Category Archives: Uncategorized

(Bredemarket Premium) I can’t TELL you the law enforcement AFIS vendors in each state, but…

Well, it’s time for another post in the Bredemarket Premium series, in which posts are only viewable by paying subscribers.

I thought about this topic when I was asked by someone NOT in the automated fingerprint identification system (AFIS) industry to explain the industry. And I told him some things that would benefit people who ARE in the AFIS industry. Some people already know these things, while some people don’t. One example: which AFIS vendors service which customers?

From https://dps.mn.gov/divisions/bca/bca-divisions/forensic-science/Pages/midwest-automated-fingerprint-identification-network.aspx

For purposes of this post I will concentrate on state-level law enforcement AFIS in the United States, although AFIS are available at many government (and enterprise) levels for many markets in many countries.

As I detail in the post, I actually know all of this information myself, but I can’t share it. So this post is intended to tell you how to obtain this information yourself, from publicly available sources. And I’ll even give you a few pointers to get you started.

Subscribe to get access

Subscribe to Bredemarket Premium to access this premium content.

  • Subscriptions just $5 per month.
  • Access Bredemarket’s expertise without spending hundreds or thousands of dollars.
Subscribe

Requests for Comments (RFCs), formal and casual

I don’t know how it happened, but people in the proposals world have to use a lot of acronyms that begin with the letters “RF.” But one “RF” acronym isn’t strictly a proposal acronym, and that’s the acronym “RFC,” or “Request for Comments.”

In one sense, RFC has a very limited meaning. It is often used specifically to refer to documents provided by the Internet Engineering Task Force.

A Request for Comments (RFC) is a numbered document, which includes appraisals, descriptions and definitions of online protocols, concepts, methods and programmes. RFCs are administered by the IETF (Internet Engineering Task Force). A large part of the standards used online are published in RFCs. 

But the IETF doesn’t hold an exclusive trademark on the RFC acronym. As I noted in a post on my personal blog, the National Institute of Standards and Technology recently requested comments on a draft document, NISTIR 8334 (Draft), Mobile Device Biometrics for Authenticating First Responders | CSRC.

While a Request for Comments differs in some respects from a Request for Proposal or a Request for Information, all of the “RFs” require the respondents to follow some set of rules. Comments, proposals, and information need to be provided in the format specified by the appropriate “RF” document. In the case of NIST’s RFC, all comments needed to include some specific information:

  • The commenter’s name.
  • The commenter’s email address.
  • The line number(s) to which the comment applied.
  • The page number(s) to which the comment applied.
  • The comment.

Comments could be supplied in one of two ways (via email and via web form submission). I chose the former.

Cover letter of the PDF that I submitted to NIST via email.

On the other hand, NIST’s RFC didn’t impose some of the requirements found in other “RF” documents.

  • Unlike a recent RFI to which I responded, I could submit as many pages as I liked, and use any font size that I wished. (Both are important for those respondents who choose to meet a 20-page limit by submitting 8-point text.)
  • Unlike a recent RFP to which I responded, I was not required to state all prices in US dollars, exclusive of taxes. (In fact, I didn’t state any prices at all.)
  • I did not have to provide any hard copies of my response. (Believe it or not, some government agencies STILL require printed responses to RFPs. Thankfully, they’re not requiring 12 copies of said responses these days like they used to.)
  • I did not have to state whether or not I was a small business, provide three years of audited financials, or state whether any of the principal officers of my company had been convicted of financial crimes. (I am a small business; my company doesn’t have three years of financials, audited or not; and I am not a crook.)

So RFC responses aren’t quite as involved as RFP/RFI responses.

But they do have a due date and time.

By Arista Records – 45cat.com, Fair use, https://en.wikipedia.org/w/index.php?curid=44395072

Marketing messages at multiple levels

Today is podcast day on my content calendar, and I decided upon a title for my next podcast before I even started recording it.

The title? “All clear for an IPO.”

By Michael Ball – Own work, CC0, https://commons.wikimedia.org/w/index.php?curid=77279000

When I selected that title, I knew that 100% of the listeners would discern that the podcast had to do with some company’s initial public offering.

And I knew that 5% of the listeners would understand the significance of the word “clear” in the title.

And I additionally knew that 1% of the listeners would understand the significant of the word “all” in the title.

If you listen to the podcast episode, you’ll understand the significance of these two words, if you didn’t already know their significance.

This is an example of a marketing message that works at multiple levels. Some people will take the title at face value, while others will discern deeper information.

Personally, a lot of my writing is like this, with dense links to illustrative material and occasional phrases that have multiple meanings.

But what happens when a marketing message has multiple meanings and the marketer doesn’t know it?

I am a lover of comedy, and one of my favorite comedy groups from the 1980s is the Pet Shop Boys. Now you might think of the Pet Shop Boys as a music group, but you’re wrong. The duo is actually an accomplished comedy group, with their comedy present in their musical, visual, and lyrical output.

Musically, seek out the Pet Shop Boys’ recording of “Always on My Mind” and compare it to, for example, Willie’s version. Tongue is firmly in cheek here.

Visually, I can sum things up in two words: Chris Lowe. While Neil sings away in videos or in concert, Chris has perfected the fine art of standing there.

“We had a video director once who said I stood still very well,” Chris informs me proudly. “It’s not easy, you know. A lot of people can’t do it. It’s an art form.”

And how about those lyrics? On the surface, songs like “Opportunities” sound like the lyrics came from a Thatcherite manifesto, but anyone who was aware of the currents in United Kingdom politics in the 1980s would obviously know that the Pet Shop Boys didn’t really mean that. Right?

Well

I wonder how many Allstate insurance customers are singing along with a song dripping with sarcasm.

However, I suspect that Neil and Chris enjoyed making a quick pound off of an American insurance company. After all, they got lots of money in return.

…the duo’s U.S. Top 10 “Opportunities (Let’s Make Lots of Money)” has entered (Billboard) magazine’s Dance/Electronic Digital Song Sales chart at No. 5, after appearing in an ad for Allstate Insurance that aired during Super Bowl LV…

What if you built a spaceship and nobody came?

Things were different a few years ago.

As I write this, one of the big news stories involves Jeff Bezos’ plans to go on a spaceship built by his company Blue Origin. Not many people can afford to go on a spaceship, but Bezos certainly can.

Back in 2017, when you referred to a tech CEO going to a spaceship, you thought of Apple CEO Tim Cook staying on this planet and going to Apple Park, Apple’s new building in Cupertino. One of Steve Jobs’ last great accomplishments, Apple Park was a $5 billion corporate headquarters that provided Apple employees with an insanely great place to work.

By Arne Müseler / http://www.arne-mueseler.com, CC BY-SA 3.0 de, https://commons.wikimedia.org/w/index.php?curid=78985341

Of course, not everybody went to an office to work in 2017. In fact, Silicon Valley had discussed this in 2013 when Yahoo’s then-CEO Marissa Mayer saw all of the Yahoo employees working from home and deemed it, um, essential that Yahoo employees work in the office whenever possible to help build Yahoo’s culture.

In February 2019, remote culture advocate Sarah Dixon looked back at the Yahoo episode. Among other things, Dixon stated:

…there’s no doubt that Mayer’s announcement did some damage to the acceptance of remote working. If you’ve tried to persuade a reluctant boss to let you work from home, they may have even used Yahoo! as the reason they don’t think it’s a great idea.

Ah, way back in 2019. I remember those days.

A little over a year later, attitudes toward remote working changed in ways that even Sarah Dixon couldn’t have imagined. In March, Dixon’s coworker Gabriela Molina was providing a step-by-step guide to working remotely during COVID-19.

Due to COVID-19 restrictions, a lot of us were forced to work from home, whether our companies liked it or not. Security systems were updated. Videoconferencing systems installed on our computers were used much more frequently. Additional collaboration tools were adopted.

But now, at least in the United States, COVID-19 is receding. More and more people are theoretically able to go work. Yet many people continue to work from home today, including employees of some major tech companies.

Apple, however, would like its employees back in the spaceship three days a week (Monday, Tuesday, and Thursday). After all, Apple spent $5 billion on the thing; might as well get some use from it.

But some Apple employees aren’t so eager to return to the practices of old.

…we would like to take the opportunity to communicate a growing concern among our colleagues. That Apple’s remote/location-flexible work policy, and the communication around it, have already forced some of our colleagues to quit. Without the inclusivity that flexibility brings, many of us feel we have to choose between either a combination of our families, our well-being, and being empowered to do our best work, or being a part of Apple. This is a decision none of us take lightly, and a decision many would prefer not to have to make.

The letter from the Apple employees uses many terms such as “flexibility,” “empowered,” “unconstrained,” and “tearing down cross-functional communication barriers.” The employees claim that remote work allowed them to do their best work ever…and they don’t want to go back.

It’s hard to predict how all of this will play out for Apple and other companies. On the one hand, many companies are taking advantage of distributed working models. Ever since August, my consultancy Bredemarket has conducted ALL of its business without setting foot inside any of my clients’ offices. Actually, my clients themselves aren’t setting foot in their own offices; for one of my clients, I frequently deal with two employees who live several states away from their employer’s office.

On the other hand, out of sight, out of mind. Unless your corporate culture has a habit of firing up Zoom or Facetime at any moment to talk to someone, interactions with remote workers are going to be more limited than they were if you were down the hall from each other.

My perspective on this is admittedly unusual. From 2017 to 2020, my corporate supervisor was on the other end of the country from me. Over the nearly three years that I reported to him, I probably saw him in person less than a dozen times. So I sort of had an experience with remote work before COVID sent all of us home in March 2020, and things worked out well.

But how are you going to get a company with hundreds of billions of dollars in revenue, who paid more to build their corporate headquarters than many companies make in a year, to change its way of doing things and “think different”?

Pangiam acquires something else (in this case TrueFace)

People have been coming here to find this news (thanks Google Search Console) so I figured I’d better share it here.

Remember Pangiam, the company that I talked about back in March when it acquired the veriScan product from the Metropolitan Washington Airports Authority? Well, last week Pangiam acquired another company.

TYSONS CORNER, Va., June 2, 2021 /PRNewswire/ — Pangiam, a technology-based security and travel services provider, announced today that it has acquired Trueface, a U.S.-based leader in computer vision focused on facial recognition, weapon detection and age verification technologies. Terms of the transaction were not disclosed….

Trueface, founded in 2013 by Shaun Moore and Nezare Chafni, provides industry leading computer vision solutions to customers in a wide range of industries. The company’s facial recognition technology recently achieved a top three ranking among western vendors in the National Institute of Standards and Technology (NIST) 1:N Face Recognition Vendor Test. 

(Just an aside here: companies can use NIST tests to extract all sorts of superlatives that can be applied to their products, once a bunch of qualifications are applied. Pay attention to the use of the phrase “among western vendors.” While there may be legitimate reasons to exclude non-western vendors from comparisons, make a mental note when such an exclusion is made.)

But what does this mean in terms of Pangiam’s existing product? The press release covers this also.

Trueface will add an additional capability to Pangiam’s existing technologies, creating a comprehensive and seamless solution to satisfy the needs of both federal and commercial enterprises.

And because Pangiam is not a publicly-traded company, it is not obliged to add a disclaimer to investors saying this integration might not happen bla bla bla. Publicly traded companies are obligated to do this so that investors are aware of the risks when a company speculates about its future plans. Pangiam is not publicly traded, and the owners are (presumably) well aware of the risks.

For example, a US government agency may prefer to do business with an eastern vendor. In fact, the US government does a lot of business with one eastern vendor (not Chinese or Russian).

But we’ll see what happens with any future veriTruefaceScan product.

(Bredemarket Premium) Publicly available information on a major biometric firm’s plans

During my years in competitive analysis (either as a formal role or on an informal basis), I conducted the vast majority of my analysis using publicly available information. This could be obtained from a government agency via a public information request, or from a paid service that shares information to paying subscribers.

By Hoodedwarbler12 (talk) – I (Hoodedwarbler12 (talk)) created this work entirely by myself., Public Domain, https://en.wikipedia.org/w/index.php?curid=26933846

And in some cases the information is freely available to anyone who knows how to use it.

However, if you want to continue reading this post, the rest of the post is NOT free. This is the first “Bredemarket Premium” post, which requires a subscription to read. For more information about Bredemarket Premium, see my recent mailing to my mailing list.

Subscribe to get access

Subscribe to Bredemarket Premium to access this premium content.

  • Subscriptions just $5 per month.
  • Access Bredemarket’s expertise without spending hundreds or thousands of dollars.
Subscribe

The EU Digital Green Certificate is live…in seven countries only (for now)

Remember the European Union’s Digital Green Certificate that I discussed about a month ago?

From https://ec.europa.eu/commission/presscorner/api/files/attachment/868508/Digital%20Green%20Certificate_en.pdf.pdf

Well, it’s live…sort of.

Seven countries began using the European Union’s digital certificate on Tuesday (June 1), allowing for fully vaccinated people to travel.

The Digital Green Certificate began operating ahead of schedule this week in Bulgaria, the Czech Republic, Denmark, Germany, Greece, Croatia and Poland. The digital record stores whether a person has been fully vaccinated against COVID-19, has recovered from the virus or has tested negative for the virus within 72 hours.

So what does “using” mean? According to the European Union, this is what those seven countries are now doing:

…seven Member States – Bulgaria, Czechia, Denmark, Germany, Greece, Croatia and Poland – have decided to connect to the gateway and started issuing first EU certificates…

The referenced “gateway” is the EU-wide mechanism that “provides for the verification of the security features contained in the QR codes of all certificates.” As I mentioned previously, EU Digital Green Certificates are not issued by the EU itself, but by entities within member countries such as hospitals and health authorities. Each issuing entity, however, is registered with the EU gateway, to make sure that fake certificates are not issued by “Joe’s Reely Gud ID Service” or whoever.

As the German “Digitales COVID-Zertifikat der EU” web page notes, four of the seven countries (Czechia, Denmark, Germany, Poland) are contiguous, so presumably land travel over these countries’ common borders has been eased by the Digital Green Certificates. I have not been able to confirm this, however; sometimes it takes a few days to work out the kinks.

And, as noted above, the seven countries may not necessarily be verifying ALL types of certificates. Remember that a complete certificate will be capable of registering any of three events. The seven countries may or may not be capable of recording all three of them…yet.

tick iconbeen vaccinated against COVID-19
tick iconreceived a negative test result or 
tick iconrecovered from COVID-19

Make sure your social media channels have current AND CONSISTENT content

A few months ago, I suggested that businesses should make sure that their social media channels have CURRENT content.

This does NOT count as current content.

But that’s only part of the battle.

It also helps if the social media channels of a business exhibit CONSISTENT content.

Because of my years of competitive analysis experience, I engage in some competitive analysis for one of my Bredemarket clients. This includes regular visits to competitor social media channels. I won’t mention the name of the competitor (after all, I don’t want to promote a company that competes with one of my clients), but one competitor is very good at social media channel consistency. The competitor uses four major social media outlets, and generally ensures that content on one outlet is also available on another outlet, in a format appropriate to that outlet.

Some companies…don’t do so well.

I’ve run across several companies with multiple social media outlets that fail to take advantage of them.

  • In one case, a company published a very good video on its YouTube channel, but failed to share a link to the YouTube video on any of its other outlets, missing a golden content sharing opportunity.
  • In another case, a company had created two Twitter accounts over the years, but never let the followers of the old Twitter account know about the new Twitter account. Sadly, the new Twitter account had FEWER followers than the old one, again missing a golden content sharing opportunity.
  • In a third case, a social media consultant created accounts on multiple social media outlets, but NEVER posted to one of the social media platforms. (And this is a social media consultant!) It would have been best to have NEVER created that dormant account at all, rather than creating an account with NO content.

I’m struggling with this myself at Bredemarket, since I have multiple accounts devoted to the Bredemarket business itself, and other accounts devoted to me in a professional or personal capacity. For example, I’m probably going to share this blog post after I publish it. Where should I share it? Why? How?

If only there were a service that could help me analyze my web/social media content…oh yeah, I offer one: Bredemarket 404 Web/Social Media Checkup.

If you’d like me to perform an unbiased third-party social media checkup, contact me. (I can analyze your competitors also.)

Water is (literally) critical and needs to smarten up

Presidential Policy Directive 21 (2013), the successor to Homeland Security Presidential Directive 7 (2003), defines 16 critical infrastructure sectors that need to be protected by the U.S. Department of Homeland Security and other entities.

There are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.

Some of the critical infrastructure sectors are obvious at first glance, including sectors such as transportation systems, nuclear reactors/materials/waste, and government facilities. But these aren’t the only ones. Take the Water and Wastewater Systems sector, overseen by the Environmental Protection Agency (EPA).

Safe drinking water is a prerequisite for protecting public health and all human activity. Properly treated wastewater is vital for preventing disease and protecting the environment. Thus, ensuring the supply of drinking water and wastewater treatment and service is essential to modern life and the Nation’s economy.

Look at the pain that we’ve suffered because of water issues in Flint, Michigan and other cities. Now imagine what would happen if the water in a larger region, such as the Colorado River valley, were to become undrinkable.

Oh yeah, climate change.

Data show extreme weather events are increasing. This is challenging utility providers who are managing critical infrastructure around the globe. The year 2020 was truly devastating for wildfires. From California to Australia, the world got a firsthand glimpse into how warmer, drier conditions are causing harsher droughts — resulting in longer fire seasons and greater water scarcity.

Most of us don’t make a habit of reading Water Online, but this site published a recent article on the part that technology plays in preserving the water/wastewater critical infrastructure system. These technologies are converting our water infrastructure into “smart” infrastructure, a key part of any smart city.

One of the technologies that is making our water infrastructure “smart” is referred to as “digital twins.”

No, not “Twins is the New Trend” twins.

Here’s what “digital twins” means from the critical infrastructure perspective.

Digital twin technology is providing promise in this regard. Digital twins are software representations of assets and processes that help understand, predict, and optimize performance to achieve improved business outcomes. Digital twins consist of three components — a data model, a set of analytics or algorithms, and knowledge — and are extremely valuable when it comes to predicting the impact of a storm for sewage and stormwater management.

Digital twins, like weather, are revised as more data is gathered and more information becomes available. Like any science, we don’t know everything on day 1, but if we continue to gather information and test hypotheses we will know more on day 2, and then even more on day 145.

The benefit of digital twins? Lower repair costs by better targeting of responses.

For more about smart water, see this article in Water World.

Biometric RFP writing experts, to a point

As part of my effort to establish Bredemarket as a biometric proposal writing expert (I eschew modesty), I researched some documents that weren’t about proposals, but about REQUESTS for Proposals (RFPs).

One way to write biometric RFPs

There are various ways to write RFPs, including RFPs for biometric procurement.

I don’t think I’m giving away any deep dark secrets when I state that biometric vendors want to influence the content of biometric RFPs. I know of one blatant example of this, when (many years ago) one U.S. state issued an RFP that explicitly said that the state wanted to buy a MOTOROLA automated fingerprint identification system (AFIS). So it issued an RFP to Motorola and several other vendors asking for a Motorola AFIS.

Luckily for the state, Motorola chose to submit a bid. (The bid/no-bid decision was a no-brainer.)

As a Motorola employee (not in proposals, but in product management), I was pleased when that state, after evaluating the RFPs, selected Motorola to provide its AFIS. (Are you surprised?)

But the other bidders didn’t give up and cede the victory to Motorola. Via FOIA requests, Motorola was able to read the proposal of competitor Sagem Morpho, which I can paraphrase as follows:

Your state has requested a Motorola AFIS. Well, Sagem Morpho has provided systems that replaced Motorola AFIS in two states when these states became dissatisfied with their Motorola systems. Since Sagem Morpho AFIS is by definition better than Motorola AFIS, Sagem Morpho EXCEEDS your state’s requirement. So award us extra points for exceeding the requirement and give US your AFIS contract, NOT Motorola.

It didn’t work, but it was a good effort by Sagem Morpho.

Some of you know how this story ended. Motorola subsequently sold its Biometric Business Unit to…Sagem Morpho, I was transferred from product management to proposals in the new combined company, and two of my new coworkers were people who wrote that very proposal. I was therefore able to tell them personally that Sagem Morpho’s proposal was better than Motorola’s. The reaction of the two states who founded themselves back with “Motorolans” again was unrecorded.

(Actually, the new company MorphoTrak and its corporate parent that was eventually named Morpho were big enough that they could get around the concerns of dissatisfied customers. So I’m sure that, at least for a time, those two states were probably visited by ex-Sagem Morpho folks rather than ex-Motorola folks. And I know of at least two instances in which MorphoTrak either bid on or implemented systems outside of MorphoTrak’s geographic territory, just because the customers had relationships with MorphoTrak that they didn’t have with Morpho.)

Back to Motorola’s win of an RFP that requested a Motorola system. Usually, the RFP writing strategy of “write a proposal that favors one vendor over all the others” isn’t always the popular course. Some RFP writers prefer a better strategy, in which the overall needs of the customer are carefully considered.

A better way to write biometric RFPs

Enter the Law Enforcement Standards Office, a division of the National Institute of Standards and Technology. In 2013, this entity released its “Writing Guidelines for Requests for Proposals for Automated Fingerprint Identification Systems” (NIST Special Publication 1155), a copy of which can be downloaded here. (For historical interest, an earlier draft version is online here. The draft is somewhat longer than the final version.)

I should mention that the committee that created the guidelines included some clear experts in the AFIS world. Let me just mention three of the names:

  • Peter T. Higgins, who was at the time a noted consultant for agencies writing AFIS RFPs and who had previously worked on the FBI’s IAFIS system;
  • Peter Komarinski, another noted consultant and a former key AFIS person for the State of New York; and
  • Mike Lesko, who was at the time employed by the State of Texas as one of their key AFIS people. He has since left the state and has a new job.

And the rest of the committee exhibited similar experience, so these people knew AFIS and knew what agencies needed when they procured an AFIS.

One of the key issues that concerned the committee was latent AFIS interoperability. I don’t want to spend the time to discuss the topic in detail here, but for now I’ll just say that when you have multiple vendors providing AFIS (there were three major vendors and several other vendors in 2013), there is often a challenge when latent (crime scene) prints are processed on one AFIS but searched on another. To sum up the story succinctly, there were methods to overcome these challenges, and the committee was clearly in favor of employing these methods.

Beyond this, the committee was concerned with two topics:

  • The process to procure an AFIS.
  • The process to upgrade an AFIS, which includes steps both before and after procurement.

Regarding procurement, the committee identified four specific phases:

  • Phase 1: Establish Leadership and Align Resources
  • Phase 2: Develop the RFP Requirements and the Document
  • Phase 3: Evaluate Proposals and Award a Contract
  • Phase 4: Manage Procurement Implementation

The meat of the guidelines, however, covered the upgrade itself.

First, the agency needs to explicitly state the reasons for the upgrade.

Once this is done, stakeholders who have a vested interest in the upgrade need to be identified and given assignments; consultants need to be selected if needed (did I mention that at least two committee members were consultants?); and plans to govern the upgrade process itself need to be created (did I mention that one of the consultants had federal government experience?).

Then the procuring agency is ready to…plan. Where is the agency going to get the money for a new AFIS? What should the new AFIS do? What do the latest AFIS do today that the agency’s (older) AFIS cannot do? Are these new features important?

Once the procuring agency has a high-level view of what it wants, and the money to do it, it’s time to solicit. (I’m talking about legal solicitation here.) This involves the creation of a draft of the Request for Proposal (RFP) that is eventually finalized and distributed to bidders. Perhaps a Request for Information (RFI) may be released before the RFP, to solicit additional information to flow into the RFP. This can be an involved process, as is shown by this one example of something to place in an RFP (I’ll return to this example later, and don’t forget that this example was released in 2013):

Form and fit requirements (type, make/model, or physical size/capacity), such as specifying an Intel® dual-core processor that runs on Windows 7® with a 500-gigabyte hard drive and a 20-inch monitor…

Once the vendors get the RFP, the procuring agency has to manage the bidding process, including questions from the bidders, perhaps a bidder’s conference, and then final submission of the proposals to the agency.

Then it’s time for evaluation. The committee includes this statement at the beginning of the evaluation section:

The evaluation of submissions must be fair and consistent.

I don’t think the members of this committee would have authored an RFP that stated “we want a Motorola AFIS.”

And the evaluation would similarly not favor one vendor over another, and would use a previously-defined Source Selection Plan in which each bidder is graded on specific criteria that were prepared well in advance.

Eventually a vendor is selected, and while the original RFP is still part of the package government the implementation, it is usually superseded by subsequent documents, including plans jointly agreed upon by the vendor and agency that may differ from the original RFP.

But is the “better way” truly better?

In general I am in agreement with the guidelines, but as a former employee of a biometric vendor, and as a present consultant to multiple biometric vendors, I have one piece of advice.

Concentrate on the WHAT rather than the HOW.

(By amazing coincidence, this is something that the engineers liked to tell ME when I was a product manager. Live and learn.)

A biometric RFP should state an agency’s biometric needs, but shouldn’t go into excruciating detail about how a potential vendor should meet those needs.

Take the example above. Would the world end if the hard drive only had 400 gigabytes, rather than 500? (Again, I’m thinking in 2013 terms; in 2021, it’s possible that the computer may not have a hard drive at all.) Every time that an RFP includes a low-level requirement that is not met by a vendor’s offering, the vendor has to take time to create a special offering just to meet the requirements of the RFP, an effort that increases the costs to the agency.

Sometimes these special requirements (I don’t call them custom requirements) are justified, but sometimes they are not.

By the way, my least favorite requirement that I ever encountered was the one that told the bidders and their R&D teams exactly how the fingerprint matching needed to be conducted. As long as the system meets the accuracy requirements agreed upon in whatever document dictates accuracy, who cares HOW the match is conducted?

As I’ve noted a couple of times, this document was written in 2013, and therefore is fingerprint-centric (although it notes that the principles also apply to other biometric systems), includes dated technological references (Windows 7 being an example), and does not account for the cloud systems that are offered and/or have been implemented by several biometric vendors. (Storage of biometric data in the cloud introduces a whole new set of requirements to ensure that the data is protected.) I don’t know whether there are any plans to update these guidelines, and some of the principals who authored the original guidelines have since retired, but an update would be beneficial.

Oh, and if anyone plans to write an RFP mandating a Motorola AFIS, don’t. Motorola left the AFIS business over a decade ago.

But Motorola can supply a real-time computer aided dispatch system.