A dizzying array of federal government agencies is interested in biometric verification and biometric classification, for example by age (either age verification or age estimation). As Biometric Update announced, we can add the Federal Trade Commission (FTC) to the list with an upcoming age verification workshop.
“Re: Request from Entertainment Software Rating Board, Yoti Ltd., Yoti (USA) Inc., and Kids Web Services Ltd. for Commission Approval of Children’s Online Privacy Protection Rule Parental Consent Method (FTC Matter No. P235402)
“This letter is to inform you that the Federal Trade Commission has reviewed your group’s (“the ESRB group”) application for approval of a proposed verifiable parental consent (“VPC”) method under the Children’s Online Privacy Protection Rule (“COPPA” or “the Rule”). At this time, the Commission declines to approve the method, without prejudice to your refiling the application in the future….
“The ESRB group submitted a proposed VPC method for approval on June 2, 2023. The method involves the use of “Privacy-Protective Facial Age Estimation” technology, which analyzes the geometry of a user’s face to confirm that the user is an adult….The Commission received 354 comments regarding the application. Commenters opposed to the application raised concerns about privacy protections, accuracy, and deepfakes. Those in support of the application wrote that the VPC method is similar to those approved previously and that it had sufficient privacy guardrails….
“The Commission is aware that Yoti submitted a facial age estimation model to the National Institute of Standards and Technology (“NIST”) in September 2023, and Yoti has stated that it anticipates that a report reflecting NIST’s evaluation of the model is forthcoming. The Commission expects that this report will materially assist the Commission, and the public, in better understanding age verification technologies and the ESRB group’s application.”
But the FTC rejection was in 2024. Things may be different now.
Grok.
Revisiting age verification and age estimation in 2026?
The FTC has scheduled an in-person and online age verification workshop on January 28.
The in-person event will be at the Constitution Center at 400 7th St SW in Washington DC.
Details regarding online attendance will be published on this page in the coming weeks.
“The Age Verification Workshop will bring together a diverse group of stakeholders, including researchers, academics, industry representatives, consumer advocates, and government regulators, to discuss topics including: why age verification matters, age verification and estimation tools, navigating the regulatory contours of age verification, how to deploy age verification more widely, and interplay between age verification technologies and the Children’s Online Privacy Protection Act (COPPA Rule).”
Will the participants reconsider age estimation in light of recent test results?
I just asked Google Gemini to conceive an illustration of the benefits of orchestration. You can see my original prompt and the resulting illustration, credited to Bredebot, in the blog post “Orchestration: Harmonizing the Tech Universe.” (Not “Harmonzing.” Oh well.)
Google Gemini.
Note the second of the two benefits listed in Bredebot’s AI-generated illustration: “Reduced Complexity.”
On the surface, this sounds like generative AI getting the answer wrong…again.
After all, the reason that software companies offer a single-vendor solution is because when everything comes from the same source, it’s easier to get everything to work together.
When you have an orchestrated solution incorporating elements from multiple vendors, common sense tells you that the resulting solution is MORE complex, not less complex.
When I reviewed the image, I was initially tempted to ask Bredebot to write a response explaining how orchestrated solution reduce complexity. But then I decided that I should write this myself.
Because I had an idea.
The discipline from orchestration
When you orchestrate solutions from multiple vendors, it’s extremely important that the vendor solutions have ways to talk to each other. This is the essence of orchestration, after all.
Because of this need, you HAVE to create rules that govern how the software packages talk to each other.
Let me cite an example from one of my former employers, Incode. As part of its identity verification process, Incode is capable of interfacing to selected government systems and processing government validations. After all, I may have something that looks like a Mexican ID, but is it really a Mexican ID?
Mexico – INE Validation. When government face validation is enabled this method compares the user’s selfie against the image in the INE database. The method should be called after add-face is over and one of (process-id or document-id) is over.
So Incode needs a standard way to interface with Mexico’s electoral registry database for this whole thing to work. Once that’s defined, you just follow the rules and everything should work.
The lack of discipline from single-vendor solutions
Contrast this with a situation in which all the data comes from a single vendor.
Now ideally interfaces between single-vendor systems should be defined in the same way as interfaces between multi-vendor systems. That way everything is nicely neatly organized and future adaptations are easy.
Sounds great…until you have a deadline to meet and you need to do it quick and dirty.
Google Gemini.
In the same way that computer hardware server rooms can become a tangle of spaghetti cables, computer software can become a tangle of spaghetti interfaces. All because you have to get it done NOW. Someone else can deal with the problems later.
So that’s my idea on how orchestration reduces complexity. But what about those who really know what they’re talking about?
Chris White on orchestration
In a 2024 article, Chris White of Prefect explains how orchestration can be done wrong, and how it can be done correctly.
“I’ve seen teams struggle to justify the adoption of a first-class orchestrator, often falling back on the age-old engineer’s temptation: “We’ll just build it ourselves.” It’s a siren song I know well, having been lured by it myself many times. The idea seems simple enough – string together a few scripts, add some error handling, and voilà! An orchestrator is born. But here’s the rub: those homegrown solutions have a habit of growing into unwieldy systems of their own, transforming the nature of one’s role from getting something done to maintaining a grab bag of glue code.
“Orchestration is about bringing order to this complexity.”
So how do you implement ordered orchestration? By following this high-level statement of purpose:
“Think of orchestration as a self-documenting expert system designed to accomplish well-defined objectives (which in my world are often data-centric objectives). It knows the goal, understands the path to achieve it, and – crucially – keeps a detailed log of its journey.”
Read White’s article for a deeper dive into these three items.
Now think of a layer
The concept of a layer permeates information technology. There are all sorts of models that describe layers and how they work with each other.
“In modern IT systems, an orchestration layer is a software layer that links the different components of a software system and assists with data transformation, server management, authentication, and integration. The orchestration layer acts as a sophisticated mediator between various components of a system, enabling them to work together harmoniously. In technical terms, the orchestration layer is responsible for automating complex workflows, managing communication, and coordinating tasks between diverse services, applications, and infrastructure components.”
And if you love Halloween AND demand generation, then you should see what Gene Volfe is up to.
I have worked with Gene at Incode and two other companies, where I provided content for his demand generation efforts.
Anyway, Gene is publishing insightful demand generation posts on LinkedIn, each accompanied by a Halloween themed short reel. You can see the latest installment on content syndication here; the others are on his LinkedIn profile.
As I saw his posts, I thought to myself that I could steal his idea.
No, not with a sexy product marketer costume.
I decided to make a short reel about a product’s “end of life.”
End of life is something that vendors love and their customers hate. Go ask a current Windows 10 user about end of life mandates.
I have had a vendor view of end of life as a product manager, when Motorola declared an end of life on Series 2000 in favor of Printrak BIS. Series 2000 depended upon old Digital UNIX computers, even for the workstations, making it difficult to maintain the peripherals when everyone else was using Windows. But our competitors had a field day saying that Motorola was abandoning its customers.
But enough about that. Here is Bredemarket’s Halloween-themed product end of life video. Actually, I created two of them.
Identity/biometric marketing leaders continuously talk about how their companies have reduced bias in their products. But have they reduced bias in their own marketing to ensure it resonates with prospects?
“Marketers are driven to accentuate the positive about their companies. Perhaps the company has a charismatic founder who repeatedly emphasizes how ‘insanely great’ his company is and who talked about ‘bozos.’ (Yeah, there was a guy who did both of those.)
“And since marketers are often mandated to create both external and internal sales enablement content, their view of their own company and their own product is colored.”
Let’s look at two examples of biometric marketing internal bias…and how to overcome it.
Google Gemini.
Internal bias at Company A
Company A does not participate in the U.S. National Institute of Standards and Technology (NIST) Face Recognition Technology Evaluation (FRTE) for technical reasons.
As a result, the company’s marketing machine constantly discredits NIST FRTE, and the company culture is permeated with a “NIST is stupid” mentality.
All well and good…until it runs into that one prospect who asks, “Why are you scared to measure yourself against the competition? Does your algorithm suck that bad?”
Internal bias at Company B
Company B, on the other hand, participates in FRTE, FATE, FRIF (previously FpVTE), and every other NIST test imaginable.
This company’s marketing machine declares its superiority as a top tier biometric vendor, supported by outside independent evidence.
All well and good…until it runs into that one prospect who declares, “That’s just federal government test data. How will you perform in our benchmark using our real data and real computers?”
Internal bias at Bredemarket
Well, I have my admittedly biased solution to prevent companies from tumbling into groupthink, drinking of Kool-Aid, and market irrelevance.
Contract with an outside biometric product marketing expert. (I just happen to know one…me.)
Google Gemini.
I haven’t spent 30 years immersed in your insular culture. I’ve heard all the marketing-speak from different companies, and I’ve written the marketing-speak for nearly two dozen of them. I can ensure that your content resonates with your external customers and prospects, not only with your employees.
All well and good…until…
Reducing internal bias at Bredemarket
“But John, what about your own biases? IDEMIA, Motorola, Incode, and other employers paid you for 25 years! You probably have an established process that you use to prepare andouillette at home, based upon a recipe from 2019!”
Google Gemini.
I don’t…but point taken. So how do I minimize my own biases?
My breadth of experience lessens the biases from my past. Look at my market-speak from 1994 to 2023, in order:
We are Printrak, a nimble private company that will dominate AFIS with our client-server solution.
We are Printrak (stock symbol AFIS) a well-funded public company that will dominate AFIS, mugshot, computer aided dispatch, and microfiche.
We are Motorolans, and our multi-tier Digital Justice Solution has a superior architecture to that of Sagem Morpho and others.
We are MorphoTrak, bringing together the best technologies from MetaMorpho and Printrak BIS, plus superior French technology for secure credentials and road safety…unencumbered by the baggage that weighs down MorphoTrust.
We are IDEMIA North America, bringing together the best technologies from MorphoTrust and MorphoTrak for ABIS, driver’s licenses, and enrollment, coupled with the resources from the rest of IDEMIA, a combined unbreakable force.
We are Incode, not weighed down with the baggage of the old dinosaurs, and certainly not a participant in the surveillance market.
Add all the different messaging of Bredemarket’s clients, plus my continuous improvement (hello MOTO) of my capabilities, and I will ensure that my content, proposals, and analysis does not trap you in a dead end.
Reducing internal bias at your company
Are you ready to elevate your company with the outside perspective of a biometric product marketing expert?
Let’s talk (a free meeting). You explain, I ask questions, we agree on a plan, and then I act.
Who can provide remote supervised identity proofing?
“NextgenID Trusted Services Solution provides Supervised Remote Identity Proofing identity stations to collect, review, validate, proof, and package IAL-3 identity evidence and enrollment data for CSPs operating at IAL-3.”
And there are others who can provide the equivalent of IAL3, as we will see later.
How do you supervise a remote identity proofing session?
“The camera(s) a CSP [Credential Service Provider] employs to monitor the actions taken by a remote applicant during the identity proofing session should be positioned in such a way that the upper body, hands, and face of the applicant are visible at all times.”
But that doesn’t matter with me now. What matters to me is WHEN we need remote identity proofing sessions.
Governments aren’t the only entities that need to definitively know identities in critically important situations.
What about banks and other financial institutions, which are required by law to know their customers?
Now it’s one thing when one of my Bredemarket clients used to pay me by paper check. Rather than go to the bank and deposit it in person at a teller window (in person) or at an ATM (remote supervised), I would deposit the check with my smartphone app (remote unsupervised).
Now the bank assumed a level of risk by doing this, especially since the deposited check would not be in the bank’s physical possession after the deposit was completed.
But guess what? The risk was acceptable for my transactions. I’m disclosing Bredemarket company secrets, but that client never wrote me a million dollar check. Actually, none of my clients has ever written me a million dollar check. (Perhaps I should raise my rates. It’s been a while. If I charge an hourly rate of $100,000, I will get those million dollar checks!)
So how do financial institutions implement the two types of IAL3?
“If you need to initiate a funds transfer payment, an authorized signer for your account may also initiate funds (wire) transfers at any Chase branch.”
Note the use of the word “may.” However, if you don’t want to go to a branch to make a wire transfer, you have to set up an alternate method in advance.
Remote supervised
What about remote supervised transactions at financial institutions, where you are not physically present, but someone at the bank remotely sees you and everything you do? Every breath you take? And every move you make? Etcetera.
It turns out that the identity verification providers support video sessions between businesses (such as banks) and their customers. For example, Incode’s Developer Hub includes several references to a video conference capability.
To my knowledge, Incode has not publicly stated whether any of its financial identity customers are employing this video conference capability, but it’s certainly possible. And when done correctly, this can support the IAL3 specifications.
Why to use IAL3 for financial transactions
For high-risk transactions such as ones with high value and ones with particular countries, IAL3 protects both the financial institutions and their customers. It lessens the fraud risk and the possible harm to both parties.
Some customers may see IAL3 as an unnecessary bureaucratic hurdle…but they would feel differently if THEY were the ones getting ripped off.
This is why both financial institutions and identity verification vendors need to explain the benefits of IAL3 procedures for riskier transactions. And do it in such a way that the end customers DEMAND IAL3.
To create the content to influence customer perception, you need to answer the critically important questions, including why, how, and benefits. (There are others.)
And if your firm needs help creating that content, Underdog is here.
Visit https://bredemarket.com/mark/ and schedule a time to talk to me—for free. I won’t remotely verify your identity during our videoconference, but I will help you plan the content your firm needs.
Why do I have a sudden interest in things that happened at Morpho nearly 10 years ago, and at Printrak over 20 years ago? I’ll explain at the end of this post.
Printrak acquires…
Let’s start by looking at my former employer Printrak. In the summer of 1996 Printrak became a publicly traded company, and had secured the four-letter ticker “AFIS” back when an automated fingerprint identification system was THE biometric solution. (Face schmace. Iris schmiris. Voice schmoice.)
But then Printrak began to get bigger.
In April 1997 Printrak acquired a Greenville, South Carolina company, TFP Inc., that manufactured mugshot systems.
Later that same year Printrak acquired SunRise Imaging of Fremont, California, a provider of microfiche scanning services.
Printrak finished the year by acquiring the computer aided dispatch (CAD) and records management systems (RMS) unit of SCC Communications Corp., thus launching activities in Boulder, Colorado.
These acquisitions, costing millions of dollars each, increased the capabilities of Printrak. Several years later, I would be part of creating a “digital justice solution” that married AFIS, CAD, RMS, mugshot, and other services.
But not yet. Before that could happen, Printrak changed dramatically.
Printrak is acquired!
There used to be an online document that listed the entire negotiation history of what happened after these acquisitions, but I can no longer access that document. Instead, I found a document that lists the final results:
“ITEM 5. OTHER EVENTS On August 28, 2000, Printrak International Inc. (the “Registrant”) issued a press release regarding an agreement (the “Merger Agreement”) among Motorola, Inc. (“Motorola”), the Registrant, Panther Acquisition Corp., a wholly-owned subsidiary of Motorola (“Acquisition Sub”) and the Giles Living Trust UDT dated December 17, 1993, The Giles Family Foundation, and The Smith Family Revocable Trust dated October 2, 1992 (collectively referred to herein as the “Registrant’s Majority Stockholders”) pursuant to which Acquisition Sub will be merged (the “Merger”) with and into Registrant, with Registrant surviving the Merger as a wholly-owned subsidiary of Motorola. On August 28, 2000 the Registrant’s Majority Stockholders executed a written consent of stockholders approving the terms and authorizing the execution of the Merger Agreement by the Registrant. Under the Merger Agreement, Motorola has agreed to pay $12.1406 per share for all the outstanding common stock and common stock equivalents of Registrant for an aggregate merger consideration of approximately $160 million.”
In the language above, the two “Giles” entities were controlled by Richard Giles, who had joined De La Rue Printrak and then purchased the Printrak part from De La Rue. The Smith Family Revocable Trust was controlled by Charles Smith, another Printrak employee. While Printrak was a publicly traded entity, Richard Giles held over half the shares, and therefore had the power to sell, provided that the deal received the proper approvals from the United States, Argentina, Brazil, Germany, Romania, and other countries.
Why did Motorola want to acquire Printrak? Because Motorola needed a CAD product to pair with its significant business in police radios. And among Printrak’s acquisitions was a division with a CAD product, making that acquisition by far the most significant of the three acquisitions from 1997. Microfiche went nowhere, and the fact that the present company DataWorks Plus was founded in 2000 in Greenville, South Carolina is no accident.
But returning to Printrak, its growth through acquisitions made Printrak itself an acquisition target.
SCC, Sunrise Imaging, Printrak…and Motorola.
Morpho acquires…
Fast forward a few years, and a lot had happened at the Motorola company that Printrak joined. I won’t go into the history of Motorola during that decade, but by 2008 the company was shedding businesses that weren’t critically important. The CAD and RMS business was critically important, but the fingerprint business—the original pre-1997 Printrak—was not.
“In the late 1970s, a computer engineering subsidiary of France’s largest financial institution responded to a request by the French Ministry of Interior to work on automated fingerprint processing for the French National Police. Later, this company joined with the Morphologic Mathematics Laboratory at the Paris School of Mines to form a subsidiary called Morpho Systems that went on to develop a functioning [AFIS].”
Morpho Systems and its North American subsidiary were acquired by several companies in succession, the last being Safran.
And Safran thought that Motorola’s “Biometric Business Unit” would complement its existing biometric activities. So Safran purchased the unit (including me) from the willing seller Motorola, which became part of MorphoTrak.
“By 2011, Safran decided that it needed additional identity capabilities, so it acquired L-1 Identity Solutions and renamed the acquisition as MorphoTrust.”
These various acquisitions strengthened Safran’s identity and biometric capabilities, which was good because Safran’s competitors were also busy. Eventually the entire identity and security business was renamed “Morpho” after the little old French company from the 20th century. This was a major division within Safran’s empire…
Morpho is acquired!
…but Safran remained an aerospace/defense company, and Morpho was a distraction.
The point I want to make? Morpho’s growth through acquisitions made Morpho itself an acquisition target.
Motorola’s Biometric Business Unit, L-1 Identity Solutions, Morpho…and Advent International.
Incode acquires…
Now before someone slams me, I’m not making any predictions, just some observations.
Now let’s look at my former employer Incode. Unlike Printrak, Incode is not a publicly-traded firm. Like IDEMIA, Incode is held by private investors, although in Incode’s case there are multiple investors, not just one. Incode’s investors include General Atlantic, Softbank, J. P. Morgan, and others.
Lately Incode has been on an acquisition spree of its own.
Now remember that Incode’s investors didn’t invest just because they want to see cool technologies. They invested because they want to make money. And these moves potentially strenghthen Incode so that its investors may make a profit through an Incode IPO…
…or an acquisition of Incode by another entity, which would continue the consolidation of the identity/biometric industry.
To hear some people discuss remote work, they lay it on thick on the “work from anywhere” part of it. (Provided that your legal residence is in a jurisdiction where your company or your employer is authorized to conduct business.)
Imagen 4.
You know, “Here I am in a villa on the beach for the week! #livingthenomadlife”
Well, I’ve performed a lot of remote work for IDEMIA, Bredemarket, Incode, and other companies in my day, but usually not in a visitors’ bureau featured location.
Imagen 4.
Here’s where I’ve worked remotely over the last few years:
Spring 2019: a hotel in San Diego, California for IDEMIA’s Public Safety User Conference. The usual routine, spending half my time in our private command center coordinating sessions and speakers, and the other half of my time everywhere else.
Spring 2020-present: my home in Ontario, California. IDEMIA sent us home during COVID, where I worked for IDEMIA, then Bredemarket, then Incode, then Bredemarket again. The big highlight of my career was when my 25 square foot working space (as declared for tax purposes) moved from the front bedroom to the middle bedroom.
Fall 2020: a relative’s house in northern Alabama. I made vacation airline reservations before my COVID-related layoff, and it made no sense to cancel them so I went. It ended up being a working vacation, participating in an interview in which I was quoted in a German language publication, and making connections with two companies that would become Bredemarket clients.
Spring 2023: an office in Mexico City. This was an Incode offsite originally planned for the summer of 2022 but delayed. Many high points, but the low point was an earthquake drill that required us to walk down several flights of stairs…then walk back up those same flights of stairs. This was worse than the real earthquake that happened that week.
Imagen 4.
Which brings me to today and my new nomad location, a relative’s house in California. The relative is having outpatient surgery as I type this, and I’m staying overnight until he recovers.
Not exactly the romantic nomad life of exotic locations, but it definitely provides flexibility so that I can continue to work and take care of personal business.
This is a real picture. Fancy, huh?
Only problem: I forgot to bring my swimsuit.
But I will be performing some client work over the next two days.
And I could have been performing client work for you, but I guess that will have to wait until I return to my regular 25 square foot remote location. Book a meeting if Bredemarket can help you create content…from any location.
“So depending upon your needs, you can argue that”
This frame was followed by three differing answers to the “Where is ByteDance From?” question.
But isn’t there only one answer to the question? How can there be three?
It all depends upon your needs.
Who is the best age estimation vendor?
I shared an illustrative example of this last year. When the National Institute of Standards and Technology (NIST) tested its first six age estimation algorithms, it published the results for everyone to see.
“Because NIST conducts so many different tests, a vendor can turn to any single test in which it placed first and declare it is the best vendor.
“So depending upon the test, the best age estimation vendor (based upon accuracy and or resource usage) may be Dermalog, or Incode, or ROC (formerly Rank One Computing), or Unissey, or Yoti. Just look for that “(1)” superscript….
“Out of the 6 vendors, 5 are the best. And if you massage the data enough you can probably argue that Neurotechnology is the best also.
“So if I were writing for one of these vendors, I’d argue that the vendor placed first in Subtest X, Subtest X is obviously the most important one in the entire test, and all the other ones are meaningless.”
Are you the best? Only if I’m writing for you
I will let you in on a little secret.
When I wrote things for IDEMIA, I always said that IDEMIA was the best.
When I wrote things for Incode, I always said that Incode was the best.
And when I write things for each of my Bredemarket clients, I always say that my client is the best.
I recently had to remind a prospect of this fact. This particular prospect has a very strong differentiator from its competitors. When the prospect asked for past writing samples, I included this caveat:
“I have never written about (TOPIC 1) or (TOPIC 2) from (PROSPECT’S) perspective, but here are some examples of my writing on both topics.”
I then shared four writing samples, including something I wrote for my former employer Incode about two years ago. I did this knowing that my prospect would disagree with my assertions that Incode’s product is so great…and greater than the prospect’s product.
If this loses me the business, I can accept that. Anyone with any product marketing experience in the identity industry is guaranteed to have said SOMETHING offensive to most of the 80+ companies in the industry.
How do I write for YOU?
But let’s say that you’re an identity firm and you decide to contract with Bredemarket anyway, even though I’ve said nice things about your competitors in the past.
How do we work together to ensure that I say nice things about you?
By the time we’re done, we have hopefully painted a hero picture of your company, describing why you are the preferred solution for your customers—better than IDEMIA, Incode, or anyone else.
(Unless of course IDEMIA or Incode contracts with Bredemarket, in which case I will edit the sentence above just a bit.)
So let’s talk
If you would like to work with Bredemarket for differentiated content, proposal, or analysis work, book a free meeting on my “CPA” page.
Upload PDFs, websites, YouTube videos, audio files, Google Docs, or Google Slides, and NotebookLM will summarize them and make interesting connections between topics, all powered by Gemini 1.5’s multimodal understanding capabilities.
With all of your sources in place, NotebookLM gets to work and becomes a personalized AI expert in the information that matters most to you….
Our new Audio Overview feature can turn your sources into engaging “Deep Dive” discussions with one click.
I uploaded the most recent version of my resume to NotebookLM.
Technically, this is not my resume; this is a PDF version of a portion of my LinkedIn profile. But my resume has similar information.
NotebookLM used the resume as source material to create a 20+ minute podcast called “Career Detective.” In the podcast, a male and a female pair of bots took turns discussing the insights they gleaned from the resume of John E. “Breedehoft.” (I use a short e, not a long e, but people can call me anything if I get business from it.)
Surprisingly, they didn’t really hallucinate. Or at least I don’t think they did. When the bots said I was deeply qualified, as far as I’m concerned they were speaking the truth.
They even filled in some gaps. For example, I used the acronyms for KYC, KYB, and AML on my resume to save space, so one of the bots explained to the other what those acronyms meant, and why they were important.
Probably the most amusing part of the podcast was when they noted that I had worked at two very large companies. (Just so you know, my resume only goes back to 2015, so Motorola isn’t even discussed.) While Incode and IDEMIA are both multinationals, I wouldn’t characterize Incode as massive.
Anyway, judge for yourself
So here’s the audio episode of “Career Detective” that focuses on…me.
By the way, I learned about NotebookLM via the Never Search Alone Slack workspace, but still need to explore NotebookLM’s other features.
Bredemarket 