I was wandering around my local (Upland, California) Staples on a Saturday afternoon. If I had arrived on a weekday, I could have applied for TSA PreCheck.
Only weekday hours, at least at the Staples on Mountain in Upland.
(No, I didn’t apply for TSA PreCheck in 2017 when MorphoTrak became part of MorphoTrust (when IDEMIA was formed) and I became eligible for a corporate discount. I didn’t predict a pandemic. Oops.)
“This openness to facial recognition could signal a turning point that could affect the biometric industry.
“The so-called “big” biometric players such as IDEMIA, NEC, and Thales are teeny tiny compared to companies like Meta, Alphabet, and Amazon. If the big tech players ever consented to enter the law enforcement and surveillance market in a big way, they could put IDEMIA, NEC, and Thales out of business.
“However, wholesale entry into law enforcement/surveillance could damage their consumer business, so the big tech companies have intentionally refused to get involved – or if they have gotten involved, they have kept their involvement a deep dark secret.”
Then I thought about the “Really Big Bunch” product that offered the greatest threat to the “Big 3” (IDEMIA, NEC, and Thales)—Amazon Rekognition, which directly competed in Washington County, Oregon until Amazon imposed a one-year moratorium on police use of facial recognition in June 2020. The moratorium was subsequently extended until further notice.
“Have appropriately trained humans review all decisions to take action that might impact a person’s civil liberties or equivalent human rights.”
“Train personnel on responsible use of facial recognition systems.”
“Provide public disclosures of your use of facial recognition systems.”
“In all cases, facial comparison matches should be viewed in the context of other compelling evidence, and shouldn’t be used as the sole determinant for taking action.” (In other words, INVESTIGATIVELEAD only.)
Nothing controversial at all, and I am…um…99% certain (geddit?) that IDEMIA, NEC, and Thales would endorse all these points.
But why does Amazon even need such a page, if Rekognition is only used to find missing children?
Maybe this is a pre-June 2020 page that Amazon forgot to take down.
Or maybe not.
Couple this with the news about Meta, and there’s the possibility that the Really Big Bunch may enter the markets currently dominated by the Big Three.
Imagine if the DHS HART system, delayed for years, were resurrected…with Alphabet or Amazon or Meta technology.
It gets real tomorrow, with the enforcement date (sort of) for REAL ID at federal installations and airports. But what about the privacy of the data behind REAL IDs?
As can be expected, some people are very concerned about what this means.
“[C]oncerns persist among privacy professionals that the next step will be a federal database of driver’s license information, which is bad from a privacy and cybersecurity standpoint, said Jay Stanley, asenior policy analyst with the American Civil Liberties Union.
“‘The more information the government has, the more the government might use that information,’ said Jodi Daniels, founder and chief executive of Red Clover Advisors, a privacy consulting company. ‘But that’s not what’s happening now,’ she added.”
Kumar addressed what IS happening now, and whether our personally identifiable information (PII) is protected.
“States have been issuing driver’s licenses for many years, and personal information is already being stored. The expectation is that the same controls apply to Real ID, said Bala Kumar, chief product and technology officer at Jumio, an online mobile payment and identity verification company. ‘States have already been managing this for many years,’ Kumar said.”
If you continue to read the article, you’ll also see a statement from the American Association of Motor Vehicle Administrators that echoes what Jumio said.
But as a former IDEMIA employee, my curiosity was piqued.
Has anyone ever gained unauthorized access to a state driver’s license database?
So I checked, and could not find an example of unauthorized access to a state driver’s license database.
“On May 31, 2023, Progress Software Corporation, which developed and supports the MOVEIt managed file transfer platform, notified all customers across the globe, including [Louisiana Office of Motor Vehicles], of a zero-day vulnerability that an unauthorized party leveraged to access and acquire data without authorization. Upon learning of the incident, immediate measures were taken to secure the MOVEIt environment utilized to transfer files. A thorough investigation was conducted, and it was determined that there was unauthorized acquisition of and access to OMV files in the MOVEIt environment….
“The information varied by individual but included name and one or more of the following: address, date of birth, Social Security number, driver’s license, learner’s permit, or identification card number, height, eye color, vehicle registration information, and handicap placard information.”
Well, at least the hacked data didn’t include weight. Or claimed weight.
Cybersecurity professionals know that you cannot completely prevent these hacks. Which explains the “risk” in third party risk management. Progress Software has been around for a long time; I worked with Progress Software BEFORE I began my biometric career. But these hacks (in this case, CVE-2023-34362 as documented by CISA) can happen to anyone.
Be cautious, and remember that others with good intentions might not be cautious enough.
The post touched on many items, one of which was the relative ease in using popular voice cloning programs to create fraudulent voices. Consumer Reports determined that four popular voice cloning programs “did not have the technical mechanisms necessary to prevent cloning someone’s voice without their knowledge or to limit the AI cloning to only the user’s voice.”
Reducing voice clone fraud?
Joel R. McConvey of Biometric Update wrote a piece (“Hi mom, it’s me,” an example of a popular fraudulent voice clone) that included an update on one of the four vendors cited by Consumer Reports.
In its responses, ElevenLabs – which was implicated in the deepfake Joe Biden robocall scam of November 2023 – says it is “implementing Coalition for Content Provenance and Authenticity (C2PA) standards by embedding cryptographically-signed metadata into the audio generated on our platform,” and lists customer screening, voice CAPTCHA and its No-Go Voice technology, which blocks the voices of hundreds of public figures, as among safeguards it already deploys.
Coalition for Content Provenance and Authenticity
So what are these C2PA standards? As a curious sort (I am ex-IDEMIA, after all), I investigated.
The Coalition for Content Provenance and Authenticity (C2PA) addresses the prevalence of misleading information online through the development of technical standards for certifying the source and history (or provenance) of media content. C2PA is a Joint Development Foundation project, formed through an alliance between Adobe, Arm, Intel, Microsoft and Truepic.
There are many other organizations whose logos appear on the website, including Amazon, Google, Meta, and Open AI.
Provenance
I won’t plunge into the entire specifications, but this excerpt from the “Explainer” highlights an important word, “provenance” (the P in C2PA).
Provenance generally refers to the facts about the history of a piece of digital content assets (image, video, audio recording, document). C2PA enables the authors of provenance data to securely bind statements of provenance data to instances of content using their unique credentials. These provenance statements are called assertions by the C2PA. They may include assertions about who created the content and how, when, and where it was created. They may also include assertions about when and how it was edited throughout its life. The content author, and publisher (if authoring provenance data) always has control over whether to include provenance data as well as what assertions are included, such as whether to include identifying information (in order to allow for anonymous or pseudonymous assets). Included assertions can be removed in later edits without invalidating or removing all of the included provenance data in a process called redaction.
Providence
I would really have to get into the nitty gritty of the specifications to see exactly how ElevenLabs, or anyone else, can accurately assert that a voice recording alleged to have been made by Richard Nixon actually was made by Richard Nixon. Hint: this one wasn’t.
Incidentally, while this was obviously never spoken, and I don’t believe that Nixon ever saw it, the speech was drafted as a contingency by William Safire. And I think everyone can admit that Safire could soar as a speechwriter for Nixon, whose sense of history caused him to cast himself as an American Churchill (with 1961 to 1969 as Nixon’s “wilderness years”). Safire also wrote for Agnew, who was not known as a great strategic thinker.
And the Apollo 11 speech above is not the only contingency speech ever written. Someone should create a deepfake of this speech that was NEVER delivered by then-General Dwight D. Eisenhower after D-Day:
Our landings in the Cherbourg-Havre have failed to gain a satisfactory foothold and I have withdrawn the troops. My decision to attack at this time and place was based upon the best information available. The troops, the air and the Navy did all that bravery and devotion to duty could do. If any blame or fault attaches to the attempt it is mine alone.
“So depending upon your needs, you can argue that”
This frame was followed by three differing answers to the “Where is ByteDance From?” question.
But isn’t there only one answer to the question? How can there be three?
It all depends upon your needs.
Who is the best age estimation vendor?
I shared an illustrative example of this last year. When the National Institute of Standards and Technology (NIST) tested its first six age estimation algorithms, it published the results for everyone to see.
“Because NIST conducts so many different tests, a vendor can turn to any single test in which it placed first and declare it is the best vendor.
“So depending upon the test, the best age estimation vendor (based upon accuracy and or resource usage) may be Dermalog, or Incode, or ROC (formerly Rank One Computing), or Unissey, or Yoti. Just look for that “(1)” superscript….
“Out of the 6 vendors, 5 are the best. And if you massage the data enough you can probably argue that Neurotechnology is the best also.
“So if I were writing for one of these vendors, I’d argue that the vendor placed first in Subtest X, Subtest X is obviously the most important one in the entire test, and all the other ones are meaningless.”
Are you the best? Only if I’m writing for you
I will let you in on a little secret.
When I wrote things for IDEMIA, I always said that IDEMIA was the best.
When I wrote things for Incode, I always said that Incode was the best.
And when I write things for each of my Bredemarket clients, I always say that my client is the best.
I recently had to remind a prospect of this fact. This particular prospect has a very strong differentiator from its competitors. When the prospect asked for past writing samples, I included this caveat:
“I have never written about (TOPIC 1) or (TOPIC 2) from (PROSPECT’S) perspective, but here are some examples of my writing on both topics.”
I then shared four writing samples, including something I wrote for my former employer Incode about two years ago. I did this knowing that my prospect would disagree with my assertions that Incode’s product is so great…and greater than the prospect’s product.
If this loses me the business, I can accept that. Anyone with any product marketing experience in the identity industry is guaranteed to have said SOMETHING offensive to most of the 80+ companies in the industry.
How do I write for YOU?
But let’s say that you’re an identity firm and you decide to contract with Bredemarket anyway, even though I’ve said nice things about your competitors in the past.
How do we work together to ensure that I say nice things about you?
By the time we’re done, we have hopefully painted a hero picture of your company, describing why you are the preferred solution for your customers—better than IDEMIA, Incode, or anyone else.
(Unless of course IDEMIA or Incode contracts with Bredemarket, in which case I will edit the sentence above just a bit.)
So let’s talk
If you would like to work with Bredemarket for differentiated content, proposal, or analysis work, book a free meeting on my “CPA” page.
I am VERY familiar with questions regarding the nationality of a company. There are three questions:
Where is it incorporated?
Where is it headquartered?
Who owns it?
IDEMIA
For my former employer IDEMIA, the answers are France, France, and primarily a U.S. investor (Advent International).
(So depending upon your needs, you can argue that IDEMIA is a French company or a U.S. company.)
ByteDance
For ByteDance, the answers are the Cayman Islands, China (Beijing), and primarily global investors (Blackrock, General Atlantic, Susquehanna International Group, etc.).
(So depending upon your needs, you can argue that ByteDance is a Chinese company, a mostly American company, or a British company off the coast of Cuba.)
Your company
Not that I create TikTok videos (at least not for paying clients), but I provide other services.
More information on Bredemarket’s Content-Proposal-Analysis marketing and writing services:
Upload PDFs, websites, YouTube videos, audio files, Google Docs, or Google Slides, and NotebookLM will summarize them and make interesting connections between topics, all powered by Gemini 1.5’s multimodal understanding capabilities.
With all of your sources in place, NotebookLM gets to work and becomes a personalized AI expert in the information that matters most to you….
Our new Audio Overview feature can turn your sources into engaging “Deep Dive” discussions with one click.
I uploaded the most recent version of my resume to NotebookLM.
Technically, this is not my resume; this is a PDF version of a portion of my LinkedIn profile. But my resume has similar information.
NotebookLM used the resume as source material to create a 20+ minute podcast called “Career Detective.” In the podcast, a male and a female pair of bots took turns discussing the insights they gleaned from the resume of John E. “Breedehoft.” (I use a short e, not a long e, but people can call me anything if I get business from it.)
Surprisingly, they didn’t really hallucinate. Or at least I don’t think they did. When the bots said I was deeply qualified, as far as I’m concerned they were speaking the truth.
They even filled in some gaps. For example, I used the acronyms for KYC, KYB, and AML on my resume to save space, so one of the bots explained to the other what those acronyms meant, and why they were important.
Probably the most amusing part of the podcast was when they noted that I had worked at two very large companies. (Just so you know, my resume only goes back to 2015, so Motorola isn’t even discussed.) While Incode and IDEMIA are both multinationals, I wouldn’t characterize Incode as massive.
Anyway, judge for yourself
So here’s the audio episode of “Career Detective” that focuses on…me.
By the way, I learned about NotebookLM via the Never Search Alone Slack workspace, but still need to explore NotebookLM’s other features.
In part because when I first tried to get a mobile driver’s license (mDL), I used my OLD physical driver’s license AFTER I had renewed my driver’s license online (but before I received the new physical license). Data mismatch. Rejected.
And in part because I kept on forgetting to perform the additional steps to confirm my identity.
And in part because I didn’t truly NEED the mDL—I haven’t flown anywhere since April 2023, and for some strange reason no vendor of age-controlled products has insisted on carding me.
California mobile driver’s license (mDL).
But I now have a California mDL. After talking about mDLs for years as a former IDEMIA employee.
I’ve previously espoused the benefits of mDLs. For example, when a retailer DOES check my age before I buy a beer, the retailer doesn’t learn my address or my (claimed) height and weight. The retailer only needs to confirm that I am old enough to buy a beer.
Oddly enough, I had to block out certain information on my displayed mDL in the image above. Because MY privacy requirements obviously don’t conform to California’s privacy requirements.
Bredemarket 