Tag Archives: department of homeland security

Are You Responding to the CBP RFI, “RFI Land Vehicle Primary Zone Traveler Photo Capture Device”?

Facial recognition firms, let’s talk about Requests for Information from the Department of Homeland Security. I wrote about one in 2021, so I figured I’d write about another one that was just published today.

But before I do, let me just say that…um…I’m experienced in responding to Requests for Information (RFIs) from the Department of Homeland Security…and that’s all I can say.

And this new RFI is intriguing.

The RFI with Notice ID RFI-LVPZTPCD was issued by U.S Customs and Border Protection today (April 30) and is due in one month (May 30). The description includes the following:

“CBP is seeking a solution for capturing facial images of vehicle occupants in an officer-manned primary zone at an inbound vehicle point of entry (POE).”

Today’s CBP RFI-LVPZTPCD envisions the use case in which people are entering the U.S. in a car…and are NOT getting out of the car. But you still have to capture their faces at a sufficient quality level, which is easier said than done. Heck, in May 2022 it took me several tries to capture a passport facial image at CVS when I WASN’T in a car. Now add distance, odd camera angles, and possibly an intervening car windshield, and you’re in for big challenges.

I wonder how many facial recognition vendors are planning to respond to this RFI…and how many need the experienced proposal help that Bredemarket can provide.

  • I know one biometric firm that often responds to Department of Homeland Security RFIs, but this firm does not have a “Land Vehicle Primary Zone Traveler Photo Capture Device.” So while this firm has used Bredemarket’s proposal services in the past, it won’t respond to this particular RFI.
  • I know another biometric firm with a keen interest in land vehicle primary zone traveler photo capture devices, and perhaps this firm may respond to this RFI. But this is the firm that didn’t renew my consulting contract in the fall of 2024, and I haven’t heard from them since.

Of course, there are other facial recognition firms out there, some of which may have outstanding solutions to the CBP’s problem.

And in case you haven’t heard, Bredemarket has an opening for a facial recognition client, and can provide winning proposal development services.

So if I can help your facial recognition firm respond to this RFI, book a call: https://bredemarket.com/cpa/

Putting the P in CPA.

(San Ysidro Port of Entry picture by Philkon (Phil Konstantin) – Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=15343509.)

The Present Reality of REAL ID Federal-State Tensions

Driver’s license vendors already know about the states’ decades-long resistance to REAL ID, and I bet you do too.

Anthony Kimery of Biometric Update put a fundamental truth succinctly:

“The saga of the REAL ID pushback reveals a deep and ongoing tension at the heart of American governance: the friction between national imperatives and state autonomy.”

Kimery’s article, “Twenty years later the REAL ID debate refuses to go away,” captures the history of this federal-state tension over the years. 

Beginning with some states telling the federal government to get out of their affairs, as well as expressing budgetary concerns about federal mandates that the federal government wouldn’t fund, Anthony Kimery’s REAL ID tale concludes with all the states and territories achieving technical compliance with REAL ID…two decades later.

(Why did the states surrender to the federal REAL ID mandates? Because as much as the states complained about federal overreach…in the end the federal government controlled the airports. If you wanted to fly, you had to get a federal passport…or bend your state driver’s license to the federal rules. And you might recall that airport security was the whole reason for REAL IDs in the first place.)

At the end of Kimery’s story, concerns have come full circle. States that maintained that they have the right to determine how they issue their own driver’s licenses are angry at how OTHER states exercise the right to issue THEIR own driver’s licenses.

“Early this year,…Wyoming passed legislation invalidating out-of-state driver’s licenses issued to undocumented immigrants.”

Maybe we need a national ID?

If you’re curious about what Bredemarket has said about REAL ID over the years, I’ve collected a few samples:

And if your company sells driver’s license services, but your staff is too swamped to tell your story, you can obtain the services of a consultant who can create 22 (or more) types of internal and external content. Contact Bredemarket: https://bredemarket.com/cpa/

(Image: Transportation Security Administration Checkpoint at John Glenn Columbus International Airport. By Michael Ball – Own work, CC0, https://commons.wikimedia.org/w/index.php?curid=77279000.)

TSA Photo Requests: “The Current U.S. Government” Can Already Obtain Your Facial Image

There have been many recent stories about Transportation Security Administration (TSA) capture of the facial images of travelers, an outgrowth of the same post-9/11 concerns that resulted in REAL IDs in 2008…I mean 2025. (Maybe.)

One story from HuffPost clearly states its view on the matter. The title of the story? “Why You Can (And Should) Opt Out Of TSA Facial Recognition Right Now.”

I guess we know where HuffPost stands.

As to the “why” of its stance, here’s a succinct statement:

“Do you really want to be submitting a face scan to the current U.S. government?”

And perhaps there are good reasons to distrust the Trump Administration, or any administration. 

After all, the TSA says it only retains the picture for a limited time: “Photos are not stored or saved after a positive ID match has been made, except in a limited testing environment for evaluation of the effectiveness of the technology,”

But maybe…something happens. Someone accidentally forgot to delete the files. Oops.

And if something happens, the federal government has just captured an image of your face!

Guess what? The federal government can probably already get an image of your face, even if you don’t allow TSA to take your photo.

After all, you had to show some sort of identification when you arrived at that TSA checkpoint. Maybe you showed a passport, with a picture that the U.S. State Department received at one point. No, they don’t retain them either. But maybe…something happens.

But who does retain an image of your face?

Your state driver’s license agency. And as of 2019:

“Twenty-one states currently allow federal agencies such as the FBI to run searches of driver’s license and identification photo databases.”

So if a federal agency wants your facial image, it can probably obtain it even if you decline the TSA photo request.

Unless you strictly follow Amish practices. But in that case you probably wouldn’t be going through a TSA checkpoint anyway.

But if you are with a facial recognition company, and you want your prospects and their prospects to understand how your solution protects their privacy…

Bredemarket can help:

  • compelling content creation
  • winning proposal development
  • actionable analysis

Book a call: https://bredemarket.com/cpa/ 

(Security checkpoint picture generated by Imagen 3)

If the United States Won’t Pay For the CVE Program…Who Will?

From The Register:

“The [CVE] program is sponsored, and largely funded by the Cybersecurity and Infrastructure Security Agency, aka CISA, under the umbrella of the US Department of Homeland Security. It appears MITRE has been paid roughly $30 million since 2023 to run CVE and associated programs.”

$30 million is peanuts. 

If the U.S. government won’t fund it (and it still may), and if private firms won’t fund it, perhaps the EU will take it over. Or Canada. Or China. 

The only complication is whether MITRE can run it if someone other than the feds is paying.

REAL ID: When Enforcement Isn’t Enforcement

Follow up to the long-standing history of REAL ID enforcement delays.

Lots of delays.

When then-President George W. Bush signed into law the “Real ID Act of 2005,” American adults initially had a May 11, 2008 deadline to ensure their identification documents met federal standards.

For those who didn’t notice, we didn’t all adopt REAL IDs in 2008.

In fact, a few years later I was working on a driver’s license proposal for a state I won’t identify, and the RFP clearly and emphatically stated that REAL ID compliance for the new driver’s license was not…um…OK.

Even during the short history of the Bredemarket blog, the REAL ID enforcement date of May 5, 2023 has been adopted and superseded. And more recently there was a report that that new date of May 7, 2025 would slip.

Well, that won’t happen.

Or will it?

The (so-called) “final” rule

The Transportation Security Administration has published a final rule which clearly states that the REAL ID enforcement date of May 7, 2025 still stands and has not been delayed.

Or perhaps it’s not so clear.

This rule ensures that Federal agencies have appropriate flexibility to implement the card-based enforcement provisions of the REAL ID regulations after the May 7, 2025, enforcement deadline by explicitly permitting agencies to implement these provisions in phases. Under this rule, agencies may implement the card-based enforcement provisions through a phased enforcement plan if they determine it is appropriate upon consideration of relevant factors including security, operational feasibility, and public impact. The rule also requires agencies to coordinate their plans with DHS, make the plans publicly available, and achieve full enforcement by May 5, 2027.

So the enforcement DEADLINE is May 7, 2025, but FULL enforcement will be achieved by May 5, 2027.

Date subject to change.

It’s not only the U.S.

But at least these decades of delays give me an excuse to share a Geico commercial.

And Europe (the continent, not the band) has its own problems with delays to its Entry/Exit System (EES)…and a graduated rollout is proposed.

From https://www.youtube.com/watch?v=1H9FI87HK-s.

Temporary REAL-ity?

Your driver’s license isn’t real forever.

When talking about the validity periods for U.S. driver’s licenses (which vary from state to state) in a February 2024 post, Veriff points out one oft-overlooked part of the REAL ID Act:

“If a document bears the typical Real ID star symbol (or some accepted adaptation of it), meaning it is a Real ID-compliant document, it cannot be valid for longer than 8 years (Section 202(d)(10) of the Real ID Act).”

At the time of Veriff’s post, the REAL ID deadline was due for enforcement on May 7, 2025 after numerous delays. Several months later, in September 2024, the Transportation Security Administration started planning to be flexible about that deadline…

Someday the REAL ID Act will be real…

When Rapid DNA Isn’t

(Part of the biometric product marketing expert series)

Have you heard of rapid DNA?

Fair use, from https://www.racers-behindthehelmet.com/post/first-historic-pole-position-and-podium-for-antonella-bassani-in-porsche-cup-brasil. Photo credits: Porsche Cup Brasil.

Perhaps not as fast as Brazilian race car driver Antonella Bassani, but fast enough.

This post discusses the pros and cons of rapid DNA, specifically in the MV Conception post mortem investigation.

DNA…and fingerprints

I’ve worked with rapid DNA since I was in Proposals at MorphoTrak, when our corporate parent Safran had an agreement with IntegenX (now part of Thermo Fisher Scientific). Rapid DNA, when suitable for use, can process a DNA sample in 90 minutes or less, providing a quick way to process DNA in both criminal and non-criminal cases.

By Zephyris – Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=15027555

But as I explain below, sometimes rapid DNA isn’t so rapid. In those cases, investigators have to turn to boring biometric technologies such as fingerprints instead. Fingerprints are a much older identification modality, but they still work.

By Federal Bureau of Investigation – https://washingtonian.com/2016/11/24/the-fbi-opened-its-crime-lab-here-in-dc-back-in-1932, Public Domain, https://commons.wikimedia.org/w/index.php?curid=128508441

DNA, fingerprints…and dental records

From https://doi.org/10.1111/1556-4029.15513.

Bredemarket recently purchased access to a Journal of Forensic Sciences article entitled “Advances in postmortem fingerprinting: Applications in disaster victim identification” (https://doi.org/10.1111/1556-4029.15513) by Bryan T. Johnson MSFS of the Federal Bureau of Investigation Laboratory in Quantico. The abstract (which is NOT behind the paywall) states the following, in part:

In disaster victim identification (DVI), fingerprints, DNA, and dental examinations are the three primary methods of identification….As DNA technology continues to evolve, RAPID DNA may now identify a profile within 90 min if the remains are not degraded or comingled. When there are true unknowns, however, there is usually no DNA, dental, or medical records to retrieve for a comparison without a tentative identity.

In the body of the paper itself (which IS behind the paywall), Johnson cites one example in which use of rapid DNA would have DELAYED the process.

DVI depends upon comparison of a DNA sample from a victim with a previous DNA sample taken from the victim. If this is not available, then the victim’s DNA is compared against the DNA of a family member.

Identifying foreign nationals aboard the MV Conception

MV Conception shortly before it sank. By National Transportation Safety Board – Screen Shot 2020-10-16 at 3.00.40 PM, Public Domain, https://commons.wikimedia.org/w/index.php?curid=95326656

When the MV Conception boat caught fire and sank in September 2019, 34 people lost their lives and had to be positively identified.

While most of the MV Conception victims were California residents, some victims were from Singapore and India. It would take weeks to collect and transport the DNA samples from the victims’ family members back to the United States for comparison against the DNA samples from the victims. Weeks of uncertainty during which family members had no confirmation that their relatives were among the deceased.

However, because the foreign victims were visitors to the United States, they had fingerprints on file with the Department of Homeland Security. Interagency agreements allowed the investigating agencies to access the DHS fingerprints and compare them against the fingerprints of the foreign victims, providing tentative identifications within three days. (Fingerprint identification is a 100+ year old method, but it works!) These tentative identifications were subsequently confirmed when the familial DNA samples arrived.

What does this mean?

The message here is NOT that “fingerprints rule, DNA drools.” In some cases the investigators could not retrieve fingerprints from the bodies and HAD to use rapid DNA.

The message here is that when identifying people, you should use ANY biometric (or non-biometric) modality that is available: fingerprints, DNA, dental records, driver’s licenses, Radio Shack Battery Club card, or anything else that provides an investigative lead or a positive identification.

And ideally, you should use more than one factor of authentication.

And now a word from our sponsor

By the way, if you have a biometric story to tell, Bredemarket can help…um…drive results. Perhaps not as fast as Bassani, but fast enough.

Drive content results with Bredemarket Identity Firm Services.

Pangiam May Be Acquired Next Year

Things change. Pangiam, a company that didn’t even exist a few years ago, and that started off by acquiring a one-off project from a local government agency, is now itself a friendly acquisition target (pending stockholder and regulatory approvals).

From MWAA to Pangiam

Back when I worked for IDEMIA and helped to market its border control solutions, one of our competitors for airport business was an airport itself—specifically, the Metropolitan Washington Airports Authority. Rather than buying a biometric exit solution from someone else, the MWAA developed its own, called veriScan.

2021 image from the former airportveriscan website.

After I left IDEMIA, the MWAA decided that it didn’t want to be in the software business any more, and sold veriScan to a new company, Pangiam. I posted about this decision and the new company in this blog.

ALEXANDRIA, Va., March 19, 2021 /PRNewswire/ — Pangiam, a technology-based security and travel services provider, announced today that it has acquired veriScan, an integrated biometric facial recognition system for airports and airlines, from the Metropolitan Washington Airports Authority (“Airports Authority”). Terms of the transaction were not disclosed.

From PR Newswire.

But Pangiam was just getting started.

Trueface, FRTE, stadiums, and artificial intelligence

Results for the NIST FRTE 1:N pangiam-000 algorithm, captured November 6, 2023 from NIST.

A few months later Pangiam acquired Trueface and therefore earned a spot on the NIST FRTE 1:N (formerly FRVT 1:N) rankings and an interest in the stadium/venue identity verification/authentication market.

By Chris6d – Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=101751795

Meanwhile Pangiam continued to build up its airport business and also improved its core facial recognition technology.

After that I personally concentrated on other markets, and therefore missed the announcements of Pangiam Bridge (introducing artificial intelligence into Pangiam’s border crossing offering) and Project DARTMOUTH (devoted to using artificial intelligence and pattern analysis to airline baggage, cargo, and shipments).

So what will Pangiam work on next? Where will it expand? What will it acquire?

Nothing.

Enter BigBear.ai

Pangiam itself is now an acquisition target.

COLUMBIA, MD.— November 6, 2023 — BigBear.ai (NYSE: BBAI), a leading provider of AI-enabled business intelligence solutions, today announced a definitive merger agreement to acquire Pangiam Intermediate Holdings, LLC (Pangiam), a leader in Vision AI for the global trade, travel, and digital identity industries, for approximately $70 million in an all-stock transaction. The combined company will create one of the industry’s most comprehensive Vision AI portfolios, combining Pangiam’s facial recognition and advanced biometrics with BigBear.ai’s computer vision capabilities, positioning the company as a foundational leader in one of the fastest growing categories for the application of AI. The proposed acquisition is expected to close in the first quarter of 2024, subject to customary closing conditions, including approval by the holders of a majority of BigBear.ai’s outstanding common shares and receipt of regulatory approval.

From bigbear.ai.

Yet another example of how biometrics is now just a minor part of general artificial intelligence efforts. Identify a face or a grenade, it’s all the same.

Anyway, let’s check back in a few months. Because of the technology involved, this proposed acquisition will DEFINITELY merit government review.

Android mobile driver’s licenses? It’s complicated.

At least in the United States, the mobile driver’s license world is fragmented.

Because driver’s license issuance in the U.S. is a state and not a federal responsibility, each state has to develop its own mobile driver’s license implementation. Subject to federal and international standards, of course.

To date there have been two parties helping the states with this:

  • mDL vendors such as Envoc and IDEMIA, who work with the states to create mDLs.
  • Operating system vendors such as Apple and Google, who work with the states to incorporate mDLs in smartphone wallets.

But because the Android ecosystem is more fragmented than the iOS ecosystem, we now have a third party that is involved in mDLs. In addition to mDL vendors and operating system vendors, we also have really large smartphone providers.

From https://news.samsung.com/us/samsung-idemia-bring-mobile-drivers-licenses-samsung-wallet-arizona-iowa-first-states-rollout/

Enter Samsung:

Samsung Electronics America today announced it is bringing mobile driver’s licenses and state IDs to Samsung Wallet. Arizona and Iowa will be the first states to offer a mobile version of its driver’s license to their residents. The update expands the Samsung Wallet experience by adding a convenient and secure way to use state-issued IDs and driver’s licenses

From https://news.samsung.com/us/samsung-idemia-bring-mobile-drivers-licenses-samsung-wallet-arizona-iowa-first-states-rollout/

(For those who have seen prior references to Samsung in the Bredemarket blog, rest assured that this information is public and Samsung won’t get harmed if you feed it to ChatGPT or Bard or whoever.)

In this particular case Samsung is working with IDEMIA (the mDL provider for Arizona and Iowa), but Samsung announced that it is working with other states and with the Transportation Security Administration (TSA).

While there are underlying standards (most notably ISO/IEC 18013-5, previously discussed here) that govern the implementation of mobile driver’s licenses, there is still a dizzying array of options.

From https://www.yourtango.com/201168184/facebook-relationship-status-what-does-its-complicated-mean

On a personal note, I’m still working on validating my driver’s license for California’s pilot mDL program. It probably didn’t help that I renewed my physical driver’s license right in the middle of the mDL validation process.