Bredemarket

Read Mike French’s “Why agencies should conduct their own AFIS benchmarks rather than relying on others.”

Today my content calendar says that I’m supposed to be posting about social media, so I’m going to discuss a LinkedIn article. That fits, doesn’t it?

Seriously, Mike French has posted his long-awaited (by me, anyway) article on the need for automated fingerprint identification system (AFIS) benchmarks. And his perspective is valuable.

People enter the AFIS industry in different ways. I entered the industry as a writer, and therefore needed some time to master the forensic and technical concepts. Mike came from the forensic disciplines, having worked in the Latent Print Unit at the King County Sheriff’s Office before joining Sagem Morpho, which became MorphoTrak, which became IDEMIA Identity & Security N.A.

By Frettie – Own work, CC BY 3.0, https://commons.wikimedia.org/w/index.php?curid=6158485

Because of this background, Mike obviously has an appreciation for a law enforcement agency’s forensic requirements, and why it is important for the agency to conduct its own benchmark of AFIS vendors. As Mike notes, more and more agencies are choosing to rely on independent measurements based on test data. This may not be the best course for an agency.

But go read Mike’s words yourself.

https://www.linkedin.com/pulse/why-agencies-should-conduct-own-afis-benchmarks-rather-mike-french/

Even Apple is moving to a service model. Biometric identity vendors are moving also.

Remember when you bought a big old hunk of hardware…and you owned it?

With cloud computing, significant portions of hardware were no longer owned by companies and people, but were instead provided as a service. And the companies moved from getting revenue from selling physical items to getting revenue from selling services.

From Apple Computer to Apple

Apple is one of those companies, as its formal name change from “Apple Computer” signifies.

Then “Apple Computer” circa 1978. From https://www.macrumors.com/2020/03/23/apple-computer-retail-sign/. Fair use.

Yet even as iTunes and “the” App Store become more prominent, Apple still made a mint out of selling new smartphone hardware to users as frequently as possible.

But Apple is making a change later in 2021, and Adrian Kingsley-Hughes noted the significance of that change.

The change?

So, it turns out that come the release of iOS 15 (and iPadOS 15) later this year, users will get a choice.
Quite an important choice.
iPhone users can choose to hit the update button and go down the iOS 15 route, or play it safe and stick with iOS 14.

Why is Apple supporting older hardware?

So Apple is no longer encouraging users to dump their old phones to keep up with new operating systems like the forthcoming iOS 15?

There’s a reason.

By sticking with iOS 14, iPhone users will continue to get security updates, which keeps their devices safe, and Apple gets to keep those users in the ecosystem.
They can continue to buy content and apps and pay for services such as iCloud.

Although Kingsley-Hughes doesn’t explicitly say it, there is a real danger when you force users to abandon your current product and choose another. (Trust me; I know this can happen.)

In Apple’s case, the danger is that the users could instead adopt a SAMSUNG product.

And these days, that not only means that you lose the sale of the hardware, but you also lose the sale of the services.

It’s important for Apple to support old hardware and retain the service revenue, because not only is its services business growing, but services are more profitable than hardware.

In the fiscal year 2019, Apple’s services business posted gross margins of 63.7%, approaching double the 32.2% gross margin of the company’s product sector.

If current trends continue, Apple’s services (iCloud, Apple Music, AppleCare, Apple Card, Apple TV+, etc.) will continue to become relatively more important to the company.

The biometric identity industry is moving to a service model also

Incidentally, we’re seeing this in other industries, for example as the biometric identity industry also moves from an on-premise model to a software as a service (SaaS) model. One benefit of cloud-based hosting of biometric identity services is that both software and the underlying hardware can be easily upgraded without having to go to a site, deploying a brand new set of hardware, transferring the data from one set of hardware to the other, and hauling away the old hardware. Instead, all of those activities take place at Amazon, Microsoft, or other data centers with little or no on-premise fuss.

(And, as an added benefit, it’s easier for biometric vendors to keep their current customers because obsolescence becomes less of an issue.)

Is your biometric identity company ready to sell SaaS solutions?

But perhaps your company is just beginning to navigate from on-premise to SaaS. I’ve been through that myself, and can contract with you to provide advice and content. I can wear my biometric content marketing expert hat, or my biometric proposal writing expert hat as needed.

The “T” stands for technology. Or something. By Elred at English Wikipedia – Transferred from en.wikipedia to Commons by Moe_Epsilon., Public Domain, https://commons.wikimedia.org/w/index.php?curid=3812206

Obviously this involves more than just saying “we’re cloud-ready.” Customers don’t care if you’re cloud-ready. Customers only care about the benefits that being cloud-ready provides. And I can help communicate those benefits.

If I can help you communicate the benefits of a cloud-ready biometric identity system, contact me (email, phone message, online form, appointment for a content needs assessment, even snail mail).

My LinkedIn article “Don’t ban facial recognition”

By TapTheForwardAssist – Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=98670006

This post serves as a pointer to an article that I just published on LinkedIn, “Don’t ban facial recognition.”

If you’re going to prohibit use of a particular tool, you may want to check the alternatives to that tool to see if the alternatives are better…or worse.

To read the article, go here.

(Bredemarket Premium) The drawbacks of a FOCI-mitigated subsidiary

Those portions of the U.S. government that deal with critical infrastructure are naturally concerned about foreign encroachment into U.S. Government operations, even from “friendly” nations. Therefore, the U.S. Government takes steps to mitigate the effects of “Foreign Ownership, Control or Influence” (FOCI).

I’ve worked for two companies that needed to undertake FOCI mitigation, and I know of others that have also done this. And while FOCI mitigation offers benefits to the United States, there are also drawbacks of which everyone involved should be aware.

Subscribe to get access

Subscribe to Bredemarket Premium to access this premium content.

Subscriptions just $5 per month.
Access Bredemarket’s expertise without spending hundreds or thousands of dollars.

The Pandora’s Box of the “passwords are dead” movement

I’ve previously commented on the “passwords are dead” movement, and why I don’t agree that passwords are dead. But I recently realized that the “logic” behind the “passwords are dead” movement could endanger ALL forms of multi-factor authentication.

If I may summarize the argument, the “passwords are dead” movement is based upon the realization that passwords are an imperfect authentication method. People use obvious passwords, people re-use passwords, individuals don’t guard their passwords, and even companies don’t guard the passwords that they store. Because of these flaws, many passwords have been compromised over the years.

From this indisputable fact, the “passwords are dead” advocates have concluded that the best thing to do is to refrain from using passwords entirely, and to use some other authentication method instead (choosing from the five authentication factors).

In my spiral of people connections, the most frequently suggested replacement for passwords is biometrics. As a biometric content marketing expert and a biometric proposal writing expert, I’m certainly familiar with the arguments about the wonderfulness of biometric authentication.

But wait a minute. Isn’t it possible to spoof biometrics? And when a biometric is compromised, you can’t change your finger or your face like you can with a compromised password. And the Internet tells me that biometrics is racist anyway.

So I guess “biometrics are dead” too, using the “passwords are dead” rationale.

And we obviously can’t use secure documents or other “something you have” modalities either, because “something you have” is “something that can be stolen.” And you can’t vet the secure document with biometrics because we already know that biometrics are spoofable and racist and all that.

So I guess “secure documents are dead” too.

Somewhere you are? Yeah, right. There are entire legitimate industries based upon allowing someone to represent that they are in one place when in fact they are in another place.

So I guess “geolocation is dead” too.

You see where this leads.

NO authentication method is perfect.

But just because an authentication method has imperfections doesn’t mean that it should be banned entirely. If you open the Pandora’s Box of declaring imperfect authentication methods “dead,” there will be NO authentication methods left.

Epimetheus opening Pandora’s Box. By Giulio Bonasone – This file was donated to Wikimedia Commons as part of a project by the Metropolitan Museum of Art. See the Image and Data Resources Open Access Policy, CC0, https://commons.wikimedia.org/w/index.php?curid=60859836

And before talking about multi-factor authentication, remember that it isn’t perfect either. With enough effort, a criminal could spoof multiple factors to make it look like someone with a spoofed face and a spoofed driver’s license is physically present at a spoofed location. Of course it takes more effort to spoof multiple factors of authentication…

…which is exactly the point. As security professionals already know, something that is harder to hack is less likely to be hacked.

“I don’t want to say multi-factor is terrible. All things considered, it is generally better than single-factor and we should strive to use it wherever it makes sense and is possible. However, if someone tells you something is unhackable, they’re either lying to you or dumb.”

And heck, be wild and throw a strong password in as ONE of the factors. Even weak passwords of sufficient length can take a long time to crack, provided they haven’t been compromised elsewhere.

Feel free to share the images and interactive found on this page freely. When doing so, please attribute the authors by providing a link back to this page and Better Buys, so your readers can learn more about this project and the related research.

Luckily, my experience extends beyond biometrics to other authentication methods, most notably secure documents and digital identity. And I’m familiar with multi-factor authentication methods that employ…well, multiple factors of authentication in various ways. Including semi-random presentation of authentication factors; if you don’t know which authentication factors will be requested, it’s that much harder to hack the authentication process.

Do you want to know more? Do you need help in communicating the benefits of YOUR authentication mechanism? Contact me.

Something I wrote elsewhere about the biometric systems development lifecycle

One of my non-Bredemarket blogs is JEBredCal, and I recently wrote something on that blog entitled “The biometric systems development lifecycle.”

By Horst59 – Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=64233808

The post describes several steps in the lifecycle, including:

Strategic/market assessment.
Product release definition and development.
Capture and proposal strategy.
Contract negotiation.
Business system requirements analysis.
Implementation.
Operation.
End of life.

At each stage, there are decisions that you need to make regarding whether you will pursue something, or instead choose NOT to pursue it.

Does it make sense to pursue this market? As Peter Kirkwood notes, sometimes you SHOULDN’T pursue a market.
Does it make sense to release this product? Again, maybe not.
Does it make sense to bid on this Request for Proposal? Again, maybe not. Especially if the opportunity cost of bidding on a low-PWin opportunity instead of another opportunity is high.

No, a “no” decision doesn’t mean that you stick a fork in it. The post implicitly refers to ANOTHER definition of a fork.

Case study example (that I didn’t write)

(Updated 4/16/2022 with additional benefits information.)

In my prior post about case studies, I observed:

Case studies are effective because they speak to the needs of the readers. The reader has a problem, and the case study tells how a similar entity solved that same problem.

After I wrote that, I happened to read this case study from Honeywell.

Making Better Business Decisions in Harris County, Texas. https://buildings.honeywell.com/us/en/solutions/case-studies/harris-county

I’ve worked with Honeywell’s customer, Harris County, Texas, but not on its security systems per se.

The case study follows a standard problem-solution format. After explaining the size and complexity of Harris County (the county where Houston is located), the problem is presented:

The problem? A lack of consistency in security products and transparency in systems used throughout the various buildings, which resulted in decreased operating efficiencies and more work for employees.

You’ll also note the use of “detriment statements,” or the reverse of benefit statements. Lack of consistency itself is NOT a detriment. More work for employees IS a detriment.

(4/16/2022: For additional information on benefits, click here.)

So the county called in a Texas-based integrator, ESI Fire & Security Protection, to help it solve the problem.

I don’t want to give away the ending, but if you want to find out what ESI recommended, read the rest of this case study on the Honeywell website.

And here is more information on case studies.

The DHS RFI “Minimum Standards for Driver’s Licenses and Identification Cards Acceptable by Federal Agencies for Official Purposes; Mobile Driver’s Licenses” is NOT due on June 18 (it’s now due July 30)

Back in April I wrote about a Request for Information that was issued by the Department of Homeland Security. Its title: “Minimum Standards for Driver’s Licenses and Identification Cards Acceptable by Federal Agencies for Official Purposes; Mobile Driver’s Licenses.”

The information was due to DHS on June 18 (tomorrow), and my post included a “shameless plug” offering to help companies with their responses.

No company requested my assistance.

But all is not lost, because you can STILL request Bredemarket’s assistance in composing your responses, because, according to Jason Lim, the due date has been extended.

DHS will hold a virtual public meeting on June 30, 2021 on mDL REAL ID RFI to answer questions regarding the RFI and to provide an additional forum for comments by stakeholders and other interested persons regarding the issues identified in the RFI.
DHS is also extending the comment period for the RFI by 42 calendar days to provide an additional period for comments to be submitted after the public meeting. New deadline is July 30, 2021.

If you want to register for the public meeting, click on the link at the bottom of Jason Lim’s LinkedIn post. I’ve already registered myself (the meeting starts at 7:00 am PDT, but at least I don’t have to commute to go to the meeting).

And the shameless plug still applies: if you need assistance in managing, organizing, writing, or checking your response, contact me (email, phone message, online form, appointment for a content needs assessment, even snail mail). As some of you already know, I have extensive experience in responding to RFIs, RFPs, and similar documents, and have been helping multiple companies with such responses under my Bredemarket consultancy.

Summer.

Bredemarket can’t please everyone.

TL;DV (too long, didn’t view): You can’t please everyone, so you’ve got to please yourself. I’m working on a possible future marketing campaign that centers on summer, even though it’s NOT summer in Australia, Brazil, or South Africa. But…that’s OK, since Bredemarket only does business with firms in the United States.

Yes, Walmart IS a technology company

I recently wrote something that mentioned various technology companies, and I initially included Walmart in the list.

Initially.

The post cataloged the companies that former coworkers were now working, and I wrote it knowing that one of my former coworkers was a Walmart. Well, you don’t know what you think you know. It turns out that this former coworker is no longer at Walmart (as I write this, she is at Comcast), but I had THIS entire post written up about Walmart as a technology company. So I’m going to go ahead and post it anyway.

Technology for better living

While many of us don’t think of Walmart as a tech company, in truth it is a tech company, and technology innovations play a key part in Walmart’s corporate dominance in its markets over many other players.

Sometimes Walmart dominates so much that other stores go out of business. This is a 2011 photo of a Sears big box store with subway station in Rego Park, Queens, New York City, New York. This location closed in 2017. By Jim.henderson – Own work, CC0, https://commons.wikimedia.org/w/index.php?curid=17912322

I was first exposed to Walmart’s technology orientation many years ago, even before Walmarts began opening in earnest in Southern California. At the time I was working for a consumer goods company, and Walmart was one of my company’s customers. Obviously Walmart was a big customer, and big customers have the power to tell their suppliers what to do.

Today’s acronym is EDI

And Walmart wanted the consumer goods company to do EDI.

Current Walmart EDI flow. From https://developer.walmart.com/doc/us/us-dsv-datatransfer/us-dsv-edi/. Fair use.

EDI stands for “Electronic Data Interchange,” and it offers a computerized method for two business entities to communicate business data between each other. Thus, Walmart was asking my employer to transmit data relating to our shipments of product to various Walmart stores, and Walmart incorporated this data into its internal inventory systems.

EDI has progressed a long way since I worked for that consumer goods company (the graphic above does NOT illustrate the flow that my former employer was using), but the basics remain the same.

Electronic data interchange (EDI) is a standard format for exchanging business documents. These documents are exchanged between suppliers and retailers. EDI is made up of two components: translation and communication. During the translation process, the business data is changed into a standardized EDI format.
Once the business document is translated into a standardized EDI format it is communicated (electronically sent) to the intended recipient. Just like with translation, there are various methods of EDI communications available. The method that is used by Walmart and their suppliers is AS2.

Not AS3, not AS1. AS2. Walmart is Walmart.

But not just EDI

And as you may guess, Walmart uses a number of other technologies to keep its mammoth business running. Such as blockchain.

How do you know your food is safe to eat?
This isn’t a question many of us often ask ourselves. But lately, food safety has been in the public eye: 2018 has already seen a large outbreak of E. coli in romaine lettuce and Salmonella in a number of products from eggs to breakfast cereal….
Today, Walmart and Sam’s Club sent a letter to suppliers of fresh, leafy greens asking them to trace their products all the way back to the farm using blockchain technology. Suppliers are expected to have all these systems in place by this time next year.

Again, Walmart is Walmart, and it wanted the suppliers to comply. And the suppliers had some work to do to come into compliance.

The basic requirement for those in far-flung rural areas includes a mobile device with geolocation features, so that other information such as date of harvest and size of the crop can be associated with specific coordinates. In cases where a farm might not be covered by wireless access, the information can be uploaded when there is coverage.

And yes, agriculture has moved far away from the family farm and is now accurately described by the term “agribusiness,” but I’m sure these agribusinesses weren’t thrilled about requiring the capture of geolocation, date, and harvest size data as a mandatory step in harvesting. And if there are any family farms left, they REALLY weren’t thrilled. (Not that small family farms are doing business with Walmart, but these requirements are going to flow down to smaller food sellers also.)

So yes, these data capture and blockchain requirements are onerous from the suppliers’ perspective. But think of Walmart’s perspective for the moment. If Walmart can convince its customers that its foods won’t make them sick, and if Walmart’s competitors can’t do this, then Walmart has a clear competitive advantage.

The retailer was motivated to focus its first “substantive, not symbolic” declaration as a result of several highly publicized E. coli outbreaks in the United States… — including five deaths — that were related to tainted romaine lettuce, according to Frank Yiannis, vice president of food safety and health for Walmart.

And not just Walmart

And these and other modern technologies are necessary for Walmart or any multi-billion dollar firm, or even much smaller firms. As I said, eventually consumers will demand blockchain or similar food tracing from all grocery stores.

Dollar General store in Arlington, Georgia. By Michael Rivera – Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=61224685

Yes, even Dollar General is embracing technology, but as far as I can tell it is concentrating on consumer-facing technology and hasn’t adopted blockchain yet. But I could be wrong.

These days, long after my former consumer goods employer went out of business, you’re not going to run your business on a Lotus 1-2-3 spreadsheet, even if Lotus IS integrated.