Identity/biometrics/technology marketing and writing services
When using your passport to travel internationally, sometimes you need a visa to enter a country.
And sometimes you don’t.
“The country of Uzbekistan will lift visa requirements for U.S. travelers starting Jan. 1, 2026, offering Americans another country to visit visa-free. The police change, which was recently confirmed by the government, will allow U.S. citizens to enter visa-free for up to 30 days.”
Just don’t bring your surfboards. Uzbekistan is double-landlocked.
Some turkeys are not staying for dinner Thursday. They’re flying away. Yes, turkeys can fly…if they have a valid passport.
(Imagen 4)
This post provides an update on election integrity, which I haven’t discussed since March.
The update? Assemblymember Carl DeMaio wants to put a proposition on the 2026 California ballot that achieves three purposes:
Let’s go through these…backwards.
The third proposal about authenticating mail-in ballots is silly.
The mere fact that someone knows the last four digits of a Social Security Number does NOT prove that the person is the valid holder of the Social Security Number in question.
Frankly, I’m surprised that DHS released Leonardo Garcia Venegas just because he knew a Social Security Number. Of course, I’m also surprised that they determined his REAL ID was fake.
Which brings us to the second proposal about requiring a government ID for in-person voting.
I’ve already addressed why this is silly. The short version? Election precinct workers have neither the equipment nor the training to tell whether a government ID is real or fake.
That only leaves the first one, proving citizenship at voter registration. This one is technically feasible; the feds do it all the time. The California Secretary of State could merely adapt the federal I-9 process to the state level; I’m sure Janice Kephart and her company ZipID would love to help the state with that.
Especially since the requirement for election integrity dictates that all of California’s existing voters would need to re-register to prove their citizenship.
All 22+ million of them.
Because if you DO NOT require all California voters to re-register, the whole exercise is pointless.
There have been many recent stories about Transportation Security Administration (TSA) capture of the facial images of travelers, an outgrowth of the same post-9/11 concerns that resulted in REAL IDs in 2008…I mean 2025. (Maybe.)
One story from HuffPost clearly states its view on the matter. The title of the story? “Why You Can (And Should) Opt Out Of TSA Facial Recognition Right Now.”
I guess we know where HuffPost stands.
As to the “why” of its stance, here’s a succinct statement:
“Do you really want to be submitting a face scan to the current U.S. government?”
And perhaps there are good reasons to distrust the Trump Administration, or any administration.
After all, the TSA says it only retains the picture for a limited time: “Photos are not stored or saved after a positive ID match has been made, except in a limited testing environment for evaluation of the effectiveness of the technology,”
But maybe…something happens. Someone accidentally forgot to delete the files. Oops.
And if something happens, the federal government has just captured an image of your face!
Guess what? The federal government can probably already get an image of your face, even if you don’t allow TSA to take your photo.
After all, you had to show some sort of identification when you arrived at that TSA checkpoint. Maybe you showed a passport, with a picture that the U.S. State Department received at one point. No, they don’t retain them either. But maybe…something happens.
But who does retain an image of your face?
Your state driver’s license agency. And as of 2019:
“Twenty-one states currently allow federal agencies such as the FBI to run searches of driver’s license and identification photo databases.”
So if a federal agency wants your facial image, it can probably obtain it even if you decline the TSA photo request.
Unless you strictly follow Amish practices. But in that case you probably wouldn’t be going through a TSA checkpoint anyway.
But if you are with a facial recognition company, and you want your prospects and their prospects to understand how your solution protects their privacy…
Bredemarket can help:
Book a call: https://bredemarket.com/cpa/
(Security checkpoint picture generated by Imagen 3)
Back in 2023, I wrote “How to Vote Fraudulently in a Voter ID State.” But that only works if the voter ID state fails to protect its precincts from fake IDs.
Here is an example of voter ID legislation, this one from South Dakota.
12-18-6.1. Voters required to provide identification before voting.
When the voter is requesting a ballot, the voter shall present a valid form of personal identification. The personal identification that may be presented shall be either:
(1) A South Dakota driver’s license or nondriver identification card;
(2) A passport or an identification card, including a picture, issued by an agency of the United States government;
(3) A tribal identification card, including a picture; or
(4) A current student identification card, including a picture, issued by a high school or an accredited institution of higher education, including a university, college, or technical school, located within the State of South Dakota.
Source: SL 2003, ch 82, § 1; SL 2004, ch 108, § 3; SL 2006, ch 71, § 1.
As most people know, legislators only define the law in broad strokes. It is up to the executive to figure out the details of how to implement the law.
So how does the South Dakota Board of Elections determine that the presented identification is valid?
Does every precinct worker in South Dakota possess a copy of a guide (such as this one) that includes, among other items:
“Explanation of what the proper alphanumeric sequencing of a South Dakota ID or Driver’s License should be (how many letters, numbers, etc.).”
In addition, does every precinct worker in South Dakota have access to software and equipment (such as this one that uses “white, infrared, ultraviolet and coaxial lights”) that detects deepfake IDs? This one has a $1,600 list price. You can get cheaper ones that only support white light and can’t detect the other security features, but such readers would violate the law.
If the state can negotiate a discount of $1,000 per reader, then you can equip almost 700 precincts for less than $1 million (excluding training and maintenance, and assuming only 1 reader per precinct). A small price to pay for democracy.
Unfortunately, I could not find Regula in the list of certified South Dakota voting equipment. Perhaps South Dakota uses a competitor.
Of course voter ID fraud doesn’t just affect South Dakota, as I previously noted. But even if South Dakota doesn’t equip its precinct workers to reject voters with fake IDs, I’m sure the other states do.
Well, maybe not Alabama.
(Chiang and Mao in 1945, Public Domain)
When you obtain a government ID from one national government, you normally don’t get a second government ID from a different national government, unless you hold dual citizenship.
But for some pairs of countries, dual citizenship is untenable.
“President Lai Ching-te (賴清德) has cautioned Taiwanese citizens against China’s reported efforts to lure them into applying for Chinese ID cards and residency permits.”
Because Taiwan is a contested territory, acceptance of People’s Republic of China IDs could resulted in PRC claims to Taiwan…to protect its citizens there. Therefore Taiwan really discourages this.
“According to local regulations, citizens who receive a Chinese ID will have their Taiwanese household registration revoked.”
And we thought that moving Meta’s trust and safety teams from California to Texas was a big deal. At least the states of California and Texas are not launching military strikes against each other.
At least not yet.
In a recent conversation with a client, I was reminded that procedures in one country may not be followed in another. For example, the process of getting a U.S. passport differs from the process to get one in France.
The client asked me about my experience with centralized and decentralized ID document issuance systems.
It turns out I was experienced in both based upon my time at IDEMIA. State agencies can manufacture driver’s licenses either via a dencentralized process where the driver’s license is printed at your local DMV office while you wait, or via a centralized process where all the driver’s licenses are produced at a secure facility which may or may not be located in the state in question. IDEMIA maintains several such centralized facilities to produce driver’s licenses and credit card-related materials, and they’re so secure that even when I was an IDEMIA employee I was not allowed to enter them.
But then the client asked about passports.
When I joined Incode Technologies in May 2022, I had to quickly renew my passport so that I could attend a possible meeting in Mexico City. And it’s a good thing I did, because that meeting occurred soon afterwards…well, if you consider April 2023 “soon afterwards.”
My passport had expired in 2020, but I was able to renew my passport anyway with a fairly simple procedure.
I forget how many weeks it took me to get my new passport, but I requested an expedited process so it couldn’t have been that many weeks.
This isn’t always true. If you don’t expedite the process, and if there’s a heavy backlog, it could take more than a month to get your passport.
After my meeting with the client, I was curious about the passport policies in other countries, and ran across this Expatica description of French passport production.
Let’s skip right to the biggest difference between France and the United States:
The passport will take a few days to process.
Uh…what?
Not “the passport will take a few days to process if you pay rush fees.”
It will take a few days to process, period.
And no, this isn’t because the United States is larger than France. The same time period applies if you apply for a passport in one of France’s scattered overseas departments, or at a French embassy or consulate.
So how do they do it?
First off, you don’t need to mail a bunch of stuff off to a centralized office. You can simply go to your local town hall (mairie), embassy, or consulate. You need the following:
Once your bring everything to the mairie, your passport is processed within a few days. (OK, perhaps slightly longer in the summer.) When it’s ready you go back to the mairie, sign your passport, and take it with you to travel to all of the countries you can visit with a French passport. (More than with a United States passport.)
My research hasn’t yet uncovered a country where you can get your passport on the same day you apply for it, but such a timeframe is theoretically possible.
This isn’t a current concern of mine since Bredemarket only deals with U.S. firms, but some of these firms are multinational and may ask me to create written content regarding their installation in Vietnam or wherever.
Always ask what the local practice is and don’t assume that the locals do things like we do in Southern California.
I’ve talked about synthetic identity fraud a lot in the Bredemarket blog over the past several years. I’ll summarize a few examples in this post, talk about how to fight synthetic identity fraud, and wrap up by suggesting how to get the word out about your anti-synthetic identity solution.
But first let’s look at a few examples of synthetic identity.
As far back as December 2020, I discussed Kris’ Rides’ encounter with a synthetic employee from a company with a number of synthetic employees (many of who were young females).
More recently, I discussed attempts to create synthetic identities using gummy fingers and fake/fraudulent voices. The topic of deepfakes continues to be hot across all biometric modalities.
I shared a video I created about synthetic identities and their use to create fraudulent financial identities.
I even discussed Kelly Shepherd, the fake vegan mom created by HBO executive Casey Bloys to respond to HBO critics.
And that’s just some of what Bredemarket has written about synthetic identity. You can find the complete list of my synthetic identity posts here.
It isn’t enough to talk about the fact that synthetic identities exist: sometimes for innocent reasons, sometimes for outright fraudulent reasons.
You need to communicate how to fight synthetic identities, especially if your firm offers an anti-fraud solution.
Here are four ways to fight synthetic identities:
If you conduct all four tests, then you have used multiple factors of authentication to confirm that the person is who they say they are. If the identity is synthetic, chances are the purported person will fail at least one of these tests.
If you fight synthetic identity fraud, you should let people know about your solution.
Perhaps you can use Bredemarket, the identity content marketing expert. I work with you (and I have worked with others) to ensure that your content meets your awareness, consideration, and/or conversion goals.
How can I work with you to communicate your firm’s anti-synthetic identity message? For example, I can apply my identity/biometric blog expert knowledge to create an identity blog post for your firm. Blog posts provide an immediate business impact to your firm, and are easy to reshare and repurpose. For B2B needs, LinkedIn articles provide similar benefits.
If Bredemarket can help your firm convey your message about synthetic identity, let’s talk.
It’s often good to use emotion in your marketing.
For example, when biometric companies want to justify the use of their technology, they have found that it is very effective to position biometrics as a way to combat sex trafficking.
Similarly, moves to rein in social media are positioned as a way to preserve mental health.
Now that’s a not-so-pretty picture, but it effectively speaks to emotions.
“If poor vulnerable children are exposed to addictive, uncontrolled social media, YOUR child may end up in a straitjacket!”
In New York state, four government officials have declared that the ONLY way to preserve the mental health of underage social media users is via two bills, one of which is the “New York Child Data Protection Act.”
But there is a challenge to enforce ALL of the bill’s provisions…and only one way to solve it. An imperfect way—age estimation.
This post only briefly addresses the alleged mental health issues of social media before plunging into one of the two proposed bills to solve the problem. It then examines a potentially unenforceable part of the bill and a possible solution.
On October 11, a host of New York State government officials, led by New York State Attorney General Letitia James, jointly issued a release with the title “Attorney General James, Governor Hochul, Senator Gounardes, and Assemblymember Rozic Take Action to Protect Children Online.”
Because they want to protect the poor vulnerable children.
And because the major U.S. social media companies are headquartered in California. But I digress.
So why do they say that children need protection?
Recent research has shown devastating mental health effects associated with children and young adults’ social media use, including increased rates of depression, anxiety, suicidal ideation, and self-harm. The advent of dangerous, viral ‘challenges’ being promoted through social media has further endangered children and young adults.
From https://ag.ny.gov/child-online-safety
Of course one can also argue that social media is harmful to adults, but the New Yorkers aren’t going to go that far.
So they are just going to protect the poor vulnerable children.
This post isn’t going to deeply analyze one of the two bills the quartet have championed, but I will briefly mention that bill now.
Previous efforts to control underage use of social media have faced legal scrutinity, but since Attorney General James has sworn to uphold the U.S. Constitution, presumably she has thought about all this.
Enough about SAFE for Kids. Let’s look at the other bill.
The second bill, and the one that concerns me, is the “New York Child Data Protection Act” (S7695/A8149). Here is how the quartet describes how this bill will protect the poor vulnerable children.
With few privacy protections in place for minors online, children are vulnerable to having their location and other personal data tracked and shared with third parties. To protect children’s privacy, the New York Child Data Protection Act will prohibit all online sites from collecting, using, sharing, or selling personal data of anyone under the age of 18 for the purposes of advertising, unless they receive informed consent or unless doing so is strictly necessary for the purpose of the website. For users under 13, this informed consent must come from a parent.
From https://ag.ny.gov/child-online-safety
And again, this bill provides a BIPA-like mechanism for parents or guardians (and their lawyers) to sue for damages.
But let’s dig into the details. With apologies to the New York State Assembly, I’m going to dig into the Senate version of the bill (S7695). Bear in mind that this bill could be amended after I post this, and some of the portions that I cite could change.
The “definitions” section of the bill includes the following:
“MINOR” SHALL MEAN A NATURAL PERSON UNDER THE AGE OF EIGHTEEN.
From https://www.nysenate.gov/legislation/bills/2023/S7695, § 899-EE, 2.
This only applies to natural persons. So the bots are safe, regardless of age.
Speaking of age, the age of 18 isn’t the only age referenced in the bill. Here’s a part of the “privacy protection by default” section:
§ 899-FF. PRIVACY PROTECTION BY DEFAULT.
1. EXCEPT AS PROVIDED FOR IN SUBDIVISION SIX OF THIS SECTION AND SECTION EIGHT HUNDRED NINETY-NINE-JJ OF THIS ARTICLE, AN OPERATOR SHALL NOT PROCESS, OR ALLOW A THIRD PARTY TO PROCESS, THE PERSONAL DATA OF A COVERED USER COLLECTED THROUGH THE USE OF A WEBSITE, ONLINE SERVICE, ONLINE APPLICATION, MOBILE APPLICA- TION, OR CONNECTED DEVICE UNLESS AND TO THE EXTENT:
(A) THE COVERED USER IS TWELVE YEARS OF AGE OR YOUNGER AND PROCESSING IS PERMITTED UNDER 15 U.S.C. § 6502 AND ITS IMPLEMENTING REGULATIONS; OR
(B) THE COVERED USER IS THIRTEEN YEARS OF AGE OR OLDER AND PROCESSING IS STRICTLY NECESSARY FOR AN ACTIVITY SET FORTH IN SUBDIVISION TWO OF THIS SECTION, OR INFORMED CONSENT HAS BEEN OBTAINED AS SET FORTH IN SUBDIVISION THREE OF THIS SECTION.
From https://www.nysenate.gov/legislation/bills/2023/S7695
So a lot of this bill depends upon whether a person is over or under the age of eighteen, or over or under the age of thirteen.
And that’s a problem.
The bill needs to know whether or not a person is 18 years old. And I don’t think the quartet will be satisfied with the way that alcohol websites determine whether someone is 21 years old.
This age verification method is…not that robust.
Attorney General James and the others would presumably prefer that the social media companies verify ages with a government-issued ID such as a state driver’s license, a state identification card, or a national passport. This is how most entities verify ages when they have to satisfy legal requirements.
For some people, even some minors, this is not that much of a problem. Anyone who wants to drive in New York State must have a driver’s license, and you have to be at least 16 years old to get a driver’s license. Admittedly some people in the city never bother to get a driver’s license, but at some point these people will probably get a state ID card.
What are these people supposed to do? Provide a birth certificate? And how will the social media companies know if the birth certificate is legitimate?
But there’s another way to determine ages—age estimation.
As long-time readers of the Bredemarket blog know, I have struggled with the issue of age verification, especially for people who do not have driver’s licenses or other government identification. Age estimation in the absence of a government ID is still an inexact science, as even Yoti has stated.
Our technology is accurate for 6 to 12 year olds, with a mean absolute error (MAE) of 1.3 years, and of 1.4 years for 13 to 17 year olds. These are the two age ranges regulators focus upon to ensure that under 13s and 18s do not have access to age restricted goods and services.
From https://www.yoti.com/wp-content/uploads/Yoti-Age-Estimation-White-Paper-March-2023.pdf
So if a minor does not have a government ID, and the social media firm has to use age estimation to determine a minor’s age for purposes of the New York Child Data Protection Act, the following two scenarios are possible:
Is age estimation “good enough for government work”?
Gambling is becoming acceptable in more and more places.
When I was young, and even when I got older, the idea of locating a pro sports team in Las Vegas, Nevada was unthinkable. In the last few years, that has changed dramatically.
Well, now that gambling for adults has become more and more acceptable (although adults in my home state of California still can’t gamble by phone), now attention is focusing on child gambling.
And no, the kids aren’t gambling U.S. currency, according to TechCrunch.
In a new class action lawsuit filed in the Northern District of California this week, two parents accuse Roblox of illegally facilitating child gambling.
While gambling is not allowed on the platform, which hosts millions of virtual games that cater to children and teens, the lawsuit points to third-party gambling sites that invite users to play blackjack, slots, roulette and other games of chance using Roblox’s in-game currency.
From https://techcrunch.com/2023/08/18/roblox-children-gambling-class-action-lawsuit-robux/?_hsmi=271025889
I’m not going to concentrate on Roblox here, but on the other defendants—the ones who actually operate the sites that allegedly allow child gambling.
The lawsuit specifically names RBXFlip, Bloxflip and RBLXWild as participants in “an illegal gambling operation that is preying on children nationwide.”
From https://techcrunch.com/2023/08/18/roblox-children-gambling-class-action-lawsuit-robux/?_hsmi=271025889
But according to Bloxflip’s Terms of Service, it’s impossible that children can be using the site, because the Terms of Service prohibit this.
By accessing Bloxflip or using the Services, you accept and agree to our website policies, including these Terms of Service, and you certify to us that (i) you are eighteen (18) years of age or older, and are at least the age of majority in your jurisdiction, (ii) you are not a resident of Washington, (iii) you have the legal capacity to enter into and agree to these Terms of Service, (iv) you are using the Services freely, voluntarily, willingly, and for your own personal enjoyment, and (v) you will only provide accurate and complete information to us and promptly update this information as necessary to maintain its accuracy and completeness.
From https://bloxflip.com/terms
However, stating a minimum age in your TOS is even less effective than other common age verification methods, such as
As more and more companies are realizing, however, there are other ways to measure customer ages, including a comparison of a live face with a government-issued identification card (driver’s license or passport), or the use of “age estimation” software to ensure that a 12 year old isn’t gambling. (And don’t forget that NIST will test age estimation software as part of its FATE testing.)
Even when the kids aren’t gambling legal currency.
Bredemarket