Notable. I don’t know if IDEMIA provides the current Swiss AFIS (it used to), but Thales has locked this up for a long time.
Category Archives: Uncategorized
Update: A Little Harder to Create Voice Deepfakes?
(Imposter scam wildebeest image from Imagen 3)
(Part of the biometric product marketing expert series)
Remember my post early this morning entitled “Nearly $3 Billion Lost to Imposter Scams in the U.S. in 2024“?
The post touched on many items, one of which was the relative ease in using popular voice cloning programs to create fraudulent voices. Consumer Reports determined that four popular voice cloning programs “did not have the technical mechanisms necessary to prevent cloning someone’s voice without their knowledge or to limit the AI cloning to only the user’s voice.”
Reducing voice clone fraud?
Joel R. McConvey of Biometric Update wrote a piece (“Hi mom, it’s me,” an example of a popular fraudulent voice clone) that included an update on one of the four vendors cited by Consumer Reports.
In its responses, ElevenLabs – which was implicated in the deepfake Joe Biden robocall scam of November 2023 – says it is “implementing Coalition for Content Provenance and Authenticity (C2PA) standards by embedding cryptographically-signed metadata into the audio generated on our platform,” and lists customer screening, voice CAPTCHA and its No-Go Voice technology, which blocks the voices of hundreds of public figures, as among safeguards it already deploys.
Coalition for Content Provenance and Authenticity
So what are these C2PA standards? As a curious sort (I am ex-IDEMIA, after all), I investigated.
The Coalition for Content Provenance and Authenticity (C2PA) addresses the prevalence of misleading information online through the development of technical standards for certifying the source and history (or provenance) of media content. C2PA is a Joint Development Foundation project, formed through an alliance between Adobe, Arm, Intel, Microsoft and Truepic.
There are many other organizations whose logos appear on the website, including Amazon, Google, Meta, and Open AI.
Provenance
I won’t plunge into the entire specifications, but this excerpt from the “Explainer” highlights an important word, “provenance” (the P in C2PA).
Provenance generally refers to the facts about the history of a piece of digital content assets (image, video, audio recording, document). C2PA enables the authors of provenance data to securely bind statements of provenance data to instances of content using their unique credentials. These provenance statements are called assertions by the C2PA. They may include assertions about who created the content and how, when, and where it was created. They may also include assertions about when and how it was edited throughout its life. The content author, and publisher (if authoring provenance data) always has control over whether to include provenance data as well as what assertions are included, such as whether to include identifying information (in order to allow for anonymous or pseudonymous assets). Included assertions can be removed in later edits without invalidating or removing all of the included provenance data in a process called redaction.
Providence
I would really have to get into the nitty gritty of the specifications to see exactly how ElevenLabs, or anyone else, can accurately assert that a voice recording alleged to have been made by Richard Nixon actually was made by Richard Nixon. Hint: this one wasn’t.
Incidentally, while this was obviously never spoken, and I don’t believe that Nixon ever saw it, the speech was drafted as a contingency by William Safire. And I think everyone can admit that Safire could soar as a speechwriter for Nixon, whose sense of history caused him to cast himself as an American Churchill (with 1961 to 1969 as Nixon’s “wilderness years”). Safire also wrote for Agnew, who was not known as a great strategic thinker.
And the Apollo 11 speech above is not the only contingency speech ever written. Someone should create a deepfake of this speech that was NEVER delivered by then-General Dwight D. Eisenhower after D-Day:
Our landings in the Cherbourg-Havre have failed to gain a satisfactory foothold and I have withdrawn the troops. My decision to attack at this time and place was based upon the best information available. The troops, the air and the Navy did all that bravery and devotion to duty could do. If any blame or fault attaches to the attempt it is mine alone.
Under the Radar
(Imagen 3)
The trick is to pretend that companies care when they are mentioned.
Many don’t even realize.
But some do.
NPE Comments That Fall Flat
(NPE Image from Imagen 3. It’s like rain…)
Have you ever seen a piece of content that makes you ill?
I just read a week-old comment on a month-old LinkedIn post. The original poster was pursuing a new opportunity, and the commenter responded as follows:
“Incredible achievements! Your journey with GTM teams is truly inspiring. It’s exciting to see you ready to tackle the next challenge. What qualities do you value most when looking for your next venture?”
At least it didn’t have a rocket emoji, but the comment itself had a non-person entity (NPE) feel to it.
Not surprisingly, the comment was not from a person, but from a LinkedIn page.
And not a company page, but an industry-specific showcase page for the tech industry.
Needless to say, I see nothing wrong with that. After all, Bredemarket has its own technology LinkedIn showcase page, Bredemarket Technology Firm Services.
But when Bredemarket’s LinkedIn pages comment on other posts, I write the comments all by myself, and don’t let generative AI draft them for me. So my comments have none of these generic platitudes or fake engagement attempts that don’t work.
I have absolutely no idea why the “incredible achievements” comment was, um, “written” or what its goals were.
Awareness? Consideration? Conversion? Or mere Revulsion?
Nearly $3 Billion Lost to Imposter Scams in the U.S. in 2024
(Imposter scam wildebeest image from Imagen 3)
According to the Federal Trade Commission, fraud is being reported at the same rate, but more people are saying they are losing money from it.
In 2023, 27% of people who reported a fraud said they lost money, while in 2024, that figure jumped to 38%.
In a way this is odd, since you would think that we would better detect fraud attempts now. But I guess we don’t. (I’ll say why in a minute.)
Imposter scams
The second fraud category, after investment scams, was imposter scams.
The second highest reported loss amount came from imposter scams, with $2.95 billion reported lost. In 2024, consumers reported losing more money to scams where they paid with bank transfers or cryptocurrency than all other payment methods combined.
Deepfakes
I’ve spent…a long time in the business of determining who people are, and who people aren’t. While the FTC summary didn’t detail the methods of imposter scams, at least some of these may have used deepfakes to perpetuate the scam.
The FTC addressed deepfakes two years ago, speaking of
…technology that simulates human activity, such as software that creates deepfake videos and voice clones….They can use deepfakes and voice clones to facilitate imposter scams, extortion, and financial fraud. And that’s very much a non-exhaustive list.
Creating deepfakes
And the need for advanced skills to create deepfakes has disappeared. ZD NET reported on a Consumer Reports study that analyzed six voice cloning software packages:
The results found that four of the six products — from ElevenLabs, Speechify, PlayHT, and Lovo — did not have the technical mechanisms necessary to prevent cloning someone’s voice without their knowledge or to limit the AI cloning to only the user’s voice.
Instead, the protection was limited to a box users had to check off, confirming they had the legal right to clone the voice.
Which is just as effective as verifying someone’s identity by asking for their name and date of birth.
(Not) detecting deepfakes
And of course the identity/biometric vendor commuity is addressing deepfakes also. Research from iProov indicates one reason why 38% of the FTC reporters lost money to fraud:
[M]ost people can’t identify deepfakes – those incredibly realistic AI-generated videos and images often designed to impersonate people. The study tested 2,000 UK and US consumers, exposing them to a series of real and deepfake content. The results are alarming: only 0.1% of participants could accurately distinguish real from fake content across all stimuli which included images and video… in a study where participants were primed to look for deepfakes. In real-world scenarios, where people are less aware, the vulnerability to deepfakes is likely even higher.
So what’s the solution? Throw more technology at the problem? Multi factor authentication (requiring the fraudster to deepfake multiple items)? Injection attack detection? Something else?
Artificial, But Intelligent?
Truth (with a generous margin of error) as shared by Kate Kaye on Bluesky.
“AI industry PR/ conferences:
Our new product is ground breaking and works great!
Computer science/AI academic research conferences:
Our proposed method shows great improvement; accuracy and performance levels are 0.7% higher than previous methods showing 56.8% accuracy.”
Substack
I am sharing Bredemarket posts on Substack.
Should Thought Leadership Content Adopt a Single Point of View?
(The Cyrkle “Red Rubber Ball” 45 rpm single cover; fair use)
How should thought leadership content present its arguments?
It depends.
Thought leadership content
Let’s say that you’re a content marketing consultant creating thought leadership content for one of your clients. Furthermore, the client works with two types of rubber balls: the old-fashioned gray ones, and the new red ones.
Now let’s say the content describes moving from the old to the new rubber balls, and you list (perhaps in the manner of a sage) all the reasons why you may want to make the move.
Should your thought leadership piece also say why you may NOT want to make the move?
It depends.
Why to only discuss one point of view in a single piece of content
Perhaps the best way to attract your hungry people (target audience) is to convey a single message.
In my example, your single message may be that gray balls are so prehistoric, red balls are hot, and you should go red.
Clear. Unencumbered. Persuasive.
Why to discuss multiple points of view in a single piece of content
Alternatively, your hungry people may want to consider all the facts.
Returning to my example, your thought leadership piece may list all the reasons to switch from gray to red rubber balls, then list all the reasons why NOT to make the switch.
Now this is a REALLY sage-like move.
You could still recommend to go red, but at least your hungry people were exposed to the alternative (and ultimately rejected) view.
Did you see what I did here in this post? I could have written a straightforward post that said to only talk about one point of view. But then I chose to include this section that advocates a second point of view.
But now I’m going to put on my maverick mask and offer a THIRD option.
Why to discuss multiple points of view in multiple pieces of content
Why not do both? Why not write one piece with one point of view, and a second with the opposite point of view?
In my example, you would write focused pieces about “going red” and “staying gray.” Each self-contained piece is clear, unencumbered, and persuasive. Yet the totality of your thought leadership embodies the complex nuances of cases where there is no one right answer.
And there’s an added benefit for content marketing consultants who write thought leadership pieces for their clients.
If you write two pieces of content rather than one, you (may) collect two fees.
Follow the money.
Speaking of which, Bredemarket can write one or two thought leadership pieces for YOUR firm.
Login.gov May Not Be Pining for the Fjords
My question regarding Login.gov’s future may have been answered.
You will recall that the General Service Administration’s 18F organization was unceremoniously shut down over the weekend. Since 18F was the original developer of Login.gov, it was unclear whether the government’s identity service had also fallen victim to the chopping block.
Well, Anthony Kimery of Biometric Update provided a…well, update. According to Thomas Shedd, who heads the GSA’s Technology Transformation Services (the organization in which the former 18F resided), we have nothing to worry about:
“‘“I can assure you that Login.gov’s work carries forward as a critical part of government-wide efforts to promote efficiency and fight fraud,’ Shedd wrote in a Monday email. ‘To that end we are working to accelerate Login’s roadmap. More to come on that soon.’”
So that’s the story as of this week…
When Remote Bar Exam Technology Failed, You Won’t Believe What Happened Next
(Imagen 3)
This is a remote education post, but not an educational identity post.
I have previously discussed online test taking, and I guess the State Bar of California reads the Bredemarket blog because it decided that an online bar exam would be a great idea, since it would reduce the costs of renting large halls for test taking purposes.
“The online testing platforms repeatedly crashed before some applicants even started. Others struggled to finish and save essays, experienced screen lags and error messages and could not copy and paste text from test questions into the exam’s response field — a function officials had stated would be possible.”
No surprise, but the remote bar exam debacle was so bad that students are filing…lawsuits.
“Some students also filed a complaint Thursday in the U.S. District Court for the Northern District of California, accusing Meazure Learning, the company that administered the exam, of “failing spectacularly” and causing an “unmitigated disaster.””
Bredemarket 