Bredemarket

A QR code is not a way of life

For years I have adopted and used the phrase “a tool is not a way of life,” and almost started a blog with that title. I’m glad I didn’t, because…well, because a tool is not a way of life, and who would want to read an entire blog with posts about THAT?

One tool that I have used off and on is the QR code. Years ago, one of my annual corporate goals was to explore how my then-employer could use QR codes; at the time, there wasn’t any pressing need to adopt them.

I have since chosen to adopt QR codes for some of my Bredemarket work, especially in cases where an online reader may need additional information.

(UPDATE February 20, 2023: Did I really write that? Read why I regret one word in the paragraph above.)

For more information about the Bredemarket 2800 Medium Writing Service, scan the QR code above. My content creation process didn’t fit on this brochure.

Of course, I’m not the only one who has adopted QR codes, and dissemination of detailed information isn’t the only reason to use QR codes.

For example, you may want to use QR codes to prevent yourself from dying due to a global pandemic.

And when that particular use case emerged about two years ago, restaurants rushed to adopt it, and vendors of QR code solutions rushed to promote them.

[M]any of these fortune tellers have something to sell. The most recent of these visionaries are those who have declared that QR codes are here to stay. Leaders in the online ordering and pay-by-phone business offer statistics to prove that the technology has been fully embraced and will continue to outlive the pandemic as the norm for restaurants. Operators who have fully leaned into QR code integration celebrate the news, broadcasting to investors that the technological investments and the pivots to less employee-reliant labor models were prudent, if not prescient, moves.

But now that the pandemic is (hopefully) receding, the shakeout (no, not THAT shakeout) is occurring. For some restaurants, ordering and paying with QR codes and other technological devices is a benefit, but for others, it is a detriment.

If your product is an immersive experience—or the facilitation of relationships—QR code usage may turn out to be counterproductive….

At Barcelona Wine Bar, we heard early on the frequent complaints from guests about QR fatigue and pivoted back to paper menus. Sales increased as each of our restaurants returned to in-person service. More importantly, so did guest satisfaction. We have recently returned thick, leather-bound wine lists to our tables for guests to leaf through instead of asking them to do more mindless online scrolling. QR ordering and payment will remain an option out of courtesy to those who feel safer or find it more convenient. However, as hosts, we would much prefer the opportunity for a final check-in and good-bye.

Here is another example of using a tool when it makes sense, and not using it when it doesn’t.

And this doesn’t have to do with “authenticity,” since the Barcelona Wine Bar concept is just as much a manufactured concept as that of Cracker Barrel and Starbucks (which have embraced QR codes and related technologies).

I only have one complaint that applied to both the Barcelona Wine Bar concept AND the Starbucks concept.

If you are an operator who puts little stock in on-site dining, recognize that customers on their phones often do not hear music, notice artwork and architectural details, nor care if the bartender is smiling or not.

Perhaps there’s a reason why customers do not hear your music.

Perhaps the customers do not like your music.

If a restaurant truly wants to facilitate conversation, turn the danged music off!

From https://sincerelythe80s.com/2018/08/29/what-do-you-want-to-do-with-your-life/

Digital identity and…the United Nations Sustainable Development Goals?

Over the last few years, I have approached digital identity(ies) from a particular perspective, concentrating on the different types of digital identities that we have (none of us has a single identity, when you think about it), and the usefulness of these identities for various purposes, including purposes in which the identity of the person must be well established.

I have also noted the wide list of organizations that have expressed an interest in digital identity. Because of pressing digital identity needs, many of these organizations have moved forward with their own digital identity proposals, although now they are devoting more effort to ensure that their individual proposals play well with the proposals of other organizations.

Enter the United Nations (or part of it)

Well, let’s add one more organization to the list of those concerned about digital identity: the United Nations.

Although actually “the United Nations” is in reality a whole bunch of separate organizations that kinda sorta work together under the UN umbrella. But each of these organizations can get some oomph (an international relations diplomatic turn) from trumpeting a UN affiliation.

So let’s look at the Better Than Cash Alliance.

Based at the United Nations, the Better Than Cash Alliance is a partnership of governments, companies, and international organizations that accelerates the transition from cash to responsible digital payments to help achieve the Sustainable Development Goals

Note right off the bat that the Better Than Cash Alliance is not focused on digital identity per se, but digital payments. (Chris Burt of Biometric Update notes this focus.) Of course, digital payments and digital identity are necessarily intertwined, as we will see in a minute.

Enter the Sustainable Development Goals

But more importantly, digital payments themselves are not the ultimate goal of the Better Than Cash Alliance. Digital payments are only a means to an end to realize the United Nations Sustainable Development Goals, issued by a different UN organization.

Because of its primary focus, the Better Than Cash Alliance concentrates on issues that I myself have only studied in passing. For example, I have concentrated on the issues faced by people with no verifiable identity, but have not specifically looked at this from the lens of Sustainable Development Goal number 5, Gender Equality.

Principle 2 of the UN Principles for Responsible Digital Payments (October 2021 revision)

For this post, however, I’m going to focus on the digital identity aspects of the Better Than Cash Alliance and its report, UN Principles for Responsible Digital Payments (PDF), which was just updated this month (October 2021).

One of the key factors outlined in the report is “trust.” Now trust can have a variety of meanings (including trust that the information about my identity will not be used to throw me into a terrorist concentration camp), but for my purposes I want to concentrate on the trust that I, as a digital payments recipient, will receive the payments to which I am entitled.

To that end, the revised principles include items such as “ensure funds are protected and accessible” (principle 2), “champion value chain accountability” (principle 9), and other principles that impact on digital identity.

The introduction to the discussion on principle 2 highlights the problem:

A prerequisite of digital payments is that they match or surpass the
qualities of cash. All users rightly expect their funds to be safe and readily available, but this is not always the case. The causal factors behind this are multiplex.

(“Multiplex”? Yes, this document was written by government committees. Or movie theater owners.)

AMC Ontario Mills. (California, not Canada.) By Coolcaesar – Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=104309320

To avoid the multiplexity of these issues, one offered response is to “proactively track and protect against unauthorized transactions, including fraud and mistakes.” This can be done by several methods near and dear to us in identity-land:

Advocate for appropriate security controls to mitigate transaction risks (e.g., biometric security,³⁴ two factor authentication,³⁵ limits on logins or transaction amounts,³⁶ creating “need-to-know” administrative privileges for interacting with client data).

Now most people who read this report aren’t interested in the footnotes. But I am. Here are footnotes 34, 35, and 36 from the document.

34 Examples include the use of biometrics in India’s Aadhaar identification system, and UNHCR’s use of iris technology to distribute cash to refugees in Jordan
35 See EU PSD2 Articles 97–98, Ghana’s Payments Systems and Service Act, 2019 (section 65(1)), and Malawi’s 2019 e-Money regulations (section 17)
36 India Master Direction on Prepaid Payment Instruments, Section 15.3

Of course the report could have cited other examples, such as the use of fingerprints for benefits payments in the United States in the 1990s and 2000s, but I’m sure that falls afoul of some Sustainable Development Goal.

Although it’s harder to criticize a UN entity, such as the aforementioned UNHCR, when it uses biometrics.

Or maybe it isn’t that hard, when you think about Access Now’s criticisms of the UNHCR program.

Refugees should not be required to hand over personal biometric data in exchange for basic needs such as purchasing food, or accessing money. However, iris scan technology supplied by UK-registered company, IrisGuard, is reportedly being used by the World Food Programme (WFP) and the United Nations High Commissioner for Refugees (UNHCR) in refugee camps and urban centers in Jordan.
Based on reports suggesting the absence of meaningful consent, and an opaque privacy policy, Access Now has serious objections to the lack of transparency and privacy safeguards around this precarious tech rollout.

Wow. Jordan is as bad as Illinois. Maybe Jordan needs a BIPA! Hope their doorbell cameras aren’t a problem…

So while the Better Than Cash Alliance is focusing on other things, it’s at least paying lip service to some of the stronger identity controls that many in the identity industry advocate.

Of course, it’s outside of the scope of the Better Than Cash Alliance to dictate HOW to implement “appropriate security controls.”

But anything that saves the whales AND the plankton (and complies with BIPA) will be met with approval.

Freelancing example from Florida

I’m obviously interested in freelancing stories, so I was intrigued when PBS shared this story from Next Avenue. It’s an update on the story of Joan and Steve Reid, who moved from suburban New York to Vero Beach, Florida on 2019.

Photo by Don Lamson from City of Vero Beach website. https://www.covb.org/gallery.aspx?PID=156

While it’s cast as a “retirement” story (both were 67 in 2019), it’s actually a freelancing story.

Both Joan and Steve had been working part-time in New York (as a librarian and florist, respectively), and they initially planned to get part-time employment (minimum wage, 10 hours a week) when they relocated to Vero Beach.

They’ve given up on that idea. “We looked initially, when we arrived,” Joan explains. “But both of us quickly realized we were square pegs trying to fit into round holes.”

So they turned to freelancing.

Steve, who creates art from found objects and mixed media, sold two pieces of art this year for a total of $350.
From November 2019 to April 2021, Joan worked as a content editor for two local magazines, grossing $800 a month. “This was an incredible boost for us,” she says. She earned $630 in 2019 from freelance writing, editing and teaching, but only $305 in 2020 and zero so far in 2021.

Joan also self-published a book on Amazon, and expects to earn $45 from the book in November.

So they’re not getting rich from freelancing, but luckily have other sources of income including pensions and Social Security (which they began to receive at age 62).

Perhaps they could increase their freelancing income, but they’re retired. And apparently enjoying themselves.

Canada’s IRCC ITQ B7059-180321/B and the biometric proposals chess match

In a competitive bid process, one unshakable truth is that everything you do will be seen by your competitors. This affects what you as a bidder do…and don’t do.

My trip to Hartford for a 30 minute meeting

I saw this in action many years ago when I was the product manager for Motorola’s Omnitrak product (subsequently Printrak BIS, subsequently part of MorphoBIS, subsequently part of MBIS). Connecticut and Rhode Island went out to bid for an two-state automated fingerprint identification system (AFIS). As part of the request for proposal process, the state of Connecticut scheduled a bidders’ conference. This was well before online videoconferencing became popular, so if you wanted to attend this bidders’ conference, you had to physically go to Hartford, Connecticut.

The Mark Twain House in Hartford. For reasons explained in this post, I spent more time here than I did at the bidders’ conference itself. By Makemake, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=751488

So I flew from California to Connecticut to attend the conference, and other people from other companies made the trip. That morning I drove from my hotel to the site of the conference (encountering a traffic jam much worse than the usual traffic jams back home), and I and the competitors assembled and waited for the bidders’ conference to begin.

The state representative opened the floor up to questions from bidders.

Silence.

No one asked a question.

We were all eyeing each other, seeing what the other people were going to ask, and none of us were willing to tip our hands by asking a question ourselves.

Eventually one or two minor questions were asked, but the bidders’ conference ended relatively quickly.

There are a number of chess-like tactics related to what bidders do and don’t do during proposals. Perhaps some day I’ll write a Bredemarket Premium post on the topic and spill my secrets.

But for now, let’s just say that all of the bidders successfully kept their thoughts to themselves during that conference. And I got to visit a historical site, so the trip wasn’t a total waste.

And today, it’s refreshing to know that things don’t change.

When the list of interested suppliers appears to be null

Back on September 24, the Government of Canada issued an Invitation to Qualify (B7059-180321/B) for a future facial recognition system for immigration purposes. This was issued some time ago, but I didn’t hear about it until Biometric Update mentioned it this morning.

Now Bredemarket isn’t going to submit a response (even though section 2.3a says that I can), but Bredemarket can obviously help those companies that ARE submitting a response. I have a good idea who the possible players are, but to check things I went to the page of the List of Interested Suppliers to see if there were any interested suppliers that I missed. The facial recognition market is changing rapidly, so I wondered if some new names were popping up.

So what did I see when I visited the List of Interested Suppliers?

An invitation for me to become the FIRST listed interested supplier.

That’s right, NO ONE has publicly expressed interest in this bid.

A screen shot of https://buyandsell.gc.ca/procurement-data/tender-notice/PW-XS-002-39912/list-of-interested-suppliers as of the late morning (Pacific time) on Monday, October 11.

And yes, I also checked the French list; no names there either.

There could be one of three reasons for this:

Potential bidders don’t know about the Invitation to Qualify. This is theoretically possible; after all, Biometric Update didn’t learn about the invitation until two weeks after it was issued.
No one is interested in bidding on a major facial recognition program. Yeah, right.
Multiple companies ARE interested in this bid, but none wants to tip its hand and let competitors know of its interest.

My money is on reason three.

Hey, bidders. I can keep your secret.

As you may have gathered, as of Monday October 11 I am not part of any team responding to this Invitation to Qualify.

If you are a biometric vendor who needs help in composing your response to IRCC ITQ B7059-180321/B before the November 3 due date, or in framing questions (yes, there are chess moves on that also), let me know.

I won’t tell anybody.

Send me an email at john.bredehoft@bredemarket.com.
Or go to calendly.com/bredemarket to book a meeting with me.
Or go to bredemarket.com/contact/ to use my contact form.

Friday thoughts on expungement

The act of looking at something changes it.
fs.blog, The Observer Effect: Seeing Is Changing

By Dhatfield – Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=4279886

(I am not a lawyer. I figure that I should say that up front.)

As an automated fingerprint identification system (AFIS) product manager, and in other roles related to AFIS, I have dealt with the concept of expungement.

The American Bar Association (ABA) defines expungement as follows:

In law, “expungement” is the process by which a record of criminal conviction is destroyed or sealed from state or federal record. An expungement order directs the court to treat the criminal conviction as if it had never occurred, essentially removing it from a defendant’s criminal record…

This post looks at various aspects of expungement, including its applicability outside of government (both in the US and in GDPR-land), the difference between sealing and destruction of records, how your (above) average technology product manager deals with expungement, and my huge philosophical question regarding the DOCUMENTING of expungement.

You can’t expunge the public record

Now obviously there are limits to the effects of expungement. If the California court system were to declare that some notorious criminal’s conviction were to be expunged, it would be impossible to treat the conviction “as if it had never occurred,” at least in the public eye. Millions of websites, newspaper and magazine articles, and books would have recorded the conviction for posterity, and it isn’t like you can go from house to house and remove every copy of the relevant People magazine article or New York Post article that mentioned the conviction.

New York Post, “OJ does ‘lard’ time!” https://nypost.com/2013/05/14/oj-does-lard-time/

Well, at least you can’t remove them in my country.

Or maybe you can

It’s a different matter in the countries where the General Data Protection Regulation (GDPR) is in force, where at least the online public record of a conviction CAN be removed. Article 17 of the GDPR (the “right to erasure” or the “right to be forgotten”) says in part:

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies…
…the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject…

So in this case an expungement order CAN be extended beyond government records.

Or at least to the online search record. In late 2019, Google was ordered to remove record of three 1999 Der Spiegel articles that mentioned a convicted murderer.

But in a 2018 case, web archives did NOT have to remove records of a 1991 murder.

But perhaps there are dark web samizdat records that detail all of these non-forgotten facts, far from the prying eyes of the enforcers in Brussels.

The difference between sealing and destroying a record

Let’s return to government records in the U.S.

Because expungement is (mostly) a state process, the specific details of expungement differ from state to state. As the ABA notes, different states have different definitions of how records should be expunged.

The ABA notes that in Kentucky, it is sufficient to seal the record, which means that only certain privileged people can view the record, but the record still exists. (I was unable to independently confirm that this is still the case in Kentucky, but it appears that Arkansas generally only offers sealing, with the exception of juvenile records.)
The state of Washington, however, requires all expunged records to be destroyed so that NO ONE can see them. RCW 13.50.270 details how and when records should be destroyed when destruction is required.

How to implement expungement

As an AFIS product manager, I had to think about the consequences of expungement. For a live AFIS, the method for handling this varied.

In the cases where it was sufficient to seal a record, the whole process could be handled by role based access control. My products (Omnitrak and Printrak BIS) had long lists of access privileges, and different access privileges could be assigned to different roles. So, for example, the privilege to view a sealed record could be given to a “supervisor” role, but denied to a “trainee” role.
In the cases where you actually needed to destroy an expunged record, you would of course handle things differently. Someone whose role had the privilege to delete records would simply go to the record in question, double-check and triple-check to make sure that the right record was selected, ask the system to delete the record, and answer the inevitable “Are you sure?” question to actually delete the record.

Note that the descriptions above apply to a live AFIS. If you REALLY wanted to be thorough about this, you’d need to think about the backups. Any critical system such as an AFIS is backed up on multiple levels, with the backups stored in different areas. So perhaps an underground bunker several hundred miles from the AFIS site might contain a year old backup that may include an expunged record. Something to think about.

How to document expungement

But these concerns paled in comparison to the philosophical one that surrounds any mention of expungement.

Let’s say that I was convicted of burglary, my state allows me to expunge my burglary conviction, and my state is one of the states that requires destruction of expunged records. (For the record, I was never convicted of burglary. But how would you know?)

To start the process, I or my lawyer would have to fill out a form (here’s Illinois’ form) listing the case numbers of the records that I want expunged.

From https://www.illinoiscourts.gov/Resources/63e583ab-1471-46dc-a463-512f8d735cf8/ExpungementSealing_Notice_Approved.pdf

After I (or my lawyer) submitted my request, some process would need to take place to approve the request to expunge.

After that, the records would be expunged in accordance with the relevant state laws.

So far so good.

But what happens next?

From my perspective, I would want to make sure that the records were expunged as I requested. From the state’s perspective, the state would want to ensure that the expungement order was carried out.

But if I file a question with the state that asks whether my burglary conviction was expunged, I am acknowledging within state records that I was convicted for burglary. And if the state produces a report of the records that were expunged, and my burglary conviction is listed on it, then the state is acknowledging within state records that I was convicted for burglary.

I guess the workaround is for me to ask the state, “Hey state, could you provide me with a list of my criminal convictions?” At this point the state would respond, “Here’s your list of criminal convictions…hmm, you don’t have any.”

At this point I would ask, “Are you sure?”

So the state would respond, “Well, let’s check the backups.”

(Sigh.)

By DC Comics – Two-Face Year One #2, Fair use, https://en.wikipedia.org/w/index.php?curid=62328520

How the “CSI effect” can obscure the limited role of DNA-based investigative leads

(Part of the biometric product marketing expert series)

People have been talking about the “CSI effect” for decades.

In short, the “CSI effect” is characterized as the common impression that forensic technologies can solve crimes (and must be used to solve crimes) in less than an hour, or within the time of a one-hour television show.

Fair use, https://en.wikipedia.org/w/index.php?curid=13587416

When taken to its extreme, juries may ask why the law enforcement agency didn’t use advanced technological tools to solve that jaywalking case.

Advanced technological tools like DNA, which has been commonly perceived to be the tool that can solve every single crime.

Well, that and video, because video is powerful enough to secure a conviction. But that’s another story.

Can DNA result in an arrest in a Denver homicide case?

A case in point is this story from KDVR entitled “DNA in murder case sits in Denver crime lab for 11 months.”

This is a simple statement of fact, and is not that surprising a statement of fact. Many crime labs are inundated with backlogs of DNA evidence and other forensic evidence that has yet to be tested. And these backlogs ARE creating difficulties in solving crimes such as rapes.

But when you read the article itself, the simple statement of fact is painted as an abrogation of responsibility on the part of law enforcement.

A father is making an emotional plea and putting up $25,000 of his own money to help find his son’s killer.

He is also asking the Problem Solvers to look into the time it has taken for DNA evidence to be tested in this case and others.

Tom O’Keefe said it’s taking too long to get answers and justice.

From this and other statements in the article, a picture emerges of an unsolved crime that can only be solved by the magical tool of DNA. If DNA is applied to this, just like they do on TV, arrests will be made and the killer will be convicted.

So why is it taking so long to do this?

Why is justice not being served?

KDVR is apparently not run by impassioned activists, but by journalists. And it is important from a journalistic perspective to get all sides of the story. Therefore, KDVR contacted the Denver Police Department for its side of the story.

The Denver Police Department has identified all parties involved, and the investigation shows multiple handguns were fired during this incident. While this complex case remains open, which limits details we can provide, we can verify that a significant amount of forensic work has been completed, but some remains. Investigators believe the pending forensic analysis can potentially support a weapon-related charge but will not further the ongoing homicide investigation.

OK, let’s grant that they’re not trying to identify an unknown assailant, since “all parties involved” are known.

But once that DNA is tested, isn’t that going to be the magic tool that provides the police with probable cause to arrest the killer?

Um, no.

Even IF the DNA evidence DOES happen to show a significant probability that an identifiable person committed the homicide, that in itself is not sufficient reason to arrest someone.

Why not?

Because you can’t arrest someone on DNA evidence alone.

DNA evidence can provide an investigative lead, but it has to be corroborated with other evidence in order to secure an arrest and a conviction. (Don’t forget that the evidence has to result in a conviction, and in most of the United States that requires that the evidence show beyond a reasonable doubt that the person committed the crime.)

Why was a serial killer in three European countries never brought to justice, despite overwhelming DNA evidence?

Reasonable schmeasonable.

If DNA ties someone to a crime, then the person committed the crime, right?

Let’s look at the story of a serial killer who terrorized Europe for over a decade, even though ample DNA evidence was found at each of the murder scenes, beginning with this one:

In 1993, a 62-year-old woman was found dead in her house in the town of Idar-Oberstein, strangled by wire taken from a bouquet of flowers discovered near her body.

Nobody had any information on what might have happened to Lieselotte Schlenger. No witnesses, no suspects, no signs of suspicious activity (except for the fact that she’d been strangled to death with a piece of wire, of course). But on a bright teacup near Schlenger, the police found DNA, the only clue to surface at all.

The case went cold, given that the only lead was the DNA of an unknown woman, and there was no match. Yet.

Eight years later, in 2001, there was a match when the same woman’s DNA was found at a murder scene of a strangulation victim in Freiburg, Germany. Police now knew that they were dealing with a serial killer.

But this time, the woman didn’t wait another eight years to strike again.

Five months after the second murder scene, her DNA showed up on a discarded heroin syringe, after a 7-year-old had stepped on it in a playground in Gerolstein. A few weeks later it showed up on an abandoned cookie in a burgled caravan near Bad Kreuznach, like she’d deliberately spat out a Jammy Dodger as a calling card. It was found in a break-in in an office in Dietzenbach, in an abandoned stolen car in Heilbronn, and on two beer bottles and a glass of wine in a burgled bar in Karlsruhe, like she’d robbed the place but stuck around for a few cheeky pints.

And her activities were not confined to Germany.

Over the apparent crime spree, her DNA was sprayed across an impressive 40 crime scenes in Austria, southern Germany, and France, including robberies, armed robberies, and murders.

In 2009, the case took an even more bizarre turn.

Police in France had discovered the burned body of a man, believed to be from an asylum seeker who went missing in 2002. During his application, the man had submitted fingerprints, which the police used to try and confirm his identity. Only, once again, they found the DNA of the phantom.

“Obviously that was impossible, as the asylum seeker was a man and the Phantom’s DNA belonged to a woman,” a spokesperson for the Saarbrücken public prosecutor’s office told Spiegel Online in 2009.

But how could this be?

DNA evidence had tied the woman, or man, or whatever, to six murders and numerous other crimes. There was plenty of evidence to identify the criminal.

What went wrong?

Well, in 2009 police finally figured out how DNA evidence had ended up at all of these crime scenes in three countries.

The man’s death led to an explanation of the case: there was no serial killer, and the DNA could be traced to a woman working in a packing center specializing in medical supplies. It was all down to DNA contamination.

Well, couldn’t that packing woman be convicted of the serial murders and other crimes, based upon the DNA evidence?

No, because there was no other evidence linking the woman to the crimes, and certainly “reasonable doubt” (or the European criminal justice equivalent) that the woman was also the dead male asylum seeker.

This is why DNA is only an investigative lead, and not evidence in and of itself.

But the Innocence Project always believes that DNA is authoritative evidence, right?

Even those who champion the use of DNA admit this.

If you look through the files of people exonerated by the Innocence Project, you find a common thread in many of them.

Much of the evidence gathered before the suspect’s original conviction indicated that the suspect was NOT the person who committed the crime. Maybe the family members testified that the suspect was at home the entire time and couldn’t have committed the crime in question. Or maybe the suspect was in another city.

However, some piece of evidence was so powerful that the person was convicted anyway. Perhaps it was eyewitness testimony, or perhaps something else, but in the end the suspect was convicted.

Eventually the Innocence Project got involved, and subsequent DNA testing indicated that the suspect was NOT the person who committed the crime.

This in and of itself didn’t PROVE that the person was innocent, but the DNA test aligned with much of the other evidence that had previously been collected. It was enough to cast a reasonable doubt on the conviction, allowing the improperly convicted suspect to go free.

But there are some cases in which the Innocence Project says that even DNA evidence is not to be trusted.

Negligence in the Baltimore Police Department’s crime lab tainted DNA analysis in an unknown number of criminal cases for seven years and raises serious questions about other forensic work in the lab, the Innocence Project said today in a formal allegation that the state is legally required to investigate.

DNA contamination, the same thing that caused the issues in Europe, also caused issues in Baltimore.

And there may be other explanations for how a person’s DNA ended up at a crime scene. Perhaps a police officer was careless and left his or her DNA at a crime scene. Perhaps someone was at a crime scene and left DNA evidence, even though that person had nothing to do with the crime.

In short, a high probability DNA match, in and of itself, proves nothing.

Investigative leads and reasonable doubt are very important considerations, even if they don’t fit into a one-hour TV show script.

Why ONT’s international flights depart from (but do not arrive at) Terminal 2, and why there is no Terminal 3

I learned some fun facts during Eren Cello’s presentation to the Greater Ontario Business Council this morning, and filed those in my brain along with some other facts that I have collected over the years.

Cello is the Director of Marketing and Communications for Ontario International Airport in Ontario, California. Which, incidentally, is not in Canada.

Ontario International Airport in the 1980s and 1990s

I first became aware of Ontario International Airport in October 1983, when I flew in from Portland, Oregon for a job interview. Back in those days, you didn’t walk from the airplane straight into the terminal. Instead, you walked to a flight of stairs, went down the stairs, then walked across the runway to enter the terminal.

As Ontario and the surrounding area grew over the years, the then-owner of Ontario International Airport (Los Angeles World Airports) decided that an ambitious expansion of the airport was in order, including modern, multi-level terminals with check-in and baggage claim on the first floor, and the gates and shops on the second floor. Instead of renovating the existing terminal, LAWA decided to build two brand new terminals. These terminals were opened in 1998 and were designated “Terminal 2” and “Terminal 4.” As soon as traffic increased to the required level, LAWA would go ahead and build Terminal 3 between the two terminals.

And the old terminal, now “Terminal 1,” was closed.

Ontario International Airport Terminal 1 as of September 2021, 20 years after airport traffic changed forever.

It sounded like a sensible design and a sensible plan. What could go wrong?

Ontario International Airport in the 2000s and 2010s

Well, three years after Terminals 2 and 4 opened, 9/11 happened. This had two immediate effects.

First, the anticipated increase in passenger traffic needed to open Terminal 3 didn’t happen.

There were other alleged reasons for this which eventually led to the separation of Ontario International Airport from LAWA, but those are beyond the scope of this post. I wrote about them in a personal blog at the time; here’s an example.

Second, increased security meant that the second floors of Terminals 2 and 4 were accessible to passengers only.

The days of walking to the gate to send off departing passengers and greet arriving ones were gone forever.

And for all of those businesses that were located on the second floors of the two terminals, their customer base was cut dramatically, since non-ticketed individuals were confined to the first floors of the terminals. Until recently, those first floors only included the random vending machine to serve visitors. Only now is the situation starting to improve.

But Ontario International Airport survived 9/11, and has survived COVID (although traffic is still only at 93% of 2019 levels).

According to Cello, Ontario International Airport now serves 11 passenger airlines with nonstop flights to destinations in the United States, Mexico, Central America, and Asia.

The second most fascinating fun fact

But of all the fun facts I learned today, the second most fascinating fun fact was the reason why the international airlines are based in Terminal 2 rather than Terminal 4. No, it’s not because Southwest has so many flights in Terminal 4 that there is no room for anyone else. Actually, parts of Terminal 4 are closed; if you see a film with someone at Gate 412, you know the film is staged. See 15:08 of this video.

The reason why the international airlines are based in Terminal 2 is because that terminal is the only one designed for the large wide-body jets that go to international destinations.

Southwest Airlines, of course, has a different operating model that doesn’t need a lot of wide-body jets.

International services in the future and in the past

Incidentally, there are both short-term and long-term plans to improve the facilities for international passengers, who currently can depart from Terminal 2 but have to arrive at a completely separate “international arrivals terminal” (reviews) and go through security there.

And if you’re wondering why Ontario International Airport doesn’t have optimum service for international passengers, the “international” in the airport’s designation merely means that there is at least one existing flight to an international destination. For Ontario, trans-Pacific cargo flights existed back in the 1940s, and the first passenger flight from an international destination occurred (according to Wikipedia) on May 18, 1946, when a Pacific Overseas Airlines flight arrived from Shanghai. (This was the Pacific Overseas Airlines based in Ontario, California, not the Pacific Overseas Airlines in Siam. The Ontario company appears to have only been in existence for a year or so.)

Of course, back in 1946, international passengers didn’t have great expectations. Leaving the plane by going down a flight of stairs was the normal mode of operations; none of this walking from the airplane straight into the airport building.

The Beatles arrive at the former Idlewild Airport on February 7, 1964. Note the stairway in the background. By United Press International, photographer unknown – This image is available from the United States Library of Congress’s Prints and Photographs division under the digital ID cph.3c11094.This tag does not indicate the copyright status of the attached work. A normal copyright tag is still required. See Commons: Licensing for more information., Public Domain, https://commons.wikimedia.org/w/index.php?curid=4532407

The MOST fascinating fun fact

Oh, and in case you’re wondering why the wide-body jet service is only the second most fascinating fun fact, I learned something else today.

The “Paw Squad” at Ontario International Airport has their own trading cards!

From https://twitter.com/flyONT/status/1445797568135393285

What I’m doing 10/29/2021

#apmp Western Chapter Training Day

Contactless fingerprint scanning (almost) software at #connectID

Let me kick off this post by quoting from another post that I wrote:

I’ve always been of the opinion that technology is moving away from specialized hardware to COTS hardware. For example, the fingerprint processing and matching that used to require high-end UNIX computers with custom processor boards in the 1990s can now be accomplished on consumer-grade smartphones.

Further evidence of this was promoted in advance of #connectID by Integrated Biometrics.

From https://integratedbiometrics.com/slapshot.

And yes, for those following Integrated Biometrics’ naming conventions, there IS a 1970s movie called “Slap Shot,” but I don’t think it has anything to do with crime solving. Unless you count hockey “enforcers” as law enforcement. And the product apparently wasn’t named by Integrated Biometrics anyway.

But back to the product:

SlapShot supports the collection of Fingerprint and facial images suitable for use with state of the art matching algorithms. Fingerprints can now be captured by advanced software that enables the camera in your existing smart phones to generate images with a quality capable of precise identification. Facial recognition and metadata supplement the identification process for any potential suspect or person of interest.
This groundbreaking approach turns almost any smart phone into a biometric capture device, and with minimal integration, your entire force can leverage their existing smart phones to capture fingerprints for identification and verification, receiving matching results in seconds from a centralized repository.

Great, you say! But there’s one more thing. Two more things, actually:

SlapShot functions on Android devices that support Lollipop or later operating systems and relies on the device’s rear high-resolution camera. Images captured from the camera are automatically processed on the device in the background and converted into EBTS files. Once the fingerprint image is taken, the fingerprint matcher in the cloud returns results instantly.
The SlapShot SDK allows developers to capture contactless fingerprints and other biometrics within their own apps via calls to the SlapShot APIs.

Note that SlapShot is NOT intended for end users, but for developers to incorporate into existing applications. Also note that it is (currently) ONLY supported on Android, not iOS.

But this does illustrate the continuing move away from dedicated devices, including Integrated Biometrics’ own line of dedicated devices, to multi-use devices that can also perform forensic capture and perform or receive forensic matching results.

And no, Integrated Biometrics is not cannibalizing its own market. I say this for two reasons.

First, there are still going to be customers who will want dedicated devices, for a variety of reasons.
Second, if Integrated Biometrics doesn’t compete in the smartphone contactless fingerprint capture market, it will lose sales to the companies that DO compete in this market.

Contactless fingerprint capture has been pursued by multiple companies for years, ever since the NIST CRADA was issued a few years ago. (Integrated Biometrics’ partner Sciometrics was one of those early CRADA participants, along with others.) Actually this effort launched before that, as there were efforts in 2004 and following years to capture a complete set of fingerprints within 15 seconds; those efforts led, among other things, to the smartphone software we are seeing today. Not only from Integrated Biometrics/Sciometrics, but also from other CRADA participants. (Don’t forget this one.)

Of the CRADA partners, MorphoTrak is now IDEMIA, Diamond Fortress is now Telos ID, Hoyos Labs is now Veridium, AOS is no longer in operation, and 3M’s biometric holdings are now part of Thales. Slide 10 from the NIST presentation posted at https://www.nist.gov/system/files/documents/2016/12/14/iai_2016-nist_contactless_fingerprints-distro-20160811.pdf

Of course these smartphone capture software packages aren’t Electronic Biometric Transmission Specification (EBTS) Appendix F certified, but that’s another story entirely.

Monitoring the #connectid hashtag

I have a long history with hashtags.

A LONG history.

Fires and parades

How long?

Back on October 23, 2007, I used my then-active Twitter account to tweet about the #sandiegofire. The San Diego fire was arguably the first mass adoption of hashtags, building upon pioneering work by Stowe Boyd and Chris Messina and acted upon by Nate Ritter and others.

From https://twitter.com/oemperor/status/358071562. Frozen peas? Long story.

The tinyurl link directed followers to my post detailing how the aforementioned San Diego Fire was displacing sports teams, including the San Diego Chargers. (Yes, kids, the Chargers used to play in San Diego.)

So while I was there at the beginning of hashtags, I’m proudest of the post that I wrote a couple of months later, entitled “Hashtagging Challenges When Events Occur at Different Times in Different Locations.” It describes the challenges of talking about the Rose Parade when someone is viewing the beginning of the parade while someone else is viewing the end of the parade at the same time. (This post was cited on PBWorks long ago, referenced deep in a Stowe Boyd post, and cited elsewhere.)

Hashtag use in business

Of course, hashtags have changed a lot since 2007-2008. After some resistance, Twitter formally supported the use of hashtags, and Facebook and other services followed, leading to mass adoption beyond the Factory Joes of the world.

Ignoring personal applications for the moment, hashtags have proven helpful for business purposes, especially when a particular event is taking place. No, not a fire in a major American city, but a conference of some sort. Conferences of all types have rushed to adopt hashtags so that conference attendees will promote their conference attendance. The general rule is that the more techie the conference, the more likely the attendees will use the conference-promoted hashtag.

I held various social media responsibilities during my years at MorphoTrak and IDEMIA, some of which were directly connected to the company’s annual user conference, and some of which were connected to the company’s attendance at other events. Obviously we pulled out the stops for our own conferences, including adopting hashtags that coincided with the conference theme.

A tweet https://twitter.com/JEBredCal/status/1124159756157849600 from the last (obviously celebratory) night of IDEMIA’s (Printrak’s) 40th conference in 2019. Coincidentally, this conference was held in San Diego.

And then when the conference organizers adopt a hashtag, they fervently hope that people will actually USE the adopted hashtag. As I said before, this isn’t an issue for the technical conferences, but it can be an issue at the semi-technical conferences. (“Hey, everybody! Gather around the screen! Someone used the conference hashtag…oh wait a minute, that’s my burner account.”)

A pleasant surprise with exhibitor/speaker adoption of the #connectID hashtag

Well, I think that we’ve finally crossed a threshold in the biometric world, and hashtags are becoming more and more acceptable.

As I previously mentioned, I’m not attending next week’s connect:ID conference in Washington DC, but I’m obviously interested in the proceedings.

So I turned to Twitter to check if anyone was using a #connectID hashtag in advance of the event. (Helpful hint: hashtags cannot include special characters such as “:” so don’t try to tweet #connect:ID; it won’t work and will appear as #connect.) Using the date-sorted search https://twitter.com/search?q=%23connectid&src=typed_query&f=live, I was expecting to see a couple of companies using the hashtag…if I was lucky.

I was pleasantly surprised to see that nearly two dozen exhibitors and speakers were using the #connectID hashtag (or referenced via the hashtag) as of the Friday before the event, including Acuity Market Intelligence, Aware, BIO-key, Blink Identity, Clearview AI, HID Global, IDEMIA, Integrated Biometrics, iProov, Iris ID, Kantara, NEC and NEC NSS, Pangiam, Paravision, The Paypers, WCC, WorldReach Software/Entrust, and probably some others by the time you read this, as well as some others that I may have missed.

And the event hasn’t even started yet.

At least some of the companies will have the presence of mind to tweet DURING the event on Tuesday and Wednesday.

Will yours be one of them?

But company adoption is only half the battle

While encouraging to me, adoption of a hashtag by a conference’s organizers, exhibitors, and speakers is only the beginning.

The true test will take place when (if) the ATTENDEES at the conference also choose to adopt the conference hashtag.

According to Terrapin (handling the logistics of conference organization), more than 2,500 people are registered for the conference. While the majority of these people are attending the free exhibition, over 750 of them are designated as “conference delegates” who will attend the speaking sessions.

How many of these people will tweet or post about #connectID?

We’ll all find out on Tuesday.