Security Printing and Imaging

Ecosystem Score: Proving It’s Real vs. Proving It’s Fake?

2008-08-17T06:43:00Z

In the previous blog, I talked about your Deterrent Score, and mentioned you must multiply it by your Ecosystem Score to get your overall effectiveness. As I mentioned in the May 12 blog, it takes PRACTICE to put such an ecosystem together. In today’s blog, let’s talk about how a deterrent might fit into the ecosystem.

Also, for today’s blog, I had a discussion with two of HP’s top experts on anti-counterfeiting. Jim Colby is HP’s Manager for Packaging and Anti-Counterfeiting Technology, and Dave Kellar is a Technical Expert for Package and Product Anti-Counterfeiting. Dave initiated the conversation, sending a link to XStream Systems, Inc.’s XT250 System that provides Authentication Technology with “See –Through” Vision (see http://www.bpcouncil.com/index.php?sid=10&lang=en&act=page&id=716).

The description states that “drugs can be verified while still in their manufacturer's sealed containers – as the system can scan through opaque plastic, cardboard, and even metal packaging to ensure consumer safety”. This is classified as a “forensic” deterrent—meaning a deterrent that can authentic down to the individual item. However, there has to be an ecosystem around this deterrent—starting off with measuring the material property, comparing the property to the correct data for the product, and receiving the real/fake result.

In addition, there are some issues specific to the type of forensic deterrence offered. For one thing, how sensitive is the technology to the active ingredient? Can different concentrations of reagent be readily differentiated? How often are there false positives? How often are there false negatives? Can the “authentic” amount of active ingredient be spoofed with 1%, 10%, 1000% of the normal amount? By including some of it on the packaging?

The ecosystem issues extend well beyond these questions. Who are the intended authenticators? Inspectors? Retailers? Customers? How will these authenticators be educated to understand what to do when the results indicate a failure? And what of cost? How much does the test cost? How much does the education and training cost? How is the data conveyed from the point of testing to the analysis service? How is data integrity maintained? The comment that “Wholesalers acquire conclusive proof of due diligence and of the authenticity of their inventory” could provide a few liability issues if/when there is a mistake (false positive, or especially false negative). In other words, XStream claims to “prove” authenticity, which in my experience is usually more difficult than proving something is non-authentic (or counterfeit).

Take mass serialization data, for instance. A legitimate number suggests but does not prove authenticity, but a non-legitimate number proves something is wrong. Just because the correct active ingredient is present does not prove the product is legitimate. After all, savvy counterfeiters really do want to get away with it as long as possible without having to change to another product.

I ran these concerns past Jim and Dave. Dave’s feedback was: “The main area of interest for me was the process to check the product through the package, eliminating the risk of used packaging or refills. The main problem is still who would check, as I do not see this system as a consumer overt confirmation. As you stated I do not believe the system could check for fake product salted in with the good or the ingredient added to the package material.” Like me, Dave was excited that the device allows you to potentially check the product through the packaging. This is even more powerful than RFID, which allows you to check the mass serialization information through the outer packaging.

Jim backed this up. He noted “I too am enamored with the concept of 'authenticating' actual product through packaging, and this does take the serialization step farther, but with all the same issues with serialization; namely, how to interpret results.” Jim noted that wholesalers would have difficulty arguing for “having conclusive proof of authentic inventory”. Jim also offered the important observation that “the more complex and costly it is to 'authenticate' a product-- the happier a counterfeiter becomes, because they know very few people will have the means to check and so very few products will actually get checked". Indeed, trying to outspend a counterfeiter is never a good idea.

Based on this example of a very good technology being deployed into a rather challenging ecosystem, we see that the Ecosystem Score is really dependent on much more than technology. It depends on simplicity; that is, ease of training and implementation as much as ease of performing the authentication. It depends on an “impedance match” between what you are trying to prove and what you actually can easily prove. In my opinion, this technology will be very useful in screening large lots by (indepthly) analyzing only a sample of the product. It may be less useful at the item level.

-Steve

The Perfect Deterrent

2008-08-08T21:13:00Z

How is Security Printing and Imaging like the Olympics? Apparently, the Olympics potentates have decided that no perfect 10's will be awarded in gymnastics. So, there will be the idea of perfection, but no actual perfection. The same is true for Security Printing deterrents--the idea of perfection exists, but the perfect deterrent is still waiting for its ecosystem to catch up.

So, let's rewind. Security Printing and Imaging relies on an ecosystem. This ecosystem includes the printing and security expertise used for defining and deploying the print campaign, the deterrents used, the imaging (image quality assurance, inspection, authentication and forensics), education (of the consumer, retailer, inspector/investigator and forensic agents), evidence gathering, investigation and interdiction. Today's blog focuses on the deterrent.

The perfect deterrent must contain each of the three following attributes:

(1) Unique ID. Usually this is associated with mass serialization--or sequential assignment of the unique ID, which can be followed by encryption to make the sequence appear stochastic. However, if this unique ID is also attached to, for example, track and trace, then some of the bits in the unique ID will be used for "non-unique" information. For example, in the 96-bit SGTIN-96 specification, there are 6 fields:

The header, which is 8 bits
The filter, which is 3 bits and specifies if the tagged object is an item, case or pallet
The partition, which is 3 bits and indicates how the subsequent fields are partitioned so that their data can be recovered and interpreted correctly
The company prefix, which is 20-40 bits (depending on the partition bits) and contains the company's EAN.UCC Company Prefix
The item reference, which is 4-24 bits (depending on the partition bits) and contains the item's GTIN item reference number
The serial number, which is 38 bits and contains the item's unique serial number

Thus, only 38 of the 96 bits, or 39.6%, are used for the unique ID. This may not be enough for your needs? Well, part of the power of security printing is that any number of additional bits of unique ID can be supplied by addition deterrents linked to or complementing the 38 bits in the SGTIN-96.

A short list of security variable data printing (SVDP) deterrents that can provide additional unique bits include barcodes, color tiles/lines, guilloches and other graphical alphanumerics, watermarks, copy detection deterrents, microprinting, magnetic ink characters, infrared/ultraviolet printing, and other steganographic approaches (variances on line thickness, text character kerning, etc.).

(2) Copy-prevention. If an item has a unique ID, it is easy enough for a would-be counterfeiter to simply copy that unique ID and peddle it as an original. Note that there are many forms of "copying" here, including stealing or guessing legitimate codes before they are used on legitimate product. This is not, however, the focus of today's blog.

Regardless, physically tying that unique ID to the substrate it is printed on/associated with can prevent these types of counterfeiting. One means of providing copy-prevention is to overtly use a copy-detection deterrent. These are usually grayscale, high-entropy printed areas which, when copied, lose image entropy or suffer altered frequency characteristics such that an authentication algorithm declares it void. A second means of providing copy-prevention is to use a "random" (strictly, "quasi-random" or at best "stochastic") feature of the substrate to register along with the unique ID. In fact, US patent 7,028,188, titled "Document authentication using the physical characteristics of underlying physical media", describes:

"A method for authenticating a document in which a document key for the document is generated by examining one or more attributes of a physical media that underlies the document. An original image is then imparted onto the physical media so that the original image is associated with the document key in a way that enables a subsequent recovery of the document key from the original image. This tying together of the underlying physical media, through the document key, with an original image enables detection of a forgery which was performed either through an alteration of the original image, or ink stripping and re-printing, or a printing of the original image on another physical media."

Other means of providing copy-prevention include laser surface authentication system (please see http://www.ingeniatechnology.com/technology.php) and tamper-evident substrates (please see http://www.cortegra.com/ba-offerings.html). In my research and development work, I use high-resolution scanners/cameras, microscopes and/or large arrays of image features to record copy-sensitive information. Taken to the logical limit, copy-prevention and forensics are indistinguishable. The choice of which copy-prevention tactic to take depends on who will perform the product authentication. If customers will be performing authentication, it behooves you to use ubiquitous devices--such as cell phone cameras--to perform the unique ID/copy-prevention analysis. If retailers will be performing the authentication, then the same devices used for track and trace, point-of-sale, and inventory management should be used for the unique ID/copy-prevention. Think RFID and barcodes. If paid inspectors and/or forensic analysts are used for this task, then the use of specialized and/or proprietary devices is warranted.

(3) Tamper-evidence. Given the fact that many security providers conflate mass serialization with authentication (a legitimate unique ID cannot prove authenticity, although a non-legitimate unique ID does prove lack of authenticity), it may be no surprise that some security providers conflate copy-prevention with tamper-evidence. However, copy-prevention is concerned with tying a unique ID with a particular printed object, while tamper-evidence is concerned with preventing the re-use of a legitimate printed object.

To prevent re-use, the copy-prevention (and if possible, the unique ID as well) should be associated with the opening of the package or the use of the printed object. Tear-strips and perforated guides are two means to direct the opening of a material. The use of temperature, humidity or other environmental-responsive materials can be used to prevent reuse, especially if after exposure the printed object is somehow tainted.

With these three attributes deployed successfully, you may not have a perfect deterrent, but you may have a 9.8. Keep in mind, though, that your Deterrent Score must be multiplied by your Ecosystem Score to get your overall brand protection efficacy score. A 9.8 at Billy-Bob & Ethyl's Gymfest is not the same as a 9.8 at Beijing. Next, we'll talk about how to increase your Ecosystem Score.

Thanks!

-Steve

NY Times article covers topics discussed here in July

2008-08-03T19:46:00Z

My blogs of July 5 and 6 were concerned with how the price of oil may be the tipping point for a turn from unchecked outsourcing. The NY Times ran an article today covering the same topic.

Shipping costs start to crimp globalization: http://www.nytimes.com/2008/08/03/business/worldbusiness/03global.html?partner=rssnyt&emc=rss. The article uses the same example of furniture production, and cites security and global warming as key concerns as well. It does not mention the Unflat Earth, but this may be because Friedman writes for the NY Times.

Regardless, this shift from globalization to localization, inevitable with the arrival of Peak Oil (it may already have occurred) will weigh heavily on supply chains in the years to come. How will this impact your business? The need for security will not diminish--there are likely, in fact, to be even more locations in your value chain, since instead of mass manufacturing in the cheapest-bidded global locale, products will have to be produced in multiple places. Tying security directly to the production--manufacturing, printing, inspection and registry creation--will only be more important under this new reality.

-Steve

Categorical Imperative

2008-08-03T05:04:00Z

Immanuel Kant addressed human morality and its position in nature and the universe with his categorical imperative. The formula of Universal Law states that one must act in such a manner that you can at the same time will it should become a universal law (keep in mind, this last sentence is paraphrased--either Kant was the world's worst writer *ever* or a decent translation into English is still waiting). The formula of the Law of Nature is similarly dense: act in such a way that your action can become through your will a universal law of nature. Since Will Durant (who ought to know) and others consider Kant one of the 5 most important philosophers of history, and these are his crown jewels, it is worth considering the impact of these thoughts.

Essentially, legitimate behavior is behavior that, if extended to everyone else, would be tenable. So, if you are using more than 1 6.7 billionth of the planet's petrol, eating more than 1 6.7 billionth of the planet's calories, destroying more than 1 6.7 billionth of the planet's human-sustaining resources, you are breaking this law. From the other direction, if everyone did what you are considering doing, and it would be destructive, you are being immoral. Homicide? If everyone did this, everyone would be dead. OK, you might not be punished for this, since no one would be left to punish you, but clearly it is unsustainable. Grand theft auto (the felony, not the video game)? Only those who can hotwire cars would be able to drive. Not sustainable. Eating a hot dog? Sorry, I'm not allowed to talk about the ingredients in a hot dog, as you may know from past blogs. But clearly, not sustainable.

The point is, the categorical imperative can be used both proactively (what good can happen if everyone does something?) and reactively (what harm comes if noone does something?). Let's apply it to security printing.

If everything printed is variable, and therefore contains (potentially trackable, readable, interrogable) information, or variable data, is it tenable? Absolutely. Variable data can be added to printed areas without destroying the branding message, the product identification message or the graphic artist's intent (look and feel) of the printed material. This proactive deployment of variable security printing simultaneously enables track and trace, authentication, inspection, quality assurance, image forensics, auditing, decoying and "baiting" of counterfeiters and--due to surfeit variable regions--contingencies such as product recall.

What about reactive consideration of the universal deployment of security printing? If no one uses security variable data printing (SVDP), then opportunities to make counterfeiting more difficult are squandered. Opportunities to protect brands are squandered. Opportunities to increase consumer interaction, interest and interrogation of your product are squandered. And, most egregiously, opportunities to provide multiple layers of security--with no extra cost, no extra carbon footprint, and little extra effort--are eschewed. This can only be due to indolence or neglect. Guess which of these will be assumed should a consumer die because they got a counterfeit of your product? If you are having trouble guessing, think about which will cost your company more in punitive damages.

If noone uses SVDP, then universally product fraud is given a free pass. This is categorical neglect--and it is imperative that any means of increasing consumer safety, so long as negligible cost is incurred, be deployed. Previous blogs have highlighted how SVDP actually saves money while increasing security. I certainly think this is easier to understand than, say, Kant's Critique of Pure Reason ("Now it does indeed seem natural that, as soon as we have left the ground of experience, we should, through careful enquiries, assure ourselves as to the foundations of any building that we propose to erect, not making use of any knowledge that we possess without first determining whence it has come, and not trusting to principles without knowing their origin."--huh?).

-Steve

Counterfeiters Beware--What Comes Around Goes Around?

2008-07-26T06:34:00Z

A four year sentence for selling counterfeit pharmaceuticals? The pharmaceuticals were worth $400,000, so the sentence is more draconian than many for counterfeiting. However, there are extenuating circumstances.

Outsourcing-Pharma.Com (http://www.outsourcing-pharma.com/news/ng.asp?n=86605-viagra-pfizer-counterfeit) reports that Ivad Dogmosh sold fake Viagra, but "[t]he antibiotic metronidazole was detected in the pills, which has side effects including seizures, fever and bloody diarrhea. In addition metronidazole interacts with alcohol, which can result in nausea, flushing or headaches." Viagra is the most often counterfeited pharmaceutical on the planet, which is saying a lot--fake pharma is reasonably estimated as a $75 billion/year industry.

However, this story may have an ironic twist (I'm speculating here, but hear me out). Based on the severity of the sentence, it is likely that Ivad was penalized more harshly because of the metronidazole. I can picture him at the trial, declaring "But, Mrs. Judge, I swear I never intended to put metronidazole in the pills. I meant for them to be sugar tablets". Which implies that Ivad was not in control of his supply chain. He may have gone too far in his outsourcing, and scored the dye, expedient or other ingredient from (gasp!) a disreputable sort. Imagine that, Ivad was both the perpetrator and victim of counterfeiting.

What kind of a world do we live in when a counterfeiter can't even trust his supply chain!?

-Steve

Sustainability and Security Printing & Imaging

2008-07-17T16:16:00Z

Why is a blog on Security Printing & Imaging important? A short list includes the ease, flexibility and ubiquity of product authentication that security printing and imaging enables; the novel and interdisciplinarian research underpinned; empowerment of the consumer through increased access to many layers of product information; and sustainability. I'll review the first three, but for today's blog I will focus on the (most likely) surprise entry on that list: sustainability.

1. Ease, flexibility and ubiquity of product authentication

Branded products use printing to convey the brand, SKU, product information and other data of salience to the consumer. Often, the printing is performed on the package or label. In other cases, the printing is performed on marketing collateral associated with the product. In the case of single event items, the printing literally is the product--i.e. lottery, sports tickets, concert/event tickets, entrance passes, etc.--no printing, no value. Regardless, the printing is highly tied to the product, and so authenticating the printing, if done within the right ecosystem surrounding the creation and lifecycling of the printing, is tantamount to authenticating the product. This has been discussed in past blogs under security variable data printing (e.g. see "Universal Acid", 19 May 2008), or SVDP.

2. The novel and interdisciplinarian research underpinned

You've likely heard both sides of the argument for the Space Race, which culminated in NASA landing half a dozen times on the moon and declaring victory over the USSR (although the USSR won every other event in the Space Race, so perhaps it is told and internalized differently in Russia). Proponents credit the Space Race for the computer, for color television, Nixon's visit to China, Detente, and more. The political advantages seem more likely, since for technology the consensus viewpoint appears to be that "the United States long ago learned that the spin-off argument is a weak one; although developing spacecraft does produce some useful technologies, it is generally inefficient. If you want a faster computer chip, then develop one; there is no need to go to the Moon to do so" (http://www.thespacereview.com/article/137/1). Others would say, more pointedly, "$30 Billion and all we got from that was Tang"? (Don't get me wrong, I like Tang, but I doubt it took $30 Billion to develop).

However, in the case of security printing and imaging, it is much more credible to argue that attacking counterfeiting will benefit many other important areas of research, including but not limited to: (1) novel cryptographic systems, (2) inspection, (3) quality monitoring and assurance, (4) imaging in general [from surveillance to improved authentication techniques to multimedia/multimodal imaging technologies], and (5) technology hybridization (e.g. merging printing with RFID). In addition, many novel security-printing-as-printing approaches are certain to benefit next-generation printing in arenas from sensors to printed electronics to printed batteries. More on these and other printing research areas will be described in future blogs, but suffice it to say that security printing and imaging cuts across many important technological disciplines and, in so doing, opens the door to novel advanced research.

3. Empowerment of the consumer through increased access to many layers of product information

Do you want your customer to spend more time with your product? If not, you should. Because advertising is still the most effective means to draw customers to your product. Ask Google. Their market cap to revenue ratio is roughly twice that of Microsoft, and eight times that of HP. They empower customers through simultaneously providing information and advertisement.

A simple packaging example is the in-store battery tester. Built onto the battery, this is a risky sensor--what if the battery isn't juiced anymore? But it gets the customer to spend a few extra seconds with the product--in essence, it's advertising. Every second counts--customers are much more likely to purchase a product they have interrogated.

Mobile bar code providers are seeing the on-product barcode reader as another means to garner customer/product interaction. Stick around, there will be plenty more on this in future blogs, too.

4. Sustainability

For most people, "sustainability" rightly evokes environmental concerns, usually featuring food production, oil production and global warming issues. Food production (and its high use of fossil fuels) is rightly the first focus, e.g. as noted on http://www.commondreams.org/archive/2008/07/17/10414/, "This year’s dead zone in the Gulf of Mexico is likely to be the largest on record and growing U.S. corn production is a primary cause of the worsening conditions, federal and state scientists said Tuesday"

But sustainability is also about not adding new environmental, fuel and/or complexity costs to a product. Let's face it, as described in (1.) above, you're going to print anyway. And, the printing stays with the package. You've added "nothing" to the environmental cost when you achieve security through printing that would have occurred anyway. As such, printing sustainability is assured through the extant approaches to recycling, repurposing, next-generation biofriendly inks, or from separating the label from the package.

Reuse is the best approach, but biodegradable recycling is a not-too-distant second. Take for example the introduction of biocompostable utensils--e.g. http://www.ecowise.com/index.php?cPath=22_187_195. This has changed the game for "to go" cups. So, will their be a biocompostable RFID? It is likely that RFID will always have a place in the supply chain, especially where line of sight is impractical or where track and trace is sufficient (authentication can occur elsewhere). If RFID can be printed with a biodegradable variable data print process, it will completely change the game for supply chain visibility and the marrying of track and trace with authentication.

Finally, sustainability can be achieved through the rationalizing of product recalls. That is to say, sustainability is also about not wasting. Ask yourself: Do product recalls help the planet? Only to the extent that they pull dangerous material off the shelf. But pulling everything off the shelf because some items are suspect is a huge waste. Recalls of counterfeited products right now are hampered by the lack of an effective means to determine what should be pulled from the shelves and destroyed, and what should be left there. Security variable data printing (SVDP) can provide "extra" variable regions that are used only when recall is required. These are not tracked, authenticated or advertised under normal circumstances, but are read and acted upon when there is a product recall. The surfeit of security marks that SVDP provides affords such an approach in a way no other security deterrent currently can. Remember that the same security features can be used for track and trace, authentication and forensics simultaneously. The nature and breadth of the SVDP features depends on how costly the product is, how skilled the inspectors/retailers used to manage the recall are, and how costly it is to with full confidence evaluate a potentially counterfeited product. Among other factors. But, the point is, it can be done (and is done).

Would you throw out an entire carpet because you dropped a staple? No, you'd try to vacuum it up. So, why throw out good product in order to make sure you've pulled all the counterfeits off the shelf? SVDP is the "recall vacuum". I highly recommend it as one of your brand protection expedients. It's a defensible--and sustainable--plan forward.

-Steve

Wal-Mart promises ore-to-store provenance record for jewelry

2008-07-16T06:33:00Z

Reuters reported recently that Wal-Mart "is introducing a line of gold and silver jewelry that can be traced from the mine to store shelves". Please see http://www.reuters.com/article/domesticNews/idUSN1435036120080715, for the full article. An interesting prospect, being able to know everyone who has touched the value chain, from the mine to the Mart. The article mentions that, in order "to create the Love, Earth jewelry line, Wal-Mart worked with mining company Rio Tinto Plc; Newmont Mining Corp, a global gold producer; and Aurafin, a Florida-based jewelry manufacturer." An admirable notion, and one no doubt geared to assuage the plethora of consumers who worry that their shiny ornamentations are the result of "slave labor".

However, the germane issue for security, anti-counterfeiting and supply chain integrity is, "How authentic is this supply chain"? What are the on-ramps for a would-be counterfeiter? Does Wal-Mart's identification of the partners in the supply chain actually serve to increase the authenticity of the end product?

As you may suspect from past postings on this blog, the answers are not cut and dry. Identifying the companies that are "certified" for this program lets would-be counterfeiters know who to target for bribes. On the other hand, it does reduce the number of "middlemen" and so reduces the number (though certainly not the width) of on-ramps. It will be interesting to see what protections Wal-Mart puts in place for this program. As with software, so with "physical ware". The bigger the target, the more snipers taking shots at it. And Wal-Mart is the biggest possible target, with more employees than any other three companies combined. Rio Tinto, Newmont and Aurafin--the weakest link in these companies (a disgruntled stockroom worker, an underappreciated janitor, whoever) or in Wal-Mart itself--can render this crown jewel a bauble. So, unless you have a Smeagol Gollum lurking in your neighborhood Wal-Mart, you're unlikely to be sure who all the Lords of your Ring really were.

-Steve

EBay Louis Vuitton Suit a Tipping Point in Public Awareness?

2008-07-13T07:07:00Z

A quick blog tonight, which is really no more than a comment on the recent $63 million payment ordered by a French Court (http://yro.slashdot.org/article.pl?sid=08/07/01/154231&from=rss) accusing EBay of "1) illegally allow[ing] legitimately purchased and owned products made by LVMH to be resold on its website by 3rd parties not under the control of LVMH, and 2) not doing enough to protect LVMH's brands from illegal sales". This is a tricky case, with many different implications for how brand protection will be ensured in the future. My question: Is this, finally, a tipping point for public awareness? With no uniform way for consumers to obtain track and trace, provenance or authentication information for the products they are buying, is it fair for internet purchase providers to be sued when they are helping counterfeiters? Some in HP may argue, yes, particularly those supportive of a web-based approach for product validation (along the lines of, for example, http://www.checkgenuine.com/Index.aspx, an HP site for checking if the unique ID on an HP product is valid). These proponents might argue that all products for sale should provide such a unique ID for the would-be purchaser to check before and after the purchase. Sure, there are many ways to spoof or attack this system, but it is a good start, and raises the barrier for casual illicit resell, counterfeiting, diversion, etc.

Note that I am in no way passing judgement on the decision made. Whether or not EBay should be held responsible for the counterfeiting on their website is, in my opinion, a product by product decision, and there is no black and white answer (no surprise there, right, since this is "gray market" trading in most cases!). And, whether EBay is ultimately held responsible or not, a universal solution to on-line selling is years away. But maybe, just maybe, the EBay decision (even if later overturned) will be looked back on as a tipping point for public awareness (and outrage) on the massive product fraud permeating world trade.

Cheers,

Steve

High and dry

2008-07-12T06:37:00Z

Hiking in the mountains above the Black Canyon of the Gunnison, I saw the dead tree shown in the photo below...

I was interested in how the tree had died. Was it too high on the mountain? Was the ground beneath it too porous to hold water during the growing season? Was it old? Was it due to a late frost?

When I returned home, I found a much larger (locust) tree in my backyard was also bereft of life, photosynthesizing no more, an x-tree. And this is true of an astonishing number of trees in Fort Collins this year. Not to mention the rest of Colorado and Wyoming (see for example www.rockymountainnews.com/news/2008/jan/15/beetle-infestation-get-much-worse/). Every single lodgepole pine will be dead in this area in 5 years.

Monocultures, such as a lodgepole pine-only forest, are generally quite fragile, susceptible to sudden decimation, and poorly robust in response to a challenge. Trite expressions such as "don't put all your eggs in one basket" come to mind, and for good reason. When you've reduced what should be a complex system to a single element, you are at the whims of fate. It's not linear. One element, no interactions, and the only resiliency your system has is the resiliency of that element. Two elements: you have the resiliency of element 1, or element 2, or the combination of element 1 and 2. Three elements--seven resiliencies (including the interactive resiliency of all 3 elements together). Four elements--15 resiliencies. In general, with N elements, there are 2 to the power of N minus 1 resiliencies.

A robust brand should benefit from the same mathematics. Multiple suppliers, multiple manufacturers, multiple assembly locations. When one of the suppliers, manufacturers or assemblers is compromised, there is a network left behind, robust to the loss. The brand quality and consistently can still be maintained.

So why do brands let themselves go "high and dry", reducing their supply/value chains to a single element? An easy answer is the relentless pursuit of reduced cost, but this is a false pursuit. Measuring cost is like measuring the length of a coastline--its value changes depending on how closely you look. On a related example, if you wanted to get from Provincetown to Plymouth, your path will differ greatly depending on whether your vision extends five miles or fifty miles. If the former, you can only move along the coast of Cape Cod and the journey extends 80 miles. If the latter, you set out almost due west, and the journey is 20 miles.

Short-term cost--that is, cost in the NEXT QUARTER--has become paramount for the US (and other) economies. However, strategies for the next quarter typically have little bearing on costs for the next five years. Steering your strategy by single quarters? Enjoy rowing four times as hard.

Brand protection strategies must also look beyond the next quarter. There must be an innate moving target, which means you can change the specifics of your deterrent, inspection and authentication implementations without your having to change how the strategy is implemented. Variable data printing, as I've described before on this blog, provides an innate moving target. So does refusal to be complacent. Be interactive, be adaptive, respond to what your customers are seeing. Think beyond the current counterfeiting approaches. Attack your own protection. Otherwise, your product will truly be left high and dry, and no amount of rowing will get you to the destination of brand protection.

-Steve

The Price of Oil, Part 2

2008-07-06T19:49:00Z

Yesterday's blog focused on three reasons--the most important of which for this blog is counterfeiting and related fraud--why outsourcing to disengaged, unaffiliated third parties may be disastrous to your brand long-term. Today's brief addendum is to outline how to counter this, and how outsourcing as part of your strategy best makes sense. Future blogs will dive into these topics in more depth.

1. Counterfeiting can be countered only by a well-defined eco-system in which deterrents, processes, information and people all play a part. A previous entry on this blog (www.communities.hp.com/online/blogs/securityprinting/archive/2008/05/12/HPPost6337.aspx) addressed how to PRACTICE good anti-counterfeiting techniques.

2. The earth is not flat...yet. If you want to have engaged partners around the world, you have to work to even the playing field. Eventually, healthcare, environmental, auditing, compliance and other factors involved in selecting a spot to design, manufacture and assemble products will be more uniform. The world will be, truly, more flat. However, until that date, respectful citizens of the planet will work to improve the working conditions and environmental impact of doing business everywhere. Even if only out of self-interest, this strategy makes sense.

3. The price of transportation of goods. Years ago, Toyota and other Japanese car makers were targets of media criticism because they are "foreign owned". However, Toyota and others are now manufacturing in the USA, offsetting much of the transportation costs and providing jobs for locals. Toyota still has work to do, if one believes the blogosphere, but at least on the surface they are following the maxim of "engage your potential customers in the development of your brand."

The latter point deserves some comment. If you outsource to a manufacturing locale where people would prefer buying generics or knockoffs to purchasing your own product, you need to rethink your outsourcing strategy. Engaging all your employees is, in general, a better long-term strategy. And long-term thinking is just what many businesses need to re-learn.

The Price of Oil May Swing the Outsourcing Pendulum

2008-07-05T07:35:00Z

I once met the Dalai Lama. I was in Bangalore (now Bengaluru) for work and he walked into the hotel lobby where I was meeting with some colleagues. I got out of my chair and turned around to leave for another meeting, when he and his entourage were walking in. As I nearly ran him over, I suddenly realized who he was. I blurted, "You're the Dalai Lama!" right as I realized it. He looked at me, serenely, with a hint of a smile, and replied, "Yes, I am" and continued walking past.

Sometimes, all one can do when in awe is simply state the obvious.

Which leads to the subject of my blog today. How can one but be in awe of the "unexpected" consequences of globalization-as-outsourcing? I have commented on this subject several times in past blogs, but today I'd like to gather some of these thoughts into one place. When computing the value of outsourcing, this is the short list of items that are conveniently left out/ignored altogether by the powers who are pushing for globalization and outsourcing:

1. Counterfeiting, product diversion and factory overruns. As flagship topic for this blog, it is hardly surprising what the #1 ignored consequence of Byzantine supply chains, increased use of middlemen for assembly, warehousing and transport is. But it still boggles my mind to think how large a problem is continually unbooked in the cost column of the supposed "Flat Earth". More than $1 Trillion (1 million $million!) dollars of counterfeit, diversion, factory overrun, product/package reuse, warranty fraud, smuggling and salting, and still no one in "polite society" pins this cost on so-called globalization or the "Flat Earth"? It's the Emperor's New Clothes on a much grander scale--except I'm calling it as it is today. Supply chains are totally exposed. Cover up, companies, or consider yourself dethroned.

2. Evasion of the local laws. Sure, every large company claims they're simply "staying competitive" with their competition as they try to squeeze the last penny out of their costs. The truth is, most of this cost is due to finding out how the Unflat Earth (the real one, which still has countries, with different laws and rules and requirements in them) works and using it to advantage. Can you find a country with no health care costs? Great, put your assembly line there. Can you find a country with relaxed environmental laws? Excellent place for any pollutant-producing manufacturing operations. Companies aren't necessarily choosing where to place their employees based on a Flat Earth--that's just spray-on gloss to hide the Unflatness they're actually exploiting.

3. Green/energy. This one actually may be the one that swings the outsourcing pendulum. With fuel costs soaring as China (with the combined population of Europe, US/Canada and Japan) modernizes and learns to squander its carboniferous capital with the best of them, it suddenly looks a lot less intelligent to cut down trees in North Carolina, pack them on a sea-going behemoth, unload them in China, convert them into tables and chairs, and ship them back on the same behemoth to sell in North Carolina. This double-shipping cycle happens now. But, guess what? The factory that used to make furniture in North Carolina just might save money by building the furniture locally and saving the fuel costs. Yes, the workers might make $40,000/year more, but the price of oil is so high (and the value of the US dollar so low) that the furniture manufacturer may decide it makes sense to make sure the people who you want to sell to can actually buy something. (I won't go into the environmental/green benefits right now, but in the spirit of the 4th of July, will simply say that these green truths are self-evident).

I am oversimplifying here, of course, for effect. Not all outsourcing/globalization has these consequences. And, as I've stated before, a truly flat earth, unlimited by the actual unflatness described above, might make for a much nicer planet overall. The fact remains, nevertheless, that the current state of how products are produced naturally leads to counterfeiting, to the taking advantage of unflatness in the guise of flatness, and to the overuse of fossil fuels. I believe, however, that this will change when brand owners understand the tremendous threat to profitably, reputation, safety and sustainability these three phenomena--counterfeiting, unflatness and energy overuse--cause.

So, when you see counterfeiting, the revenge of the unflat earth, or the double-shipping phenomena, don't feel embarrassed to simply state the obvious. In the presence of such an awe-inspiring event, it is OK to simply say, "Hey, you're the logical consequence of outsourcing!"

-Steve

p.s., in discussing "costs", there is a recent trend in HP that I find amusing. Recently, it has become fashionable to use the word "spend" as a noun. As in "HP has too much spend in I.T." Or, as in "HP has too much spend in travel". Or, as in "HP has too much spend in spinning its spending as spend, and its spend spinning is spent." I looked it up--there are many definitions for "spend" on dictionary.com, and not one of them a noun (http://dictionary.reference.com/browse/spend). Is "spend" this year's "leverage" or "synergy" or "disruptive technology"? Only time, and the jargon police, will know for sure.

What's in a name? It's not brand new...

2008-06-28T06:36:00Z

Brands are worth more, worldwide, than all counterfeits combined. Why? Because brands are the targets of counterfeits. Without brands, all products would be generics. There would be "counterfeit generics" but it just wouldn't be as lucrative to go after them.

Brands take a long time, even in the Internet era, to generate. And, they are very sensitive beasts, easily damaged and finicky. Take AYDS, for example. A successful appetite suppressant (using benzocaine, then phenylpropanolamine, and by the end, who knows, bromoschlomobenzofenzodiaminetetrafemtosupercallifragilisticmercuric sulfate for all we know). The point is, once the general public became aware of AIDS (as in the symptoms associated with HIV infection), well, the old adverts about "Why take diet pills when you can enjoy Ayds?" just weren't effective except for the George Carlins of the world.

AYDS was destroyed by AIDS. A brand name gone. Could it happen to another brand? Maybe. But it's unlikely that SUN, for example, would suffer sales losses if a new heart disorder were name systolic ultrastructural neopathy, or that IBM would suffer from a new mental illness dubbed idiopathic bipolar mania. In one case, there's more than one sun/Sun under the sun, and in the other there's too far a distance between the associations. After all, a diet pill is associated with health--AYDS and AIDS share some contextual overlap. Keep in mind, "2001: A Space Odyssey", didn't hurt IBM, even though the evil antagonist, HAL, was a computer whose name is simply IBM with each character shifted forward one place in the alphabet.

Still, it's possible that the AYDS/AIDS scare did significantly affect new branding. In the 1980's, the "faux brands" became popular, where marketing gurus came up with nice-sounding, content-free names such as Lexus, Acura, and New Coke. Oh, wait, never mind the latter. The point is, a brand name unassociated with a real word presumably avoids any negative association whatsoever (Prius, anyone?).

I spent much of this week visiting the East Coast on some security-related work I will overview in upcoming blogs. But, in so doing, I spent a lot of time in airports. So, I was thinking how poorly branded many of the U.S. airports were. LaGuardia, for example. If it were out in Colorado (my home state), then it would surely be called La Giardia (a waterborn parasite now ubiquitous in Colorado streams), and so heckled into being renamed something clever like Denver International Airport. Hmmm...Giardia, right by Flushing Bay and Flushing Meadow, and giardia can be transmitted by improper hygeine after, well, flushing. It's too easy. But the real LaGuardia was the real deal (and part of the New Deal) and his name will likely still be valuable for branding the airport for years to come.

What about the "bald man's express"? Flying from Chicago to Washington D.C. from No'Hair International to Rogaine National might help put some fuzz on his scalp. At least he wouldn't have to land at the Dullest airport in the country and take a much longer cab ride to the Capitol.

Maybe you're thinking, "Hey, Steve, airports aren't branded. They're named!" A name *is* a brand, though, and I'm sure these airports weren't named after LaGuardia, O'Hare, Reagan and Dulles to chase away passengers. After all, brands are not brand new. Just ask the "discoverers" of Greenland. They didn't name it FrozenSolid9MonthsOfTheYearLand, did they?

-Steve

Tomatoes that terrorize--or the recall to recall

2008-06-21T06:15:00Z

There are three topics that, as part of the HP community blog team, we are not to discuss on our blog: religion, politics and the ingredients in a hot dog. The topic I discuss tonight is a close fourth. So, I will try to be a little delicate here.

The recent tomato recall (http://www.fda.gov/oc/opacom/hottopics/tomatoes.html) may end up being as severe to the tomato industry as the cod moratorium has been to the Newfoundland fishing industry. Based on the cost of present goods and the infrastructure depreciation, etc., a year's loss of sales translates into roughly 10% lost value in an entire industry. Meaning that no tomato sales this year, and the tomato industry is worth 90% of what it was worth before this year...for a long, long time. Was that 10% factored into the "streamlined" supply chain the tomato--like any other agricultural--industry uses to reduce costs, provide just-in-time inventory, and devalue tomato picking? Of course not. Like counterfeiting, massive recalls are simply not modeled by the proponents of the just-in-time, multi-input, massive throughput supply chains that describe virtually every product type on the planet today.

We all know the stories about how many different cattle you're eating when you eat a burger (again, I must not talk about the hot dogs)--it's in the dozens. But do we know how many different raw material providers are involved in the production of a pharmaceutical? Of a tea bag? Of an automobile? Dozens, hundreds, thousands? The more there are, the harder it is to audit each and every element of the product provenance. So many have given up trying. Close your eyes, pretend it won't happen to you, and when it does, well, pull everything off the shelves--TOTAL RECALL. Aside from the incredible waste of such a recall, the lauded efficiencies of scale under non-recall situations simply don't ring true either.

For the food industry, one need look no further than Pollan's excellent book, the Omnivore's Dilemma (http://www.michaelpollan.com/omnivore.php), to see how "supply chain efficiency" has resulted in tragic inefficiency (fossil fuels are converted into corn syrup that converts us into obese diabetics). An Amazon.com (Bunny Crumpacker's) review of it (http://www.amazon.com/Omnivores-Dilemma-Natural-History-Meals/dp/1594200823) notes ominously:

"Each bushel of industrial corn grown, Pollan notes, uses the equivalent of up to a third of a gallon of oil. Some of the oil products evaporate and acidify rain; some seep into the water table; some wash into rivers, affecting drinking water and poisoning marine ecosystems. The industrial logic also means vast farms that grow only corn. When the price of corn drops, the solution, the farmer hopes, is to plant more corn for next year. The paradoxical result? While farmers earn less, there's an over-supply of cheap corn, and that means finding ever more ways to use it up."

All this to have a just-in-time inventory? When gas hits $10/gallon (and it will...soon) will it still be worth it? It costs nearly $1000/day to run a farm tractor already (just ask a farmer). Why have we allowed this to happen?

So, add recalls to the lengthening list of why outsourcing to unaffiliated parties is a recipe for disaster. Here is the potentially delicate subject. I am not against all out-sourcing, and a true Flat Earth is not a bad thing. But we all know that the earth looks flat from space (the earth is size-proportionately smoother than a cue ball), but up close it has all these inconvenient hills, dales, valleys, vales, arroyos, lifts, canyons and rifts. It's messy in the details. Nothing is flat, not even Friedman's cerebral cortex (sorry, too easy a joke there, but Friedman seems to think that people with the manufacturing jobs somehow won't learn how to design and be creative--a huge oversight, in my opinion). If you outsource to people you're intentionally hiring to save costs, you have opposing motivations. You want them to cost less, they don't care if you succeed. You think they're cheaper than employees, they think you're too overstretched to look too closely.

In short, you're asking them to try to cheat you. Guess what? In many cases, they're happy to oblige. And it serves you right. Outsourcing to disenfranchised third parties is a very short-term strategy that has been deployed for medium-to-long-term already. Take a cup of cluelessness, add a dash of denial, and you've got a supply chain that doesn't hold to inspection.

Which brings us back to those terrorizing tomatoes. What went wrong? Sure, Sam and Ella, that dynamic duo, reared their ugly heads. The problem was, no one knew where their necks were. The supply chain is simply too convoluted, with too many on and off ramps, that trying to do a partial recall is simply not worth the effort.

Time to reclaim the supply chain. It's not just about counterfeiting. It's about knowing what you're actually getting.

-Steve

How to pay counterfeiters to steal your business

2008-06-11T03:02:00Z

Guido De Terenza here to complete my guest stint on this blog. And, again, here to thank those manufacturers out there who not only aren't stopping counterfeiting, but they're paying me to counterfeit their products. Let's call this blog Counterfeit Math 101 and find out how many times the cost of the product you're losing.

First off, a big hand to those of you out there who can answer this question: Is counterfeiting and the loss of present and future sales ever factored into the justification to offshore jobs?

The answer: no.

From software, to integrated circuits, to HP inkjet cartridges, to your product. If you make money off it, it's being counterfeited. And sometimes, you're asking, even paying, the counterfeiters. Ever heard of OEM? ODM? Original Equipment Manufacturer? Original Design Manufacturer? That's when you outsource your product manufacturing or even its design to some company, preferably thousands of miles away from the employees you're using to train them--all to save on cost and stay competitive.

Maybe this works sometimes, but in my experience in organized crime, it is simply a braindead, next-2-quarters strategy. Guess what those OEM/ODM folks do? They work assiduously for you, 9 to 5, producing your products. Then they work a second and third shift, still producing the exact same products, but putting them into channels you had no idea (or intention) of ever going into...don't believe me? Why don't you scour the internet, and find out who's selling your product. Now try to trace them back to your sales force/sales channels. Good luck.

If you want to manufacture overseas, hey, be my guest. I like the flat earth. It helps me globalize my money laundering, I mean, business operations. But if I were a brand owner, I'd make sure those overseas folks were vested in my company. If they're not, they're bound to spoof your company.

Loss of profits due to counterfeiting? Let me count the ways...

1. Loss of sale (counterfeit replaces your legitimate brand sale)

2. Loss of retailer recommendation (retailer won't recommend your product because she knows you'll find a cheaper price somewhere else, and so direct you to your [less counterfeited] competitor)

3. Loss of customer referral (customer either gets an inferior product, or gets a legitimate product through a non-legitimate channel, and so can't register the product, get product support, etc.)

4. Return (customer returns the counterfeit product)

5. Loss of channel (you can't enter channels that already think they're selling your product)

6. Loss of future sales to the customer (customer will move to a product they're more confident is legit)

7. Loss of brand value through perceived inferior quality (word gets out...ever heard of a blog?)

You can see that for inferior counterfeits, you pay several times over. But the same is true for high quality counterfeits. You lose so many ways. So, if counterfeiting really is 7-10% of world trade, your cost could be 30-40% of your margin due to all these factors above.

Would you turn down the opportunity to increase your margin by a third? Apparently so, and that is why I am in business.

Well, I'd like to say more, but I've got a counterfeiting business to run. So, I'll leave this blog back in Steve's hands. Till then, thanks for paying me to steal your brand.

--Guido

Counterfeiting cartoon

2008-06-04T05:16:00Z

I don't know who this Guido DeTerenza guy is, though he certainly has an opinion on deterrents. My blog tonight is short and succinct. I found this cartoon from about 5 years ago when I used it to illustrate a potential print proofing service for HP. Yes, a lot of folks think of currency (money) counterfeiting when they think of counterfeiting, but it is less than 1% of the counterfeit business overall...Still, here it is:

Cheers,

Steve