Identity/biometrics/technology marketing and writing services
I found a picture of a suited IBM worker from the 20th century who reminded me of Kraftwerk. So I created an Instagram reel.
Note the prominence of the word THINK. There’s a story behind that, of course, that is older than IBM itself. Thomas Watson (Sr.) first used the word at a 1911 sales conference of National Cash Register.
“The trouble with every one of us is that we don’t think enough. We don’t get paid for working with our feet — we get paid for working with our heads.”
(12/7: Thanks for catching the typo, Orlando!)
Whoops, I forgot something.
Bredemarket hasn’t proposed any rules.
This may not seem to be a significant gap to you, but it is to me.
I’ve proposed rules on my prior platforms, but haven’t proposed one from Bredemarket. Here’s a list of some of the “Empoprises Rules” I’ve proposed in the past. My favorite:
The Phineas-Hirshfield score measures, on a scale of 0 to 100, the probability that someone will ask exactly what the Phineas-Hirshfield score is.
From https://empoprise-bi.blogspot.com/2012/12/what-is-your-phineas-hirshfield-score.html. The Phineas-Hirshfield score is copyright 2012 by John E. Bredehoft.
Time for me to make a cryptic LinkedIn post. Although now that I’m sharing the secret here, I’ll have to lower the score to 89.
But before I share my revised Phineas-Hirshfield score, I need to share the first Bredemarket Rule, the Bredemarket Rule of Corporate Tool Adoption. (Copyright 2023 Bredemarket.)
In any organization, the number of adopted tools that perform the exact same function is always in excess of one.
In other words, if there’s someone in your organization who is using an iPhone, there is someone else in your organization who is using an Android phone.
Or someone has a Mac, and another person has a Windows computer.
Or someone has one brand of software, while someone else has the competitior brand.
Even if an organization dictates that everyone will use a single tool, there will be someone somewhere who will rebel against the organization and use a different tool.
Here is why this rule is true:
For example, on Wednesday morning I attended a Product Marketing Alliance-sponsored panel discussion in which one of the panelists mentioned that Asana was a valuable tool that helps product marketers get work done.
Another panelist was a Monday user.
Presumably the first panelist was exposed to Asana at one point and liked it, while the second panelist was exposed to Monday and liked it.
Or, since the panelists were from two different companies, maybe each company standardized on one or the other. Or maybe the departments within their companies standardized on a particular tool, but if you poll the entire company, you’ll find some Monday departments and some Asana departments.
Even in the same department you may find multiple tools. Let me cite an example.
Of course, there are times in which an entire organization agrees on a single tool, but those times never last.
My mid-1990s employer, Printrak International, was preparing to go public. The head of Printrak determined that the company needed some help in this, and brought several staffers on board who were expert in Initial Public Offerings (IPOs).
One of these people took the role of Chief Financial Officer, preparing Printrak for its IPO and for two post-IPO acquisitions, one of which profoundly and positively impacted the future of the firm.
Along the way, he established the rule that Printrak would become a Lotus Notes shop.
For those who don’t remember Lotus Notes, it was one of those Lotus-like products that could do multiple things out of the box. And because the CFO was the CFO, he could enforce Lotus Notes usage.
Until the CFO left a couple of years later to assist another company, and the impetus to use Lotus Notes dropped off significantly.
And that, my friends, is why my former colleagues in IDEMIA aren’t using HCL Notes (the successor to Lotus Notes and IBM Notes) today.
Do you know how you settle the Tool Wars?
You don’t. It’s an eternal battle.
In the case of Bredemarket, I can dictate which tools I use…unless my clients tell me otherwise. Then the client’s word is law…unless there’s a compelling reason why my tool should be used instead of the client’s tool. In Bredemarket’s 3+ years of existence, I haven’t encountered such a compelling reason…yet.
Just be flexible enough to use whatever tool you need to use, and you’ll be fine.
I admit to my biases.
As a former long-time employee of a company that provides finger and face technology for the Federal Bureau of Investigation’s Next Generation Identification (NGI) system, as well as driver’s license and passport technology in the United States and other countries, I am reflexively accustomed to thinking of a proven identity in governmental terms.
Because the government is always here to help.
What this means in practice is that whenever I see a discussion of a proven identity, I reflexively assume that the identity was proven through means of some type of governmental action.
However, I constantly have to remind myself that not everyone thinks as I do, and that for some people an identity proven by governmental means is the worst possible scenario.
Take an example that I recently tweeted about.
I recently read an article from Thermo Fisher Scientific, which among other things provides a slew of DNA instruments, software, and services for both traditional DNA and rapid DNA.
One of the applications of DNA is to prove family relationships for migrants, especially after families were separated after border crossings. This can be done in a positive sense (to prove that a separated parent and child ARE related) or in a negative sense (to prove that a claimed parent and child are NOT related). However, as was noted in a webinar I once attended, DNA is unable to provide any verification of legitimate adoptions.
Regardless of the purpose of using DNA for migrants, there is a certain level of distrust among the migrants when the government says (presumably in Spanish), “We’re the government. We’re here to help.” You don’t have to be a rabid conspiracy theorist to realize that once DNA data is captured, there is no technical way to prevent the data from being shared with every other government agency. Certain agencies can establish business rules to prevent such sharing, but those business rules can include wide exceptions or the rules can be ignored entirely.
Therefore, Thermo Fisher Scientific decided to discuss humanitarian DNA databases.
As a result of migration, human trafficking and war, humanitarian databases are a relatively new concept and are often completely separate from criminal databases. Research has shown that family members may distrust government databases and be reluctant to report the missing and provide reference samples (1). Humanitarian databases are repositories of DNA profiles from reported missing persons, relative reference samples, and unknown human remains and may be managed by non-governmental organizations (NGOs), though in some instances they may be managed by a governmental institution but kept separate from criminal databases. Examples of humanitarian databases can be found in the United States (NamUs, University of North Texas HDID), Canada (Royal Canadian Mounted Police), Australia (National DNA Program for unidentified and missing persons) and internationally via the International Commission on Missing Persons (ICMP).
As you can see from the list, some of these databases ARE managed by government police agencies such as the RCMP. But others are not. The hope, of course, is that migrants would be willing to approach the humanitarian folks precisely BECAUSE they are not the police. Reluctance to approach ANY agency may be dampened by a desire to be reunited with a missing child.
And these non-governmental efforts can work. The Colibri Center claims to have performed 142 identifications that would not have been made otherwise.
Because of my (biased) outlook, mobile driver’s licenses and other applications of government-proven digital identity seem like a wonderful thing. The example that I often bore you with is the example of buying a drink at a bar. If someone does this with a traditional driver’s license, the bartender not only learns the drinker’s birthdate, but also his/her address, (claimed) height and weight, and other material irrelevant to the “can the person buy a drink?” question. With a mobile driver’s license, the bartender doesn’t even learn the person’s birthdate; the bartender only learns the one important fact that the drinker is over 21 years of age.
Some people are not especially wowed with this use case.
The DHS Request for Comment has finally closed, and among the submissions is a joint response from the American Civil Liberties Union, Electronic Frontier Foundation (EFF), & Electronic Privacy Information Center (EPIC). The joint response not only warns about potential misuse of government digital identities, but also questions the rush of establishing them in the first place.
We believe that it is premature to adopt industry standards at this time as no set of standards has been completed that fully takes advantage of existing privacy-preserving techniques. In recent decades we have seen the emergence of an entire identity community that has been working on the problems of online identity and authorization. Some within the identity community have embraced centralized and/or proprietary systems…
You can imagine how the ACLU, EFF, and EPIC feel about required government-managed digital identities.
Let’s return to the ACLU/EFF/EPIC response to the DHS Request for Comment, which mentions an alternative to centralized, proprietary maintenance of digital identities. This is the alternative that I’m referring to as NGI just to cause MAC (massive acronym confusion).
…others are animated by a vision of “self-sovereign
identity” that is decentralized, open source, privacy-preserving, and empowering of individuals. That movement has created a number of proposed systems, including an open standard created by the World Wide Web Consortium (W3C) called Verifiable Credentials (VCs)….DHS should refuse to recognize IDs presented within centralized identity systems. If a standard digital identity system is to be accepted by the federal government, it must be created in an open, transparent manner, with the input of multiple stakeholders, and based upon the self-sovereign identity concept. Such a system can then be used by federal government agencies to view identity credentials issued by state departments of motor vehicles (DMVs) where doing so makes sense. If standards based on self-sovereign identity are not considered mature enough for adoption, efforts should be directed at rectifying that rather than at adopting other systems that raise privacy, security, and autonomy risks.
For all practical purposes, the chances of the ACLU/EFF/EPIC convincing the Department of Homeland Security to reject government-proven identities are approximately zero. And since DHS controls airport access, you probably won’t see an airport security agent asking for your Verifiable Credentials any time soon. Self sovereign identities are just as attractive to government officials as sovereign citizens.
As ACLU/EFF/EPIC noted, Verifiable Credentials are still under development, just as the centralized system standards are still under development. But enough advances have been made so that we have somewhat of an idea what they will look like. As Evernym notes, there is a trusted triangle of major players in the Verifiable Credentials ecosystem:
There are a number of directions in which we can go here, but for the moment I’m going to concentrate on the Issuer.
In the current centralized model being pursued in the United States, the issuers are state driver’s license agencies that have “voluntarily” consented to agree to REAL ID requirements. Several states have issued digital versions of their driver’s licenses which are recognized for various purposes at the state level, but are not yet recognized at the federal level. (The purpose of the DHS Request for Comment was to solicit thoughts on federal adoption of digital identities. Or, in the case of some respondents, federal NON-adoption of digital identities.)
Note that in the Verified Credentials model, the Issuer can be ANYBODY who has the need to issue some type of credential. Microsoft describes an example in which an educational institution is an Issuer that represents that a student completed particular courses.
Without going into detail, the triangle of trust between Issuers, Verifiers, and Holders is intended to ensure that a person is who they say they are. And to the delight of the ACLU et al, this is performed via Decentralized Identifiers (DIDs), rather than by centralized management by the FBI or the CIA, the BBC, B. B. King, Doris Day, or Matt Busby. (Dig it.)
Despite the fact that they are not controlled by governments, and despite that fact that users (at least theoretically) control their own identities, no one should think that digital identities are the solution to all world problems…even when magic paradigm-shifting words like “blockchain” and “passwordless” are attached to them.
Here’s what McKinsey has said:
…even when digital ID is used with good intent, risks of two sorts must be addressed. First, digital ID is inherently exposed to risks already present in other digital technologies with large-scale population-level usage. Indeed, the connectivity and information sharing that create the value of digital ID also contribute to potential dangers. Whether it is data breaches and cyber-intrusions, failure of technical systems, or concerns over the control and misuse of personal data, policy makers around the world today are grappling with a host of potential new dangers related to the digital ecosystem.
Second, some risks associated with conventional ID programs also pertain in some measure to digital ID. They include human execution error, unauthorized credential use, and the exclusion of individuals. In addition, some risks associated with conventional IDs may manifest in new ways as individuals newly use digital interfaces. Digital ID could meaningfully reduce many such risks by minimizing opportunity for manual error or breaches of conduct.
In addition, many of these digital identity initiatives are being pursued by large firms such as IBM and Microsoft. While one hopes that these systems will be interoperable, there is always the danger that the separate digital identity systems from major firms such as IBM and Microsoft may NOT be interoperable, in the same way that the FBI and DHS biometric systems could NOT talk to each other for several years AFTER 9/11.
And it’s not only the large companies that are playing in the market. Shortly after I started writing this post, I ran across this LinkedIn article from the Chief Marketing Officer at 1Kosmos. The CMO makes this statement in passing:
At 1Kosmos, we’ve taken our FIDO2 certified platform one step further with a distributed identity based on W3C DID standards. This removes central administration of the database via a distributed ledger for true “privacy by design,” putting users in sole access and control of their identity.
1Kosmos, IBM, and Microsoft know what they’re talking about here. But sadly, some people only think these technologies are “cool” because they’re perceived as anti-government and anti-establishment. (As if these companies are going to call for the downfall of capitalism.)
Back to governmental recognition of NGI.
Don’t count on it.
Anticipated DHS endorsement of government-issued digital identities doesn’t mean that NGI is dead forever, since private companies can adopt (and have adopted) any identity system that they wish.
So in truth we will probably end up with a number of digital identities like we have today (I, for example, have my WordPress identities, my Google identities, and countless others). The difference, of course, is that the new identities will be considered robust – or won’t be, when centralized identity proponents denigrate decentralized identities and vice versa.
But frankly, I’m still not sure that I want Facebook to know how much I weigh.
(Although, now that I think about it, Apple already knows.)
There are different ways in which a company can position itself against its competitors. No one way is right; the company has to choose its own method.
On one extreme, the company could simply refuse to mention the competitors at all. In this case, the company would market its claimed superiority solely based upon its own merits, without comparing against others.
On the other extreme, the company could trash its competitors. I don’t need to find examples of that; we already know them. (I personally abhor this method, because it doesn’t reflect well on the company doing the trashing.)
Between these two extremes, a company can state its own merits and, without trashing the competition, claim its superiority by comparison.
For example, a company could write a love letter to its competitors.
Seriously.
As in “Welcome, IBM. Seriously.” The famous ad that Apple ran when IBM entered the personal computer market.
But I have a more recent example.
If you are following the Bredemarket LinkedIn page (you ARE following the Bredemarket LinkedIn page, aren’t you?), you’ve seen a couple of recent mentions of the company Volley. The company is planning to release a new communications app that it claims will improve communication over all of the other communications apps.
In that vein, Volley’s CEO Josh Little wrote a “love letter” to Slack entitled “Dear Slack, You haven’t solved the problem…” It starts off in a positive tone.
First off, thank you for trying. It was a valiant effort and someone needed to take a solid stab at the problem. Our hats are off. You’ve built a great piece of technology and a faster horse.
But after that, the rest of Little’s article gently explains how Slack’s solution hasn’t really solved the inherent problem. (TL;DR Little asserts that Slack’s emphasis on text does not provide a complete communications solution, and ends up with people devoting MORE time to using Slack.)
Little ends the article by asserting what Volley will be. Because the app is not yet released, we can not see for ourselves what the app does. So Little creates a picture of Volley as occupying the middle position between Slack (text-based asynchronous communication) and Zoom (conversation-based synchronous communication). Volley occupies the “conversation-based asynchronous communication” position, and claims to include features that will actually REDUCE the time that people spend on Volley, rather than having Volley become yet another time sink in our collection of time sinks. For example, communications from others can be played back at 2x (or 1.5x) speed, reducing the amount of time needed to consume the content.
I’m not saying that marketers have to be like Volley, or that marketers have to be like Steve Jobs 1.0 Apple, or that marketers have to be like Steve Jobs 2.0 Apple.
A company needs to adopt its own tone for addressing its competitors. And everyone communicating on behalf of the company, from the CEO to the factory worker, should ideally adopt the same tone.
Bredemarket