Fingerprint Technology is the Next Privacy Catastrophe

OPMNew fallout today from the gift that keeps on giving, the Office of Personnel Management (OPM) hack. The news reports on this have focused on the standard PII elements along with the salacious possibilities associated with the disclosure information that is collected for security clearance applications.


FingerprintAn angle that has not been widely covered is the initial disclosure that 1.1 million fingerprints were also hacked. Today it is being reported that OPM has increased that number to 5.6 million fingerprints.

The nearly universal response to suggestions that people could be at risk is that the fingerprints are encrypted. Fair point, they are.

According to OPM, “federal experts believe that, as of now, the ability to misuse fingerprint data is limited.” The office acknowledged, however, that future technologies could take advantage of this information.

The government also said salt and fat were bad, and healthcare costs would go down.

Coincidentally, the NSA put out an advisory last month on Suite B elliptic curve cryptography that is widely used in the government, and is suitable for general national security use. Unlike Suite A, Suite B is widely used and available as a public standard.

According to the NSA, Suite B cryptography is not capable of withstanding advances in quantum computing.

Until this new suite (to replace Suite B) is developed and products are available implementing the quantum resistant suite, we will rely on current algorithms. For those partners and vendors that have not yet made the transition to Suite B elliptic curve algorithms, we recommend not making a significant expenditure to do so at this point but instead to prepare for the upcoming quantum resistant algorithm transition.

Well, this is reassuring… but let’s get back to the issue of fingerprint biometrics. The problem goes to the very nature of the biometric attribute itself, it is literally something about you and it is immutable. When someone hacks your fingerprints they have them forever. Forever.

I do have a horse in this race, having recently joined a speech biometrics company. Active speech verification has vulnerabilities, clearly, but one advantage over competing biometric technologies. In the event of a data breach that gives hackers the voice model data, an organization can simply force a re-enrollment for the participants and the integrity of the system is maintained. It’s the equivalent of forcing a password reset for your voice.

No system is without some vulnerability, but a system that does not provide for a reset capability is one that I have serious reservations about. With Apple TouchID and the upcoming Android M release with fingerprint support, fingerprint technology is mainstreaming. We are entering a period where fingerprint biometric data volume will explode and become an attractive target for hackers.

We’re building a speech verification and authentication service for developers who want to build speech biometrics into their apps using simple and reliable APIs. Sign up for news and launch updates, as well as early access, at

The Uncontrolled Implosion at VW

volkswagen_logo_bleeding_by_greenbob1986VW has been embroiled in a massive controversy. Here is the summary:

  1. VW has been marketing “clean diesel” technology on the basis of being environmentally friendly while also being fun to drive.
  2. Independent testing done by West Virginia University revealed that VW diesel cars were not in fact clean when compared to competitors, and exceeded EPA regulations governing emissions.
  3. VW asserted that the tests were inaccurate and offered to perform voluntary recalls to address specific issues.
  4. The EPA threatened to withhold certification for 2016 models – meaning VW would not be able to sell them.
  5. The company then admitted that they had engineered a defeat device which detected when the vehicle was undergoing emissions testing. In normal driving, the required emissions equipment was turned off.

The EPA has threatened the company with $18b in fines, which won’t come to fruition. BP paid just a 1/3 of that for their massive environmental disaster in the Gulf. It is hard to see how VW would be subject to a fine that equates to $37,344 per vehicle affected.


The damage to the VW brand is incalculable right now, but I predict it will be a death blow to them in the U.S. market. Their problem is twofold, the first is that their market share here has been stuck in perpetual single digits across categories. With the U.S. being the most competitive car market globally, every point of share comes at great cost.

The second problem is that they are now on record admitting to a conspiracy to deceive regulators and consumers alike. They have been marketing a clean diesel product that they knew was not, and worse, had engineered components in the vehicles themselves to perpetuate that deception.

This scandal is spreading, fast. The company has already admitted that they know 11 million vehicles globally have this defeat mechanism installed. Countries are opening up their own investigations daily, the damage to the brand is no longer contained the U.S.

For the foreseeable future every news story about VW will be about a scandal, every car review, even in the bought off automotive media, will be compelled to append articles about VW cars, and current customers will have to navigate recalls and sarcastic comments about their choice of vehicle.

What reason does anyone have to buy a VW in light of these revelations? While not alone in the annals of recent car company scandals, the VW one is the most brazen in concept. Toyota and GM have both suffered scandals of incompetence with air bags and ignition switches respectfully, and in all fairness a lot of people died as a result of those failures, which is not the case with VW. Toyota and GM also have market leader positions while VW is a third tier player in the U.S. market, which doesn’t provide the company with much inertia to ride this out.

I think they are done. Call the moving company and buy your tickets back to Wolfsburg. At least they still have Audi and, thus far, they have not been implicated in this scandal.

Apple Shutters Hopstop

Hopstop was a revelation to me, a legitimate ah-ha moment. The light bulb brightly shining in front of me in the form of a smartphone.

We take for granted today that Google Maps can tell us how to get anywhere, and for a generation not familiar with paper maps, that was a pretty big deal. It wasn’t always like this and through the development phase of this technology it remained car-centric.

HT_hopstop_nt_130719_16x9_992I was going to NYC quite a bit in 2005 and finally decided to ditch the street for the subway, but the NYC subway system can be intimidating to those not accustomed to the numbering, schedules, and transfers. Hopstop helped me make the subway a regular part of my NYC experience and in the process showed me how apps welded to smartphones with implicit geolocation capabilities could be life altering.

Apple acquired Hopstop in 2013 and announced today that the service will shutdown next month.

Apple and Google are pitched in a heated battle for your eyeballs on their maps. We’ll see more services built into their respective mapping platforms, but I’m mixed in my opinion of whether more is better when it comes to maps. The usability of maps is very often a function of the degree to which they are de-crapified. Google Maps has crammed more stuff into the basic mapping functionality and the app hasn’t become more usable as a result when it comes to the singular purpose of getting me from point A-to-B.

I appreciate how much more it does for me, and continually find new ways to use it, but Google Maps has a lot of crap that clutters up the UI. Apple Maps will no doubt suffer a similar fate as Apple races to catch up to Google in the everything-and-the-kitchen-sink phase that maps are currently in.

Hopstop will forever be held in high regard for me. It achieved a rate accomplishment of doing something far better than any competing approach while also changing my life in a good way that reshaped my expectation of all that followed.


I was listening to a media overview of the Life On Mars Project. The short version is that 6 people, 3 men and 3 women, will spend 365 in a biosphere located on the slopes of the Mauna Loa volcano in Hawaii. They will be permitted to leave the dome but will be required to wear a space suit to simulate the conditions on Mars.

In an unfortunate naming twist, the acronym for the effort is HI-SEAS. I think they should have gone with a different acronym.

The project will study the effects of long-term isolation and co-habitation. The results of the 1-year study will be used in the planning of an actual manned mission to Mars. This is certainly interesting research and the kind of work that can’t be simulated given the complexity of the human condition.

I thought it was curious that the crew features 3 men and 3 women. Given the fact that this is a 1-year project in close quarter conditions, with no external human contact, it would appear that the organizers were anticipating the human needs beyond food, shelter, clothing.

This leads to a number of interesting questions about the consequences of limited human interactions and self-enforced rules of order. What if one crewmember commits a crime against another crewmember? In a 36-foot diameter dome do you quarantine that person? Each crewmember holds specific skills that are necessary for the ongoing support of the station, putting an individual in isolation would deprive the rest of the crew of essential support.

What if someone unexpectedly binges and eats all the chocolate? Seems like a small thing but human conflict is often the result of small things piling up over time.

What happens when someone dies? This being a research project, one can presume that there would be an intervention in the event of life-threatening illness, but in space that isn’t possible so what would happen? Would you shoot the body out of a port, say a few words and move on? How do you replace the essential skills that person held?

There are obvious questions about long-term co-habitation in a small space that this research will shed light on. Entertainment, fitness, conflict resolution, communication, and mental health are all obvious questions, but it would be fascinating to learn about all the not so obvious issues that the planners have on their list.

I hope NASA departs from the usual media strategy of sunshine and rainbows to describe their work. This is a rare opportunity to shed light on the complexity of the human condition in anticipation of actual long-term cohabitation in space. I am also left to wonder why the International Space Station is not being used for this research given that it is an actual installation in outer space designed to support long-term co-habitation.

More on this topic (What's this?)
Market Outlook
Inteliquent Lands a Big One
Read more on Hong KONG&CHINA Gas at Wikinvest

Crisis Management for Lion Killers

The story of the Dr. “Lion Slayer” Palmer is all over the internet and people are outraged, for good reason. His dental practice is in limbo and he is in hiding after receiving death threats. Well done Internet… you have already surpassed the attention span of a #hashtag with this one.

I am conflicted on this story for many reasons. Big game hunting is deplorable, and there is no justification for it with licenses sold to the ultra-wealthy who are partaking in the experience for the sport of it. If the goal is herd management, have trained naturalists do the killing in a clinical manner and take advantage of the carcasses for research instead of skinning it and mounting the head as a trophy.

Here’s where my conflict hits a high pitch, the outrage that is being expressed by this story is disproportionate to the actual harm. In no small measure, this is due to the victim is an animal, a majestic animal rather than a deer or furry ground squirrel. African lions are threatened, not endangered, and the bulk of them live in a cluster of habitats like the one the one that was killed. Habitat destruction is a bigger threat to lions than hunting.

syrian atrocitiesHow do we square the universal outrage expressed about the killing of a lion with the antipathy to 200,000 people killed in Syria, including women and children gassed to death by the Assad regime? What about the near 8 million Syrians who have been forced to abandon their homes because of this civil war? Where can I post a satirical comment on Bashar al-Assad’s Yelp page?

The Internet is a marvelous creation that engages and connects people throughout the world. However, the unintended consequence of social media activism is that it is often a substitute for actual activism but with far less impressive results. We live in a world of #hashtags that create a false sense of engagement and deludes people into believing they made a difference. The half-life of a hashtag is hours; it is nothing more than an expression of vanity to attach your online personality to a cause… and then move on.

Where is the outrage about African countries selling the rights to kill these animals to the highest bidder? That, to me, is missing in focus here.

Here’s what I recommend that the Lion Slayer do to rehabilitate his image:

  1. Ride it out: We hit the crescendo of public outrage yesterday and by the end of the week the majority of people will have moved on. Making statements now does nothing to quell the firestorm and based on what he has already released, more damage is being done.
  2. Ignore the Zimbabwe authorities: This is a country run by a notorious thug, Robert Mugabe, who has ruined the economy and perpetuated many human rights abuses over his 33 year dictatorship. The U.S. ignores him, so should Palmer.
  3. Rebrand the clinic: River Bluff Dental is cooked, time to start over. He will have to actively manage the social media and review sites for NewCo. so plan on hiring a firm to do that over a protracted period of time.
  4. Focus on the local community: A dental practice is inherently local, it doesn’t matter what “Kim T. from San Gabriel, CA” thinks. Palmer needs to reach out to his local community and focus on the collective values of the practice, the people who rely on it for jobs, and the many people who have been served (apparently he is an accomplished dentist).
  5. Give up big game hunting: As already stated, it’s just immoral so give it up. Hunting is a big part of life in Minnesota so his local community will not object to hunting for local game. If he wants to go to Africa, take a camera instead of a bow.
  6. Take up animal conservation: His crime was in killing a majestic animal, the penance for that is supporting the preservation of majestic animals. I would recommend a strategy of donating a fixed percentage of revenue from the clinic to vetted causes, and being transparent about it.

If Michael Vick can rehabilitate his image after going to prison for dog fighting, I think Palmer has a good shot, no pun intended.

Tough Doesn’t Quit, Except at Breakfast

I was at a dinner on Sunday night and seated next to me was retired Admiral Eric Olson, who had a long and distinguished military career. He retired from the Navy in 2011 as the commander of the U.S. Special Operations Command. Interesting man, to say the least, but also incredibly gracious and unassuming.

I asked him what qualities he could identify that would be indicators of success as s Navy SEAL. His response was predictable in some ways, unexpected in others. Above all, he said, the SEALs look for problem-solving, intelligence and mental toughness in candidates. I expected to hear this, and he added that chess and water polo players seem particularly well suited for special operations, which certainly fits the profile.

seals-toughnessWhat he added, which was unexpected, is that they study the well-documented attrition rate during training. Within each cohort, they looked at the time of day that candidates would quit and found that the majority of drop-outs quit at breakfast and lunch. In other words, they didn’t quit during the grueling training exercises but in anticipation of them.

It makes a lot of sense in retrospect because this training program is designed to instill the commitment of team and capacity of the human body to go far beyond believed physical limits. Giving up occurs not in the moment of exertion where your team is counting on you but in the comfort of being alone and anticipating the grueling assignment.

Draw your own analogies to everyday life.

More on this topic (What's this?)
Is This The Beginning Of A Larger Equity Market Correction?
I'm Rich: Nigerian prince out, Hosni Mubarak in!
TierPoint Acquires Xand, Doubles Footprint
Jen Psaki Video: It's amateur hour at the US State Department!
Read more on Lingui Development, Admiral at Wikinvest

Corporate Activism: The Uber Edition

New York City Mayor Bill de Blasio really stepped in it by picking a fight with Uber. Acting as the puppet for the powerful taxi medallion owners in NYC, who despise Uber, the mayor proposed capping the addition of new Uber cars to 1%. Given the customer growth that Uber has been experiencing in NYC, a 1% increase in drivers would kneecap the company.

Uber fought back, which seemed to catch both City Hall and the yellow cab cartel off guard. Anyone who has watched Uber grow will tell you the company redefines the term being aggressive.

Making critical arguments that they were creating jobs, customers are being served that are neglected by taxi cabs, and the congestion claims didn’t match the numbers. Indeed, the congestion argument that De Blasio relied on was particularly curious because it is now clear that is based on anecdote.

In addition to a wave of advertising and protests by the very people who rely on Uber to earn income, Uber enlisted allies across the political spectrum. However, it was the use of the application as a tool for activating customers that is particularly brilliant. The de Blasio mode that rolled out provided every Uber customer in NYC with a picture of what service would look like if de Blasio successfully capped growth.


What is different about Uber fighting City Hall versus WalMart or an energy company, is that Uber has user experience on their side. This is where De Blasio fatally erred in taking on Uber. He attempted to use worn our arguments about safety and employee rights to define Uber as a threat to the public welfare when anyone who has ridden in a yellow cab – anywhere – will tell you it is quite the opposite. The data didn’t back up De Blasio’s claim, on the surface or at that level that we just intuitively know.

de Blasio backed down and his allies are attempting to spin a victory out of this defeat. Highlighting the fact that Uber agreed to “restrain” growth to their current level (it’s hard to imagine Uber juicing growth in NYC at this point) and sharing data for the traffic study. Make no mistake about this, it was a defeat for De Blasio and only further weakens him in the eyes of New Yorkers who are already fed up with him.

This loss comes on the heels of a humiliating showing in Albany. Mayor de Blasio sought permanent control of the city school system; instead he got a 1-year extension on the current oversight agreement. He bitterly opposes charter schools, doing the bidding for the teacher’s union, which bitterly opposes charter schools, and instead of reducing their numbers he was handed 50 more. He wanted pro-tenant changes to the rent control laws, he got nothing but a 4-year extension on the status quo. He wanted changes to the 421 real estate law, for which he got bupkis. His showing within NYC politics shows much of the same. He opposed hiring more police officers, and Bratton got 1,300 new officers pushed through.

And now he just lost to Uber.

In the end, it is customers that win. For years, the taxi industry has one constituent, regulators. The regulators derived their power from the fact that there was an organized industry to regulate and did little to improve customer experience and affordability. The money generated by taxes was spread around to mass transit projects and used to enrichen organized labor, who like the taxi industry had little incentive to improve customer experience. Just ride on San Francisco’s MUNI system, a textbook example for why a municipality should not be entrusted with public transportation.

Uber and Lyft came along and demonstrated that superior customer experience wins every time. It’s not just the taxi industry that sees this threat, cities with crowded and inefficient transit systems are watching their ridership shift to ride services and as companies introduce car-pooling services the trend will accelerate. Preparing for a long battle ahead, it is obvious that Uber and their counterparts are prepared to wage a direct and aggressive battle on behalf of their interests, and because their interests align with consumers I am okay with that.

The Coming Robot Invasion in Fast Food

102277923-IMG_3958.530x298I was driving up Woodside Road last week and the KFC store had a huge “Hiring!” banner hanging on the front of the outlet. This caught my attention for two reasons.

It’s well established that cost of living on the Peninsula is not amenable to the income generated by low skilled, fast food work. It just isn’t and raising the minimum wage or whatever you want to call it isn’t going to make a difference. As a result, few people want to work these jobs. How can you blame them if flipping burgers and banging on a cash register all day isn’t providing an income that makes it possible to cover the basics?

It used to be that fast food was a job that kids filled in their off hours or during summer, it is not a career. Today’s young people have many competing demands on their time, from school to sports to activities that they are expected to participate in order to make them competitive for college admissions. There is also a youth entitlement factor that comes into play in wealthy communities. However, in my conversations with small business owners the number one problem with hiring teens is that they cannot commit to the time that is required to hold down a job.

Today I read an interesting piece on McDonald’s:

“For example, labor needed to run stores during lunch hour,” one franchisee wrote. “Our competitors have 6-8 people to run close to the same volume that we need 20-25 people.

It’s a perfect storm of changing consumer tastes, poor brand management, and food quality hitting McDonald’s at the moment. If we throw in labor efficiency, we may have hit the tipping point that results in an unsalvagable business. It is this last issue that is most interesting to me.

robot-fast-food.0.0There is no reason at all why fast food restaurants could not be staffed primarily by robots. I’m not talking about cute humanoids delivering food to tables but rather the heavy lifting part of fast food… the kitchen.

Fast food is designed to be repeatable in preparation and presentation, a perfect scenario for robotics. Fast, efficient, and consistent preparation of food can be accomplished with sensor heavy automation that manages food quality, consistency, and safety far better than humans can at the pace that is required in a fast food process. The novelty factor of automation would soon give way to a preference in much the same way that other businesses have used automation for competitive advantage.

robot-restaurant-3.0If you carry this forward, the interesting thing to consider is how automation informs the fast/casual dining user experience from a design standpoint. Automation completely changes how a kitchen would be laid out, how logistics are managed and even how we use technology to interface with the front end processes as a customer. A maps interface on your phone could now include order entry while driving and beacons could interact with me while en route and in the restaurant itself. It’s pretty exciting to think how everything changes as a result of robotics in the fast food process.

I will close by saying that for McDonald’s these issues cannot be tinkered with. Re-establishing leadership will require bold strategies that remake the entire fast food experience, not just the McDonald’s brand experience. Automation won’t address the menu issues they have, but it will address the labor issues that are plaguing the franchise model. They could start incrementally and insert automation in the kitchen but they also need to lay out a vision for the total experience they are designing to.

Hillary Clinton Attacks Uber, Airbnb

On the wrong side of history yet again, Hillary Clinton has decided that her road to the White House is tearing down one of the great economic movements of the last decade, the sharing economy. 

In an economic speech she is planned to give, Clinton will highlight the stagnating wages of the middle class and points to causes that include Uber and Airbnb. This is mind blowing for two reasons, one is that the bloc of voters that she absolutely has to appeal to is not only benefiting from these services but sees them as a part of their economic portfolio. Secondly, the marketplace for services is fundamentally shifting from one of hardened connections between companies and employees to one of loose connections that increase and decrease based on personal preferences.

Clinton’s aide said she will discuss some of the structural forces conspiring against sustainable wage growth, such as globalization, automation, and even consumer-friendly “sharing economy” firms like Uber and Airbnb that are creating new relationships between management and labor (and which now employ many Obama administration alumni). But she will argue that policy choices have contributed to the problem, and that she can fix it.

Hillary Clinton wants to return Americans to an era where earning income happened exclusively in the context of an employee-employer relationship. In addition to that, she wants to restrict individuals access to a market where utilizing assets like home, apartments, and vehicles for income is an option and is effectively excluded from the worst aspects of government, rent-seeking, which conspires to depress the stagnated incomes that Clinton is right to call out!

UPDATE: I finished the above paragraph after my friend, Paul Greenberg, alerted me to the incomplete sentence in my original post. He also made a comment about this not being a “sharing economy” but rather a new dimension on renting and I largely agree. More than anything else, Uber and Airbnb are just two examples of a bigger movement that enables income to be extracted from 2 of the biggest capital expenses of the middle class, homes and cars. 

Mary Meeker’s recently published 2015 Internet Trends Report highlighted some of the generational changes that are occurring and the impact on the future of work. See Slide 111. Flexible hours and freelancing are integral beliefs underpinning economic freedom for this generation and Clinton’s position is directly at odds with that.

Far from being a cause of middle-class stagnation, the sharing economy offers a rare moment of optimism. Roy Bahat recently published an outstanding essay titled Your Career is a Mess that highlights one of the seismic shifts affecting employment in the 21st century, which is that we are no longer single threaded in the employee-employer relationship.

Hillary Clinton’s entire campaign is emerging as a grab bag of tired progressive policies that have actually attacked the middle class rather than empowered it. Wage growth has stalled because growth itself has stalled, this is not shocking to any economist and yet the candidate continues to parrot talking points about childcare and paid time off, infrastructure investment, and clean energy. Rather than embracing and expanding the economics successes of the last decade, Clinton would take us back to the last century, proving that she is on the wrong side of history yet again.

PS- Comments were not enabled in the original post, I corrected that with this update.

Forced Encryption Rendering Nexus Devices Useless

UPDATE: I unlocked the devices and installed a modified bootloader that disabled encryption. It was a bit of a hassle I had to reformat the device storage but Google has a nice recovery feature for apps in Lollipop. The results were beyond expectation, the phone feels 3x as fast and the Nexus 9 no longer has any of the lag issues that were causing problems with Chrome.

I have a Nexus 9 and a Nexus 6, both running Android Lollipop 5.01. Almost immediately I noticed that there was a lot of lag in the UI and performance was generally slow. After doing a lot of research it appears that forced encryption in 5.0x is a huge performance drag on hardware that would otherwise be quite snappy.

Lollipop 5.1 is rumored to be available but despite being on Nexus devices I have not received OTA updates (Verizon for the 6, T-Mobile for the 9). I can sideload 5.1 on the 6 but there is not image available as of yet for the Nexus 9.

While this feature is well intentioned, the fact remains that it should never have gone into production with the enormous performance penalty it imposes. Furthermore, Google knows of the issue and has removed the forced requirement but has not yet made a fix available to those devices that already have it.

As much as I like the Nexus hardware, I would not recommend buying any Nexus device until Google disables encryption.