Security Printing and Imaging : Provenance

Eye in the Sky? Try Crowd in the Cloud...

StevenSimske — Thu, 16 Apr 2009 18:19:00 GMT

Brits have been worried about the "eye in the sky"--the nearly ubiquitous camera system that monitors London. (Maybe they should be more worried about the insect-like drone of the same nickname: http://www.telegraph.co.uk/news/uknews/1580986/Microdrone-the-polices-tiny-eye-in-the-sky.html).

However, a proposed vehicular surveillance box has raised importance privacy issues:

http://www.guardian.co.uk/uk/2009/mar/31/surveillance-transport-communication-box

From the article:

"The system allows cars to 'talk' to one another and the road. A 'communication box' behind the dashboard ensures that cars send out 'heartbeat' messages every 500 milliseconds through mobile cellular and wireless local area networks, short-range microwave or infrared. The messages will be picked up by other cars in the vicinity, allowing vehicles to warn each other if they are forced to break hard or swerve to avoid a hazard. The data is also picked up by detectors at the roadside and mobile phone towers. That enables the road to communicate with cars, allowing for 'intelligent' traffic lights to turn green when cars are approaching or gantries on the motorway to announce changes to speed limits. Data will also be sent to 'control centres' that manage traffic, enabling a vastly improved system to monitor and even direct vehicles. 'A traffic controller will know where all vehicles are and even where they are headed,' said Kompfner. 'That would result in a significant reduction in congestion and replace the need for cameras.'"

It would, except does this data tell you who is in the car, or if the car hasn't been spoofed (box switched from one car to another, hacked, etc.)? Sure, this causes every privacy-firster to complain, but in reality, isn't this a bigger concern for proof? Provenance of the devices? This approach may actually play into the hands of thugs. Spoof someone else's car, and you're in the clear.

Security is not a patch. It's a quilt. This will augment, not replace, the need for cameras. Privacy people won't be happy--perhaps rightly so. But security will benefit.

Cheers,

Steve

ePedigree Delay a Sign of An Eventual Supply Chain U.N.?

StevenSimske — Thu, 20 Nov 2008 05:49:00 GMT

I have been remiss in discussing the delay in the California ePedigree until 2015. This has been interpreted as a long-term delay for track and trace and overall product safety. For a nice overview and analysis of the problem, see http://www.industryweek.com/ReadArticle.aspx?ArticleID=17793.

However, ePedigree initiatives are underway by the WHO, FDA, EU, AQSIQ (China), GS1 and other standards/regulatory organizations. A full serialization+pedigree requirement may be delayed until 2015, but it is unlikely that ePedigree will not already be in place before then. Recent passing of PRO-IP and Country-of-origin labeling (COOL) legislation in the US indicates that the US,too, will continue with initiatives before 2015.

The delay of California ePedigree legislation, moreover, may be indicative of another passing of the torch. Much as the recent Presidential (and Congressional) election results likely signal a more collaborative, less "independent" US foreign policy, the delay in ePedigree may signal a more collaborative, less independent nation-to-nation legislation in the future.

Will the big players--WHO, FDA, EU, AQSIQ, GS1, ISO, and others--work together to create a reasonable roadmap for product track and trace, pedigree and provenance? In effect, create a "United Nations" for track and trace? I, for one, hope so. With the increasingly convoluted supply chains for virtually all products resulting in chaos during recall, fraud and even normal node-node shipping situations (how many retailers can confidently tell you everywhere a product has been on its way to their shelves?), how long can it be before the legitimate market says, "enough is enough"? Plus, a universal process will reduce confusion, lower cost, and improve response time around the planet.

Is the current combination of counterfeiting, diversion, factory overrun, smuggling, return fraud and other supply chain crime the commerce equivalent of the two World Wars? A series of events so drastic that the set of collective players decides to band together into a United Nations to try to prevent such a meltdown in the future? (I realize the United Nations is by no means perfect--but we have been without nuclear combat for 63 years...). Maybe so. And maybe the delay in the California ePedigree shows that the US, rather than defining the path forward, is willing to work with the rest of the Supply Chain United Nations in formulating the optimum set of requirements moving forward.

-Steve

China/New Zealand Contaminated Milk--It's not just about brand protection and anti-counterfeiting

StevenSimske — Wed, 17 Sep 2008 03:18:00 GMT

This blog focuses on security printing to prevent product counterfeiting and provide brand protection. However, the principles covered, if applied in the appropriate manner and context, can protect from product tampering, from product diversion, from product smuggling and from returns fraud. They can also enable efficient, accurate recall in case of product compromise. And, as a consequence, these technologies can SAVE LIVES even while saving money, costs, and environmental impact.

Let's look at the recent China milk scare. It affects New Zealand...

See http://www.nzherald.co.nz/dairy-industry/news/headlines.cfm?c_id=168 for related articles on the New Zealand end. New Zealand exports milk to China to powderize and sell in China and/or export--such is the way of supply chains in 2008. And the reality of this situation is that unexpected problems with product tracking and recall have arisen [See comment below--this statement has been corrected per Helen's comment].

Of course, for the provider, the Sanlu Group, these are BIG problems: http://www.reuters.com/article/newsOne/idUSPEK27908420080917:

"China fired four city officials and a company boss amid a widening scandal over adulterated milk powder blamed for the death of least two [three now confirmed] infants." Worse yet, the implication is that the milk was tampered with intentionally to hide the fact it was being "stretched": "Melamine, used to make plastic and other industrial products, is rich in nitrogen, an element often used to measure protein levels, and so can be used to disguise diluted milk."

How could security printing and imaging (alone or in combination with RFID, as appropriate) have prevented this tragedy? Repeat the mantra, "security is not about prevention, it's about detection and reaction". With uniquely identifiable, tamper & copy evident packaging/labeling, the offending products could be traced to the exact time and location for the assembly of these products. Sometimes inexpensively, sometimes more expensively, depending on the nature of the product and the nature of the risk to life and limb should the product be tempered with. It's more important, perhaps, to protect Tylenol than Ty-D-Bol, and to validate valium than to authenticate Old Spice. But no product should be able to slip under the radar--especially if you have to print something to convey product information anyway.

So, while several officials have now been sacked, tying the murderous manufacturing to the culpable culprits is important to help deter such a situation in the future. Security variable data printing provides auditing while helping in tracing backwards from the scene of the crime to the planning of the crime. It's about detection and reaction. It's about having every item self-report--in other words, a full provenance record on every product. It's about, possibly, saving a life.

-Steve

Wal-Mart promises ore-to-store provenance record for jewelry

StevenSimske — Wed, 16 Jul 2008 06:33:00 GMT

Reuters reported recently that Wal-Mart "is introducing a line of gold and silver jewelry that can be traced from the mine to store shelves". Please see http://www.reuters.com/article/domesticNews/idUSN1435036120080715, for the full article. An interesting prospect, being able to know everyone who has touched the value chain, from the mine to the Mart. The article mentions that, in order "to create the Love, Earth jewelry line, Wal-Mart worked with mining company Rio Tinto Plc; Newmont Mining Corp, a global gold producer; and Aurafin, a Florida-based jewelry manufacturer." An admirable notion, and one no doubt geared to assuage the plethora of consumers who worry that their shiny ornamentations are the result of "slave labor".

However, the germane issue for security, anti-counterfeiting and supply chain integrity is, "How authentic is this supply chain"? What are the on-ramps for a would-be counterfeiter? Does Wal-Mart's identification of the partners in the supply chain actually serve to increase the authenticity of the end product?

As you may suspect from past postings on this blog, the answers are not cut and dry. Identifying the companies that are "certified" for this program lets would-be counterfeiters know who to target for bribes. On the other hand, it does reduce the number of "middlemen" and so reduces the number (though certainly not the width) of on-ramps. It will be interesting to see what protections Wal-Mart puts in place for this program. As with software, so with "physical ware". The bigger the target, the more snipers taking shots at it. And Wal-Mart is the biggest possible target, with more employees than any other three companies combined. Rio Tinto, Newmont and Aurafin--the weakest link in these companies (a disgruntled stockroom worker, an underappreciated janitor, whoever) or in Wal-Mart itself--can render this crown jewel a bauble. So, unless you have a Smeagol Gollum lurking in your neighborhood Wal-Mart, you're unlikely to be sure who all the Lords of your Ring really were.

-Steve