Is your home your castle when you use consumer doorbell facial recognition?

For purposes of this post, I will define three entities that can employ facial recognition:

  • Public organizations such as governments.
  • Private organizations such as businesses.
  • Individuals.

Some people are very concerned about facial recognition use by the first two categories of entities.

But what about the third category, individuals?

Can individuals assert a Constitutional right to use facial recognition in their own homes? And what if said individuals live in Peoria?

Concerns about ANY use of facial recognition

Let’s start with an ACLU article from 2018 regarding “Amazon’s Disturbing Plan to Add Face Surveillance to Your Front Door.”

Let me go out on a limb and guess that the ACLU opposes the practice.

The article was prompted by an Amazon 2018 patent application which involved both its Rekognition facial recognition service and its Ring cameras.

One of the figures in Amazon’s patent application, courtesy the ACLU. https://www.aclunc.org/docs/Amazon_Patent.pdf

While the main thrust of the ACLU article concerns acquisition of front door face surveillance (and other biometric) information by the government, it also briefly addresses the entity that is initially performing the face surveillance: namely, the individual.

Likewise, homeowners can also add photos of “suspicious” people into the system and then the doorbell’s facial recognition program will scan anyone passing their home.

I should note in passing that ACLU author Jacob Snow is describing a “deny list,” which flags people who should NOT be granted access such as that pesky solar power salesperson. In most cases, consumer products tout the use of an “allow list,” which flags people who SHOULD be granted access such as family members.

Regardless of whether you’re discussing a deny list or an allow list, the thrust of the ACLU article isn’t that governments shouldn’t use facial recognition. The thrust of the article is that facial recognition shouldn’t be used at all.

The ACLU and other civil rights groups have repeatedly warned that face surveillance poses an unprecedented threat to civil liberties and civil rights that must be stopped before it becomes widespread.

Again, not face surveillance by governments, but face surveillance period. People should not have the, um, “civil liberties” to use the technology.

But how does the tech world approach this?

The reason that I cited that particular ACLU article was that it was subsequently referenced in a CNET article from May 2021. This article bore the title “The best facial recognition security cameras of 2021.”

Let me go out on a limb and guess that CNET supports the practice.

The last part of author Megan Wollerton’s article delves into some of the issues regarding facial recognition use, including those raised by the ACLU. But the bulk of the article talks about really cool tech.

As I stated above, Wollerton notes that the intended use case for home facial recognition security systems involves the creation of an “allow list”:

Some home security cameras have facial recognition, an advanced option that lets you make a database of people who visit your house regularly. Then, when the camera sees a face, it determines whether or not it belongs to someone in your list of known faces. If the recognition system does not know who is at the door, it can alert you to an unknown person on your property.

Obviously you could repurpose such a system for anything you want, provided that you can obtain a clear picture of the face of the pesky social power salesperson.

Before posting her reviews of various security systems, and after a brief mention (expanded later in the article) about possible governmental misuse of facial recognition, Wollerton redirects the conversation.

But let’s step back a bit to the consumer realm. Your home is your castle, and the option of having surveillance cameras with facial recognition software is still compelling for those who want to be on the cutting edge of smart home innovation.

“Your home is your castle” may be a distinctly American concept, but it certainly applies here as organizations such as, um, the ACLU defend a person’s right against unreasonable actions by governments.

Obviously, there are limits to ANY Constitutional right. I cannot exercise my Fourth Amendment right to be secure in my house, couple that with my First Amendment right to freely exercise my religion, and conclude that I have the unrestricted right to perform ritual child sacrifices in my home. (Although I guess if I have a home theater and only my family members are present, I can probably yell “Fire!” all I want.)

So perhaps I could mount an argument that I can use facial recognition at my house any time I want, if the government agrees that this right is “reasonable.”

But it turns out that other people are involved.

You knew I was going to mention Illinois in this post

OK, it’s BIPA time.

As I previously explained in a January 2021 post about the Kami Doorbell Camera, “BIPA” is Illinois’ Biometric Information Privacy Act. This act imposes constraints on a private entity’s use of biometrics. (Governments are excluded in Illinois BIPA.) And here’s how BIPA defines the term “private entity”:

“Private entity” means any individual, partnership, corporation, limited liability company, association, or other group, however organized. A private entity does not include a State or local government agency. A private entity does not include any court of Illinois, a clerk of the court, or a judge or justice thereof.

Did you see the term “individual” in that definition?

So BIPA not only affects company use of biometrics, such as use of biometrics by Google or by a theme park or by a fitness center. It also affects an individual such as Harry or Harriet Homeowner’s use of biometrics.

As I previously noted, Google does not sell its Nest Cam “familiar face alert” feature in Illinois. But I guess it’s possible (via location spoofing if necessary) for someone to buy Nest Cam familiar face alerts in Indiana, and then sneak the feature across the border and implement it in the Land of Lincoln. But while this may (or may not) get Google off the hook, the individual is in a heap of trouble (should a trial lawyer decide to sue the individual).

Let’s face it. The average user of Nest Cam’s familiar face alerts, or the Kami Doorbell Camera, or any other home security camera with facial recognition (note that Amazon currently is not using facial recognition in its consumer products), is probably NOT complying with BIPA.

A private entity in possession of biometric identifiers or biometric information must develop a written policy, made available to the public, establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information when the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within 3 years of the individual’s last interaction with the private entity, whichever occurs first.

I mean it’s hard enough for Harry and Harriet to get their teenage son to acknowledge receipt of the Homeowner family’s written policy for the use of the family doorbell camera. And you can forget about getting the pesky solar power salesperson to acknowledge receipt.

So from a legal perspective, it appears that any individual homeowner who installs a facial recognition security system can be hauled into civil court under BIPA.

But will these court cases be filed from a practical perspective?

Probably not.

When a social media company violates BIPA, the violation conceivably affects millions of individuals and can result in millions or billions of dollars in civil damages.

When the pesky solar power salesperson discovers that Harry and Harriet Homeowner, the damages would be limited to $1,000 or $5,000 plus relevant legal fees.

It’s not worth pursuing, any more than it’s worth pursuing the Illinois driver who is speeding down the expressway at 66 miles per hour.

Is small vehicle transit to airports on the decline?

I live only five miles from an airport, but over forty miles away from a BIG airport—Los Angeles International Airport. And for those times in which I have to use LAX, it’s a bear to get there, and getting worse.

By EditorASC – Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=60449501

It used to be that I could take a shuttle to LAX, and the shuttle would get me there most of the time. But my former shuttle service quit operations a few years ago (although it looks like it’s kinda sorta coming back).

I’ve never really been a big fan of the gig economy rideshare services, and it turns out that the driver’s aren’t big fans of them either, despite the favorable legislation that has been enacted in California. Uber and Lyft are experiencing what is called a “driver shortage,” which in essence means that the work isn’t paying enough to get people to return to it post-COVID. In other words, there’s no driver shortage that can’t be overcome by jacking up payments to those people who work “with” Uber and Lyft. Of course if the drivers get more money, the rates for passengers go up dramatically. (In effect, the model is not self-sustaining. But I digress.)

Of course, the rideshare services have already done their damage to the taxi industry. Taxi drivers had a lot of costs that rideshare drivers didn’t have, such as medallion fees. And those costs continued even as the pandemic reduced the number of taxi passengers to near zero.

So with fewer shuttles, rideshares, and taxis, the best way to get to LAX is to drive your own car.

But that’s changing.

[O]fficials gathered on the outskirts of [Los Angeles International] airport to break ground on a $900-million Airport Metro Connector project that by 2024 will link the county’s fast-growing rail network to a people mover system being built at LAX.

Yes, friends, in only three short years it will be possible to take a train to one of the largest airports in the country.

Never mind that it’s taken seven years so far (the project was approved in 2014) with another three years to go. These things take time.

This not only makes it easy for Los Angeles Metro riders to get to the airport, but users of other services such as Metrolink can also get to the airport more easily. Even way out here in Ontario, I have two Metrolink stations within three miles of my home, which means that I can get to LAX via car, Metrolink, and Metro. (And yes, there’s the FlyAway bus, but Metro trains run much more frequently.)

And perhaps if the mass transit systems aren’t decimated by budget cuts between now and 2024, Southern Californians will actually be able to get to our biggest airport without having to get in a car.

Meanwhile, it’s still a little difficult to get to my local airport using mass transit, and the ideas to improve the situation are frankly rather boring.

DHS TSA mDL Public Meeting general observations

As I previously noted, today (June 30, 2021) was the day for the Department of Homeland Security’s Transportation Security Administration to hold its public meeting on its Request for Comment on “Minimum Standards for Driver’s Licenses and Identification Cards Acceptable by Federal Agencies for Official Purposes; Mobile Driver’s Licenses.” (See PDF or text version. The second link contains the method for providing comments.)

I will not provide a recap of the comments made by participants during the meeting, but will instead provide some general observations.

Incidentally, the list of all meeting participants will be made public at some point, and it’s possible that the chat transcript from the meeting will also be made public at some point.

Agreement and disagreement among the participants

As can be expected, there were a variety of views expressed at the meeting, ranging from industry comments about the items that should be in the DHS standard, to privacy advocates who questioned why DHS was implementing a standard at all. One example:

  • Industry participants, such as myself, were enthusiastic about the ability of a mobile driver’s license (mDL) to automatically update itself when new information became available at the DMV. For example, if I move to a new address, the DMV can automatically update the mDL on my smartphone to reflect the new address.
  • Privacy participants were, to put it mildly, a bit less enthusiastic about this feature. Physical driver’s licenses are updated as infrequently as every ten years; why should digital driver’s licenses be any different?

But there was apparent agreement between the industry and privacy participants about one possible feature on mDLs – the ability to control the data that leaves the smartphone and is sent to the verifying official. Everyone seemed to agree that this information should be granular, and that the mDL should not automatically send ALL available information on the mDL.

Let me provide an example. When I go to a bar and use my physical driver’s license to prove my age, the verifier (Jane Bartender) is provided access to my name, my address, my date of birth, my height, my (claimed) weight, and all sorts of personal information that would freak out your average privacy advocate. NONE of this information is needed to prove my age, not even my date of birth. All that the verifier needs to know is whether I am over the age of 21. An mDL can be designed to specifically state ONLY that I am over the age of 21 without revealing my birthdate, my address, or my (claimed) weight.

(You’d think that the privacy advocates would be thrilled about this granularity and would urge people to use mDLs because of this privacy benefit, but privacy and security folks are naturally suspicious and have a hunch that all of the information is being provided in the background anyway through double-secret means.)

But are the participants ready to respond to the RFC?

I had one other observation from the meeting. Before sharing it, I should explain that the meeting allowed the participants to ORALLY share the views that they will subsequently express in WRITTEN comments on or before the July 30 deadline.

And based upon the oral comments that I heard, some of the participants are ready to share their written comments…and others are not.

There were participants who spoke to the DHS about their items of interest, not only briefly stating these items, but WHY these items should be important to the DHS and to the general public.

And then there were participants who concentrated on unimportant details that were NOT of interest to the DHS or the general public. I won’t provide specific examples, but let’s just say that some participants talked about themselves rather than about DHS’ needs.

If these participants’ written comments are of the same tone as their oral comments, I can assure you that their comments will not influence the DHS in any way. Although I guess they can go back to their organizations and proudly proclaim, “We told the DHS how important we are!”

The DHS doesn’t care how important you are. In the DHS’ mind, you are not important. Only the DHS is important. (Oh, and the Congresspeople who fund the DHS are important, I guess.)

Perhaps in the next 30 days these other participants will take a look back at their message drafts and ask themselves the “So what?” question. What will motivate the DHS to incorporate desired features into the standard? And why should they?

And, as always, I can help. If nothing else, I can confidentially review your draft comments before submission and provide some suggestions. (Yes, it’s shameless plug time.)

If I can help you with your RFC response:

Or perhaps you are ready to respond now. I guess we’ll all find out when the DHS publishes its final standards, which may or may not reflect your priorities.

COVID is no longer profitable (for a few, anyway)

In the spring of 2000, the COVID-19 crisis brought vast changes to economies throughout the world. Some businesses completely ground to a halt, such as sporting events, while a number of new businesses sprang up.

Now that COVID is (hopefully) receding, some of those newer businesses are fading away.

Take Maskalike – please!

https://maskalike.com/ as of June 29, 2021.

Before COVID hit, you generally only saw people wearing masks in operating rooms, unless you visited Disneyland and saw Asian visitors walking around with masks. All of a sudden EVERYONE was wearing masks, and you had people getting creative in their design. Maskalike’s gimmick was to create masks that looked just like the portion of your face that was being covered by the mask.

But Maskalike is closing down in a few short days.

It’s been an amazing run bringing thousands of smiles to people, but this project was always supposed to be temporary and we’re getting busy with new ideas. If you have any questions, or want to acquire this company, get in touch. Otherwise, get your order in!

Let’s face it: people aren’t going to be buying a lot of masks any more. In fact, I’m sure that some people never want to see a face mask ever again.

Perhaps some novelty company will buy Maskalike and include it in its catalog, along with other gimmicky things.

If not, it was good while it lasted.

And I’m still keeping my Rodrigo’s mask that I won on Instagram, even though I have no idea where I’m going to wear it.

The air industry is worried about EU Digital COVID certificate activity on July 1

Charles De Gaulle Airport in Paris. By NASA – NASA/JSC, Public Domain, https://commons.wikimedia.org/w/index.php?curid=7156445

So for the last few months we’ve been saying “we need travelers.” And now that we’re about to get travelers, people are getting worried.

The European Union’s system of digital COVID-19 travel certificates is due to come into force on Thursday, but airports group ACI and airlines representative bodies A4E, IATA and ERA warned in a letter to EU national leaders of a “worrying patchwork of approaches” across the continent.

Of course, we’ve known for some time that the EU Digital COVID Certificates are being implemented on a national basis. But now the airport and airline industries are warning that checking the certificates can be dizzying.

The letter said the only way to avoid huge queues and delays during the peak summer season was to implement a system whereby both the vaccination certificate and passenger locator forms are processed remotely before the passenger arrives at the airport.

Checks must only take place in the country of departure and not on arrival and national governments should manage the health data and provide equipment to check the QR codes, the letter said.

So there will be some confusion on Thursday. But will the confusion outweigh the benefits of increased travel?

DNA reunions of families don’t just happen at the U.S.-Mexico border

Dr. Michael Bowers shared an article about DNA-ProKids.

From the article:

DNA-ProKids works with governments in Peru, Mexico, Guatemala, El Salvador, Paraguay, Thailand, Brazil, India and Malaysia….

The programme uses our unique genetic footprint to trace thousands of missing children around the world. Some have been stolen from their parents and trafficked for sex or as slave labour, others sold in illegal adoptions, and some lost in hospital mix-ups….

The article includes several stories, including one of a woman who was drugged and her baby taken from her.

Guatemala’s government, which uses the DNA-ProKids programme, contacted the police who were able to find the baby using DNA within 48 hours. The thief, who was wearing a mask because of the pandemic, could not be identified.

Read more here, or visit the DNA-ProKids website.

The mechanics of acquisitions

During my years in biometrics, my employer was acquired by another firm three times:

  • Printrak was acquired by Motorola in 2000.
  • Part of Motorola was acquired by Safran in 2009.
  • Part of Safran was acquired by Oberthur in 2017. (The combined entity was named IDEMIA.)

Acquisitions always cause a lot of changes, but one of these three acquisitions caused more changes than any of the others.

Subscribe to get access

Subscribe to Bredemarket Premium to access this premium content.

  • Subscriptions just $5 per month.
  • Minimum 4 posts per month.
  • Access Bredemarket’s expertise without spending hundreds or thousands of dollars.

(Past illustrations) Creating win-win marketing materials for a company and its strategic supplier

(This past illustration describes something that I performed in my career, either for a Bredemarket client, for an employer, or as a volunteer. The entity for which I performed the work, or proposed to perform the work, is not listed for confidentiality reasons.)

PROBLEM

A modern automobile assembly line. By User: Anonyme – Own work, CC BY 2.5, https://commons.wikimedia.org/w/index.php?curid=1987247

A company shifted from one supplier to a new strategic supplier.

It was in the interest of the strategic supplier to promote its viability in certain use cases, including the use case for which the company employed the product.

At the same time, it was in the interest of the company to promote its association with the strategic supplier, both to showcase its commitment to technical innovation and to expose its offering to new customers.

SOLUTION

As an employee of the company that had partnered with the strategic supplier, I participated in several joint marketing projects. These included creating and reviewing written marketing materials, participating in interviews with third-party publications, and appearing in videos directed by the strategic supplier.

For many of my efforts, I was assisted by a company colleague who had received technical certifications from the strategic supplier. Therefore, many of my efforts not only promoted my company and its strategic supplier, but also this colleague, since promotion of this person also furthered the promotion of the two firms.

RESULTS

Both companies (and the colleague) received prominent coverage that achieved everyone’s objectives. The company was recognized as a technical innovator compared to its competitors, the strategic partner was recognized for its ability to handle the company’s specific data needs, and the colleague received additional certifications that reflected well on both firms.

Read Mike French’s “Why agencies should conduct their own AFIS benchmarks rather than relying on others.”

Today my content calendar says that I’m supposed to be posting about social media, so I’m going to discuss a LinkedIn article. That fits, doesn’t it?

Seriously, Mike French has posted his long-awaited (by me, anyway) article on the need for automated fingerprint identification system (AFIS) benchmarks. And his perspective is valuable.

People enter the AFIS industry in different ways. I entered the industry as a writer, and therefore needed some time to master the forensic and technical concepts. Mike came from the forensic disciplines, having worked in the Latent Print Unit at the King County Sheriff’s Office before joining Sagem Morpho, which became MorphoTrak, which became IDEMIA Identity & Security N.A.

Because of this background, Mike obviously has an appreciation for a law enforcement agency’s forensic requirements, and why it is important for the agency to conduct its own benchmark of AFIS vendors. As Mike notes, more and more agencies are choosing to rely on independent measurements based on test data. This may not be the best course for an agency.

But go read Mike’s words yourself.

https://www.linkedin.com/pulse/why-agencies-should-conduct-own-afis-benchmarks-rather-mike-french/

Even Apple is moving to a service model. Biometric identity vendors are moving also.

Remember when you bought a big old hunk of hardware…and you owned it?

With cloud computing, significant portions of hardware were no longer owned by companies and people, but were instead provided as a service. And the companies moved from getting revenue from selling physical items to getting revenue from selling services.

From Apple Computer to Apple

Apple is one of those companies, as its formal name change from “Apple Computer” signifies.

Then “Apple Computer” circa 1978. From https://www.macrumors.com/2020/03/23/apple-computer-retail-sign/. Fair use.

Yet even as iTunes and “the” App Store become more prominent, Apple still made a mint out of selling new smartphone hardware to users as frequently as possible.

But Apple is making a change later in 2021, and Adrian Kingsley-Hughes noted the significance of that change.

The change?

So, it turns out that come the release of iOS 15 (and iPadOS 15) later this year, users will get a choice.

Quite an important choice.

iPhone users can choose to hit the update button and go down the iOS 15 route, or play it safe and stick with iOS 14.

Why is Apple supporting older hardware?

So Apple is no longer encouraging users to dump their old phones to keep up with new operating systems like the forthcoming iOS 15?

There’s a reason.

By sticking with iOS 14, iPhone users will continue to get security updates, which keeps their devices safe, and Apple gets to keep those users in the ecosystem.

They can continue to buy content and apps and pay for services such as iCloud.

Although Kingsley-Hughes doesn’t explicitly say it, there is a real danger when you force users to abandon your current product and choose another. (Trust me; I know this can happen.)

In Apple’s case, the danger is that the users could instead adopt a SAMSUNG product.

And these days, that not only means that you lose the sale of the hardware, but you also lose the sale of the services.

It’s important for Apple to support old hardware and retain the service revenue, because not only is its services business growing, but services are more profitable than hardware.

In the fiscal year 2019, Apple’s services business posted gross margins of 63.7%, approaching double the 32.2% gross margin of the company’s product sector. 

If current trends continue, Apple’s services (iCloud, Apple Music, AppleCare, Apple Card, Apple TV+, etc.) will continue to become relatively more important to the company.

The biometric identity industry is moving to a service model also

Incidentally, we’re seeing this in other industries, for example as the biometric identity industry also moves from an on-premise model to a software as a service (SaaS) model. One benefit of cloud-based hosting of biometric identity services is that both software and the underlying hardware can be easily upgraded without having to go to a site, deploying a brand new set of hardware, transferring the data from one set of hardware to the other, and hauling away the old hardware. Instead, all of those activities take place at Amazon, Microsoft, or other data centers with little or no on-premise fuss.

(And, as an added benefit, it’s easier for biometric vendors to keep their current customers because obsolescence becomes less of an issue.)

Is your biometric identity company ready to sell SaaS solutions?

But perhaps your company is just beginning to navigate from on-premise to SaaS. I’ve been through that myself, and can contract with you to provide advice and content. I can wear my biometric content marketing expert hat, or my biometric proposal writing expert hat as needed.

The “T” stands for technology. Or something. By Elred at English Wikipedia – Transferred from en.wikipedia to Commons by Moe_Epsilon., Public Domain, https://commons.wikimedia.org/w/index.php?curid=3812206

Obviously this involves more than just saying “we’re cloud-ready.” Customers don’t care if you’re cloud-ready. Customers only care about the benefits that being cloud-ready provides. And I can help communicate those benefits.

If I can help you communicate the benefits of a cloud-ready biometric identity system, contact me (email, phone message, online form, appointment for a content needs assessment, even snail mail).