When you go viral unintentionally, how do you reproduce this?

Since last night, a tweet of mine has been going viral.

Sadly, it’s not a Bredemarket tweet, so the virality isn’t directly benefiting my marketing and writing services business. But perhaps I can learn from it.

I maintain two Twitter accounts. The @jebredcal account which tweets posts from this blog is my professional account, which naturally means that the other account, @empoprises, is my “amateur” account. I intentionally segregated it because I figure that most of you aren’t interested in my tastes in music…or my Mad Libs.

Mad Libs?

Let’s start last night’s story with Greg Kelly, a well-known Newsmax host with nearly 300,000 Twitter followers. Yesterday afternoon, he tweeted this rather bizarre item:

SMOKING WEED (aka GRASS) is NOT a good idea. I’ve tried it (back in the day) and it was WORSE than anything that happened to HUNTER BIDEN. I “toked up” with some buddies in Kentucky and woke up 4 days later in Nairobi, Kenya. With no idea what happened. DON’T DO DRUGS.

Because of Kelly’s prominence as well as the content of the tweet itself, this has received major attention from TMZ, Huffpost…and Brian Hamm.

Now Brian Hamm is not quite as famous as Greg Kelly, but he made a rather interesting point in his tweeted reply.

Reads like a Mad Lib.

SMOKING (Drug) is NOT a good idea. I’ve tried it and it was WORSE than anything that happened to (celebrity). I (slang for drug use) with some buddies in (State) and woke up (number) days later in (Foreign City) with no idea what happened. DON’T DO DRUGS.

Now yesterday I hadn’t seen what TMZ wrote about Kelly’s tweet, and I hadn’t seen what Huffpost wrote about Kelly’s tweet…but I had seen what Brian Hamm wrote about Kelly’s tweet. And I took a position that isn’t all that unusual on my amateur account.

Challenge accepted. (I hadn’t played Mad Libs in a while, anyway.)

Now the tweet itself is not a remarkable tweet. Frankly, it wasn’t even the best tweet that I wrote on the @empoprises yesterday. (I think my “Disneyland launches its plan to enforce social distancing in the park” tweet is better.) And on my “professional” Twitter account, I tweeted a link to my “trust” post as well as a link to the Innocence Project’s efforts to improve the forensic science discipline. A Mad Lib about smoking pizza and ending up in Ottawa falls pretty low on the importance scale AND the interest scale.

Or so I thought, because the Twitterverse disagreed with me.

Within two hours, my throwaway tweet had received over 9,000 impressions. Within fifteen hours, the statistics for the tweet are as follows:

  • Over 48,000 impressions
  • Over 1,000 engagements, including over 700 likes, 78 clicks on my profile, 21 retweets, and 8 replies

And the statistics still continue to climb.

Now I did not sit down yesterday evening and plan to latch on to a popular tweet to drum up impressions and engagements. Frankly, if I HAD planned this, I would have latched on to something other than a Greg Kelly tweet, and I would have planned a response that would provide some more tangible benefit to me. (Unless the Ottawa tourism folks decide to use me, there’s no way I can monetize my viral content.)

And to be honest, I’m repulsed by the idea of latching on to every single identity or technology trend and trying to insert monetizable content into it. I could do it, but I would do it very badly. (Hey, here’s a trending tweet from a famous politician about proposed forensic science legislation! Time for another Mad Lib!)

But perhaps I should keep my eyes open in case a relevant, popular tweet shows up in my professional Twitter feed. If I can contribute something MEANINGFUL to the conversation, perhaps I could get some deserved attention.

So now I’m challenging myself. In March, my most popular tweet from my @jebredcal professional Twitter account received 211 impressions and 9 engagements. (And it wasn’t a reply to a tweet, but it did mention two Twitter users with 800+ follwers and 5400+ follwers.) Let’s see if I can beat that in April and get 212 or more impressions and 10 or more engagements on a tweet.

Challenge accepted.

The importance of trust

I’m thinking about filing a patent application, but before I do so I want to bounce my idea off of you to see if it’s viable. (I assume that none of you will steal my idea from me.)

Basically, I would like to patent what I am going to call the Bredemarket Important Delivery Execution Technology, or BIDET for short. The purpose of BIDET is to deliver important items from one entity to another, where a sending or receiving entity can be a person, a business, or a government agency.

I have designed BIDET with the following features:

  • The BIDET “envelope” that contains the important item will include, in cleartext, both the origin of the envelope and the destination of the envelope in an easy-to-read, unencoded format.
  • BIDET envelopes themselves will be easy to open (within less than one second), and will include features that allow the envelopes to be opened and closed again BEFORE arriving at their destinations.
  • A group of people will be entrusted with the transmission of BIDET envelopes from their origins to their destinations. This group of people will number approximately 600,000, any one of whom will have the technical capability to fully interact with the BIDET envelopes.
  • The BIDET “envelope” that contains the important item will include, in cleartext, both the origin of the envelope and the destination of the envelope in an easy-to-read, unencoded format.
  • BIDET envelopes themselves will be easy to open (within less than one second), and will include features that allow the envelopes to be opened and closed again BEFORE arriving at their destinations.
  • A group of people will be entrusted with the transmission of BIDET envelopes from their origins to their destinations. This group of people will number approximately 600,000, any one of whom will have the technical capability to fully interact with the BIDET envelopes.

So, what do you think of my idea? Does it sound like a winner?

Or does it sound like an insurmountable privacy nightmare? I mean, who would want to entrust financial information to a delivery service that hundreds of thousands of people can easily violate in less than a second?

Well, if you’re not already ahead of me, it turns out that hundreds of millions of people would entrust financial information to such a delivery service. After all, we’ve been doing this since the days of Benjamin Franklin, since what I described is not a “new” patent idea, but the actual operational model for the U.S. Postal Service.

Screenshot of Cliff Clavin from “Please Mr. Postman (episode 158, 1989). By Source (WP:NFCC#4), Fair use, https://en.wikipedia.org/w/index.php?curid=50708166

This thought occurred to me when I was reading this Valid LinkedIn post about its DMV@Home™ service that “gives residents the ability to perform safe, secure, and reliable digital transactions anytime, anywhere, and on a preferred device.”

And when I imagined the reaction of some people claiming that something like this would NEVER work.

Yet these same people receive all sorts of things by snail mail, including bank statements, credit cards (and credit offers), health records, voting registration information…and driver’s licenses.

But these people TRUST the U.S. Postal Service, or at least they trust the USPS more than they trust a smartphone app. Sure, there are the anecdotal stories of postal workers stealing mail, but that would never happen to me. Smartphone hacking, of course, definitely WOULD happen to me, because smartphones are mysterious things.

Now of course there ARE people who trust smartphone security more than they trust physical security. Without imposing a value judgement on one set of people over another, I can say that those who trust smartphone security feel that the risks of using smartphones are less than the risks of using physical methods.

So how long will it take until a supermajority of people TRUST digital delivery more than they trust physical delivery?

When biometric readers are “magic” (it’s a small face after all)

The news coming across the wire is that Disney’s Magic Kingdom in Florida is testing facial recognition. (H/T International Biometrics + Identity Association.)

“At Walt Disney World Resort, we’re always looking for innovative and convenient ways to improve our guests’ experience—especially as we navigate the impact of COVID-19. With the future in mind and the shift in focus to more touchless experiences, we’re conducting a limited 30-day test using facial recognition technology.”

If the test is successful and facial recognition is implemented, it would be a replacement for (touch) fingerprint technology, which the Disney parks suspended last July for health reasons. (Although touchless fingerprint options are available.)

Disney’s biometric history extends back to 2006, when it used hand geometry.

Pangiam, a new/old player in biometric boarding

Make vs. buy.

Businesses are often faced with the question of whether to buy a product or service from a third party, or make the product or service itself.

And airports are no exception to this.

The Metropolitan Washington Airports Authority (MWAA), the entity that manages two of the airports in the Washington, DC area, needed a biometric boarding (biometric exit) solution. Such solutions allow passengers to skip the entire “pull out the paper ticket” process, or even the “pull out the smartphone airline app” process, and simply stand and let a camera capture a picture of the passenger’s face. While there are several companies that sell such solutions, MWAA decided to create its own solution, veriScan.


And once MWAA had implemented veriScan at its own airports, it started marketing the solution to other airports, and competing against other providers who were trying to sell their own solutions to airports.

Well, MWAA got out of the border product/service business last week when it participated in this announcement:

ALEXANDRIA, Va., March 19, 2021 /PRNewswire/ — Pangiam, a technology-based security and travel services provider, announced today that it has acquired veriScan, an integrated biometric facial recognition system for airports and airlines, from the Metropolitan Washington Airports Authority (“Airports Authority”). Terms of the transaction were not disclosed.

Pangiam is clearly the new kid on the block, since the company didn’t even exist in its current form a year ago. Late last year, AE Industrial Partners acquired and merged the decade-old Linkware and the newly-formed Pangian (PRE LLC) “to form a highly integrated travel solutions technology platform providing a more seamless and secure travel experience.”

But in a sense, Pangiam ISN’T new to the travel industry, once you read the biographies of many of the principals at the company.

  • “Most recently (Kevin McAleenan) served as Acting Secretary of the U.S. Department of Homeland Security (DHS)….”
  • “Prior to Pangiam, Patrick (Flanagan) held roles at U.S. Customs & Border Protection (CBP), the U.S. Navy, the National Security Staff, the Transportation Security Administration (TSA), and the Department of Homeland Security (DHS).”
  • “Dan (Tanciar) previously served as the Executive Director of Planning, Program Analysis, and Evaluation in the Office of Field Operations (OFO) at U.S. Customs and Border Protection (CBP).”
  • “Prior to Pangiam, Andrew (Meehan) served as the principal adviser to the Acting Secretary for external affairs at the Department of Homeland Security (DHS).”
  • “(Tom Plofchan) served as a National Security Advisor to the Department of Energy’s Pacific Northwest National Laboratory before entering government to serve as the Counterterrorism Advisor to the Commissioner, U.S. Customs and Border Protection, and as Counterterrorism Counselor to the Secretary, U.S. Department of Homeland Security.”

So if you thought that veriScan was well-connected because it was offered by an airport authority, consider how well-connected it appears now because it is offered by a company filled with ex-DHS people.

Which in and of itself doesn’t necessarily indicate that the products work, but it does indicate some level of domain knowledge.

But will airports choose to buy the Pangiam veriScan solution…or make their own?

I really want to know (if this song is truly related to crime scene investigation)

I was performing some website maintenance this afternoon, and decided to add a page dedicated to Bredemarket’s services for identity firms. I was trying to think of an introductory illustration to go with the page, since the town crier can only go so far. So, claiming fair use, I decided that this image made perfect sense.

“Who Are You” by The Who. Fair use, https://en.wikipedia.org/w/index.php?curid=11316153

Now while use of the “Who Are You” album cover on a Bredemarket identity page makes perfect sense to me, it may not make sense to 6.9 billion other people. So I guess I should explain my line of thinking.

The link between human identification and the song “Who Are You” was established nearly two decades ago, when the television show “C.S.I. Crime Scene Investigation” started airing on CBS. TV shows have theme songs, and this TV show adopted a (G-rated) excerpt from the Who song “Who Are You” as its theme song. After all, the fictional Las Vegas cops were often tasked with identifying dead bodies or investigating crime scene evidence, so they would be expected to ask the question “who are you” a lot.

Which reminds me of two stories:

  • I actually knew a real Las Vegas crime scene investigator (Rick Workman), but by the time I knew him he was working for the neighboring city of Henderson.
  • CSI spawned a number of spinoffs, including “CSI:Miami.” When I was a Motorola product manager, CSI:Miami contacted us to help with a storyline involving a crime scene palm print. While Motorola software was featured in the episode, the GUI was jazzed up a bit so that it would look good on TV.

So this song (and other Who songs for the CSI spinoffs) is indelibly associated with police crime scene work.

But should it be?

After all, people think that “When a Man Loves a Woman” is a love song based upon its title. But the lyrics show that it’s not a love song at all.

When a man loves a woman
Down deep in his soul
She can bring him such misery
If she is playin’ him for a fool

So are we at fault when we associate Pete Townshend’s 1970s song “Who Are You” with crime scene investigation?

Yes, and no.

While the “who are you” question has nothing to do with figuring out who committed a crime, it DOES involve a policeman.

This song is based on a day in the life of Pete Townshend….

Pete left that bar and passed out in a random doorway in Soho (a part of New York). A policeman recognized him (“A policeman knew my name”) and being kind, woke him and and told him, “You can go sleep at home tonight (instead of a jail cell), if you can get up and walk away.” Pete’s response: “Who the f–k are you?”

Because it was the 1970s, the policeman did not try to identify the drunk Townshend with a mobile fingerprint device linked to a fingerprint identification system, or a camera linked to a facial recognition system.

Instead, the drunk Townshend questioned the authority of the policeman. Which is what you would expect from the guy who wrote the line “I hope I die before I get old.”

Speaking of which, did anybody notice that on the album cover for “Who Are You,” Keith Moon is sitting on a chair that says “Not to Be Taken Away”? Actually, they did…especially since the album was released on August 18, 1978 and Moon died on September 7.

While Moon’s death was investigated, no crime scene investigators were involved.

The infancy of mobile driver’s licenses

More and more states are adopting mobile driver’s licenses that can be stored on a smartphone. Mobile driver’s licenses (mDLs) are available from Colorado, Delaware, Louisiana, and Oklahoma, and may be available from additional states by the time you read this.

LA Wallet Louisiana Digital Driver’s License. lawallet.com.

For me, the two key benefits of mDLs are the following:

  • If you have your smartphone, you have your mDL. Since smartphones are becoming more of a necessary must-have item – and wallets are not – the presence of a driver’s license on a smartphone is beneficial. (Unless, of course, you’re the type of person who misplaces your smartphone.)
  • mDLs can be designed to show only the information that is necessary. If I want to enter a bar or other facility for people over 21, I don’t have to show the bouncer my weight, my address, or even my birthdate. I just have to show the bouncer that I’m over 21.

While mDLs are becoming available in more states, they are not fully mature yet.

  • They are only valid in the state where they were issued. You can’t show your Oklahoma mDL in California. (Well, I guess you CAN show it, but a Californian isn’t obligated to do anything.)
  • Even within the state of issue, they’re still not always valid. At least some states require you to carry your physical driver’s license while driving, even if you have an mDL. And you can’t present an mDL to airport security in Denver or any other city. (See the LA Wallet image above, which clearly states “NOT FOR FEDERAL IDENTIFICATION.” So even if Louisiana’s physical driver’s license is REAL ID compliant, its mDL isn’t.)

Part of the issue regarding acceptance of mDLs is that the standards are still evolving. One key standard, ISO/IEC FDIS 18013-5 (Personal identification — ISO-compliant driving licence — Part 5: Mobile driving licence (mDL) application), is still under development.

But these four states, and others, didn’t want to wait until the standards were fully approved, and their solutions were fully certified, before issuing mDLs. Louisiana’s LA Wallet solution was introduced back in July 2018. While none of the solutions by definition can claim compliance with ISO/IEC FDIS 18013-5, they are already providing benefits to the license holders in these four states.

How long will it be until all states, provinces, and territories support mDLs?

The five authentication factors

I thought I had blogged about the five factors of authentication, either here or at jebredcal, but I guess I haven’t explicitly written a post just on this topic.

And I’m not going to do that today either (at least in any detail), because The Cybersecurity Man already did a good job at that (as have many others).

However, for those like me who get a little befuddled after authentication factor 3, I’m going to list all five authentication factors.

  • Something You Know. Think “password.” And no, passwords aren’t dead. But the use of your mother’s maiden name as an authentication factor is hopefully decreasing.
  • Something You Have. I’ve spent much of the last ten years working with this factor, primarily in the form of driver’s licenses. (Yes, MorphoTrak proposed driver’s license systems. No, they eventually stopped doing so. But obviously IDEMIA North America, the former MorphoTrust, has implemented a number of driver’s license systems.) But there are other examples, such as hardware or software tokens.
  • Something You Are. I’ve spent…a long time with this factor, since this is the factor that includes biometrics modalities (finger, face, iris, DNA, voice, vein, etc.). It also includes behavioral biometrics, provided that they are truly behavioral and relatively static.
  • Something You Do. The Cybersecurity Man chose to explain this in a non-behavioral fashion, such as using swiping patterns to unlock a device. This is different from something such as gait recognition, which supposedly remains constant and is thus classified as behavioral biometrics.
  • Somewhere You Are. This is an emerging factor, as smartphones become more and more prevalent and locations are therefore easier to capture. Even then, however, precision isn’t always as good as we want it to be. For example, when you and a few hundred of your closest friends have illegally entered the U.S. Capitol, you can’t use geolocation alone to determine who exactly is in Speaker Pelosi’s office.

Now when these factors are combined via multi-factor authentication, there is a higher probability that the person is who they claim to be. If I enter the password “12345” AND I provide a picture of my driver’s license AND I provide a picture of my face AND I demonstrate the secret finger move AND I am within 25 feet of my documented address, then there is a pretty good likelihood that I am me, despite the fact that I used an extremely poor password.

I don’t know if anyone has come up with a sixth authentication factor yet. But I’m sure someone will if it hasn’t already been done. And then I’ll update to update this post in the same way I’ve been updating my Bredemarket 2021 goals.

My 2/22/2021 progress on Bredemarket’s five goals for 2021 (the 1/8/2021 9:30am edition)

You will recall that I set goals for my consultancy Bredemarket in 2021. These goals were last revised on January 8, and I don’t see a pressing need to revise the actual goals at this time.

Well, except for the fact that I’m thinking about wildebeests rather than iguanas these days.

Black wildebeest. By derekkeats – Flickr: IMG_4955_facebook, CC BY-SA 2.0, https://commons.wikimedia.org/w/index.php?curid=14620744

But this is a good time to see how I’m doing regarding my 2021 goals.

Goal 1: Help my clients to communicate and reach (and understand) their goals. 

You will recall that this is the “obvious” goal that some businesses don’t even explicitly mention because it should be second nature. Whether a business chooses to mention it or not, it’s essential that the business measure its ability to help its clients.

I cannot go into detail about what Bredemarket is doing with specific clients, but I do believe that I am assisting my clients in reaching their own goals. I’ve shared a testimonial that one of my clients gave me, and I have also received confidential feedback from clients about certain things that I have done for them.

Goal 2: Pursue multiple income streams. 

I’ve devoted a recent post to this, and things have only improved since then.

First, I have an update on my “I cried, I read, I (halfway) conquered” post in which I was trying to get two service listings approved on an (unnamed) intermediary service. When I last left the story, one of the service listings was approved, and the other wasn’t. After I slept on it some more, I revised the text for the second service listing to explicitly mention case studies. After this textual change, the second listing was approved. So I got another cookie.

Second, I have signed up with yet another intermediary service (IS) that allows me to work with a particular identity company. I was put in touch with this IS by a particular person. I would publicly identify that particular person, but if I did so, then everyone would know the identity company, and I make a practice of not identifying my clients. (Since I usually function as a ghostwriter, it’s not beneficial to me to say that I ghostwrote for Company X.) But I am thankful for that person’s efforts (and must privately thank the person personally once I finish this post). After signing up with the intermediary service, I immediately received a consulting request from the identity company, and was able to work on that request.

So now I’m signed up with multiple services, some of which are already providing consulting opportunities for me, and others which may provide opportunities in the future. We’ll see what happens.

Goal 3: Pursue multiple communication streams.

I need to work on this one.

Yes, I have this blog, my Facebook and LinkedIn outlets, and my intermittent podcast.

But other avenues might be beneficial. (Not the plane with a banner.)

I’ve been trying to think of video ideas. So far I’ve shied away from video, because a video of me sitting at a laptop computer typing stuff would not only potentially reveal confidential information, but would also be extremely boring.

But I have been toying around with a video idea that might be mildly entertaining. If I pursue it I’ll let you know.

Goal 4: Eat my own iguana food.

(Or wildebeest food. Same thing, unless you’re an iguana or a wildebeest.)

This ties in with my other goals, such as my idea about creating a video. Not that I’m going to become a 1938 Media and start creating videos for my clients, but it’s good to at least be familiar with the practice.

Goal 5: Have fun.

I am continuing to do this, especially since I have been reading other content that points out that people don’t do business with faceless companies, but do business with people within those companies.

As long as the fun is appropriate and serves an ultimate purpose, fun can be beneficial.

But I’d better read up on the life and characteristics of wildebeests, just in case I get asked specific questions about them.

Goal 6: Be prepared to change.

As I already mentioned, I don’t see any need to add any more goals at this time. These goals are more than enough for me to tackle at the moment.

However, there is one change that I probably should make to the existing goals: perhaps not to the public-facing goals, but to my internal tracking of these goals. The best change that I could make is to make the goals measurable. For example, I could set a particular number of income stream sources, or better still a particular number of income stream sources that actually produce measurable income in 2021. I’ll consider this…internally.

But what about your goals?

Did you set goals for 2021? Have you taken the time to see how you have performed against your goals?

And can Bredemarket help with any of your communication goals?

Take a look at what I do, and if my services can help you, contact me.

When the health passports can’t talk to each other

I’m going to open this post with something that I wrote nearly eight years ago.

I’m sure that many people imagine that standards are developed by a group of reasonable people, sitting in a room, who are pursuing things for the good of the world.

You can stop laughing now.

I wrote this in the context of the then-emerging compression format WebP (we’ll return to WebP itself later). The point that I was making was that something becomes a “standard” by brute force. If a lot of people like something, it’s a standard.

The issue with standards is that they can take years to develop, so standards are adopted after the fact.

Now let’s look at “health passports.” As you may have guessed, these “passports” can be used to enter a country, or a state, or an office building, and are specifically devoted to certifying the health of the passport bearer. If the person meets the health criteria, they can enter the country/state/building. If not, they are prohibited from entry.

An Ottoman passport (passavant) issued to Russian subject dated July 24, 1900. By FurkanYalcin3 – Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=27699398

In a sense, the concept of a health passport is nothing new. Before entering a country, you are often required to satisfy various health conditions, such as being free of tuberculosis.

The current impetus for health passports, of course, is COVID. When COVID spread across the world a year ago, and governments began shutting down borders between countries, a lot of people at a lot of government agencies and a lot of companies began asking two basic questions:

  1. When reliable COVID tests are developed, how will we know whether someone has successfully passed a COVID test?
  2. When reliable COVID vaccines are developed, how will we know whether someone has successfully been vaccinated against COVID?

These questions, especially the second one, were mostly theoretical a year ago, but the government agencies and the companies needed answers to them as soon as possible. And the governments and the companies weren’t going to wait for the entire world to agree on a plan; they wanted to move ahead THAT DAY.

It’s a year later, and COVID tests are readily available, and COVID vaccines have been developed and approved in various countries. And we’ve made a lot of progress.

Or have we?

As Jim Nash notes in a Biometric Update article, there are several different solutions to the “health passport” issue. Nash lists two of them:

  1. The state of Hawaii is working with Clear, United Airlines, and Delta Airlines on a solution. Initially this only documents testing, but it could be expanded to vaccine documentation.
  2. The Malaysia Aviation Group is working with “local authorities” on its own solution.

And that’s just the start of options for health passports. In addition to Clear’s Health Pass, there are a myriad of other options, including AOKpass, CommonPass, IATA Travel Pass, IBM Digital Health Pass, the Mvine-iProov solution, Scan2Fly from AirAsia, VaccineGuard from Guardtime, VeriFLY from Daon, the Vaccination Credential Initiative, and probably some others that I missed.

Can you say “early in the product lifecycle”?

Now the wealth of health passport solutions isn’t much of a problem for most consumers, since we’ll probably need one or two health passports at most as this market matures. Maybe a US person might need one or two health passports for domestic travel, and maybe one to get into the office. In extreme conditions, maybe they’ll be required to enter grocery stores, but this is doubtful considering the resistance of American personalities to governments telling us what to do.

But the wealth of health passports IS a problem if you’re a business. Imagine being at an airport gate and asking a traveler for a Clear Health Pass, and getting an angry reply from the traveler that he already has a VeriFLY pass and that the airline is infringing upon the traveler’s First and Second Amendment rights by demanding some other pass.

Eventually there will be enough of a brouhaha over the multitude of incompatible passes. At that time, several efforts will be made to establish THE standard for health passports, or at least for health passport interoperability.

Yes, “several efforts” will be made. Because each vendor will unsurprisingly advance its own passport as the best one for the standard, or perhaps will form alliances with selected other vendors.

And it will get messy.

Take WebP, which Google was trying to push as a standard eight years ago, with some people accepting WebP, others not supporting it, and others opposing it and then supporting it. Well, while that fight continues…

…Google is experimenting with WebP2.

Yes, progress is good, but there’s a cost to planned obsolescence.