 6 participating vendors scored first in SOME category.

But NIST doesn’t do this just to make the vendors happy. NIST does this because biometrics are used in many, many ways.

Let’s look at recent age estimation testing, which currently tests 15 algorithms rather than the original 6.

Governments and private entities can estimate ages for people at the pub, people buying weed, or people gambling. And then there’s the use case that is getting a lot of attention these days—people accessing social media.

Child Online Safety, Ages 13-16 (in my country anyway)

When NIST conceived the age estimation tests, the social media providers generaly required their users to be 13 years of age or older. For this reason, one of NIST’s age estimation tests focused upon whether age estimation algorithms could reliably identify those who were 13 years old vs. those who were not.

By Adrian Pingstone – Transferred from en.wikipedia, Public Domain, https://commons.wikimedia.org/w/index.php?curid=112727.

Which, by the way, basically means that the NIST age estimation tests are useless in Australia. After NIST started age estimation testing, Australia passed a law last month requiring social media users to be 16 years old or older.

Returning to America, NIST actually conducted several different tests for the 13 year old “child online safety” testing. I’m going to focus on one of them:

Age 8-12 – False Positive Rates (FPR) are proportions of subjects aged 8 to 12 but whose age is estimated from 13 to 16 (below 17).

This covers the case in which a social media provider requires people to be 13 years old or older, someone between 8 and 12 tries to sign up for the social media service anyway…AND SUCCESSFULLY DOES SO.

You want the “false positive rate” to be as low as possible in this case, so that’s what NIST measures.

Results as of December 10, 2024

The image below was taken from the NIST Face Analysis Technology Evaluation (FATE) Age Estimation & Verification page on December 10, 2024. Because this is a continuous test, the actual results may be different by the time you read this, so be sure to check the latest results.

From https://pages.nist.gov/frvt/html/frvt_age_estimation.html as of December 10, 2024.

As of December 10, the best performing algorithm of the 15 tested had a false positive rate (FPR) of 0.0467. The second was close at 0.0542, with the third at 0.0828.

The 15th was a distant last at 0.2929.

But the worst-tested algorithm is much better on other tests

But before you conclude that the 15th algorithm in the “8-12” test is a dud, take a look at how that same algorithm performed on some of the OTHER age estimation tests.

  • For the age 17-22 test (“False Positive Rates (FPR) are proportions of subjects aged 17 to 22 but whose age is estimated from 13 to 16 (below 17)”), this algorithm was the second MOST accurate.
  • And the algorithm is pretty good at correctly classifying 13-16 year olds.
  • It also performs well in the “challenge 25” tests (addressing some of the use cases I mentioned above such as alcohol purchases).
I think they’re over 13. By Obscurasky – Own work, Public Domain, https://commons.wikimedia.org/w/index.php?curid=7776157.

So it looks like this particular algorithm doesn’t (currently) do well with kids, but it does VERY well with adults.

So before you use the NIST tests as a starting point to determine if an algorithm is good for you, make sure you evaluate the CORRECT test, including the CORRECT data.

What Happens if the Crypto Exchanges Fail?

Some people who aren’t relying on gold to get through a possible banking system failure or other catastrophic event are placing their trust in crypto. 

ISectors, April 25, 2023:

“Bitcoin can be sent and received anywhere in the world, as long as there is an internet connection. This could be useful in a scenario where traditional banking systems fail and access to financial services is limited.”

But an internet connection isn’t the only thing you need to trade crypto.

  • You also need a crypto exchange, or some other way to trade crypto. 
  • And if that crypto exchange is hacked or goes bankrupt, you may lose your crypto…and there’s no FDIC.

A self custodial hardware wallet sounds great…at first. All you have to do is take your hardware wallet and walk up to the dude in camouflage selling canned Spam and holding his own hardware wallet. OK. Now trade it. On your own. With no help from a peer-to-peer (P2P) trading platform or a decentralized exchange. Google Gemini:

“Hardware wallets are primarily security devices, not trading platforms. They don’t have the functionality to directly swap one cryptocurrency for another….Directly exchanging crypto would require complex cryptographic operations and blockchain interactions, which are not typically handled by hardware wallets.”

I don’t know about you, but I don’t know how to interact with the blockchain all by myself without help. And very few people do. And even those who know this stuff are mostly helpless if the internet is non-operational.

So if the banks fail and/or some other catastrophe takes place, don’t count on crypto to survive.

Frankly we do better when there’s NOT a catastrophic event, protections guard us from fraud, and the bad effects of a fake identity are minimized.

(Post-apocalyptic image from Google Gemini)

Cobwebs

“Let’s not market that product until the new year. Let’s not even build anticipation for the product until the new year. What could go wrong?”

Plenty.

Bring someone on board NOW to market your anti-fraud technology product NOW.

  • Multiple go-to-market efforts
  • Strategic and tactical
  • Positioning and messaging expertise
  • 22 types of external and internal content
  • Ethical and unbiased competitive analysis skills

Bredemarket Content-Proposal-Analysis:

CPA

(AI image from Google Gemini)

In the Long Run, Can Your Company Be Saved?

Effective product marketing usually won’t help you make your numbers this quarter. But it can provide long-term benefits…if properly executed and maintained.

A Cautionary Tale

In a down employment market such as the one the tech industry is experiencing right now, the common wisdom is that if a company isn’t hiring new employees, it can definitely use independent consultants.

Sometimes the common wisdom is faulty.

One of Bredemarket’s former clients (whom I will not name) illustrates the gaps in the common wisdom. I had worked on projects for this company several times…until I didn’t.

  • Because of a company reorg, my contact at the company changed, and the new contact sent a project my way.
  • Halfway through the project I was asked to stop work with no explanation.
  • When a direct report to my new contact reached out to get to know me, the report assured me that the stop work order had nothing to do with me. 
  • My contract was about to expire, but the direct report said it would probably be renewed. (Admittedly the direct report had no decision-making authority).
  • A month later, I found myself unable to log in to the company’s contractor website.
  • I reached out to a third party (not employed by the company) who managed its contractors. The third party confirmed that my contract had not been renewed.
  • I executed my offboarding process for removing confidential company information and informed my company contact. I received no response. (Not surprising. Many people, rather than delivering or confirming bad news, will say nothing at all—ghosting.)
  • I subsequently learned that the company was performing multiple rounds of layoffs, in a “the layoffs will continue until morale improves”style.

If Properly Executed

If I had provided said company with top-notch content-proposal-analysis work, would those laid-off people have kept their jobs?

Probably not. Content, proposal, and analysis work is not a quick fix.

  • Content, for example, often takes as many as 17 months to bear fruit.
  • The proposal process is only part of a long-term effort, which may start years before a Request for Proposal (RFP) is released, and may not end for years after a proposal is submitted in response to the RFP.
  • And analysis itself is just the first step in a long process. After you analyze something, you have to decide what to do with the results.

While not a quick fix, doing the work now will benefit the company in the long run. Even in the short term, setting the strategy communicates to everyone, including both internal and external stakeholders, the direction in which your company is heading.

If Properly Maintained

But you can’t just treat this as a one-time oroject and be done with it. Looking at the content portion alone, you have to regularly revisit your content and update it as needed.

This is a trick I learned back in my proposal days. Some of my former employers used proposal management software packages, many of which used a “timeout” feature on standard proposal text that required someone to review the text by a certain date. 

Does your proposal text state that your software supports Windows 10? Perhaps it’s a good idea to mention Windows 11 also. 

Or you may need to revise your standard proposal text to mention that new feature…or new benefit. Any proposal text for a health application that was written in December 2019 definitely required an update in December 2020.

What this means for your company

If you haven’t laid the groundwork for your company’s product marketing, Bredemarket can help in a variety of ways. After asking questions (starting with “Why?”) about your needs, we can jointly decide on the most critically important things Bredemarket can do for you and your company.

To find out how John E. Bredehoft of Bredemarket can serve as your “CPA” (Content-Proposal-Analysis marketing professional), go to my CPA page.

Postscript

And no, I’m not going to share an Eagles song. I’m going to share a Madness song.

(AI wildebeest “Keep Moving” image from Google Gemini)

Bredemarket Health Page Updates

Most of you who developed a sudden interest in healthcare this week WON’T be interested in this, so move along.

I’ve added 3 new posts (so far) to the Bredemarket Health page since November 2024:

  • Dr. Jones MD, NPE
  • Saving Money When Filling Prescriptions: Not You, The Companies
  • Medical Fraudsters: Birthday Party People

(And no, I have no real interest in addressing the recent murder of a healthcare executive. It’s a crime. End of discussion.)

I approach health and health product marketing from both an identity and technology perspective, recognizing the similarities and differences between biometrics and biometrics, and between PHI and PII.

Health

Know Your Recruiter “Kristen”

(4/14/2025 Fixed a typo. It’s KORN Ferry, not KORAN Ferry.)

Maybe it’s me, but I’m wondering if Kristen really works for SourceOwls. I know she has 980 followers and all, but yet…

Kristen Marty’s LinkedIn profile.

I’d post the link to Kristen’s profile, but it would probably be gone by the time you read this.

Anyway, she sent me an InMail, and I responded.

From LinkedIn.

I got my answer.

From LinkedIn.

Seriously, LinkedIn is filled with people who falsely claim that they work for SourceOwls, Korn Ferry, Kelly…even Amazon. And a verified profile doesn’t offer protection, because a verified profile only confirms identity—not employment.

Know your recruiter.

How Jumped is Unwrapped?

My product marketing observation: “Bredemarket Unwrapped” would be pretty pointless.

For those who DID create their own “Unwrapped” product promotion, congratulations on looking just like everybody else does with your lack of differentiation.

When everyone heads down, you should head up.

(Image from Google Gemini. This wildebeest doesn’t use ChatGPT.)

Getting Around the Warring Standards (Lightning vs. USB-C)

I’ve talked about standards to death, but what do you do when there are two standards? Do you support standard 1, or standard 2?

Yes.

If you need to charge both USB-C and Lightning mobile devices, Native Union has the cable for you.

The ultimate cable you’ve been searching for is finally here. Solve all your power needs with a faster, more sustainable, more durable cable. Designed for superior convenience and versatility, this unique 2-in-1 connector houses both USB-C and Lightning connectors in a single head and is strong enough to withstand the most active all-day, all-device use.

Belt Cable Duo (USB-C to USB-C & Lightning). From Native Union website.

As you can see from the image above (upper left corner), you can choose either the Lightning adapter or the USB-C adapter.

Sounds great…

…except that Apple is slowly discontinuing use of Lightning, to comply with European Union regulations in 2022. The 2023 iPhone 15 doesn’t offer Lightning at all, and over the next several years Lightning will go away as older Apple devices become obsolete.

But for now it’s a good cable.

Medical Fraudsters: Birthday Party People

I’ve talked about Protected Health Information (PHI) before. Sadly, the health information is not not protected that well, since fraudsters can acquire PHI very easily in some cases.

Sometimes REALLY easily.

For example, I could call a medical provider or go to a pharmacy and say that my name is Donald John Trump.

Do you know how many medical practitioners verify identities?

By asking for the person’s birthdate.

So there is the possibility that a medical practitioner, after I say that I am Donald John Trump, will simply ask for my birthday without a second thought.

I would reply “June 14, 1946.”

And some of these medical practitioners would immediately grant access!

Of course, the number of successful fraudulent accesses goes up substantially when the real person is NOT well known.

Yet birthdates are considered an acceptable form of security in some parts of the medical world.

Scary.