Identity/biometrics/technology marketing and writing services
This video talks about Bredemarket’s services.
Just the services.
If you also want to find out who I (John E. Bredehoft) am, the process Bredemarket uses, and Bredemarket’s pricing, see my previous (longer) video from 10 days ago, “Introduction to Bredemarket: Services, Process, and Pricing (2511a).”
And if you want to discuss my services with me, visit https://bredemarket.com/mark/ and book a free meeting.
I often schedule posts in advance…including this one.
When I wrote this post on Friday morning, I had scheduled posts for the next four days, from Saturday the 15th through Tuesday the 18th.
I just realized that my posts for three of those days discuss deceased victim identification.
In other words, I see dead people.
And my scheduled post for the fourth day is about non-person identities.
I really need to start writing about the living.
There is a lot of discussion about data scraping, an activity in which Company 1 takes the information publicly posted by Company 2 and incorporates it into its own records.
In the identity world, this takes the form of a company “scraping” the facial images that were publicly posted by a second company, such as a social media company.
I think that we all know of one identity company that is well-known (a euphemism for “notorious”) for scraping facial images from multiple sources. These not only include government-posted mugshots, but also content posted by private social media firms.
Needless to say, the social media companies think that data scraping is completely evil and terrible and identity vendors that do this should be fined and put out of businress. The identity vendor is question has a different view, even stating at one point that it had a (U.S.) First Amendment right to scrape data.
But what happens when someone wants to scrape data FROM an identity company?
404 Media links to a Skagit County, Washington court case that addresses this very issue: in this case, data captured by Flock Safety.
The case is CITY OF SEDRO-WOOLLEY and CITY OF STANWOOD, Washington Municipal Corporations vs. JOSE RODRIGUEZ. The following are findings of fact:
“On April 10, 2025, Defendant, Jose Rodriguez made a Public Records Request to the Snohomish Police Department. He requested all of the city’s Flock cameras pictures and data logs between 5 pm and 6 pm on March 30, 2025.”
This particular record does not indicate WHY Rodriguez made this request, but 404 Media provided a clarification from Rodriguez himself.
“I wanted the records to see if they would release them to me, in hopes that if they were public records it would raise awareness to all the communities that have the Flock cameras that they may be public record and could be used by stalkers, or burglars scoping out a house, or other ways someone with bad intentions may use them. My goal was to try getting these cameras taken down by the cities that put them up.”
The City of Stanwood (don’t know its relation to Snohomish) answered Rodriguez in part:
“Stanwood PD is not the holder of the records you’re seeking; you may be able to request the records at FlockSafety.com.”
Incidentally, this is a common issue with identity databases using vendor softwares; who owns the data? I’ve addressed this before regarding the Milwaukee Police Department.
Now some legal talent may be able to parse what the word “holder” means, especially in regard to data hosted in the cloud. Perhaps Stanwood PD was trying to claim that since the records weren’t on site, it wasn’t the “holder.”
Anyway, the defendant subsequently made a similar request to the City of Sedro-Woolley, but for a different date. Sedro-Woolley didn’t provide the images either.
Then it gets weird.
“The Flock records sought by Defendant from Stanwood and Sedro-Woolley have been auto-deleted.”
Well how convenient.
And the listed statements of fact also contain the following:
“The contract between Flock and Stanwood sates that all Flock images generated off Flock cameras located in Stanwood are the property of Stanwood.
“The contract between Flock and Sedro-Woolley states that all Flock images generated off Flock cameras located in Sedro-Woolley are the property of Sedro-Woolley.”
Fast forward to November 6, when Judge Elizabeth Neidzwski ruled on the cities’ claim that the Flock camera data was not a public record.
“IT IS HEREBY ORDERED, ADJUDGED AND DECREED that Plaintiff’s motion for Declaratory Judgment that the Flock camera records are not public records is DENIED.”
404 Media noted that the cities argued that they resisted the request to…protect privacy.
“In affidavits filed with the court, police argued that ‘if the public could access the Flock Safety System by making Public Records Act requests, it would allow nefarious actors the ability to track private persons and undermine the effectiveness of the system.’ The judge rejected every single one of these arguments.”
Of course, there are those who argue that the police themselves are the “nefarious actors,” and that they shouldn’t be allowed to track private persons either.
This is not the only example of conflicting claims over WHO has the right to privacy. In fact, if the police were filming protestors and agitators and wanted the public’s help in identifying them, the police and the protestors would take the opposite arguments in the privacy issue: the police saying the footage SHOULD be released, and the protestors who were filmed saying it SHOULD NOT.
Privacy is in the eye of the beholder.
The French and Germans like each other more than they did in past centuries, but they still compete.
A month ago I wrote about the French company Thales and its efforts to develop a quantum-resistant smartcard called the MultiApp 5.2 Premium PQC. (PQC stands for post-quantum cryptography.)
But the Germans are getting into the act.
“In recent months, Bundesdruckerei GmbH and G+D [Giesecke+Devrient] have established a unique technical foundation for this transformation [of the German identity card]. The federal technology company and the international SecurityTech leader jointly initiated the development of a demonstrator together with the German Federal Office for Information Security (BSI), implemented on specialized chips produced by semiconductor manufacturer Infineon.
“Germany’s transition to quantum-secure ID cards will occur in two stages. First, personal data will be protected from forgery using a quantum-resistant digital signature scheme. The second phase will involve a full transition to quantum-secure technology.”
Also see Biometric Update’s coverage.
I’ve previously commented that the precinct workers in voter ID states have neither the knowledge nor the equipment to tell a fake voter ID from a real one.
But what if you rely on things other than voter ID to determine identity?
This goodie came from a thread from cherielynn89.
“My vote didn’t count against prop 50 because my signature didn’t match ? I voted in person !! With ID that no one asked for !! Make it make sense !! I’m sure I’m not the only vote they didn’t count !!”
So my state of California, which does not require voter ID, uses signature verification. If you view cherielynn69’s original thread, you will see a letter from the Butte County Clerk-Recorder stating “signature does not match.”
I’d like to know who made that determination, and what training they had.
As it turns out, I have never discussed signatures as a biometric in detail. But the Biometrics Institute has, distinguishing between static and dynamic signatures. You obtain more information with the latter:
“The physical actions involved in writing a signature are captured, usually on a screen sensitive device like a tablet, and recorded electronically. Consequently different characteristics are used rather than just those found in the image of the signature. This involves a three dimensional (X, Y & Z axes) evaluation of the time taken, rhythm and varying velocities of forming each letter and the overall signature, pen/stylus pressure and the direction of the strokes, including free strokes, for example crossing a ‘T’ or dotting an ‘I’.”
Which is nice…except that when comparing the signature on a mail-in ballot to the signature on a voter roll, only static signature comparison is available.
And static signatures are not all that accurate.
In 1971, publisher McGraw-Hill scored the rights to Howard Hughes’ life story, accompanied by a letter from Howard Hughes affirming that he had authorized writer Clifford Irving to act on Hughes’ behalf. Experts from McGraw-Hill examined the letter and concluded that Hughes could have written it…until those troublesome postal inspectors noticed something. While the writing in the Hughes letter differed from Irving’s own writing, the two shared telltale similarities.
Because while it’s hard to change your face, and very hard to change your finger, it’s much easier to change your signature. But not easy enough, as the postal inspectors showed.
So I don’t know about you, but I wouldn’t rely on signatures as proof of identity.
I previously discussed the alphabet soup that infests California privacy efforts.
“Before launching into these regulatory changes, remember that the CCPA is the California Consumer Privacy Act, while the CPPA is the California Privacy Protection Agency. (There’s also a CPRA, the California Privacy Rights Act.)”
Well, one of the entities, the agency (CPPA), is trying to extricate itself and differentiate and be cool and stuff.
“The California Privacy Protection Agency has chosen the new public-facing name of CalPrivacy. The name underscores the agency’s commitment to operationalizing privacy rights and delivering clear, consumer-friendly guidance to all Californians.”
Like…cool.
Some of you have heard of Dave Winer, who started Scripting News…when?
“Scripting News was started in 1997, by me, Dave Winer.
“Or 1994 or 1996 or whenever you think it actually started.
“I wrote my first blog posts in 1994, that’s for sure.”
Because of his early interest in immediate and direct sharing of information without intermediaries, Winer is considered as one of the first bloggers. And he has undeniable longevity, still publishing today.
But there is a blogger that preceded Winer, Justin Hall, Jorn Barger, Peter Merholz, and others.
And me.
For the record, I didn’t write my first blog post until October 14, 2003.
“Why did synthetica start with fake bluegrass sounds? Why not? This is the Ontario Empoblog, or the blog for Ontario Emperor, which has nothing and everything to do with Canada, New Mexico, and Texas, but also California, which is a location in California. It exists in cyberspace, which is also synthetic.
“The Ontario Empoblog may or may not touch on a variety of subjects, including music, poetry, poker, the supposed familial relationship between Brian Eno and Slim Whitman, the number of licks it takes to get to the center of a Tootsie Pop (1,121 – I checked), various comments about frogs, and the nature of nature.”
So back then I discussed synthetic music and frogs. Today I discuss synthetic identities and wildebeests. Not much has changed.
What were we talking about?
Oh yeah, the first blogger, predating everyone else by decades.
And blogging on a physical medium, seven inch wide circles of vinyl.
Because I maintain that the first blogger was John Lennon.
Although he didn’t start out that way.
When Lennon and his band signed a recording contract with a subsidiary of EMI in 1962, the four of them became cogs in a monstrous machine.
They had to report to EMI’s studio, record for an EMI producer, and were almost forced to record someone else’s songs. After they recorded multiple takes (some with a session drummer), their first EMI recording was processed through the EMI sausage system and released in the UK. (EMI’s U.S. subsidiary didn’t want it.)
The September 4, 1962 recording of “Love Me Do” (with Ringo Starr drumming) was released as a single about a month later, on October 5, 1962.
(Most subsequent releases of the song used the September 11 version with Andy White drumming.)
Of course, some later Beatles releases took longer than a month to travel from the studio to the record shops. For example, “When I’m Sixty-Four” was recorded on December 6, 20, and 21, 1966, but was not released on record until May 26, 1967 (in the U.K.; June 2 in the U.S.).
But the times, they were a’changing.
Within the year, the Beatles would have their own record label. Apple was still distributed by EMI, but the Beatles now had more control over the process, especially for their solo releases.
And John Lennon had things he wanted to say…now.
His first chance to practice immediacy was on a song formally credited to The Beatles, but actually recorded by Lennon with Paul McCartney’s help on piano, bass, and drums. Lennon and Yoko Ono married in March 1969. Lennon (with McCartney) recorded “The Ballad of John and Yoko” on April 14, and Apple released it on May 30. Quickly.
“In his biography, McCartney states that Lennon had a sudden inspiration for the song and had suggested that the two of them should record it immediately, without waiting for the other Beatles to return.”
Then Lennon turned to his solo career, which up to this point had consisted of two solo albums with Yoko Ono. Now Lennon started releasing singles.
Lennon subsequently re-focused on albums rather than singles and didn’t release songs as quickly. But those four singles achieved Lennon’s goal of getting something out quickly.
Like a blogger.
Lennon died before technology allowed musicians (or pirates) to post music files directly on the World Wide Web for immediate download. You can, um, imagine what Lennon could have done if those capabilities had existed in 1969.
Or in 1962.
June 1962, when Ringo Starr was still playing at Butlins with Rory Storm.
Gary Kroeger has written a Substack post entitled “The Spectrum Policy.”
His primary thesis:
“‘Spectrum Thinking’…is the opposite of ‘Binary Thinking’ which forces thought into a binary option only; ‘good’ or ‘bad,’ ‘right’ or ‘wrong,’ ‘Unknown equals threat.’”
Kroeger does not argue that we abandon binary thinking altogether. Instead he asserts that we have prioritized binary thinking and that we need to strive “an equal counterbalance” between binary and spectrum thinking.
“Binary thinking is not a lack of gray matter or even education, but is a way that human beings adapt to ever-changing, evolving, myriad complexities of existence. It is a way to protect ourselves. There are, however, disastrous downsides when there is not an equal and opposite counterbalance…”
Read Kroeger’s entire piece on Substack:
https://open.substack.com/pub/gary261401/p/the-spectrum-policy
Incidentally, I resisted the temptation to begin this with the statement “Yeah, THAT Gary Kroeger” because (1) it’s irrelevant to his argument, and (2) many readers are too young to know who THAT Gary Kroeger is anyway.
Many of us have been using Docusign for years to electronically sign documents. But how does Docusign know that the person applying John Bredehoft’s signature is really John Bredehoft?
Enter Docusign’s implementation of Identity Assurance Level 2 (IAL2).
As reported by Biometric Update, Docusign published a November 6 post outlining how Docusign has incorporated identity verification technology into its document workflows.
“The Docusign ID Verification for IAL2 Compliance workflow is easy to add to workflows within eSignature and Maestro, part of the Docusign Intelligent Agreement Management (IAM) platform.
“Before a recipient can access an agreement, they will be required to verify their identity using their existing ID.me or CLEAR account. If needed, they can create a free account with either provider from within the same Docusign workflow. Once verified, they can securely sign and complete their agreement, all in a single, seamless experience.”
So Docusign has integrated with proven IAL2 vendors. See the Kantara Initiative trust status list of certified full service providers, which includes both CLEAR and ID.me for IAL2 and AAL2 (Authenticator Assurance Level 2).
But I have one teeny quibble with whoever writes Docusign’s headlines. The November 6 announcement was entitled “Identity Verification at the Highest Level: Docusign ID Verification for IAL2 Compliance.”
As you and I well know, IAL3 (rather than IAL2) is the highest level of identity verification.
But Docusign isn’t ready to jump to THAT level of identity verification…yet.
On Tuesday I will write about a way to combat document signature fraud, but today I will focus on extremely obvious fraudulent activity.
You probably haven’t tried to alter your appearance before going through an airport security checkpoint, but it’s hard to pull off.
The most obvious preventive measure is that airport security uses multi factor authentication. Even if the woman in the video encountered a dumb Transportation Security Administration (TSA) expert who thought she truly was Richard Nixon, the driver’s license “Nixon” presented would fail a security check.
But not all fraud is this easy to detect. Not for job applicants, not for travelers.
Bredemarket