On Monday afternoon, I was writing “draft 0.5” of a document for a Bredemarket client. Among other topics, the document noted how the quality of biometric capture affects future identification capability.
Although when I was originally conceptualizing the silhouette, I was thinking of the instrumental interlude toward the end (about 4 minutes in) of Elton John’s “I’ve Seen That Movie Too.”
Yeah, that song’s over fifty years on. Something I will address on my personal LinkedIn profile later this evening.
“A recent development is scammers using the name of legitimate companies that are hiring and approaching their victims through LinkedIn’s direct messaging feature. They then create counterfeit websites that look like the websites of the legitimate companies they are posing as and ask the job seekers for personal information…”
And you can guess what happens with that personal information. It doesn’t land you a real job, that’s for sure.
In addition to the tips that Scamicide provides, I have an additional one. BEFORE you provide your resume, before you send them a connection request, or definitely before you engage on Telegram or WhatsApp, ask this question:
“Can you provide me with your corporate email address?”
This usually shuts scammers up very quickly.
But don’t forget that while job applicants are avoiding fraudulent employers, legitimate employers are avoiding fraudulent applicants…perhaps from North Korea.
“A subject is a human user or NPE, such as a device that issues access requests to perform operations on objects. Subjects are assigned one or more attributes.”
If you have a process to authorize people, but don’t have a process to authorize bots, you have a problem. Matthew Romero, formerly of Veza, has written about the lack of authorization for non-human identities.
“Unlike human users, NHIs operate without direct oversight or interactive authentication. Some run continuously, using static credentials without safeguards like multi-factor authentication (MFA). Because most NHIs are assigned elevated permissions automatically, they’re often more vulnerable than human accounts—and more attractive targets for attackers.
“When organizations fail to monitor or decommission them, however, these identities can linger unnoticed, creating easy entry points for cyber threats.”
Veza recommends that people use a product that monitors authorizations for both human and non-human identities. And by the most amazing coincidence, Veza offers such a product.
People Require Authorization
And of course people require authorization also. They need authorization:
Oh yeah…and to access privileged resources on corporate networks.
It’s not enough to identify or authenticate a person or NPE. Once that is done, you need to confirm that this particular person has the authorization to…launch a nuclear bomb. Or whatever.
Your Customers Require Information on Your Authorization Solution
If your company offers an authorization solution, and you need Bredemarket’s content, proposal, or analysis consulting help, talk to me.
An interesting item popped up in SAM.gov. According to a Request for Information (RFI) due February 20, the FBI may have interest in a system for secret biometric searches.
“The FBI intends to identify available software solutions to store and search subjects at the classified level. This solution is not intended to replace the Next Generation Identification System Functionality, which was developed and implemented in collaboration with the FBI’s federal, state, local, tribal, and territorial partners. The solution shall reside at the Secret and/or Top-Secret/SCI level with the ability to support data feeds from external systems. The solution must allow the ability to enroll and search face, fingerprint, palmprint, iris, and latent fingerprints, and associated biographic information with a given set of biometrics.”
Now remember that the Next Generation Identification (NGI) system is protected from public access by requiring all users to adhere to the CJIS Security Requirements. But the CJIS Security Requirements aren’t Secret or Top Secret. These biometric searches, whatever they are, must REALLY be kept from prying eyes.
The RFI itself is 8 pages long, and is mysteriously numbered as RFI 01302025. I would have expected an RFI number 01152026. I believe this was an editing error, since FBI RFI 01302025 was issued in 2025 for a completely different purpose.
Whatever the real number is, the RFI is labeled “Classified Identity-Based Biometric System.” No acronym was specified, so I’m self-acronyming it as CIBS. Perhaps the system has a real acronym…but it’s secret.
If your company can support such a system from a business, technical, and security perspective, the due date is February 20 and questions are due by February 2. See SAM.gov for details.
Each person has certain immutable attributes associated with them, such as their blood type. And other attributes, such as their fingerprints and iris characteristics, which are mostly immutable. (Although I defy anyone to change their irises.)
But other things associated with us are all too mutable. If we use these for identification, we’ll end up in trouble.
Elvis Presley, songwriter?
Let’s take one of the many attributes associated with Elvis Presley. If you haven’t heard of Presley, he was a popular singer in the mid 20th century. He’s even in Britannica.
(As a point of clarification, the song “Radio Radio” is associated with a DIFFERENT Elvis.)
Among many other songs, Presley is associated with the song “Don’t Be Cruel.”
Elvis Presley.
Presley was not only the performer, but also the credited co-songwriter.
After all, that’s what BMI says when you search its Songview database. See BMI work ID 317493.
“…he listened to a selection of acetate demos provided by Freddy Bienstock, the new song representative assigned to Elvis by his publishers, Hill and Range. He chose “Don’t Be Cruel” by an obscure Brooklyn-born r&b singer and songwriter, Otis Blackwell. As per Hill and Range’s contractual requirement, it came with the assignment of half the publishing to Elvis Presley Music and half the writer’s share to Elvis Presley, but as Blackwell, the first of Elvis’ great “contract” writers, was always quick to point out, it was the best deal he ever made.”
Many songs are credited to Presley as a songwriter, but in reality he wrote few if any of them. Yet the “songwriter” attribute is assigned to him. Do we simply accept what BMI says and move on?
But there are other instances in which there are no back room deals, yet a song is strongly associated with a musical entity who never wrote it.
George Jones, not a songwriter
Take BMI Work ID 542061. The credited songwriters for this particular song are Robert Valentine Braddock and Claude Putnam, more commonly known as Bobby Braddock and Curly Putnam. According to RolandNote, Braddock and Putnam began writing this song on March 4, 1977 and finished it on October 18, 1977.
It was recorded by Johnny Russell on either March 7, 1978 (RolandNote), or January 18, 1979 (Second Hand Songs), or both (Classic Country Music Stories). But no recording was released.
Then George Jones recorded the song on February 6, 1980 with subsequent overdubs (“You know she came to see him one last time”) when he was more sober. His reaction?
“I looked [producer] Billy [Sherrill] square in the eye and said ‘nobody’s gonna buy that thing, it’s too morbid.’”
And morbid it was. Although popular music in general and country music in particular has never shied away from morbid songs.
Released the next month on March 18, the song was never associated with Braddock, Putnam, Russell, or Sherrill ever again. “He Stopped Loving Her Today” is completely associated with George Jones.
Now there’s a particular article that I wrote for a Bredemarket client a couple of years ago that used a slow reveal “reverse timeline” effect. Starting with 2022 and moving back in time to 2019, I slowly dropped the details about a missing person who was identified via biometric technology, finally solving the mystery of the person’s identity (Connerjack Oswalt).
“It is clear that digital-first identity systems are unlikely to become standard. Most governments will still rely heavily on physical credentials through 2026. Physical documents, such as diver’s licenses and passports, have long life spans. Physical security is already a proven technology, making it essential for continued trust and accessibility in the wake of ever-more sophisticated attack methods. ABI Research cybersecurity analysts view mobile ID as more of a companion to physical credentials.”
Oh, and number 12.
“Interest in biometric payment cards has waned due to high costs and complex onboarding. Zwipe’s bankruptcy in March 2025 is emblematic of this latest trend. To extract returns from their prior investments in biometrics, digital payment providers are pivoting to other markets like secure access and cold wallets. Going forward, the technology will shift from mainstream ambition to specialty use cases, with fewer launches expected in 2026.”
To see what these and the other 11 predictions mean, read the ABI Research article.
Bredemarket 