You may remember the May hoopla regarding amendments to Illinois’ Biometric Information Privacy Act (BIPA). These amendments do not eliminate the long-standing law, but lessen its damage to offending companies.
The General Assembly is expected to send the bill to Illinois Governor JB Pritzker within 30 days. Gov. Pritzker will then have 60 days to sign it into law. It will be immediately effective.
While the BIPA amendment has passed the Illinois House and Senate and was sent to the Governor, there is no indication that he has signed the bill into law within the 60-day timeframe.
A proposed class action claims Photomyne, the developer of several photo-editing apps, has violated an Illinois privacy law by collecting, storing and using residents’ facial scans without authorization….
The lawsuit contends that the app developer has breached the BIPA’s clear requirements by failing to notify Illinois users of its biometric data collection practices and inform them how long and for what purpose the information will be stored and used.
In addition, the suit claims the company has unlawfully failed to establish public guidelines that detail its data retention and destruction policies.
Who are the competitors in the market for my product?
Which features do competitive products offer? How do they compare to the features my product offers?
Which industries do competitors target? How do they compare with the industries my company targets?
Which contracts have the competitors won? How do they compare with the contracts my company has won?
How effective is my company’s product marketing? My website? My social media? My key employees’ social media?
Bredemarket can help you answer these questions.
Types of analyses Bredemarket performs
For those who don’t know, or who missed my previous discussion on the topic, Bredemarket performs analyses that contain one or more of the following:
Analysis of one or more markets/industries for a particular product or product line.
Analysis of one or more (perhaps tens or hundreds) of competitors and/or competitive products for a particular product or product line.
Analysis of a firm’s own product or product line, including how it is marketed.
How Bredemarket conducts its analyses
Bredemarket analyses only use publicly available data.
I’m not hacking websites to get competitor prices or plans.
I’m not asking past employees to violate their non-disclosure agreements.
How Bredemarket packages its analyses
These analyses can range in size from very small to very large. On the very small side, I briefly analyzed the markets of three prospect firms in advance of calls with them. On the large side, I’ve performed analyses that take between one and six weeks to complete.
For the small self-analyses (excluding the very small quick freebies before a prospect call), I deliver these under my Bredemarket 404 Web/Social Media Checkup banner. When I first offered this service in 2020, I had a complex price calculation mechanism that depended upon the number of pages I had to analyze. Now I’ve simplified it and charge one of two flat rates.
Because the larger analyses are of undetermined length, I offer these at an hourly rate under my Bredemarket 4000 Long Writing Service banner. These reports can number 40 pages or more in length, sometimes accompanied by a workbook describing 700 or more competitor products or contracts.
Obviously I can’t provide specifics upon the analyses I’ve already performed since those are confidential to my customers, but I always discuss the customers’ needs before launching the analysis to ensure that the final product is what you want. I also provide drafts along the way in case we need to perform a course correction.
Do you need a market, competitor, or self analysis? Contact me. Or book a meeting with me at calendly.com/bredemarket to talk about your needs (and check the “Market/competitor analysis” check box).
If you book a free 30 minute meeting with Bredemarket, you’ll now find an additional option in the “What Type of Content Do You Need?” section: Market/competitor analysis. I’ve done these for years, but never added the option to the form.
My analyses ONLY use publicly available information that is NOT subject to NDA. So you won’t get access to the analyses I’ve performed for other clients, and they won’t get access to the analysis I prepare for you.
While I primarily provide these analyses in the identity/biometrics industry, I’m open to discussing analysis needs in other industries.
When marketing your facial recognition product (or any product), you need to pay attention to your positioning and messaging. This includes developing the answers to why, how, and what questions. But your positioning and your resulting messaging are deeply influenced by the characteristics of your product.
If facial recognition is your only modality
There are hundreds of facial recognition products on the market that are used for identity verification, authentication, crime solving (but ONLY as an investigative lead), and other purposes.
Some of these solutions ONLY use face as a biometric modality. Others use additional biometric modalities.
Similarly, a face-only company will argue that facial recognition is a very fast, very secure, and completely frictionless method of verification and authentication. When opponents bring up the demonstrated spoofs against faces, you will argue that your iBeta-conformant presentation attack detection methodology guards against such spoofing attempts.
Of course, if you initially only offer a face solution and then offer a second biometric, you’ll have to rewrite all your material. “You know how we said that face is great? Well, face and gait are even greater!”
It seems that many of the people that are waiting the long-delayed death of the password think that biometrics is the magic solution that will completely replace passwords.
For this reason, your company might have decided to use biometrics as your sole factor of identity verification and authentication.
Or perhaps your company took a different approach, and believes that multiple factors—perhaps all five factors—are required to truly verify and/or authenticate an individual. Use some combination of biometrics, secure documents such as driver’s licenses, geolocation, “something you do” such as a particular swiping pattern, and even (horrors!) knowledge-based authentication such as passwords or PINs.
This naturally shapes your positioning and messaging.
The single factor companies will argue that their approach is very fast, very secure, and completely frictionless. (Sound familiar?) No need to drag out your passport or your key fob, or to turn off your VPN to accurately indicate your location. Biometrics does it all!
The multiple factor companies will argue that ANY single factor can be spoofed, but that it is much, much harder to spoof multiple factors at once. (Sound familiar?)
So position yourself however you need to position yourself. Again, be prepared to change if your single factor solution adopts a second factor.
A final thought
Every company has its own way of approaching a problem, and your company is no different. As you prepare to market your products, survey your product, your customers, and your prospects and choose the correct positioning (and messaging) for your own circumstances.
And if you need help with biometric positioning and messaging, feel free to contact the biometric product marketing expert, John E. Bredehoft. (Full-time employment opportunities via LinkedIn, consulting opportunities via Bredemarket.)
In the meantime, take care of yourself, and each other.
If you’re a biometric product marketing expert, or even if you’re not, you’re presumably analyzing the possible effects to your identity/biometric product from the proposed changes to the Biometric Information Privacy Act (BIPA).
As of May 16, the Illinois General Assembly (House and Senate) passed a bill (SB2979) to amend BIPA. It awaits the Governor’s signature.
What is the amendment? Other than defining an “electronic signature,” the main purpose of the bill is to limit damages under BIPA. The new text regarding the “Right of action” codifies the concept of a “single violation.”
(T)he amended law DOES NOT CHANGE “Private Right of Action” so BIPA LIVES!
Companies who violate the strict requirements of BIPA aren’t off the hook. It’s just that the trial lawyers—whoops, I mean the affected consumers make a lot less money.
The Prism Project’s home page at https://www.the-prism-project.com/, illustrating the Biometric Digital Identity Prism as of March 2024. From Acuity Market Intelligence and FindBiometrics.
With over 100 firms in the biometric industry, their offerings are going to naturally differ—even if all the firms are TRYING to copy each other and offer “me too” solutions.
I’ve worked for over a dozen biometric firms as an employee or independent contractor, and I’ve analyzed over 80 biometric firms in competitive intelligence exercises, so I’m well aware of the vast implementation differences between the biometric offerings.
Some of the implementation differences provoke vehement disagreements between biometric firms regarding which choice is correct. Yes, we FIGHT.
Let’s look at three (out of many) of these implementation differences and see how they affect YOUR company’s content marketing efforts—whether you’re engaging in identity blog post writing, or some other content marketing activity.
The three biometric implementation choices
Firms that develop biometric solutions make (or should make) the following choices when implementing their solutions.
Presentation attack detection. Assuming the solution incorporates presentation attack detection (liveness detection), or a way of detecting whether the presented biometric is real or a spoof, the firm must decide whether to use active or passive liveness detection.
Age assurance. When choosing age assurance solutions that determine whether a person is old enough to access a product or service, the firm must decide whether or not age estimation is acceptable.
Biometric modality. Finally, the firm must choose which biometric modalities to support. While there are a number of modality wars involving all the biometric modalities, this post is going to limit itself to the question of whether or not voice biometrics are acceptable.
I will address each of these questions in turn, highlighting the pros and cons of each implementation choice. After that, we’ll see how this affects your firm’s content marketing.
(I)nstead of capturing a true biometric from a person, the biometric sensor is fooled into capturing a fake biometric: an artificial finger, a face with a mask on it, or a face on a video screen (rather than a face of a live person).
This tomfoolery is called a “presentation attack” (becuase you’re attacking security with a fake presentation).
And an organization called iBeta is one of the testing facilities authorized to test in accordance with the standard and to determine whether a biometric reader can detect the “liveness” of a biometric sample.
(Friends, I’m not going to get into passive liveness and active liveness. That’s best saved for another day.)
Now I could cite a firm using active liveness detection to say why it’s great, or I could cite a firm using passive liveness detection to say why it’s great. But perhaps the most balanced assessment comes from facia, which offers both types of liveness detection. How does facia define the two types of liveness detection?
Active liveness detection, as the name suggests, requires some sort of activity from the user. If a system is unable to detect liveness, it will ask the user to perform some specific actions such as nodding, blinking or any other facial movement. This allows the system to detect natural movements and separate it from a system trying to mimic a human being….
Passive liveness detection operates discreetly in the background, requiring no explicit action from the user. The system’s artificial intelligence continuously analyses facial movements, depth, texture, and other biometric indicators to detect an individual’s liveness.
Pros and cons
Briefly, the pros and cons of the two methods are as follows:
While active liveness detection offers robust protection, requires clear consent, and acts as a deterrent, it is hard to use, complex, and slow.
Passive liveness detection offers an enhanced user experience via ease of use and speed and is easier to integrate with other solutions, but it incorporates privacy concerns (passive liveness detection can be implemented without the user’s knowledge) and may not be used in high-risk situations.
So in truth the choice is up to each firm. I’ve worked with firms that used both liveness detection methods, and while I’ve spent most of my time with passive implementations, the active ones can work also.
A perfect wishy-washy statement that will get BOTH sides angry at me. (Except perhaps for companies like facia that use both.)
If you need to know a person’s age, you can ask them. Because people never lie.
Well, maybe they do. There are two better age assurance methods:
Age verification, where you obtain a person’s government-issued identity document with a confirmed birthdate, confirm that the identity document truly belongs to the person, and then simply check the date of birth on the identity document and determine whether the person is old enough to access the product or service.
Age estimation, where you don’t use a government-issued identity document and instead examine the face and estimate the person’s age.
I changed my mind on age estimation
I’ve gone back and forth on this. As I previously mentioned, my employment history includes time with a firm produces driver’s licenses for the majority of U.S. states. And back when that firm was providing my paycheck, I was financially incentivized to champion age verification based upon the driver’s licenses that my company (or occasionally some inferior company) produced.
But as age assurance applications moved into other areas such as social media use, a problem occurred since 13 year olds usually don’t have government IDs. A few of them may have passports or other government IDs, but none of them have driver’s licenses.
But does age estimation work? I’m not sure if ANYONE has posted a non-biased view, so I’ll try to do so myself.
The pros of age estimation include its applicability to all ages including young people, its protection of privacy since it requires no information about the individual identity, and its ease of use since you don’t have to dig for your physical driver’s license or your mobile driver’s license—your face is already there.
The huge con of age estimation is that it is by definition an estimate. If I show a bartender my driver’s license before buying a beer, they will know whether I am 20 years and 364 days old and ineligible to purchase alcohol, or whether I am 21 years and 0 days old and eligible. Estimates aren’t that precise.
Fingerprints, palm prints, faces, irises, and everything up to gait. (And behavioral biometrics.) There are a lot of biometric modalities out there, and one that has been around for years is the voice biometric.
I’ve discussed this topic before, and the partial title of the post (“We’ll Survive Voice Spoofing”) gives away how I feel about the matter, but I’ll present both sides of the issue.
No one can deny that voice spoofing exists and is effective, but many of the examples cited by the popular press are cases in which a HUMAN (rather than an ALGORITHM) was fooled by a deepfake voice. But voice recognition software can also be fooled.
Take a study from the University of Waterloo, summarized here, that proclaims: “Computer scientists at the University of Waterloo have discovered a method of attack that can successfully bypass voice authentication security systems with up to a 99% success rate after only six tries.”
If you re-read that sentence, you will notice that it includes the words “up to.” Those words are significant if you actually read the article.
In a recent test against Amazon Connect’s voice authentication system, they achieved a 10 per cent success rate in one four-second attack, with this rate rising to over 40 per cent in less than thirty seconds. With some of the less sophisticated voice authentication systems they targeted, they achieved a 99 per cent success rate after six attempts.
Other voice spoofing studies
Similar to Gender Shades, the University of Waterloo study does not appear to have tested hundreds of voice recognition algorithms. But there are other studies.
The 2021 NIST Speaker Recognition Evaluation (PDF here) tested results from 15 teams, but this test was not specific to spoofing.
A test that was specific to spoofing was the ASVspoof 2021 test with 54 team participants, but the ASVspoof 2021 results are only accessible in abstract form, with no detailed results.
Another test, this one with results, is the SASV2022 challenge, with 23 valid submissions. Here are the top 10 performers and their error rates.
You’ll note that the top performers don’t have error rates anywhere near the University of Waterloo’s 99 percent.
So some firms will argue that voice recognition can be spoofed and thus cannot be trusted, while other firms will argue that the best voice recognition algorithms are rarely fooled.
What does this mean for your company?
Obviously, different firms are going to respond to the three questions above in different ways.
For example, a firm that offers face biometrics but not voice biometrics will convey how voice is not a secure modality due to the ease of spoofing. “Do you want to lose tens of millions of dollars?”
A firm that offers voice biometrics but not face biometrics will emphasize its spoof detection capabilities (and cast shade on face spoofing). “We tested our algorithm against that voice fake that was in the news, and we detected the voice as a deepfake!”
There is no universal truth here, and the message your firm conveys depends upon your firm’s unique characteristics.
And those characteristics can change.
Once when I was working for a client, this firm had made a particular choice with one of these three questions. Therefore, when I was writing for the client, I wrote in a way that argued the client’s position.
After I stopped working for this particular client, the client’s position changed and the firm adopted the opposite view of the question.
Therefore I had to message the client and say, “Hey, remember that piece I wrote for you that said this? Well, you’d better edit it, now that you’ve changed your mind on the question…”
Bear this in mind as you create your blog, white paper, case study, or other identity/biometric content, or have someone like the biometric content marketing expert Bredemarket work with you to create your content. There are people who sincerely hold the opposite belief of your firm…but your firm needs to argue that those people are, um, misinformed.
I’m going to describe one example of how Bredemarket has helped its customers, based upon one of my client projects from several years ago.
Stupid Word Tricks. Tell your brother, your sister and your mama too. See below.
I’ve told this story before, but I wanted to take a fresh look at the problem the firm had, and the solution Bredemarket provided. I’m not identifying the firm, but perhaps YOUR firm has a similar problem that I can solve for you. And your firm is the one that matters.
The problem
This happened several years ago, but was one of Bredemarket’s first successes.
The firm that asked for my help is one that focuses on one particular biometric modality, and provides a high-end solution for biometric identification.
In addition, the firm’s solution has multiple applications, crime solving and disaster victim identification being two of them.
The firm needed a way to perform initial prospect outreach via budgetary quotations, targeted to the application that mattered to the prospect. A simple proposal problem to be solved…or so it seemed.
Why the obvious proposal solution didn’t work
I had encountered similar problems while employed at Printrak and MorphoTrak and while consulting here at Bredemarket, so the solution was painfully obvious.
Qvidian, one proposal automation software package that I have used. But there are a LOT of proposal automation software packages out there, including some new ones that incorporate artificial intelligence. From https://uplandsoftware.com/qvidian/.
Have your proposal writers create relevant material in their proposal automation software that could target each of the audiences.
So when your salesperson wants to approach a medical examiner involved in disaster victim identification, the proposal writer could just run the proposal automation software, create the targeted budgetary quotation, populate it with the prospect’s contact information, and give the completed quotation to the salesperson.
Unfortuntely for the firm, the painfully obvious solution was truly painful, for two reasons:
This firm had no proposal automation software. Well, maybe some other division of the firm had such software, but this division didn’t have access to it. So the whole idea of adding proposal text to an existing software solution, and programming the solution to generate the appropriate budgetary quotation, wasn’t going to fly.
In addition, this firm had no proposal writers. The salespeople were doing this on their own. The only proposal writer they had was the contractor from Bredemarket. And they weren’t going to want to pay for me to generate every budgetary quotation they needed.
In this case, the firm needed a way for the salespeople to generate the necessary budgetary quotations as easily as possible, WITHOUT relying on proposal automation software or proposal writers.
Bredemarket’s solution
To solve the firm’s problem, I resorted to Stupid Word Tricks.
I created two similar budgetary quotation templates: one for crime solving, and one for disaster victim identification. (Actually I created more than two.) That way the salesperson could simply choose the budgetary quotation they wanted.
The letters were similar in format, but had little tweaks depending upon the audience.
Using document properties to create easy-to-use budgetary quotations.
The Stupid Word Tricks came into play when I used Word document property features to allow the salesperson to enter the specific information for each prospect, which then rippled throughout the document, providing a customized budgetary quotation to the prospect.
The result
The firms’ salespeople used Bredemarket’s templates to generate initial outreach budgetary quotations to their clients.
And the salespeople were happy.
I’ve used this testimonial quote before, but it doesn’t hurt to use it again.
“I just wanted to truly say thank you for putting these templates together. I worked on this…last week and it was extremely simple to use and I thought really provided a professional advantage and tool to give the customer….TRULY THANK YOU!”
Comment from one of the client’s employees who used the standard proposal text
While I actively consulted for the firm I maintained the templates, updating as needed as the firm achieved additional certifications.
Why am I telling this story again?
I just want to remind people that Bredemarket doesn’t just write posts, articles, and other collateral. I can also create collateral such as these proposal templates that you can re-use.
The identity/biometric company never formally learned how its references to renamed companies and non-existent companies were repelling those very companies…and the prospects who knew the website information was inaccurate.
It could have learned…if it had met with me. But it chose not to do so.
NOTE TO SELF: INSERT STRONG FEAR UNCERTAINTY AND DOUBT PARAGRAPH HERE. TAKE OUT THESE TWO SENTENCES BEFORE POSTING THE FINAL VERSION!!!
(By the way…while the identity/biometric company never received this information formally, it did receive it informally…because such information is presumably critically important to the company.)
How many other companies are in the same situation, with:
My mini-survey shows that of the 40+ identity firms with blogs, about one-third of them HAVEN’T SAID A SINGLE THING to their prospects and customers in the last two months.
Is there a 29-year veteran of the identity industry, an identity content marketing expert who can help the companies fix these gaps?
Bredemarket 