The facial recognition brouhaha in southeastern Wisconsin has taken an interesting turn.
According to Urban Milwaukee, the Milwaukee County Sheriff’s Office is pursuing an agreement with Biometrica for facial recognition services.
The, um, benefit? No cost to the county.
“However, the contract would not need to be approved by the Milwaukee County Board of Supervisors, because there would be no cost to the county associated with the contract. Biometrica offers its services to law enforcement agencies in exchange for millions of mugshots.”
“Milwaukee Police Department has also attempted to contract Biometrica’s services, prompting pushback, at least some of which reflected confusion about how the system works….
“The mooted agreement between Biometrica and MPD would have added 2.5 million images to the database.
“In theory, if MCSO signs a contract with Biometrica, it could perform facial recognition searches at the request of MPD.”
See Bredemarket’s previous posts on the city efforts that are now on hold.
No guarantee that the County will approve what the City didn’t. And considering the bad press from the City’s efforts, including using software BEFORE adopting a policy on its use, it’s going to be an uphill struggle.
Most technology publications, with the notable exception of IPVM, are at least partially funded by the companies they cover. Therefore there’s an unavoidable tension between keeping the advertisers happy and casting a critical eye on the industry.
I accept this tension because it applies to Bredemarket itself. Although my clients are absolutely wonderful, there may emerge a future situation where they may be less than perfect. So naturally I have to watch my tongue.
As does Biometric Update.
Remember when IDloop asserted it offered “the world’s first FBI-certified 3D contactless fingerprint scanner,” and Biometric Update reported the claim with no comment? I said at the time:
“Biometric Update reports news as reported, and I don’t think it’s Biometric Update’s purpose to poke holes in vendor claims.”
But then Biometric Update ran a more recent story.
They said that?
Bear in mind that Biometric Update’s advertisers include vendors who offer identity document validation solutions: either their own, or from a third party.
And Biometric Update’s recent story basically said that these solutions are a toxic dumpster fire.
OK, not in those words. Biometric Update is Canadian owned, and if the publication used the words “toxic dumpster fire” it would never stop apologizing.
Not just ineffective, DISASTROUSLY ineffective. Ouch.
For those not up in their acronyms, the Department of Homeland Security’s (DHS) latest annual round of tests was called the Remote Identity Validation Rally (RIVR).
DHS set performance goals for the submitted entries and publicized the (anonymous) results.
“Four of the seven subsystems tested met the goal for system error rate. Four did not meet the threshold for FRR, and five fell short in FAR. In other words, most systems let too few legitimate IDs through, even more passed too many fraudulent IDs, and six of seven fell short on one or both sides of the assessment.”
Google Gemini.
Biometric Update didn’t reveal the…um…identity of the one vendor that performed acceptably. But that vendor may self-reveal soon enough.
On anonymity
Why do testing entities sometimes allow participants to remain anonymous?
Because they want participants.
Some biometric tests are NOT designed to identify the best algorithms, but are instead designed to view the state of the industry. And that’s what this test performed with document validation.
Presumably a future test—POND, or Performance Of Notable Documents—will measure the future state-of-the-art of identity document validation.
But I could have chosen another title: “Fact: lack of deadlines sinks behavior.” That’s a mixture of two quotes from Tracy “Trace” Wilkins and Chris Burt, as we will see.
Whether Vanilla Ice and Gordon Lightfoot would agree with the sentiment is not known.
That guest post touched on Milwaukee, Wisconsin, but had nothing to do with ICE.
Vanilla Ice.
One of the “responsible uses” questions was one that Biometric Update had raised in the previous month: whether it was proper for the Milwaukee Police Department (MPD) to share information with facial recognition vendor Biometrica.
Milwaukee needed a policy
But the conversation subsequently redirected to another topic, as I noted in August. Before Milwaukee’s “Common Council” could approve any use of facial recognition, with or without Biometrica data sharing, MPD needed to develop a facial recognition policy.
According to a quote from MPD, it agreed.
“Should MPD move forward with acquiring FRT, a policy will be drafted based upon best practices and public input.”
It was clear that the policy would come first, facial recognition use afterward.
“Commissioner Krissie Fung pressed MPD inspector Paul Lao on the department’s past use of facial recognition.
““Just to clarify,” asked Fung, “Is the practice still continuing?”
““As needed right now, we are still using [FRT],” Lao responded.”
It was after 10:00 pm Central time, but the commissioner pressed the issue.
Fung asked Lao if the department was currently still using FRT without an SOP in place.
“As we said that’s correct and we’re trying to work on getting an SOP,” Lao said.
That brought the wolves out, because SOP or no SOP, there are people who hate facial recognition, especially because of other things going on in the city that have nothing to do with MPD. Add the “facial recognition is racist” claims, and MPD was (in Burt’s words) sunk.
Yes, a follow-up meeting will be held, but Burt notes (via WISN) that MPD has imposed its own moratorium on facial recognition technology use.
“Despite our belief that this is useful technology to assist in generating leads for apprehending violent criminals, we recognize that the public trust is far more valuable.”
Milwaukee should have asked, then acted
From Bredemarket’s self-interested perspective this is a content problem.
Back in August 2025, Milwaukee knew that it needed a facial recognition policy.
Several months later, in February 2026, it didn’t have one, and didn’t have a timeframe regarding when a policy would be ready for review.
Now I appreciate that a facial recognition policy is not a short writing job. I’ve worked on policies, and you can’t complete one in a couple of days.
But couldn’t you at least come up with a DRAFT in six months?
I’m jumping ahead in the year-end post ridiculousness to cite Bredemarket’s two most notable accomplishments this year. Not to detract from my other accomplishments this year, but these two were biggies.
The second was my go-to-market effort for a Bredemarket client in September, which I discussed (without mentioning my participation) here. And there’s a video for that effort also.
Recent go-to-market.
I’ve accomplished many other things this year: client analyses, blog posts (both individually and in series), consultations, presentations, press releases, proposals, requirements documents, sales playbooks, and many more.
And I still have three more weeks to accomplish things.
Perhaps I’m industry-embedded, but this seems fine to me. Consent appears to be honored everywhere.
“Under the deal, agencies that use Flock’s Nova or FlockOS investigative platforms will soon be able to post Community Requests through Ring’s Neighbors app, asking nearby residents to share doorbell footage relevant to an investigation.
“Each request includes a case ID, time window, and map of the affected area. Ring says participation is voluntary and that residents can choose whether to respond, and agencies cannot see who declines. Users can also disable the feature entirely in their account settings.”
On the other hand, Senator Ron Wyden doesn’t trust Flock at all and says that “abuse of Flock cameras is inevitable.”
Heck, abuse of citizens by the U.S. Senate is inevitable, but citizens aren’t demanding that the Senate cease operations.
I love how Biometric Update bundles a bunch of stories into a single post. Chris Burt outdid himself on Wednesday, covering a slew of stories regarding use and possible misuse of facial recognition by Texas bounty hunters, the NYPD, and cities ranging from Chicago, Illinois to Houlton, Maine.
But those stories aren’t the ones that I’m focusing on. Before I get to my focus, I want to go off on a tangent and address something else.
What I didn’t expect was that competition would arise between me and my bot. I’m writing these words on August 27, two days before the first Bredebot post appears, and I’m already feeling the heat.
What if Bredebot’s posts receive more traffic than the ones I write myself? What does that mean for my own posts…and for the whole premise of hiring Bredemarket to write for others?
I’m treating this as a challenge, vowing to outdo my fast bot counterpart.
And in that spirit, let’s revisit Milwaukee.
Give us any chance, we’ll take it
Access.
When Biometric Update initially visited Milwaukee in its April 28 post, the main concern was the possible agreement for the Milwaukee Police Department to provide “access” to facial data to the company Biometrica in exchange for facial recognition licenses. I subsequently explored the data issue in my own May 6 guest post for Biometric Update.
Vendors must disclose responsible uses of biometric data.
But today the questions addressed to Milwaukee don’t focus on the data, but on the use of facial recognition itself. The Biometric Update article links to a Wisconsin Watch article with more detail. The arguments are familiar to all of you: facial recognition is racist, facial recognition is sometimes relied upon as the sole piece of evidence, facial recognition data can be sent to ICE, and facial recognition can be misused.
However, before Milwaukee’s Common Council can approve facial recognition use, one requirement has to be met.
“Since the passage of Wisconsin Act 12, the only official way to amend or reject MPD policy is by a vote of at least two-thirds of the Common Council, or 10 members.
“However, council members cannot make any decision about it until MPD actually drafts its policy, often referred to as a “standard operating procedure.”
“Ald. Peter Burgelis – one of four council members who did not sign onto the Common Council letter to Norman – said he is waiting to make a decision until he sees potential policy from MPD or an official piece of legislation considered by the city’s Public Safety and Health Committee.”
The Milwaukee Police Department agrees that such a policy is necessary.
“MPD has consistently stated that a carefully developed policy could help reduce risks associated with facial recognition.
“’Should MPD move forward with acquiring FRT, a policy will be drafted based upon best practices and public input,’ a department spokesperson said.”
An aside from my days at MorphoTrak, when I would load user conference documents into the CrowdCompass mobile app: one year the topic of law enforcement agency facial recognition policies was part of our conference agenda. One agency had such a policy, but the agency would not allow me to upload the policy into the CrowdCompass app. You see, the agency had a policy…but it wasn’t public.
Needless to say, the Milwaukee Police Department’s draft policy WILL be public…and a lot of people will be looking at it.
Normally these blog posts are addressed to Bredemarket’s PROSPECTS, the vendors who provide solutions that use biometrics or other technology. Such as identity proofing solutions.
But I’ve targeted this post for another audience, the organizations that BUY biometrics and technology solutions such as identity proofing solutions. Who knows? Perhaps they can use Bredemarket’s content-proposal-analysis services also. Later I will explain why you should use Bredemarket, and how you can use Bredemarket.
So if you are with an organization that SELLS identity proofing solutions, you can stop reading now. You don’t want to know what I am about to tell your prospects…or do you?
When you buy an identity proofing solution, you take on many responsibilities. While your vendor may be able to help, the ultimate responsibility remains with you.
Here are some questions you must answer:
What are your business goals for the project? Do you want to confirm 99.9% of all identities? Do you want to reduce fraudulent charges below $10 million? How will you measure this?
What are your technology goals for the project? What is your desired balance between false positives and false negatives? How will you measure this?
How will the project achieve legal compliance? What privacy requirements apply to your end users—even if they live outside your legal jurisdiction? Are you obtaining the required consents? Can you delete end user data upon request? Are you prepared if an Illinois lawyer sues you? Do you like prison food?
A new Government Accountability Office (GAO) audit found the Internal Revenue Service (IRS) has not exercised sufficient oversight of its digital identity-proofing program…
As many of you know, the IRS’ identity proofing vendor is ID.me. The GAO didn’t find any fault with ID.me. And frankly, it couldn’t…because according to the GAO, the IRS’ management of ID.me was found to be deficient.
“IRS was unable to show it had measurable goals and objectives for the program. IRS receives performance data from the vendor but did not show it independently identified outcomes it is seeking. IRS also has not shown documented procedures to routinely evaluate credential service providers’ performance. Without stronger performance reviews, IRS is hindered in its ability to take corrective actions as needed.
“ID.me acknowledges that its identity-proofing process involves the use of artificial intelligence (AI) technologies. However, IRS has not documented these uses in its AI inventory or taken steps to comply with its own AI oversight policies. Doing so would provide greater assurance that taxpayers’ rights are protected and that the technologies are accurate, reliable, effective, and transparent.”
You would think the IRS had a process for this…but apparently it doesn’t.
Dead on arrival (DOA).
But I’m not the IRS!
I’ll grant that you’re not the IRS. But is your identity proofing program management better…or worse?
Do you know what questions to ask?
Let Bredemarket ask you some questions. Perhaps these can help you create relevant external and internal content (I’ve created over 22 types of content), manage an RFP proposal process, or analyze your industry, company, or competitors.
I have observed that we are living in a time of uncertainty, in which surprises happen every day.
This week has been no exception. As I type this, Donald Trump and Elon Musk are feuding, with accusations of pedophilia leveled against Trump, threats to yank the government contracts of Musk, and who knows what all. Just a typical week in Washington.
But that’s nothing compared to the shocking news I learned Friday morning.
Sit down and don’t bother to bring out your CHF wallet
It’s not shocking that ISO has published a standard. It does this all the time.
It’s also not shocking that ISO published a standard on consent. Consent is required by many privacy regulations, and therefore a standard information structure for consent requests is beneficial throughout the European Union, California, Illinois, and elsewhere.
“This document builds upon ISO/IEC 29184 by addressing the concept of giving the PII principal a record for their own recordkeeping, which includes information about the PII processing agreement and interaction. We call this record the “consent receipt”.
“This document specifies a structure that is used by both principals in consent management: namely a specification for data to be held by the organization to allow record-keeping with good integrity (subject to the defined controls), and an artefact (the “consent receipt”) that is given to the individual whose PII is being processed.”
No, none of this is the shocking part. I’ll let Chris Burt reveal the surprise, but please sit down before you read this. Emphasis mine.
“The International Standards Organization has published a standard for obtaining and recording consent, as is necessary to legally use people’s biometric data in a number of jurisdictions, and is making it available for free.”
Yes, you read that correctly. FREE. As in ZERO CHF.
ISO doesn’t normally give standards away, but there’s an exception for this one.
As a result, I have “purchased” this ISO standard—the first one that Bredemarket has ever owned.
“Usually, the government agency or private organization acts as the “controller” or owner of the biometric data, while the biometric vendor is just the “processor” of the data.
“But there are exceptions. In late April, Joel R. McConvey described a proposal in which the Milwaukee, Wisconsin Police Department would provide Biometrica with 2.5 million facial images from its jail records.
“Why would any biometric vendor want to be the controller of biometric data? One plausible reason is for internal testing to improve the vendor’s algorithms by continuously testing them against live data. There may be other reasons, such as offering new services.”
But this is actually the SECOND time I have been featured by Biometric Update. If you check its YouTube channel, you can find the 2015 gem “MorphoTrak (Safran) – MorphoWay demo”: https://youtube.com/shorts/mqfHAc227As
Stay tuned for my next Biometric Update appearance in 2035.
Bredemarket 