identity – Page 8 – Bredemarket

HP Instant Ink Users and Identity: 1:1 Person-to-NPE Binding Isn’t Always Enough

How many people should use a SaaS service? If your answer is “only one,” you don’t need to read this post.

Last month I discussed a particular use case in which AI-based non-person entities (NPEs) were bound to the identities of carbon-based life forms. My post “Identity-Bound Non-Person Entities” reviewed the partnership between Anonybit and SmartUp.

This binding doesn’t need artificial intelligence to work. The NPE may be something as simple as a service.

But how many people can be bound to an NPE?

A company and its service

There is a very large technology company; I won’t reveal the company name, but its initials are HP. And this very large company provides a service; I won’t reveal the service name, but it instantly provides ink for the company’s printers…

Never mind. It turns out that I already discussed HP Instant Ink (Ink as a Service) in the Bredemarket blog before. Plus, the company providing IaaS is no longer known as “the Hewlett-Packard Company,” but as “HP Inc.” So much for my attempts at obfuscation.

The 1:1 binding between me and Instant Ink

Anyway, we did sign up for Instant Ink when we purchased a new printer. Specifically, my HP account was registered as the owner of our Instant Ink account.

(Those of you with a keen eye can already see where this is going.)

As part of the Instant Ink service that we purchased, I can obtain two things:

1. The status of Instant Ink shipments to us

Not that these shipments are all that fast.

So far we have encountered two instances in which we ran out of ink before the new Instant Ink shipment arrived.

And when you put a regular ink cartridge into the printer while waiting for the Instant Ink shipment, HP sends a nasty gram stating that I put the wrong ink in the printer, and to put Instant Ink in the printer right now.

Um, my Instant Ink is in Pennsylvania, and it will take 10 days to reach California. What am I supposed to do, fly to Pennsylvania and get it?

2. HP support

For our printer, I can obtain support from HP. I will have more to say about HP support later.

First person…or people

Do all of you see the issue now? If not, let me spell it out.

I am married, and my wife and I bought the printer together. But she has no access to shipment tracking or support; only I do.

Actually, I must confess that I gave her my HP login and password. So she has access to the shipment tracking information. But since her name is not John, we assumed that HP would never talk to her about the Instant Ink service that we purchased.

There is something in the (so-called) HP Smart App that allows me to “invite” someone to the printer. But when I tried to “invite” my wife, HP briefly flashed a message saying that I could not invite my wife because she already had an HP personal account.

I need support

By this time I had piled up 3 support requests for HP:

How can I get new Instant Ink before my old Instant Ink runs out?
How can my wife see information on our Instant Ink service?
Plus there’s a third one regarding multiple HP accounts that I won’t get into here.

I decided to tackle the second support request first. So I found the support page, started a gust, and got a ticket number.

The first support chat

I was routed to a printer specialist, who informed me that they couldn’t help me and routed me to an Instant Ink specialist.

The Instant Ink person asked for the error code that appeared when I tried to “invite” my wife. I explained that I didn’t know because it disappeared so quickly.

So I tried to invite my wife again, pointing my smartphone camera at the laptop screen so that I could take a picture of the error code the…um…instant that it appeared.

I successfully took the picture, and there was no error code. Just a message saying that I couldn’t invite my wife because she already had an HP personal account. And to contact support.

The Instant Ink specialist instructed me to click on a link, then closed the support ticket.

I clicked on the link…and was asked to create a new support ticket.

The second support chat

I was routed to a printer specialist, who informed me that they couldn’t help me and routed me to an Instant Ink specialist.

(Yes, there’s a lot of repetition in this post.)

By this time I tried to boil my request down to a simple question: how can my wife see Instant Ink shipment status and request support on her own?

The Instant Ink specialist went quiet for a while, and finally—over an hour after I started the initial support chat—provided the solution to my problem.

Give my wife my HP login and password. And sure, she’ll have no problem contacting support, even though I’m the named user.

Suffice it to say that I was not pleased.

A systemic problem

But to be fair, none of the 4 support people I talked to could have solved my problem.

Because HP has made the underlying assumption that its Instant Ink service can only be managed by one person, not two.

And HP is not alone in this. There are multiple services that assume single person management. This affects married couples often, where one spouse is the named user for a service but knows nothing about it because spouse 2 handles it.

This results in a number of conversations like this:

SERVICE: John?

WIFE: No, this is his wife.

SERVICE: I need John’s authorization to continue.

WIFE: (carries phone to me in the Bredemarket world headquarters) Amazing and wonderful husband, could you authorize me to discuss our account?

(Some portions of this conversation may have been fictionalized.)

ME: Hello, this is John.

SERVICE: John, what is your date of birth?

This is not a technology issue, but an organizational issue. Except where laws (such as HIPAA) regulate this, an organization should allow multiple people to be assigned to a service or other NPE.

It would make my—I mean our lives easier.

Know Your Law Enforcement Officer (or ICE Agent)

People can use forged government identities to scare you, rob you, or kill you. How can you protect yourself from fake law enforcement officers, or fake ICE agents? And how can police agencies and ICE protect THEMSELVES from these fakes?

I’ve already shared the story of the person driving around Delaware with flashing lights. Nothing terrible happened in that encounter, but similar impersonation encounters have been more critical.

That was not ICE in Philadelphia

A little over a week ago, an auto repair shop in Philadelphia, Pennsylvania received a surprise visitor.

The visitor, wearing an American flag-adorned baseball cap and a tactical vest with the words “Security Enforcement Agent,” announced the single word “Immigration,” implying that he was from Immigration and Customs Enforcement (ICE).

Several employees fled the scene, but the cashier did not and was immediately zip-tied.

So what happened next?

The so-called ICE agent took $1,000 and was gone 30 seconds later.

That was not police in Minnesota

As I write this, details of an incident in Minnesota are unfolding.

Vance Boelter is alleged to have shot Minnesota State Senator John Hoffman and his wife Yvette at their home, then shot and killed State Representative Melissa Hortman and her husband.

In both cases Boelter presented himself as a police officer.

How do you know if it IS police?

In terms of an encounter from a local law enforcement agency, Colorado State University has provided some tips on verifying the identity of police. While the tips are specifically written for people driving in a car, they can be generalized for cases in which the police officer shows up at a residence or business.

“[C]all 911 from your cell phone. Tell the 911 dispatcher that you are concerned that someone…may not be a police officer.”

Of course a person in a car is generally safer than a person at the front door of a home or business, but in any case you can call 911 and ask for confirmation.

“Do not flee.”

This appears to be sound advice if the person is a real police officer. But if the employees hadn’t fled from the fake ICE officer in Philadelphia, perhaps they would have been robbed also.

“If the dispatcher cannot confirm that you are being [visited] by a police officer, stay on the line with the dispatcher, and ask for police assistance.”

Wise to get the real cops on the scene.

“Do not provide personal documents – driver’s license, insurance information or other documents – to someone who you suspect of being a police impersonator.”

No need to add identity fraud on top of everything else.

How do you know if it IS ICE?

Unfortunately, telling true ICE agents from fake ones is a little more difficult. Your local 911 dispatcher isn’t going to know if that’s a real ICE agent at your door.

5NBCDFW published some tips for those who receive an email, call, or visit from ICE. In regards to personal visits, the station offered this advice:

“ICE agents carry official badges and credentials. They may have identification cards with their name, photo and the department logo. You can ask them to show you their badge or ID.”

The American Civil Liberties Union reminds us that the ICE agent can show their identification (or a warrant signed by a judge) through a window or peephole before you open the door. And according to Motion Law:

“If they refuse to show their identification, you are under no obligation to open the door.”

This of course is not foolproof, since anyone can print a fake business card (perhaps on their own printer, avoiding a commercial business such as the UPS Store), create a fake ID, or create a fake badge.

At least Justin didn’t claim to be with ICE.

And how can you tell whether that ID is real? Remember that in the Leonardo Garcia Venegas episode, ICE agents themselves couldn’t identify an authentic REAL ID.

Challenges of identifying police officers or ICE agents

It’s a challenging identity problem. Especially since police officers may NOT be required to identify themselves. Uniformed officers are required to identify themselves in California (California Penal Code Section 830.10), but plainclothes officers obviously don’t wear badges, and California identification laws don’t apply in other states.

“Hey,” someone suggests. “Why not create a database of all the police officers and ICE agents so that can immediately prove their authenticity?” Unfortunately, that runs into a huge privacy problem, because what happens when (not if) that database is hacked? Or if the data is intentionally leaked?

(And before you say “not my problem, those people need to be in a database,” what if it WAS your problem? In my case, what if all marketing/writing sole proprietors were required to be in a database managed by the Department of Commerce? You’d be worried if it affected YOU.)

The only way that this will change universally is when the police officers, ICE, and other agencies have to deal with impersonators. For example, if fake ICE agents cause problems for the real ones, then ICE itself will insist on positive identification of real ICE agents.

Are We At The “Trust No One” Stage?

What if this deepfake video DIDN’T have the “Just kidding, I’m not real” disclaimers?

View this post on Instagram

A post shared by JW AI Art (@jw_ai_art)

That’s Not Your Job

(Imagen 4)

If you are a jobseeker on LinkedIn, you have probably seen people claim to be recruiters from well-known companies, when in truth they are nothing of the kind.

Faking your employer has existed for a long time. Just ask the Delaware State Police, who for some reason isn’t keen on people who impersonate police officers.

“[A] 23-year-old man from Laurel, Delaware…reported that he had been driving eastbound on Nine Foot Road, east of Laurel Road, when a white Dodge Magnum with Arizona registration pulled behind him and activated flashing red and blue lights. As the victim began to pull over, the Dodge passed him and continued driving.”

Because Arizona police officers patrol Delaware all the time.

The 23 year old was rightfully concerned, called 911, reported the incident, and described the vehicle. But that wasn’t the end of it.

“Shortly after, the driver of the Dodge pulled up next to the victim and verbally confronted him. The victim did not engage, and the suspect eventually fled the scene.”

After an investigation, the Delaware State Police arrested Blayden Rose of Selbyville, Delaware, for impersonating a police officer.

The real Blayden Rose, courtesy the Delaware State Police. The police like to take pictures of special people.

Rose may or may not be a handyman, and his connection to Arizona is unknown. But at least in Delaware, flashing lights are generally prohibited on non-emergency vehicles.

Not sure if Rose can get off on a technicality (“I wasn’t claiming to be a cop, I was just doing a strobe show”), but it reminds us that we have to trust, but verify.

Is Your Organization (Not) Managing Your Identity Proofing Vendors?

A wildebeest process evaluator discovers that another wildebeest has no goals.

Today I’m doing something different.

Normally these blog posts are addressed to Bredemarket’s PROSPECTS, the vendors who provide solutions that use biometrics or other technology. Such as identity proofing solutions.
But I’ve targeted this post for another audience, the organizations that BUY biometrics and technology solutions such as identity proofing solutions. Who knows? Perhaps they can use Bredemarket’s content-proposal-analysis services also. Later I will explain why you should use Bredemarket, and how you can use Bredemarket.

So if you are with an organization that SELLS identity proofing solutions, you can stop reading now. You don’t want to know what I am about to tell your prospects…or do you?

But if you BUY identity proofing, read on for some helpful expert advice from the biometric product marketing expert.

Managing an identity proofing solution

When you buy an identity proofing solution, you take on many responsibilities. While your vendor may be able to help, the ultimate responsibility remains with you.

Here are some questions you must answer:

What are your business goals for the project? Do you want to confirm 99.9% of all identities? Do you want to reduce fraudulent charges below $10 million? How will you measure this?
What are your technology goals for the project? What is your desired balance between false positives and false negatives? How will you measure this?
How will the project achieve legal compliance? What privacy requirements apply to your end users—even if they live outside your legal jurisdiction? Are you obtaining the required consents? Can you delete end user data upon request? Are you prepared if an Illinois lawyer sues you? Do you like prison food?
What about artificial intelligence? Your vendor probably uses some form of artificial intelligence. What form? What does this mean for you? Again, do you like prison food?

Again…are you ready?

GAO, IRS, and DOA

So how do other organizations manage identity proofing solutions? According to Biometric Update, not well.

A new Government Accountability Office (GAO) audit found the Internal Revenue Service (IRS) has not exercised sufficient oversight of its digital identity-proofing program…

As many of you know, the IRS’ identity proofing vendor is ID.me. The GAO didn’t find any fault with ID.me. And frankly, it couldn’t…because according to the GAO, the IRS’ management of ID.me was found to be deficient.

“IRS was unable to show it had measurable goals and objectives for the program. IRS receives performance data from the vendor but did not show it independently identified outcomes it is seeking. IRS also has not shown documented procedures to routinely evaluate credential service providers’ performance. Without stronger performance reviews, IRS is hindered in its ability to take corrective actions as needed.

“ID.me acknowledges that its identity-proofing process involves the use of artificial intelligence (AI) technologies. However, IRS has not documented these uses in its AI inventory or taken steps to comply with its own AI oversight policies. Doing so would provide greater assurance that taxpayers’ rights are protected and that the technologies are accurate, reliable, effective, and transparent.”

So while ID.me meets the IRS’ key requirement of Identity Assurance Level 2 (IAL 2) compliance, is it performing well? The IRS needs to define what “performing well” means.

You would think the IRS had a process for this…but apparently it doesn’t.

Dead on arrival (DOA).

But I’m not the IRS!

I’ll grant that you’re not the IRS. But is your identity proofing program management better…or worse?

Do you know what questions to ask?

Let Bredemarket ask you some questions. Perhaps these can help you create relevant external and internal content (I’ve created over 22 types of content), manage an RFP proposal process, or analyze your industry, company, or competitors.

Let’s set up a free 30-minute consultation to assess your needs.

CPA

In the Distance

Part of Ubiquity Via Focus is knowing whom to EXCLUDE from your focus.

If my former friends’ focus is elsewhere, my focus won’t impede on theirs.

If you are focused on identity/biometric and technology product marketng, here is What I Do: https://bredemarket.com/what-i-do/

If their focus is elsewhere, my focus won’t impede.

The Monk Skin Tone Scale

(Part of the biometric product marketing expert series)

Now that I’ve dispensed with the first paragraph of Google’s page on the Monk Skin Tone Scale, let’s look at the meat of the page.

I believe we all agree on the problem: the need to measure the accuracy of facial analysis and facial recognition algorithms for different populations. For purposes of this post we will concentrate on a proxy for race, a person’s skin tone.

Why skin tone? Because we have hypothesized (I believe correctly) that the performance of facial algorithms is influenced by the skin tone of the person, not by whether or not they are Asian or Latino or whatever. Don’t forget that the designated races have a variety of skin tones within them.

But how many skin tones should one use?

40 point makeup skin tone scale

The beauty industry has identified over 40 different skin tones for makeup, but this granular of an approach would overwhelm a machine learning evaluation:

[L]arger scales like these can be challenging for ML use cases, because of the difficulty of applying that many tones consistently across a wide variety of content, while maintaining statistical significance in evaluations. For example, it can become difficult for human annotators to differentiate subtle variation in skin tone in images captured in poor lighting conditions.

6 point Fitzpatrick skin tone scale

The first attempt at categorizing skin tones was the Fitzpatrick system.

To date, the de-facto tech industry standard for categorizing skin tone has been the 6-point Fitzpatrick Scale. Developed in 1975 by Harvard dermatologist Thomas Fitzpatrick, the Fitzpatrick Scale was originally designed to assess UV sensitivity of different skin types for dermatological purposes.

However, using this skin tone scale led to….(drumroll)…bias.

[T]he scale skews towards lighter tones, which tend to be more UV-sensitive. While this scale may work for dermatological use cases, relying on the Fitzpatrick Scale for ML development has resulted in unintended bias that excludes darker tones.

10 point Monk Skin Tone (MST) Scale

Enter Dr. Ellis Monk, whose biography could be ripped from today’s headlines.

Dr. Ellis Monk—an Associate Professor of Sociology at Harvard University whose research focuses on social inequalities with respect to race and ethnicity—set out to address these biases.

If you’re still reading this and haven’t collapsed in a rage of fury, here’s what Dr. Monk did.

Dr. Monk’s research resulted in the Monk Skin Tone (MST) Scale—a more inclusive 10-tone scale explicitly designed to represent a broader range of communities. The MST Scale is used by the National Institute of Health (NIH) and the University of Chicago’s National Opinion Research Center, and is now available to the entire ML community.

Where is the MST Scale used?

According to Biometric Update, iBeta has developed a demographic bias test based upon ISO/IEC 19795-10, which itself incorporates the Monk Skin Tone Scale.

At least for now. Biometric Update notes that other skin tone measurements are under developoment, including the “Colorimetric Skin Tone (CST)” and INESC TEC/Fraunhofer Institute research that uses “ethnicity labels as a continuous variable instead of a discrete value.”

But will there be enough data for variable 8.675309?

What “Gender Shades” Was Not

Mr. Owl, how many licks does it take to get to the Tootsie Roll center of a Tootsie Pop?

A good question. Let’s find out. One, two, three…(bites) three.

From YouTube.

If you think Mr. Owl’s conclusion was flawed, let’s look at Google.

One, two, three…three

I was researching the Monk Skin Tone Scale for a future Bredemarket blog post, but before I share that post I have to respond to an inaccurate statement from Google.

Google began its page “Developing the Monk Skin Tone Scale” with the following statement:

In 2018, the pioneering Gender Shades study demonstrated that commercial, facial-analysis APIs perform substantially worse on images of people of color and women.

Um…no it didn’t.

I will give Google props for using the phrase “facial-analysis,” which clarifies that Gender Shades was an exercise in categorization, not individualization.

But to say that Gender Shades “demonstrated that commercial, facial-analysis APIs perform substantially worse” in certain situations is an ever-so-slight exaggeration.

Kind of like saying that a bad experience at a Mexican restaurant in Lusk, Wyoming demonstrates that all Mexican restaurants are bad.

How? I’ve said this before:

The Gender Shades study evaluated only three algorithms: one from IBM, one from Microsoft, and one from Face++. It did not evaluate the hundreds of other facial recognition algorithms that existed in 2018 when the study was released.

So to conclude that all facial classification algorithms perform substantially worse cannot be supported…because in 2018 the other algorithms weren’t tested.

One, two, three…one hundred and eighty nine

In 2019, NIST tested 189 software algorithms from 99 developers for demographic bias, and has continued to test for demographic bias since.

In these tests, vendors volunteer to have NIST test their algorithms for demographic bias.

Guess which three vendors have NOT submitted their algorithms to NIST for testing?

You guessed it: IBM, Microsoft, and Face++.

Anyway, more on the Monk Skin Tone Scale here, but I had to share this.

Ubiquity Via Focus…On Where?

So Bredemarket’s talking about “ubiquity via focus”?

Focus on where?

On the Bredemarket blog, your source for the latest identity/biometric and technology news.

And your source for the most up-to-date information on Bredemarket’s content-proposal-analysis services.

Be sure to visit https://bredemarket.com/blog/

Or better yet, subscribe at https://bredemarket.com/subscribe-to-bredemarket/

Ubiquity Via Focus…On What?

So Bredemarket’s talking about “ubiquity via focus”?

Focus on what?

If you have 3 minutes and 40 seconds I’ll tell you.

“CPA” talkie.

Visit https://bredemarket.com/cpa/