Back in 2021, it seemed that I was commenting on the EU Digital COVID Certificate (EUDCC) ad nauseum. The EUDCC is the “vaccine passport” that was developed to allow people in member EU countries to prove their COVID vaccination status in another EU country.
August 2021 was the last time that I wrote about the EUDCC in the Bredemarket blog. Until now.
Enter…WHO?
You know how standards are adopted by brute force from big players? Well, one big player has forced itself into the discussion. That player is the World Health Organization, commonly known as WHO.
Stella Kyriakides, the European commissioner for health and food safety (announced) that the voluntary certificate program has already been taken up by almost 80 countries.
Last I checked there were not 80 countries in the EU. So this health standards thing took off after the initial hiccups. Although the Wikipedia list of non-EU adopting countries does not include two big players—the United States and China (the same two countries I cited in my August 2021 post).
WHO’s Global Digital Health Certification Network is an open-source platform, built on robust & transparent standards that establishes the first building block of digital public health infrastructure for developing a wide range of digital products for strengthening pandemic preparedness and to deliver better health for all….
The GDHCN is builds (sic) upon the experience of regional networks for COVID-19 Certificates and takes up the infrastructure and experiences with the digital European Union Digital COVID Certificate (EU DCC) system, which has seen adoption across all Member States of the EU as well as 51 non-EU countries and territories. The GDHCN has been designed to be interoperable with other existing regional networks (e.g., ICAO VSD-NC, DIVOC, LACPass, SMART Health Cards) specifications.
On the surface it sounds great, but we’ll see what happens when it goes live (Borak states that the go-live date is July 1).
And we’ll see how it expands:
To facilitate the uptake of the EU DCC by WHO and contribute to its operation and further development, WHO and the European Commission have agreed to partner in digital health.
This partnership will work to technically develop the WHO system with a staged approach to cover additional use cases, which may include, for example, the digitisation of the International Certificate of Vaccination or Prophylaxis. Expanding such digital solutions will be essential to deliver better health for citizens across the globe.
Are you an executive with a small or medium sized identity/biometrics firm?
If so, you want to share the story of your identity firm. But what are you going to say?
How will you figure out what makes your firm better than all the inferior identity firms that compete with you?
How will you get the word out about why your identity firm beats all the others?
Are you getting tired of my repeated questions?
Are you ready for the answers?
Your identity firm differs from all others
Over the last 29 years, I (John E. Bredehoft of Bredemarket) have worked for and with over a dozen identity firms, either as an employee or as a consultant.
You’d think that since I have worked for so many different identity firms, it’s an easy thing to start working with a new firm by simply slapping down the messaging that I’ve created for all the other identity firms.
The messaging that I created in my various roles at IDEMIA and its corporate predecessors was dramatically different than the messaging I created as a Senior Product Marketing Manager at Incode Technologies, which was also very different from the messaging that I created for my previous Bredemarket clients.
IDEMIA benefits such as “servicing your needs anywhere in the world” and “applying our decades of identity experience to solve your problems” are not going to help with a U.S.-only firm that’s only a decade old.
Similarly, messaging for a company that develops its own facial recognition algorithms will necessarily differ from messaging for a company that chooses the best third-party facial recognition algorithms on the market.
So which messaging is right?
It depends on who is paying me.
How your differences affect your firm’s messaging
When creating messaging for your identity firm, one size does not fit all, for the reasons listed above.
The content of your messaging will differ, based upon your differentiators.
For example, if you were the U.S.-only firm established less than ten years ago, your messaging would emphasize the newness of your solution and approach, as opposed to the stodgy legacy companies that never updated their ideas.
And if your firm has certain types of end users, such as law enforcement users, your messaging would probably feature an abundance of U.S. flags.
In addition, the channels that you use for your messaging will differ.
Identity firms will not want to market on every single social media channel. They will only market on the channels where their most motivated buyers are present.
That may be your own website.
Or LinkedIn.
Or Facebook.
Or Twitter.
Or Instagram.
Or YouTube.
Or TikTok.
Or a private system only accessible to people with a Top Secret Clearance.
It may be more than one of these channels, but it probably won’t be all of them.
But before you work on your content or channels, you need to know what to say, and how to communicate it.
How to know and communicate your differentiators
As we’ve noted, your firm is different than all others.
How do you know the differences?
How do you know what you want to talk about?
How do you know what you DON’T want to talk about?
Here are three methods to get you started on knowing and communicating your differentiators in your content.
Method One: The time-tested SWOT analysis
If you talk to a marketer for more than two seconds about positioning a company, the marketer will probably throw the acronym “SWOT” back at you. I’ve mentioned the SWOT acronym before.
For those who don’t know the acronym, SWOT stands for
Strengths. These are internal attributes that benefit your firm. For example, your firm is winning a lot of business and growing in customer count and market share.
Weaknesses. These are also internal attributes, but in this case the attributes that detract from your firm. For example, you have very few customers.
Opportunities. These are external factors that enhance your firm. One example is a COVID or similar event that creates a surge in demand for contactless solutions.
Threats. The flip side is external factors that can harm your firm. One example is increasing privacy regulations that can slow or halt adoption of your product or service.
If you’re interested in more detail on the topic, there are a number of online sources that discuss SWOT analyses. Here’s TechTarget’s discussion of SWOT.
The common way to create the output from a SWOT analysis is to create four boxes and list each element (S, W, O, and T) within a box.
Once this is done, you’ll know that your messaging should emphasize the strengths and opportunities, and downplay or avoid the weaknesses and threats.
Or alternatively argue that the weaknesses and threats are really strengths and opportunities. (I’ve done this before.)
Method Two: Think before you create
Personally, I believe that a SWOT analysis is not enough. Before you use the SWOT findings to create content, there’s a little more work you have to do.
I recommend that before you create content, you should hold a kickoff of the content creation process and figure out what you want to do before you do it.
During that kickoff meeting, you should ask some questions to make sure you understand what needs to be done.
I’ve written about kickoffs and questions before, and I’m not going to repeat what I already said. If you want to know more:
Now that you’ve locked down the messaging, it’s time to actually create the content that differentiates your identity firm from all the inferior identity firms in the market. While some companies can proceed right to content creation, others may run into one of two problems.
The identity firm doesn’t have any knowledgeable writers on staff. To create the content, you need people who understand the identity industry, and who know how to write. Some firms lack people with this knowledge and capability.
The identity firm has knowledgeable writers on staff, but they’re busy. Some companies have too many things to do at once, and any knowledgeable writers that are on staff may be unavailable due to other priorities.
This is where you supplement you identity firm’s existing staff with one or more knowledgeable writers who can work with you to create the content that leaves your inferior competitors in the dust.
What is next?
So do you need a knowledgeable biometric content marketing expert to create your content?
One who has been in the biometric industry for 29 years?
One who has been writing short and long form content for more than 29 years?
Are you getting tired of my repeated questions again?
Well then I’ll just tell you that Bredemarket is the answer to your identity/biometric content marketing needs.
Are you ready to take your identity firm to the next level with a compelling message that increases awareness, consideration, conversion, and long-term revenue? Let’s talk today!
My compulsion to share stuff about identity and biometrics, which you can see if you visit my Bredemarket Identity Firm Services LinkedIn page and Facebook group.
Unfortunately for us, 90% of the song deals with the negative aspects of a person obsessing over another person. If you pick through the lyrics of the Animotion song “Obsession” and forget about what (or who) the singer is obsessing about, you can find isolated phrases that describe how an obsession can motivate you.
“I cannot sleep”
“Be still”
“I will not accept defeat”
But thankfully, there are more positive ways to embrace an obsession.
Justin Welsh on embracing an obsession
While Justin Welsh’s July 2022 post “TSS #028: Don’t Pick a Niche. Embrace an Obsession” is targeted for solopreneurs, it could just as easily apply to those who work for others. Regardless of your compensation structure, why do you choose to work where you do?
For Welsh, the practice of picking a niche risks commoditization.
They end up looking like, sounding like, and acting like all of their competition. The internet is full of copycats and duplicates.
(For example, I’d bet that all of the people who are picking a niche know better than to cite the Animotion song “Obsession” in a blog post promoting their business.)
Perhaps it’s semantics, but in Welsh’s way of thinking, embracing an obsession differs from picking a niche. To describe the power of embracing an obsession, Welsh references a tweet from Daniel Vassalo:
Find something you want to do really badly, and you won’t need any goals, habits, systems, discipline, rewards, or any other mental hacks. When the motivation is intrinsic, those things happen on their own.
Find something you want to do really badly, and you won’t need any goals, habits, systems, discipline, rewards, or any other mental hacks. When the motivation is intrinsic, those things happen on their own.
I trust you can see the difference between picking something you HAVE to do, versus obsessing over something you WANT to do.
What’s in it for you?
Welsh was addressing this post to me and people like me, and his message resonates with me.
But frankly, YOU don’t care about me and about whether I’m motivated. All that you care about is that YOU get YOUR content that you need from me.
So why should you care what Justin Welsh and Daniel Vassllo told me?
The obvious answer is that if you contract with Bredemarket for your marketing and writing services, you’ll get a “pry my keyboard out of my cold dead hands” person who WANTS to write your stuff, and doesn’t want to turn the writing process over to some two-year-old bot (except for very small little bits).
I’m still working on my TikTok generative AI dance. (Don’t hold your breath.)
“Pry my keyboard,” indeed.
Do you need someone to obsess over YOUR content?
Of course, if you need someone to write YOUR stuff, then I won’t have time to work on a TikTok dance. This is a good thing for me, you, and the world.
As I’ve stated elsewhere, before I write a thing for a Bredemarket client, I make sure that I understand WHY you do what you do, and understand everything else that is relevant to the content that we create.
As I work on the content, you have opportunities to review it and provide your feedback. This ensures that both of us are happy with the final copy.
And that your end users become obsessed with YOU.
So if you need me to create content for you, please contact me.
Does your identity business provide biometric or non-biometric products and services that use finger, face, iris, DNA, voice, government documents, geolocation, or other factors or modalities?
Does your identity business need written content, such as blog posts (from the identity/biometric blog expert), case studies, data sheets, proposal text, social media posts, or white papers?
How can your identity business (with the help of an identity content marketing expert) create the right written content?
I’ve spent the first two entries in this post series (Part One, Part Two) talking about my compulsion to share identity information to Slack or LinkedIn or other places.
And you’re probably asking a very important question.
So what?
Talking about my compulsion isn’t really a good customer-focused thing to do.
Unless my compulsion benefits you in some say.
And for some of you, it does.
If you are a professional in the identity industry, you want to remain up-to-date on all the goings-on. And there are a number of sources that provide that information. But in many cases, you have to read the entire article.
That’s where my long-established practice of quoting excerpts can help.
Through force of habit, most of my shares to the Bredemarket Identity Firm Services LinkedIn showcase page begin with a relevant excerpt, and sometimes I include an editorial comment based on my 25-plus years in the identity industry. If the excerpt (and/or editorial) interests you, you can click on the link and read the article. If the excerpt/editorial doesn’t interest you, you can skip the article entirely.
And it also touched upon my compulsion to share stuff. Specifically, articles about identity.
I’ve already told how I’ve created or managed five services over the years to share identity industry information, but I’ve never told any of the behind the scenes story regaridng the creation of the fifth identity information service. This one was created for Incode Technologies, which was (and is) very different from Bredemarket, and very different from IDEMIA, Safran, and Motorola.
Behind the scenes on the fifth identity information service
By the time I joined Incode, I had spent much of my life as an employee working for large bureaucratic multinational companies.
I worked for Motorola when there was only one Motorola.
MorphoTrak was part of the huge Safran Group (until it wasn’t).
IDEMIA was, and is, a combination of dozens of previously independent companies that eventually merged into one big firm.
I was used to process. Motorola WAS process, and Safran and IDEMIA weren’t slouches at process either. You can’t build aircraft parts just by, um, winging it.
But now I found myself at Incode, a rapidly growing startup. It used (and uses) newer tools that didn’t even exist when I worked for Motorola. For example, it used Slack as one of its primary methods to communicate with employees.
As I perused the Slack channels offered at my new employer, a new idea popped into my mind. OK, it was actually a pretty old idea from my perspective, but it would be new to my coworkers.
“Why don’t I create a Slack channel devoted to identity industry information?”
But of course one does not simply create a corporate Slack channel.
Before establishing a Slack channel on a corporate platform, I knew (with the same certainty professed by certain generative AI services) that you obviously need to go through a lengthy approval process. You probably have to get signatures from the corporate headquarters, IT, and probably a few other organizations besides. I mean, I knew this, based upon extensive data that I had acquired up to 2021. (Actually mid-2022, but some of you get the reference.)
So I went to my boss Kevin, told him I wanted to create a Slack channel for identity industry information, and asked him what the official Incode approval process was to create the channel.
(And you wonder why my younger marketing coworkers said “OK Boomer” to me at times.)
Kevin was a patient boss. I don’t know what was going through his mind when I asked the question, but he simply smiled and said, “Just create it. And if no one uses it in a couple of weeks, just delete it.”
(They didn’t do that in La Défense or Issy-les-Moulineaux or Schaumburg, or even in Reston or Billerica or Alexandria or Tacoma or Anaheim or Irvine.)
So I did simply create the new corporate Slack channel, posting articles of interest to it, and letting my coworkers know about the channel’s existence.
And soon other people started posting to the channel.
And soon people other than myself were inviting other people to the channel.
I didn’t delete it.
So the fifth identity information service took off, and I settled into a routine. On many mornings, I did the one thing that experts say you shouldn’t do. I started my morning by reading my corporate email.
And as I read my various alerts and emails I’d find articles of interest, identify a brief excerpt that encapsulated the main point of the article, and share the excerpt (occasionally with an editorial comment) and article to the Slack channel.
Compulsively.
Of course, because I was devoting time to the company-only fifth identity information service, the Bredemarket LinkedIn showcase page (the fourth identity information service) wasn’t receiving that much attention. Bredemarket wasn’t doing any identity consulting anyway, so I was spending my limited Bredemarket time pursuing other markets. And pouring my identity compulsion into Incode’s Slack channel.
Then on Tuesday my routine was shattered. For purposes of this post, I’ll simply say that I no longer had access to that fifth identity information service, or to any of Incode’s Slack channels.
But I still had my identity information sharing compulsion.
I was still reading articles (albeit from other sources), and I still had the urge to share them on the Slack channel, but then I remembered that I couldn’t.
That’s when I started hearing the plaintive call of the wildebeest.
My old forgotten friend the wildebeest was soothingly telling me that I could go back to the fourth identity information service and share identity stuff there again.
I hadn’t shared anything to that Bredemarket LinkedIn showcase page in over two weeks. But starting that Tuesday, I started sharing several items a day, successfully redirecting my compulsion and sharing to a new target.
So what? I’ll explain why this whole story is important to YOU in Part Three.
Often I write my Bredemarket posts to target a specific audience. Technologists. Leaders of businesses in California’s Inland Empire. People who like wildebeests.
Well, this post series is specifically targeted to people who follow the LinkedIn showcase page Bredemarket Identity Firm Services. By the time you finish reading this post series, you may choose to follow the page also.
When people scan the posts on that LinkedIn showcase page, they’ll see that earlier in the year, I was posting infrequently, and then a few days ago I started posting all sorts of stuff on the page.
In this case Heston was talking about guns; he was giving a speech to the National Rifle Association.
But that “cold, dead hands” line can be applied to other things, as I did when I created the Bredemarket website about three years ago and created the “Writing, writing, writing” section of the “Who I Am” page.
I am John E. Bredehoft, and I have enjoyed writing for a while now.
And for a while I’ve been able to make a living at it. With the exception of my first jobs as a paperboy and a library assistant, every one of my positions has required some level of writing. Articles for my college newspaper. User manuals. Zines (in my previous brief foray into business, Gresham Press.) Requests for proposals. Responses to requests for proposal. Marketing requirements documents. And other documents that I’ll address a little bit later.
And when I wasn’t getting paid to write, I was writing for free. A college dorm newspaper, the Eastport Enquirer. Nearly a dozen personal blogs since 2003, a few of which are still running. Two professional blogs.
I guess I’m a “you can pry my keyboard out of my cold dead hands” type.
When keeping your websites updated, I advise you to do as I say, not as I do. Two of my websites were significantly out of date and needed hurried corrections.
I realized this morning that the “My Experience” page on my jebredcal website was roughly a year out of date, so I hurriedly added content to it. Now the page will turn up in searches for the acronym “ABM” (OK, maybe not on the first page of the search results).
Now this is not the most robust proof of identity. As I recently noted in my JEBredCal blog (one of my other Google identities), it’s extremely easy for multiple people to use this day pass at different times during the day. Even the 7-day and 31-day passes, which must be signed and may be compared against an identity document, are not necessarily free from fraud.
However, this is not critical to Omnitrans, who would rather put up with a small amount of fraud than inconvenience its riders with multiple identity checks.
Identity proofing is more critical in some situations than it is in others.
Of course, if Omnitrans really wanted to, it could achieve the need for fraud prevention by using relatively frictionless forms of identity proofing. Rather than demaning to see a rider’s papers, Omnitrans could use passive methods to authenticate its riders. I won’t go into all the possible methods and their pros and cons here.
However, I would like to explore one possible identity proofing method to see if it would solve the Omnitrans pass use issue.
You’ll recall that many identity experts recognize five factors of authentication:
Something you know.
Something you are.
Something you have.
Something you do.
Somewhere you are.
Well, because I felt like it, I proclaimed a sixth factor of authentication.
Why?
I said, because I felt like it!
Whoops, “why?” is the sixth authentication factor. I still haven’t rendered it into the “somexxx you xxx” format yet.
Can Omnitrans use the “why?” factor to test the reasonableness that any particular trip is performed by the person who originally bought the pass?
Possibly.
Applying the “why?” question to bus boarding data
Assume the most challenging scenario, in which Omnitrans knows nothing about the person who purchases a 31-day pass. The person pays in cash and is wearing a face mask and sunglasses throughout the entire transaction. Therefore, the only identity information associated with the pass is the location where the pass was purchased, the date/time it was purchased, and some type of pass identification number. For this example, we’ll assume the pass number is 12345.
So Omnitrans really doesn’t know anything of importance about the holder of pass 12345…
…other than how it is used.
I’m making the assumption that Omnitrans logs information about every use of a pass. Since you don’t need to use your pass when you leave the bus, the only information available is when you board the bus.
So let’s look at some fake data.
Date and Time
Bus
Location
Monday, July 25, 2022, 6:39 am
87
Euclid & Holt, Ontario
Monday, July 25, 2022, 6:35 pm
87
Amazon LGB3, Eastvale
Tuesday, July 26, 2022, 6:39 am
87
Euclid & Holt, Ontario
Tuesday, July 26, 2022, 6:35 pm
87
Amazon LGB3, Eastvale
Wednesday, July 27, 2022, 8:42 am
87
Euclid & Holt, Ontario
Wednesday, July 27, 2022, 6:35 pm
87
Amazon LGB3, Eastvale
Thursday, July 28, 2022, 6:39 am
87
Euclid & Holt, Ontario
Thursday, July 28, 2022, 6:35 pm
87
Amazon LGB3, Eastvale
Thursday, July 28, 2022, 7:20 pm
61
Plum & Holt, Ontario
Thursday July 28, 2022, 9:52 pm
61
Ontario Mills, Ontario
Friday, July 29, 2022, 6:39 am
87
Euclid & Holt, Ontario
Friday, July 29, 2022, 8:35 am
87
Amazon LGB3, Eastvale
Friday, July 29, 2022, 10:00 am
66
Vineyard & Foothill, Rancho Cucamonga
Friday, July 29, 2022, 11:26 am
14
Fontana Metrolink
Friday, July 29, 2022, 11:53 am
82
Fontana Metrolink
Friday, July 29, 2022, 12:08 pm
66
Fontana Metrolink
Hypothetical logging of trips on Omnitrans Pass 12345.
Even if you are not familiar with California’s Inland Empire, you can probably classify these trips into the following categories:
Trips that are probably legitimate.
Trips that may or may not be legitimate.
Trips that are probably fraudulent.
Trips that are definitely fraudulent.
For the most part, you can’t know with certainty about the legitimacy of most of these trips. Here’s a story that fits the facts.
Jack Jones starts his new job at Amazon on Monday, and works Monday and Tuesday with no incident. Jack overslept on Wednesday and was written up. He made sure to arrive at work on time Thursday, and at the end of the day he celebrated with a dinner at a restaurant in the Ontario Mills shopping center. After arriving at work on Friday, Sara Smith picked his pocket and took his pass, fleeing the scene an hour later and making her way to Fontana. She creates several clones of the bus pass and sells them at a discount before fleeing herself. Therefore, all trips beginning on Friday at 8:35 am are fraudulent.
But that might not be the true story. This one also fits the facts.
Jack Jones starts his new job at Amazon on Monday, and works Monday and Tuesday with no incident. On Wednesday Jack calls in sick, but lets his housemate Bob Brown (who also works at Amazon) use his pass on Wednesday and Thursday. By Thursday evening, Jack is feeling better, retrieves his pass from his housemate, and goes to Ontario Mills for the evening. On Friday Jack goes to work and is fired. He boards the 87, misses his stop in Ontario, and stays on the bus until he reaches Rancho Cucamonga. Despondent, he decides to visit his friend in Fontana. However, his Fontana friend, Sara Smile, secretly created several clones of Jack’s bus pass and sells them at a discount. Therefore, the Wednesday trips, the Thursday day trips, and all Friday trips beginning at 11:26 am are fraudulent.
Or perhaps some other set of facts fit the data.
It’s possible that the pass was stolen before it was ever used and all of the trips are fraudulent.
Or perhaps every trip before arriving in Fontana is legitimate, but how can we tell which one (if any) of the three trips from Fontana was undertaken by the true passholder?
But the data that Omnitrans captured provides a way to challenge the pass holder for possibly fraudulent trips.
If Omnitrans is really suspicious for some reason, it may choose to challenge every trip that didn’t take place at the “regular” times of 6:39 am or 6:35 pm. “Why are you boarding the 87 bus at this hour of the morning?” “Why are you boarding the 61 bus?”
Or Omnitrans may assume that all of the trips are reasonable and don’t necessitate a challenge. Yes, someone can go to work late. Yes, someone can go to Ontario Mills for the evening. Well, all of them are reasonable until Friday at 11:53 am, when a passholder boards a bus at the same location where the same passholder supposedly departed at 11:26 am.
Now even if strict identity checks are used with the “why?” statement, the data alone can’t detect all fraud. If Jack Jones and Bob Brown both work the day shift at Amazon, but on alternate days, how can Omnitrans detect the days when Jack Jones leaves Ontario at 6:39 am, vs. the days when Bob Brown leaves Ontario at 6:39 am?
Again, no identity proofing method is 100% foolproof.
But the “why?” question may detect some forms of fraud.
Or are there really only five factors of authentication after all?
Now I’ll grant that “why?” might not be a sixth factor of authentication at all, but may fall under the existing “something you do” category. This factor is normally reserved for gestures or touches. For example, some facial liveness detection methods require you to move your head up, down, right, or left on command to prove that you are a real person. But you could probably classify boarding a bus as “something you do.”
Anyway, thank you for engaging my tangent. If I can think of a “why?” example that doesn’t involve something you do, I’ll post it here. That will help me in my hopeful (?) quest to become the inventor of the sixth factor of authentication.
What about the businesses in cities where my bus trips took place?
But back to the businesses in Ontario, Eastvale, Rancho Cucamonga, Fontana, and other cities: need some content help? I can create esoteric long-winded content like this, or (what you probably want) more concise, customer-focused content that conveys your important message. My regular work includes case studies, white papers, proposal services, and other types of content. If you need someone to help you create this content:
(UPDATE: I have indicated portions of this post that include speculation from myself and others.)
When I wrote “About THAT Reuters article” (specifically, the February 4 articlespeculating about a possible sale of IDEMIA by Advent International to Thales Group), I noted that I have no expertise in predicting corporate acquisitions.
However, I’ve experienced three of them, including Motorola’s acquisition of Printrak in 2000, Safran’s acquisition of Motorola’s Biometric Business Unit in 2008-2009, and Advent International’s acquisition of Safran’s Morpho unit in 2016-2017 (and Advent’s merger of Oberthur and Morpho to form OT-Morpho, later IDEMIA).
None of these was a simple matter of the acquiring company and the acquired company approving the acquisition. It was more complicated than that.
UPDATE 8/20/2025. I just had to disable browser notifications from two rogue sites. See bold paragraph below.
[UPDATE 8/20/2025: I have disabled the links below because the link now redirects to adware malware. Pity, because the original page was an excellent source of the negotiations between Printrak and Motorola.]
Even the most straightforward of the acquisitions that I experienced, the U.S. company Motorola’s acquisition of the U.S. company Printrak, required a number of government approvals.
Under the Hart-Scott-Rodino Antitrust Improvements Act of 1976, and the rules promulgated under the Hart-Scott-Rodino Act, Printrak, Acquisition Sub and Motorola cannot complete the Merger until they notify and furnish information regarding the acquisition of Printrak by Acquisition Sub to the Federal Trade Commission and the Antitrust Division of the U.S. Department of Justice and satisfy specified waiting period requirements. Printrak and Motorola (as the sole stockholder of Acquisition Sub) filed notification and report forms under the Hart-Scott-Rodino Act with the FTC and the Antitrust Division on September 26, 2000 and received early termination of the waiting period from the Federal Trade Commission effective October 11, 2000.
From [REDACTED]/Document/0000912057-00-045478/
And not just from the U.S. government.
In addition, Printrak and Motorola are required to furnish certain information and materials to the antitrust authorities of Argentina, Brazil, the Federal Republic of Germany, and Romania. Filings were made in Argentina on September 22, 2000, in Brazil on September 19, 2000 and in the Federal Republic of Germany on September 27, 2000. German antitrust authorities have one month after the parties file their application to review the transaction. During that one month period, they can either approve the transaction or initiate an examination of the transaction which could take an additional three months, during which time the parties cannot close the transaction. During this three month period, the antitrust authorities will either approve the transaction or prohibit it. Approval may be granted before the initial one month review or before the additional three month review period. If approved, the antitrust authorities can not later challenge the transaction under their merger law but could challenge the transaction under other provisions of their antitrust laws. Printrak and Motorola intend to make a post-closing filing in Romania as soon as practicable after the closing.
From [REDACTED]/Document/0000912057-00-045478/
Why did the Motorola acquisition of Printrak require all of those approvals? Because Printrak did business in these countries (and many others), and the governments of those particular countries wanted to exert control over who does business in their country. For example, Printrak was the automated fingerprint identification system (AFIS) supplier in Romania, and the government of Romania had a need to know what would happen if Motorola were to become the supplier of its AFIS. Would all of the fingerprints be replaced by batwings? Would the new owner require the Romanian employees to apply Six Sigma in their everyday lives? Would Romania have to use Iridium to communicate AFIS data?
Well, everyone in the U.S. and the other countries granted approval, and the Motorola acquisition of Printrak was eventually completed, although it took roughly three months to get all the approvals. I remember that we were at a trade show (IACP, I think) with Printrak signage, and received mid-show approval to string up Motorola banners after receiving final approval.
And that was the relatively EASY acquisition of the three that I experienced. The next one was harder.
CFIUS is an interagency committee authorized to review certain transactions involving foreign investment in the United States and certain real estate transactions by foreign persons, in order to determine the effect of such transactions on the national security of the United States.
Because Motorola not only sold fingerprint identification technology, an export controlled technology, but also managed law enforcement data for a number of states and (on a limited basis) for the U.S. Federal Bureau of Investigation and other federal government agencies.
Never mind the fact that France has been a long-standing ally of the United States. Heck, Israel is an ally of the U.S., and we didn’t like it when Israel spied on us.
CFIUS had to make sure that foreign control of Motorola’s biometric assets wouldn’t cause issues. Would French intelligence personnel steal all of the personal identifiable information (PII) from the AFIS databases in Minnesota, North Carolina, and other states?
Safran acquires other things
Eventually CFIUS decided that there was no critical threat and allowed the Safran acquisition of Motorola’s Biometric Business Unit to go through.
After all, it wasn’t like Motorola managed the main FBI criminal database, or state driver’s license databases, or anything like that.
You see, the main FBI criminal database, then known as IAFIS, was already managed by Safran.
And the state driver’s license databases were managed by neither Safran nor Motorola. A separate company, L-1 Identity Solutions, managed the majority of those databases.
So Safran’s acquisition of Motorola’s biometric assets was approved by all necessary government entities, and everyone was happy.
But Safran wasn’t done with its acquisitions, and a few years later acquired L-1 Identity Systems also. So now U.S. driver’s license production would be under French control.
This time around, CFIUS insisted on mitigating the effects of “Foreign Ownership, Control or Influence” (FOCI). Specifically, L-1 Identity Solutions (renamed “MorphoTrust”) was placed under a proxy structure, in which MorphoTrust’s Board of Directors was entirely composed of U.S. citizens. In addition, a number of MorphoTrust employees who were not U.S. citizens were shifted away from MorphoTrust to other Safran companies (most notably MorphoTrak, the company that contained the former Motorola Biometric Business Unit and other stuff).
By the way, I wrote about this before, but it’s in a Bredemarket Premium article so most of you can’t read it. Consider this information a freebie.
Even though they were owned by the same company, and used some of the same hardware components, MorphoTrust and MorphoTrak were managed separately. MorphoTrust had to log its contacts with foreigners, including U.S. employees of the foreign-owned MorphoTrak. Any transactions between MorphoTrust and MorphoTrak had to be carefully monitored to ensure that “foreign” components didn’t sneak their way into MorphoTrust products. And (most notably) because we couldn’t really talk to each other, MorphoTrust and MorphoTrak actually competed against each other on several occasions, including instances in which both subsidiaries proposed fingerprint livescan stations to the same customers.
But we were one big happy fractured family, and CFIUS was satisfied.
Well, until the next acquisition took place.
Advent International (and Oberthur) acquires part of Safran
Remember how I said that I couldn’t really predict acquisitions? After Safran acquired Motorola’s Biometric Business Unit, I thought I was home free. Printrak was the odd man out in Motorola, since our part of Motorola (later becoming Motorola Solutions) specialized in the sale of lots and lots of police radios, while we in Printrak specialized in the sale of a few AFIS systems. Once we joined Safran, we became part of a huge division (Sagem Sécurité, later known as Morpho) that ONLY performed identity functions.
So now an American investment firm would buy a French company.
You can bet that this required a round of approvals on both sides of the Atlantic.
France and the European Union certainly had an interest. As I noted in a recent post about Alaska’s HB389 bill, Advent International was not the sole owner; Advent had to bring the French government-owned entity Bpifrance on as a minority owner. And the European Union had to grant antitrust approval.
But on the U.S. side, CFIUS got involved again because MorphoTrust was part of the acquisition. Never mind the fact that MorphoTrust was now majority American-owned; MorphoTrust’s corporate parent was headquartered in France, and Bpifrance owned part of MorphoTrust.
So what happened?
MorphoTrust was removed from FOCI control, sort of, and merged with MorphoTrak and some parts of Oberthur to form IDEMIA Identity & Security USA LLC.
And my job became really complicated, because I, a former MorphoTrak employee, reported to someone who was a former MorphoTrust employee. And even though the U.S. part of IDEMIA (excluding IDEMIA NSS) was no longer FOCI-mitigated, some leftovers from the old MorphoTrust days were still around.
Initially there were still two separate computer networks, and I had to have access to both of them, which meant that I had to obtain a second computer from the Billerica, Massachusetts office to access the old MorphoTrust network. (Before obtaining that second computer, I had to undergo a security screening.)
Eventually the two separate networks went away…after I left IDEMIA. Actually, I’m not entirely certain that they COMPLETELY went away, but at least the email addresses were all standardized throughout the United States after I left. (Yes, I had two email addresses also.)
Two new complications when some future entity acquires IDEMIA
So what happens in the future? Reuters has speculated what may happen, and I am speculating also.
As I noted previously, Advent International acquires businesses, revamps them, and sells them (hopefully) at a profit.
So even if the Reuters article turns out to be factuallyincorrect, Advent is going to sell IDEMIA someday.
Based upon past acquisitions, I believe it is pretty likely that the French government is going to have some say in the sale. Reuters speculated that nothing will happen until after next month’s Presidential election in France. (See my LinkedIn post in Bredemarket Identity Firm Services about the French election.) The French President, whoever he or she may be when Advent finally tries to sell IDEMIA in 2022, 2023, or 2033, is going to exert control over who the final buyer will be. Perhaps the President may insist that IDEMIA be sold to a French company, or at least a European Union company.
And based upon past acquisitions, I believe it is pretty likely that the U.S. government is going to have some say in the sale. The U.S. President, whoever he or she may be when Advent tries to sell IDEMIA (again, whenever that may occur), is going to exert control over who the final buyer will be, because of the significant business that IDEMIA NSS and the rest of IDEMIA does with U.S. federal, state, and local government entities. Oh, and there’s also the matter of fingerprint identification export control.
But those are not the two complications that I’m talking about. There are two NEW complications.
Possible Complication Number One: IDEMIA has locations all over the world, including a location in Moscow.
As I write this post, a number of Western businesses are ceasing their business operations in Russia because of the war in Ukraine. This has caused issues with the Russian government.
As of Monday (March 14), at least 375 companies had announced some sort of pullback from Russia, according to a list maintained by the School of Management at Yale University. The list includes companies that have cut ties with Russia completely, as well as those that have suspended operations there while attempting to preserve the option to return.
According to multiple media reports, dozens of Western companies have been contacted by prosecutors in Russia with warnings that their assets, including production facilities, offices, and intellectual property, such as trademarks, may be seized by the government if they withdraw from the country.
Unless IDEMIA is acquired by a Russian company (which is extremely unlikely, given French and U.S. interests), anyone who acquires IDEMIA (or any company with Russian offices) has to consider how Russia will react. Will the Russian portion of the business be a total loss? Will Russian entities acquire IDEMIA intellectual property? (This would be ironic, considering some past allegations that have been made but not IMHO proven.)
But Russia isn’t the only potential complication of a sale of IDEMIA.
Possible Complication Number Two: IDEMIA also has locations in Beijing, Hong Kong, and Shenzen. And it’s possible that the Chinese government is going to have some interest in who IDEMIA’s future owner will be.
It is possible that China’s State Administration for Market Regulation (SAMR) might review any acquisition.
In early September of 2021, China’s competition authority, the State Administration for Market Regulation (“SAMR”) issued a report (“SAMR 2020 Report”) summarizing its Anti-Monopoly Law enforcement activities during the period covering the 13th Five-Year Plan (2016-2020).
While relations between the West and China are certainly better than current relations between the West and Russia, there is always an underlying tension in those relations. For example, if a Taiwanese company were to acquire IDEMIA, this could be considered a declaration of war.
And in the specific case of IDEMIA, the biometric algorithms from IDEMIA directly compete with biometric algorithms from China. The February 2022 printed version of the NIST FRVT 1:1 report indicates that dozens of tested facial recognition algorithms are of Chinese origin, including algorithms from Cloudwalk, Dahua, Fujitsu, Hikvision, Megvii, Sensetime, Tencent, Xforward, and a host of other companies and universities.
What if (again, I’m speculating) China decides to oppose an acquisition of IDEMIA unless it receives assurances that IDEMIA will not threaten the domestic Chinese biometric providers?
Conclusion
So whoever buys IDEMIA from Advent may have to pay attention to government regulators in the U.S., France, the European Union, and possibly Argentina, Brazil, China, Germany, Romania, and Russia.
Bredemarket 