Telos enters the touchless fingerprint market

Years before COVID became a thing, the U.S. government had a desire to encourage touchless fingerprint technologies. This began many years ago with a concerted effort to capture a complete set of fingerprints in less than 15 seconds. By 2016, this had evolved to a set of Cooperative Research and Development Agreements (CRADA) entered into by the National Institute of Standards and Technology and several private companies.

For purposes of this post, I’m going to concentrate on just one of the listed mobile fingerprint capture technology solutions. The mobile fingerprint capture technologies from these companies were intended to support the capture of fingerprints from a standard smartphone without any additional capture equipment. (Compare this to the portal/kiosk category, which employed specialized capture equipment.)

One of NIST’s CRADA partners for mobile fingerprint capture was a company called Diamond Fortress Technologies.

Via our CRADA  relationship (Cooperative Research and Development Agreement), Diamond Fortress is currently working with NIST to develop standards dealing with best practices, certification methodology, data formatting and interoperability with legacy contact-based and inked print databases for optical acquisition systems. This will support future certification for purchase on the Government Certified Products lists.

Fast forward a few years, and Diamond Fortress Technologies’ offering is back in the news again.

Telos Corporation has acquired the ONYX touchless fingerprint biometric software and other assets of Diamond Fortress Technologies (DFT), and appears to be targeting new verticals with the technology.

Now that happened to catch my eye for one particular reason.

You see, my former employer IDEMIA used to have a monopoly on the TSA PreCheck program. If you wanted to enroll in TSA PreCheck, you HAD to go to IDEMIA. This provided a nice revenue stream for IDEMIA…well, perhaps not so nice when all of the airports lost traffic due to COVID.

Anyway, the Congress decided that one provider wasn’t optimal for government purposes, so in early 2020 other vendors were approved as TSA PreCheck providers.

WASHINGTON – Transportation Security Administration (TSA) today announced that TSA PreCheck™ enrollment services will now be provided by Alclear, LLC; Telos Identity Management Solutions, LLC; and Idemia Identity & Security USA, LLC, expanding the opportunities that enable travelers to apply for TSA PreCheck.

Just to clarify, the company then known as Alclear is better known to the general public as CLEAR.

And the third company is Telos.

Which is now apparently moving into the touchless fingerprint space.

Now THAT is going to have an impact on enrollment.

(Bredemarket Premium) Watch a new security market evolve

Markets come and go.

When I first joined the biometrics industry in the 1990s, biometric benefits (welfare) applications were hot in the United States as states and localities deployed biometric verification solutions for benefits recipients.

However, the landscape changed over the years, and most of those biometric systems have since been shut down.

Of course, new markets also appear.

Nokia 3310 3G (20180116). By Santeri Viinamäki, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=65577308

If someone had told me in 1994 that we would use biometrics to “unlock” our phones, I would have had no idea what the person was talking about. Why would we need to unlock our phone, anyway? Sure, if a thief grabbed my cell phone, the thief could make a long distance call to another state. But it’s not like the thief could access my bank account via an unlocked cell phone, right?

And there are other markets.

Subscribe to get access

Subscribe to Bredemarket Premium to access this premium content.

  • Subscriptions just $5 per month.
  • Access Bredemarket’s expertise without spending hundreds or thousands of dollars.

Build your own automated fingerprint identification system…for FREE!

At Bredemarket, I work with a number of companies that provide biometric systems. And I’ve seen a lot of other systems over the years, including fingerprint, face, DNA, and other systems.

The components of a biometric system

While biometric systems may seem complex, the concept is simple. Years ago, I knew a guy who asserted that a biometric system only needs to contain two elements:

  • An algorithm that takes a biometric sample, such as a fingerprint image, and converts it into a biometric template.
  • An algorithm that can take these biometric templates and match them against each other.

If you have these two algorithms, my friend stated that you had everything you need for an biometric system.

Well, maybe not everything.

Today, I can think of a few other things that might be essential, or at least highly recommended. Here they are:

  • An algorithm that can measure the quality of a biometric sample. In some cases, the quality of the sample may be important in determining how reliable matching results may be.
  • For fingerprints, an algorithm that can classify the prints. Forensic examiners routinely classify prints as arches, whorls, loops, or variants of these three, and classifications can sometimes be helpful in the matching process.
  • For some biometric samples, utilities to manage the compression and decompression of the biometric images. Such images can be huge, and if they can be compressed by a reliable compression methodology, then processing and transmission speeds can be improved.
  • A utility to manage the way in which the biometric data is accessed. To ensure that biometric systems can talk to each other, there are a number of related interchange standards that govern how the biometric information can be read, written, edited, and manipulated.
  • For fingerprints, a utility to segment the fingerprints, in cases where multiple fingerprints can be found in the same image.

So based upon the two lists above, there are seven different algorithms/utilities that could be combined to form an automated fingerprint identification system, and I could probably come up with an eighth one if I really felt like it.

My friend knew about this stuff, because he had worked for several different firms that produced fingerprint identification systems. These firms spent a lot of money hiring many engineers and researchers to create all of these algorithms/utilities and sell them to customers.

How to get these biometric system components for free

But what if I told you that all of these firms were wasting their time?

And if I told you that since 2007, you could get source code for ALL of these algorithms and utilities for FREE?

Well, it’s true.

To further its testing work, the National Institute of Standards and Technology (NIST) created the NIST Biometric Image Software (NBIS), which currently has eight algorithms/utilities. (The eighth one, not mentioned above, is a spectral validation/verification metric for fingerprint images.) Some of these algorithms and utilities are available separately or in other utilities: anyone can (and is encouraged to) use the quality algorithm, called NFIQ, and the minutiae detector MINDTCT is used within the FBI’s Universal Latent Workstation (ULW).

If the FBI had just waited until 2007, it could have obtained the IAFIS software for free. FBI image taken from Chapter 6 of the Fingerprint Sourcebook, https://www.ojp.gov/pdffiles1/nij/225326.pdf.

As I write this, NBIS has not been updated in six years, when Release 5.0.0 came out.

Is anyone using this in a production system?

And no, I am unaware of any law enforcement agency or any other entity that has actually USED NBIS in a production system, outside of the testing realm, with the exception of limited use of selected utilities as noted above. Although Dev Technology Group has compiled NBIS on the Android platform as an exercise. (Would you like an AFIS on your Samsung phone?)

But it’s interesting to note that the capability is there, so the next time someone says, “Hey, let’s build our own AFIS!” you can direct them to https://www.nist.gov/itl/iad/image-group/products-and-services/image-group-open-source-server-nigos#Releases and let the person download the source code and build it.

Maryland will soon deal with privacy stakeholders (and they CAN’T care about the GYRO method)

Just last week, I mentioned that the state of Utah appointed the Department of Government Operations’ first privacy officer. Now Maryland is getting into the act, and it’s worth taking a semi-deep dive into what Maryland is doing, and how it affects (or doesn’t affect) public safety.

By François Jouffroy – Christophe MOUSTIER (1994), Attribution, https://commons.wikimedia.org/w/index.php?curid=727606

According to Government Technology, the state of Maryland has created two new state information technology positions, one of which is the State Chief Privacy Officer. Because government, I will refer to this as the SCPO throughout the remainder of this post. If you are referring to this new position in verbal conversation, you can refer to the “Maryland skip-oh.” Or the “crab skip-oh.”

From https://teeherivar.com/product/maryland-is-for-crabs/. Fair use. Buy it if you like it. Virginians understand the origins of the phrase.

Governor Hogan announced the creation of the SCPO position via an Executive Order, a PDF of which can be found here.

Let me call out a few provisions in this executive order.

  • A.2. defines “personally identifiable information,” consisting of a person’s name in conjunction with other information, including but not limited to “[b]iometric information including an individual’s physiological or biological characteristics, including an individual’s deoxyribonucleic acid.” (Yes, that’s DNA.) Oh, and driver’s license numbers also.
  • At the same time, A.2 excludes “information collected, processed, or shared for the purposes of…public safety.”
  • But on the other hand, A.5 lists specific “state units” covered by certain provisions of the law, including both The Department of Public Safety and Correctional Services and the Department of State Police.
  • The reason for the listing of the state units is because every one of them will need to appoint “an agency privacy official” (C.2) who works with the SCPO.

There are other provisions, including the need for agency justification for the collection of personally identifiable information (PII), and the need to provide individuals with access to their collected PII along with the ability to correct or amend it.

But for law enforcement agencies in Maryland, the “public safety” exemption pretty much limits the applicability of THIS executive order (although other laws to correct public safety data would still apply).

Therefore, if some Maryland sheriff’s department releases an automated fingerprint identification system Request for Proposal (RFP) next month, you probably WON’T see a privacy advocate on the evaluation committee.

But what about an RFP released in 2022? Or an RFP released in a different state?

Be sure to keep up with relevant privacy legislation BEFORE it affects you.

Agile content

I purposely chose the title “Agile content” for this post, because for some of you “scrummy” individuals it will easily convey what I want to say: content can be tweaked as needed.

Pair programming, an agile development technique used by XP. By Lisamarie Babik – Ted & IanUploaded by Edward, CC BY 2.0, https://commons.wikimedia.org/w/index.php?curid=9546406

But I could have chosen a title that did not resonate as well with modern audiences: “Newer weblog content.”

By Valleyhollandman – blogactive.com, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=24045040

After all, some of you remember what blog (weblog) posts were back in the day. They were not conceived as permanent, immovable statements, but were more transitory (akin to diaries) and could be adapted over time.

Changing my message

Even today, I’ve practiced adaptation with two versions (so far) of Bredemarket’s goals for 2021. (Perhaps it’s time for me to look at them and see if they need revision.) And others have done the same thing, recycling and updating content.

We can practice “Agile content,” regardless of whether or not we have a good idea of what we want to say.

  • Sometimes we know what we want to communicate. We set our goal, create content that meets our goal, and share it. Back in December, I had a pretty good idea of the goals that I wanted to set for 2021, so I shared them. The subsequent tweak that I made was relatively minor.
  • But sometimes we DON’T know what we want to communicate. Perhaps you’re entering a new market or pitching a new product, and you don’t know how the potential customers are going to react. Perhaps your initial idea is COMPLETELY wrong and will need to be COMPLETELY revised.

In the latter case, rather than waiting for all the focus groups and scientific studies and everything else (which can kill productivity), one option is to put something up NOW. And if the customers don’t like parts of it, adapt the content.

Or perhaps you keep on building new content that effectively supersedes the old.

  • For example, last year I created a page here that described the Bredemarket 400E Short Editing Service. Just between you and me, I have NEVER sold this particular service, and this is the first time in months that I have mentioned it. But I never pulled the “400E” page down, because for all I know I may be contacted tomorrow by someone who has content and needs me to edit it.
  • At the same time, all of the newer content that I have created on this website and elsewhere emphasizes my writing services rather than my editing services.

Changing YOUR message

The same thing that applies to my business can also apply to yours.

Maybe you want to test some content, either broadly (by linking to the content on the main page of your website and/or on your social media) or in a limited fashion (by only selectively sharing the link to the content). As you gather feedback about the content you have created, you can either leave it as it, tweak it, make wholesale changes to it, or delete it entirely.

Of course you need to remember that past content can still hang around somewhere, because the Internet never forgets. But in some cases it’s better to try some content out NOW, rather than waiting for all the facts.

As one of my clients likes to remind me, the perfect is the enemy of the good.

Which is why that same client had me create some content several months ago, and revise and expand on it as needed and as needs change. The client could have waited until now to release the content, which includes an important new product feature that couldn’t have been communicated several months ago. But then the client would have missed out on months of sales, as well as feedback on the original iteration of the content.

I’ll confess an ulterior motive: as a consultant, I get paid more to create and update content than I do to create content and do nothing with it afterwards. But the client benefits also because it starts using the content more quickly, leading to more sales.

My earlier calls to action didn’t communicate all of these options

Do you need Bredemarket’s help in content creation? Contact me.

How the APMP Body of Knowledge (BOK) benefits Bredemarket’s NON-proposal clients

(Updated 4/16/2022 with additional benefits information.)

Presumably you saw my earlier post, “I just re-rejoined the Association of Proposal Management Professionals. So what?” This post is a follow-up to the “So what?” part, specifically addressing clients of my consulting firm Bredemarket (marketing and writing services for biometric, technology, and general business firms) who DON’T use me for proposal services.

I said the following in that prior post:

But there are benefits for my Bredemarket clients who DON’T depend upon me for proposal support, but instead depend upon me for content marketing or other marketing and writing services. The same strategies and tactics that contribute to a more effective proposal can be extrapolated to apply to other areas, thus contributing to better white papers, better case studies, better blog posts, better social media posts, better marketing plans, etc., etc., etc. Again, this can help my clients win business.

(Yes, I intentionally used the words “win business.”)

Of course, now I’m in the initial process of making use of my new/old APMP membership by soaking in APMP things (while ALSO hopefully contributing things) that will benefit me and my clients.

I’ll talk about live webinars, the APMP Body of Knowledge, and the benefits for Bredemarket’s non-proposal clients.

Live webinars! Well, sometimes

My first opportunity to obtain value from my APMP membership came on Wednesday July 28, when the Western Chapter (a merger of the California Chapter and other chapters) scheduled a webinar entitled “Persuasion Through Page Architecture.” The presenter, Nancy Webb, offers over 30 years of design expertise. I recall the name, so I’ve probably attended a previous presentation of hers during my second (or perhaps even my first) stint in APMP.

Sadly, I was unable to learn from Nancy Webb on July 28. A major requirement for a webinar is the ability to access the web, and when we all logged into the webinar on Wednesday, we learned that Webb’s Internet connection was out and that the meeting would have to be rescheduled.

By Monoklon – Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=75697420

Ah, technology.

The APMP Body of Knowledge

But MY Internet connection is working, so on Thursday afternoon I was able to visit the APMP website and poke around some more.

Which led me to the page describing the APMP Body of Knowledge (BOK).

Not a body OF KNOWLEDGE, but this illustration was created by Leonardo da Vinci, so the SMA folks will like it. By Leonardo da Vinci – https://www.metmuseum.org/special/Leonardo_Master_Draftsman/tour_gallery4.htm, Public Domain, https://commons.wikimedia.org/w/index.php?curid=1744423

And yes, I’m going to call the Body of Knowledge the BOK from now on. Bok bok bok.

By Andrei Niemimäki from Turku, Finland – Friends, CC BY-SA 2.0, https://commons.wikimedia.org/w/index.php?curid=3769100

It’s no surprise that the proposals world has a slew of acronyms (more on that later).

One important thing you need to know about the APMP BOK; it’s only for APMP members.

The APMP Body of Knowledge (BOK) is available to all APMP members in good standing.

Well, I haven’t done anything to lose my good standing yet, although if I were to log in to the BOK, copy all of the content, and post it here in the Bredemarket blog, I would obviously get in a heap of trouble. For one thing, Wordman would come after me.

Wordman. From https://wordmanspeaks.com/about-wordman/. Fair use. NOT created by Leonardo da Vinci; Wordman avatar created by Sean Jones (www.knitestudios.com)

As it turns out, Wordman could come after me in multiple ways. In addition to his superhero status, Wordman (Richard “Dick” Eassom) chairs the APMP Western Chapter, and is also an executive with SMA, Inc. (which I previously joined). I could get kicked out of the APMP AND SMA in one fell swoop!

(I could go off on a tangent and say why Moses was the most evil man in the Bible, but I really shouldn’t.)

(Moses broke all Ten Commandments at once.)

Um, John, let’s get back to the BOK

So I’m NOT going to go behind the firewall and redistribute the internal content of the APMP BOK.

But I CAN note what the APMP publicly says about the BOK.

TL;DR: as I’ve noted when talking about the brouhaha, the BOK and the APMP itself talk about topics that have applicability far beyond the creation of a proposal.

The topics are grouped into seven categories, which represent key practice areas for improving an organization’s business development focus:

Understand business development

Focus on the customer

Create deliverables

Lead a team

Manage processes

Train staff

Use tools and systems

Obviously, all seven of these categories apply to the creation of a proposal.

Benefits for my NON-proposal clients

And all seven of those categories just as easily apply to the creation of a blog post, case study, white paper, corporate strategy, or ANY deliverable for a customer-facing firm.

(4/16/2022: For additional information on benefits, click here.)

Again, I can’t speak about BOK specifics, but I spent part of Thursday afternoon reading about a topic which would have benefited me greatly in one of my NON-proposal positions with IDEMIA/MorphoTrak/Motorola/Printrak. Well, better late than never.

There are a number of helpful pieces of content in the APMP BOK, including…a list of common proposal acronyms. (CPAs??? No.)

For those who don’t know this, the major purpose of acronyms is to allow people of a small group to exchange secret communications in the presence of the non-initiated. “When you complete the response to the RFP for DoD, ensure that the collected KPIs align with the BD-CMM.” (In truth, many of these acronyms are used outside of the proposal profession, but the acronym list collects some of the important ones in one place.)

So I anticipate that I’ll be spending some significant time in the future reviewing the APMP BOK. And if all goes well, I’ll actually RETAIN something from these BOK content reviews that will result in better written content for ALL Bredemarket clients.

(And yes, Dick, I know that there’s also an SMA body of knowledge to which I have access…)

Another acronym is CTA

Incidentally, if you are a biometric (identity) or technology firm that needs a proposal (or content) consultant, feel free to contact Bredemarket.

Winding down the 28th parallel experiment

Wrapping up a few loose ends about the whole 28th parallel thingie (where I posted/shared multiple content items in a short period to see what would happen).

I just completed a podcast episode about it. (TL;DR: no huge effect.)

Yesterday, I made an observation about traffic vs. engagement on my business Twitter account.

Also yesterday, I posted an obscure trivia question on my personal Twitter account. (It didn’t really get traffic OR engagement.)

Conclusion? In the short term it didn’t help, but it didn’t harm either. And I may exercise the flexibility to increase my content sharing when warranted.

Tenerife. By NASA Earth Observatory image by Jesse Allen, using Landsat data from the U.S. Geological Survey. Caption by Kathryn Hansen. – https://earthobservatory.nasa.gov/images/88659/tenerife-canary-islands, Public Domain, https://commons.wikimedia.org/w/index.php?curid=101333395

That was fun.

Well, my experiment is now complete.

If you missed the explanation of what I just did, I had a backlog of identity-related draft blog posts, and I decided to post all of them at once.

Specifically, I just posted:

And all four of those posts were also shared to my Twitter account, the Bredemarket Identity Firm Services showcase page on LinkedIn, and the Bredemarket Identity Firm Services group on Facebook.

Will my 140+ blog subscribers, 250+ Twitter followers, 120+ showcase page followers, and 9 group followers (yeah, Facebook lags the other platforms) be overwhelmed by this blast of content? Or will they like it? Or will they even notice?

Because of the way social media feeds work, it is questionable that many of the followers will even notice. Social media feeds are presented to readers in order of importance, and Bredemarket isn’t the most important thing to ANY of these followers. (Except for me. Maybe.)

Franchisees and BIPA

In other contexts, I have written about the relationship between franchisors and franchisees, which in some respects is similar to the way gig drivers work “with” (not “for”) Uber, Lyft, and the like. In many cases, the products that are advertised by a particular company are not made by that company, but by a franchisee of that company who is entirely separate from the parent company, but who is responsible for doing things the way the parent company wants them done. If you’re a franchisee, you CAN’T…um…”have it your way.”

This Whopper probably wasn’t made by Burger King itself, but by a franchisee of Burger King. By Tokfo – Own work, CC0, https://commons.wikimedia.org/w/index.php?curid=37367904

Speaking of which, here is an example of an article that confuses franchisor and franchisee. The Buzzfeed article, in typical Buzzfeed style, is entitled “This Is What Happened After A Bunch Of Employees At A Burger King Quit.” (Because of malfunctioning air conditioning, a number of employees put in their two weeks’ notice, leaving a “We All Quit” sign as they left.) You have to read ANOTHER article (from NBC) to find this little statement:

“Our franchisee is looking into this situation to ensure this doesn’t happen in the future,” a Burger King spokesperson said.

Yes, the employees’…um…beef wasn’t with Burger King itself (or its Brazilian/Canadian/American parent Restaurant Brands International), but with whoever manages the local franchise.

Well, now this world of franchisors and franchisees has entered the biometric world, according to a post in Greensfelder, a self-described “franchising & distribution law blog.”

Greensfelder’s post starts by explaining to its readers what BIPA is (something you already know if you read MY blog) and how franchisees are affected.

Plaintiffs are suing both franchisors and franchisees. Franchisors are being sued for collecting the information themselves for their own employees and also for the actions of their franchisees on theories of joint and several liability, vicarious liability, agency and alter ego. A recently filed case alleges that a franchisor mandates and controls virtually every aspect of its franchise locations, including the use of certain equipment that collects biometric information to track employees’ time and attendance and to monitor cash register systems for fraud.

This benefits the lawyers, who get to collect double the damages by claiming that both the franchisor and the franchisee are separately liable.

Greensfelder’s takeaway for franchisors:

Franchisors should be careful about mandating franchisee use of biometric procedures and devices without first checking applicable law and also making sure that their own policies and procedures are in compliance with those laws.

I’m not sure who is providing takeaways for franchisees.

Other than the usual advice to read the franchise agreement very, very carefully.

Biometrics IS the financial sector

“Have to update my chart again.”

C. Maxine Most of Acuity Market Intelligence. From https://twitter.com/cmaxmost/status/1418306725510193152

Since I’m treading into financial territory here, I should disclose that Bredemarket has financial relationships with one or more of the companies mentioned in this post. This is not investment advice, do your own due diligence, bla bla bla.

I don’t monitor the market enough to know if this is part of an overall trend, but there has been a lot of biometric and digital identity investment recently. Both Biometric Update and FindBiometrics (and other publications such as FinLedger) have written about some of these recent investments, and IPVM has published its acquisition analysis (for subscribers only). Here’s a partial list of the biometric and/or digital identity companies who have received new funding (via investors, IPO, or acquisitions) recently:

I am not a financial expert (trust me on this), but I suspect that these companies are benefiting from two contradictory factors.

  • The apparent WANING of the COVID threat suggests better market performance in the future.
  • Some biometric and digital identity investments are very attractive precisely BECAUSE of the COVID threat, and the resulting attractiveness of remote and touchless technologies.

Of course, markets run in cycles, and it’s hard to predict if this is just the beginning of money flowing to biometrics/digital identity companies, or if all of this will suddenly come to a grinding halt. Remember how hot so-called “fever scanners” were a year ago, until their deficiencies were identified? And remember how Microsoft was prompted to divest from Anyvision not too long ago?

It’s possible that a number of external factors, such as an increase in government bans of facial recognition use, consumer resistance to digital identity, or the entry (or re-entry) of much larger players into the biometrics and/or digital identity markets, could dampen the revenue hopes for these funded companies.

Of course, investors are used to analyzing risk, and in many cases the investments with higher risk can yield the greater rewards.

It’s all just a game.