Now if you click on that link, you will see a “Verify” link at the top left.
From Credly.
And if you click on that”Verify,” this is what you get.
The verification.
So I have verified that I am allowed to call myself John E. Bredehoft, CF APMP. It’s allowed:
In the same manner, those who have achieved one of the APMP certifications can append the appropriate certification. In the case of APMP Foundation certification, that means that I can style myself as “John E. Bredehoft, CF APMP.” (Or “John E. Bredehoft, MBA, CF APMP, RSBC” if I want to be thorough. But I probably won’t, since “RSBC” stands for “Radio Shack Battery Club.”)
But have I REALLY verified that I have achieved this accomplishment? (Not the battery club one, the proposal one. Although it would be good to know whether I really have that MBA educational accomplishment.)
The identity problem
You see, despite how impressive that Credly link is, it doesn’t prove nothing.
Sure, somebody who claimed to be John E. Bredehoft sat down in 2021 and took an online exam.
But was that person truly John E. Bredehoft?
And even if he was, am I the same John E. Bredehoft who received the certification?
Maybe there were fraudsters along the way. Maybe someone else took the test and pretended to be Bredehoft. Or maybe I’m not Bredehoft.
Sure, at one point I whipped out a credit card with Bredehoft’s name on it. But that doesn’t prove identity.
You probably know the things that prove identity. A biometric modality, including the liveness of that modality. A government-issued identity document that matches the biometric. A sensible location (was the test taker in Ontario, California as expected?).
Now perhaps this is overkill for authenticating a proposal writer, but it may not be if you need a certified plumber.
And because I truly am me, I know I didn’t meet the CEU/CPD requirement by September 2023. I don’t know how many I did achieve; the APMP was changing its CEU/CPD tracking system in early 2022, and then I joined Incode and theoretically wasn’t writing proposals any more. Theoretically.
So in truth, my shiny badge only represents a dated accomplishment. John E. Bredehoft can no longer use the CF APMP designation.
Unless I add “Emeritus” or something.
And as for those cases in which the certifications and identities truly matter…
As Identity and biometrics solution providers know, their applications are found in a variety of vertical markets.
A LARGE variety of vertical markets.
Seven of these markets include financial services, travel and hospitality, government services, education, health, criminal applications, and venues. (Among others.)
Which three vertical markets does the Prism Project examine?
To start this post, I’m going to cheat and “appropriate” the work already performed by the Prism Project.
This effort is managed by Maxine Most’s Acuity Market Intelligence and supported by a variety of partners (including industry partners).
The Prism Project has identified 3 (so far) critical vertical markets for identity and biometrics. While this doesn’t pretend to be a comprehensive list, it’s a good starting point to illustrate the breadth of markets that benefit from identity and biometrics.
The Prism Project has already released its report for financial services, which businesses can download here.
The Prism Project has started to develop its report for travel and hospitality. You can preview the report here.
Finally, the Prism Project plans to release a report addressing government services later in the year. For the latest status of this report, visit the Prism Project home page.
As you can see, identity and biometrics apply in wildly diverging vertical markets. You can use identity verification to open a bank account, enter your hotel room, or pay your taxes.
But those aren’t the only markets that use identity and biometrics.
Let me school you on two other markets, education and health
Let’s look at two markets that the Prism Project hasn’t covered…yet.
Education
Chaffey High School, Ontario, California.
Another example of a market that uses identity and biometrics is the education market.
Who is allowed on a physical campus? Students? Teachers? Staff? Parents and guardians?
Who is NOT allowed on a physical campus? Expelled students? Fired faculty and staff?
Who is taking that remotely-administered online test?
Bredemarket has written several posts about educational applications for identity and biometrics. You can read all my education writing on Bredemarket’s “Educational Identity” information page.
Health
What, did you expect me to post a Marcus Welby picture here? I’m sharing a real medical professional: Jonas Salk administering the polio vaccine. By Yousuf Karsh, photographer – Wisdom Magazine, Aug. 1956 (Vol 1, No. 8), PD-US, https://en.wikipedia.org/w/index.php?curid=27746788.
Similarly Bredemarket has written several posts about healthcare applications for identity and biometrics, including some that dwell on the unique privacy legislation that covers healthcare. You can read all my health writing on Bredemarket’s “Health” information page. (It’s not called “Health Identity” because healthcare has both identity and technology aspects.)
Another source on finance
By the way, Bredemarket also has a page on “Financial Identity,” but the Prism Project’s content is more comprehensive.
But wait…there’s more!
So this is the point where Ed McMahon intones, “So Acuity Market Intelligence and Bredemarket have identified all five of the markets that benefit from the use of identity and biometrics!”
So let’s look at two more markets that benefit from the use of identity and biometrics-two markets that I know very well from the beginning and end of my time at Printrak/Motorola/MorphoTrak/IDEMIA.
Criminal applications
There are government services, and then there are government services.
I started my biometric journey over 29 years ago when I wrote proposals addressed to law enforcement agencies who wanted to find out who left their fingerprints on a crime scene, and whether the person being arrested was who they said they were.
I don’t know if Maxine Most is going to classify criminal applications as a subset of government services, but there are clear reasons that she may not want to do this.
When you pay your taxes or apply for unemployment benefits, you WANT the biometric system to identify you correctly.
When you steal a car or rob a bank, you do NOT want the biometric system to identify you correctly.
Big difference.
Stadiums, concert halls, and other venues
If someone asked me in late 2019 what my career five year plan was, I would have had a great story to tell.
As I was wrapping up over 24 years in identity and biometrics, I was about to help my then-employer IDEMIA enter a new market, the venue market. This market, which CLEAR was already exploring at the time, replaced the cumbersome ticketing process with the use of frictionless biometrics to enter sports stadiums, concert halls, trade shows, and related venues. Imagine using your face or IDEMIA’s contactless fingerprint solution MorphoWave to enter a venue, enter secure restricted areas, or even order food and beverages.
Imagine the convenience that benefit consumer and venue operator alike.
What could go wrong? I mean, the market was robust, and we certainly would NEVER face a situation in which all the stadiums and all the concert halls and all the trade shows would suddenly close down.
Since early 2020 when a worldwide pandemic DID shut down a lot of things, many identity/biometric firms have entered the venue market with a slew of solutions to benefit fans, teams, and venues alike.
And still more
There are many more vertical markets than these seven, ranging from agriculture to automobile access to computer physical/logical access to construction to customer service (mainly voice) to critical infrastructure to gaming (computer gaming) to gaming (gambling) to the gig economy to manufacturing to real estate to retail to telecommunications to transportation (planes, trains, buses, taxis, and cruise ships).
And all these markets have a biometric story to tell.
Can Bredemarket help you describe how your identity/biometric solution addresses one or more of these markets?
I won’t give away all the information about the Fischer Identity-AWS effort at Baylor—you have to opt in to access a gated case study to obtain that—but I will say that the case study claims a 12-week implementation of an IAM system that stores “several hundred thousand identities.”
I assume the alumni at Baylor are a generous segment of the university community.
When education vendors say that they protect the identities of their customers, but they don’t, bad things can happen. Illuminate Education discovered this the hard way.
Two attempted class action lawsuits against Illuminate Education have been defeated. But there has still been fallout:
(The Future of Privacy Forum) initiated a review, seeking to determine whether (Illuminate Education’s) practices were and are consistent with its Pledge commitments, specifically with respect to technological safeguards in place to protect the security of data. Publicly available information appears to confirm that Illuminate Education did not encrypt all student information while at rest and in transit. Such a failure to encrypt would violate several Pledge provisions…
As a result of its inability to confirm that Illuminate Education practiced recommended data encryption practices, the Future of Privacy Forum “removed Illuminate Education from the list of Student Privacy Pledge signatories.” As of January 23, 2024, Illuminate Education’s status as a signatory has not been restored.
Can a company’s status as a Future of Privacy Forum signatory guarantee that they take all necessary steps to protect educational identity data? Of course not; perhaps there are unknown data protection failures by a signatory, and conversely a company may implement stellar policies but just never bothered to sign on the dotted line.
But presence or absence on the FPF signatories list can serve as a positive or negative risk indicator.
At the highest level, debates regarding government and enterprise use of biometric technology boil down to a debate about whether to keep people safe, or whether to preserve individual privacy.
In the state of Montana, school safety is winning over school privacy—for now.
The state Legislature earlier this year passed a law barring state and local governments from continuous use of facial recognition technology, typically in the form of cameras capable of reading and collecting a person’s biometric data, like the identifiable features of their face and body. A bipartisan group of legislators went toe-to-toe with software companies and law enforcement in getting Senate Bill 397 over the finish line, contending public safety concerns raised by the technology’s supporters don’t overcome individual privacy rights.
School districts, however, were specifically carved out of the definition of state and local governments to which the facial recognition technology law applies.
At a minimum Montana school districts seek to abide by two existing Federal laws when installating facial recognition and video surveillance systems.
Without many state-level privacy protection laws in place, school policies typically lean on the Children’s Online Privacy Protection Act (COPPA), a federal law requiring parental consent in order for websites to collect data on their children, or the Family Educational Rights and Privacy Act (FERPA), which protects the privacy of student education records.
If a vendor doesn’t agree to abide by these laws, then the Montana School Board Association recommends that the school district not do business with the vendor.
The Family Educational Rights and Privacy Act was passed by the US federal government to protect the privacy of students’ educational records. This law requires public schools and school districts to give families control over any personally identifiable information about the student.
(The Sun River Valley School District’s) use of the technology is more focused on keeping people who shouldn’t be on school property away, he said, such as a parent who lost custody of their child.
(Simms) High School Principal Luke McKinley said it’s been more frequent to use the facial recognition technology during extra-curricular activities, when football fans get too rowdy for a high school sports event.
Technology (in this case from Verkada) helps the Sun River School District, especially in its rural setting. Back in 2022, it took law enforcement an estimated 45 minutes to respond to school incidents. The hope is that the technology could identify those who engaged in illegal activity, or at least deter it.
What about other school districts?
When I created my educational identity page, I included the four key words “When permitted by law.” While Montana school districts are currently permitted to use facial recognition and video surveillance, other school districts need to check their local laws before implementing such a system, and also need to ensure that they comply with federal laws such as COPPA and FERPA.
I may be, um, biased in my view, but as long as the school district (or law enforcement agency, or apartment building owner, or whoever) complies with all applicable laws, and implements the technology with a primary purpose of protecting people rather than spying on them, facial recognition is a far superior tool to protect people than manual recognition methods that rely on all-too-fallible human beings.
While searching for a post-COVID article that discussed the use of biometrics in education (to supplement my existing educational identity information), I found an entire scientific paper on the topic.
Educational institutions are acquiring novel technologies to help make their processes more efficient and services more attractive for both students and faculty. Biometric technology is one such example that has been implemented in educational institutions with excellent results. In addition to identifying students, access control, and personal data management, it has critical applications to improve the academic domain’s teaching/learning processes. Identity management system, class attendance, e-evaluation, security, student motivations, and learning analytics are areas in which biometric technology is most heavily employed.
Hmm…I didn’t even think about class attendance. But a camera capturing faces that walk into the classroom or join the online webinar should do the trick.
I didn’t either. Frankly, I didn’t even work in biometrics professionally until I was in my 30s.
If you have a mad adult desire to become a biometric content marketing expert, here are five topics that I (a self-styled biometric content marketing expert) think you need to understand.
Topic One: Biometrics
Sorry to be Captain Obvious, but if you’re going to talk about biometrics you need to know what you’re talking about.
The days in which an expert could confine themselves to a single biometric modality are long past. Why? Because once you declare yourself an iris expert, someone is bound to ask, “How does iris recognition compare to facial recognition?”
And there are a number of biometric modalities. In addition to face and iris, the Biometrics Institute has cataloged a list of other biometric modalities, including fingerprints/palmprints, voice, DNA, vein, finger/hand geometry, and some more esoteric ones such as gait, keystrokes, and odor. (I wouldn’t want to manage the NIST independent testing for odor.)
As far as I’m concerned, the point isn’t to select the best biometric and ignore all the others. I’m a huge fan of multimodal biometrics, in which a person’s identity is verified or authenticated by multiple biometric types. It’s harder to spoof multiple biometrics than it is to spoof a single one. And even if you spoof two of them, what if the system checks for odor and you haven’t spoofed that one yet?
Topic Two: All the other factors
In the same way that I don’t care for people who select one biometric and ignore the others, I don’t care for some in the “passwords are dead” crowd who go further and say, “Passwords are dead. Use biometrics instead.”
Although I admire the rhyming nature of the phrase.
If you want a robust identity system, you need to use multiple factors in identity verification and authentication.
Something you know.
Something you have.
Something you are (i.e. biometrics).
Something you do.
Somewhere you are.
Again, use of multiple factors protects against spoofing. Maybe someone can create a gummy fingerprint, but can they also create a fake passport AND spoof the city in which you are physically located?
It’s not enough to understand the technical ins and outs of biometric capture, matching, and review. You need to know how biometrics are used.
One-to-one vs. one-to-many. Is the biometric that you acquire only compared to a single biometric samples, or to a database of hundreds, thousands, millions, or billions of other biometric samples?
Markets. When I started in biometrics, I only participated in two markets: law enforcement (catch bad people) and benefits (get benefit payments to the right people). There are many other markets. Just recently I have written about financial identity and educational identity. I’ve worked with about a dozen other markets personally, and there are many more.
Use cases. Related to markets, you need to understand the use cases that biometrics can address. Taking the benefits example, there’s a use case in which a person enrolls for benefits, and the government agency wants to make sure that the person isn’t already enrolled under another name. And there’s a use cases when benefits are paid to make sure that the authorized recipient receives their benefits, and no one else receives their benefits.
Legal and privacy issues. It is imperative that you understand the legal ramifications that affect your chosen biometric use case in your locality. For example, if your house has a doorbell camera that uses “familiar face detection” to identify the faces of people that come to your door, and the people that come to your door are residents of the state of Illinois, you have a BIG BIPA (Biometric Information Privacy Act) problem.
Any identity content marketing expert or biometric content marketing expert worth their salt will understand these and related issues.
Topic Four: Content marketing
This is another Captain Obvious point. If you want to present yourself as a biometric contet marketing expert or identity content marketing expert, you have to have a feel for content marketing.
The definition of content marketing is simple: It’s the process of publishing written and visual material online with the purpose of attracting more leads to your business. These can include blog posts, pages, ebooks, infographics, videos, and more.
But content marketers need to be comfortable with creating at least one type of content.
Topic Five: How L-1 Identity Solutions came to be
Yes, an identity content marketing expert needs to thoroughly understand how L-1 Identity Solutions came to be.
I’m only half joking.
Back in the late 1990s and early 2000s (I’ll ignore FpVTE results for a moment), the fingerprint world in which I worked recognized four major vendors: Cogent, NEC, Printrak (later part of Motorola), and Sagem Morpho.
And then there were all these teeny tiny vendors that offered biometric and non-biometric solutions, including the fierce competitors Identix and Digital Biometrics, the fierce competitors Viisage and Visionics, and a bunch of other companies like Iridian.
Wel, there WERE all these teeny tiny vendors.
Until Bob LaPenta bought them all up and combined them into a single company, L-1 Identity Solutions. (LaPenta was one of the “Ls” in L-3, so he chose the name L-1 when he started his own company.)
So around 2008 the Big Four (including a post-FpVTE Motorola) became the Big Five, since L-1 Identity Solutions was now at the table with the big boys.
But then several things happened:
Motorola started selling off parts of itself. One of those parts, its Biometric Business Unit, was purchased by Safran (the company formed after Sagem and Snecma merged). This affected me because I, a Motorola employee, became an employee of MorphoTrak, the subsidiary formed when Sagem Morpho de facto acquired “Printrak” (Motorola’s Biometric Business Unit). So now the Big Five were the Big Four.
Make that the Big Three, because Safran also bought L-1 Identity Solutions, which became MorphoTrust. MorphoTrak and MorphoTrust were separate entities, and in fact competed against each other, so maybe we should say that the Big Four still existed.
Oh, and by the way, the independent company Cogent was acquired by 3M (although NEC considered buying it).
A few years later, 3M sold bits of itself (including the Cogent bit) to Gemalto.
Then in 2017, Advent International (which owned Oberthur) acquired bits of Safran (the “Morpho” part) and merged them with Oberthur to form IDEMIA. As a consequence of this, MorphoTrust de facto acquired MorphoTrak, ending the competition but requiring me to have two separate computers to access the still-separate MorphoTrust and MorphoTrak computer networks. (In passing, I have heard from two sources, but have not confirmed myself, that the possible sale of IDEMIA is on hold.)
Why do I mention all this? Because all these mergers and acquisitions have resulted in identity practitioners working for a dizzying number of firms.
As of August 2023, I myself have worked for five identity firms, but in reality four of the five are the same firm because the original Printrak International kept on getting acquired (Motorola, Safran, IDEMIA).
And that’s nothing. One of my former Printrak coworkers (R.M.) has also worked for Digital Biometrics (now part of IDEMIA), Cross Match Technologies (now part of ASSA ABLOY), Iridian (now part of IDEMIA), Datastrip, Creative Information Technology, AGNITiO, iTouch Biometrics, NDI Recognition Systems, iProov, and a few other firms here and there.
The point is that everybody knows everybody because everybody has worked with (and against) everybody. And with all the job shifts, it’s a regular Peyton Place.
Not sure which one is me, which one is R.M., and who the other people are.
Do you need an identity content marketing expert today?
Do you need someone who not only knows biometrics and content marketing, but also all the other factors, their uses, and even knows the tangled history of L-1?
Whether a student is attending a preschool, a graduate school, or something in between, the educational institution needs to know who is accessing their services. This post discusses the types of identity verification and authentication that educational institutions may employ.
Why do educational institutions need to verify and authenticate identities?
Whether little Johnny is taking his blanket to preschool, or Johnny’s mother is taking her research notes to the local university, educational institutions such as schools, colleges, and universities need to know who the attendees are. It doesn’t matter whether the institution has a physical campus, like Chaffey High School’s campus in the video above, or if the institution has a virtual campus in which people attend via their computers, tablets, or phones.
Access boils down to two questions:
Who is allowed within the educational institution?
Who is blocked from the educational institution?
Who is allowed within the educational institution?
Regardless of the type of institution, there are certain people who are allowed within the physical and/or virtual campus.
Students.
Instructors, including teachers, teaching assistants/aides, and professors.
Administrators.
Staff.
Parents of minor students (but see below).
Others.
All of these people are entitled to access to at least portions of the campus, with different people having access to different portions of the campus. (Students usually can’t enter the teacher’s lounge, and hardly anybody has full access to the computer system where grades are kept.)
Before anyone is granted campus privileges, they have to complete identity verification. This may be really rigorous, but in some cases it can’t be THAT rigorous (how many preschoolers have a government ID?). Often, it’s not rigorous at all (“Can you show me a water bill? Is this your kid? OK then.”).
Once an authorized individual’s identity is verified, they need to be authenticated when they try to enter the campus. This is a relatively new phenomenon, in response to security threats at schools. Again, this could be really rigorous. For example, when students at a University of Rhode Island dining hall want to purchase food from the cafeteria, many of then consent to have their fingerprints scanned.
But some authentiation is much less rigorous. In these cases, people merely show an ID (hopefully not a fake ID) to authenticate themselves, or a security guard says “I know Johnny.”
(Again, all this is new. Many years ago, I accompanied a former college classmate to a class at his new college, the College of Marin. If I had kept my mouth shut, the professor wouldn’t have known that an unauthenticated student was in his class.)
Who is blocked from the educational institution?
At the same time, there are people who are clearly NOT allowed within the physical and/or virtual campus. Some of these people can enter campus with special permission, while some are completely blocked.
Former students. Once a student graduates, their privileges are usually revoked, and they need special permission if they want to re-enter campus to visit teachers or friends. (Admittedly this isn’t rigorously enforced.)
Expelled students. Well, some former students have a harder time returning to campus. If you brought a gun on campus, it’s going to be much harder for you to re-enter.
Former instructors, administrators, and staff. Again, people who leave the employ of the institution may not be allowed back, and certain ones definitely won’t be allowed back.
Non-custodial parents of minor students. In some cases, a court order prohibits a natural parent from contact with their child. So the educational institutions are responsible for enforcing this court order and ensuring that the minor student leaves campus only with someone who is authorized to take the child.
Others.
So how do you keep these people off campus? There are two ways.
If they’re not on the allowlist, they can’t enter campus anyway. As part of the identity verification process for authorized individuals, there is a list of people who can enter the campus. By definition, the 8 billion-plus people who are not on that “allowlist” can’t get on campus without special permission.
Sometimes they can be put on a blocklist. Or maybe you want to KNOW that certain people can’t enter campus. The inverse of an allowlist, people who are granted access, is a blocklist, people who are prevented from getting access. (You may know “blocklist” by the older term “blacklist,” and “allowlist” by the older term “whitelist.” The Security Industry Association and the National Institute of Standards and Technology recommend updated terminology.)
There’s just one teeny tiny problem with blocklists. Sometimes they’re prohibited by law.
In some cases (but not in others), a person is required to give consent before they are enrolled in a biometric system. If you’re the ex-student who was expelled for brining a gun on campus, how motivated will you be to allow that educational institution to capture your biometrics to keep you off campus?
And yes, I realize that the expelled student’s biometrics were captured while they were a student, but once they were no longer a student, the institution would have on need to retain those biometrics. Unless they felt like it.
This situation becomes especially sticky for campuses that use video surveillance systems. Like Chaffey High School.
Chaffey High School, Ontario, California.
Now the mere installation of a video surveillance system does not (usually) result in legally prohibited behavior. It just depends upon what is done with the video.
If the video is not integrated with a biometric facial recognition system, there may not be an issue.
If Chaffey High School has its own biometric facial recognition system, then a whole host of legal factors may come into play.
If Chaffey High School does not have a biometric facial recognition system, but it gives the video to a police agency or private entity that does have a biometric facial recognition system, then some legal factors may emerge.
As you can see, educational identity is not as clear-cut as financial identity, both because financial institutions are more highly regulated and because blocklists are more controversial in educational identity. Vladimir Putin may not be able to open a financial account at a U.S. bank, but I bet he’d be allowed to enroll in an online course at a U.S. community college.
So if you are an educational institution or an identity firm who serves educational institutions, people who write for you need to know all of these nuances.
You need to provide the right information to your customers, and write it in a way that will motivate your customers to take the action you want them to take.
Speaking of motivating customers, are you with an identity firm or educational institution and need someone to write your marketing text?
Someone with 29 years of identity/biometric marketing experience?
Someone who understands that technological, organizational, and legal issues surrounding the use of identity solutions?
Someone who will explain why your customers should care about these issues, and the benefits a compliant solution provides to them?
If I can help you create your educational identity content, we need to talk.
Bredemarket 