Both the U.S. National Institute of Standards and Technology and the Digital Benefits Hub made important announcements this morning. I will quote portions of the latter announcement.
In response to heightened fraud and related cybersecurity threats during the COVID-19 pandemic, some benefits-administering agencies began to integrate new safeguards such as individual digital accounts and identity verification, also known as identity proofing, into online applications. However, the use of certain approaches, like those reliant upon facial recognition or data brokers, has raised questions about privacy and data security, due process issues, and potential biases in systems that disproportionately impact communities of color and marginalized groups. Simultaneously, adoption of more effective, evidence-based methods of identity verification has lagged, despite recommendations from NIST (Question A4) and the Government Accountability Office.
There’s a ton to digest here. This impacts a number of issues that I and others have been discussing for years.
AAL1 (some confidence). AAL1, in the words of NIST, “provides some assurance.” Single-factor authentication is OK, but multi-factor authentication can be used also. All sorts of authentication methods, including knowledge-based authentication, satisfy the requirements of AAL1. In short, AAL1 isn’t exactly a “nothingburger” as I characterized IAL1, but AAL1 doesn’t provide a ton of assurance.
AAL2 (high confidence). AAL2 increases the assurance by requiring “two distinct authentication factors,” not just one. There are specific requirements regarding the authentication factors you can use. And the security must conform to the “moderate” security level, such as the moderate security level in FedRAMP. So AAL2 is satisfactory for a lot of organizations…but not all of them.
AAL3 (very high confidence). AAL3 is the highest authenticator assurance level. It “is based on proof of possession of a key through a cryptographic protocol.” Of course, two distinct authentication factors are required, including “a hardware-based authenticator and an authenticator that provides verifier impersonation resistance — the same device MAY fulfill both these requirements.”
This is of course a very high overview, and there are a lot of…um…minutiae that go into each of these definitions. If you’re interested in that further detail, please read section 4 of NIST Special Publication 800-63B for yourself.
Which authenticator assurance level should you use?
NIST has provided a handy dandy AAL decision flowchart in section 6.2 of NIST Special Publication 800-63-3, similar to the IAL decision flowchart in section 6.1 that I reproduced earlier. If you go through the flowchart, you can decide whether you need AAL1, AAL2, or the very high AAL3.
One of the key questions is the question flagged as 2, “Are you making personal data accessible?” The answer to this question in the flowchart moves you between AAL2 (if personal data is made accessible) and AAL1 (if it isn’t).
So what?
Do the different authenticator assurance levels provide any true benefits, or are they just items in a government agency’s technical check-off list?
Perhaps the better question to ask is this: what happens if the WRONG person obtains access to the data?
Could the fraudster cause financial loss to a government agency?
Threaten personal safety?
Commit civil or criminal violations?
Or, most frightening to agency heads who could be fired at any time, could the fraudster damage an agency’s reputation?
If some or all of these are true, then a high authenticator assurance level is VERY beneficial.
The Georgia bill explicitly mentions Identity Assurance Level 2.
Under the bill, the age verification methods would have to meet or exceed the National Institute of Standards and Technology’s Identity Assurance Level 2 standard.
So if you think you can use Login.gov to access a porn website, think again.
There’s also a mention of mobile driver’s licenses, albeit without a corresponding mention of the ISO/IEC 18013-5:2021.
Specifically mentioned in the bill text is “digitized identification cards,” described as “a data file available on a mobile device with connectivity to the internet that contains all of the data elements visible on the face and back of a driver’s license or identification card.”
So digital identity is becoming more important for online access, as long as certain standards are met.
One advantage of an open source project is that there are far fewer secrets to hide. If a commercial firm develops biometric products, it has a responsibility to its investors to not release sensitive information.
Although findings…describe potential attack surfaces and are of high or medium severity, (Trail of Bits’) analysis did not uncover vulnerabilities in the Orb’s code…
Back in August 2023, the U.S. General Services Administration published a blog post that included the following statement:
Login.gov is on a path to providing an IAL2-compliant identity verification service to its customers in a responsible, equitable way. Building on the strong evidence-based identity verification that Login.gov already offers, Login.gov is on a path to providing IAL2-compliant identity verification that ensures both strong security and broad and equitable access.
Login.gov is a secure sign in service used by the public to sign in to participating government agencies. Participating agencies will ask you to create a Login.gov account to securely access your information on their website or application.
You can use the same username and password to access any agency that partners with Login.gov. This streamlines your process and eliminates the need to remember multiple usernames and passwords.
Why would agencies implement Login.gov? Because the agencies want to protect their constituents’ information. If fraudsters capture personally identifiable information (PII) of someone applying for government services, the breached government agency will face severe repurcussions. Login.gov is supposed to protect its partner agencies from these nightmares.
How does Login.gov do this?
Sometimes you might use two-factor authentication consisting of a password and a second factor such as an SMS code or the use of an authentication app.
In more critical cases, Login.gov requests a more reliable method of identification, such as a government-issued photo ID (driver’s license, passport, etc.).
The U.S. National Institute of Standards and Technology, in its publication NIST SP 800-63a, has defined “identity assurance levels” (IALs) that can be used when dealing with digital identities. It’s helpful to review how NIST has defined the IALs. (I’ll define the other acronyms as we go along.)
Assurance in a subscriber’s identity is described using one of three IALs:
IAL1: There is no requirement to link the applicant to a specific real-life identity. Any attributes provided in conjunction with the subject’s activities are self-asserted or should be treated as self-asserted (including attributes a [Credential Service Provider] CSP asserts to an [Relying Party] RP). Self-asserted attributes are neither validated nor verified.
IAL2: Evidence supports the real-world existence of the claimed identity and verifies that the applicant is appropriately associated with this real-world identity. IAL2 introduces the need for either remote or physically-present identity proofing. Attributes could be asserted by CSPs to RPs in support of pseudonymous identity with verified attributes. A CSP that supports IAL2 can support IAL1 transactions if the user consents.
IAL3: Physical presence is required for identity proofing. Identifying attributes must be verified by an authorized and trained CSP representative. As with IAL2, attributes could be asserted by CSPs to RPs in support of pseudonymous identity with verified attributes. A CSP that supports IAL3 can support IAL1 and IAL2 identity attributes if the user consents.
So in its simplest terms, IAL2 requires evidence of a verified credential so that an online person can be linked to a real-life identity. If someone says they’re “John Bredehoft” and fills in an online application to receive government services, IAL2 compliance helps to ensure that the person filling out the online application truly IS John Bredehoft, and not Bernie Madoff.
As more and more of us conduct business—including government business—online, IAL2 compliance is essential to reduce fraud.
One more thing about IAL2 compliance. The mere possession of a valid government issued photo ID is NOT sufficient for IAL2 compliance. After all, Bernie Madoff may be using John Bredehoft’s driver’s license. To make sure that it’s John Bredehoft using John Bredehoft’s driver’s license, an additional check is needed.
This has been explained by ID.me, a private company that happens to compete with Login.gov to provide identity proofing services to government agencies.
Biometric comparison (e.g., selfie with liveness detection or fingerprint) of the strongest piece of evidence to the applicant
So you basically take the information on a driver’s license and perform a facial recognition 1:1 comparison with the person possessing the driver’s license, ideally using liveness detection, to make sure that the presented person is not a fake.
As part of an investigation that has run since last April (2022), GSA’s Office of the Inspector General found that the agency was billing agencies for IAL2-compliant services, even though Login.gov did not meet Identity Assurance Level 2 (IAL2) standards.
GSA knowingly billed over $10 million for services provided through contracts with other federal agencies, even though Login.gov is not IAL2 compliant, according to the watchdog.
My belief that everything on the Internet is true has been irrevocably shattered, all because of what an entertainment executive ordered in his spare time. But the Casey Bloys / “Kelly Shepherd” story is just a tiny bit of what is going on with synthetic identities. And X isn’t the only platform plagued by them, as my LinkedIn experience attests.
By the way, this blog post contains pictures of a lot of people. Casey Bloys is real. Some of the others, not so much.
Casey Bloys is the Chairman and CEO of HBO and Max Content. Bloys had to start a recent 2024 schedule presentation with an apology, according to Variety. After explaining how passionate he is about his programming, he went back in time a couple of years to a period that we all remember.
So when you think of that mindset, and then think of 2020 and 2021, I’m home, working from home and spending an unhealthy amount of scrolling through Twitter. And I come up with a very, very dumb idea to vent my frustration.
So why did Bloys have to apologize on Thursday? Because of an article that Rolling Stone published on Wednesday. The article led off with this juicy showbiz tidbit about Bloys’ idea for responding to a critic.
“Maybe a Twitter user should tweet that that’s a pretty blithe response to what soldiers legitimately go through on [the] battlefield,” he texted. “Do you have a secret handle? Couldn’t we say especially given that it’s D-Day to dismiss a soldier’s experience like that seems pretty disrespectful … this must be answered!”
(A note to my younger readers: Twitter used to be a popular social media service that no longer exists. It was replaced by X.)
Eventually Bloys found someone to create the “secret handle.” Sully Temori is now alleging wrongful termination by HBO (which is why we’re learning about these juicy tidbits, via court filings). But in 2021 he was an executive assistant who wanted to get ahead by pleasing his bosses.
Ms. Shepherd seems like a nice woman. A mom, a Texan, a herbalist and aromatherapist, and a vegan. (The cows love that last part.)
Most critically, Shepherd is a normal person, not one of those Hollywood showbiz folks. Although Shepherd, who never posted anything on her own, seems to have a distinct motivation to respond to critics of HBO shows. Take her first reply to a critic from (checks notes) Rolling Stone. (Two years later, Rolling Stone would gleefully report on this story. Watch out who you anger.)
Kelly’s other three replies were along the same lines.
All were short one-sentence blurbs.
Most were completely in lower case, because that’s how regular non-Hollywood folk tweet.
All were critical of those who were critical of HBO, accusing them of “shitting on a show about women,” getting their “panties in a bunch,” and being “busy virtue signaling.”
Hey, if I couldn’t eat hamburgers and my home was filled with weird herbs and aromas, I’d be a little mad too.
And then, a little over a week later, it was over, and Kelly Shepherd never tweeted again. Although Temori apparently performed other activities against HBO critics via other methods. Well, until he was terminated.
Did Kelly Shepherd open a LinkedIn account?
But as part of the plan to satisfy Casey Bloys’ angry whims, Kelly Shepherd acquired a social media account, which she could use as a possible proof of identity.
Even though we now know she doesn’t exist.
But X isn’t the only platform plagued with synthetic identities, and some synthetic identities can do much more than anger an entertainment reviewer.
Many of us on LinkedIn are regularly receiving InMails and connection requests (in my case, from profiles with pictures of beautiful women) who say that we are constantly recommended by LinkedIn, who tell us how impressive our profiles are, and who want to contact us outside of the LinkedIn platform via text message or WhatsApp.
Now perhaps some of these messages are from real people, but I seriously doubt that so many of the employees at John Q Wine & Liquor Winery in New York happen to have the last name “Walter.” And the exact same job title.
Ms. Walter is a pretty busy freelance general manager / director / content partnerships manager.
As for her colleague Ms. Alice Walter, she has more experience (having started in 2018) but also has an extensive biography that begins:
The United States is a country with innovative challenges, and there is more room for development in the wine industry at John Q Wine & Liquor Winery. I am motivated and love to learn, and like to be exposed to more different cultures, and hope to develop more careers in my future life.
And you can check out Maria Walter’s profile if you’re so inclined. Or at least check out “her” picture.
Now none of the Walters women tried to contact me, but another “employee” (or maybe it was a “freelancer,” I forget) of this company tried to do so, which led my curious nature to discover yet another hive of fake LinkedIn profiles.
Sadly, one person from this company is a second-degree connection, which means that one of my connections accepted “her” connection request.
Synthetic identities are harmless…right?
Who knows what Karina, Alice, and Maria will do with their LinkedIn profiles?
Will they connect with other professionals?
Will they ask said professionals to move the conversation to SMS or WhatsApp, for whatever reason?
Will they apply for new jobs, using their impressive work history? A 98.8% customer satisfaction rate while managing 1,800 sub-partnerships is remarkable.
Will they apply for bank accounts…or loans?
The fraud possibilities from fake LinkedIn accounts are endless, and could be very costly for any company who falls for a fake synthetic identity. In fact, FiVerity reports that “in 2020, an estimated $20 billion was lost to SIF” (synthetic identity fraud). Which means that LinkedIn account holders and Partnerships Managers Karina, Alice, and Maria Walter could make a LOT of money.
Now banks and other financial institutions have safeguards to verify financial identities of people who open accounts and apply for loans, because fraud reduction is critically important to financial institutions.
Social media companies? Identity is only “important” to them.
They don’t even care about uniqueness (as Worldcoin does), evidenced by the fact that I have more than two X accounts (but none in which I portray a female Texas mom and vegan).
So if someone comes up to you on X or LinkedIn, remember that all may not be as it seems.
It’s the end of an era for a once-critical pandemic document: The ubiquitous white COVID-19 vaccination cards are being phased out.
Now that COVID-19 vaccines are not being distributed by the federal government, the U.S. Centers for Disease Control and Prevention has stopped printing new cards.
This doesn’t affect the validity of current cards. It just means that if you get a COVID vaccine, or any future vaccine, and you need to prove you obtained it, you will have to contact the medical facility who administered it.
Or, in selected states (because in the U.S. health is generally a state and not a federal responsibility), you can access the state’s digital health information. For example, the state of Washington offers MyIRmobile, as do the states of Arizona, Louisiana, Maryland, Mississippi, North Dakota, and West Virginia.
Sign up for MyIR Mobile by going to myirmobile.com and follow the registration instructions. Your registration information will be used to match your records with the state immunization registry. You will be sent a verification code on your phone to finalize the process. Once registration is complete, you’ll be able to view your immunization records, Certificate of Immunization Status (CIS) and access your COVID-19 vaccination certificate.
Victoria Gardens, Rancho Cucamonga, California, August 12, 2023.
Can someone pretend to be you if they have no idea who you are?
It’s been a couple of weeks since I last addressed Worldcoin’s activities, but a lot has happened in Kenya, and now in Argentina also. Here’s a succinct (I hope) update that looks beyond the blaring headlines to see what is REALLY happening.
And, at the end of this post, I address what COULD happen if a fraudster “cut off someone’s face, including gouging out their eyes, and then you draped it all over your own face.” Hey, you have to consider ALL the use cases.
According to the AAIP, an entity like Worldcoin must register with the AAIP, provide information about its data processing policy, and indicate the purpose for collecting sensitive data and the retention period for such data. Additionally, the agency requires details of the security and confidentiality measures applied to safeguard personal information. The AAIP did not confirm whether Worldcoin complies with the standards.
Worldcoin told CoinDesk in an emailed statement that “the project complies with all laws and regulations governing the processing of personal data in the markets where Worldcoin is available, including but not limited to Argentina’s Personal Data Protection Act 25.326.”
But what is this “personal data” that concerns Argentina so much?
The data that Worldcoin collects
Now a number of companies need to comply with local privacy regulations in numerous countries, and Worldcoin obviously must obey the law in the countries where it conducts business, including laws about personally identifiable information (PII). For illustration, here is an incomplete list of examples of PII, compiled by the University of Pittsburgh:
Name: full name, maiden name, mother’s maiden name, or alias
Personal identification numbers: social security number (SSN), passport number, driver’s license number, taxpayer identification number, patient identification number, financial account number, or credit card number
Personal address information: street address, or email address
Personal telephone numbers
Personal characteristics: photographic images (particularly of face or other identifying characteristics), fingerprints, or handwriting
Biometric data: retina scans, voice signatures, or facial geometry
Information identifying personally owned property: VIN number or title number
Asset information: Internet Protocol (IP) or Media Access Control (MAC) addresses that consistently link to a particular person
To my knowledge, Worldcoin acquires PII in two separate instances: when downloading the World App, and when registering at an Orb.
Data collected by the World App
First, Worldcoin collects data when you download the World App. The data that is collected by the iOS version of the World App includes a user ID, the user’s coarse location, a name, contacts, and a phone number. I’ll admit that the collection of contacts is a little odd, but let’s see what happens to that data later in the process.
Your biometric data is first processed locally on the Orb and then permanently deleted. The only data that remains is your iris code. This iris code is a set of numbers generated by the Orb and is not linked to your wallet or any of your personal information. As a result, it really tells us — and everyone else — nothing about you. All it does is stop you from being able to sign up again.
But what about the second use case, in which the user consents to have Worldcoin retain information (so that the user does not have to re-enroll if they get a new phone)?
Your biometric data is first processed locally on the Orb and then sent, via encrypted communication channels, to our distributed secure data stores, where it is encrypted at rest. Once it arrives, your biometric data is permanently deleted from the Orb.
Regardless of whether biometric data is retained or not, other PII isn’t even collected at the Orb:
Since you are not required to provide personal information like your name, email address, physical address or phone number, this means that you can easily sign up without us ever knowing anything about you.
“But John,” you’re saying, “names and phone numbers are not collected at the Orb, but names and phone numbers ARE collected by the World App. So how are the name, phone number, user ID, and ‘iris code’ linked together?” Let me reprint what Worldcoin says about the app:
Your Worldcoin App is your self-custodial wallet. That means, just like a physical wallet, that no banks, governments or corporations can do anything to it — like lose or freeze your money — you’re in complete control.
You also don’t need to enter any personal information to get or use the App. But even if you do, you can rest assured that, unlike others, we will never sell or try to profit from your personal information.
So apparently, while the World App asks for your name, it is not a mandatory field. I just confirmed this on my World App (which I enabled on May 16, without orb verification); the only identifying information that I could find was my phone number and my user ID.
And I’m assuming that if I were to enroll at an Orb, the iris code would be linked to my user ID.
Depending upon Worldcoin’s internal architecture:
It’s possible that the iris code could be linked to my phone number, either intentionally or unintentionally. But even if it is, an iris code in and of itself is useless outside of the Worldcoin ecosystem. In the same way that an Aware, IDEMIA, NEC, or Thales fingerprint template (not the fingerprint image) can’t be used to generate a full fingerprint image, a Worldcoin iris code can’t be used to generate a full iris image.
If I choose the “with data custody” option, my biometric images could be linked to my phone number. Again, they could be linked either intentionally or unintentionally. If such a linkage exists, then that IS a problem. If a user chooses to back up both their World App data and their Orb biometric image data with Worldcoin (and again, the user must CHOOSE to back up both sets of data), how does Worldcoin ensure that the two sets of data can’t be linked?
Presumably Argentina’s AAIP will investigate Worldcoin’s architecture to ensure that there are no financial identity threats.
Which leads us to Kenya.
Kenya and data protection laws
When we last visited Kenya and Worldcoin on August 2, the government had announced that “(r)elevant security, financial services and data protection agencies have commenced inquiries and investigations to establish the authenticity and legality of the aforesaid activities, the safety and protection of the data being harvested, and how the harvesters intend to use the data.”
Those investigations continue, Worldcoin’s Kenya offices have been raided, and Parliament is angry at the regulatory authorities…for not doing enough. The article that reports this states that the Data Protection Unit feels it is not responsible for investigating the “core business” of the registered companies, but Parliament feels otherwise.
The article also makes another interesting statement:
…the office failed to conduct background checks on the company, whose operations have been banned in both the United States of America (USA) and Germany.
Now what I CAN’T do is obtain some Worldcoin when I register my irises.
In addition, Worldcoin tokens (“WLD”) are not intended to be available for use, purchase, or access by US persons, including US citizens, residents, or persons in the United States, or companies incorporated, located, or resident in the United States, or who have a registered agent in the United States. We do not make WLD available to such US persons. Furthermore, you agree that you will not sell, transfer or make available WLD to US persons.
I continued on a darker vein: What if a criminal mastermind decided to cut out someone’s eyes, and use them to steal their identity?
The Orb engineer told me that it wouldn’t work. This Orb needs to see alive, blinking eyes, and a human face that is real attached to them. A picture of someone’s eyes won’t scan, robot eyes won’t scan, canine eyes won’t scan.
But then I got him.
If you cut off someone’s face, including gouging out their eyes, and then you draped it all over your own face, could you register as them with a Worldcoin scanner and steal their identity?
Yes.
Although he promised that the Worldcoin R&D team has not tested this particular edge case.
“Relevant security, financial services and data protection agencies have commenced inquiries and investigations to establish the authenticity and legality of the aforesaid activities, the safety and protection of the data being harvested, and how the harvesters intend to use the data,” read part of the statement.
“Further, it will be critical that assurances of public safety and the integrity of the financial transactions involving such a large number of citizens be satisfactorily provided upfront.”
And even the iris image data that Worldcoin DOES collect isn’t retained unless people request it.
Since no two people have the same iris pattern and these patterns are very hard to fake, the Orb can accurately tell you apart from everyone else without having to collect any other information about you — not even your name.
Importantly, the images of you and your iris pattern are permanently deleted as soon as you have signed up, unless you opt in to Data Custody to reduce the number of times you may need to go back to an Orb. Either way, the images are not connected to your Worldcoin tokens, transactions, or World ID.
Ah, but Worldcoin does retain…an iris code. A lot of good THAT’S gonna do a scammer.
Your biometric data is first processed locally on the Orb and then permanently deleted. The only data that remains is your iris code. This iris code is a set of numbers generated by the Orb and is not linked to your wallet or any of your personal information. As a result, it really tells us — and everyone else — nothing about you. All it does is stop you from being able to sign up again.
Since you are not required to provide personal information like your name, email address, physical address or phone number, this means that you can easily sign up without us ever knowing anything about you.
And no, you cannot reverse engineer an iris image from the iris code. In fact, you can’t reverse engineer any biometric image from its biometric template.
And even if you could reverse engineer an iris image, what are you going to do with it? You don’t know who owns it. It probably doesn’t belong to Bill Gates. It probably belongs to an impoverished Kenyan. (Good luck getting that person’s US$2.00. Which they probably already sold.)
Because—and here’s the thing that people forget about Worldcoin—”Worldcoin’s World ID emphasizes privacy so much that it does not conclusively prove a person’s identity (it only proves a person’s uniqueness).” (Link)
Companies could pay Worldcoin to use its digital identity system, for example if a coffee shop wants to give everyone one free coffee, then Worldcoin’s technology could be used to ensure that people do not claim more than one coffee without the shop needing to gather personal data, Macieira said.
Yup, that’s the use case. To allow 8 billion people to each claim one cup of coffee.
Not just the people who are members of the coffee company’s rewards club.
Not just the people who have purchased a certain amount of coffee.
Not just the people in the United States and Colombia.
Worldcoin can’t do those things, because even Worldcoin doesn’t know anything about its users.
Which means, by the way, that the World ID can’t be used in elections or national/state government welfare benefits distribution.
Sure it can be used to prove that someone hasn’t voted twice, or received benefits under two different names.
But it has no way of knowing whether the individual is qualified to vote or receive benefits. Maybe the person doesn’t live in the local jurisdiction. For voting, maybe the person lives there but is not a citizen. For benefits, maybe the person has too much income to qualify. Worldcoin doesn’t have a clue if any of these things are true.
So apparently the Kenyan authorities are worried that Worldcoin is gathering too much data.
I’m worried that Worldcoin is gathering not enough data for most practical use cases.
Whether a student is attending a preschool, a graduate school, or something in between, the educational institution needs to know who is accessing their services. This post discusses the types of identity verification and authentication that educational institutions may employ.
Why do educational institutions need to verify and authenticate identities?
Whether little Johnny is taking his blanket to preschool, or Johnny’s mother is taking her research notes to the local university, educational institutions such as schools, colleges, and universities need to know who the attendees are. It doesn’t matter whether the institution has a physical campus, like Chaffey High School’s campus in the video above, or if the institution has a virtual campus in which people attend via their computers, tablets, or phones.
Access boils down to two questions:
Who is allowed within the educational institution?
Who is blocked from the educational institution?
Who is allowed within the educational institution?
Regardless of the type of institution, there are certain people who are allowed within the physical and/or virtual campus.
Students.
Instructors, including teachers, teaching assistants/aides, and professors.
Administrators.
Staff.
Parents of minor students (but see below).
Others.
All of these people are entitled to access to at least portions of the campus, with different people having access to different portions of the campus. (Students usually can’t enter the teacher’s lounge, and hardly anybody has full access to the computer system where grades are kept.)
Before anyone is granted campus privileges, they have to complete identity verification. This may be really rigorous, but in some cases it can’t be THAT rigorous (how many preschoolers have a government ID?). Often, it’s not rigorous at all (“Can you show me a water bill? Is this your kid? OK then.”).
Once an authorized individual’s identity is verified, they need to be authenticated when they try to enter the campus. This is a relatively new phenomenon, in response to security threats at schools. Again, this could be really rigorous. For example, when students at a University of Rhode Island dining hall want to purchase food from the cafeteria, many of then consent to have their fingerprints scanned.
But some authentiation is much less rigorous. In these cases, people merely show an ID (hopefully not a fake ID) to authenticate themselves, or a security guard says “I know Johnny.”
(Again, all this is new. Many years ago, I accompanied a former college classmate to a class at his new college, the College of Marin. If I had kept my mouth shut, the professor wouldn’t have known that an unauthenticated student was in his class.)
Who is blocked from the educational institution?
At the same time, there are people who are clearly NOT allowed within the physical and/or virtual campus. Some of these people can enter campus with special permission, while some are completely blocked.
Former students. Once a student graduates, their privileges are usually revoked, and they need special permission if they want to re-enter campus to visit teachers or friends. (Admittedly this isn’t rigorously enforced.)
Expelled students. Well, some former students have a harder time returning to campus. If you brought a gun on campus, it’s going to be much harder for you to re-enter.
Former instructors, administrators, and staff. Again, people who leave the employ of the institution may not be allowed back, and certain ones definitely won’t be allowed back.
Non-custodial parents of minor students. In some cases, a court order prohibits a natural parent from contact with their child. So the educational institutions are responsible for enforcing this court order and ensuring that the minor student leaves campus only with someone who is authorized to take the child.
Others.
So how do you keep these people off campus? There are two ways.
If they’re not on the allowlist, they can’t enter campus anyway. As part of the identity verification process for authorized individuals, there is a list of people who can enter the campus. By definition, the 8 billion-plus people who are not on that “allowlist” can’t get on campus without special permission.
Sometimes they can be put on a blocklist. Or maybe you want to KNOW that certain people can’t enter campus. The inverse of an allowlist, people who are granted access, is a blocklist, people who are prevented from getting access. (You may know “blocklist” by the older term “blacklist,” and “allowlist” by the older term “whitelist.” The Security Industry Association and the National Institute of Standards and Technology recommend updated terminology.)
There’s just one teeny tiny problem with blocklists. Sometimes they’re prohibited by law.
In some cases (but not in others), a person is required to give consent before they are enrolled in a biometric system. If you’re the ex-student who was expelled for brining a gun on campus, how motivated will you be to allow that educational institution to capture your biometrics to keep you off campus?
And yes, I realize that the expelled student’s biometrics were captured while they were a student, but once they were no longer a student, the institution would have on need to retain those biometrics. Unless they felt like it.
This situation becomes especially sticky for campuses that use video surveillance systems. Like Chaffey High School.
Chaffey High School, Ontario, California.
Now the mere installation of a video surveillance system does not (usually) result in legally prohibited behavior. It just depends upon what is done with the video.
If the video is not integrated with a biometric facial recognition system, there may not be an issue.
If Chaffey High School has its own biometric facial recognition system, then a whole host of legal factors may come into play.
If Chaffey High School does not have a biometric facial recognition system, but it gives the video to a police agency or private entity that does have a biometric facial recognition system, then some legal factors may emerge.
As you can see, educational identity is not as clear-cut as financial identity, both because financial institutions are more highly regulated and because blocklists are more controversial in educational identity. Vladimir Putin may not be able to open a financial account at a U.S. bank, but I bet he’d be allowed to enroll in an online course at a U.S. community college.
So if you are an educational institution or an identity firm who serves educational institutions, people who write for you need to know all of these nuances.
You need to provide the right information to your customers, and write it in a way that will motivate your customers to take the action you want them to take.
Speaking of motivating customers, are you with an identity firm or educational institution and need someone to write your marketing text?
Someone with 29 years of identity/biometric marketing experience?
Someone who understands that technological, organizational, and legal issues surrounding the use of identity solutions?
Someone who will explain why your customers should care about these issues, and the benefits a compliant solution provides to them?
If I can help you create your educational identity content, we need to talk.
Bredemarket 