Identity/biometrics/technology marketing and writing services
From my post this morning on Advent International, Amadeus, and IDEMIA Public Security.
“Plan C became to split IDEMIA into three chunks—biometric product marketing experts call this a “trifurcation”—and sell the three chunks individually.”
Now I have never officially written about trifurcations, but if you saw my post on bifurcations you can probably figure out trifurcations also.
I swear I’ve written about “MasterPrints” before, but I can’t find any such article. Maybe I just discussed it internally at IDEMIA when I worked there in 2018.
“Generative adversarial network produces a “universal fingerprint” that will unlock many smartphones“
“Researchers at NYU and U Michigan have published a paper explaining how they used a pair of machine-learning systems to develop a “universal fingerprint” that can fool the lowest-security fingerprint sensors 76% of the time (it is less effective against higher-security sensors).
“The researchers used “generative adversarial networks” (GAN) to develop their attack: this technique uses a pair of machine learning systems, a “generator” which tries to fool a “discriminator,” to produce a kind of dialectical back-and-forth in that creates fakes that are harder and harder to detect.”
While this happened over seven years ago and is probably harder to implement with today’s technology, I was reminded of this when I ran across this Biometric Update article.
“Voice morphing attack blends identities to bypass voice biometrics: study“
“A new research paper explores a signal-level approach to voice morphing attacks that exposes vulnerabilities in biometric voice recognition systems.
“The abstract describes Time-domain Voice Identity Morphing (TD-VIM) as “a novel approach for voice-based biometric morphing” which “enables the blending of voice characteristics from two distinct identities at the signal level.” TD-VIM allows for seamless voice morphing directly in the time domain, allowing “identity blending without any embeddings from the backbone, or reference text.””
So it, um, sounds like we not only have MasterPrints, but also MasterVoices.
Let’s revisit analysis, comparison, evaluation, and verification.
You may recall my post about a collection of judicial decisions, one of which included the following:
“The term “scientific” to describe his opinion “arguably verged on suggesting that the ACE-V process is more scientific than warranted,” and there was one instance in which Dolan testified without using the term “opinion.” The court concludes that there was no error because, “viewed as a whole,” his testimony was largely expressed in terms of an “opinion” and his testimony did not claim that the ACE-V process was infallible or absolutely certain.”
For those who aren’t familiar with the acronym ACE-V, here is how the U.S. National Institute of Standards and Technology defines it:
“The friction ridge examination process is commonly referred to as ACE‐V: Analysis, Comparison, Evaluation, and Verification.
“Analysis: An initial information‐gathering phase in which the examiner studies the unknown print to assess the quality and quantity of discriminating detail present. The examiner considers information such as substrate, development method, various levels of ridge detail, and pressure distortions. A separate analysis then occurs with the exemplar.
“Comparison: The side‐by‐side observation of the friction ridge detail in the two impressions to determine the agreement or disagreement in the details
“Evaluation: The examiner assesses the agreement or disagreement of the information observed during Analysis and Comparison and forms a conclusion.
“Verification: In some agencies is a review of an examiner’s conclusions with knowledge of those conclusions; in other agencies, it is an independent re‐examination by a second examiner who does not know the outcome of the first examination.”
To make things easier for latent examiners, some automated biometric identification system (ABIS) software packages incorporate ACE-V either as a separate module or as an integrated part of their workflow. I know that IDEMIA and Thales include it, and it appears that CSIpix, Eviscan, Noblis, and ROC also include it.
But I’m going to talk about Innovatrics in this post.
“Innovatrics is expanding ACE-V capabilities in ABIS for Criminal Investigation with new features that help forensic teams manage examinations more clearly, support different review models, and keep unresolved latent evidence active as investigations move forward….
“ACE-V is widely used in forensic work, but the way it is applied can vary across agencies, regions, and countries, often shaped by local legislative requirements. Some agencies require clear separation between roles, while others rely on smaller teams with a more flexible way of dividing work. Innovatrics is shaping the workflow to support different use cases and agency ACE-V policies, from small teams to large departments, without forcing agencies to change the established workflows they already rely on.”
More here.
I prefer the term “hungry people” to the term “target audience” because it conveys the idea of those who really really want your product.
And therefore it stands to reason that you want to write content for your hungry people.
For example, if you’re selling automated fingerprint identification systems to cops, your content should probably talk about protecting residents by identifying bad people and keeping them off the street.
But Isabel Sterne warns that you don’t want to go overboard in this.
Why not?
“When you spend your time scanning your environment, adapting to those around you, and adjusting your communication style accordingly, you can start to lose yourself, lose sight of your message, and become forgettable.”
Let’s face it. If everyone mirrors their target audience, and they have the same target audience, how can you tell them apart?
I hope that Scott Swann and Ajay Amlani forgive me, but I’m going to use them as examples.
Aware and ROC could simply mirror the needs and desires of U.S. law enforcement and mirror them back. But if they did that, Aware and ROC would appear identical and interchangeable.
And they’re not.
Aware has been around for several decades and offers everything from components and tools to full-blown automated biometric identification systems. Amlani, a new arrival, has a background that extends back to the FIRST version of CLEAR, along with multiple roles within the federal government and the private sector (including the aforementioned IDEMIA, where we did early work on venue identity verification solutions).
ROC is a newer arrival with a laser focus on several biometric modalities. Swann joined ROC after a long career at the U.S. Federal Bureau of Investigation and other federal government entities, followed by time in the private sector with MorphoTrak (where we worked on Morpho Video Investigator together, a potential solution for Boston Marathon bombing events) and IDEMIA National Security Solutions.
What is Sterne’s advice for Amlani, Swann, and others who don’t want to simply reflect their prospects? Here is what Sterne does:
“I write about what I’m interested in, and while I do write for all of you (and hope you get some value from what I share), I mostly write for myself, to explore ideas. In other words, I forget about the room when I write….
“When you write for yourself without considering a person or group of people, you end up writing more personally and often more universally.
“The irony is that by writing for yourself, you usually create something that others can connect to more deeply….
“And the more you write from this place, the clearer you get on your voice, priorities, and overarching ideas, the better able you are to create something that resonates.”
Personally, my hope is that my infusion of myself in my writing helps me to stand out and to better communicate what Bredemarket can provide to identity/biometric firms.
Is it working? You be the judge.
Yeah, I’m still focused on that statement:
“I think too much knowledge is actually bad in tech: you’re biased.”
Why does this quote affect me so deeply? Because with my 30-plus years of identity/biometric experience, I obviously have too much knowledge of the industry, which is obviously bad. After all, all a biometric company needs is a salesperson, an engineer, an African data labeler, and someone to run the generative AI for everything else. The company doesn’t need someone who knows that Printrak isn’t spelled with a C.
In this post I will share three of the “biases” I have developed in my 30-plus years in identity and biometrics, and how to correct these biases by stripping away that 20th century experience and applying novel thinking.
And if that last paragraph made you throw up in your mouth…read to the end of the post.
But first, let’s briefly explore these three biases that I shamefully hold due to my status as a biometric product marketing expert:
Biometric products need algorithms to encode and match the biometric samples, and ideally to detect presentation and injection attacks.
But how do prospects know that these algorithms work? How accurate are they? How fast are they? How secure are they?
My brain, embedded with over 30 years of bias, gravitates to the idea that vendors should submit their algorithms for independent testing and confirmation.
This could be an accuracy test such as the ones NIST and DHS administer, or confirmation of presentation attack detection capabilities (as BixeLab, iBeta, and other organizations perform), or confirmation of injection attack detection capabilities.
But you’re smarter than that and refuse to support the testing-industrial complex. They have their explicit or implicit agendas and want to force the biometric vendors to do well on the tests. For example, the U.S. Federal Bureau of Investigation’s “Appendix F” fingerprint capture quality standard specifically EXCLUDES contactless solutions, forcing everyone down the same contact path.
But you and your novel thinking reject these unnecessary impediments. You’re not going to constrain yourself by the assertions of others. You are going to assert your own benefits. Develop and administer your own tests. Share with your prospects how wonderful you are without going through an intermediary. That will prove your superiority…right?
A biometric company has to perform a variety of tasks. Raise funding. Hire people. Develop, market, propose, sell, and implement products. Throw parties.
How will the company do all these things?
My brain, encumbered by my experience (including a decade at Motorola), persists in a belief that process is the answer. The process can be as simple as scribblings on a cocktail napkin, but you need some process if you want to cash out in a glorious exit—I mean, deliver superior products to your customers.
Perhaps you need a development processs that defines, among other things, how long a sprint should be. A capture and proposal process (Shipley or simpler) that defines, among other things, who has the authority to approve a $10 million proposal A go-to-market process that defines the deliverables for different tiers, and who is responsible, accountable, consulted, and informed. Or maybe just an onboarding process when starting a new project, dictating the questions you need to ask at the beginning.
Sure all that process is fine…if you don’t want to do anything. Do you really want to force your people to wait two weeks for the latest product iteration? Impose a multinational bureauracy on your sales process? Go through an onerous checklist before marketing a product?
Just code it.
Just sell it.
Just write it.
The problem with experienced people is that they think that there is nothing new under the sun.
You talk about cloud computing, and they yawn, “Sounds like time sharing.” You talk about quantum computing, and they yawn, “Sounds like the Pentium.” You talk about blockchain, and they yawn, “Sounds like a notary public.”
As I sip my Pepperidge Farm, I can barely conceal my revulsion at those who think “we use AI” is a world-dominating marketing message. Artificial intelligence is not a way of life. It is a tool. A tool that in and of itself does not merit much of a mention.
How many automobile manufacturers proclaim “we use tires” as part of their marketing messaging? Tires are essential to an automobile’s performance, but since everyone has them, they’re not a differentiator and not worthy of mention.
In the same way, everyone has AI…so why talk about its mere presence? Talk about the benefits your implementation provides and how these benefits differentiate you from your competitors.
Yep, the grandpas that declare “AI is only a tool” are missing the significance entirely. AI is not like a Pentium chip. It is a transformational technology that is already changing the way we create, sell, and market.
Therefore it is critically important to highlight your product’s AI use. AI isn’t a “so what” feature, but an indication of revolutionary transformative technology. You suppress mention of AI at your own peril.
OK, so I’ve identified the outmoded thinking that results from too much experience. But how do I overcome it?
I don’t.
Because if you haven’t already detected it, I believe that experience IS valuable, and that all three items above are essential and shouldn’t be jettisoned for the new, novel, and kewl.
Bredemarket can help with strategy, analysis, content, and/or proposals for your identity/biometric firm. Talk to me (for free).
By the way, here’s MY process (and my services and pricing).
I’ve discussed the electronic health record (EHR) before, and plan to do so again. But before I dive into EHRs and “the A word,” I want to take a look at WHY we have EHRs.
In the old days, even within the lifetimes of some of us, there were no ELECTRONIC health records. There were PAPER health records, stored in large file cabinets. If you were lucky, the health records were typed; heaven help you if they were in a doctor’s famously illegible handwriting.
When a relative’s doctor retired in the 20th century, the relative requested their health records and received a huge pile of paper dating back to who knows when. In that form, it was about as useful as the huge file cabinets in which the U.S. Federal Bureau of Investigation used to store its millions of fingerprint cards. And unfortunately, paper health records didn’t have the health equivalent of a “Henry system” to find individual records quickly.
So now that we have electronic health records, why do we have them?
Electronic health records have evolved to serve two OTHER parties.
I can’t speak to countries other than my own, but in the United States the health “system” is a mishmash of multiple parties. For example, when I had a colonoscopy a few years ago, the following entities were somehow involved:
So this one procedure created one, or perhaps multiple, electronic health records (perhaps even with pictures) describing every chargeable thing that could be itemized during my time in the facility. All with the proper billing codes (Current Procedural Terminology or CPT codes) and the like, so that every entity can pay what they’re supposed to pay. And if a particular thing wasn’t covered by insurance, then I had to pay it.
The most important thing is to get the billing codes right…never mind how hard it is to ENTER all the billing codes.
But the good news is that when electronic health records systems integrate with medical billing systems, the process is kinda sorta streamlined:
“By integrating EHR and billing software, healthcare providers can automate various aspects of the billing workflow, resulting in increased efficiency, reduced manual work, and other tangible benefits.”
But it’s not only the billers who need information.
To practice medicine in the State of California, you have to perform a colonoscopy in accordance with medically approved procedures. And you have to document that you did so.
If I had died on the operating table during my colonoscopy, then a number of private and government entities would have a keen interest in what was performed during the colonoscopy. And the electronic health record would be one of the main sources of information about what happened, and perhaps what went wrong. And who was responsible. The doctor? The facility? The anaesthesiologist? Someone else?
But even when things don’t go spectacularly wrong, there are laws and regulations that mandate EHR use.
“The “EHR mandate” refers to the federal requirement for eligible healthcare providers to adopt and use certified EHR technology. Primarily affecting providers who accept Medicare, participation in MIPS and the Promoting Interoperability program requires CEHRT to avoid negative payment adjustments, which effectively necessitates EHR use.”
So now the medical field has these wonderful EHRs that comply with billing requirements and legal requirements.
But are they easy to use? Forbes covered this.
“For instance, emergency medicine physicians at one health system must click 14 times to order Tylenol—that’s a lot. Yet, those at another health system using the same EHR must click 61 times!”
And that’s just for Tylenol. I’m sure it’s a lot worse for the camera that looked at my colon.
It could have been worse, because many Americans are not healthy.
“[O]ur patients have increasingly complex health needs. More than 40% of American adults have at least two chronic conditions, one-third take at least three medications, and one-fifth suffer from mental illness.”
Put these and other things together, and EHRs have become (as I said before) “a pain in a particular body part.”
So that’s the problem with EHRs. Later I’ll look at the solutions, including:
When Bredemarket begins an engagement with a client, I usually have no idea what processes, templates, or practices the client already has. So I have to handle whatever is or is not there and either understand what is there, adapt it, or create what is needed.
In some cases clients already have a process.
For example, as I delved into the Sharepoint library for one of Bredemarket’s clients, I found a complete set of branding guidelines that covered logos, colors, and many other aspects of the company’s branding.
In that case, my job is to simply make sure that I align with the client’s branding, and that my content, proposals, and analysis work for the client aligns with the branding guidelines…or with whatever other process the client has.
Sometimes the client has a process, but it needs to be adapted in some way.
Here’s an example I can publicly share: not from a Bredemarket client, but from my former employer Motorola (back when Motorola was one company). I was a product manager at the time, and products were developed via a “stage gate” process. At Motorola, of course, it was called M-Gates.
Our “Printrak” group (automated fingerprint identification systems, computer aided dispatch systems, and the like) was the odd group out in our part of Motorola (the part that would later become Motorola Solutions). Most of the people in that part of Motorola sold police radios that were manufactured in bulk. Therefore the stage gate process included a step for a limited production run of police radios before moving to full production.
That didn’t apply for the software we sold to government systems. For example, the entire production run for the Omnitrak 8.1 release was no more than a half dozen systems for customers in Switzerland, Oklahoma, and other places. A limited production run wouldn’t make sense.
So OUR stage gate process eliminated that step and went straight to full production.
And then there are the clients who don’t have anything. In these cases, my invention hat goes on.
For one Bredemarket client, I was asked to develop several pieces of collateral, such as (ironically) one on process maturity, and several random pieces of content tied to a product release.
I decided to approach it more systematically by introducing a simple go-to-market process that defined the external and internal collateral required for a “high” tier product release and a “low” tier product release. Resisting my urge to define something thorough, I simplified the GTM process as much as possible, while still providing guidance on what a product release should contain.
The client rejected the idea: “we don’t need no steenking process.”
Not surprisingly, the process maturity content was never released either.
I’ve had better luck with other Bredemarket clients, defining go-to-market, proposal, and other processes for them as needed.
Providing product marketing expertise is much more than writing about a product.
Before I write a word of text, I ensure that the content aligns with the client’s strategies…or my own strategies if the client doesn’t have any.
And of course I ask questions.
A little more detail, courtesy EU Brussels, regarding the policy brief published by the EU Innovation Hub for Internal Security, coordinated by eu-LISA together with the European Commission, Europol and Frontex.
As I noted earlier today, one proposal is for Europe to perform its own independent biometric testing, reducing Europe’s dependence on the American National Institute of Standards and Technology (NIST).
“The second is a centralised evaluation and testing platform connected to that repository, allowing standardised, independent and continuous assessment of biometric technologies, including benchmarking across vendors.”
But if there is a second proposal (European testing) in the cited European biometric policy brief, there must also be a first proposal—one I failed to discuss this morning.
“The first is a common EU biometric data repository containing datasets that comply with European rules, reflect the demographics and use-cases relevant to EU authorities and are stored in a secure environment.”
Makes sense. If you are going to test you need test data. And NIST has no obligation to ensure its test data complies with the General Data Protection Regulation (GDPR). The subjects in NIST test databases rarely provided the “explicit consent” mentioned in GDPR, and the “right to erasure” from a NIST database is…laughable.
Yes, it’s extremely challenging to construct a testing database that complies with GDPR.
And NIST certainly ain’t gonna do it.
Will a European entity construct it?
And if the right to erasure is maintained, how will you maintain historical consistency of test results?
I’ve seen two articles about a possible move by Europe to set up a Europe-wide biometric testing agency, bypassing the need for National Institute of Standards and Technology (NIST) biometric testing.
One reason is that a European-controlled testing methodology can incorporate European regulations, such as the General Data Protection Regulation (GDPR).
A second related reason for Europe to bypass NIST biometric testing is that U.S. government agencies, including NIST and the Federal Bureau of Investigation (FBI), naturally place prime importance on American interests.
Remember when the U.S. House of Representatives Select Committee on the Chinese Communist Party complained that the FBI Certified Products List contained Chinese biometric vendors (the Certified Communist Products List)?
For these reasons, Europe may be compelled to set up its own biometric testing organization.
And so may China.
Last June I created a still for a fictional TV show called “The Amazing Computer.” The show described the real life activities of the FBI in computerizing its fingerprint system.
Now I’m giving it the Lyria treatment.
Bredemarket