Will the Kami Doorbell Camera sell in Illinois?

There was a recent press release that I missed until Biometric Update started talking about it two days later. The January 19 press release from Kami was entitled “Kami Releases Smart Video Doorbell With Facial Recognition Capabilities.” The subhead announced, “The device also offers user privacy controls.”

And while reading that Kami press release, I noticed a potential issue that wasn’t fully addressed in the press release, or (so far) in the media coverage of the press release. That issue relates to that four-letter word “BIPA.”

This post explains what BIPA is and why it’s important.

  • But it starts by looking at smart video doorbells.
  • Next, it looks at this particular press release about a smart video doorbell.
  • Then we’ll look at a competitor’s smart video doorbell, and a particular decision that the competitor made because of BIPA.
  • Only then will we dive into BIPA.
  • Finally, we’ll circle back to Kami, and how it may be affected by BIPA. (Caution: I’m not a lawyer.)

What is a smart video doorbell?

Many of us can figure out what a smart video doorbell would do, since Kami isn’t the first company to offer such a product. (I’ll talk about another company in a little bit.)

The basic concept is that the owner of the video doorbell (whom I’ll refer to as the “user,” to be consistent with Kami’s terminology) manages a small database of faces that could be recognized by the video doorbell. For example, if I owned such a device, I would definitely want to enroll my face and the face of my wife, and I would probably want to enroll the faces of other relatives and close friends. Doing this would create an allowlist of people who are known to the smart video doorbell system.

However, because technology itself is neutral, I need to point out two things about a standard smart video doorbell implementation:

  • Depending upon the design, you can enroll a person into the system without the person knowing it. If the user of the system controls the enrollment, then the user has complete control over the people that are enrolled into the system. All I need is a picture of the person, and I can use that picture to enroll the person into my smart video doorbell. I can grab a picture that I took from New Year’s Eve, or I could even grab a picture from the Internet. After all, if President Joe Biden walked up to my front door, I’d definitely want to know about it. Now there are technological solutions to this; for example, liveness detection could be used to ensure that the person who is enrolling in the system is a live person and not a picture. But I’m not aware of any system that requires liveness detection for this particular use case.
  • You can enroll a person into the system for ANY reason. Usually consumer smart video doorbells are presented as a way to let you know when friends and family come to the door. But the technology has no way of detecting whether you are actually enrolling a “friend.” Perhaps you want to know when your ex-girlfriend comes to the door. Or perhaps you have a really good picture of the guy who’s been breaking into homes in your neighborhood. Now enterprise and government systems account for this by supporting separate allowlists and blocklists, but frankly you can put anyone on to any list for any reason.

So with that introduction, let’s see what Kami is offering, and why it’s different.

The Kami Doorbell Camera

Let’s return to the Kami press release. It, as well as the description of the item in Kami’s online store, parallels a lot of the features that you can find in any smart video doorbell.

Know exactly who’s at your door. Save the faces of friends and family in your Kami or YI Home App, allowing you to get notified if the person outside your front door is a familiar face or a stranger.

And it has other features, such as an IP-65 rating stating that the camera will continue to work outdoors in challenging weather conditions.

However, Yamin Durrani, Kami’s CEO, emphasized a particular point in the press release:

“The Kami Doorbell Camera was inspired by a greater need for safety and peace of mind as people spend more time at home and consumers’ increasing desire to reside in smart homes,” said Yamin Durrani, CEO of Kami. “However, we noticed one gaping hole in the smart doorbell market — it was lacking an extremely advanced security solution that also puts the user in complete control of their privacy. In designing our video doorbell camera we considered all the ways people live in their homes to elegantly combine accelerated intelligence with a level of customization and privacy that is unmatched in today’s market. The result is a solution that provides comfort, safety and peace of mind.”

Privacy for the user(s) makes sense, because you don’t want someone hacking into the system and stealing the pictures and other stored information. As described, Kami lets the user(s) control their own data, and the system has presumably been designed from the ground up to support this.

But Kami isn’t the only product out there.

One of Kami’s competitors has an interesting footnote in its product description

There’s this company called Google. You may have heard of it. And Google offers a product called Nest Aware. This product is a subscription service that works with Nest cameras and provides various types of alerts for activities within the range of the cameras.

And Nest even has a feature that sounds, um, familiar to Kami users. Nest refers to the feature as “familiar face detection.”

Nest speakers and displays listen for unusual sounds. Nest cameras can spot a familiar face.4 And they all send intelligent alerts that matter.

So it sounds like Nest Aware has the same type of “allowlist” feature that allows the Nest Aware user to enroll friends and family (or whoever) into the system, so that they can be automatically recognized and so you can receive relevant information.

Hmm…did you note that there is a footnote next to the mention of “familiar face”? Let’s see what that footnote says.

4. Familiar face alerts not available on Nest Cams used in Illinois.

To the average consumer, that footnote probably looks a little odd. Why would this feature not be available in Illinois, but available in all the other states?

Or perhaps the average consumer may recall another Google app from three years ago, the Google Art & Culture app. That app became all the rage when it introduced a feature that let you compare your face to the faces on famous works of art. Well, it let you perform that comparison…unless you lived in Illinois or Texas.

So what’s the big deal about Illinois?

Those of us who are active in the facial recognition industry, or people who are active in the privacy industry, are well aware of the Illinois Biometric Information and Privacy Act, or BIPA. This Act, which was passed in 2008, provides Illinois residents control over the use of their biometric data. And if a company violates that control, the resident is permitted to sue the offending company. And class action lawsuits are allowed, thus increasing the possible damages to the offending company.

And there are plenty of lawyers that are willing to help residents exercise their rights under BIPA.

One early example of a BIPA lawsuit was filed against L.A. Tan. This firm offered memberships, and rather than requiring the member to present a membership card, the member simply placed his or her fingerprint onto a scanner to verify membership. But under BIPA, that could be a problem:

The plaintiffs in the L.A. Tan case alleged that the company, which used customers’ fingerprint scans in lieu of key fobs for tanning membership ID purposes, violated the BIPA by failing to obtain the customers’ written consent to use the fingerprint data and by not disclosing to customers the company’s plans for storing the data or destroying it in the event a tanning customer terminated her salon membership or a franchise closed. The plaintiffs did not claim L.A. Tan illegally sold or lost customers’ fingerprint data, just that it did not handle the data as carefully as the BIPA requires.

L.A. Tan ended up settling the case for over a million dollars, but Illinois Policy wondered:

This outcome is reassuring for anyone concerned about the handling of private information like facial-recognition data and fingerprints, but it also could signal a flood of similar lawsuits to come.

And there certainly was a flood of lawsuits. I was working in strategic marketing at the time, and I would duly note the second lawsuit filed under BIPA, and then the third lawsuit, and the fourth…Eventually I stopped counting.

As of June 2019, 324 such lawsuits had been filed in total, including 161 in the first six months of 2019 alone. And some big names have been sued under BIPA.

Facebook settled for $650 million.

Google was sued in October 2019 over Google Photos, again in February 2020 over Google Photos, again in April 2020 over its G Suite for Education, again in July 2020 over its use of IBM’s Diversity in Faces algorithm, and probably several other times besides.

So you can understand why Google is a little reluctant to sell Nest Aware’s familiar face detection feature in Illinois.

So where does that leave Kami?

Here’s where the problem may lie. Based upon the other lawsuits, it appears that lawyers are alleging that before an Illinois resident’s biometric features are stored in a database, the person has to give consent for the biometric to be stored, and the person has to be informed of his or her rights under BIPA.

So such explicit permission has to be given for every biometric database physically within the state of Illinois?

Yes…and then some. Remember that Facebook and Google’s databases aren’t necessarily physically located within the state of Illinois, but those companies have been sued under BIPA. I’m not a lawyer, but conceivably an Illinois resident could sue a Swiss company, with its databases in Switzerland, for violating BIPA.

Now when someone sets up a Kami system, does the Kami user ensure that every Illinois resident has received the proper BIPA notices? And if the Kami user doesn’t do that, is Kami legally liable?

For all I know, the Kami enrollment feature may include explicit BIPA questions, such as “Is the person in this picture a resident of Illinois?” Then again, it may not.

Again, I’m not a lawyer, but it’s interesting to note that Google, who does have access to a bunch of lawyers, decided to dodge the issue by not selling familiar face detection to Illinois residents.

Which doesn’t answer the question of an Iowa Nest Aware familiar face detection user who enrolls an Illinois resident…

Four of my identity information sources that I have created over the years, including one that you can access in the next ten seconds

How many of us keep on doing the same thing, but just use different tools to do it?

For example, I am going to provide four examples of ways…I mean, for example, I am going to list four ways in which I have disseminated identity information to various internal and external audiences over the last fifteen years. Three of these methods had restricted access and some are no longer available, but the last one, Bredemarket Identity Firm Services, is publicly available to you TODAY.

You can get to this information source in ten seconds if you like. If you’re a TL;DR kind of person, click here.

For the rest of you, read on to see how I used COMPASS (most of you haven’t heard of COMPASS), SharePoint (you’ve heard of that), email (you’ve definitely heard of that), and LinkedIn (ditto) to share information.

Take One: Using Motorola Tools

For the first identity information source, let’s go back about fifteen years, when I was a product manager at Motorola (before The Bifurcation). Motorola had its own intranet, called COMPASS, which all of us Motorolans would use to store information except when we didn’t.

Using this intranet, I created a page entitled “Biometric Industry Information,” in which I pasted links and short descriptions of publicly-available news items. I’m not sure how useful this information source was to others, but I referred to it frequently.

Eventually Motorola sold our business unit to Safran, and “Biometric Industry Information” was lost in the transition. For all I know it may be available on some Motorola Solutions intranet page somewhere, though I doubt it.

Take Two: An Industry-Standard Tool and an Expanded Focus

The second identity information source was created a few years later, when I was an employee of MorphoTrak. Two things had changed since the Motorola days:

  • MorphoTrak’s parent company Safran didn’t use the Motorola intranet solution. Instead, it used an industry-standard intranet solution, SharePoint. This was tweaked at each of the individual Safran companies and regions, but it was pretty much a standard solution.
  • The second change was in the breadth of my interests, as I realized that biometrics was only part of an identity solution. Yes, an identity solution could use biometrics, but it could also used the driver’s licenses that MorphoTrak was slated to produce (but didn’t), and other security methods besides.

So when I recreated my Motorola information source, the new one at MorphoTrak was a Microsoft SharePoint list entitled “Identity Industry Information.”

Again, I’m not sure whether others benefited from this, but I certainly did.

Take Three: Taking Over an Email List

The third iteration of my information source wasn’t created by me, but was created about a decade ago at a company known as L-1 Identity Solutions. For those who know the company, L-1 was a conglomeration of multiple small acquisitions that provided multiple biometric solutions, secure document solutions, and other products and services. Someone back then decided that a daily newsletter covering all of L-1’s markets would be beneficial to the company. This newsletter began, and continued after Safran acquired L-1 Identity Solutions and renamed it MorphoTrust.

MorphoTrust and my company MorphoTrak remained separate entities (for security reasons) until Oberthur acquired some of Safran’s businesses and formed IDEMIA. In North America, this resulted in the de facto acquisition of MorphoTrak by MorphoTrust, and some significant shifting in organizational charts and responsibilities.

As a result of these changes, I ended up taking over the daily newsletter, tweaking its coverage to better meet the needs of today, and (in pursuit of a personal annual goal) expanding its readership. (This email was NOT automatically sent to everyone in the company; you had to opt in.)

Now some may believe that email is dead and that everyone should be on Volley or Clubhouse, but email does serve a valid purpose. As a push technology, emails are provided to you every day.

OK, every five seconds.

But modern email systems (including those from Microsoft and Google) provide helpful tools to help you manage your email. This allowed people to prioritize their reading of my daily newsletter, or perhaps de-prioritize it.

Two years later IDEMIA underwent another organizational change, and I was no longer responsible for the daily newsletter. Last I heard, the daily newsletter still continues.

Take Four: Market Me, Benefit You

Eventually I left IDEMIA and started Bredemarket, and the identity industry became one of the industries that I targeted for providing Bredemarket’s services. To build myself as an identity industry authority, and to provide benefits to identity industry firms, I needed to market specifically to that segment. While my online marketing outlets were primarily focused on my website, I was also marketing via LinkedIn and Facebook. My LinkedIn marketing was primarily though the Bredemarket LinkedIn company page.

In late November, I decided to create a LinkedIn Showcase page entitled Bredemarket Identity Firm Services. While the page was initially created for other reasons, I eventually settled into a routine of sharing identity industry information via the page.

Like I’ve done one thousand times before.

I’m trying to add new content to Bredemarket Identity Firm Services on a daily basis. It’s primarily content from other sources, but sometimes my own content (such as this post) will find its way in there also. And, as in the example above, I’ll occasionally include editorial comments on others’ posts.

So if you’re on LinkedIn and would find such content useful to you, go to the showcase page and click the “Follow” button.

P.S. I have a technology showcase page also.

Owning up to misteaks

I am forced to admit that I am not perfect.

Within the last two weeks alone, I have:

  • Sent an email to a client invoicing the client…but failed to attach the actual invoice.
  • Contacted an opportunity, and (due to an editing error) referred to a DIFFERENT company instead of the opportunity’s company.

Obviously I am not eating my own wildebeest food (yes, I’m burned out on iguanas). While these were short missives which would have been significantly delayed if I had literally “slept on it,” I could have caught these errors if I had read my communications just ONE MORE TIME.

In the first case, the client alerted me to my mistake before I realized that I had made it. I have a good relationship with the client, so I just re-sent the message WITH the attached invoice and thanked the client for alerting me. I WAS paid.

In the second case, I had no previous relationship with the opportunity, so I couldn’t draw upon any goodwill. Perhaps I would have lucked out and the opportunity wouldn’t have caught my mistake…but I doubt it. I could have remained silent and just chalked it up as a loss, but I proactively apologized for the mistake. Perhaps I’ve lost the opportunity anyway, or damaged my chances severely, but it was the right thing to do.

Sometimes mistakes are intentional

I guess I could have used the excuse that I made the wrong company name mistake intentionally.

  • For example, the title of this post is an example of an intentional “misteak,” designed to grab the attention of the discerning reader.
  • And phishers and scammers often embed intentional mistakes in their pitches, figuring that if the reader completely ignores the intentional mistake, the reader is more likely to fall for the scam. Although I’m sure that this product (advertised in a game app) is NOT a scam, but is a perfectly legitimate product.

Actually, this mistake may have been TOO MUCH of a mistake. It took me several readings to figure out what “bad stars” was supposed to mean. (If you’re similarly confused, it’s supposed to be “bed starts.”) Then again, I’m not the target audience.

But I can’t think of a way to claim that I INTENTIONALLY messed up the opportunity’s company name. There goes that excuse.

Why to proactively own up to mistakes

Some people may have legitimate reasons for not revealing a mistake to someone else. Perhaps the person is a secret agent, and doesn’t want to let the enemy agent know that the information is incorrect. Or perhaps revelation of a mistake to a competitor could allow the competitor to take advantage of it.

But in most cases, you’re not a secret agent, and you’re not talking directly to a competitor. Therefore, it’s best to admit the mistake and not let it fester.

Laura Click of Blue Kite Marketing described an instance in which the company sent out an email but didn’t format the email correctly. As a result, their subscribers received a message that began:

Morning, <name>!

This was especially embarrassing to Blue Kite because it is a marketing firm, helping clients to better market their products and services. An error like this seems to suggest that Blue Kite doesn’t eat its own wildebeest food.

So Blue Kite Marketing sent a follow-up email. If you read the post that described the episode and included the text of the follow-up email, you will see that Blue Kite did the following:

  • Admitted the mistake.
  • Described how the mistake happened (without making excuses for it).
  • Noted that these mistakes can happen, even to seasoned marketers.
  • Apologized profusely.
  • Thanked the people who pointed out the error.
  • Used the episode as an opportunity to have the recipients update their profiles (“if you want to make doubly sure we know your name”).

The recipients appreciated Blue Kite Marketing’s honesty, and that email admitting the mistake resulted in tremendous engagement. As Blue Kite noted, an episode like this “builds trust and loyalty.”

Of course, apologizing for a mistake is not a guarantee that things will be better. We’ll never know, but perhaps one recipient was so incensed by the error that the person resolved never to do business with the company again. And in my case, I very well could have blown my opportunity by using the wrong company name.

But I still maintain that sincerely apologizing for a mistake is better than doing nothing at all.

And it could have been worse

But if I think about the two mistakes that I know that I made over the last two weeks, and all the mistakes that I DIDN’T know that I made over the last two weeks, and all of my other mistakes over the past few decades, they all pale in comparison to a mistake that I made about 15 years ago.

I was working for Motorola (pre-split) at the time, and if you know anything about Motorola, you know that Motorola is very big on process. Our little division at Motorola was working on achieving a particular Software Engineering Institute – Capability Maturity Model (SEI-CMM) assessment, and I was one of two people responsible for the Requirements Management Key Process Area (KPA). Our team would revise the division’s processes at times, and would announce these changes in release notes.

When I wrote the notes for a particular release, my notes made a reference to “qualtiy.”

Yes, that’s “tiy,” not “ity.”

Even <name> criticized me for that one.

Postscript

After I drafted this post, but before I published it, someone sent me a “God job” message.

But the message came with money, so I didn’t quibble.

Revisiting my “pursue multiple income streams” goal…with SMA Inc.

You may recall that I previously announced a desire to repurpose and extend my content by revisiting some of my five (plus one) goals that I set for Bredemarket in 2021.

I’ve already revisited my “have fun” goal, clarifying that you need to have fun…with a purpose.

Today I’m ready to revisit my “pursue multiple income streams” goal, with a specific WAY in which I plan to pursue multiple income streams. Because multiple income streams can potentially merge into a large income stream.

By Vvnataraj – Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=9783411

What was the goal again?

For your benefit, I’ll start by restating the goal itself, taken from my most recent revision to my 2021 goals.

Goal 2: Pursue multiple income streams. This is really an internal goal for Bredemarket, but it affects my approach.

While I know WHAT I want to do—I’m not going to quit marketing and writing and start selling nutritional supplements—I’m exploring HOW I want to do it. In some cases I’m approaching potential clients directly, while in others I’m using one of several intermediaries to do it.

There are advantages and disadvantages to direct vs. intermediary solicitation, but it’s wise to have multiple options. Some options may perform better at some times, while others perform better at other times. We’ll see what happens.

Which brings me to a conversation that I had a few months ago.

At about the same time that I became a free agent last July, one of my coworkers also became a free agent. Jenna Beck, in addition to managing proposals for biometric systems, has also consulted and written in many other disciplines.

One day, Jenna reminded me of Wordman.

Wordman? Who is Wordman?

Now there are a number of superheroes that are saving the galaxy, but those of us who know our APMP from our STC are well aware of the super powers of Wordman. While other superheroes can leap tall buildings in a single bound, Wordman can optimize your use of Microsoft Word via supplementary software, consulting, and training. This is a super task indeed.

However, like many superheroes, Wordman has a second identity, although his is not so secret. (Of course, with the introduction of new biometric technologies, the identities of other superheroes aren’t that secret either.)

When he is not wielding macros and styles, Wordman goes by the identity of Richard (Dick) Eassom, Vice President of Corporate Support at SMA Inc.

Jenna knew that I was already set up as an independent contractor, and suggested that I consider signing up as an associate with SMA.

SMA? What is SMA?

SMA is a consulting firm, originally established as Stephen Myers & Associates (SM&A) in 1982. It started as a proposal assistance firm (Fun fact: many proposal assistance firms incorporate “wins” either in their corporate name or in their web URL, and SMA at smawins.com is no exception.) Over the years, and after several acquisitions and pivots, SMA has grown from a proposal assistance firm and now helps clients with all aspects of a program lifecycle, from pursuit through performance. A complete list of SMA’s capabilities can be found here.

To fulfill this, SMA needs associates (independent contractors) with experience in a variety of disciplines. Figuring that SMA could possibly use an identity professional with strategy, marketing, proposal (primary state and local) and product management position, I put my name into consideration.

This required an evaluation of my experience in a format consistent with SMA’s Talent on Demand® system. As part of this process, I identified approximately 40 specific projects that I have worked on in the last 25 years. Yes, it’s a thorough process.

After completing this evaluation as well as two interviews, I was officially accepted as an associate with SMA late last year. Now that the paperwork has been completed, I am officially on board as an associate, available to serve SMA’s clients as a market / competitive strategist.

Thanks to Jenna, Wordman, and everyone else who helped me to onboard with SMA. I will still be consulting with clients directly—in fact, SMA assumes that its associates have income streams outside of SMA—but now am also available to clients via SMA’s TOD system.

As I said before, we’ll see what happens.

Revisiting my “have fun” goal

When thinking about content to create, there’s one idea that I’ve had. “Over the course of 2021, why don’t I make a point of revisiting my 2021 goals and seeing how I’m doing on them?” (Content repurposing and extending for the win.)

I hope to soon revisit my multiple income streams goal. But for now, this is an ideal time to revisit my “have fun” goal.

I’ve already talked about how I snuck iguanas into a proposal for a potential client.

Well, I just had the opportunity to write a proposal for a particular opportunity.

The title of the opportunity?

“Funny and Witty Creative Writer.”

The potential client needs to create some content, but fears that if the content is too dry, it won’t be digested by the people who read the content.

So the opportunity description talked about how the content needs to be funny and witty.

I certainly had fun when I wrote my proposal to this client. Iguanas made another appearance, for example. But I also pointed out that funny and witty is NOT enough.

Here’s how my proposal began.

Having read your description of the work needed, I believe that I can provide the balance that you implicitly requested – namely, a balance between conveying the necessary content, but conveying it in an interesting manner. A service provider that can only do one without the other is as useful as a two-wheeled automobile – you’re not going to get anywhere.

My proposal continued by describing the types of content that I could provide before veering into…iguanas. (I’m going to need to find another example. The poor iguana is getting tired of being used over and over again.)

My iguana content started with a story about my former coworker who despises the cliché “best of breed.” She managed technical proposals, not entrants to the Westminster Kennel Club Dog Show.

By Kjunstorm (Lori) – https://www.flickr.com/photos/kjunstorm/3346671755/, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=6605832

This example served to explain why one of my 2021 goals was NOT to “eat my own dog food.” Continuing my story, I then reproduced some of the text that I’ve already reproduced in this post.

After some more of the same, I changed from a yuk-yuk tone to a more serious tone. Leaving out some of the “fun” text, this is what I said to my potential client.

So what have I done here?

I have satisfied the requirements in your description by using a conversational tone that employs storytelling.

I’ve provided you with links to my web and social media content, and given you an incentive to explore them….

I have ensured that you understand my distinction between “fun writing” and “fun writing with a purpose.” You still need to convey the content.

The examples that were provided, including the attachment, exhibit different facets of my writing style, and also exhibit the breadth of topics that I can address.

We’ll see if my conversational, iguana-infused tone will actually help me get business with this particular client, and if the client is prepared to address more serious topics, such as the overall goal of the content that the client wants me to create.

While it’s important to have fun, it’s important that the fun contributes to the overall goal. Remember when I told a group of people at work that I was going to “play” with something? Some of my coworkers understood that I wasn’t going to play for play’s sake. They understood that I was going to play and ensure that the item in question achieved the goals set by the corporation.

Have fun…with a purpose.

And remember that different clients have different needs and require different conversational tones. Perhaps I may have fun while RESEARCHING the benefits and risks of using temperature sensors as a COVID-19 response, but I may choose NOT to exhibit a “fun” tone while WRITING about these benefits and risks.

(Oh, and if the “funny and witty creative writer” potential client happens to read this particular post while reviewing my writing examples, I’ll give you a bonus iguana color: orange. Let’s talk about that…and other things.)

While the contractors test the service providers, the service providers also test the contractors

When I wrote Bredemarket’s goals for 2021 (latest version here), my second goal was to pursue multiple income streams. This requires me to sign up with various middlepersons that marry service providers (such as Bredemarket) to contractors.

Or to TRY to sign up to such middlepersons.

I signed up with one such middleperson a month and a half ago, and never heard back from them. I had occasion to ask someone from the middleperson how long signup takes, and the person indicated that the process should complete within 10 business days. So I contacted the middleperson to see where my application stood, and waited…and waited…and eventually re-read the signup process instructions and realized that the middleperson only contacted SUCCESSFUL applicants. Non-successful applicants receive no response.

Anyway, there’s another middleperson that’s much better at these sorts of things, and I’m trying to solicit work from that service. Essentially you bid on jobs by providing a rate and a text-based technical proposal. After that you either hear from the potential contractor…or you don’t.

I began wondering if there was a way to increase my chances of hearing from the potential contractor.

As I was bidding on a content and social media strategy opportunity, I hit upon an idea.

After describing the service that I would provide, but before my call to action, I included the following section in my text proposal. (If you read my goal 2, you already know why I talk about iguanas.) Pay special attention to the last paragraph.

REFERENCE WEBSITES

If you’re contracting with someone to manage your company’s social media, you’re probably asking if I eat my own iguana food. (Dog food is boring.) Please check out my Bredemarket and Bredemarket-related online channels:

Website: https://bredemarket.com/

Blog: https://bredemarket.com/blog/

LinkedIn page: https://www.linkedin.com/company/bredemarket/

LinkedIn identity showcase page: https://www.linkedin.com/showcase/bredemarket-identity-firm-services/

LinkedIn technology showcase page: https://www.linkedin.com/showcase/bredemarket-technology-firm-services/

Facebook page: https://www.facebook.com/Bredemarket/

Professional Twitter account: https://twitter.com/jebredcal

Personal Instagram account: https://www.instagram.com/johnebredehoft/

I do not have Pinterest, Snapchat, or TikTok accounts, and I have not posted YouTube videos in years.

Incidentally, if you check out the links above, one of them will specify the color of the iguana. Let me know if you see it.

I have no idea who the potential contractor is, but I’m hoping that he/she is an ex-IDEMIA employee who exhibits curiosity. If so, the person may click on the links to discover the color of the iguana.

If so, I could be really cruel and wait to reveal the iguana’s color until the very last link (Instagram).

But I’m a nice guy. The color of the iguana is being revealed right here, in the second link (the Bredemarket blog). THE COLOR OF THE IGUANA IS PURPLE. (Color purple. Geddit?)

Then again…perhaps I’ll specify a DIFFERENT iguana color in one, or more, of my OTHER social media channels.

There may be an entire army of multicolored iguanas waiting to be discovered.

Obviously I’m wondering if my potential contractor is curious. And I might be wondering if others are curious.

Have fun. (Goal 5.)

Facial recognition and the U.S. Capitol attack

This post examines a number of issues regarding the use of facial recognition. Specifically, it looks at various ways to use facial recognition to identify people who participated in the U.S. Capitol attack.

By TapTheForwardAssist – Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=98670006

Let’s start with the technological issues before we look at the legal ones. Specifically, we’ll look at three possible ways to construct databases (galleries) to use for facial recognition, and the benefits and drawbacks of each method.

What a facial recognition system does, and what it doesn’t do

The purpose of a one-to-many facial recognition system is to take a facial image (a “probe” image), process it, and compare it to a “gallery” of already-processed facial images. The system then calculates some sort of mathematical likelihood that the probe matches some of the images in the gallery.

That’s it. That’s all the system does, from a technological point of view.

Although outside of the scope of this particular post, I do want to say that a facial recognition system does NOT determine a match. Now the people USING the system could make the decision that one or more of the images in the gallery should be TREATED as a match, based upon mathematical considerations. However, when using a facial recognition system in the United States for criminal purposes, the general procedure is for a trained facial examiner to use his/her expertise to compare the probe image with selected gallery images. This trained examiner will then make a determination, regardless of what the technology says.

But forget about that for now. I want to concentrate on another issue—adding data to the gallery.

Options for creating a facial recognition “gallery”

As I mentioned earlier, the “gallery” is the database against which the submitted facial image (the “probe”) is compared. In a one-to-many comparison, the probe image is compared against all or some of the images in the gallery. (I’m skipping over the “all or some” issue for now.)

So where do you get facial images to put in the gallery?

For purposes of this post, I’m going to describe three sources for gallery images.

  • Government facial images of people who have been convicted of crimes.
  • Government facial images of people who have not necessarily been convicted of crimes, such as people who have been granted driver’s licenses or passports.
  • Publicly available facial images.

Before delving into these three sources of gallery images, I’m going to present a use case. A few of you may recognize it.

Let’s say that there is an important government building located somewhere, and that access to the building is restricted for security reasons. Now let’s say that some people breach that access and illegally enter the building. Things happen, and the people leave. (Again, why they left and weren’t detained immediately is outside the scope of this post.)

Now that a crime has been committed, the question arises—how do you use facial recognition to solve the crime?

A gallery of government criminal facial images

Let’s look at a case in which the images of people who trespassed at the U.S. Capitol…

Whoops, I gave it away! Yes, for those of you who didn’t already figure it out, I’m specifically talking about the people who entered the U.S. Capitol on Wednesday, January 6. (This will NOT be the only appearance of Captain Obvious in this post.)

Anyway, let’s see how the images of people who trespassed at the U.S. Capitol can be compared against a gallery of images of criminals.

From here on in, we need to not only look at technological issues, but also legal issues. Technology does not exist in a vacuum; it can (or at least should) only be used in accordance with the law.

So we have a legal question: can criminal facial images be lawfully used to identify people who have committed crimes?

In most cases, the answer is yes. The primary reason that criminal databases are maintained in the first place is to identify repeat offenders. If someone habitually trespasses into government buildings, the government would obviously like to know when the person trespasses into another government building.

But why did I say “in most cases”? Because there are cases in which a previously-created criminal record can no longer be used.

  • The record is sealed or expunged. This could happen, for example, if a person committed a crime as a juvenile. After some time, the record could be sealed (prohibiting most access) or expunged (removed entirely). If a record is sealed or expunged, then data in the record (including facial images) shouldn’t be available in the gallery.
  • The criminal is pardoned. If someone is pardoned of a crime, then it’s legally the same as if the crime were never committed at all. In that case, the pardoned person’s criminal record may (or may not) be removed from the criminal database. If it is removed, then again the facial image shouldn’t be in the gallery.
  • The crime happened a long time ago. Decades ago, it cost a lot of money to store criminal records, and due to budgetary constraints it wasn’t worthwhile to keep on storing everything. In my corporate career, I’ve encountered a lot of biometric requests for proposal (RFPs) that required conversion of old data to the new biometric system…with the exception of the old stuff. It stands to reason that if the old arrest record from 1960 is never converted to the new system, then that facial image won’t be in the gallery.

So, barring those exceptions, a search of our probe image from the U.S. Capitol could potentially hit against records in the gallery of criminal facial images.

Great, right?

Well, there’s a couple of issues to consider.

First, there are a lot of criminal databases out there. For those who imagine that the FBI, and the CIA, and the BBC, BB King, and Doris Day (yes) have a single massive database with every single criminal record out there…well, they don’t.

  • There are multiple federal criminal databases out there, and it took many years to get two of the major ones (from the FBI and the Department of Homeland Security) to talk to each other.
  • And every state has its own criminal database; some records are submitted to the FBI, and some aren’t.
  • Oh, and there are also local databases. For many years, one of my former employers was the automated fingerprint identification system provider for Bullhead City, Arizona. And there are a lot of Bullhead City-sized databases; one software package, AFIX Tracker (now owned by Aware) has over 500 installations.

So it you want to search criminal databases, you’re going to have to search a bunch of them. Between the multiple federal databases, the state and territory databases, and the local databases, there are hundreds upon hundreds of databases to search. That could take a while.

Which brings us to the second issue, in which we put on our Captain Obvious hat. If a person has never committed a crime, the person’s facial image is NOT in a criminal database. While biometric databases are great at identifying repeat offenders, they’re not so good at identifying first offenders. (They’re great at identifying second offenders, when someone is arrested for a crime and matches against an unidentified biometric record from a previous crime.)

So even if you search all the criminal databases, you’re only going to find the people with previous records. Those who were trespassing at the U.S. Capitol for the first time are completely invisible to a criminal database.

So something else is needed.

A gallery of government non-criminal facial images

Faced with this problem, you may ask yourself (yes), “What if the government had a database of people who hadn’t committed crimes? Could that database be used to identify the people who stormed the U.S. Capitol?”

Well, various governments DO have non-criminal facial databases. The two most obvious examples are the state databases of people who have driver’s licenses or state ID cards, and the federal database of people who have passports.

(This is an opportune time to remind my non-U.S. readers that the United States does not have national ID cards, and any attempt to create a national ID card is fought fiercely.)

I’ll point out the Captain Obvious issue right now: if someone never gets a passport or driver’s license, they’re not going to be in a facial database. This is of course a small subset of the population, but it’s a potential issue.

There’s a much bigger issue regarding the legal ability to use driver’s license photos in criminal investigation. As of 2018, 31 states allowed the practice…which means that 19 didn’t.

So while searches of driver’s license databases offer a good way to identify Capitol trespassers, it’s not perfect either.

A gallery of publicly available facial images

Which brings us to our third way to populate a gallery of facial images to identify Capitol trespassers.

It turns out that governments are not the only people that store facial images. You can find facial images everywhere. My own facial image can be found in countless places, including a page on the Bredemarket website itself.

There are all sorts of sites that post facial images that can be accessible to the public. A few of these sites include Facebook, Google (including YouTube), LinkedIn (part of Microsoft), Twitter, and Venmo. (We’ll return to those companies later.)

In many cases, these image are tied to (non-verified) identities. For example, if you go to my LinkedIn page, you will see an image that purports to be the image of John Bredehoft. But LinkedIn doesn’t know with 100% certainty that this is really an image of John Bredehoft. Perhaps “John Bredehoft” exists, but the posted picture is not that of John Bredehoft. Or perhaps “John Bredehoft” doesn’t exist and is a synthetic identity.

But regardless, there are billions of images out there, tied to billions of purported identities.

What if you could compare the probe images from the U.S. Capitol against a gallery of those billions of images—many more images than held by any government?

It turns out that you CAN perform that comparison, and that law enforcement did perform that comparison.

Clearview AI’s…facial-recognition app has seen a spike in use as police track down the pro-Trump insurgents who descended on the Capitol on Wednesday….

Clearview AI CEO Hoan Ton-That confirmed to Gizmodo that the app saw a 26% jump in search volume on Jan. 7 compared to its usual weekday averages….

Detectives at the Miami Police Department are using Clearview’s tech to identify rioters in images and videos of the attack and forwarding suspect leads to the FBI, per the Times. Earlier this week, the Wall Street Journal reported that an Alabama police department was also employing Clearview’s tech to ID faces in footage and sending potential matches along to federal investigators.

But now we need to return to the legal question: is “publicly available” equivalent to “publicly usable”?

Certain companies, including the aforementioned Facebook, Google (including YouTube), LinkedIn (part of Microsoft), Twitter, and Venmo, maintain that Clearview AI does NOT have permission to use their publicly available data. Not because of government laws, but because of the companies’ own policies. Here’s what two of the companies said about a year ago:

“Scraping people’s information violates our policies, which is why we’ve demanded that Clearview stop accessing or using information from Facebook or Instagram,” Facebook’s spokesperson told Business Insider….

“YouTube’s Terms of Service explicitly forbid collecting data that can be used to identify a person. Clearview has publicly admitted to doing exactly that, and in response, we sent them a cease-and-desist letter.”

For its part, Clearview AI maintains that its First Amendment government rights supersede the terms of service of the companies.

But other things come in play in addition to terms of service. Lawsuits filed in 2020 allege that Clearview AI’s practices violate the California Consumer Privacy Act of 2018, and the even more stringent Illinois Biometric Information Privacy Act of 2008. BIPA is so stringent that even Google is affected by it; as I’ve previously noted, Google’s Nest Hello Video Doorbell’s “familiar face” alerts is not available in Illinois.

Between corporate complaints and aggrieved citizens, the jury is literally still out on Clearview AI’s business model. So while it may work technologically, it may not work legally.

And one more thing

Of course, people are asking themselves, why do we even need to use facial recognition at all? After all, some of the trespassers actually filmed themselves trespassing. And when people see the widely-distributed pictures of the trespassers, they can be identified without using facial recognition.

Yes, to a point.

While it seems intuitive that eyewitnesses can easily identify people in photos, it turns out that such identifications can be unreliable. As the California Innocence Project reminds us:

One of the main causes of wrongful convictions is eyewitness misidentifications. Despite a high rate of error (as many as 1 in 4 stranger eyewitness identifications are wrong), eyewitness identifications are considered some of the most powerful evidence against a suspect.

The California Innocence Project then provides an example of a case in which someone was inaccurately identified due to an eyewitness misidentification. Correction: it provided 11 examples, including ones in which the witnesses were presented to the viewer in a controlled environment (six-pack lineups, similar backgrounds).

The FBI project, in which people look at images captured from the U.S. Capitol itself, is NOT a controlled environment.

Bredemarket’s five goals for 2021 (the 1/8/2021 9:30am edition)

As some of you know, this is a revision to a post that I wrote on December 4, 2020. December (and January) are the times of the year when companies and people publish end of year posts. Frankly, I didn’t really feel like writing an end of year post for 2020, so instead I shared my goals for Bredemarket for 2021. And now I’ve revised those goals by adding a new goal, and explained other goals in more detail.

Goal 1: Help my clients to communicate and reach (and understand) their goals. My chief goal, of course, is to help my clients reach THEIR OWN goals. Bredemarket aims to thoughtfully and strategically provide marketing and writing services that align with client needs.

If I may briefly look back at 2020 in a positive light, I have helped clients establish themselves as subject matter experts, I have helped them to attract customers in the best possible way, and I have helped them to win business. I’m not sure how much additional business I’ve won for any of these firms, but hopefully I’m helping them lay the groundwork for securing future opportunities.

Part of my services involves determining WHAT clients actually need. Some of my clients simply ask for a blog post, but there’s often a need to dig deeper. For example, several small businesspeople and I were recently discussing how to use the “five whys” to elicit underlying needs from clients. What is this deliverable (white paper, blog post on 2021, whatever) supposed to accomplish?

I’d like to add a comment about this general “customers first” goal. When I was helping a client communicate his company’s goals for 2021, the client did not want to include this as part of his list of goals. The client preferred to talk about unique goals, and frankly putting the customer first should be a goal of every company. (OK, Sir Richard Branson disagrees with me.)

But there are times when it is wise to state the obvious. Schlitz achieved image differentiation by emphasizing the cleanliness of its brewing process. All brewers were doing this…but only Schlitz was talking about it. (Plug: I heard this story from one of the participants in a Jay Clouse Freelancing School online meetup.)

Goal 2: Pursue multiple income streams. This is really an internal goal for Bredemarket, but it affects my approach.

While I know WHAT I want to do—I’m not going to quit marketing and writing and start selling nutritional supplements—I’m exploring HOW I want to do it. In some cases I’m approaching potential clients directly, while in others I’m using one of several intermediaries to do it.

There are advantages and disadvantages to direct vs. intermediary solicitation, but it’s wise to have multiple options. Some options may perform better at some times, while others perform better at other times. We’ll see what happens.

Goal 3: Pursue multiple communication streams. This is a goal that I explicitly added to the list in January. I’ve been working on it all along, but I believe that I need to dedicate myself to it more.

I’m already communicating on dedicated platforms on the Bredemarket website, on LinkedIn (three separate pages, one of which has over 100 subscribers), and on Facebook.

But I can always do more.

I need to make a renewed commitment to my podcast.

I also have to ask myself whether other communication streams will be valuable to disseminating Bredemarket’s messaging.

  • Do I need dedicated Bredemarket pages on Twitter or on Instagram?
  • Should I launch a TikTok channel?
  • Should I fly a plane over Los Angeles with a Bredemarket banner?

The questions should at least be asked.

Goal 4: Eat my own iguana food. (Dog food is boring.) The original version of this very post originated from this particular goal. I wanted to pitch clients on writing 2021 blog posts for them, so I thought it best if I wrote my own. And as I previously noted, I was able to help a client enunciate his company’s 2021 goals.

Some of my other activities, such as my establishment of LinkedIn Showcase Pages for identity and technology, also satisfy this goal (and originated from another pitch idea).

Goal 5: Have fun. Years ago, when I was working for a large company (it might have been the original pre-Solutions/Mobility Motorola), I told a group of people at work that I was going to “play” with something. Use of the term “play” in relation to work did not sit well with some of the group, who thought I wasn’t taking things seriously. Others in the group knew exactly what I was talking about.

When work is fun, and you can approach it with a sense of play, it not only isn’t work, but you’re more energized about doing it. Obviously not everything can be play, but when there are opportunities to enjoy what I do, I’m going to take advantage of them.

Goal 6: Be prepared to change. This is the point where perceptive readers interject, “But John, the title only mentions FIVE goals! You goofed!”

Consider this sixth goal an added bonus! (And I’m, um, playing with your perceptions…)

Obviously I was prepared to change, since I added a new goal in January 2021 about communication streams. However, this change was relatively minor compared to the changes that many of us went through in 2020. For me, I had to pivot early in 2020 when COVID forced my employer to re-evaluated its business lines, then I pivoted again a month later when I had to start working from home, and then I pivoted three months after that, etc., etc. You’ve probably had to pivot a few times yourself.

So I recognized that these goals as of December 4, 2020 at 11:00 am could change, and they did change on January 8, 2021 at 9:30 am. “But,” as Stuart Smalley would say, “that’s…OK.”

What are YOUR goals for 2021? Oh, and can I help you express them? And what do you want to accomplish by expressing them?

Why?

Why?

Why?

Why?

Why?

(Past illustrations) Targeting a new market at a different pricing tier

(This past illustration describes something that I performed in my career, either for a Bredemarket client, for an employer, or as a volunteer. The entity for which I performed the work, or proposed to perform the work, is not listed for confidentiality reasons.)

PROBLEM

A company wanted to enter a lower price tier with a product designed specifically for that price tier.

By علاء – Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=57003347

SOLUTION

For an early version of a product for this market, I created product requirements and demonstrated the product to prospective clients.

For a later version of a product for this market, I was in a different role, but I assisted by using county population as a proxy value to identify target customers for the new product. As the target requirements were modified, I adjusted the list of targeted counties accordingly.

RESULTS

The early product sold in limited quantities and was subsequently discontinued. (This pricing tier is in a challenging market.)

I do not know the status of the later product.

Fame, fortune, or both? Gradations of synthetic identity fraud, with a North Hollywood company as an example

In many cases, identity fraud is accomplished by a bad actor impersonating the identity of another person. Many people have found unauthorized credit or debit card transactions that they didn’t perform, and have had to shut down and re-open their cards as a result.

However, there are other cases in which the identity fraud is accomplished by inventing a “person” out of whole cloth. Or partial cloth; a real piece of identity, such as a legitimate U.S. social security number, is combined with fake information, such as non-existent addresses, stock photography headshots, and unverified social media accounts.

The process could be less rigorous, such as creating a Twitter bot to inflate followers (no government ID needed), or it could be more rigorous, in which the synthetic identity gains legitimate credentials such as passports (although this is becoming more difficult as facial recognition compares applicant faces to existing faces).

Synthetic identity fraud can be damaging. Henry Engler of Thomas Reuters cites a figure of $6 billion in losses to U.S. lenders from synthetic identity fraud.

But sometimes the fraud, while still fraudulent, is relatively innocuous.

Take the case of a particular web design company in North Hollywood, California. If you visit its website (which, oddly enough, is on the “org” domain), the only listed contact for the company is a guy named Eric.

It’s a whole different story on LinkedIn, however.

According to LinkedIn, the company has dozens of employees, including a vast number of co-founders, chief technology officers, and chief information officers. While some are based in Los Angeles, others are based in Chicago, Dallas, Maidenhead, Kyrgyzstan, and other exotic locations. Most remarkably, based upon some of the employee pictures, the company goes over and above in its attempts to attract female technologists. It’s a statistical anomaly!

Under normal circumstances, this remarkable string of oddities would have gone completely unnoticed. I have never interacted with any of these employees, and they don’t seem to be all that active on the LinkedIn platform. Well, with some exceptions; the Chicago-based CEO of the company has made a valuable contribution to the LinkedIn discussion.

Now most of this went under the radar, until a number of LinkedIn employees made connection requests to a particular individual. Unfortunately, this particular individual was Kris’ Rides, a cybersecurity specialist with Tiro Security.

(Before you ask whether Rides himself is a bot, I should note that he has received 40 recommendations on LinkedIn from people that appear to be real, and has amassed over 500 connections. So if Rides is a bot, he is a very effective one.)

When Rides received these connection requests (including two CTOs and two CIOs at the same company), they struck him as odd. So he shared his experience with his connections, which included other cybersecurity professionals, and people (such as me) who were connected to those other cybersecurity professionals. And they’re talking.

Pro tip: if you’re engaging in synthetic identity fraud, don’t reach out to a cybersecurity professional.

Now this story probably won’t be a trending topic on Twitter, even if the bots try to make it so, but it’s certainly gaining traction in the audience that counts: namely, technology experts who have the power to tell LinkedIn and others about questionable marketing techniques.

So what happens next? A mea culpa from Eric (or whatever his or her real name is)? Time will tell.