(Bredemarket Premium) Bredemarket tips for aspiring biometric freelancers (the 8/23/2021 11:45am edition)

So I just wrote a post that contained general tips for freelancers. But before launching into the meat of the post, I said the following:

I almost considered putting the Bredemarket Premium tag on this and making you pay to read it, but I’m not THAT much of a freelancing expert. (Yet.)

After I completed that post and shared it on Twitter, LinkedIn, and Facebook, I returned to my Bredemarket Premium idea. While my tips in the other post can help general freelancers, there are some things that I can share that are specific to BIOMETRIC freelancers.

This is NOT an example of biometric enrollment, but the entry device is secure from network attacks. By Rita Banerji – flickr, CC BY 2.0, https://commons.wikimedia.org/w/index.php?curid=18222218

So, here goes.

Subscribe to get access

Subscribe to Bredemarket Premium to access this premium content.

  • Subscriptions just $5 per month.
  • Access Bredemarket’s expertise without spending hundreds or thousands of dollars.

Bredemarket tips for aspiring freelancers (the 8/23/2021 10:15am edition)

I have marketed myself as the biometric content marketing expert and the biometric proposal writing expert.

Now I’m marketing myself as the freelancing expert.

“But John,” you may ask, “how can you do this? Yes, you are making money freelancing, but there are freelancers who are making a LOT more money than you are, who are working from exotic locales and are well known.”

Well, at least the locale is exotic, even if the hardware is very 20th century and the scribe only has anonymous Wikipedia/Flickr fame. By Rita Banerji – flickr, CC BY 2.0, https://commons.wikimedia.org/w/index.php?curid=18222218

Before I succumb to imposter syndrome, let me assert that I DO have some tips to offer based on my experience. Frankly, all of us do. Even if you’ve only been freelancing for a week, you’ve probably learned something that someone who has never freelanced would NOT know. So share it.

Before you read my tips, note an important point. I’ll caveat my tips by stating that MY experience may not necessarily apply to YOUR experience, and that sometimes it’s good to ignore the experts (or so-called experts). You need to do what is best for you.

How do I know that I have tips to offer?

Because someone whom I met via the Freelancers Union (see the link on the word “ignore” above) just asked me for advice, and by the time I was done answering her questions, I had written a LONG email.

So I figured that I’d share parts of the email (the portions that were NOT specific to her) with you.

I almost considered putting the Bredemarket Premium tag on this and making you pay to read it, but I’m not THAT much of a freelancing expert. (Yet.)

We’ll get to the whole topic of personal pictures later. This picture was taken in 1980 or 1981, but doesn’t necessarily reflect my business or show my expertise. (And yes, I’m terrible at darts.)

As I said, these are edited versions of my responses to the Freelancers Union contact, with some additions as I thought of other things. (I forgot to mention to my Freelancers Union contact that repurposing is important, and iteration is important.)

So, here goes.

If I offer multiple, potentially very different services, is it too overwhelming to list all of my services on a single page?

For purposes of this discussion, I’m going to assume that the “single page” is a LinkedIn company page or a Facebook business page. (In many cases, it’s best to separate your freelancing page from your personal page. Again, some disagree with me.)

If you think that all of your multi-services are too much to list on one page, then you have the option of creating “showcase” pages to highlight specific aspects of what you do. For example, if you wanted to differentiate two different sets of services, you could create two separate showcase pages.

Using myself as an example, I have segmented my customers into markets: the identity (biometrics / secure documents) specific market (my primary market), the general technology market, and the general business market. I don’t even target the general business market on LinkedIn (I do on Facebook), but I’ve created showcase pages for the other two.

The Bredemarket Identity Firm Services page on LinkedIn. Of course, your view of this page will vary; I doubt that 116 of the showcase page’s followers are in YOUR network.

I have a similar structure on Facebook.

In addition, my website also has targeted pages. I won’t show examples here (EDIT: I didn’t share links in my original email to the contact, but I did share links in this new post), but I have a page that’s just targeted for general identity, multiple pages targeted for the biometric aspect of identity, one targeted for the content marketing aspect of biometrics, one for the proposal writing aspect of biometrics, etc. Therefore, if I’m talking to someone about biometric proposals, I can just send the link to the biometric proposal writing expert page.

I actually market on Twitter (@jebredcal), but I don’t go into that level of segmentation there. In fact, my Twitter account isn’t even solely devoted to my consulting. In that case, I don’t feel it worthwhile to create segmented Twitter accounts for my various submarkets, but it may be different for others. 

However you slice and dice your market, dedicated pages for specific market segments allow for a more targeted experience. And the good thing is that it’s all free. (I actually pay for my website, but it could be free if I were fine with a mycompany.wordpress.com URL.)

How do I compensate for my liabilities?

TL;DR talk about your strengths.

In my case, I compensate for what I don’t do by emphasizing what I do.

I did not draw this myself. Originally created by Jleedev using Inkscape and GIMP. Redrawn as SVG by Ben Liblit using Inkscape. – Own work, Public Domain, https://commons.wikimedia.org/w/index.php?curid=1692938

For example, I do NOT create graphics (stick figures exhaust my capabilities), so my marketing materials emphasize my creation of text.

In addition, as I stated earlier, I emphasize the markets that I DO address – I talk a lot about biometrics/secure documents/identity, some about technology, and a little bit about general business.

And I don’t talk about graphics at all. (Whoops, I guess I just did.)

I’d like to use a photo of myself to personalize my service. What photo should I use?

If I were you, I’d take a minute to think about the picture you want to use. How will this picture show that you are the best provider for your specific service in the entire universe? What should be in the background?

  • For example, if you’re a master coder, should you have a computer screen behind you with something specific on the screen?
  • If you’re a writer, should you have a bookcase or perhaps an entire library behind you?
  • If you’re a certified forensic expert, should you show a murder scene behind you? (Maybe not.)

Look at it from the point of view of a potential customer – would I want to do business with this person? 

Of course, different marketing efforts call for different pictures. I actually had a reason to use the 1980-1981 t-shirt picture that I posted toward the beginning of this post: I was talking about the fact that I have been writing since my college days. And at other times, I use a Users Conference picture in which I am talking about a smartphone app that I populated. It just depends on the context.

What question from the Freelancers Union contact received a response that I am not posting here?

She asked one additional question about other reasonable ways to get her service out there. With one exception, I chose not to post my full response to that question here for two reasons:

  • First, my response contained some very specific details about the nature of my business that I have chosen not to share with the general public. If you really want to hear that part of the discussion, I’ll create a Bredemarket Premium post and make you pay to read the response.
  • Second, my response was a very good example of “your mileage may vary.” For example, I noted that I have not had success with a particular freelancing service, but noted that many other people HAVE had success with that same service.

So what’s the exception? In response to a specific comment that my contact made, I offered this response:

You never know when your existing network will yield opportunities.

I’m not going to print the rest of the paragraph from my email to my contact, but suffice it to say that the majority of Bredemarket’s business has been won as a result of people who knew me at IDEMIA, MorphoTrak, Motorola, or even Printrak.

  • Some worked with me and became “free agents” at the same time that I did.
  • Some worked with me but left long before I did.
  • Some used to work for competitors.
  • Some are now working for large companies, others small companies, and others are sole proprietors.
  • In some cases my contact directly asked me to consult, while in other cases the my contact talked to other people (sometimes in other companies) who asked me to consult.

In the end, you never know when those contacts you made months or years or decades ago may result in something new…not just in business, but in life.

P.S. One more thing: content calendars.

A second “biometrics is evil” post (Amazon One)

This is a follow-up to something I wrote a couple of weeks ago. I concluded that earlier post by noting that when you say that something needs to be replaced because it is bad, you need to evaluate the replacement to see if it is any better…or worse.

First, the recap

Before moving forward, let me briefly recap my points from the earlier post. If you like, you can read the entire post here.

  • Amazon is incentivizing customers ($10) to sign up for its Amazon One palm print program.
  • Amazon is not the first company to use biometrics to speed retail purchases. Pay By Touch, the University of Maryland Dining Hall have already done this, as well as every single store that lets you use Apple Pay, Google Pay, or Samsung Pay.
  • Amazon One is not only being connected in the public eye to unrelated services such as Amazon Rekognition, and to unrelated studies such as Gender Shades (which dealt with classification, not recognition), but has been accused of “asking people to sell their bodies.” Yet companies that offer similar services are not being demonized in the same way.
  • If you don’t use Amazon One to pay for your purchases, that doesn’t necessarily mean that you are protected from surveillance. I’ll dive into that in this post.

Now that we’re caught up, let’s look at the latest player to enter the Amazon One controversy.

Yes, U.S. Senators can be bipartisan

If you listen to the “opinion” news services, you get the feeling that the United States Senate has devolved into two warring factions that can’t get anything done. But Senators have always worked together (see Edward Kennedy and Dan Quayle), and they continue to work together today.

Specifically, three Senators are working together to ask Amazon a few questions: Bill Cassidy, M.D. (R-LA), Amy Klobuchar (D-MN), and Jon Ossoff (D-GA).

And naturally they issued a press release about it.

Now arguments can be made about whether Congressional press releases and hearings merely constitute grandstanding, or whether they are serious attempts to better the nation. Of course, anything that I oppose is obviously grandstanding, and anything I support is obviously a serious effort.

But for the moment let’s assume that the Senators have serious concerns about the privacy of American consumers, and that the nation demands answers to these questions from Amazon.

Here are the Senators’ questions, from the press release:

  1. Does Amazon have plans to expand Amazon One to additional Whole Foods, Amazon Go, and other Amazon store locations, and if so, on what timetable? 
  2. How many third-party customers has Amazon sold (or licensed) Amazon One to? What privacy protections are in place for those third parties and their customers?
  3. How many users have signed up for Amazon One? 
  4. Please describe all the ways you use data collected through Amazon One, including from third-party customers. Do you plan to use data collected through Amazon One devices to personalize advertisements, offers, or product recommendations to users? 
  5. Is Amazon One user data, including the Amazon One ID, ever paired with biometric data from facial recognition systems? 
  6. What information do you provide to consumers about how their data is being used? How will you ensure users understand and consent to Amazon One’s data collection, storage, and use practices when they link their Amazon One and Amazon account information?
  7. What actions have you taken to ensure the security of user data collected through Amazon One?

So when will we investigate other privacy-threatening technologies?

In a sense, the work of these three Senators should be commended, because if Amazon One is not implemented properly, serious privacy breaches could happen which could adversely impact American citizens. And this is the reason why many states and municipalities have moved to restrict the use of biometrics by private businesses.

And we know that Amazon is evil, because Slate said so back in January 2020.

The online bookseller has evolved into a giant of retail, resale, meal delivery, video streaming, cloud computing, fancy produce, original entertainment, cheap human labor, smart home tech, surveillance tech, and surveillance tech for smart homes….The company’s “last mile” shipping operation has led to burnout, injuries, and deaths, all connected to a warehouse operation that, while paying a decent minimum wage, is so efficient in part because it treats its human workers like robots who sometimes get bathroom breaks.

But why stop with Amazon? After all, Slate’s list included 29 other companies (while Amazon tops the list, other “top”-ranked companies include Facebook, Alphabet, Palantir Technologies, and Uber), to say nothing of entire industries that are capable of massive privacy violations.

Privacy breaches are not just tied to biometric systems, but can be tied to any system that stores private data. Restricting or banning biometric systems won’t solve anything, since all of these abuses could potentially occur on other systems.

  • When will the Senators ask these same questions to Apple, Google (part of the aforementioned Alphabet), and Samsung to find out when these companies will expand their “Pay” services? They won’t even have to ask all seven questions, because we already know the answer to question 5.
  • Oh, and while we’re at it, what about Mastercard, Visa, American Express, Discover, and similar credit card services that are often tied to information from our bank accounts? How do these firms personalize their offerings? Who can buy all that data?
  • And while we’re looking at credit cards, what about the debit cards issued by the banks, which are even more vulnerable to abuse. Let’s have the banks publicly reveal all the ways in which they protect user data.
  • You know, you have to watch out for those money orders also. How often do money order issuers ask consumers to show their government ID? What happens to that data?
  • Oh, and what about those gift cards that stores issue? What happens to the location and purchase data that is collected for those gift cards?
  • When people use cash to pay for goods, what is the resolution of the surveillance cameras that are trained on the cash registers? Can those surveillance cameras read the serial numbers on the bills that are exchanged? What assurances can the stores give that they are not tracking those serial numbers as they flow through the economy?

If you think that it’s silly to shut down every single payment system that could result in a privacy violation…you’re right.

Obviously if Amazon is breaking federal law, it should be prosecuted accordingly.

And if Amazon is breaking state law (such as Illinois BIPA law), then…well, that’s not the Senators’ business, that’s the business of class action lawyers.

But now the ball is in Amazon’s court, and Amazon will either provide thousands of pages of documents, a few short answers, a response indicating that the Senators are asking for confidential information on future product plans, or (unlikely with Amazon, but possible with other companies) a reply stating that the Senators can go pound sand.

Either way, the “Amazon is evil” campaign will continue.

And now I’m waiting for tangible collateral

I guess this is the fourth post in a series. See posts one, two, and three.

I’ll quickly sum up all of those prior posts to say that I ordered some business cards.

Anyway, I have finally ordered some business cards, which should arrive before my in-person event next week.

I was able to follow the progress of my order via a handy dandy link to the shipper’s website. I won’t name the shipper, but it does a lot of federal business and offers a variety of services, including express services.

Initially the service said that my cards wouldn’t arrive until this week, but then the anticipated delivery date was revised to Tuesday, August 10.

So I watched as my package moved from Henderson, Nevada to Bloomington, California, less than 20 miles from Bredemarket’s world headquarters.

The package stayed in Bloomington for a few days before moving again.

To Deming, New Mexico.

My last report indicated that the package had arrived in Fort Worth, Texas, and would be delivered by Thursday, August 19.

The day AFTER my meeting.

I guess I should have ordered business cards a year ago. Oh well, better late than never.

But I have a workaround. I’ve created a handout that includes an image of my business card.

It won’t fit in a business card holder, but it’s better than nothing.

Incidentally, I haven’t bothered to upload the PDF of this particular data sheet to the Bredemarket website, since it’s really intended for in-person distribution. If you want to find out about the Bredemarket 400 and Bredemarket 2800 services, you can skip the QR codes and just use these links:

And there’s one service that I DON’T mention on this particular sheet (except for my reference to “other services”) because it’s not of primary interest to the market I’m addressing in my meeting this week. However, if your needs don’t fit into a standard package, Bredemarket can offer services at an hourly rate. This service (Bredemarket 4000 Long Writing Service) doesn’t have a PDF handout, but does have a web page.

Which I just updated with the details from my revision to my content creation process.

Again, better late than never.

Update on Covishield and the EUDCC, as long as you can prove you were born

It’s been a while since I looked at issues regarding the European Union Digital COVID Certificate (EUDCC).

And there are a ton of ramifications and unintended consequences.

Covishield and the EUDCC

When I last looked at the EUDCC, I examined its effect on travel from people outside of the European Union. The question at the time was what would happen to people who were vaccinated with something other than the European Medicines Agency-approved vaccines, thus rendering them ineligible for the EUDCC.

In particular, people who were vaccinated with the Covishield vaccine were not eligible for the EUDCC. Depending upon whom you asked, Covishield is either just the same as the EMA-approved AstraZeneca vaccine (now referred to as “Vaxzervria” in EU-speak), or it has a radically different manufacturing process that disqualifies it from automatic acceptance.

This non-recognition of Covishield has a great impact on African nations, because that vaccine is popular there. However, EUDCC disapproval has been offset by the actions of several individual countries to recognize Covishield as a vaccine. For example, Greece recognizes ten vaccines (including Covishield) as opposed to the EU’s four. Of course, you have to go through additional paperwork to get authorization to enter a specific country.

But Joseph Atick notes that there’s another issue that adversely impacts the ability of Africans to enter Europe.

Linking a vaccination to a person

Assume for the moment that you have received an EU-authorized vaccine. This is only part of the battle, because the act of vaccination has to be tied to you as a person.

Dr. Joseph Atick of ID4Africa. From https://id4africa.com/the-general-secretariat/

And Atick notes one complicating factor in making that link:

One of the biggest barriers to setting up these systems—and one that could greatly complicate digital health certificates – involves traceability, which for an official digital ID means documenting one’s birth event.

In Africa, not everyone has a birth certificate, and many struggle to trace their identity to the birth event.

If you cannot prove to the satisfaction of the European Union (or whoever) that you were the actual person who received a vaccine, then you may face barriers to entering Europe (or wherever).

And what are the ramifications of this?

A digital health certificate has appeal as an efficient and effective way to manage COVID-19 risks. But if we don’t pause now to consider the implications of getting it wrong and look for ways to get it right, these marvellous digital innovations could also be supremely effective at creating a binary world of those who can prove their COVID-19 risk status and those who cannot.

The requirement for a digital identity

Oh, and there’s another issue that Atick didn’t address, but which bears noting.

All of the solutions listed above assume as a given that people will be the owners of a unique, government-authorized digital identity.

As I’ve noted elsewhere, there are people who are fervently opposed to this.

In my country, both some people on the left and some people on the right believe that “governmental digital identity” naturally equates to “governmental digital surveillance,” and that governments shouldn’t be abusing the data that they can obtain from all the vaccinations you get, all the places you travel, all the things you buy, and all the other things that you do.

(Well, except for voting. Some on the right fervently believe that government identities are essential to voting, even if they’re not essential to any other activity.)

But are people truly banned from travel?

So where does this leave the people who cannot prove that they were vaccinated with an authorized vaccine, or perhaps were never vaccinated at all?

In many cases travel for the unvaccinated is not banned, but they have to go through additional hoops to travel. Using one example, unvaccinated U.S. citizens can travel to Austria if they “have recovered from COVID-19 in the past 180 days; or present a negative COVID-19 PCR or antigen test result procured within 72 or 48 hours of travel.” For more country-by-country specifics as of August 13, click here.

But how will the unvaccinated get to Europe, or anywhere else?

But on the other hand, a vaccination in and of itself is not a guarantee that you can travel. Norway has a long list of requirements that an incoming person must satisfy, vaccination or not. This isn’t the time for an American to go on a sightseeing tour to Oslo.

Or Pyongyang.

So a binary division into the “travels” and “travel nots” may not become a reality. Instead, it will be a gradation of travel allowances and non-allowances, based upon a variety of factors.

In this post, “NGI” stands for Non-Governmental Identity

I admit to my biases.

As a former long-time employee of a company that provides finger and face technology for the Federal Bureau of Investigation’s Next Generation Identification (NGI) system, as well as driver’s license and passport technology in the United States and other countries, I am reflexively accustomed to thinking of a proven identity in governmental terms.

Because the government is always here to help.

From World War II. By Packer, poster artist, Artist (NARA record: 8467744) – U.S. National Archives and Records Administration, Public Domain, https://commons.wikimedia.org/w/index.php?curid=16929857

What this means in practice is that whenever I see a discussion of a proven identity, I reflexively assume that the identity was proven through means of some type of governmental action.

  • Perhaps the identity was tied to a driver’s license identity maintained by a state agency (and checked against other states via AAMVA’s “State to State” to ensure that there are no duplicate identities).
  • Or perhaps the identity was proven via the use of a database maintained by a government agency, such as the aforementioned NGI or perhaps a database such as the CODIS DNA database.

However, I constantly have to remind myself that not everyone thinks as I do, and that for some people an identity proven by governmental means is the worst possible scenario.

Use of DNA for humanitarian efforts

Take an example that I recently tweeted about.

I recently read an article from Thermo Fisher Scientific, which among other things provides a slew of DNA instruments, software, and services for both traditional DNA and rapid DNA.

One of the applications of DNA is to prove family relationships for migrants, especially after families were separated after border crossings. This can be done in a positive sense (to prove that a separated parent and child ARE related) or in a negative sense (to prove that a claimed parent and child are NOT related). However, as was noted in a webinar I once attended, DNA is unable to provide any verification of legitimate adoptions.

By Nofx221984 – Own work, Public Domain, https://commons.wikimedia.org/w/index.php?curid=7429871

Regardless of the purpose of using DNA for migrants, there is a certain level of distrust among the migrants when the government says (presumably in Spanish), “We’re the government. We’re here to help.” You don’t have to be a rabid conspiracy theorist to realize that once DNA data is captured, there is no technical way to prevent the data from being shared with every other government agency. Certain agencies can establish business rules to prevent such sharing, but those business rules can include wide exceptions or the rules can be ignored entirely.

Therefore, Thermo Fisher Scientific decided to discuss humanitarian DNA databases.

As a result of migration, human trafficking and war, humanitarian databases are a relatively new concept and are often completely separate from criminal databases. Research has shown that family members may distrust government databases and be reluctant to report the missing and provide reference samples (1). Humanitarian databases are repositories of DNA profiles from reported missing persons, relative reference samples, and unknown human remains and may be managed by non-governmental organizations (NGOs), though in some instances they may be managed by a governmental institution but kept separate from criminal databases. Examples of humanitarian databases can be found in the United States (NamUsUniversity of North Texas HDID), Canada (Royal Canadian Mounted Police), Australia (National DNA Program for unidentified and missing persons) and internationally via the International Commission on Missing Persons (ICMP).

As you can see from the list, some of these databases ARE managed by government police agencies such as the RCMP. But others are not. The hope, of course, is that migrants would be willing to approach the humanitarian folks precisely BECAUSE they are not the police. Reluctance to approach ANY agency may be dampened by a desire to be reunited with a missing child.

And these non-governmental efforts can work. The Colibri Center claims to have performed 142 identifications that would not have been made otherwise.

Reluctance to set national standards for mobile driver’s licenses

Because of my (biased) outlook, mobile driver’s licenses and other applications of government-proven digital identity seem like a wonderful thing. The example that I often bore you with is the example of buying a drink at a bar. If someone does this with a traditional driver’s license, the bartender not only learns the drinker’s birthdate, but also his/her address, (claimed) height and weight, and other material irrelevant to the “can the person buy a drink?” question. With a mobile driver’s license, the bartender doesn’t even learn the person’s birthdate; the bartender only learns the one important fact that the drinker is over 21 years of age.

Some people are not especially wowed with this use case.

The DHS Request for Comment has finally closed, and among the submissions is a joint response from the American Civil Liberties Union, Electronic Frontier Foundation (EFF), & Electronic Privacy Information Center (EPIC). The joint response not only warns about potential misuse of government digital identities, but also questions the rush of establishing them in the first place.

We believe that it is premature to adopt industry standards at this time as no set of standards has been completed that fully takes advantage of existing privacy-preserving techniques. In recent decades we have seen the emergence of an entire identity community that has been working on the problems of online identity and authorization. Some within the identity community have embraced centralized and/or proprietary systems…

You can imagine how the ACLU, EFF, and EPIC feel about required government-managed digital identities.

Is a Non-Governmental Identity (NGI) feasible and reliable?

Let’s return to the ACLU/EFF/EPIC response to the DHS Request for Comment, which mentions an alternative to centralized, proprietary maintenance of digital identities. This is the alternative that I’m referring to as NGI just to cause MAC (massive acronym confusion).

…others are animated by a vision of “self-sovereign
identity” that is decentralized, open source, privacy-preserving, and empowering of individuals. That movement has created a number of proposed systems, including an open standard created by the World Wide Web Consortium (W3C) called Verifiable Credentials (VCs)….

DHS should refuse to recognize IDs presented within centralized identity systems. If a standard digital identity system is to be accepted by the federal government, it must be created in an open, transparent manner, with the input of multiple stakeholders, and based upon the self-sovereign identity concept. Such a system can then be used by federal government agencies to view identity credentials issued by state departments of motor vehicles (DMVs) where doing so makes sense. If standards based on self-sovereign identity are not considered mature enough for adoption, efforts should be directed at rectifying that rather than at adopting other systems that raise privacy, security, and autonomy risks.

For all practical purposes, the chances of the ACLU/EFF/EPIC convincing the Department of Homeland Security to reject government-proven identities are approximately zero. And since DHS controls airport access, you probably won’t see an airport security agent asking for your Verifiable Credentials any time soon. Self sovereign identities are just as attractive to government officials as sovereign citizens.

Who issues Verifiable Credentials?

As ACLU/EFF/EPIC noted, Verifiable Credentials are still under development, just as the centralized system standards are still under development. But enough advances have been made so that we have somewhat of an idea what they will look like. As Evernym notes, there is a trusted triangle of major players in the Verifiable Credentials ecosystem:

There are a number of directions in which we can go here, but for the moment I’m going to concentrate on the Issuer.

In the current centralized model being pursued in the United States, the issuers are state driver’s license agencies that have “voluntarily” consented to agree to REAL ID requirements. Several states have issued digital versions of their driver’s licenses which are recognized for various purposes at the state level, but are not yet recognized at the federal level. (The purpose of the DHS Request for Comment was to solicit thoughts on federal adoption of digital identities. Or, in the case of some respondents, federal NON-adoption of digital identities.)

Note that in the Verified Credentials model, the Issuer can be ANYBODY who has the need to issue some type of credential. Microsoft describes an example in which an educational institution is an Issuer that represents that a student completed particular courses.

Without going into detail, the triangle of trust between Issuers, Verifiers, and Holders is intended to ensure that a person is who they say they are. And to the delight of the ACLU et al, this is performed via Decentralized Identifiers (DIDs), rather than by centralized management by the FBI or the CIA, the BBC, B. B. King, Doris Day, or Matt Busby. (Dig it.)

But NGIs are not a cure-all

Despite the fact that they are not controlled by governments, and despite that fact that users (at least theoretically) control their own identities, no one should think that digital identities are the solution to all world problems…even when magic paradigm-shifting words like “blockchain” and “passwordless” are attached to them.

Here’s what McKinsey has said:

…even when digital ID is used with good intent, risks of two sorts must be addressed. First, digital ID is inherently exposed to risks already present in other digital technologies with large-scale population-level usage. Indeed, the connectivity and information sharing that create the value of digital ID also contribute to potential dangers. Whether it is data breaches and cyber-intrusions, failure of technical systems, or concerns over the control and misuse of personal data, policy makers around the world today are grappling with a host of potential new dangers related to the digital ecosystem.

Second, some risks associated with conventional ID programs also pertain in some measure to digital ID. They include human execution error, unauthorized credential use, and the exclusion of individuals. In addition, some risks associated with conventional IDs may manifest in new ways as individuals newly use digital interfaces. Digital ID could meaningfully reduce many such risks by minimizing opportunity for manual error or breaches of conduct.

In addition, many of these digital identity initiatives are being pursued by large firms such as IBM and Microsoft. While one hopes that these systems will be interoperable, there is always the danger that the separate digital identity systems from major firms such as IBM and Microsoft may NOT be interoperable, in the same way that the FBI and DHS biometric systems could NOT talk to each other for several years AFTER 9/11.

And it’s not only the large companies that are playing in the market. Shortly after I started writing this post, I ran across this LinkedIn article from the Chief Marketing Officer at 1Kosmos. The CMO makes this statement in passing:

At 1Kosmos, we’ve taken our FIDO2 certified platform one step further with a distributed identity based on W3C DID standards. This removes central administration of the database via a distributed ledger for true “privacy by design,” putting users in sole access and control of their identity.

1Kosmos, IBM, and Microsoft know what they’re talking about here. But sadly, some people only think these technologies are “cool” because they’re perceived as anti-government and anti-establishment. (As if these companies are going to call for the downfall of capitalism.)

Which identiy(ies) will prevail?

Back to governmental recognition of NGI.

Don’t count on it.

Anticipated DHS endorsement of government-issued digital identities doesn’t mean that NGI is dead forever, since private companies can adopt (and have adopted) any identity system that they wish.

So in truth we will probably end up with a number of digital identities like we have today (I, for example, have my WordPress identities, my Google identities, and countless others). The difference, of course, is that the new identities will be considered robust – or won’t be, when centralized identity proponents denigrate decentralized identities and vice versa.

But frankly, I’m still not sure that I want Facebook to know how much I weigh.

(Although, now that I think about it, Apple already knows.)

(Bredemarket Premium) The big biometric firms and the even bigger tech firms

When I was part of an industry in which the three major players were my employer IDEMIA and its competitors NEC and Thales, I was always aware of a potential threat to these three multi-billion dollar biometric companies. Specifically, there were much, much bigger technology companies (both inside and outside of Silicon Valley) with huge resources and extensive artificial intelligence experience. These firms could put the three biometric firms out of business at any time.

By Syassine – Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=31368987

But is this threat a real threat? Or is it overstated?

Subscribe to get access

Subscribe to Bredemarket Premium to access this premium content.

  • Subscriptions just $5 per month.
  • Access Bredemarket’s expertise without spending hundreds or thousands of dollars.

What do you believe?

As my regular readers know, I’ve recently spent some time refining my content creation process for Bredemarket’s clients. As part of this, I’ve made a point of emphasizing some key points that need to be established at the beginning of a client engagement with someone like you, including the following:

  • Your overall GOAL. The content Bredemarket creates must advance your goal.
  • Your perceived BENEFITS. The content Bredemarket creates must communicate your benefits.
  • Your TARGET AUDIENCE. The content Bredemarket creates must speak to your target audience.

To use a simple example, if your goal is to have local law enforcement agencies request formal quotes from you, your benefits include your experience working as a certified latent fingerprint examiner, and your target audience is the forensic, records, and/or IT departments of local law enforcement agencies, then I have failed if Bredemarket’s generated content talks about general business topics with no reference to law enforcement or fingerprints.

Beyond goals, benefits, or target audiences

However, I realize that there’s an implicit assumption that there is something that is at an even higher level than goals, benefits, or target audiences.

That “something” is your beliefs. (I speak in a business sense here, by the way, although your beliefs in general can impact how you do business.)

Because your beliefs underpin everything that you do.

We are influenced by many factors that ripple through our minds as our beliefs form, evolve, and may eventually change. By User:Lbeaumont based on image by Mila / Brocken Inaglory – This file has been extracted from another file: Multy droplets impact.JPG, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=29111316

They are the (sometimes unspoken) foundation that effects the goals you set, the benefits you offer, the audiences you target, and even whether you will meet with a client at 6:00 in the morning local time. (There are pros and cons to taking 6am meetings; it’s not a one-size-fits-all decision. More about that later.)

Beliefs of sole proprietors

The influence of beliefs on a business is obviously clearest when I as a consultant deal with other sole proprietors, because sole proprietors by definition have great control over how they do business.

Because of my background, many of the sole proprietors that I know are people who were formerly in the corporate world, but left it for some reason (sometimes by choice, sometimes not). Universally, these sole proprietors have seen things in the corporate world that they like, but have also seen corporate practices that they DO NOT like. Now that they’re in business for themselves, these sole proprietors have resolved that their business will never do these bad things.

I don’t want to single out any of the sole proprietors that I know, so I’m going to make up an example.

Beth Smith spent two years working for Pay By Touch, an early pioneer in digital identity that was in some respects ahead of its time. Even when founded in the early 2000s, the concept was solid: rather than having to drag out a credit card to make a payment, a grocery store shopper or other consumer could simply touch his or her finger against a fingerprint reader, securely allowing the consumer to pay by touch. Unfortunately, the leadership of the firm was not so good, and the company itself eventually went bankrupt.

From 4 COMMON STARTUP MISTAKES THAT HAVE RUINED THEIR BUSINESS, https://slidebean.com/blog/startups-common-mistakes-that-have-ruined-startups

Several years later, when digital identity became a hot topic, Beth Smith decided to re-enter the industry on her own. But she decided that a key belief of her business would be ethical behavior. No cocaine binges or unpaid bills would sully the reputation of Beth Smith Identity Services.

From this key belief, you can extrapolate how it would be reflected in Beth Smith’s goals, benefits, and target audience. For example, if you’re an illegal drug dealer, don’t even bother to ask Beth Smith Identity Services for a quote. She won’t talk to you.

Perhaps my made-up example is outrageous (then again, Pay By Touch’s founder John P. Rogers was pretty outrageous himself), but I’ve seen how similar beliefs (shaped by experience) have influenced other sole proprietors that I know.

  • If a sole proprietor is angered by the glacial nature of multinational decision-making, that proprietor will emphasize quick delivery to accelerate client business and satisfaction.
  • If a sole proprietor is disheartened because their former employer ignored a specific product, service, or market, that proprietor will prioritize that product/service/market and bring their unique talents to that market.
  • If a sole proprietor is frustrated by the prevalence of one-size-fits-all cookie cutter solutions, that proprietor will prioritize responsiveness to a customer’s unique needs to ensure that the customer receives the best possible service.

But how do you discover a sole proprietor’s beliefs?

If I were interviewing you, I probably wouldn’t ask you what your key beliefs are. Perhaps I should (although that’s a rather personal question), but so far I haven’t needed to do so. If I already know you from past associations, I already know what your beliefs are. And if I don’t know you but just generally ask you about yourself and your business, your beliefs will probably come through in your conversation with me. If you spend a half hour talking with someone, you can learn all sorts of things. (But if you’re talking with me, my Calendly calendar doesn’t include 6am appointments.)

Beliefs of corporate employees

In terms of beliefs, a corporation is very different from a sole proprietor.

I know this from personal experience. The first multinational corporation that employed me was Motorola. This was before Motorola split into two entities, Motorola Solutions and Motorola Mobility.

During my period as a Motorola employee, the company had three leaders: Christopher Galvin, Edward Zander, and Greg Brown. While these leaders could set the direction for the company, they could not completely influence the beliefs of every member. It isn’t like all of the tens of thousands of Motorola employees immediately changed direction when Zander replaced Galvin, even though the two had distinctly different styles.

Galvin is a quiet, reserved, man who is perhaps contemplative and reflective to a fault. He believed in layers of management and many meetings that often kept Motorola from responding quickly to dynamic market circumstances. While not prone to take credit for successes, he always said the buck stopped with him when things didn’t go well. Zander, a freewheeling showman, is a boisterous, energetic, fast-moving Brooklyn native who often shoots from the hip or the lip.

I have never spoken with Galvin, Zander, or Brown, and I don’t think I’ve ever been in the same room with Galvin or Zander. Greg Brown advanced in Motorola’s hierarchy before becoming CEO, so I’m sure that I was in the same room with him at some point in my Motorola career.

So Galvin’s, Zander’s, and Brown’s influence on me and my beliefs was somewhat limited.

I was much more influenced by my direct supervisors, other directors and managers at Motorola’s Anaheim and Irvine offices, and selected people from Schaumburg, Plantation, Phoenix, Canada, and elsewhere who interacted with me on a daily basis.

The same holds true with my consulting business.

While I am technically delivering Bredemarket’s services to companies (including some large multinational companies), in reality I am delivering my services to Director Jim at Company X or Vice President Carol at Company Y. Director Jim and VP Carol have their own goals, perceived benefits, and target audiences…and their own beliefs.

When Bredemarket is delivering something to Director Jim, and is considering various options, there are times when I say to myself “Director Jim wouldn’t go for that.” Or if I’m delivering something to VP Carol, it will occur to me that she would really prefer a particular way of doing things.

Again, a consultant may not explicitly ask a corporate employee about their beliefs, but if the consultant regularly talks to the client, those beliefs will come out in the course of conversation.

What are MY beliefs?

This is the “physician heal thyself” portion of the post.

As you may have gathered from this post, I don’t always expect a sole proprietor or corporate employee to explicitly delineate their beliefs, perhaps because I can’t envision myself doing something like that. If I were talking to you as a potential client, it would feel brazen for me to declare, “This is what I believe.” Beliefs are personal, after all.

But even if I don’t explicitly state my beliefs, I need to make sure that they are reflected in Bredemarket’s goals, benefits, and target audiences.

How is my self-proclaimed status as a biometric content marketing expert and a biometric proposal writing expert influenced by my underlying beliefs?

What are YOUR beliefs?

For this post, I’ll dispense with my usual call to action to contact me if Bredemarket can help you. (Actually, I didn’t dispense with it, since I just wrote it.)

But I WILL ask you to think about something, whether you are a sole proprietor, a corporate employee, or a guy who used to be everyone’s best friend and is now having fun.

Think about your beliefs.

  1. What are they?
  2. How do they influence how you conduct business?
  3. Finally, would you explicitly state your beliefs, or would you prefer that your beliefs be reflected by what you do?

More on the Israeli master faces study

Eric Weiss of FindBiometrics has opined on the Tel Aviv master faces study that I previously discussed.

Oops, wrong “Faces.” Oh well. By Warner Bros. Records – Billboard, page 18, 14 November 1970, Public Domain, https://commons.wikimedia.org/w/index.php?curid=27031391

While he does not explicitly talk about the myriad of facial recognition algorithms that were NOT addressed in the study, he does have some additional details about the test dataset.

The three algorithms that were tested

Here’s what FindBiometrics says about the three algorithms that were tested in the Israeli study.

The researchers described (the master faces) as master keys that could unlock the three facial recognition systems that were used to test the theory. In that regard, they challenged the Dlib, FaceNet, and SphereFace systems, and their nine master faces were able to impersonate more than 40 percent of the 5,749 people in the LFW set.

While it initially sounds impressive to say that three facial recognition algorithms were fooled by the master faces, bear in mind that there are hundreds of facial recognition algorithms tested by NIST alone, and (as I said earlier) the test has NOT been duplicated against any algorithms other than the three open source algorithms mentioned.

…let’s look at the algorithms themselves and evaluate the claim that results for the three algorithms Dlib, FaceNet, and SphereFace can naturally be extrapolated to ALL facial recognition algorithms….NIST’s subsequent study…evaluated 189 algorithms specially for 1:1 and 1:N use cases….“Tests showed a wide range in accuracy across developers, with the most accurate algorithms producing many fewer errors.”

In short, just because the three open source algorithms were fooled by master faces doesn’t mean that commercial grade algorithms would also be fooled by master faces. Maybe they would be fooled…or maybe they wouldn’t.

What about the dataset?

The three open source algorithms were tested against the dataset from Labeled Faces in the Wild. As I noted in my prior post, the LFW people emphasize some important caveats about their dataset, including the following:

Many groups are not well represented in LFW. For example, there are very few children, no babies, very few people over the age of 80, and a relatively small proportion of women. In addition, many ethnicities have very minor representation or none at all.

In the FindBiometrics article, Weiss provides some additional detail about dataset representation.

…there is good reason to question the researchers’ conclusion. Only two of the nine master faces belong to women, and most depicted white men over the age of 60. In plain terms, that means that the master faces are not representative of the global public, and they are not nearly as effective when applied to anyone that falls outside one particular demographic.

That discrepancy can largely be attributed to the limitations of the LFW dataset. Women make up only 22 percent of the dataset, and the numbers are even lower for children, the elderly (those over the age of 80), and for many ethnic groups.

Valid points to be sure, although the definition of a “representative” dataset varies depending upon the use case. For example, a representative dataset for a law enforcement database in the city of El Paso, Texas will differ from a representative dataset for an airport database catering to Air France customers.

So what conclusion can be drawn?

Perhaps it’s just me, but scientific entities that conduct studies are always motivated by the need for additional funding. After a study is concluded, it seems that the entities always conclude that “more research is needed”…which can be self-serving, because as long as more research is needed, the scientific entities can continue to receive necessary funding. Imagine the scientific entity that would dare to say “Well, all necessary research has been conducted. We’re closing down our research center.”

But in this case, there IS a need to perform additional research, to test the master faces against different algorithms and against different datasets. Then we’ll know whether this statement from the FindBiometrics article (emphasis mine) is actually true:

Any face-based identification system would be extremely vulnerable to spoofing…

When people confuse the two companies Integrated Biometric Technology and Integrated Biometrics

This is the “oops” of the month (actually for the month of July).

By U.S. Government – ATSDR (part of the CDC) series of state-specific fact sheets. Bitmap versions have been seen on US Embassy websites. Direct PDF URL [1], Public Domain, https://commons.wikimedia.org/w/index.php?curid=14801198

On Monday, July 26 the Tennessee Department of Economic and Community Development made an important announcement:

Tennessee Gov. Bill Lee, Department of Economic and Community Development Commissioner Bob Rolfe and Integrated Biometric Technology, LLC (IBT) officials announced today that the company will establish new operations and locate its corporate headquarters in Franklin.

For those who aren’t familiar with the Nashville area, Franklin is a suburb of Nashville. Coincidentally, IDEMIA (IBT President & CEO Charles Carroll’s former employer) used to have an office in Franklin (I visited it in June 2019), but it has since moved to another Nashville suburb.

This job-related news obviously pleased a number of other Tennessee government officials, including one whom (in this post at least) will remain nameless. The government official tweeted the following, along with a link to the announcement:

Congratulations to @IntegratedBiome on their decision to locate their facility in Franklin and to all our state and local officials who helped bring these jobs home!

A nice sentiment to be sure…except for one teeny problem.

The government official didn’t tag Integrated Biometric Technology (who appears to have a Twitter account, but it isn’t live yet), but instead tagged a SOUTH CAROLINA company with a similar name, Integrated Biometrics. (I’ve discussed this company before. They’re the ones who really like 1970s TV crime fighters.)

Book ’em, Danno! By CBS Television – eBay item photo front photo back, Public Domain, https://commons.wikimedia.org/w/index.php?curid=19674714

Integrated Biometrics’ social media person set the record straight.

Hi there! That article is actually about Integrated Biometric Technology – not us (Integrated Biometrics)

It turns out that the two companies with similar names have existed in one form or another for nearly two decades. The first iteration of Integrated Biometric Technology was established in 2005, while Integrated Biometrics dates back to 2002. I was in Motorola at the time and can’t remember any name confusion in those days, since I was busy concentrating on other things…such as AFIX Tracker.

Cue the “It’s a Small World” music. Trust me, the biometrics world can be very small at times…