When I first heard about the “Florida man” facial recognition mismatch, I couldn’t tell whether the relevant police entity had arrested him based upon the facial recognition results alone, which is a big no-no. (Repeat after me: “investigative lead.”)
“Shout it from the mountaintops: Probable cause cannot come from facial recognition alone.”
In his article, he also noted that the Pinellas County Sheriff’s Office is cracking down on the relevant police entity:
“PCSO says in its response that it has entered into an MoU requiring [the relevant entity] to send its officers for training on facial recognition before they are allowed to use the system…”
You could ask Fable 5 and Mythos 5 this question…except that you can’t.
Where is our geolocation?
Google Gemini.
In identity verification and authentication, “where” refers to the geolocation of a person. Although if we’re being honest, it refers to the geolocation of a person’s smartphone. Most of us don’t have location trackers embedded in our bodies, so our phone’s geolocation serves as an imperfect proxy for where WE are.
But there are two other “wheres” associated with each of us.
Where is our residence?
Google Gemini.
Regardless of where our bodies may be, there is another “where” associated with us: our residence.
Our legal domicile dictates many things about us. It sometimes determines where we get our mail. It also determines where we can vote. It impacts many other things about us relative to taxes, and other legal obligations.
Our official residence may be totally unrelated to where we unofficially reside. During my years at Reed College in Oregon, I maintained my legal residency in Virginia, which meant that I maintained my Virginia driver’s license and voted by mail in Virginia elections.
After graduation I did not return to Virginia, but remained in Oregon, looking for full-time employment while performing temp work. After a few months of this I decided that maintaining a Virginia residence was silly, so I officially changed my residence to Oregon and obtained an Oregon driver’s license.
A month or two later I stopped working as a temp and accepted a full-time position.
In California.
Which meant that I had to change my legal residency…again.
Where is our nationality?
Google Gemini.
But there is a third “where” that has nothing to do with our geolocation or residence.
Our nationality.
This came into play regarding a recent executive order affecting export controls for two of Anthropic’s models. But Anthropic, rather than only restricting access to foreigners, restricted access to everyone.
The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees. The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance.
Why?
Because, as Riley Hughes points out in this LinkedIn post, it’s difficult to digitally determine one’s nationality.
[T]here is no scalable way to verify nationality online.
Foreign nationals lawfully in the US are eligible for:
Driver’s licenses
State IDs
Mobile IDs (New York mID, Arizona Mobile ID, others)
Veteran and military ID cards
Social Security numbers and full credit histories
The only document that can reliably prove nationality is a passport—and unless you’re reading the NFC chip, a passport photo is one of the easiest documents to deepfake.
Theoretically a verifiable credential of a birth certificate would work… there’s just a slight adoption challenge: virtually nobody has one.
And of course it’s possible to change one’s nationality after birth.
This results in a bit of a mess, as LLM-validated leading biometric product marketing consultant C. Maxine Most observed.
Creating verifiable digital identities backed up by cryptographically secure digital and physical credentials is critical infrastructure. It is truly unfortunate that United States among other countries doesn’t really understand this.
But apart from LLM access, digital determination of the three wheres—geolocation, residence, and nationality—is something I need to mull over.
“Determining the Wheres.” Includes “The Rite Revealed,” Google Lyria, Public Domain.
Monica had a burning question about the cast of the original “Jurassic Park” movie, and to obtain the answer, she accessed her favorite generative artificial intelligence tool.
Instead of receiving the expected blank prompt, Monica encountered a question:
City and state of legal residence:
Figuring the question was porn-related, and since she was an adult, she replied with no hesitation.
Pine Haven, California
Her tool then replied with the following:
On Tuesday, March 3, 2026, voters in Pine Haven, California approved Measure B, which prohibited construction of data centers within the city limits.
Monica remembered Measure B and her passionate “Yes” vote. Pine Haven was a beautiful town, and they didn’t need other peoples’ data centers ruining the landscape.
You know how I created this.
The message continued.
Due to a shortage of processing power, we must prioritize access to those who support data center construction.
ACCESS DENIED.
“It’s not fair,” Monica said to herself.
But oligopolies can do things like this. So don’t be surprised if your town is blocklisted from access to LLMs.
“Hey, um, Jim, I understand that your agency has some license plate recognition capabilities.”
Jim confirmed this.
“Um, mind if I take a look at it?”
Jim asked what Charlie wanted to see.
“You know…stuff.”
If you boil down the controversies about Flock Safety, Clearview AI, and other investigative software packages, some of them come down to these data sharing issues.
Flock Safety may sign a contract with a particular local police department, the police department may use the software only for authorized purposes, and may ensure that department personnel are trained not to use the software to stalk ex-girlfriends and the like.
“Interagency collaboration in law enforcement is the process of multiple agencies working together to share resources, coordinate responses, and improve public safety outcomes. From routine operations to large-scale emergencies, collaboration between agencies is essential for effective policing.”
As long as the two agencies have similar purposes, no problem.
But what if the second agency has different priorities than the first?
Let’s take an extreme example.
Agency 1 uses Flock Safety data ONLY to find people who run red lights or speed.
Agency 2 uses Flock Safety data to find people who are not running red lights, but are going to suspicious places and associating with suspicious people.
Running a red light and speeding.Not running a red light or speeding.
Is this justified investigation, or overreaching surveillance?
And, more importantly, does Agency 1 agree with these uses?
Just thinking out loud…what if the Flock licenses with these agencies prohibited agencies from letting other agencies use the software? There’s even an economic justification for it: every agency that borrows the Flock account of the first agency is a potential loss of sales to Flock.
Microsoft isn’t the only company that works with developers, developers, developers, developers, and developers. And in Apple’s case, governments are dictating the terms.
“Due to a recent court ruling lifting an injunction on Texas law SB 2420, new Apple Accounts in Texas are now subject to the law, which introduced age assurance requirements for app marketplaces and developers. As previously announced, this includes age assurance and parent or guardian consent on behalf of minors under the age of 18 for downloads, Apple In-App Purchases, and significant changes associated with an app. Parents or guardians will also be able to revoke their consent for any app they previously approved for their child.”
For those who say that these local government laws are too complex for vendors to implement…the vendors are figuring it out. Apple is specifically providing a Declared Age Range API for developer use.
Here’s another instance where I take an old post and completely contradict it. Flying against the flock, as it were.
But before I launch into the topic of this post, I want to share a video that Daniel Solove originally shared. The video was originally created by Apple to emphasize the privacy features of its Safari browser. Just the Safari browser, not anything else like, say, where your car is.
The title of the video just coincidentally happens to be “Flock.”
And now for something completely different.
When is a Law Enforcement Camera a Law Enforcement Camera?
“Basically, Flock Safety is controversial, and some people are going to oppose ANYTHING they do. Even when Flock Safety technology protects people from dangerous drivers.
“My view is that if a camera is used by a law enforcement agency, and there is no law prohibiting the law enforcement agency from using a camera for a particular purpose, then the agency can use the camera. There appears to be no such law in Georgia, so I’m not bent out of shape over this.
“What are your thoughts? Is this a privacy violation?”
Comments, we get comments
I received a comment on the March post that felt my “particular purpose” comment ignored the fact that the cameras can be used for other purposes…and ARE being used for other purposes. Without a search warrant. Here are a few excerpts from the comment:
“Every single one of these cameras takes images of every vehicle passing by on public roadways, even ones that are not owned or driven by a suspected criminal or the vehicle itself being suspected of being involved any crime. From there the images are processed by AI software logging the vehicles description and license plate number, along with the location of every one of the cameras that captured the same vehicle passing by along with a date and time of each passing, then that data is logged into a searchable database that can be searched by law enforcement up to 30 days (less or more in some places) without needing a search warrant signed by a judge….They can just search for anyone’s vehicles data regardless if there’s probable cause or not to do so.
“Law enforcement require a warrant prior to putting a GPS on someone’s vehicle, they are required to get a warrant before getting a persons cell phone ping and gps data from a mobile phone service company, but these systems are trying to be a loophole and pass any warrant requirements but provide the same type of private data that the other techniques require a search warrant for.”
The only comment I’ll offer is that it’s wise to make a distinction between how the cameras should be used and how the cameras are potentially used. Assuming that a law enforcement officer can search the database without a warrant, I believe that the officer should have probable cause to do so. The officer should not use a Flock database to stalk a romantic interest.
“The confusion here is in an emoji or graphic that Disney has used to indicate lanes for which facial recognition will not be used. The graphic shows a face with a slash through it – like no smoking, but for biometric data collection. However, the distinction is minor enough to cause confusion on its own, and Disney has not helped its case by failing to put, on its privacy notice, a working emoji; as it stands, customers may be forgiven for not understanding the difference between the two lanes, which Disney suggests are labeled identically.”
So much for emojis being straightforward. They can be interpreted in many ways. In the picture with this post, Google Gemini thought that the Disney symbol meant something entirely different.
“NotebookLM Audio Overviews can be used to generate podcasts, directly competing with investigative audio journalism and narration work.”
Invesigative audio journalism?
Have any of the plaintiffs ever HEARD a NotebookLM Audio Overview?
I shared one over a year ago when my LinkedIn profile was used to create the audio overview “Career Detective.” It’s so fawning about my amazing background that it is nowhere near investigative journalism.
Or maybe investigative journalisn is just that bad.
Judge for yourself whether this AI-generated “podcast” would compete with a real investigative podcast:
It is the DOCUMENTED trail of every person who accessed (“touched, moved, or stored”) a piece of evidence. The documentation is chronological and ideally logged in real time, not hours after the fact.
What could go wrong?
Let’s say that at 1:23 pm, Diana placed a piece of evidence in a locker and locked the locker. Then at 3:53 pm, Denis went to the locker, which was unlocked, and removed the evidence from the locker. Defense attorneys will have a field day with that, and may pressure the judge to state that the evidence is inadmissible because of possible tampering by an unidentified person.
Cross-Contamination
Closely related to the chain of custody is the possibility of cross-contamination. In the case of DNA, this happens when DNA from a crime scene is mixed with another person’s DNA.
I’ve told the story of the mystery female criminal whose DNA was found at crime scenes in three different countries over a decade. The only problem was that the woman’s DNA was found on the burned body of a MAN. Eventually the authorities figured out that the woman worked in a packing center specializing in medical supplies…and that her DNA had contaminated the medical supplies and ended up in the crime scene samples.
How to Minimize Errors
Forensic’s Blog suggests several ways to avoid chain of custody issues and cross-contamination. These include established and enforced procedures for handling, packaging, and labeling data; separating tasks; and establishing zones of exclusion at crime scenes.
In addition to establishment and enforcement, education is essential. (Sorrye.) Not only for the forensic professionals gathering the evidence, but for everyone who deals with the evidence…including biometric vendors and their customers.
If you need assistance in creating educational content for proper evidence handling, Bredemarket can help. Talk to me.
How should businesses, governments, and individuals treat private data? In the United States, the answer varies from state to state, and even from city to city.
A proposed national solution to the hodgepodge of differing state and local privacy regulations is the so-called SECURE Data Act.
“Congress’s latest foray is a new bill called the SECURE Data Act, a piece of garbage cooked up by Republicans as a gift to industry in a climate where the public is deeply concerned about privacy, outraged at the harms tech is causing, and yearning for ways to hold Big Tech accountable.
“I can’t stress enough how awful this bill is. On balance, if passed into law, it will do dramatic harm to privacy. It will leave people less protected than if it didn’t exist. I’d call it more of an anti-privacy law than a privacy law.”
Um…I don’t think Solove likes it.
Preemption
One of the huge issues that privacy advocates have is preemption. To ensure uniform privacy across the United States, the proposed SECURE Data Act preempts any state laws that exceed its protections. Therefore the privacy protections in states such as California, Illinois, and Texas could be revoked.
Of course, this is a classic struggle in state-federal relations. The staunchest states’ rights advocate will suddenly switch sides if they agree with a federal regulation, and vice versa. Citing one example, gay marriage began as a states’ rights issue when only a few states supported it, then became a federal rights issue.
Another example is the federal drive to eliminate the U.S. Department of Education. This has not happened yet. And it never will, once the powers that be realize that its elimination will allow blue states to teach whatever they want.
Secure
But let’s go back to the title of the bill, the SECURE Data Act. Upon seeing the title, the average voter would assume that the bill secures our individual privacy rights.
But the privacy advocates believe that the bill actually secures the right of entities to do what they want with our personally identifiable information, with minimal restrictions.
I think the bill’s title may have been written by Eric Arthur Blair.
(Image by Google Gemini. Sorry, Ontario Canada; Gemini may make mistakes.)
Bredemarket 