“The Federal Trade Commission sent letters to 13 data brokers warning them of their responsibility to comply with the Protecting Americans’ Data from Foreign Adversaries Act of 2024 (PADFAA).
“PADFAA prohibits data brokers from selling, releasing, disclosing, or providing access to personally identifiable sensitive data about Americans to any foreign adversary, which include North Korea, China, Russia, and Iran, or any entity controlled by those countries. The law defines personally identifiable sensitive data to include health, financial, genetic, biometric, geolocation, and sexual behavior information as well as account or device log-in credentials and government-issued identifiers such as Social Security, passport, or driver’s license numbers.”
Although frankly it’s not a good idea to sell PII to our friends either, but that’s another topic.
I just realized that I have never told the FULL story of FpVTE 2003 in the Bredemarket blog. I’ve only told the problem part, but not the solution part. Bad on me.
The problem part
I told parts of this in a 2023 post entitled “The Big 3, or 4, or 5? Through the Years.” One of the pivotal parts of the story was when the “big 4” became the “big 3.”
It happened like this:
These days the U.S. National Institute of Standards and Technology (NIST) is well known for its continuous biometric testing, but one of its first tests was conducted in 2003. At the time, there were four well-recognized fingerprint vendors:
Cogent Systems.
Motorola, which had acquired Printrak.
NEC.
Sagem Morpho, which had acquired Morpho.
There were a bunch of other fingerprint vendors, but they were much smaller, including the independent companies Bioscrypt and Identix.
I was a product manager at Motorola at the time, managing the server portion of the company’s automated fingerprint identification system (AFIS), Omnitrak. This featured a modernization of the architecture that was a vast improvement over the client-server architecture in Series 2000. The older product was still in use at the Royal Canadian Mounted Police (RCMP), but Motorola was in the process of installing Omnitrak in Slovenia and upgrading existing systems in Oklahoma and Switzerland.
“FpVTE 2003 consists of multiple tests performed with combinations of fingers (e.g., single fingers, two index fingers, four to ten fingers) and different types and qualities of operational fingerprints (e.g., flat livescan images from visa applicants, multi-finger slap livescan images from present-day booking or background check systems, or rolled and flat inked fingerprints from legacy criminal databases).”
So the companies listed above, among others, submitted their algorithms to FpVTE 2003. After the testing, NIST issued a summary report that included this sentence.
“Of the systems tested, NEC, SAGEM, and Cogent produced the most accurate results.”
You can see how this affected Motorola…and me. We were suddenly second-tier, via independent confirmation.
I’m a loser, baby. Google Gemini.
We first had to go to the RCMP and admit that we weren’t as accurate as other systems. This came at a particularly bad time, since the RCMP was engaged in a massive system upgrade of its own. While Motorola’s FpVTE performance was not the ultimate deciding factor, we lost the massive RCMP system to Cogent.
But Motorola did something else at the same time.
The solution part
The accuracy of an automated fingerprint identification system falls in the laps of the algorithm developers, whether the vendor develops its own algorithms or buys a third-party algorithm from another AFIS vendor.
Motorola developed its own algorithm…and one of the R&D leaders was Guy Cardwell.
Motorola held a User’s Conference after the FpVTE results announcement, and Cardwell spoke to our customers.
It wasn’t a flashy presentation with smoke and mirrors.
It wasn’t an accusatory presentation calling NIST a bunch of crooks.
It was basically Guy, on stage, saying that we didn’t do well.
And that we would do better.
Now of course that in itself means nothing unless we actually DID better. The R&D team went to work and improved the algorithm, and continued with other advances such as supporting complete 1000 pixel per inch systems as Sweden demanded.
But from a product marketing perspective, Motorola’s initial messaging to its customers was critically important.
Because if Motorola didn’t publicly address its FpVTE 2003 performance, then the only people talking about it would be Cogent, NEC, and Sagem Morpho.
“Since launching the Gemini app, we’ve built tools to encourage creative expression through images and video. Today, we’re taking the next step: custom music generation. Lyria 3, Google DeepMind’s latest generative music model, is rolling out today in beta in the Gemini app.”
I used this prompt to generate a Lyria tune:
“Create music for a wildebeest using a laptop to compare a latent fingerprint to a tenprint fingerprint”
Google’s response:
“’I’ve created a unique atmospheric track for you that blends electronic data-processing sounds with the deep, resonant textures of a wildebeest’s world. You can play the music directly here in our chat!”
The facial recognition brouhaha in southeastern Wisconsin has taken an interesting turn.
According to Urban Milwaukee, the Milwaukee County Sheriff’s Office is pursuing an agreement with Biometrica for facial recognition services.
The, um, benefit? No cost to the county.
“However, the contract would not need to be approved by the Milwaukee County Board of Supervisors, because there would be no cost to the county associated with the contract. Biometrica offers its services to law enforcement agencies in exchange for millions of mugshots.”
“Milwaukee Police Department has also attempted to contract Biometrica’s services, prompting pushback, at least some of which reflected confusion about how the system works….
“The mooted agreement between Biometrica and MPD would have added 2.5 million images to the database.
“In theory, if MCSO signs a contract with Biometrica, it could perform facial recognition searches at the request of MPD.”
See Bredemarket’s previous posts on the city efforts that are now on hold.
No guarantee that the County will approve what the City didn’t. And considering the bad press from the City’s efforts, including using software BEFORE adopting a policy on its use, it’s going to be an uphill struggle.
While Bredemarket only conducts business in the United States (with one exception), my clients have no such constraints.
Who are my client’s prospects?
Because of my extensive business-to-government (B2G) experience, I often work with clients that sell products and services to government agencies throughout the world. Well, except to North Korea and a few other places.
And as those clients (or their marketing and writing consultants) identify their public sector prospects, terminology becomes an issue.
And they have to answer questions such as “which government agency or agencies in Country Y potentially use biometric authentication for passengers approaching a gate in an airline terminal?”
Hint: chances are it’s NOT called the “department of transportation.”
Ministry
Add one factor that is foreign (literally) to this United States product marketing consultant.
Many of these countries have MINISTRIES.
No, not religious ministers or preachers.
Billy Graham. By Warren K. Leffler – This image is available from the United States Library of Congress’s Prints and Photographs divisionunder the digital ID ppmsc.03261.This tag does not indicate the copyright status of the attached work. A normal copyright tag is still required. See Commons:Licensing., Public Domain, https://commons.wikimedia.org/w/index.php?curid=905632.
When I say “Minister” here I refer to government officials, often from the country’s legislature, who manage a portfolio of agencies that are the responsibility of a Minister.
Sisa
Let’s take one ministry as an example: Sisäministeriö. Oops, Finland’s Ministry of the Interior. This one ministry is currently headed by Mari Rantanen of the Finns Party (part of a four-party coalition ruling Finland).
“Minister Rantanen is also responsible for matters related to integration covered by the Labour Migration and Integration Unit of the Ministry of Economic Affairs and Employment.”
Back to Interior. One huge clarification for U.S. people: other countries’ ministries of the interior bear no relation to the U.S. Department of the Interior, which concerns itself with parks and Native Americans and stuff. Minister Rantanen’s sphere of responsibility is quite different:
“Under the Government Rules of Procedure, the Ministry of the Interior is responsible for:
public order and security, police administration and the private security sector
general preconditions for migration and regulation of migration, with the exception of labour migration, as well as international protection and return migration
Finnish citizenship
rescue services
emergency response centre operations
border security and maritime search and rescue services
national capabilities for civilian crisis management
joint preparedness of regional authorities for incidents and emergencies.”
These responsibilities result in this organization…whoops, organisation.
Border Guard Department, which is the national headquarters for the Border Guard
Administration and Development Department
The units reporting directly to the Permanent Secretary are the International Affairs Unit and Communications Unit.
Directly under the Permanent Secretary are also guidance of Civilian Intelligence and the Finnish Security and Intelligence Service, Internal Audit and Advisory Staff to the Permanent Secretary
So, who’s gonna buy your biometric product or service in each of the 200 or so countries in which you may conduct business?
Since I’m talking about presentation attack detection and injection attack detection a lot lately, I should briefly explain the difference between the two. This is from a Substack post I wrote last June.
Let’s say that you have an app on your smartphone that verifies that you are who you say you are.
Maybe it’s a banking app.
Maybe it’s an app that provides access to a government benefits account.
Maybe it’s an app that lets you enter a football stadium.
As part of its workflow, the app uses the smartphone camera to take a picture of your face.
But is that really YOUR face?
Presentation attack detection
A “presentation attack” occurs when the presented item is altered. In the case of a face presented to a smartphone camera, here are three examples of presentation attacks:
Your face is altered by makeup, a mask, or another disguise.
Your face is replaced by a printed photo of someone else’s face.
Your face is replaced by a digital photo or video on a monitor or screen.
Injection attack detection
But what if the image is NOT from the smartphone camera?
What if it is “injected” from another source, bypassing the camera altogether?
The victim doesn’t care
From the fraud victim perspective, it doesn’t matter whether a presentation attack or an injection attack is used.
The only thing that matters is that some type of deepfake fraud was used to fool the system.
However, the only news from these sources was that hundreds of thousands of people were reporting the issue to Downdetector.
Downdetector, 5:15 pm PST yesterday.
However, the site wasn’t COMPLETELY down. If you had a direct link to a YouTube video, you could still watch it. I confirmed this by watching the YouTube version of one of my Bredemarket promotional videos.
“An issue with our recommendations system prevented videos from appearing across surfaces on YouTube (including the homepage, the YouTube app, YouTube Music and YouTube Kids).”
Since recommendations appear almost everywhere, just about everything was affected. Because YouTube, like most other social services, can’t just show “the site”; it has to show what it thinks you should see.
Think about it. What would YouTube look like if it couldn’t recommend anything?
Bredemarket 