Tag Archives: identity

(Bredemarket Premium) The big biometric firms and the even bigger tech firms

When I was part of an industry in which the three major players were my employer IDEMIA and its competitors NEC and Thales, I was always aware of a potential threat to these three multi-billion dollar biometric companies. Specifically, there were much, much bigger technology companies (both inside and outside of Silicon Valley) with huge resources and extensive artificial intelligence experience. These firms could put the three biometric firms out of business at any time.

By Syassine – Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=31368987

But is this threat a real threat? Or is it overstated?

Subscribe to get access

Subscribe to Bredemarket Premium to access this premium content.

  • Subscriptions just $5 per month.
  • Access Bredemarket’s expertise without spending hundreds or thousands of dollars.
Subscribe

(Bredemarket Premium) Watch a new security market evolve

Markets come and go.

When I first joined the biometrics industry in the 1990s, biometric benefits (welfare) applications were hot in the United States as states and localities deployed biometric verification solutions for benefits recipients.

President Bill Clinton signing welfare reform legislation in 1996. By http://www.socialsecurity.gov/history/welref.html, Public Domain, https://commons.wikimedia.org/w/index.php?curid=56156541

However, the landscape changed over the years, and most of those biometric systems have since been shut down.

Of course, new markets also appear.

Nokia 3310 3G (20180116). By Santeri Viinamäki, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=65577308

If someone had told me in 1994 that we would use biometrics to “unlock” our phones, I would have had no idea what the person was talking about. Why would we need to unlock our phone, anyway? Sure, if a thief grabbed my cell phone, the thief could make a long distance call to another state. But it’s not like the thief could access my bank account via an unlocked cell phone, right?

And there are other markets.

Subscribe to get access

Subscribe to Bredemarket Premium to access this premium content.

  • Subscriptions just $5 per month.
  • Access Bredemarket’s expertise without spending hundreds or thousands of dollars.
Subscribe

Franchisees and BIPA

In other contexts, I have written about the relationship between franchisors and franchisees, which in some respects is similar to the way gig drivers work “with” (not “for”) Uber, Lyft, and the like. In many cases, the products that are advertised by a particular company are not made by that company, but by a franchisee of that company who is entirely separate from the parent company, but who is responsible for doing things the way the parent company wants them done. If you’re a franchisee, you CAN’T…um…”have it your way.”

This Whopper probably wasn’t made by Burger King itself, but by a franchisee of Burger King. By Tokfo – Own work, CC0, https://commons.wikimedia.org/w/index.php?curid=37367904

Speaking of which, here is an example of an article that confuses franchisor and franchisee. The Buzzfeed article, in typical Buzzfeed style, is entitled “This Is What Happened After A Bunch Of Employees At A Burger King Quit.” (Because of malfunctioning air conditioning, a number of employees put in their two weeks’ notice, leaving a “We All Quit” sign as they left.) You have to read ANOTHER article (from NBC) to find this little statement:

“Our franchisee is looking into this situation to ensure this doesn’t happen in the future,” a Burger King spokesperson said.

Yes, the employees’…um…beef wasn’t with Burger King itself (or its Brazilian/Canadian/American parent Restaurant Brands International), but with whoever manages the local franchise.

Well, now this world of franchisors and franchisees has entered the biometric world, according to a post in Greensfelder, a self-described “franchising & distribution law blog.”

Greensfelder’s post starts by explaining to its readers what BIPA is (something you already know if you read MY blog) and how franchisees are affected.

Plaintiffs are suing both franchisors and franchisees. Franchisors are being sued for collecting the information themselves for their own employees and also for the actions of their franchisees on theories of joint and several liability, vicarious liability, agency and alter ego. A recently filed case alleges that a franchisor mandates and controls virtually every aspect of its franchise locations, including the use of certain equipment that collects biometric information to track employees’ time and attendance and to monitor cash register systems for fraud.

This benefits the lawyers, who get to collect double the damages by claiming that both the franchisor and the franchisee are separately liable.

Greensfelder’s takeaway for franchisors:

Franchisors should be careful about mandating franchisee use of biometric procedures and devices without first checking applicable law and also making sure that their own policies and procedures are in compliance with those laws.

I’m not sure who is providing takeaways for franchisees.

Other than the usual advice to read the franchise agreement very, very carefully.

Biometrics IS the financial sector

“Have to update my chart again.”

C. Maxine Most of Acuity Market Intelligence. From https://twitter.com/cmaxmost/status/1418306725510193152

Since I’m treading into financial territory here, I should disclose that Bredemarket has financial relationships with one or more of the companies mentioned in this post. This is not investment advice, do your own due diligence, bla bla bla.

CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=243386

I don’t monitor the market enough to know if this is part of an overall trend, but there has been a lot of biometric and digital identity investment recently. Both Biometric Update and FindBiometrics (and other publications such as FinLedger) have written about some of these recent investments, and IPVM has published its acquisition analysis (for subscribers only). Here’s a partial list of the biometric and/or digital identity companies who have received new funding (via investors, IPO, or acquisitions) recently:

I am not a financial expert (trust me on this), but I suspect that these companies are benefiting from two contradictory factors.

  • The apparent WANING of the COVID threat suggests better market performance in the future.
  • Some biometric and digital identity investments are very attractive precisely BECAUSE of the COVID threat, and the resulting attractiveness of remote and touchless technologies.

Of course, markets run in cycles, and it’s hard to predict if this is just the beginning of money flowing to biometrics/digital identity companies, or if all of this will suddenly come to a grinding halt. Remember how hot so-called “fever scanners” were a year ago, until their deficiencies were identified? And remember how Microsoft was prompted to divest from Anyvision not too long ago?

It’s possible that a number of external factors, such as an increase in government bans of facial recognition use, consumer resistance to digital identity, or the entry (or re-entry) of much larger players into the biometrics and/or digital identity markets, could dampen the revenue hopes for these funded companies.

Of course, investors are used to analyzing risk, and in many cases the investments with higher risk can yield the greater rewards.

It’s all just a game.

From https://ipdb.org/machine.cgi?id=1966. Fair use.

You will soon deal with privacy stakeholders (and they won’t care about the GYRO method)

(Part of the biometric product marketing expert series)

I’ve written about the various stakeholders at government agencies who have an interest in biometrics procurements- not only in this post, but also in a post that is available to Bredemarket Premium subscribers. One of the stakeholders that appeared on my list was this one.

The privacy advocate who needs to ensure that the biometric data complies with state and national privacy laws.

Broken Liberty: Istanbul Archaeology Museum. By © Nevit Dilmen, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=1115936

If you haven’t encountered a privacy advocate in your marketing or proposal efforts…you will.

Utah Gov. Spencer Cox has appointed Christopher Bramwell as the Department of Government Operations’ first privacy officer….As privacy officer, Bramwell will be responsible for surveying and compiling information about state agencies’ privacy practices to discern which poses a risk to individual privacy. He will also work with the personal privacy oversight commission and state privacy officer to provide government privacy practice reports and recommendations.

Obviously this affects companies that work with government agencies on projects such as digital identity platforms. After all, mobile driver’s licenses contain a wealth of personally identifiable information (PII), and a privacy advocate will naturally be concerned about who has access to this PII.

But what about law enforcement? Do subjects in law enforcement databases have privacy rights that need to be respected? After all, law enforcement agencies legally share PII all the time.

From https://www.facebook.com/UplandPolice/photos/pcb.5828261687245780/5828261513912464/

However, there are limitations on what law enforcement agencies can share.

  • First off, remember that not everyone in a law enforcement database is an arrested individual. For example, agencies may maintain exclusion databases of police officers and crime victims. When biometric evidence is found at a crime scene, agencies may compare the evidence against the exclusion database to ensure that the evidence does not belong to someone who is NOT a suspect. (This can become an issue in DNA mixtures, by the way.)
  • Second off, even arrested individuals have rights that need to be respected. While arrested individuals lose some privacy rights (for example, prisoners’ cells can be searched and prisoners’ mail can be opened), a privacy advocate should ensure that any system does not deny prisoners protections to which they are entitled.

So expect to see a raised concern about privacy rights when dealing with law enforcement agencies. This concern will vary from jurisdiction to jurisdiction based upon the privacy (and biometric) laws that apply in each jurisdiction, but vendors that do business with government agencies need to stay abreast of privacy issues.

A little more about stakeholders, or actors, or whoever

Whether you’re talking about stakeholders in a government agency, stakeholders at a vendor, or external stakeholders, it’s important to identify all of the relevant stakeholders.

Or whatever you call them. I’ve been using the term “stakeholders” to refer to these people in this post and the prior posts, but there are other common terms that could be used. People who construct use cases refer to “actors.” Marketers will refer to “personas.”

Whatever term you use, it’s important to distinguish between these stakeholders/actors/personas/whatever. They have different motivations and need to be addressed in different ways.

When talking with Bredemarket clients, I often need to distinguish between the various stakeholders, because this can influence my messaging significantly. For example, if a key decision-maker is a privacy officer, and I’m communicating about a fingerprint identification system, I’m not going to waste a lot of time talking about the GYRO method.

My time wouldn’t be wasted effort if I were talking to a forensic examiner, but a privacy advocate just wouldn’t care. They would just sit in silence, internally musing about the chances that a single latent examiner’s “green” determination could somehow expose a private citizen to fraud or doxxing or something.

This is why I work with my clients to make sure that the messaging is appropriate for the stakeholder…and when necessary, the client and I jointly develop multiple messages for multiple stakeholders.

If you need such messaging help, please contact Bredemarket for advice and assistance. I can collaborate with you to ensure that the right messages go to the right stakeholders.

Biometric (and other) authentication CAN be spoofed…but it isn’t easy

A few days ago, Liam Tung of ZDNet wrote an article entitled “Windows 10 security: Here’s how researchers managed to fool Windows Hello.”

Those who read the title of the article may conclude that biometrics is a terrible authentication method because it can be spoofed.

Just a picture of candy. Nothing special. By Jebulon – Own work, CC0, https://commons.wikimedia.org/w/index.php?curid=27753729

Well, until they come to the third paragraph of the article.

The attack is quite elaborate and would require planning, including being able to acquire an infrared (IR) image of the target’s face and building a custom USB device, such as a USB web camera, that will work with Windows Hello. The attack exploits how Windows 10 treats these USB devices and would require the attacker to have gained physical access to the target PC.

Of course, if the target is a really important target such as a world leader, it might be worth it to go to all of that effort to execute the attack.

However, the difficult attack would be much more difficult to execute if the authentication system required multiple biometrics, rather than just one.

And the attack would be even more difficult still if the authentication system employed multiple authentication factors, rather than the single “something you are” factor. If you have to spoof the fingerprint AND the face AND the driver’s license AND the five digit PIN AND the geolocation, and you don’t know in advance WHICH factors will be requested, it’s still possible to gain access, but it’s not easy.

(Bredemarket Premium) The multiple self interests of AFIS customers and vendors

In a prior post, I spent some time identifying the multiple stakeholders at a city police department (in my example, my hometown of Ontario, California) that is procuring an automated fingerprint identification system.

By Coolcaesar at the English-language Wikipedia, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=15739992

If I may recycle what I previously said, here are those stakeholders:

  • The field investigators who run across biometric evidence at the scene of a crime, such as a knife with a fingerprint on it or a video feed showing someone breaking into a liquor store.
  • The examiners who look at crime scene evidence and use it to identify individuals.
  • The people who capture biometrics from arrested individuals at livescan stations.
  • The information technologies (IT) people who are responsible for ensuring that Ontario, California’s biometric data is sent to San Bernardino County, the state of California, perhaps other systems such as the Western Identification Network, and the Federal Bureau of Investigation.
  • The purchasing agent who has to make sure that all of Ontario’s purchases comply with purchasing laws and regulations.
  • The privacy advocate who needs to ensure that the biometric data complies with state and national privacy laws.
  • The mayor (Paul Leon as I write this), who has to deal with angry citizens asking why their catalytic converters are being stolen from their vehicles, and demanding to know what the mayor is doing about it.
  • Probably a dozen other stakeholders that I haven’t talked about yet, but who are influenced by the city’s purchasing decision.

Why is this important? And who are the multiple stakeholders OUTSIDE of the city police department?

Subscribe to get access

Subscribe to Bredemarket Premium to access this premium content.

  • Subscriptions just $5 per month.
  • Access Bredemarket’s expertise without spending hundreds or thousands of dollars.
Subscribe

Subscribe to get access

Read more of this content when you subscribe today.

Subscribe

How livescan fingerprinting enrollment service providers win business

One of the tasks that I used to perform as an employee of IDEMIA was to track the state-by-state status of livescan fingerprinting enrollment services. And I soon discovered that enrollment services differed substantially from IDEMIA’s other major product lines.

This post describes the nuances in livescan fingerprinting enrollment services, the many players that are involved, the livescan technology, and (most importantly) how enrollment service providers win business.

Why enrollment services differ from driver’s license and AFIS services

At IDEMIA, I tracked the company’s presence in three major product lines (and a slew of others). And IDEMIA’s presence in each market differed depending upon the nuances of the markets.

  • For IDEMIA’s driver’s license services, there was only one provider for each state. Let’s face it, you can’t have two agencies issuing state driver’s licenses. (Although I guess this would satisfy someone’s libertarian fantasy.)
  • For IDEMIA’s automated fingerprint identification systems (AFIS), there was only one provider of law enforcement AFIS in each state. However, there were other statewide fingerprinting systems back in the days when fingerprints were used for welfare benefits, and a number of county and city law enforcement agencies had their own AFIS systems.
  • But for IDEMIA’s enrollment services, there could potentially be dozens or hundreds of small businesses that provided the service. All of this depended upon how the state authorized enrollment. In some states, only one private entity could provide enrollment services, while in some other states multiple private entities could do so.

Why we have enrollment services

So what are “enrollment services”? I’ll defer to my former employer IDEMIA and use the description from its IdentoGO website.

IdentoGO by IDEMIA provides a wide range of identity-related services with our primary service being the secure capture and transmission of electronic fingerprints for employment, certification, licensing and other verification purposes – in professional and convenient locations.

Of course IdentoGO isn’t the only “channeler” in town. A number of these small businesses that provide enrollment services are allied with Certifix Livescan, others with Thales (Gemalto), others with Fieldprint, others with Biometrics4All, and others with many other FBI-approved channelers.

And in some cases, you can go to your local police agency and have the police capture your fingerprints for enrollment purposes.

The Ripon (California) Police Department provides LiveScan fingerprinting service to the public. https://riponpd.org/?page_id=1226

The channelers, and the hundreds upon hundreds of local businesses that are supported by them, handle some or all of a variety of fingerprint verification tasks, including (depending upon the individual state or Federal regulations) banking, education, firearm permits, health care, insurance, legal services, real estate, social services, state employment, transportation, and many others.

  • The basic theory is that if you are, for example, applying for a banking position, your fingerprints are searched against the FBI’s fingerprint database to make sure you don’t have a prior fraud conviction.
  • Or if you’re applying for an education position, you weren’t previously convicted of committing a crime at a school or with children.
  • Or if you’re applying for a transportation position, those multiple drunk driving convictions may cause a problem.

You get the idea.

Who are the end enrollment service providers?

So who are these small business owners who offer these livescan fingerprinting enrollment services?

In most cases, enrollment services are an add-on to a small firm’s existing business.

  • Maybe the business is a travel agency, and it offers fingerprinting along with other travel-related services (such as passport photos).
  • Maybe the business is a tax preparation service.
  • Maybe it’s an insurance agency.

So the business buys or leases a desktop livescan station, aligns with one of the major channelers, gets the necessary state approvals (in California, from the Office of the Attorney General), and waits for the applicants to…well, apply.

Livescan fingerprint capture isn’t idiot-proof, but if I can do it, you probably can also

“But wait,” you may say. “Isn’t the capture of fingerprints a specialized process requiring substantial forensic knowledge?”

She’s not a CSI, but she played one on TV. By Source, Fair use, https://en.wikipedia.org/w/index.php?curid=17752707

While you do need to take care to capture fingerprints correctly, livescan systems have dramatically improved in quality, allowing a travel agent or insurance agent to capture high-quality prints.

(I’ll let you in on a little secret: even the law enforcement officers who capture livescan prints from criminals don’t necessarily have years of experience in fingerprint capture.)

As someone who has worked with livescan systems since the mid 1990s, I can attest to the dramatic improvements in livescan technology. I wasn’t around in the early 1990s when Printrak and Digital Biometrics partnered to provide an AFIS-compatible livescan, but I was certainly around when Printrak introduced its own livescan, the LiveScan Station 2000 (LSS 2000), that competed with Digital Biometrics, Identix, and other livescan providers. (Today, former competitors Digital Biometrics, Identix, and Printrak are all part of a single company, IDEMIA.) The LSS 2000 used a Printrak-manufactured capture device attached to a computer running Digital UNIX.

By the time I became a product manager (not for livescans, but for AFIS servers), Motorola introduced two new livescan devices, the LiveScan Station 3000U and the LiveScan Station 3000N. (The “U” stood for Unix, the “N” for the Windows NT family.) The capture device for these two workstations was manufactured by Heimann Biometric Systems, which through a series of subsequent mergers is now part of HID Global.

When you’re an employee of a fingerprinting company, you’re often asked to participate in fingerprint scanner tests. (At least you were in the days before GDPR and CCPA.) So the livescan engineers decided to compare the capture quality of the LSS 2000, the LSS 3000U, and the LSS 3000N. I joined several others in participating in the scanner tests.

But I ran into a problem.

At the time that I participated in this scanner test, I had been working with paper for about two decades, and as a result of this and other things I have very light fingerprints. This isn’t an issue if you’re using a subdermal fingerprint capture system (Lumidigm, one manufacturer of such systems, was also acquired by HID Global), but it’s definitely an issue with the average optical system.

Oh, and did I mention that we were capturing our OWN fingerprints as part of this test? Rather than getting a trainer or someone with law enforcement experience to take our prints, this motley assemblage of marketers and engineers was following the DIY route.

With the result that the fingerprints that I captured on the LSS 2000 were pretty much unusuable.

But the later generation LSS 3000 prints looked a lot better. (I believe that the LSS 3000N prints were the best, which heralded the last hurrah for UNIX workstations in the AFIS world, as Windows computers proved their ability to perform AFIS work.)

And of course time has not stood still since those experiments in the early 2000s. (Although you can still buy a LiveScan 3000N today, for the price of $1.00.)

LiveScan 3000N, offered for sale at https://www.propertyroom.com/l/morphotrak-finger-print-scanner-camera/14061023

Today you can buy livescan stations that capture prints at 1000 pixels per inch (ppi), 4 times the resolution of the 500 ppi stations that were prevalent in the 1990s and early 2000s. And frankly, that are still prevalent today; most law enforcement agencies see no need to buy the more expensive 1000 ppi stations, so 500 ppi stations still prevail.

So how does a customer select a livescan fingerprinting enrollment service provider?

So let’s say a customer is applying for a position at a bank or at a school or somewhere else that asks for a fingerprint check. In the state of California, there’s not just one place that you can go to get this service. For example, there are probably a dozen or more enrollment service providers within a few miles of Bredemarket’s corporate headquarters in Ontario.

So how does a customer select a livescan fingerprinting enrollment service provider?

Well, customers do so just like they do with any other business.

IdentoGO Mobile Enrollment RV. https://www.identogo.com/mobile-enrollment-rv
  • Maybe they saw a picture of the IdentoGO RV and that caused “IdentoGO” to stick in their mind when searching for an enrollment service provider.
  • Or maybe they’re driving down a street in the neighborhood and they see a sign that mentions “livescan fingerprinting.”
  • Or maybe they’re on Facebook and see a page that promotes a specific livescan fingerprint enrollment service provider.

The key for the enrollment service provider, of course, is to make sure that your message stays top of customer’s mind when the time comes for the customer to need your service.

  • Your message needs to appear where the customer will see it.
  • Your message has to speak to the customer’s needs.
  • And your message must explain how to obtain the service. Does the customer have to make an appointment? If so, how does the customer make the appointment?

If the customer never sees your message, it’s going to be a lot harder for the customer to use your business. While the California Office of the Attorney General does include a list of all of the authorized livescan fingerprinting providers in California, and all of the various channelers maintain their own lists, neither the Attorney General nor your friendly channeler is going to necessarily direct someone to YOUR business.

You need to let your customers know of your existence, and WHY your service BENEFITS them as opposed to the service down the street.

Bredemarket can help.

If you provide livescan fingerprinting enrollment services and need experienced and knowledgeable help in getting your message out to your customers, contact me:

How 6 CFR 37 (REAL IDs) exhibits…federalism

The United States, like some other countries, reserves some responsibilities to lower subdivisions of the country, in this case the states. This concept is enshrined in the 10th Amendment to the Constitution:

The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.

The 10th Amendment basically means that unless the Constitution explicitly speaks on a matter, the states can do whatever they want. However, the Federal government still has ways of making the states obey its will.

States are NOT mandated to issue REAL IDs

If you look at the Code of Federal Regulations, Title 6, Volume 1, Chapter I, Part 37 (one online source here), you will see the official laws that govern the issuance of REAL ID Driver’s Licenses and Identification Cards. Part 37 is divided into several subparts:

  • General.
  • Minimum Documentation, Verification, and Card Issuance Requirements.
  • Other Requirements.
  • Security at DMVs and Driver’s License and Identification Card Production Facilities.
  • Procedures for Determining State Compliance.
  • Driver’s Licenses and Identification Cards Issued Under section 202(d)(11) of the REAL ID Act.

A pretty comprehensive list here. But that very first section, “General,” begins with the following:

Subparts A through E of this part apply to States and U.S. territories that choose to issue driver’s licenses and identification cards that can be accepted by Federal agencies for official purposes.

Note the word “choose,” and the phrase “accepted by Federal agencies for official purposes.” In essence, it is incorrect to say that states are MANDATED by law to issue REAL IDs. States have the power to choose NOT to issue REAL IDs, and the Federal government has no Constitutional power to force them to do so.

So many states DIDN’T issue REAL IDs

And for many years, many states of various political persuasions adopted that view. Whether “red” or “blue,” many states held to the belief that REAL ID was an unconscionable imposition on state sovereignty, and that Bush or Obama or Trump didn’t have the power to tell states what to do with their state driver’s licenses.

I ran into this personally in my proposal work. There was a brief period of time in which MorphoTrak was bidding on driver’s license opportunities (thus competing with our sister company MorphoTrust), and I remember reviewing a Request for Proposal (RFP) issued by one of the states. I won’t reveal the state, but the opening section of its RFP made very clear that the state was NOT asking vendors to implement Federal REAL ID regulations, or asking vendors to help the state issue REAL IDs.

So some states declined to participate in REAL ID efforts for years…and years.

And the Federal government couldn’t dictate that states issue REAL IDs.

So the Federal government said that states don’t HAVE to issue REAL IDs, but…

But the Federal government COULD dictate which IDs could be “accepted by Federal agencies for official purposes.”

  • Accepted IDs included passports, Federal government-issued identification cards, various other national IDs…and REAL IDs issued by the states. Other IDs issued by the states were not acceptable.
  • Official purposes included visiting a military base (Federal control, not state control), visiting your Congressperson’s office (Federal control, not state control)…and the big one, entering the secure areas of an airport (again, Federal control, not state control).
Transportation Security Administration Checkpoint at John Glenn Columbus International Airport. By Michael Ball – Own work, CC0, https://commons.wikimedia.org/w/index.php?curid=77279000

So it’s pretty simple. If you want to get on a plane, even for a domestic flight, you have to pay $100 or so to get a passport. Well, unless your state happens to be one of the states that issues REAL IDs.

(Now large states with multiple major cities such as California and Texas could conceivably try to get around this by setting up a whole system of intrastate airports that only flew within the state, but that would be costly.)

Even with this, the REAL ID implementation date has been delayed several times (most recently due to COVID), but as of today, all 50 states and most U.S. territories are finally issuing REAL IDs, including the unnamed state (and others) that refused to even consider issuing REAL IDs a decade ago.

And that, my friends, is how the Federal government gets what it wants.

Even Apple is moving to a service model. Biometric identity vendors are moving also.

Remember when you bought a big old hunk of hardware…and you owned it?

With cloud computing, significant portions of hardware were no longer owned by companies and people, but were instead provided as a service. And the companies moved from getting revenue from selling physical items to getting revenue from selling services.

From Apple Computer to Apple

Apple is one of those companies, as its formal name change from “Apple Computer” signifies.

Then “Apple Computer” circa 1978. From https://www.macrumors.com/2020/03/23/apple-computer-retail-sign/. Fair use.

Yet even as iTunes and “the” App Store become more prominent, Apple still made a mint out of selling new smartphone hardware to users as frequently as possible.

But Apple is making a change later in 2021, and Adrian Kingsley-Hughes noted the significance of that change.

The change?

So, it turns out that come the release of iOS 15 (and iPadOS 15) later this year, users will get a choice.

Quite an important choice.

iPhone users can choose to hit the update button and go down the iOS 15 route, or play it safe and stick with iOS 14.

Why is Apple supporting older hardware?

So Apple is no longer encouraging users to dump their old phones to keep up with new operating systems like the forthcoming iOS 15?

There’s a reason.

By sticking with iOS 14, iPhone users will continue to get security updates, which keeps their devices safe, and Apple gets to keep those users in the ecosystem.

They can continue to buy content and apps and pay for services such as iCloud.

Although Kingsley-Hughes doesn’t explicitly say it, there is a real danger when you force users to abandon your current product and choose another. (Trust me; I know this can happen.)

In Apple’s case, the danger is that the users could instead adopt a SAMSUNG product.

And these days, that not only means that you lose the sale of the hardware, but you also lose the sale of the services.

It’s important for Apple to support old hardware and retain the service revenue, because not only is its services business growing, but services are more profitable than hardware.

In the fiscal year 2019, Apple’s services business posted gross margins of 63.7%, approaching double the 32.2% gross margin of the company’s product sector. 

If current trends continue, Apple’s services (iCloud, Apple Music, AppleCare, Apple Card, Apple TV+, etc.) will continue to become relatively more important to the company.

The biometric identity industry is moving to a service model also

Incidentally, we’re seeing this in other industries, for example as the biometric identity industry also moves from an on-premise model to a software as a service (SaaS) model. One benefit of cloud-based hosting of biometric identity services is that both software and the underlying hardware can be easily upgraded without having to go to a site, deploying a brand new set of hardware, transferring the data from one set of hardware to the other, and hauling away the old hardware. Instead, all of those activities take place at Amazon, Microsoft, or other data centers with little or no on-premise fuss.

(And, as an added benefit, it’s easier for biometric vendors to keep their current customers because obsolescence becomes less of an issue.)

Is your biometric identity company ready to sell SaaS solutions?

But perhaps your company is just beginning to navigate from on-premise to SaaS. I’ve been through that myself, and can contract with you to provide advice and content. I can wear my biometric content marketing expert hat, or my biometric proposal writing expert hat as needed.

The “T” stands for technology. Or something. By Elred at English Wikipedia – Transferred from en.wikipedia to Commons by Moe_Epsilon., Public Domain, https://commons.wikimedia.org/w/index.php?curid=3812206

Obviously this involves more than just saying “we’re cloud-ready.” Customers don’t care if you’re cloud-ready. Customers only care about the benefits that being cloud-ready provides. And I can help communicate those benefits.

If I can help you communicate the benefits of a cloud-ready biometric identity system, contact me (email, phone message, online form, appointment for a content needs assessment, even snail mail).