The air industry is worried about EU Digital COVID certificate activity on July 1

Charles De Gaulle Airport in Paris. By NASA – NASA/JSC, Public Domain, https://commons.wikimedia.org/w/index.php?curid=7156445

So for the last few months we’ve been saying “we need travelers.” And now that we’re about to get travelers, people are getting worried.

The European Union’s system of digital COVID-19 travel certificates is due to come into force on Thursday, but airports group ACI and airlines representative bodies A4E, IATA and ERA warned in a letter to EU national leaders of a “worrying patchwork of approaches” across the continent.

Of course, we’ve known for some time that the EU Digital COVID Certificates are being implemented on a national basis. But now the airport and airline industries are warning that checking the certificates can be dizzying.

The letter said the only way to avoid huge queues and delays during the peak summer season was to implement a system whereby both the vaccination certificate and passenger locator forms are processed remotely before the passenger arrives at the airport.

Checks must only take place in the country of departure and not on arrival and national governments should manage the health data and provide equipment to check the QR codes, the letter said.

So there will be some confusion on Thursday. But will the confusion outweigh the benefits of increased travel?

DNA reunions of families don’t just happen at the U.S.-Mexico border

Dr. Michael Bowers shared an article about DNA-ProKids.

From the article:

DNA-ProKids works with governments in Peru, Mexico, Guatemala, El Salvador, Paraguay, Thailand, Brazil, India and Malaysia….

The programme uses our unique genetic footprint to trace thousands of missing children around the world. Some have been stolen from their parents and trafficked for sex or as slave labour, others sold in illegal adoptions, and some lost in hospital mix-ups….

The article includes several stories, including one of a woman who was drugged and her baby taken from her.

Guatemala’s government, which uses the DNA-ProKids programme, contacted the police who were able to find the baby using DNA within 48 hours. The thief, who was wearing a mask because of the pandemic, could not be identified.

Read more here, or visit the DNA-ProKids website.

(Bredemarket Premium) The mechanics of acquisitions

During my years in biometrics, my employer was acquired by another firm three times:

  • Printrak was acquired by Motorola in 2000.
  • Part of Motorola was acquired by Safran in 2009.
  • Part of Safran was acquired by Oberthur in 2017. (The combined entity was named IDEMIA.)

Acquisitions always cause a lot of changes, but one of these three acquisitions caused more changes than any of the others.

Subscribe to get access

Subscribe to Bredemarket Premium to access this premium content.

  • Subscriptions just $5 per month.
  • Access Bredemarket’s expertise without spending hundreds or thousands of dollars.

(Past illustrations) Creating win-win marketing materials for a company and its strategic supplier

(This past illustration describes something that I performed in my career, either for a Bredemarket client, for an employer, or as a volunteer. The entity for which I performed the work, or proposed to perform the work, is not listed for confidentiality reasons.)

PROBLEM

A modern automobile assembly line. By User: Anonyme – Own work, CC BY 2.5, https://commons.wikimedia.org/w/index.php?curid=1987247

A company shifted from one supplier to a new strategic supplier.

It was in the interest of the strategic supplier to promote its viability in certain use cases, including the use case for which the company employed the product.

At the same time, it was in the interest of the company to promote its association with the strategic supplier, both to showcase its commitment to technical innovation and to expose its offering to new customers.

SOLUTION

As an employee of the company that had partnered with the strategic supplier, I participated in several joint marketing projects. These included creating and reviewing written marketing materials, participating in interviews with third-party publications, and appearing in videos directed by the strategic supplier.

For many of my efforts, I was assisted by a company colleague who had received technical certifications from the strategic supplier. Therefore, many of my efforts not only promoted my company and its strategic supplier, but also this colleague, since promotion of this person also furthered the promotion of the two firms.

RESULTS

Both companies (and the colleague) received prominent coverage that achieved everyone’s objectives. The company was recognized as a technical innovator compared to its competitors, the strategic partner was recognized for its ability to handle the company’s specific data needs, and the colleague received additional certifications that reflected well on both firms.

Read Mike French’s “Why agencies should conduct their own AFIS benchmarks rather than relying on others.”

Today my content calendar says that I’m supposed to be posting about social media, so I’m going to discuss a LinkedIn article. That fits, doesn’t it?

Seriously, Mike French has posted his long-awaited (by me, anyway) article on the need for automated fingerprint identification system (AFIS) benchmarks. And his perspective is valuable.

People enter the AFIS industry in different ways. I entered the industry as a writer, and therefore needed some time to master the forensic and technical concepts. Mike came from the forensic disciplines, having worked in the Latent Print Unit at the King County Sheriff’s Office before joining Sagem Morpho, which became MorphoTrak, which became IDEMIA Identity & Security N.A.

Because of this background, Mike obviously has an appreciation for a law enforcement agency’s forensic requirements, and why it is important for the agency to conduct its own benchmark of AFIS vendors. As Mike notes, more and more agencies are choosing to rely on independent measurements based on test data. This may not be the best course for an agency.

But go read Mike’s words yourself.

https://www.linkedin.com/pulse/why-agencies-should-conduct-own-afis-benchmarks-rather-mike-french/

Even Apple is moving to a service model. Biometric identity vendors are moving also.

Remember when you bought a big old hunk of hardware…and you owned it?

With cloud computing, significant portions of hardware were no longer owned by companies and people, but were instead provided as a service. And the companies moved from getting revenue from selling physical items to getting revenue from selling services.

From Apple Computer to Apple

Apple is one of those companies, as its formal name change from “Apple Computer” signifies.

Then “Apple Computer” circa 1978. From https://www.macrumors.com/2020/03/23/apple-computer-retail-sign/. Fair use.

Yet even as iTunes and “the” App Store become more prominent, Apple still made a mint out of selling new smartphone hardware to users as frequently as possible.

But Apple is making a change later in 2021, and Adrian Kingsley-Hughes noted the significance of that change.

The change?

So, it turns out that come the release of iOS 15 (and iPadOS 15) later this year, users will get a choice.

Quite an important choice.

iPhone users can choose to hit the update button and go down the iOS 15 route, or play it safe and stick with iOS 14.

Why is Apple supporting older hardware?

So Apple is no longer encouraging users to dump their old phones to keep up with new operating systems like the forthcoming iOS 15?

There’s a reason.

By sticking with iOS 14, iPhone users will continue to get security updates, which keeps their devices safe, and Apple gets to keep those users in the ecosystem.

They can continue to buy content and apps and pay for services such as iCloud.

Although Kingsley-Hughes doesn’t explicitly say it, there is a real danger when you force users to abandon your current product and choose another. (Trust me; I know this can happen.)

In Apple’s case, the danger is that the users could instead adopt a SAMSUNG product.

And these days, that not only means that you lose the sale of the hardware, but you also lose the sale of the services.

It’s important for Apple to support old hardware and retain the service revenue, because not only is its services business growing, but services are more profitable than hardware.

In the fiscal year 2019, Apple’s services business posted gross margins of 63.7%, approaching double the 32.2% gross margin of the company’s product sector. 

If current trends continue, Apple’s services (iCloud, Apple Music, AppleCare, Apple Card, Apple TV+, etc.) will continue to become relatively more important to the company.

The biometric identity industry is moving to a service model also

Incidentally, we’re seeing this in other industries, for example as the biometric identity industry also moves from an on-premise model to a software as a service (SaaS) model. One benefit of cloud-based hosting of biometric identity services is that both software and the underlying hardware can be easily upgraded without having to go to a site, deploying a brand new set of hardware, transferring the data from one set of hardware to the other, and hauling away the old hardware. Instead, all of those activities take place at Amazon, Microsoft, or other data centers with little or no on-premise fuss.

(And, as an added benefit, it’s easier for biometric vendors to keep their current customers because obsolescence becomes less of an issue.)

Is your biometric identity company ready to sell SaaS solutions?

But perhaps your company is just beginning to navigate from on-premise to SaaS. I’ve been through that myself, and can contract with you to provide advice and content. I can wear my biometric content marketing expert hat, or my biometric proposal writing expert hat as needed.

The “T” stands for technology. Or something. By Elred at English Wikipedia – Transferred from en.wikipedia to Commons by Moe_Epsilon., Public Domain, https://commons.wikimedia.org/w/index.php?curid=3812206

Obviously this involves more than just saying “we’re cloud-ready.” Customers don’t care if you’re cloud-ready. Customers only care about the benefits that being cloud-ready provides. And I can help communicate those benefits.

If I can help you communicate the benefits of a cloud-ready biometric identity system, contact me (email, phone message, online form, appointment for a content needs assessment, even snail mail).

My LinkedIn article “Don’t ban facial recognition”

By TapTheForwardAssist – Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=98670006

This post serves as a pointer to an article that I just published on LinkedIn, “Don’t ban facial recognition.”

If you’re going to prohibit use of a particular tool, you may want to check the alternatives to that tool to see if the alternatives are better…or worse.

To read the article, go here.

(Bredemarket Premium) The drawbacks of a FOCI-mitigated subsidiary

Those portions of the U.S. government that deal with critical infrastructure are naturally concerned about foreign encroachment into U.S. Government operations, even from “friendly” nations. Therefore, the U.S. Government takes steps to mitigate the effects of “Foreign Ownership, Control or Influence” (FOCI).

I’ve worked for two companies that needed to undertake FOCI mitigation, and I know of others that have also done this. And while FOCI mitigation offers benefits to the United States, there are also drawbacks of which everyone involved should be aware.

Subscribe to get access

Subscribe to Bredemarket Premium to access this premium content.

  • Subscriptions just $5 per month.
  • Access Bredemarket’s expertise without spending hundreds or thousands of dollars.

The Pandora’s Box of the “passwords are dead” movement

I’ve previously commented on the “passwords are dead” movement, and why I don’t agree that passwords are dead. But I recently realized that the “logic” behind the “passwords are dead” movement could endanger ALL forms of multi-factor authentication.

If I may summarize the argument, the “passwords are dead” movement is based upon the realization that passwords are an imperfect authentication method. People use obvious passwords, people re-use passwords, individuals don’t guard their passwords, and even companies don’t guard the passwords that they store. Because of these flaws, many passwords have been compromised over the years.

From this indisputable fact, the “passwords are dead” advocates have concluded that the best thing to do is to refrain from using passwords entirely, and to use some other authentication method instead (choosing from the five authentication factors).

In my spiral of people connections, the most frequently suggested replacement for passwords is biometrics. As a biometric content marketing expert and a biometric proposal writing expert, I’m certainly familiar with the arguments about the wonderfulness of biometric authentication.

But wait a minute. Isn’t it possible to spoof biometrics? And when a biometric is compromised, you can’t change your finger or your face like you can with a compromised password. And the Internet tells me that biometrics is racist anyway.

So I guess “biometrics are dead” too, using the “passwords are dead” rationale.

And we obviously can’t use secure documents or other “something you have” modalities either, because “something you have” is “something that can be stolen.” And you can’t vet the secure document with biometrics because we already know that biometrics are spoofable and racist and all that.

So I guess “secure documents are dead” too.

Somewhere you are? Yeah, right. There are entire legitimate industries based upon allowing someone to represent that they are in one place when in fact they are in another place.

So I guess “geolocation is dead” too.

You see where this leads.

NO authentication method is perfect.

But just because an authentication method has imperfections doesn’t mean that it should be banned entirely. If you open the Pandora’s Box of declaring imperfect authentication methods “dead,” there will be NO authentication methods left.

Epimetheus opening Pandora’s Box. By Giulio Bonasone – This file was donated to Wikimedia Commons as part of a project by the Metropolitan Museum of Art. See the Image and Data Resources Open Access Policy, CC0, https://commons.wikimedia.org/w/index.php?curid=60859836

And before talking about multi-factor authentication, remember that it isn’t perfect either. With enough effort, a criminal could spoof multiple factors to make it look like someone with a spoofed face and a spoofed driver’s license is physically present at a spoofed location. Of course it takes more effort to spoof multiple factors of authentication…

…which is exactly the point. As security professionals already know, something that is harder to hack is less likely to be hacked.

“I don’t want to say multi-factor is terrible. All things considered, it is generally better than single-factor and we should strive to use it wherever it makes sense and is possible. However, if someone tells you something is unhackable, they’re either lying to you or dumb.”

And heck, be wild and throw a strong password in as ONE of the factors. Even weak passwords of sufficient length can take a long time to crack, provided they haven’t been compromised elsewhere.

Feel free to share the images and interactive found on this page freely. When doing so, please attribute the authors by providing a link back to this page and Better Buys, so your readers can learn more about this project and the related research.

Luckily, my experience extends beyond biometrics to other authentication methods, most notably secure documents and digital identity. And I’m familiar with multi-factor authentication methods that employ…well, multiple factors of authentication in various ways. Including semi-random presentation of authentication factors; if you don’t know which authentication factors will be requested, it’s that much harder to hack the authentication process.

Do you want to know more? Do you need help in communicating the benefits of YOUR authentication mechanism? Contact me.

Something I wrote elsewhere about the biometric systems development lifecycle

One of my non-Bredemarket blogs is JEBredCal, and I recently wrote something on that blog entitled “The biometric systems development lifecycle.”

By Horst59 – Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=64233808

The post describes several steps in the lifecycle, including:

  • Strategic/market assessment.
  • Product release definition and development.
  • Capture and proposal strategy.
  • Contract negotiation.
  • Business system requirements analysis.
  • Implementation.
  • Operation.
  • End of life.

At each stage, there are decisions that you need to make regarding whether you will pursue something, or instead choose NOT to pursue it.

  • Does it make sense to pursue this market? As Peter Kirkwood notes, sometimes you SHOULDN’T pursue a market.
  • Does it make sense to release this product? Again, maybe not.
  • Does it make sense to bid on this Request for Proposal? Again, maybe not. Especially if the opportunity cost of bidding on a low-PWin opportunity instead of another opportunity is high.

No, a “no” decision doesn’t mean that you stick a fork in it. The post implicitly refers to ANOTHER definition of a fork.