identity – Page 19 – Bredemarket

Age Assurance Meets Identity Assurance (Level 2)

I’ve talked about age verification and age estimation here and elsewhere. And I’ve also talked about Identity Assurance Level 2. But I’ve never discussed both simultaneously until now.

I belatedly read this March 2024 article that describes Georgia’s proposed bill to regulate access to material deemed harmful to minors.

A minor in Georgia (named Jimmy Carter) in the 1920s, before computers allowed access to adult material. From National Park Service, https://www.nps.gov/jica/learn/historyculture/early-life.htm.

The Georgia bill explicitly mentions Identity Assurance Level 2.

Under the bill, the age verification methods would have to meet or exceed the National Institute of Standards and Technology’s Identity Assurance Level 2 standard.

So if you think you can use Login.gov to access a porn website, think again.

There’s also a mention of mobile driver’s licenses, albeit without a corresponding mention of the ISO/IEC 18013-5:2021.

Specifically mentioned in the bill text is “digitized identification cards,” described as “a data file available on a mobile device with connectivity to the internet that contains all of the data elements visible on the face and back of a driver’s license or identification card.”

So digital identity is becoming more important for online access, as long as certain standards are met.

Fischer Identity, Baylor University, and IAM

Fischer Identity recently shared a link to a Chronicle of Higher Education article about campus digital identities. It specifically discusses how Baylor University worked with Fischer Identity and Amazon Web Services (AWS) to create an identity and access management (IAM) solution.

From https://www.chronicle.com/featured/digital-higher-ed/building-an-identity-and-access-management-solution.

I won’t give away all the information about the Fischer Identity-AWS effort at Baylor—you have to opt in to access a gated case study to obtain that—but I will say that the case study claims a 12-week implementation of an IAM system that stores “several hundred thousand identities.”

I assume the alumni at Baylor are a generous segment of the university community.

What is B2B Writing?

Business-to-business (B2B) writing isn’t as complex as some people say it is. It may be hard, but it’s not complex.

Why do I care about what B2B writing is?

Neil Patel (or, more accurately, his Ubersuggest service) um, suggested that I say something about B2B writing.

And then he (or it) suggested that I use generative artificial intelligence (AI) to write the piece.

I had a feeling the result was going to suck, but I clicked the “Write For Me” button anyway.

Um, thanks but no thanks. When the first sentence doesn’t even bother to define the acronym “B2B,” you know the content isn’t useful to explain the topic “what is B2B writing.”

And this, my friends, is why I never let generative AI write the first draft of a piece.

So, what IS B2B writing?

Before I explain what B2B writing is, maybe I’d better explain what “B2B” is. And two related acronyms.

B2B stands for business to business. Bredemarket, for example, is a business that sells to other businesses. In my case, marketing and writing services.
B2G stands for business to government. Kinda sorta like B2B, but government folks are a little different. For example, these folks mourned the death of Mike Causey. (I lived outside of Washington DC early in Causey’s career. He was a big deal.) A B2G company, for example, could sell driver’s license products and services to state motor vehicle agencies.
B2C stands for business to consumer. Many businesses create products and services that are intended for consumers and marketed directly to them, not to intermediate businesses. Promotion of a fast food sandwich is an example of a B2C marketing effort.

I included the “B2G” acronym because most of my years in identity and biometrics were devoted to local, state, federal, and international government sales. My B2G experience is much deeper than my B2B experience, and way deeper than my B2C expertise.

Let’s NOT make this complicated

I’m sure that Ubersuggest could spin out a whole bunch of long-winded paragraphs that explain the critical differences between the three marketing efforts above. But let’s keep it simple and limit ourselves to two truths and no lies.

TRUTH ONE: When you market B2B or B2G products or services, you have FEWER customers than when you market B2C products or services.

That’s pretty much it in terms of differences. I’ll give you an example.

If Bredemarket promoted its marketing and writing services to all of the identity verification companies, I would target less than 200 customers.
If IDEMIA or Thales or GET Group or CBN promoted their driver’s license products and services to all of the state, provincial, and territorial motor vehicle agencies in the United States and Canada, they would target less than 100 customers.
If McDonald’s resurrects and promotes its McRib sandwich, it would target hundreds of millions of customers in the United States alone.

From https://www.mcdonalds.com/us/en-us/product/mcrib.html.

The sheer scale of B2C marketing vs. B2B/B2G marketing is tremendous and affects how the company markets its products and services.

But one thing is similar among all three types of writing.

TRUTH TWO: B2B writing, B2G writing, and B2C writing are all addressed to PEOPLE.

Well, until we program the bots to read stuff for us.

This is something we often forget. We think that we are addressing a blog post or a proposal to an impersonal “company.” Um, who works in companies? People.

(Again, until we program the bots.)

Whether you’re marketing a business blog post writing service, a government software system, or a pseudo rib sandwich, you’re pitching it to a person. A person with problems and needs that you can potentially solve.

So solve their needs.

Don’t make it complex.

But what IS B2B writing?

Let’s return to the original question. Sorry, I got off on a bit of a tangent. (But at least I didn’t trail off into musings about “the dynamic and competitive world.”)

When I write something for a business:

I must focus on that business and not myself (customer focus). The business doesn’t want to hear my talk about myself. The business wants to hear what I can do for it.
I must acknowledge the business’ needs and explain the benefits of my solution to meet the business needs. A feature list without any benefits is just a list of cool things; you still have to explain how the cool things will benefit the business by solving its problem.
My writing must address one, or more, different types of people who are hungry for my solution to their problem. (This is what Ubersuggest and others call a “target audience,” because I guess Ubersuggest aims lasers at the assembled anonymous crowd.)

From https://www.hinklefuncenter.com/attractions/laser-tag/.

Again, this is hard, but not complex.

It’s possible to make this MUCH MORE complex and create a 96 step plan to author B2B content.

But why?

So now I’ve answered the question “What is B2B writing?”

Can Bredemarket write for your business? If so, contact me.

Ofcom and the Digital Trust & Safety Partnership

The Digital Trust & Safety Partnership (DTSP) consists of “leading technology companies,” including Apple, Google, Meta (parent of Facebook, Instagram, and WhatsApp), Microsoft (and its LinkedIn subsidiary), TikTok, and others.

The DTSP obviously has its views on Ofcom’s enforcement of the UK Online Safety Act.

Which, as Biometric Update notes, boils down to “the industry can regulate itself.”

Here’s how the DTSP stated this in its submission to Ofcom:

DTSP appreciates and shares Ofcom’s view that there is no one-size-fits-all approach to trust and safety and to protecting people online. We agree that size is not the only factor that should be considered, and our assessment methodology, the Safe Framework, uses a tailoring framework that combines objective measures of organizational size and scale for the product or service in scope of assessment, as well as risk factors.
From https://dtspartnership.org/press-releases/dtsp-submission-to-the-uk-ofcom-consultation-on-illegal-harms-online/.

We’ll get to the “Safe Framework” later. DTSP continues:

Overly prescriptive codes may have unintended effects: Although there is significant overlap between the content of the DTSP Best Practices Framework and the proposed Illegal Content Codes of Practice, the level of prescription in the codes, their status as a safe harbor, and the burden of documenting alternative approaches will discourage services from using other measures that might be more effective. Our framework allows companies to use whatever combination of practices most effectively fulfills their overarching commitments to product development, governance, enforcement, improvement, and transparency. This helps ensure that our practices can evolve in the face of new risks and new technologies.
From https://dtspartnership.org/press-releases/dtsp-submission-to-the-uk-ofcom-consultation-on-illegal-harms-online/.

But remember that the UK’s neighbors in the EU recently prescribed that USB-3 cables are the way to go. This not only forced DTSP member Apple to abandon the Lightning cable worldwide, but it affects Google and others because there will be no efforts to come up with better cables. Who wants to fight the bureaucratic battle with Brussels? Or alternatively we will have the advanced “world” versions of cables and the deprecated “EU” standards-compliant cables.

So forget Ofcom’s so-called overbearing approach and just adopt the Safe Framework. Big tech will take care of everything, including all those age assurance issues.

From https://dtspartnership.org/wp-content/uploads/2023/09/DTSP_Age-Assurance-Best-Practices.pdf.

DTSP’s September 2023 paper on age assurance documents a “not overly prescriptive” approach, with a lot of “it depends” discussion.

Incorporating each characteristic comes with trade-offs, and there is no one-size-fits-all solution. Highly accurate age assurance methods may depend on collection of new personal data such as facial imagery or government-issued ID. Some methods that may be economical may have the consequence of creating inequities among the user base. And each service and even feature may present a different risk profile for younger users; for example, features that are designed to facilitate users meeting in real life pose a very different set of risks than services that provide access to different types of content….

Instead of a single approach, we acknowledge that appropriate age assurance will vary among services, based on an assessment of the risks and benefits of a given context. A single service may also use different
approaches for different aspects or features of the service, taking a multi-layered approach.
From https://dtspartnership.org/wp-content/uploads/2023/09/DTSP_Age-Assurance-Best-Practices.pdf.

So will Ofcom heed the DTSP’s advice and say “Never mind. You figure it out”?

Um, maybe not.

Avoiding Deleterious Forensic Nursing

Warning: this post discusses sexual assault and child abuse.

Hippocrates. By Unidentified engraver – 1881 Young Persons’ Cyclopedia of Persons and PlacesUpload by RedWolf 05:45, Jan 10, 2005 (UTC), Public Domain, https://commons.wikimedia.org/w/index.php?curid=164808

The Hippocratic Oath imposes duties on medical professionals, including this one:

I will follow that system of regimen which, according to my ability and judgment, I consider for the benefit of my patients, and abstain from whatever is deleterious and mischievous.
From https://www.health.harvard.edu/blog/first-do-no-harm-201510138421.

For people like me who do not use the word “deleterious” on a daily basis, it means “harmful often in a subtle or unexpected way.”

The dictates of the Hippocratic Oath lead us to forensic nursing (as defined by 1NURSE.COM), the invasive nature of some forensic techniques, and what companies such as Foster+Freeman are doing to minimize invasive evidence capture.

What is forensic nursing?

From the U.S. Federal Bureau of Investigation, https://www2.fbi.gov/publications/leb/2002/jan2002/jan02x29x1.jpg.

As 1NURSE.COM notes, forensic nursing is multidisciplinary, operating “at the critical juncture of medical science and the legal system.”

Forensic nursing is a specialized branch that integrates medical expertise with forensic science to provide comprehensive care for individuals impacted by violence, abuse, or criminal activities. These professionals serve as a crucial link between the realms of healthcare and the legal system, collaborating with law enforcement, attorneys, and other professionals to gather evidence, provide expert testimony, and ensure justice for victims.
From https://www.linkedin.com/pulse/forensic-nursing-exploration-intricate-profession-1nurse-com-iedyc/.

When I started my forensic career 29 years ago, I was solely involved in the capture and processing of fingerprints from criminals. If I may be honest, the well-being of the individual who provided the forensic evidence was NOT an overriding concern.

But within a year or two I started to get involved in the capture and processing of fingerprints from NON-criminals who were applying for and receiving government benefits.

For that market we HAD to concern ourselves with the well-being of our clients, to make fingerprint capture as easy as possible, and to treat our clients with the utmost respect.
In the end it didn’t matter, because in the popular mind fingerprinting was associated with criminals, and benefits recipients didn’t want to be treated like criminals no matter how nice we were. To my knowledge, all of the benefits recipient fingerprint programs in the United States have all ceased.

Forensic nursing needs to gather the necessary forensic evidence while preserving the compassionate care that nurses are required to provide.

Invasive forensic techniques

So if we have to take care when gathering information from benefits recipients, imagine the level of care we need to take when gathering information from crime victims. Returning to 1NURSE.COM’s article, here are two of the tasks that forensic nurses must perform:

Sexual Assault Forensics: Specializing in sexual assault examination, forensic nurses provide not only compassionate care but also play a pivotal role in collecting evidence essential for legal proceedings. Their expertise ensures a sensitive approach while preserving the integrity of forensic evidence. Example: A forensic nurse conducting a sexual assault examination may collect biological samples and document injuries to aid in prosecuting the assailant.

Child Abuse Investigation: Forensic nurses are instrumental in assessing and documenting cases of child abuse. They collaborate with child protective services and law enforcement to ensure the safety and well-being of the child. Example: A forensic nurse working on a child abuse case may conduct a thorough examination to document injuries and provide expert testimony in court.
From https://www.linkedin.com/pulse/forensic-nursing-exploration-intricate-profession-1nurse-com-iedyc/.

The “compassionate care” part is important, as Foster+Freeman notes in a separate article:

We have focussed a lot on how the investigation works when looking for crimes of a distressing nature but not actually how this investigation process can affect the victim of these crimes and put the victim first. This period can be incredibly distressing for the victim, and the investigation can make this worse as it is making the victim re-live this experience.
https://www.linkedin.com/pulse/victim-first-forensics-focusing-victims-crime-foster-freeman-gnw6e/

As part of their duties, the forensic nurse has to capture evidence from the very parts of the body that were assaulted during the abuse crime itself. No one wants to go through that again. How can evidence capture be less invasive?

Three ways to minimize invasive evidence capture

While it’s not possible to completely erase the pain that crime victims suffer during a forensic investigation, there are ways to minimize it. The Foster+Freeman article highlights three ways to do this:

Capture evidence via non-invasive techniques. As a supplier of alternate light source (ALS) technology, Foster+Freeman notes that its products can discover evidence, even at the subdermal layers, without touching the victim. “Using an ALS is a non-invasive and non-destructive way to examine potential evidence on the skin. This is especially important when dealing with fragile or sensitive skin, as it minimizes the risk of causing further harm during the examination process.”
Capture evidence quickly. Forensic nurses do not want to prolong an examination. There are ways to gather evidence as quickly as possible. For example, rather than using multiple ALS devices, you can use a single one; Foster+Freeman’s Crime-lite^® X Serology Search Kit is “a multispectral light source that has been made with five wavelengths of light integrated into one unit.”

From https://fosterfreeman.com/crime-lite-x/.

Capture evidence thoroughly. What’s the point of putting a victim through the trauma of evidence capture if it doesn’t result in a conviction? Because of this, it’s important to capture as much evidence as possible. A variety of alternate light sources accomplishes this.

Foster+Freeman is just one of a multifarious array of companies that supply evidence collection solutions to forensic nurses and other forensic professionals.

And no, Foster+Freeman didn’t sponsor this post, although Bredemarket is available to provide writing services to Foster+Freeman or to other companies who need to drive content results.

And now that I’ve successfully used “multifarious,” I need to find a way to use “deleterious.” Keep your eyes open.

Why Knowledge-Based Authentication Fails at Authentication

In a recent project for a Bredemarket client, I researched how a particular group of organizations identified their online customers. Their authentication methods fell into two categories. One of these methods was much better than the other.

Multifactor authentication

Some of the organizations employed robust authentication procedures that included more than one of the five authentication factors—something you know, something you have, something you are, something you do, and/or somewhere you are.

From Krishamurty Pammi, https://krishnamurtypammi-technology.blogspot.com/p/security-management-two.html.

For example, an organization may require you to authenticate with biometric data, a government-issued identification document, and sometimes some additional textual or location data.

From IDmission, https://www.idmission.com/identity-solutions/identity-verification.

Knowledge-based authentication

Other organizations employed only one of the factors, something you know.

Not something as easy to crack as a password.
Instead they used the supposedly robust authentication method of “knowledge-based authentication,” or KBA.

The theory behind KBA is that if you ask multiple questions of a person based upon data from various authoritative databases, the chance of a fraudster knowing ALL of this data is minimal.

From Alloy, “Why knowledge-based authentication (KBA) is not effective,” https://www.alloy.com/blog/answering-my-own-authentication-questions-prove-that-theyre-useless.

Steve Craig found out the hard way that KBA is not infallible.

The hotel loyalty hack

Steve Craig is the Founder and CEO of PEAK IDV, a company dedicated to educating individuals on identity verification and fraud prevention.

From PEAK IDV, https://www.peakidv.com/.

Sadly, Craig himself was recently a victim of fraud, and it took him several hours to resolve the issue.

I’m not going to repeat all of Craig’s story, which you can read in his LinkedIn post. But I do want to highlight one detail.

When the fraudster took over Craig’s travel-related account, the hotel used KBA to confirm that the fraudster truly was Steve Craig, specifically asking “when and where was your last hotel stay?”
Only one problem: the “last hotel stay” was one from the fraudster, NOT from Craig. The scammer fraudulently associated their hotel stay with Craig’s account.
This spurious “last hotel stay” allowed the fraudster to not only answer the “last hotel stay” question correctly, but also to take over Craig’s entire account, including all of Craig’s loyalty points.

And with that one piece of knowledge, Craig’s account was breached.

The “knowledge” used by knowledge based authentication

Craig isn’t the only one who can confirm that KBA by itself doesn’t work. I’ve already shared an image from an Alloy article demonstrating the failures of KBA, and there are many similar articles out there.

The biggest drawback of KBA is the assumption that ONLY the person can answer all the knowledge corrections correctly is false. All you have to do is participate in one of those never-ending Facebook memes that tell you something based on your birthday, or your favorite pet. Don’t do it.

Why do organizations use KBA?

So why do organizations continue to use KBA as their preferred authentication method? Fraud.com lists several attractive, um, factors:

Ease of implementation. It’s easier to implement KBA than it is to implement biometric authentication and/or ID card-based authentication.
Ease of use. It’s easier to click on answers to multiple choice questions than it is to capture an ID card, fingerprint, or face. (Especially if active liveness detection is used.)
Ease of remembrance. As many of us can testify, it’s hard to remember which password is associated with a particular website. With KBA, you merely have to answer a multiple choice quiz, using information that you already know (at least in theory).

Let me add one more:

Presumed protection of personally identifiable information (PII). Uploading your face, fingerprint, or driver’s license to a mysterious system seems scary. It APPEARS to be a lot safer to just answer some questions.

But in my view, the risks that someone else can get all this information (or create spurious information) and use it to access your account outweigh the benefits listed above. Even Fraud.com, which lists the advantages of KBA, warns about the risks and recommend coupling KBA with some other authentication method.

But KBA isn’t the only risky authentication factor out there

We already know that passwords can be hacked. And by now we should realize that KBA could be hacked.

But frankly, ANY single authentication can be hacked.

After Steve Craig resolved his fraud issue, he asked the hotel how it would prevent fraud in the future. The hotel responded that it would use caller ID on phone calls made to the hotel. Wrong answer.
While the biometric vendors are improving their algorithms to detect deepfakes, no one can offer 100% assurance that even the best biometric algorithms can prevent all deepfake attempts. And people don’t even bother to use biometric algorithms if the people on the Zoom call LOOK real.
While the ID card analysis vendors (and the ID card manufacturers themselves) are constantly improving their ability to detect fraudulent documents, no one can offer 100% assurance that a presented driver’s license is truly a driver’s license.
Geolocation has been touted as a solution by some. But geolocation can be hacked also.

In my view, the best way to minimize (not eliminate) fraudulent authentication is to employ multiple factors. While someone could create a fake face, or a fake driver’s license, or a fake location, the chances of someone faking ALL these factors are much lower than the chances of someone faking a single factor.

You knew the pitch was coming, didn’t you?

If your company has a story to tell about how your authentication processes beat all others, I can help.

Drive content results with Bredemarket Identity Firm Services.

U.S. Sports Betting Tax Revenue

On Tuesday, February 13, Adam Grundy (supervisory statistician in the U.S. Census Bureau’s Economic Management Division) published an article entitled “Quarterly Survey of State and Local Tax Revenue Shows Which States Collected the Most Revenue from Legalized Sports Betting.”

From https://www.census.gov/library/stories/2024/02/legal-sports-betting.html

According to Grundy:

New York was the state with the largest share of the nation’s tax revenue in the (third) quarter of 2023: $188.53 million or more than 37% of total tax revenue and gross receipts from sports betting in the United States. Indiana ($38.6 million) and Ohio ($32.9 million) followed.
From https://www.census.gov/library/stories/2024/02/legal-sports-betting.html.

Are you wondering why populous states such as California and Texas don’t appear on the list? That’s because sports betting is only legal in 38 states and the District of Columbia.

Sports betting in any form is currently illegal in California, Texas, Idaho, Utah, Minnesota, Missouri, Alabama, Georgia, South Carolina, Oklahoma, Alaska and Hawaii.
From https://www.forbes.com/betting/legal/states-where-sports-betting-is-legal/#states_where_sports_betting_is_illegal_section.

Sports betting was not legal in Florida during the 3rd quarter of 2023, but was subsequently legalized.

Which returns us to California and Texas, opposites in many ways, who are agreed in the opinion that sports betting is undesirable.

But the remaining states that allow sports betting need to ensure that the gamblers meet age verification requirements. (Even though they have a powerful incentive to let underage people gamble so that they receive more tax revenue.)

“Looks like the over-under for the NBA All-Star Game is 400, Mikey.” By Adrian Pingstone – Transferred from en.wikipedia, Public Domain, https://commons.wikimedia.org/w/index.php?curid=112727

If your identity/biometric firm offers an age verification solution, and you need content to publicize your solution, contact Bredemarket.

The Pros and Cons of Discriminating Your Product by Quantifying Your Benefits

Some firms make claims and don’t support them, while others support their claims with quantified benefits. But does quantifying help or harm the firms that do it? This pudding post answers this question…and then twists toward the identity/biometrics market at the end.

The “me too” players in the GCP market

Whoops.

In that heading above, I made a huge mistake by introducing an acronym without explaining it. So I’d better correct my error.

GCP stands for Glowing Carbonated Pudding.

I can’t assume that you already knew this acronym, because I just made it up. But I can assure you that the GCP market is a huge market…at least in my brain. All the non-existent kids love the scientifically advanced and maximally cool pudding that glows in the dark and has tiny bubbles in it.

Glowing Carbonated Pudding. Designed by Google Bard. Yeah, Google Bard creates images now.

Now if you had studied this non-existent market like I have, you’ll realize from the outset that most of the players don’t really differentiate their offerings. Here are a few examples of firms with poor product marketing:

Jane Spain GCP: “Trust us to provide good GCP.”
Betty Brazil GCP: “Trust us to provide really good GCP.”
Clara Canada GCP: “Trust us to provide great GCP.”

You can probably figure out what happened here.

The CEO at Betty Brazil told the company’s product marketers, “Do what Jane Spain did but do it better.”
After that Clara Canada’s CEO commanded, “Do what Betty Brazil did but do it better.” (I’ll let you in on a little secret. Clara Canada’s original slogan refereneced “the best GCP,” but Legal shot that down.)

Frankly, these pitches are as powerful as those offered by a 17x certified resume writer.

The quantified GCP

But another company, Wendy Wyoming, decided to differentiate itself, and cited independent research as its differentiator.

Wendy Wyoming Out of This World GCP satisfies you, and we have independent evidence to prove it!

The U.S. National Institute of Standards and Technology, as part of its Pudding User Made (PUM, not FRTE) Test, confirmed that 80% of all Wendy Wyoming Out of This World GCP mixes result in pudding that both glows and is carbonated. (Mix WW3, submitted November 30, 2023; not omnigarde-003)

Treat your child to science-backed cuisine with Wendy Wyoming Out of This World GCP!Wendy Wyoming is a top tier (excluding Chinese mixes) GCP provider.

But there are other competitors…

The indirect competitor who questions the quantified benefits

There are direct competitors that provide the same product as Wendy Wyoming, Jane Spain, and everyone else.

And then there are indirect competitors who provide non-GCP alternatives that can substitute for GCPs.

For example, Polly Pennsylvania is NOT a GCP provider. It makes what the industry calls a POPS, or a Plain Old Pudding Sustenance. Polly Pennsylvania questions everything about GCP…and uses Wendy Wyoming’s own statistics against it.

Fancy technologies have failed us.

If you think that one of these GCP puddings will make your family happy, think again. A leading GCP provider has publicly admitted that 1 out of every 5 children who buy a GCP won’t get a GCP. Either it won’t glow, or it’s not carbonated. Do you want to make your kid cry?

Treat your child to the same pudding that has satisfied many generations. Treat your child to Polly Pennsylvania Perfect POPS.

Pennsylvania Perfect remembers.

So who wins?

It looks like Polly Pennsylvania and Wendy Wyoming have a nasty fight on their hands. One that neck-deep marketers like to call a “war.” Except that nobody dies. (Sadly, that’s not true.)

Some people think that Wendy Wyoming wins because 4 out of 5 of their customers receive true GCP.
Others think that Polly Pennsylvaia wins because 5 out of 5 of their customers get POPS pudding.

But it’s clear who lost.

All the Jane Spains and Betty Brazils who didn’t bother to create a distinctive message.

Don’t be Jane Spain. Explain why your product is the best and all the other products aren’t.

Copying the competition doesn’t differentiate you. Trust me.

From https://www.yourgreenpal.com/blog/is-there-an-uber-for-lawn-care

The “hungry people” (target audience) for THIS post

Oh, and if you didn’t figure it out already, this post was NOT intended for scientific pudding manufacturers. It was intended for identity/biometric firms who can use some marketing and writing help. Hence the references to NIST and the overused word “trust.”

If you’re hungry to kickstart your identity/biometric firm’s written content, click on the image below to learn about Bredemarket’s services.

Are You ConTENT? Balance Your Critical List With Your Prospects’ Critical Lists

Normally I talk about CONtent, but today I’m talking about conTENT. (OK, a little bit about CONtent also.)

There are many prospects that may be CRITICALLY IMPORTANT (the highest of my three levels of importance) to your firm—perhaps too many. You can reduce your firm’s list of critically important prospects without losing them altogether. The extra time you receive benefits your firm and your TRUE critically important prospects. And eventually the other prospects may come around anyway.

Let them

You may pursue a prospect because you perceive they have a need. For example, there are identity/biometric companies that have not blogged in over a year, and these companies obviously have a need to increase their visibility with their own prospects by blogging.

But what if the identity/biometric prospects are not HUNGRY to satisfy that need? (Hungry people = true target audience.) Addressing the need may even be “important” to the prospects—but not CRITICALLY important.

Now I can create (and have created) content addressing this need and how to fill it. If a prospect searches for this content, they will find it.
I can even proactively initiate direct contact with these prospects, and maybe even contact them a second time.

But in most cases a prospect may respond with a “not interested” message—if the prospect even responds at all.

Mel Robbins has a response to this.

“Let them.”

When you “Let Them” do whatever it is that they want to do, it creates more control and emotional peace for you and a better relationship with the people in your life.
From https://www.melrobbins.com/podcasts/episode-70.

If the prospect is not hungry for your services at this time, let them.

Trying to feed a non-hungry person can have catastrophic consequences. From https://flish.uk/blog/external/2019/09/have-you-seen-the-entire-mr-creosote-sketch-from-monty-pythons-the-meaning-of-life.

And at the same time move the prospect from your “critically important” category down to your “important” category. Focus on the critically important prospects, and be content (conTENT) with them rather than stressing out over the uncontrollable prospects.

But don’t eliminate the merely important prospects entirely, because some day they may become hungry for your services. Continue creating content (CONtent) such as your own blogs, plus social media without messaging the merely important people directly. When they DO get hungry, they will emerge from your trust funnel and contact YOU, asking for your services.

Becoming conTENT

What happens when you, in the words of Mel Robbins, “let them”?

You’re focused, your true critically important prospects are happy that you’re paying attention to them, your merely important prospects are happy that you’re no longer pestering them…

…and everyone is conTENT.

When Educational Identity Practices Don’t Meet the Future of Privacy Forum Pledge

When education vendors say that they protect the identities of their customers, but they don’t, bad things can happen. Illuminate Education discovered this the hard way.

On Monday, Thomas O’Malley shared the 2023 Comparitech article “US schools leaked 32 million records in 2,691 data breaches since 2005.” These leaks were due to large-scale breaches such as Illuminate Education and Blackbaud, as well as many other breaches, and affected institutions at all educational levels.

The December 2021 Illuminate Education data breach was first reported in January 2022, and by September was revealed to have affected schools across the country, exposing students’ names, birthdates, and other personal identifiable information (PII).

Two attempted class action lawsuits against Illuminate Education have been defeated. But there has still been fallout:

(The Future of Privacy Forum) initiated a review, seeking to determine whether (Illuminate Education’s) practices were and are consistent with its Pledge commitments, specifically with respect to technological safeguards in place to protect the security of data. Publicly available information appears to confirm that Illuminate Education did not encrypt all student information while at rest and in transit. Such a failure to encrypt would violate several Pledge provisions…
From https://studentprivacypledge.org/news/fpf-drops-illuminate-education-from-student-privacy-pledge/.

As a result of its inability to confirm that Illuminate Education practiced recommended data encryption practices, the Future of Privacy Forum “removed Illuminate Education from the list of Student Privacy Pledge signatories.” As of January 23, 2024, Illuminate Education’s status as a signatory has not been restored.

Can a company’s status as a Future of Privacy Forum signatory guarantee that they take all necessary steps to protect educational identity data? Of course not; perhaps there are unknown data protection failures by a signatory, and conversely a company may implement stellar policies but just never bothered to sign on the dotted line.

But presence or absence on the FPF signatories list can serve as a positive or negative risk indicator.