Which naturally implies that IAL3 is better than IAL2, because it’s more secure.
So why doesn’t EVERYONE use IAL3?
For the same reason that childrens’ piggy banks aren’t protected with multiple biometric modalities AND driver’s license authentication.
Grok.
Kids don’t have driver’s licenses anyway.
In the same vein, in-person or remote supervised identity proofing isn’t always necessary. If your business would lose customers by insisting upon IAL3, and you’re OK with assuming the financial risk, don’t do it.
Grok.
Imagine if you had to get on a video chat and show your face and your driver’s license before EVERY Amazon purchase. Customers would go elsewhere. Amazon would go broke within days.
Which is why some identity firms promote IAL3, while others promote IAL2. (I won’t talk about the firms that promote IAL1.)
Grok.
Whatever identity assurance level your prospects need, Bredemarket can help you create the content. Let’s talk about your specific needs.
In late 2019 and early 2020 I was working on a project promoting biometric entry at sports facilities and concert venues…until a teeny little worldwide pandemic shut down all the sport and concert venues.
Some of you may remember that a pivotal day during that period was March 11, 2020. Among many many other things, this was the day on which basketball fans awaited the start of a game.
“8 p.m. [ET; 7 p.m. local time]: In Oklahoma City, it was just another game day for Nerlens Noel and his Thunder teammates, who were warming up to play the visiting Utah Jazz.”
The day soon became abnormal after a meeting between NBA officials and the two coaches. Unbeknownst to the crowd, the officials and coaches were discussing a medical diagnosis of Rudy Gobert. (That’s another story.)
“8:31 p.m. [ET]: Teams were sent back to their locker rooms but the crowd at Chesapeake Energy Arena weren’t informed of the cancellation immediately. Instead, recording artist Frankie J, the intended halftime entertainment, put on his show, while officials decided how to break the news.”
Eight minutes later, the crowd was instructed to leave the arena.
Twenty minutes after that, the NBA suspended all games.
Imagen 4.
A little over a month later, on April 19, millions of people were huddled in their homes, glued to the opening episode of a TV series called The Last Dance…the only basketball any of us were going to get for a while. And of course, these games were on decades-long tape delay, and we already knew the outcome. (The Chicago Bulls won.)
And that was our basketball…until the suspended season resumed on July 30 under very bizarre circumstances.
Anyway, all of that was a very long time ago.
Imagen 4.
Games and concerts have been back in business since 2021, and identity verification and authentication of venue visitors with biometrics and other factors is becoming more popular every year.
My recent Substack post explains what Identity Assurance Level 3 (IAL3) is, and re-examines my doubts about the effectiveness of so-called “voter ID” laws. Because if voter ID proponents REALLY wanted to guarantee that voters are eligible, they would have to do a LOT more. Security theater is not security. But what is the cost of true security?
There are a variety of non-person entities, all of which may engage in felonies. Take the late Maya Jean Yourex of Costa Mesa, California, who was encouraged to register to vote…even though Maya is a dog.
I’m sure that Carl DeMaio will hop on this story immediately.
Maya’s voting history
Maya first voted via mail-in ballot in the 2021 California gubernatorial recall election of Gavin Newsom. We know about this because Laura Lee Yourex posted a picture in January 2022 of her dog wearing an “I voted” sticker.
This could be dismissed as a silly picture, but Laura Lee’s October 2024 post exemplifies dumb crime. According to Orange County District Attorney spokeswoman Kimberly Edds (who presumably is human, though I haven’t verified this):
“Yourex had posted [a photo] in October 2024 of Maya’s dog tag and a vote-by-mail ballot with the caption “Maya is still getting her ballot,” even after the dog had passed away…”
The second ballot was rejected, but the first was counted.
Maya got away scot-free.
The fix was in. Imagen 4.
But Laura Lee potentially faces five felonies:
two counts of casting a ballot when not entitled to vote
perjury
procuring or offering a false or forged document to be filed
registering a non-existent person to vote
She is scheduled to enter a plea on Tuesday and theoretically faces six years behind bars.
“Proof of residence or identification is not required for citizens to register to vote in state elections or cast ballots in state elections, which was how Maya’s vote counted in the recall election of Newsom….
“It was not immediately known on Friday how Maya voted in that election.
“However, proof of residence and registration is required of first-time voters in federal elections, and the ballot in Maya’s name for the 2022 primary was challenged and rejected….”
Voting agencies can’t find fake IDs
However, as I have previously noted, voting officials do not have the knowledge or tools to determine whether a government identification document is legitimate.
This is fake. Well, the card is real, but it’s not official.
As long as Maya’s ID declared that she was 18 years old, some voting officials would approve it.
Even if Maya’s face on the ID was a dog face.
This is also fake. Really fake, since it’s Imagen 4 generated.
Beyond “ID plus selfie“
As for proof of residency, Laura Lee’s electric bill could list Maya on the account, and Southern California Edison would be none the wiser.
Which is why many identity verification processes go beyond “ID plus selfie” (what you have plus what you are), and also include checks of textual databases for additional evidence of the person.
I doubt that Laura Lee enrolled her dog Maya in all of these sources. How many Social Security Numbers, email addresses, bank accounts, credit cards, and other records would Maya have? “Canine identifiable information” (CII)?
Do you validate identities?
If you are a marketing leader that wants to promote your identity solution, and your company can benefit from a marketing consultant with 30 years of identity experience, schedule a meeting with Bredemarket at bredemarket.com/mark.
Some technical marketers are expert at spinning soft fluffy stories about how their AI-powered toilet paper can cure cancer…which can be very persuasive as long as the prospects don’t ask any questions.
For example, let’s say you’re telling a Chick-fil-A in Kettering, Ohio that you’ll keep 17 year olds out of their restaurant. Are you ready when the prospect asks, “How do you KNOW that the person without ID is 17 years and 359 days old, and is not 18?”
Or let’s say you’re telling a state voter agency that you’ll enforce voter ID laws. Are you ready when the prospect asks, “How do you KNOW that the voter ID is real and not fake? Or that it is fake and not real?”
Be prepared to answer the tough questions. Expert testimonials. Independent assessments of your product’s accuracy. Customer case studies.
Analyze your product’s weaknesses. (And the threats, if you’re a SWOT groupie.)
An authentication factor is a discrete method of authenticating yourself. Each factor is a distinct category.
For example, authenticating with fingerprint biometrics and authenticating with facial image biometrics are both the same factor type, because they both involve “something you are.”
But how many factors are there?
Three factors of authentication
There are some people who argue that there are only really three authentication factors:
Something you know, such as a password, or a personal identification number (PIN), or your mother’s maiden name.
Something you have, such as a driver’s license, passport, or hardware or software token.
Something you are, such as the aforementioned fingerprint and facial image, plus others such as iris, voice, vein, DNA, and behavioral biometrics such as gait.
Somewhat you why, or a measure of intent and reasonableness.
For example, take a person with a particular password, ID card, biometric, action, and geolocation (the five factors). Sometimes this person may deserve access, sometimes they may not.
The person may deserve access if they are an employee and arrive at the location during working hours.
That same person may deserve access if they were fired and are returning a company computer. (But wouldn’t their ID card and biometric access have already been revoked if they were fired? Sometimes…sometimes not.)
That same person may NOT deserve access if they were fired and they’re heading straight for their former boss’ personal HR file.
Or maybe just five factors of authentication
Now not everyone agrees that this sixth factor of authentication is truly a factor. If “not everyone” means no one, and I’m the only person blabbering about it.
So while I still work on evangelizing the sixth factor, use the partially accepted notion that there are five factors.
“[R]equire the state to verify proof of citizenship when a person registers to vote.”
Require voters to “provide identifications at the polls.”
“Those who vote through mail-in ballots would have to give the last four digits of a government-issued ID such as a Social Security number.”
Let’s go through these…backwards.
Mail-in ballots
The third proposal about authenticating mail-in ballots is silly.
The mere fact that someone knows the last four digits of a Social Security Number does NOT prove that the person is the valid holder of the Social Security Number in question.
Which brings us to the second proposal about requiring a government ID for in-person voting.
I’ve already addressed why this is silly. The short version? Election precinct workers have neither the equipment nor the training to tell whether a government ID is real or fake.
That only leaves the first one, proving citizenship at voter registration. This one is technically feasible; the feds do it all the time. The California Secretary of State could merely adapt the federal I-9 process to the state level; I’m sure Janice Kephart and her company ZipID would love to help the state with that.
Especially since the requirement for election integrity dictates that all of California’s existing voters would need to re-register to prove their citizenship.
All 22+ million of them.
Because if you DO NOT require all California voters to re-register, the whole exercise is pointless.
“If you want to use your driver’s license to fly, you’ll need a REAL ID. If you don’t have one yet, your state’s Department of Motor Vehicles (DMV) is the place to go, and they’re only taking in-person appointments.”
The FTC is attempting to warn against scammers who claim to offer REAL ID services and then defraud you.
“During the online REAL ID application process, you will be prompted to upload documents that prove identity (e.g., valid passport or birth certificate) and residency (e.g., utility bill, bank statement).”
But you can’t do EVERYTHING online.
“Uploading images of these documents online will save you time when you visit the DMV office to complete your application so don’t skip this step. Bring the original documents submitted online to your REAL ID appointment.”
But whatever you do, don’t upload your documents to “the-real-id dot cn.”
From the Department of Unintended Consequences: different countries approach identity proofing in different ways. But what happens when the underlying assumptions disappear and make some identity proofing methods obsolete?
Identity proofing in the United States
In the United States, the primary public identity document for citizens and non-citizens is the driver’s license. These government identity documents, issued by individual states and territories, satisfy a variety of uses, including driving, buying alcohol, boarding a plane or entering a federal facility (eventually), or purchasing something.
There are two other common identity documents in the United States:
The passport. But not everybody has one.
The Social Security card. But this is like your underwear; you don’t show it to everybody.
So our de facto identity card in this country is the driver’s license, or an equivalent ID document issued by a motor vehicle agency. Even though driver’s licenses are used for a ton of purposes that have nothing to do with driving, the entire ecosystem for these IDs is driven by the needs of drivers.
Which is a smart idea, because just about everybody needs a driver’s license.
The abstract for the blog completes the sentence and clarifies it.
“…is already born. How Waymo, Tesla, Zoox & Co will change our automotive society and make mobility safer, more affordable and accessible in urban as well as rural areas.”
It’s certainly a provocative statement, especially if you’re a recent college graduate who just joined the California DMV and thought you were set for life. You’re not.
Even if the author’s conclusion is a complete exaggeration, we need to entertain the possibility that driverless automobiles may eventually improve so much that people won’t even need a driver’s license, except for the cranky few that want them.
Assume that the majority of people own driverless cars at some point in the future, and that these support complete automation with no driver intervention. Imagine the ripple effects:
The government motor vehicle agencies, who will be more than busy certifying the road worthiness of new automobiles, will start wondering why they are spending so much time issuing these IDs that no one uses.
Other agencies at the state and federal level, eager to expand their operations and budgets, will start asking why the motor vehicle agencies are the ones in charge of IDs, and why they should be providing IDs instead.
While the agencies fight this out, private companies that provide adult services such as alcohol, prostitution, pornography, and buying gardening implements will have to figure out how to ensure their customers are old enough for these services. Perhaps they will be forced to turn to age estimation because the person at the counter never bothered to get a driver’s license.
So now half the people don’t bother to get IDs, yet they still need IDs.
Bredemarket 