IDEMIA – Page 4 – Bredemarket

If We Don’t Train Facial Recognition Users, There Will Be No Facial Recognition

(Part of the biometric product marketing expert series)

We get all sorts of great tools, but do we know how to use them? And what are the consequences if we don’t know how to use them? Could we lose the use of those tools entirely due to bad publicity from misuse?

Hida Viloria. By Intersex77 – Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=98625035

Do your federal facial recognition users know what they are doing?

I recently saw a WIRED article that primarily talked about submitting Parabon Nanolabs-generated images to a facial recognition program. But buried in the article was this alarming quote:

According to a report released in September by the US Government Accountability Office, only 5 percent of the 196 FBI agents who have access to facial recognition technology from outside vendors have completed any training on how to properly use the tools.
From https://www.wired.com/story/parabon-nanolabs-dna-face-models-police-facial-recognition/

Now I had some questions after reading that sentence: namely, what does “have access” mean? To answer those questions, I had to find the study itself, GAO-23-105607, Facial Recognition Services: Federal Law Enforcement Agencies Should Take Actions to Implement Training, and Policies for Civil Liberties.

It turns out that the study is NOT limited to FBI use of facial recognition services, but also addresses six other federal agencies: the Bureau of Alcohol, Tobacco, Firearms and Explosives (the guvmint doesn’t believe in the Oxford comma); U.S. Customs and Border Protection; the Drug Enforcement Administration; Homeland Security Investigations; the U.S. Marshals Service; and the U.S. Secret Service.

In addition, the study confines itself to four facial recognition services: Clearview AI, IntelCenter, Marinus Analytics, and Thorn. It does not address other uses of facial recognition by the agencies, such as the FBI’s use of IDEMIA in its Next Generation Identification system (IDEMIA facial recognition technology is also used by the Department of Defense).

Two of the GAO’s findings:

Initially, none of the seven agencies required users to complete facial recognition training. As of April 2023, two of the agencies (Homeland Security Investigations and the U.S. Marshals Service) required training, two (the FBI and Customs and Border Protection) did not, and the other three had quit using these four facial recognition services.
The FBI stated that facial recognition training was recommended as a “best practice,” but not mandatory. And when something isn’t mandatory, you can guess what happened:

GAO found that few of these staff completed the training, and across the FBI, only 10 staff completed facial recognition training of 196 staff that accessed the service. FBI said they intend to implement a training requirement for all staff, but have not yet done so.
From https://www.gao.gov/products/gao-23-105607.

So if you use my three levels of importance (TLOI) model, facial recognition training is important, but not critically important. Therefore, it wasn’t done.

The detailed version of the report includes additional information on the FBI’s training requirements…I mean recommendations:

Although not a requirement, FBI officials said they recommend (as
a best practice) that some staff complete FBI’s Face Comparison and
Identification Training when using Clearview AI. The recommended
training course, which is 24 hours in length, provides staff with information on how to interpret the output of facial recognition services, how to analyze different facial features (such as ears, eyes, and mouths), and how changes to facial features (such as aging) could affect results.
From https://www.gao.gov/assets/gao-23-105607.pdf.

However, this type of training was not recommended for all FBI users of Clearview AI, and was not recommended for any FBI users of Marinus Analytics or Thorn.

I should note that the report was issued in September 2023, based upon data gathered earlier in the year, and that for all I know the FBI now mandates such training.

Or maybe it doesn’t.

What about your state and local facial recognition users?

Of course, training for federal facial recognition users is only a small part of the story, since most of the law enforcement activity takes place at the state and local level. State and local users need training so that they can understand:

The anatomy of the face, and how it affects comparisons between two facial images.
How cameras work, and how this affects comparisons between two facial images.
How poor quality images can adversely affect facial recognition.
How facial recognition should ONLY be used as an investigative lead.

If state and local users received this training, none of the false arrests over the last few years would have taken place.

What are the consequences of no training?

Could I repeat that again?

If facial recognition users had been trained, none of the false arrests over the last few years would have taken place.

The users would have realized that the poor images were not of sufficient quality to determine a match.
The users would have realized that even if they had been of sufficient quality, facial recognition must only be used as an investigative lead, and once other data had been checked, the cases would have fallen apart.

But the false arrests gave the privacy advocates the ammunition they needed.

Not to insist upon proper training in the use of facial recognition.

But to ban the use of facial recognition entirely.

Like nuclear or biological weapons, facial recognition’s threat to human society and civil liberties far outweighs any potential benefits. Silicon Valley lobbyists are disingenuously calling for regulation of facial recognition so they can continue to profit by rapidly spreading this surveillance dragnet. They’re trying to avoid the real debate: whether technology this dangerous should even exist. Industry-friendly and government-friendly oversight will not fix the dangers inherent in law enforcement’s discriminatory use of facial recognition: we need an all-out ban.
From https://www.banfacialrecognition.com/

(And just wait until the anti-facial recognition forces discover that this is not only a plot of evil Silicon Valley, but also a plot of evil non-American foreign interests located in places like Paris and Tokyo.)

Because the anti-facial recognition forces want us to remove the use of technology and go back to the good old days…of eyewitness misidentification.

Eyewitness misidentification contributes to an overwhelming majority of wrongful convictions that have been overturned by post-conviction DNA testing.

Eyewitnesses are often expected to identify perpetrators of crimes based on memory, which is incredibly malleable. Under intense pressure, through suggestive police practices, or over time, an eyewitness is more likely to find it difficult to correctly recall details about what they saw.
From https://innocenceproject.org/eyewitness-misidentification/.

And these people don’t stay in jail for a night or two. Some of them remain in prison for years until the eyewitness misidentification is reversed.

Archie Williams moments after his exoneration on March 21, 2019. Photo by Innocence Project New Orleans. From https://innocenceproject.org/fingerprint-database-match-establishes-archie-williams-innocence/

Eyewitnesses, unlike facial recognition algorithms, cannot be tested for accuracy or bias.

And if we don’t train facial recognition users in the technology, then we’re going to lose it.

Android mobile driver’s licenses? It’s complicated.

At least in the United States, the mobile driver’s license world is fragmented.

Because driver’s license issuance in the U.S. is a state and not a federal responsibility, each state has to develop its own mobile driver’s license implementation. Subject to federal and international standards, of course.

To date there have been two parties helping the states with this:

mDL vendors such as Envoc and IDEMIA, who work with the states to create mDLs.
Operating system vendors such as Apple and Google, who work with the states to incorporate mDLs in smartphone wallets.

But because the Android ecosystem is more fragmented than the iOS ecosystem, we now have a third party that is involved in mDLs. In addition to mDL vendors and operating system vendors, we also have really large smartphone providers.

From https://news.samsung.com/us/samsung-idemia-bring-mobile-drivers-licenses-samsung-wallet-arizona-iowa-first-states-rollout/

Enter Samsung:

Samsung Electronics America today announced it is bringing mobile driver’s licenses and state IDs to Samsung Wallet. Arizona and Iowa will be the first states to offer a mobile version of its driver’s license to their residents. The update expands the Samsung Wallet experience by adding a convenient and secure way to use state-issued IDs and driver’s licenses
From https://news.samsung.com/us/samsung-idemia-bring-mobile-drivers-licenses-samsung-wallet-arizona-iowa-first-states-rollout/

(For those who have seen prior references to Samsung in the Bredemarket blog, rest assured that this information is public and Samsung won’t get harmed if you feed it to ChatGPT or Bard or whoever.)

In this particular case Samsung is workin g with IDEMIA (the mDL provider for Arizona and Iowa), but Samsung announced that it is working with other states and with the Transportation Security Administration (TSA).

While there are underlying standards (most notably ISO/IEC 18013-5, previously discussed here) that govern the implementation of mobile driver’s licenses, there is still a dizzying array of options.

From https://www.yourtango.com/201168184/facebook-relationship-status-what-does-its-complicated-mean

On a personal note, I’m still working on validating my driver’s license for California’s pilot mDL program. It probably didn’t help that I renewed my physical driver’s license right in the middle of the mDL validation process.

Five Topics a Biometric Content Marketing Expert Needs to Understand

As a child, did you sleep at night dreaming that someday you could become a biometric content marketing expert?

“Someday I will star in a video about a documen t reader!” By Carlos María Herrera – http://www.castells.com.uy/pn_ago06/41-60.htm, Public Domain, https://commons.wikimedia.org/w/index.php?curid=8132604

I didn’t either. Frankly, I didn’t even work in biometrics professionally until I was in my 30s.

If you have a mad adult desire to become a biometric content marketing expert, here are five topics that I (a self-styled biometric content marketing expert) think you need to understand.

Topic One: Biometrics

Sorry to be Captain Obvious, but if you’re going to talk about biometrics you need to know what you’re talking about.

The days in which an expert could confine themselves to a single biometric modality are long past. Why? Because once you declare yourself an iris expert, someone is bound to ask, “How does iris recognition compare to facial recognition?”

Only some of the Biometrics Institute’s types of biometrics. Full list at https://www.biometricsinstitute.org/what-is-biometrics/types-of-biometrics/

And there are a number of biometric modalities. In addition to face and iris, the Biometrics Institute has cataloged a list of other biometric modalities, including fingerprints/palmprints, voice, DNA, vein, finger/hand geometry, and some more esoteric ones such as gait, keystrokes, and odor. (I wouldn’t want to manage the NIST independent testing for odor.)

As far as I’m concerned, the point isn’t to select the best biometric and ignore all the others. I’m a huge fan of multimodal biometrics, in which a person’s identity is verified or authenticated by multiple biometric types. It’s harder to spoof multiple biometrics than it is to spoof a single one. And even if you spoof two of them, what if the system checks for odor and you haven’t spoofed that one yet?

Topic Two: All the other factors

In the same way that I don’t care for people who select one biometric and ignore the others, I don’t care for some in the “passwo r ds are dead” crowd who go further and say, “Passwords are dead. Use biometrics instead.”

Although I admire the rhyming nature of the phrase.

If you want a robust identity system, you need to use multiple factors in identity verification and authentication.

Something you know.
Something you have.
Something you are (i.e. biometrics).
Something you do.
Somewhere you are.

Again, use of multiple factors protects against spoofing. Maybe someone can create a gummy fingerprint, but can they also create a fake passport AND spoof the city in which you are physically located?

From https://www.youtube.com/shorts/mqfHAc227As

Don’t assume that biometrics answers all the ills of the world. You need other factors.

And if you master these factors, you are not only a biometric content marketing expert, but also an identity content marketing expert.

Topic Three: How biometrics are used

It’s not enough to understand the technical ins and outs of biometric capture, matching, and review. You need to know how biometrics are used.

One-to-one vs. one-to-many. Is the biometric that you acquire only compared to a single biometric samples, or to a database of hundreds, thousands, millions, or billions of other biometric samples?
Markets. When I started in biometrics, I only participated in two markets: law enforcement (catch bad people) and benefits (get benefit payments to the right people). There are many other markets. Just recently I have written about financial identity and educational identity. I’ve worked with about a dozen other markets personally, and there are many more.
Use cases. Related to markets, you need to understand the use cases that biometrics can address. Taking the benefits example, there’s a use case in which a person enrolls for benefits, and the government agency wants to make sure that the person isn’t already enrolled under another name. And there’s a use cases when benefits are paid to make sure that the authorized recipient receives their benefits, and no one else receives their benefits.
Legal and privacy issues. It is imperative that you understand the legal ramifications that affect your chosen biometric use case in your locality. For example, if your house has a doorbell camera that uses “familiar face detection” to identify the faces of people that come to your door, and the people that come to your door are residents of the state of Illinois, you have a BIG BIPA (Biometric Information Privacy Act) problem.

Any identity content marketing expert or biometric content marketing expert worth their salt will understand these and related issues.

Topic Four: Content marketing

This is another Captain Obvious point. If you want to present yourself as a biometric contet marketing expert or identity content marketing expert, you have to have a feel for content marketing.

Here’s how HubSpot defines content marketing:

The definition of content marketing is simple: It’s the process of publishing written and visual material online with the purpose of attracting more leads to your business. These can include blog posts, pages, ebooks, infographics, videos, and more.
From https://blog.hubspot.com/marketing/content-marketing

Here are all the types of content in which one content marketer claims proficiency (as of July 27, 2023, subject to change):

Articles • Battlecards (80+) • Blog Posts (400+) • Briefs/Data/Literature Sheets • Case Studies (12+) • Competitive Analyses • Email Newsletters (200+) • Event/Conference/Trade Show Demonstration Scripts • FAQs • Plans • Playbooks • Presentations • Proposal Templates • Proposals (100+) • Quality Improvement Documents • Requirements • Scientific Book Chapters • Smartphone Application Content • Social Media (Facebook, Instagram, LinkedIn, Threads, TikTok, Twitter) • Strategic Analyses • Web Page Content • White Papers and E-Books
From https://www.linkedin.com/in/jbredehoft/, last updated 7/27/2023.

Now frankly, that list is pretty weak. You’ll notice that it doesn’t include Snapchat.

But content marketers need to be comfortable with creating at least one type of content.

Topic Five: How L-1 Identity Solutions came to be

Yes, an identity content marketing expert needs to thoroughly understand how L-1 Identity Solutions came to be.

I’m only half joking.

Back in the late 1990s and early 2000s (I’ll ignore FpVTE results for a moment), the fingerprint world in which I worked recognized four major vendors: Cogent, NEC, Printrak (later part of Motorola), and Sagem Morpho.

And then there were all these teeny tiny vendors that offered biometric and non-biometric solutions, including the fierce competitors Identix and Digital Biometrics, the fierce competitors Viisage and Visionics, and a bunch of other companies like Iridian.

Wel, there WERE all these teeny tiny vendors.

Until Bob LaPenta bought them all up and combined them into a single company, L-1 Identity Solutions. (LaPenta was one of the “Ls” in L-3, so he chose the name L-1 when he started his own company.)

So around 2008 the Big Four (including a post-FpVTE Motorola) became the Big Five, since L-1 Identity Solutions was now at the table with the big boys.

But then several things happened:

Motorola started selling off parts of itself. One of those parts, its Biometric Business Unit, was purchased by Safran (the company formed after Sagem and Snecma merged). This affected me because I, a Motorola employee, became an employee of MorphoTrak, the subsidiary formed when Sagem Morpho de facto acquired “Printrak” (Motorola’s Biometric Business Unit). So now the Big Five were the Big Four.
Make that the Big Three, because Safran also bought L-1 Identity Solutions, which became MorphoTrust. MorphoTrak and MorphoTrust were separate entities, and in fact competed against each other, so maybe we should say that the Big Four still existed.
Oh, and by the way, the independent company Cogent was acquired by 3M (although NEC considered buying it).
A few years later, 3M sold bits of itself (including the Cogent bit) to Gemalto.
Then in 2017, Advent International (which owned Oberthur) acquired bits of Safran (the “Morpho” part) and merged them with Oberthur to form IDEMIA. As a consequence of this, MorphoTrust de facto acquired MorphoTrak, ending the competition but requiring me to have two separate computers to access the still-separate MorphoTrust and MorphoTrak computer networks. (In passing, I have heard from two sources, but have not confirmed myself, that the possible sale of IDEMIA is on hold.)
And Gemalto was acquired by Thales.

So as of 2023, the Big Three (as characterized by Maxine Most and FindBiometrics) are IDEMIA, NEC, and Thales.

Why do I mention all this? Because all these mergers and acquisitions have resulted in identity practitioners working for a dizzying number of firms.

As of August 2023, I myself have worked for five identity firms, but in reality four of the five are the same firm because the original Printrak International kept on getting acquired (Motorola, Safran, IDEMIA).

And that’s nothing. One of my former Printrak coworkers (R.M.) has also worked for Digital Biometrics (now part of IDEMIA), Cross Match Technologies (now part of ASSA ABLOY), Iridian (now part of IDEMIA), Datastrip, Creative Information Technology, AGNITiO, iTouch Biometrics, NDI Recognition Systems, iProov, and a few other firms here and there.

The point is that everybody knows everybody because everybody has worked with (and against) everybody. And with all the job shifts, it’s a regular Peyton Place.

By ABC Television – eBay itemphoto frontphoto back, Public Domain, https://commons.wikimedia.org/w/index.php?curid=17252688

Not sure which one is me, which one is R.M., and who the other people are.

Do you need an identity content marketing expert today?

Do you need someone who not only knows biometrics and content marketing, but also all the other factors, their uses, and even knows the tangled history of L-1?

Someone who offers:

No identity learning curve?
No content learning curve?
Proven results?

If I can help you create your identity content, contact me.

Email me at john.bredehoft@bredemarket.com.
Book a meeting with me at calendly.com/bredemarket.
Contact me at bredemarket.com/contact/.
Subscribe to my mailing list at http://eepurl.com/hdHIaT.

What’s in a rename? (Or, what is an oosto?)

The naming, or renaming, of a company is an important step in a company’s journey. While one should rightly concentrate on mission statements and processes and the like, the first impression many people will have of a company is its name.

So it’s important to get it right.

How my company was named

Sometimes the naming of a company is a relatively simple affair. For example, the company name “Bredemarket” is a combination of the beginning of my last name, Bredehoft, with the word market (derived from marketing).

Certainly the name is open to confusion (not that I was planning on doing business in East Sussex), but the name does communicate what the company is about.

I guess I could have called the company Bredewrite, but Bredemarket has grown on me.

Sometimes the naming of a company gets a little more involved.

How my former employer was renamed

When Oberthur was merged with the Morpho portion of Safran, the combined company needed a name (Oberthur was ruled out). So the company adopted the name “OT-Morpho,” indicating the heritage of the two parts of the company.

However, OT-Morpho was never intended to be the permanent name of the company. Everyone knew that the company would be renamed at some point in the future.

A few months later, as part of a razzle dazzle event, the new name of the company was revealed to an in-person audience in France and to people watching remotely all over the world (including myself).

If you don’t want to watch the entire video, the new name was…IDEMIA.

Some thought went into this name, as the accompanying press release noted.

In a world directly impacted by the exponential growth of connected objects, the increasing globalisation of exchanges, the digitalisation of the economy and the consumerisation of technology, IDEMIA stands as the new leader in trusted identities placing “Augmented Identity” at the heart of its actions. As an expression of this innovative strategy, the group has been renamed IDEMIA in reference to powerful terms: Identity, Idea and the Latin word idem, reflecting its mission to guarantee everyone a safer world thanks to its expertise in trusted identities.

However, some people didn’t like the new name at the time, and there was a big ruckus about how to pronounce the name. But at least some thought went into the name, and potential customers at least made the connection between IDEMIA and identity, if not to the other influences.

IDEM means – The same, me too. No, IDEMIA didn’t want to position itself as a “me too” company, but as a company that asserted the identity of an individual. From http://acronymsandslang.com/definition/7720102/IDEM-meaning.html.

Some of IDEMIA’s corporate predecessors also had some stories behind their names.

My former employer MorphoTrak was the result of a merger between Tacoma-based Sagem Morpho and the Anaheim-based Biometric Business Unit of Motorola that was previously known as Printrak. In the same way that OT-Morpho represented the union of Oberthur and Morpho, MorphoTrak represented the union of Sagem Morpho and Printrak.
The Morpho in Sagem Morpho was an element of the name of the original French company that was founded in the 1980s, Morpho Systèmes. I don’t know exactly why the company was named Morpho, but the term can mean form or structure, or it can refer to a particular group of butterflies with distinct wing patterns.
And Printrak, a product name before it was a company name, was derived from the word fingerprint. (And presumably from the system that tracked the fingerprints.)

So even if you don’t like these names, at least some thought went behind them.

And then there are other cases.

How another company was renamed

Anyvision was a company that had been around for a while, specializing in using artificial intelligence and vision to provide security solutions. But recently the company decided to expand its focus.

[T]he company’s evolution and vision for the future…is shaped, in part, by a new collaboration with Carnegie Mellon University’s (CMU) CyLab Biometric Research Center. The CMU partnership will focus on early-stage research in object, body, and behavior recognition….
“Historically, the company has focused on security-related use cases for our watchlist alerting and touchless access control solutions….[W]e’re looking beyond the lens of security to include ways our solutions can positively impact an organization’s safety, productivity and customer experience.”

So with this expanded focus, Anyvision decided that its corporate name was too limiting. So the company announced that is was renaming itself.

The new name is…Oosto.

Now some of you may have noticed that the name “Oosto” does not convey the idea of object, body, or behavior recognition in English, Latin, Hebrew (Anyvision started in Israel), or any other known language. As far as I know. (And yes, I saw what The Names Dictionary says.)

So why Oosto? According to Chris Burt at Biometric Update:

The new name was chosen because it is short, easy to pronounce, and free from pre-existing associations….

Well, at least you don’t have to worry about how to say Oosto, unlike Eye DEM ee uh or Eye DEEM e uh or Ih dem EE uh or whatever.

And it’s short.

And it’s obviously extremely free from pre-existing associations.

Which unfortunately means that people have no idea what an “oosto” is.

But it will probably grow on us over time, just as people now use the word “IDEMIA” without a second thought.

Hopefully there isn’t a market in East Sussex named Oosto.

Monitoring the #connectid hashtag

I have a long history with hashtags.

A LONG history.

Fires and parades

How long?

Back on October 23, 2007, I used my then-active Twitter account to tweet about the #sandiegofire. The San Diego fire was arguably the first mass adoption of hashtags, building upon pioneering work by Stowe Boyd and Chris Messina and acted upon by Nate Ritter and others.

From https://twitter.com/oemperor/status/358071562. Frozen peas? Long story.

The tinyurl link directed followers to my post detailing how the aforementioned San Diego Fire was displacing sports teams, including the San Diego Chargers. (Yes, kids, the Chargers used to play in San Diego.)

So while I was there at the beginning of hashtags, I’m proudest of the post that I wrote a couple of months later, entitled “Hashtagging Challenges When Events Occur at Different Times in Different Locations.” It describes the challenges of talking about the Rose Parade when someone is viewing the beginning of the parade while someone else is viewing the end of the parade at the same time. (This post was cited on PBWorks long ago, referenced deep in a Stowe Boyd post, and cited elsewhere.)

Hashtag use in business

Of course, hashtags have changed a lot since 2007-2008. After some resistance, Twitter formally supported the use of hashtags, and Facebook and other services followed, leading to mass adoption beyond the Factory Joes of the world.

Ignoring personal applications for the moment, hashtags have proven helpful for business purposes, especially when a particular event is taking place. No, not a fire in a major American city, but a conference of some sort. Conferences of all types have rushed to adopt hashtags so that conference attendees will promote their conference attendance. The general rule is that the more techie the conference, the more likely the attendees will use the conference-promoted hashtag.

I held various social media responsibilities during my years at MorphoTrak and IDEMIA, some of which were directly connected to the company’s annual user conference, and some of which were connected to the company’s attendance at other events. Obviously we pulled out the stops for our own conferences, including adopting hashtags that coincided with the conference theme.

A tweet https://twitter.com/JEBredCal/status/1124159756157849600 from the last (obviously celebratory) night of IDEMIA’s (Printrak’s) 40th conference in 2019. Coincidentally, this conference was held in San Diego.

And then when the conference organizers adopt a hashtag, they fervently hope that people will actually USE the adopted hashtag. As I said before, this isn’t an issue for the technical conferences, but it can be an issue at the semi-technical conferences. (“Hey, everybody! Gather around the screen! Someone used the conference hashtag…oh wait a minute, that’s my burner account.”)

A pleasant surprise with exhibitor/speaker adoption of the #connectID hashtag

Well, I think that we’ve finally crossed a threshold in the biometric world, and hashtags are becoming more and more acceptable.

As I previously mentioned, I’m not attending next week’s connect:ID conference in Washington DC, but I’m obviously interested in the proceedings.

So I turned to Twitter to check if anyone was using a #connectID hashtag in advance of the event. (Helpful hint: hashtags cannot include special characters such as “:” so don’t try to tweet #connect:ID; it won’t work and will appear as #connect.) Using the date-sorted search https://twitter.com/search?q=%23connectid&src=typed_query&f=live, I was expecting to see a couple of companies using the hashtag…if I was lucky.

I was pleasantly surprised to see that nearly two dozen exhibitors and speakers were using the #connectID hashtag (or referenced via the hashtag) as of the Friday before the event, including Acuity Market Intelligence, Aware, BIO-key, Blink Identity, Clearview AI, HID Global, IDEMIA, Integrated Biometrics, iProov, Iris ID, Kantara, NEC and NEC NSS, Pangiam, Paravision, The Paypers, WCC, WorldReach Software/Entrust, and probably some others by the time you read this, as well as some others that I may have missed.

And the event hasn’t even started yet.

At least some of the companies will have the presence of mind to tweet DURING the event on Tuesday and Wednesday.

Will yours be one of them?

But company adoption is only half the battle

While encouraging to me, adoption of a hashtag by a conference’s organizers, exhibitors, and speakers is only the beginning.

The true test will take place when (if) the ATTENDEES at the conference also choose to adopt the conference hashtag.

According to Terrapin (handling the logistics of conference organization), more than 2,500 people are registered for the conference. While the majority of these people are attending the free exhibition, over 750 of them are designated as “conference delegates” who will attend the speaking sessions.

How many of these people will tweet or post about #connectID?

We’ll all find out on Tuesday.

connect:ID 2021 is coming

I have not been to an identity trade show in years, and sadly I won’t be in Washington DC next week for connect:ID…although I’ll be thinking about it.

I’ve only been to connect:ID once, in 2015. Back in those days I was a strategic marketer with MorphoTrak, and we were demonstrating the MorphoWay. No, not the Morpho Way; the MorphoWay.

Perhaps you’ve seen the video.

Video by Biometric Update. https://www.youtube.com/watch?v=mqfHAc227As

As an aside, you’ll notice how big MorphoWay is…which renders it impractical for use in U.S. airports, since space is valuable and therefore security features need a minimum footprint. MorphoWay has a maximum footprint…just ask the tradespeople who were responsible for getting it on and off the trade show floor.

I still remember several other things from this conference. For example, in those days one of Safran’s biometric competitors was 3M. Of course both Safran and 3M have exited the biometric industry, but at the time they were competing against each other. Companies always make a point of checking out the other companies at these conferences, but when I went to 3M’s booth, the one person I knew best (Teresa Wu) was not at the booth. Later that year, Teresa would leave 3M and (re)join Safran, where she remains to this day.

Yes, there is a lot of movement of people between firms. Looking over the companies in the connect:ID 2021 Exhibitor Directory, I know people at a number of these firms. Obviously people from IDEMIA, of course (IDEMIA was the company that bought Safran’s identity business), but I also know people at other companies, all of whom who were former coworkers at IDEMIA or one of its predecessor companies:

Aware.
Clearview AI.
GET Group North America.
HID Global.
Integrated Biometrics.
iProov.
NEC.
Paravision.
Rank One Computing.
SAFR/RealNetworks.
Thales.
Probably some others that I missed.

And I know people at some of the other companies, organizations, and governmental entities that are at connect:ID this year.

Some of these entities didn’t even exist when I was at connect:ID six years ago, and some of these entities (such as Thales) have entered the identity market due to acquisitions (in Thales’ case, the acquisition of Gemalto, which had acquired 3M’s biometric business).

So while I’m not crossing the country next week, I’m obviously thinking of everything that will be going on there.

Incidentally, this is one of the last events of the trade show season, which is starting to wind down for the year. But it will ramp up again next spring (for you Northern Hemisphere folks).

Bredemarket remembers the Southern Hemisphere, even though Bredemarket only does business in the United States. https://www.youtube.com/watch?v=HtZCQiN3n50

Regardless of where you are, hopefully the upcoming trade show season will not be adversely impacted by the pandemic.

Today’s “biometrics is evil” post (Amazon One)

I can’t recall who recorded it, but there’s a radio commercial heard in Southern California (and probably nationwide) that intentionally ridicules people who willingly give up their own personally identifiable information (PII) for short-term gain. In the commercial, both the husband and the wife willingly give away all sorts of PII, including I believe their birth certificates.

While voluntary surrender of PII happens all the time (when was the last time you put your business card in a drawing bowl at a restaurant?), people REALLY freak out when the information that is provided is biometric in nature. But are the non-biometric alternatives any better?

TechCrunch, Amazon One, and Ten Dollars

TechCrunch recently posted “Amazon will pay you $10 in credit for your palm print biometrics.“

From https://techcrunch.com/2021/08/02/amazon-credit-palm-biometrics/.

If you think that the article details an insanely great way to make some easy money from Amazon, then you haven’t been paying attention to the media these last few years.

The article begins with a question:

How much is your palm print worth?

The article then describes how Amazon’s brick-and-mortar stores in several states have incorporated a new palm print scanner technology called “Amazon One.” This technology, which reads both friction ridge and vein information from a shopper’s palms. This then is then associated with a pre-filed credit card and allows the shopper to simply wave a palm to buy the items in the shopping cart.

There is nothing new under the sun

Amazon One is the latest take on processes that have been implemented several times before. I’ll cite three examples.

Pay By Touch. The first one that comes to my mind is Pay By Touch. While the management of the company was extremely sketchy, the technology (provided by Cogent, now part of Thales) was not. In many ways the business idea was ahead of its time, and it had to deal with challenging environmental conditions: the fingerprint readers used for purchases were positioned near the entrances/exits to grocery stores, which could get really cold in the winter. Couple this with the elderly population that used the devices, and it was sometimes difficult to read the fingers themselves. Yet, this relatively ancient implementation is somewhat similar to what Amazon is doing today.

University of Maryland Dining Hall. The second example occurred to me because it came from my former employer (MorphoTrak, then part of Safran and now part of IDEMIA), and was featured at a company user conference for which I coordinated speakers. There’s a video of this solution, but sadly it is not public. I did find an article describing the solution:

With the new system students will no longer need a UMD ID card to access their own meals…

Instead of pulling out a card, the students just wave their hand through a MorphoWave device. And this allows the students to pay for their meals QUICKLY. Good thing when you’re hungry.

This Pay and That Pay. But the most common example that everyone uses is Apple Pay, Google Pay, Samsung Pay, or whatever “pay” system is supported on your smartphone. Again, you don’t have to pull out a credit card or ID card. You just have to look at your phone or swipe your finger on the phone, and payment happens.

Amazon One is the downfall of civilization

I don’t know if TechCrunch editorialized against Pay By Touch or [insert phone vendor here] Pay, and it probably never heard of the MorphoWave implementation at the University of Maryland. But Amazon clearly makes TechCrunch queasy.

While the idea of contactlessly scanning your palm print to pay for goods during a pandemic might seem like a novel idea, it’s one to be met with caution and skepticism given Amazon’s past efforts in developing biometric technology. Amazon’s controversial facial recognition technology, which it historically sold to police and law enforcement, was the subject of lawsuits that allege the company violated state laws that bar the use of personal biometric data without permission.

Oh well, at least TechCrunch didn’t say that Amazon was racist. (If you haven’t already read it, please read the Security Industry Association’s “What Science Really Says About Facial Recognition Accuracy and Bias Concerns.” Unless you don’t like science.)

OK, back to Amazon and Amazon One. TechCrunch also quotes Albert Fox Cahn of the Surveillance Technology Oversight Project.

*People Leaving the Cities*, photo art by Zbigniew Libera, imagines a dystopian future in which people have to leave dying metropolises. By Zbigniew Libera – https://artmuseum.pl/pl/kolekcja/praca/libera-zbigniew-wyjscie-ludzi-z-miast, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=66055122.

“The dystopian future of science fiction is now. It’s horrifying that Amazon is asking people to sell their bodies, but it’s even worse that people are doing it for such a low price.”

“Sell their bodies.” Isn’t it even MORE dystopian when people “give their bodies away for free” when they sign up for Apple Pay, Google Pay, or Samsung Pay? While the Surveillance Technology Oversight Project (acronym STOP) expresses concern about digital wallets, there is a significant lack of horror in its description of them.

Digital wallets and contactless payment systems like smart chips have been around for years. The introduction of Apple Pay, Amazon Pay, and Google Pay have all contributed to the e-commerce movement, as have fast payment tools like Venmo and online budgeting applications. In response to COVID-19, the public is increasingly looking for ways to reduce or eliminate physical contact. With so many options already available, contactless payments will inevitably gain momentum….
Without strong federal laws regulating the use of our data, we’re left to rely on private companies that have consistently failed to protect our information. To prevent long-term surveillance, we need to limit the data collected and shared with the government to only what is needed. Any sort of monitoring must be secure, transparent, proportionate, temporary, and must allow for a consumer to find out about or be alerted to implications for their data. If we address these challenges now, at a time when we will be generating more and more electronic payment records, we can ensure our privacy is safeguarded.

So STOP isn’t calling for the complete elimination of Amazon Pay. But apparently it wants to eliminate Amazon One.

Is a world without Amazon One a world with less surveillance?

Whenever you propose to eliminate something, you need to look at the replacement and see if it is any better.

In 1998, Fox fired Bill Russell as the manager of the Los Angeles Dodgers. He had a win-loss percentage of .538. His replacement, Glenn Hoffman, lasted less than a season and had a percentage of .534. Hoffman’s replacement, true baseball man Davey Johnson, compiled a percentage of .503 over the next two seasons before he was fired. Should have stuck with Russell.

Anyone who decides (despite the science) that facial recognition is racist is going to have to rely on other methods to identify criminals, such as witness identification. Witness identification has documented inaccuracies.

And if you think that elimination of Amazon One from Amazon’s brick-and-mortar stores will lead to a privacy nirvana, think again. If you don’t use your palm to pay for things, you’re going to have to use a credit card, and that data will certainly be scanned by the FBI and the CIA and the BBC, B. B. King, and Doris Day. (And Matt Busby, of course.) And even if you use cash, the only way that you’ll preserve any semblance of your privacy is to pay anonymously and NOT tie the transaction to your Amazon account.

And if you’re going to do that, you might as well skip Whole Foods and go straight to Dollar General. Or maybe not, since Dollar General has its own app. And no one calls Dollar General dystopian. Wait, they do: “They tend to cluster, like scavengers feasting on the carcasses of the dead.”

I seemed to have strayed from the original point of this post.

But let me sum up. It appears that biometrics is evil, Amazon is evil, and Amazon biometrics are Double Secret Evil.

Fair use, https://en.wikipedia.org/w/index.php?curid=17499683

Telos enters the touchless fingerprint market

Years before COVID became a thing, the U.S. government had a desire to encourage touchless fingerprint technologies. This began many years ago with a concerted effort to capture a complete set of fingerprints in less than 15 seconds. By 2016, this had evolved to a set of Cooperative Research and Development Agreements (CRADA) entered into by the National Institute of Standards and Technology and several private companies.

Slide 10 from the NIST presentation posted at https://www.nist.gov/system/files/documents/2016/12/14/iai_2016-nist_contactless_fingerprints-distro-20160811.pdf

For purposes of this post, I’m going to concentrate on just one of the listed mobile fingerprint capture technology solutions. The mobile fingerprint capture technologies from these companies were intended to support the capture of fingerprints from a standard smartphone without any additional capture equipment. (Compare this to the portal/kiosk category, which employed specialized capture equipment.)

One of NIST’s CRADA partners for mobile fingerprint capture was a company called Diamond Fortress Technologies.

Via our CRADA relationship (Cooperative Research and Development Agreement), Diamond Fortress is currently working with NIST to develop standards dealing with best practices, certification methodology, data formatting and interoperability with legacy contact-based and inked print databases for optical acquisition systems. This will support future certification for purchase on the Government Certified Products lists.

Fast forward a few years, and Diamond Fortress Technologies’ offering is back in the news again.

Telos Corporation has acquired the ONYX touchless fingerprint biometric software and other assets of Diamond Fortress Technologies (DFT), and appears to be targeting new verticals with the technology.

Now that happened to catch my eye for one particular reason.

You see, my former employer IDEMIA used to have a monopoly on the TSA PreCheck program. If you wanted to enroll in TSA PreCheck, you HAD to go to IDEMIA. This provided a nice revenue stream for IDEMIA…well, perhaps not so nice when all of the airports lost traffic due to COVID.

Anyway, the Congress decided that one provider wasn’t optimal for government purposes, so in early 2020 other vendors were approved as TSA PreCheck providers.

WASHINGTON – Transportation Security Administration (TSA) today announced that TSA PreCheck™ enrollment services will now be provided by Alclear, LLC; Telos Identity Management Solutions, LLC; and Idemia Identity & Security USA, LLC, expanding the opportunities that enable travelers to apply for TSA PreCheck.

Just to clarify, the company then known as Alclear is better known to the general public as CLEAR.

And the third company is Telos.

Which is now apparently moving into the touchless fingerprint space.

From https://diamondfortress.com/onyx/. Fair use.

Now THAT is going to have an impact on enrollment.

(Bredemarket Premium) The mechanics of acquisitions

During my years in biometrics, my employer was acquired by another firm three times:

Printrak was acquired by Motorola in 2000.
Part of Motorola was acquired by Safran in 2009.
Part of Safran was acquired by Oberthur in 2017. (The combined entity was named IDEMIA.)

CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=243386

Acquisitions always cause a lot of changes, but one of these three acquisitions caused more changes than any of the others.

Subscribe to get access

Subscribe to Bredemarket Premium to access this premium content.

Subscriptions just $5 per month.
Access Bredemarket’s expertise without spending hundreds or thousands of dollars.

(Bredemarket Premium) The drawbacks of a FOCI-mitigated subsidiary

Those portions of the U.S. government that deal with critical infrastructure are naturally concerned about foreign encroachment into U.S. Government operations, even from “friendly” nations. Therefore, the U.S. Government takes steps to mitigate the effects of “Foreign Ownership, Control or Influence” (FOCI).

I’ve worked for two companies that needed to undertake FOCI mitigation, and I know of others that have also done this. And while FOCI mitigation offers benefits to the United States, there are also drawbacks of which everyone involved should be aware.

Subscribe to get access

Subscribe to Bredemarket Premium to access this premium content.

Subscriptions just $5 per month.
Access Bredemarket’s expertise without spending hundreds or thousands of dollars.