Tag Archives: identity

How Does Private Sector Firm X Handle Identity Verification?

As I mentioned earlier, I don’t know if Login.gov is affected by the abrupt shutdown of GSA’s 18F. Was 18F still maintaining Login.gov code, or had the Login.gov folks established their own code maintenance, independent of the now-deprecated 18F?

Perhaps we will find out Monday.

But what if 18F were still responsible for Login.gov, which therefore is nearly impossible to update or maintain? 

No, Mark Cuban, DOGE will not contract with the ex-18F workers. DOGE doesn’t need them. Look at what they’ve already done with verifying identities.

IDV via SMS

For example, at the private sector company X, you cannot get a paid X Premium subscription unless you have a confirmed phone number. Because everybody knows that confirming identities via an SMS text message is a foolproof method.

Well, maybe not.

“According to information provided by Google, the decision to move away from SMS verification stems from numerous security vulnerabilities associated with text message codes. These include susceptibility to phishing attacks, where users might inadvertently share codes with malicious actors, and dependence on phone carriers’ security practices, which can vary widely in effectiveness.”

IDV via doc plus selfie

Now I’m not being fair to X, because X offers an identity verification procedure using a government issued ID…as a voluntary (not mandatory) service. It uses known third party providers (Au10tix, Persona, and Stripe as of February 2025) for IDV.

“X will provide a voluntary ID verification option for certain X features to increase the overall integrity and trust on our platform. We collect this data when X Premium subscribers optionally choose to apply for an ID verified badge by verifying their identity using a government-issued ID. Once confirmed, a verified label is added to the user’s profile for transparency and potentially unlocking additional benefits associated with specific X features in the future.”

But the public sector needs IDV

Identity verification isn’t mandatory on X because some people plain do not want it. Not because they’re crooks, but because they don’t want to hand their PII over to anyone if they don’t have to.

Of course, the Internal Revenue Service, the Social Security Administration, and many other government agencies HAVE to implement identity verification from Login.gov, ID.me, or some other provider.

When a .gov Becomes an .org

When techies (the ones who developed Login.gov among other things) get fired from their government jobs, a website is sure to follow.

Here is how 18f.org begins:

“For over 11 years, 18F has been proudly serving you to make government technology work better. We are non-partisan civil servants. 18F has worked on hundreds of projects, all designed to make government technology not just efficient but effective, and to save money for American taxpayers.

“However, all employees at 18F – a group that the Trump Administration GSA Technology Transformation Services Director called “the gold standard” of civic tech – were terminated today at midnight ET.”

18F is Not a Female Who Can Vote (An Identity Verification Post)

If you are a government agency who uses Login.gov, or if you are a U.S. citizen who has a Login.gov account, I’m not sure about the future of the service.

Back in November 2023, I wrote a post that included the three letters “18F.” Specifically:

Obviously there are a number of private companies (over 80 last I counted) that provide secure access to information, but Login.gov is provided by the government itself—specifically by the General Services Administration’s Technology Transformation Services. Agencies at the federal, state, and local level can work with the GSA TTS’ “18F” organization to implement solutions such as Login.gov.

Now perhaps I’m, um, biased, but I happen to think that identity verification, whether performed by a public entity, is kinda sorta important.

Which is why I took notice when I saw Brian Krebs’ Saturday night LinkedIn post. Here’s a short excerpt:

This is from the executive director of the 18F, the digital services agency within the General Services Administration (GSA) that develops open-source tools to improve digital services across the federal government.

“I am the Executive Director of 18F and 18F’s longest running employee- I have been at 18F for 10 years. You may not have heard of us, but last night proved that we are powerful. The way the administration ran to get rid of us under the cover of night and shut us down without warning proves that they were scared. They are too afraid to even speak to us.”

Krebs also links to a FedScoop article.

The General Services Administration has eliminated its 18F program, an internal team of tech consultants and engineers that develops open-source tools to improve digital services across the federal government. 

The announcement, which came overnight, is the latest in the Trump administration’s ongoing efforts to slash the federal workforce. It was foreshadowed weeks ago when Elon Musk, who’s become a highly influential and controversial voice in the White House, tweeted that the decade-old program had been “deleted.” 

At this point I am not sure how this affects future updates to Login.gov. As far as I know the service itself remains operational.

To be continued? Or not continued?

Writing Samples I (Mostly) Can’t Share Publicly

So a Bredemarket prospect requested samples of my internal and external sales enablement content, so they could evaluate my writing style.

There were only two problems with the request.

  • First, I can’t provide samples of internal content for other clients. Even privately. Because they’re…internal.
  • Second, reviewing samples of my external content gives no hint of my writing style, since I adjust my writing style to my clients.

But I provided external samples of what I do anyway: two client short data sheets, three client long data sheets, three Bredemarket data sheets, two client landing pages, one Bredemarket landing page, and two other samples.

So I will share one of the landing pages with you, but not a client one. This is one of mine, for Bredemarket’s identity/biometric prospects.

Drive Content Results with Bredemarket Identity Firm Services

People for Sale

News about iProov. According to Metropoler, the company discovered a dark web group in Latin America. 

The group is

“amassing a substantial collection of identity documents and corresponding facial images, specifically designed to defeat Know Your Customer (KYC) verification processes. Rather than traditional theft, these identities may have been obtained through compensated participation, with individuals willingly providing their image and documentation in exchange for payment.”

To uncover such fraudulent activity, a mere government ID to selfie comparison is not enough, since both are from a real person. You need more sophisticated checks such as liveness detection, which iProov offers. You can find iProov’s ISO 30107-3 Presentation Attack Detection Level 2 confirmation letters on iBeta’s page.

But why?

Why would anyone sell their identity, either legitimately (to the World ex Worldcoin folks) or illegitimately (to this dark web outfit)?

Sadly, desperation. If you have a basic need to eat, who cares who is using your ID and what they’re doing with it?

Submission (of proposals)

(All images Imagen 3)

From the early 1990s to 2019, the majority of my identity/biometric proposal work was with U.S. state and local agencies, with some work with foreign agencies (such as Canada’s RCMP), private entities, and a few proposals to U.S. federal agencies.

I had no idea what was going to happen in 2020, and one of the surprises is that the majority of my identity/biometric proposal work since 2020 has been with U.S. federal agencies. Many requests for information (RFIs) as well as other responses.

The L&M does stop at Bredemarket, apparently. 

The L & N, not M, but close enough for government work.

I’ve worked on client proposals (and Bredemarket’s own responses) to the Departments of Defense, Homeland Security, Justice, and perhaps some others along the way.

And no, there’s no uniformity

Same department, different requirements.

Coincidentally, the two most recent identity/biometric proposals I managed for Bredemarket clients went to the same government department. But that’s where the similarities ended.

The first required an e-mail submission of a PDF (10 pages maximum) to two email addresses. A relative piece of cake.

Mmm…cake. Always reward your proposal people.

The last required an online submission. No, not a simple upload of a PDF to a government website. While my client did have to upload 2 PDFs, the majority of the submission required my client to complete a bunch of online screens.

And there were two separate sets of instructions regarding how to complete these online screens…which contradicted each other. So I had to ask a clarification question…and you know how THAT can go.

Oh, and as the consulting proposal expert, I could not complete the online screens on behalf of the client. The client’s company had a single login, which was assigned to a single person (a company executive) and could NOT be used by anybody else. 

So on the day of proposal submission the executive and I videoconferenced, and I watched as the executive answered the responses, in part using a document in which I had drafted responses.

And of course things were not perfect. The executive pasted one of my responses into the space provided, and only THEN did we discover that the response had an unadvertised character limit. So I rewrote it…at the same time that I resized a required image with unadvertised dimension restrictions.

But there’s some uniformity

Perhaps if I had written more federal proposals at Printrak, Motorola, MorphoTrak, IDEMIA, and Incode, I would have known these things. Perhaps not; as late as 2014 I was still printing proposals on paper and submitting 10 or more volumes of binders (yes, binders) along with CDs that had to be virus-checked.

Some Requests for Proposal (RFPs) provide helpful checklists.

But regardless of whether you submit proposals online, via CD, or in paper volumes, some things remain constant.

  • Follow the instructions.
  • Answer the questions.
  • Emphasize the benefits.
  • And don’t misspell the name of the Contracting Officer.

If you need Bredemarket’s proposal services, or my content or analysis services, visit my “CPA” page to get started.

Where is ByteDance From?

Know Your Business!

Where is ByteDance From?

I am VERY familiar with questions regarding the nationality of a company. There are three questions:

  • Where is it incorporated?
  • Where is it headquartered?
  • Who owns it?

IDEMIA

For my former employer IDEMIA, the answers are France, France, and primarily a U.S. investor (Advent International).

(So depending upon your needs, you can argue that IDEMIA is a French company or a U.S. company.)

ByteDance

For ByteDance, the answers are the Cayman Islands, China (Beijing), and primarily global investors (Blackrock, General Atlantic, Susquehanna International Group, etc.).

(So depending upon your needs, you can argue that ByteDance is a Chinese company, a mostly American company, or a British company off the coast of Cuba.)

Your company

Not that I create TikTok videos (at least not for paying clients), but I provide other services.

More information on Bredemarket’s Content-Proposal-Analysis marketing and writing services:

CPA
Bredemarket’s “CPA.”

Digital Driving Licences With Two Cs

(Imagen 3)

In my country, the issuance of driver’s licenses is performed at the state level, not the national level. This has two ramifications.

REAL ID

The U.S. government wanted to tighten down on identification cards to stop terrorists from hijacking planes and crashing them into buildings. 

But it couldn’t. 

When it told the states to issue “REAL ID” cards by 2008, the states said they wouldn’t be told what to do. 

Today all of them support REAL ID cards as an option, but use of REAL IDs for federal functions such as plane travel won’t be enforced until 2027…if then.

mDLs

For years there has been a move to replace physical driver’s licenses with mobile driver’s licenses, or mDLs.

Again, in my country this has been pursued in a piecemeal basis on the state level. Louisiana has its own mDL, with a separate one in Oklahoma, one in California, others in other states, and none in other states. And one state (Florida) that had one, then didn’t have one.

Some mDLs are in custom wallets, while others are or are not in wallets from Apple, Google, and Samsung.

Oh, and don’t try using your Louisiana mDL to buy a beer in Arkansas.

Meanwhile, in the UK

Things are different in other countries. Amit Alagh shared a BBC article with me.

“Digital driving licences are to be introduced in the UK as the government looks to use technology to ‘transform public services’…. The new digital licences will be introduced later this year….”

Throughout the entire United Kingdom, including Scotland and Northern Ireland, apparently.

In one fell swoop. Entire country done.