Security Printing and Imaging : deterrents

IMI's Security Printing Conference, Nov. 16-18, 2009 (Baltimore, USA)

StevenSimske — Sat, 12 Sep 2009 02:41:00 GMT

IMI’s 6^th Annual Security Printing Conference is being held on November 16-18, 2009 at the Sheraton Baltimore City Center Hotel in Baltimore, Maryland.

According to the conference organizer, Al Keene, "The unique annual conference addresses the challenges and opportunities facing the digital printing industry in dealing with security issues and enabling the production of secure documents for a wide variety of applications including business documents, ID’s, currency, brand protection & identification, gaming/event tickets, travel documents, etc. Industry experts will address digital printing technologies’ capabilities and shortcomings relative to printing secure output and the technology options available to enhance the production of secure documents and products. The attached file and our web site www.imiconf.com contain additional preliminary program information."

A conference with a view

This is a solid conference, with a strong security printing agenda. I attended DigiFab 2005 and NIP at this location. Excellent urban harbor atmosphere, to go along with the excellent agenda. Please see the website for details.

Cheers,

Steve

Law of Power 4—Always Say Less Than Necessary

StevenSimske — Wed, 22 Jul 2009 04:44:00 GMT

Continuing a reinterpretation of Robert Greene’s 1998 landmark, “The 48 Laws of Power”, I turn his Law #4 sideways (applying the law to the fighting of counterfeiting and other forms of fraud) and then turn it upside down (using the laws to create better businesses).

Given the definition of Law #4, need I say more? Actually, the irony is that to argue for saying less, a relatively thorough post is needed. Saying less is an art. One must say enough, often provocatively, to obey the other Laws of Power (commanding attention, generating mystery, etc.), but not say too much to appear common. Not only is it an art, but it is also the secret of art. Why did Klein pick (and try to patent) the hue of blue known as Klein Blue? Why did Marcel Duchamp “pick” a urinal for his show? Certainly, neither of them was about to tell. What could be more common than a single element in a palette or a single stall in a men’s room? By saying less than necessary, Klein and Duchamp succeeded where many others fail.

What does it mean? Let the other person decide...

Robert Greene interprets the fourth Law of Power as the power to be vague, open-ended, and sphinx-like. Can such ambiguity be achieved through idiocy? Think of Peter Seller’s character in “Being There,” whose sagacity is certified by his oracle-like “I like to watch” and “I can’t read.” Far better to say less—“I like to sit on my fat derriere watching TV” and “I am illiterate” are unlikely to generate a dedicated followership.

My interpretation of Robert Greene’s sense of this law comes from the field of dietary restriction (I have done research in this area in a past life: see for example Ferguson VL, Greenberg AR, Bateman TA, Ayers RA, Simske SJ: Effect of age and dietary restriction without nutritional supplementation on whole bone structural properties in C57BL/6J mice. Biomed Sci Instrum 35:85-91, 1999). Essentially, food and words are death. The human body is designed to cycle only so many calories—say 80-100 million—in a lifetime. Caloric restriction—willingly reducing your caloric intake—will in general lead to a longer life. The same is true of words. Your power base will only survive so many words. The more apt you are to offer free advice and speak your mind, the shorter your lifespan of power will be. We all love to deliver a witty phrase—we’re light at ease after a litotes, literate through alliteration, happy through hyperbole—but few of us are as clever as we think. And each beautiful flower of true bon mot will be lost in the forest of cliché if we choose the road of sarcasm, cynicism and attack.

Greene cites Louis XIV as following Law #4 to the letter: “L’état, ç’est moi” and the smile of Buddha. So much more effective for a long and unchallenged reign than, for example, Coriolanus, whose spite and common complaining took him from hero to zero, from warrior to weary-er.

SIDEWAYS:

Law of Power #4 is important for anti-counterfeiting. Empower your agents in the field; but do not let them talk themselves into ineffectiveness. Focus your education and training costs to make your agents better able to provide the information you need, but not to digest it themselves. Does your agent need to understand everything she sees? Not unless you want to create a potentially powerful double agent. Do not allow any single agent in the field to collect too much information or know too much. Make her capable of conveying value with a credible degree of deniability of knowledge. It’s safer for your strategy and safer for your agents. The best agents, or “feet on the street”, are not just secret agents; they are to some extent uninformed agents. Make sure they are only capable of saying less than what is necessary to compromise your brand protection program. Otherwise, you will always be competing with the highest-paying counterfeiter for the agent’s services.

UPSIDE DOWN:

How can this Law be turned upside down? Isn’t purposely saying less duplicitous by nature? Not if you turn the art of saying less into the art of listening more. Listen to your partners. You and your partner have the following breakdown of problems: (1) Problems you can solve, (2) Problems the partner can solve, and (3) Problems neither can solve. Usually, (1) and (2) are not fully overlapping, but even if they are, you and the partner will solve them in different ways. Indeed, (1) + (2) = (3), and simply listening to how your partner solves a problem you “already know how to solve” may lead to solving set (3). When you talk, you will naturally address either (1) or (3) and so have 0% chance of solving new problems. When they talk, the focus is problems they can solve—and your chance to learn. This is really, really hard work--listening to someone explain how to solve a problem you already know how to solve. But it is the road to learning.

Ultimately, your “power” rests on what you know. Listening is a much harder skill than saying less than necessary. Listening is an active event—unlike hearing, which is passive. Learn to say less by listening. Let your partner finish her thought, and internalize what she says. If different than what you know, then why? Is it because what you had previously viewed as a single topic is actually two or more? What are the conditions to disambiguate these subtopics? Now you’re not just listening, you’re learning. And when you are likewise allowed to share your experiences, true collaboration has occurred. All by taking turns in saying less.

Cheers,

Steve

See Law #3 at: http://www.communities.hp.com/online/blogs/securityprinting/archive/2009/06/16/law-of-power-3-conceal-your-intentions.aspx

Puzzling Advice From the FDA: Add Chemicals to your Drugs

StevenSimske — Thu, 16 Jul 2009 14:52:00 GMT

The FDA is advocating the addition of chemicals to pharmaceuticals to improve the identification of counterfeits.

http://www.in-pharmatechnologist.com/Industry-Drivers/FDA-advocates-food-pigments-and-flavours-to-combat-counterfeits/?c=JiBz%2FX6W897ybeGc6YCjow%3D%3D&utm_source=newsletter_daily&utm_medium=email&utm_campaign=Newsletter%2BDaily

This is puzzling advice in several ways. First off, the article states:

"IMS health recently estimated that the counterfeit drugs 'market' generates almost $800bn annually and is growing at almost 6 per cent a year." This is either hyperbole or simply poor reporting. $80bn annually is the correct current estimate.

Next, the summary of the advice is stated:

"The Food and Drug Administration’s (FDA) new document argues that incorporating PCIDs into drug formulations could be a cost effective way of differentiating genuine products from fakes. The agency went on to say that PCIDs used in drugs should be pharmacologically inactive and suggests that: 'food additives, colorants, or excipients with established safety profiles,' would be ideal candidates. While in common with other anti-fake labelling methods, PCIDs can be easily detected in the laboratory, their big advantage over traditional methods is that they can be readily identified by patients, healthcare practitioners and pharmacies."

There is certainly a trend to include less, rather than more, exogenous chemicals -- dyes, expedients, etc. -- in food and drugs. So, the FDA advice bucks that trend.

Also, adding PCIDs "with established safety profiles" by definition means that the list of PCIDs to add is public knowledge. This makes it easier for the would-be counterfeiter to obtain those PCIDs, doesn't it?

Regardless, the use of PCIDs would presumably follow one of two strategies:

(1) Controlled substance, in which case the PCIDs used should only be sold by authorized suppliers to authorized buyers. The type of fraud to prevent in that case, then, is the insidious insider who orders PCIDs and sells them for profit to his counterfeiting buddies.

(2) Security by obscurity, in which case the PCIDs should not be published. This is also susceptible to insidious insiders, however, and certainly makes authentication more difficult.

Using PCIDs, in addition, may complicate the authentication process--requiring the deployment of specialized analysis equipment and personnel. The FDA is certainly enamored with nanotechnology, and this may relate. However, track and trace and authentication through the appropriate combination of security printing (remember that tablets can be printed on and linked to the information on the package through the application of the appropriate inference model) and RFID seems, to me, easier, more cost-effective, more scalable, and more effective.

The full draft of the guidance is posted here:

http://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM171575.pdf

Some highlights salient to the discussion:

"There are various available means for presentation and detection of PCIDs (e.g., photolithography, holography, laser scanning devices, and excitation/fluorescence detection). Many identifying characteristics, such as pigments or flavors, could be easily observed by patients, healthcare practitioners, and pharmacies. Some could require the use of instrumental detection (e.g., a scanner or photometric detector)."

"To minimize toxicological risk, FDA recommends using permissible direct food additives, including those affirmed as generally recognized as safe (GRAS), or those ingredients listed in the FDA Inactive Ingredient Guide (IIG)."

What are your thoughts? Any comments? Please post below! Thanks,

Steve

Law of Power 3: Conceal Your Intentions

StevenSimske — Tue, 16 Jun 2009 19:34:00 GMT

In a continuing interpretation of Robert Greene’s 1998 bestseller, “The 48 Laws of Power” (Penguin Books), I turn it sideways (using the laws to fight counterfeiting and other forms of fraud) and then turn it upside down (using the laws to create better businesses).

Today we address Law #3: Conceal Your Intentions. This is a law in two parts.

(1) Use decoyed objects of desire and red herrings to throw people off the scent. Greene suggests false sincerity, ambiguous signals and misleading objects of desire.

(2) Use smoke screens to conceal your actions. Always leave yourself contingency pathways.

Many of Greene’s anecdotes focus on warfare and negotiation, and specifically on the cunning of different strategists. Strategies, as can be seen, cannot be “universally recommended”—that is, they do depend on the individual. Kissinger’s prowess as a negotiator, for example, was fueled by his ostensible dullness. Greene portrays Kissinger as nearly lulling his adversaries to sleep and then just as the wave of ennui threatened to submerse them in torpor, he would make otherwise unreasonable demands and get buy-off.

Such a strategy, clearly, would not have worked for Napoleon. Instead, Napoleon’s path to success would have been to put more power in the hands of his competent students of the Laws of Power—Talleyrand and Fouché, for example. Napoleon, being Napoleon, was unable to work with such indirect, “cunning” personalities.

A key to concealing your intentions is to eschew the use of a pattern. This is not the same as foregoing a design. Without a design, you are quite liable to respond to any nuance, distraction, red herring, or ploy of your adversary. The design is essential, as it is nothing else but the pathway from the present to the future. Your design, however, should include decoyed objects of desire and smoke screens to prevent anyone else from determining your design. If your pattern is A, B, C, D, guess what? Your adversary can pick E, F, G, H, etc., to face you. And a smart adversary (you must assume your adversary is smart until proven otherwise) will pick the node in the sequence where she is relatively strongest in comparison to you.

What could be more fun? Combining creativity, design, thinking on your feet and secrecy—concealing your intentions gives you time to collect information on your adversary. And, when the reversal occurs, it should not be ambiguous. When you suddenly reveal your intentions, either because of a (well-earned) reputation for fraud or because it will no longer provide value to conceal your plans forward, do it in full.

Think of Hamlet. The play was indeed the thing to catch the conscience of the king, and Hamlet knew it. He concealed his intentions—was he brooding over Ophelia, going through existential angst, in deep anxiety over an inevitable confrontation with Fortinbras? Meticulously, Hamlet pieced together enough clues to formulate the last stage in his intelligence work. It was the play, with his uncle’s murder of his father echoed in the actions of the players, that would bring out the final, unequivocal reaction in Claudius. After that reaction, the rest of Hamlet’s “contingency plan”, always part of his design, would inexorably bring the bloody end to one of the world’s greatest works of literature. After the play, the rest was almost predestined.

Hidden intent. What am I looking at? What matters here?

SIDEWAYS:

Of the 48 Laws of Power, perhaps none is more central to security printing, anti-counterfeiting and brand protection than Law #3. Variable data printing (VDP) provides ease of printing decoys and smokescreens, while hiding the overall intention.

Since every printed region can be variable, the would-be counterfeiter can take one of three (at least) approaches. First, he may try to reverse-engineer every element of the print job. This is a time-consuming, mind-numbing approach, but the advantages are that the counterfeit samples will inevitably appear more real, and so get by more customers and more retailers and more inspectors undetected. Counterfeiters with substantial R&D budgets (and there are many) will occasionally attempt this approach. Other counterfeiters will do the minimum possible to get their products into the supply chain, and so the counterfeit products will be generally easy to distinguish. However, these counterfeiters may be more interested in replace-and-sell strategies, which are consistently seen for example with large systems (cars, servers, airplanes, appliances, etc.) where the parts are very expensive and the system behaves similarly with the counterfeit parts in place. Thirdly, other counterfeiters will simply move to the inside. It is much easier to spoof a product if you simply build the product. Insidious insiders, third-shifters (factory overruns), and false fronts (“fake” companies that work with all of your suppliers) are a significant threat.

Conceal your intentions with counterfeiters by using variable VDP—changing your VDP design is not much more difficult than printing using VDP. Your design is to change; your pattern of change is your own.

Security printing principles are in direct alignment with concealing one’s intents. Decoys are printed marks used to get a counterfeiter to respond, even though they may not be (normally, ever) tracked or investigated. Use decoyed objects of desire and red herrings to throw people off the scent. Printed marks can also be used as “bait” to get counterfeiters to respond to them—generally, these are overt marks, so the lack of response by the counterfeiter usually means that they will not be able to counterfeit for long. Your response may be about the data embedded, or it may be the appearance itself. Use smoke screens to conceal your actions. These decoys and bait can serve as “contingency” deterrents which can be tracked or investigated in cases of need (recall, change in auditing requirements, new regulatory concerns, change in branding, etc.).

Intentions stripped bare. Nothing to conceal. No future.

UPSIDE DOWN:

Concealing your intentions is obviously to your advantage when dealing with an adversary. Many would therefore conclude that to benefit from the obvious advantages of Law #3, you will treat your business partners as adversaries, concealing your long-term strategy. I argue for a different approach.

Consider your interaction with worthwhile business collaborators and partners the way you might consider your interaction with worthwhile life collaborators and partners at a social gathering. Start with the premise that your story is boring unless the other can share in the story. Get the other person/partner to speak. Be genuinely interested. Every conversation, every partnership, is a learning opportunity. “Conceal” your intentions by engaging in theirs.

“Ah!” you say, “but there is no security through obscurity.” Meaning the would-be collaborator will also know Law #3 and will be applying it on you, as well. And right you are! That’s the beauty of the approach. If each of you applies the “Upside Down” Law #3, then inevitably the conversation will lead to common ground. It takes active engagement, but it does not preclude concealment of your true long-term plans. Both parties benefit from finding a common, profitable area of engagement, without having to say “I’m not ready to share that with you yet.”

Let’s illustrate with a simple example. UBB (Unbelievably Big Business) has long-term plans to take over all fossil fuel surveying, production and distribution. USS (Unbelievably Sustainable Systems) has long-term plans to provide 100% of the world’s energy needs, where possible, with 100% renewable fuels. In drawing into the conversation discussion of sustainability, UBB comes to understand how “grow and sell local” approaches will significantly streamline their own distribution chain. In drawing into the conversation discussion of the need for high-octane, fossil based fuels in many existing transportation networks, USS comes to understand “asset inertia” and also understands better the adoption roadmap for sustainable energy.

A healthy combination of concealment and the visible. Share enough to help your friends, conceal enough to derail your adversaries.

--Steve

See Law #2 at: http://www.communities.hp.com/online/blogs/securityprinting/archive/2009/05/31/law-of-power-2-never-put-too-much-trust-in-friends-learn-to-use-your-enemies.aspx

Law of Power 2—Never Put Too Much Trust in Friends; Learn To Use Your Enemies

StevenSimske — Sun, 31 May 2009 05:34:00 GMT

In 48 posts on this site, Robert Greene’s modern-day Machiavellian masterpiece on the principles of power, “The 48 Laws of Power” (1998, Penguin Books), is being turned sideways (using the laws to fight counterfeiting and other forms of fraud) and then upside down (using the laws to create better businesses).

Today’s blog focuses on Law #2: Never Put Too Much Trust in Friends, Learn To Use Your Enemies. The impetus behind this law is that friends, knowing you well, perhaps ascending to power along with you, are prone to jealousy and privy to your weaknesses. When they turn on you, they generally know more about you than your enemies.

Beware your friends!

SIDEWAYS: The “enemy” for an authentic producer is an agent of fraud. From counterfeiting to coupon fraud, there are a plethora of ways in which all the planning, research, development, marketing and branding costs associated with putting a valuable product together can be squandered by an agent of fraud.

On the other hand, as your countermeasures—security deterrents, investigations, evidence gathering, etc.—become more effective in staunching the plans of your enemies, you drive would-be counterfeiters to theft or toward “insidious insider” activity. In the latter case, it is truly your friends who betray you. Someone working for your company, your brand, your product, sells out to the counterfeiters. When the turn on you, they generally know more about you than your enemies.

In this case, learning how to use your enemies is using the counterfeiters themselves to help you reduce their impact. Security printing, using the power of variable data printing (VDP), enables this. Use multiple printing techniques, including color, special designs, unique halftoning approaches, and other specialty printing, to force the counterfeiter to reveal something about himself when he tries to mimic your legitimate printing. Security printing features such as color bar codes, guilloches, etc., enable point-of-sale, authentication and mobile commerce, simultaneously. With VDP, however, any number of printed regions can be made variable. To use your enemy, the counterfeiter, effectively, use additional security printing features as decoys (make the counterfeiter think you’re inspecting them) or as bait (to make the counterfeiter reveal himself in replicating them).

Robert Greene notes that the reversal of this Law is almost always concomitant with the loss of the friendship. It is best not to mix work with friendship. For this reason, this rule is, in my opinion, strongly amenable to being turned upside down, as described next.

UPSIDE DOWN: Turning this rule upside down to create better business, use former enemies as new friends in the reality of the 21^st century global, distributed, fully supply-chain dependent world of business. The former enemies—your branded competitors—face the same common enemy. Counterfeiters, smugglers, third shifters (for factory overruns), and manufacturers of inferior (perhaps dangerous!) products. Your former competitors can unite with you to produce products that are safer, better-built, more environmentally friendly, more energy-efficient, more sustainable, and a host of other ameliorations. Rather than (rat)race your traditional competitors to the bottom (which is the history of the 21^st Century to date), KEEP THE BOTTOM DOWN. Counterfeiters now comprise the single largest competitor for legitimate brands in many product areas. Use your “enemies”, your former brand competitors, to fight this threat to us all.

Cheers,

Steve

See Law #1 at: http://www.communities.hp.com/online/blogs/securityprinting/archive/2009/05/27/91834.aspx

Law of Power 1—Never Outshine the Master

StevenSimske — Wed, 27 May 2009 05:35:00 GMT

Robert Greene’s eclectic masterpiece on the ethics—or lack thereof—of success, “The 48 Laws of Power”, serves as the stimulus for a set of 48 blogs to come on how to use these laws in fighting fraud (turning his rules sideways) and then using them to create better businesses (turning his laws upside down).

Today addresses Law #1: Never outshine the master. This is an excellent starting point, since the fine balance between attentiveness and obsequiousness and is the difference between a trusted aide and dusted aide. Greene’s chapter on Law#1 focuses on how biding one’s time and waiting for a truly inferior master to shoot himself in the foot is a better strategy than exposing the master as a fool.

SIDEWAYS: When it comes to defeating counterfeiters, not outshining the master means not spending more than the counterfeiter on the deterrents used to protect the product. Good advice here is not placing expensive, eye-catching deterrents on the product that a criminal can credibly spoof for less cost. Remember, counterfeiters are creative, counterfeiters typically invest in R&D, and counterfeiters like a challenge. Some examples are using holograms—counterfeiters can credibly spoof these using anything from aluminum foil to cheap lenticular prints. If you try to outspend counterfeiters, then you typically will. They will find ways to simulate your expensive deterrents for less, taking advantage of the indolence, insouciance or innocence of your retailers.

Robert Greene notes that the reversal of this Law is when the “master” is on his or her way down. Then, he advises, one must destroy the master completely. This is because the “master” is no longer master, and to prevent an angered master from coming back to power (with a grudge against you), annihilation is suggested. This makes sense in the realm of counterfeiting. Let the counterfeiters’ R&D skills shine, tease out their talents with inexpensive overt features. Achieve this with variable data printing (VDP) rather than expensive deterrents, where and when possible. When the counterfeiter tips his hand (by the counterfeiter R&D team’s “signature” in attempting to replicate your low-cost deterrence), destroy him completely.

UPSIDE DOWN: Knowing of this law can be used positively to create a collaborative business environment. Here, the law is “never outshine your partner”. Hold one card in reserve, and offer one card free for public viewing (like the dealer in Blackjack, for example). Never play until you have two strategies, each of which is fully thought out beforehand and which tie together after both are deployed. The strategy you give away for free leads to the one you hold in reserve. Bring in any useful, long-term partner (and any truly useful partner should be considered a potential long-term partner) by giving them something for free, or by letting them shine in the early phase. Do not outshine the partner means to share the publicity, the credit and the early glory. Strategy 2 might even make them look better—that is no small price to pay for longevity of your plans—but should also ensure your goals. The only place to outshine a partner is in the differential balance sheet between what you have with them over what you would have had without them.

Work together. It’s more profitable. It’s less stress, too.

Cheers, Steve

HP Anti-Counterfeiting Site

StevenSimske — Mon, 09 Mar 2009 00:30:00 GMT

Those of you interested in seeing how a big brand (in this case, HP) advertizes its anti-counterfeiting overt deterrence, please take a look at:

http://www.hp.com/sbso/product/supplies/whybuy_fraud.html?jumpid=ex_R295_go/anticounterfeit/supplies

Please click on ">>See Demo Of Ink Package" to see our training/information video.

The deterrents shown on this link provide the three key functionalities of a successful brand protection and anti-counterfeiting deterrent, as described in previous blogs:

1. Unique identifier (in this case, the 10 character unique number on each medallion)

2. Copy-prevention (since the overt deterrents are color-shifting, they lose this capability when copied)

3. Tamper-evident. These deterrents are damaged when peeled from the package, and destroyed when the package is opened normally (by an underlying tear strip). Sure, an assiduous counterfeiter can probably re-use the medallion, but it will take time and effort. Legitimate users are "encouraged" to destroy the label when they open the package.

Also of interest is the definitions of counterfeiting and fraud:

Counterfeiting--unauthorized application or use of a trade mark on goods that do not originate from or with approval of the brand owner. The "intent to deceive" is also very important. Note also that counterfeiting is NOT the same as refillingor remanufacturing, which are fully legitimate businesses. Fraud--all acts decieving or intentionally misleading. Counterfeiting is therefore a subset of "fraud".

Cheers,

Steve

A Consideration of Processes

StevenSimske — Mon, 25 Aug 2008 06:53:00 GMT

Recent blogs have focused on how deterrent technologies can be used to support the ecosystem required to provide strong brand protection and anti-counterfeiting. That ecosystem involves the PRACTICE mnemonic:

P is for Plan, R is for Research, A is for Activate, C is for Collecting data, T is for Training, I is for Investigate, C is for Convict, E is for Evolve.

This form of PRACTICE outlines an end-to-end process for initiating and supporting an anti-fraud program. Each of these—from Plan to Evolve—involves by itself multiple processes as well. Today’s blog focuses on two quite different types of processes, each focused on the “Investigate” portion of PRACTICE.

The “Investigate” portion includes the continual accumulation of data on the counterfeiting of your product. One means to do this uses security variable data printing, or SVDP. This is the use of multiple variable deterrents to draw out the “style” of the counterfeiter. That is, SVDP regions can be used as “bait” or “decoy” deterrents—not to force the counterfeiters to “replicate” the data in the printed region, but instead to force the counterfeiter, through trying to replicate the appearance of the printed region, to identify himself. This is because complex printed regions cannot be scanned and re-printed without modification. How a counterfeiter will try to reproduce such a complicated region—the choice of color, intensity, spatial frequency, contrast and other transforms the counterfeiter uses—provide a signature for the counterfeiter’s style. This process is an example of an a priori process, in which the data to be collected is designed and deployed.

Another means to continually accumulate data on the counterfeiting of your product is to perform a posteriori analysis of the product, and compare the analysis results to those expected of legitimate product. As a non-printing example, John Jasper, head of Molecular Isotope Technologies (MIT), writes, “Process patents are mechanisms by which to protect and extend the patent-protected lives of pharmaceutical products. They are typically supported by the analysis of reaction impurities, trace metals, etc. Natural stable isotopes present a novel source of information recording evidence of the process manufacturing history – particularly, the synthetic pathway – used to produce pharmaceutical and other chemical materials…[Our] work in the area of product authentication showed that every batch of pharmaceutical materials had a highly-specific ‘isotopic fingerprint,’ allowing individual batches of materials to be tracked and counterfeit batches to be identified.” In other words, MIT’s process for analyzing the reagents in a pharmaceutical are precise enough to disambiguate between the authentic and the counterfeit processes involved in production.

Image forensics, not surprisingly, can also be used in an a posteriori manner. The process is, on the surface, similar to the a priori approach: printed regions are analyzed for their characteristics, and different regions classified and clustered to help identify the number and size of the counterfeiters in your supply chain. The difference is that, using such an approach, a suitably difficult-to-reproduce printed area must be identified without the benefit of SVDP. So, a word of advice: if you want to identify counterfeiters, don’t make it easy on them—use SVDP or at minimum a few regions of difficult-to-reproduce printing (natural images, designs such as guilloches, etc.). Otherwise, you’re simply making their job easier, and that’s one process that makes no sense.

-Steve

Ecosystem Score: Proving It’s Real vs. Proving It’s Fake?

StevenSimske — Sun, 17 Aug 2008 06:43:00 GMT

In the previous blog, I talked about your Deterrent Score, and mentioned you must multiply it by your Ecosystem Score to get your overall effectiveness. As I mentioned in the May 12 blog, it takes PRACTICE to put such an ecosystem together. In today’s blog, let’s talk about how a deterrent might fit into the ecosystem.

Also, for today’s blog, I had a discussion with two of HP’s top experts on anti-counterfeiting. Jim Colby is HP’s Manager for Packaging and Anti-Counterfeiting Technology, and Dave Kellar is a Technical Expert for Package and Product Anti-Counterfeiting. Dave initiated the conversation, sending a link to XStream Systems, Inc.’s XT250 System that provides Authentication Technology with “See –Through” Vision (see http://www.bpcouncil.com/index.php?sid=10&lang=en&act=page&id=716).

The description states that “drugs can be verified while still in their manufacturer's sealed containers – as the system can scan through opaque plastic, cardboard, and even metal packaging to ensure consumer safety”. This is classified as a “forensic” deterrent—meaning a deterrent that can authentic down to the individual item. However, there has to be an ecosystem around this deterrent—starting off with measuring the material property, comparing the property to the correct data for the product, and receiving the real/fake result.

In addition, there are some issues specific to the type of forensic deterrence offered. For one thing, how sensitive is the technology to the active ingredient? Can different concentrations of reagent be readily differentiated? How often are there false positives? How often are there false negatives? Can the “authentic” amount of active ingredient be spoofed with 1%, 10%, 1000% of the normal amount? By including some of it on the packaging?

The ecosystem issues extend well beyond these questions. Who are the intended authenticators? Inspectors? Retailers? Customers? How will these authenticators be educated to understand what to do when the results indicate a failure? And what of cost? How much does the test cost? How much does the education and training cost? How is the data conveyed from the point of testing to the analysis service? How is data integrity maintained? The comment that “Wholesalers acquire conclusive proof of due diligence and of the authenticity of their inventory” could provide a few liability issues if/when there is a mistake (false positive, or especially false negative). In other words, XStream claims to “prove” authenticity, which in my experience is usually more difficult than proving something is non-authentic (or counterfeit).

Take mass serialization data, for instance. A legitimate number suggests but does not prove authenticity, but a non-legitimate number proves something is wrong. Just because the correct active ingredient is present does not prove the product is legitimate. After all, savvy counterfeiters really do want to get away with it as long as possible without having to change to another product.

I ran these concerns past Jim and Dave. Dave’s feedback was: “The main area of interest for me was the process to check the product through the package, eliminating the risk of used packaging or refills. The main problem is still who would check, as I do not see this system as a consumer overt confirmation. As you stated I do not believe the system could check for fake product salted in with the good or the ingredient added to the package material.” Like me, Dave was excited that the device allows you to potentially check the product through the packaging. This is even more powerful than RFID, which allows you to check the mass serialization information through the outer packaging.

Jim backed this up. He noted “I too am enamored with the concept of 'authenticating' actual product through packaging, and this does take the serialization step farther, but with all the same issues with serialization; namely, how to interpret results.” Jim noted that wholesalers would have difficulty arguing for “having conclusive proof of authentic inventory”. Jim also offered the important observation that “the more complex and costly it is to 'authenticate' a product-- the happier a counterfeiter becomes, because they know very few people will have the means to check and so very few products will actually get checked". Indeed, trying to outspend a counterfeiter is never a good idea.

Based on this example of a very good technology being deployed into a rather challenging ecosystem, we see that the Ecosystem Score is really dependent on much more than technology. It depends on simplicity; that is, ease of training and implementation as much as ease of performing the authentication. It depends on an “impedance match” between what you are trying to prove and what you actually can easily prove. In my opinion, this technology will be very useful in screening large lots by (indepthly) analyzing only a sample of the product. It may be less useful at the item level.

-Steve

The Perfect Deterrent

StevenSimske — Fri, 08 Aug 2008 21:13:00 GMT

How is Security Printing and Imaging like the Olympics? Apparently, the Olympics potentates have decided that no perfect 10's will be awarded in gymnastics. So, there will be the idea of perfection, but no actual perfection. The same is true for Security Printing deterrents--the idea of perfection exists, but the perfect deterrent is still waiting for its ecosystem to catch up.

So, let's rewind. Security Printing and Imaging relies on an ecosystem. This ecosystem includes the printing and security expertise used for defining and deploying the print campaign, the deterrents used, the imaging (image quality assurance, inspection, authentication and forensics), education (of the consumer, retailer, inspector/investigator and forensic agents), evidence gathering, investigation and interdiction. Today's blog focuses on the deterrent.

The perfect deterrent must contain each of the three following attributes:

(1) Unique ID. Usually this is associated with mass serialization--or sequential assignment of the unique ID, which can be followed by encryption to make the sequence appear stochastic. However, if this unique ID is also attached to, for example, track and trace, then some of the bits in the unique ID will be used for "non-unique" information. For example, in the 96-bit SGTIN-96 specification, there are 6 fields:

The header, which is 8 bits
The filter, which is 3 bits and specifies if the tagged object is an item, case or pallet
The partition, which is 3 bits and indicates how the subsequent fields are partitioned so that their data can be recovered and interpreted correctly
The company prefix, which is 20-40 bits (depending on the partition bits) and contains the company's EAN.UCC Company Prefix
The item reference, which is 4-24 bits (depending on the partition bits) and contains the item's GTIN item reference number
The serial number, which is 38 bits and contains the item's unique serial number

Thus, only 38 of the 96 bits, or 39.6%, are used for the unique ID. This may not be enough for your needs? Well, part of the power of security printing is that any number of additional bits of unique ID can be supplied by addition deterrents linked to or complementing the 38 bits in the SGTIN-96.

A short list of security variable data printing (SVDP) deterrents that can provide additional unique bits include barcodes, color tiles/lines, guilloches and other graphical alphanumerics, watermarks, copy detection deterrents, microprinting, magnetic ink characters, infrared/ultraviolet printing, and other steganographic approaches (variances on line thickness, text character kerning, etc.).

(2) Copy-prevention. If an item has a unique ID, it is easy enough for a would-be counterfeiter to simply copy that unique ID and peddle it as an original. Note that there are many forms of "copying" here, including stealing or guessing legitimate codes before they are used on legitimate product. This is not, however, the focus of today's blog.

Regardless, physically tying that unique ID to the substrate it is printed on/associated with can prevent these types of counterfeiting. One means of providing copy-prevention is to overtly use a copy-detection deterrent. These are usually grayscale, high-entropy printed areas which, when copied, lose image entropy or suffer altered frequency characteristics such that an authentication algorithm declares it void. A second means of providing copy-prevention is to use a "random" (strictly, "quasi-random" or at best "stochastic") feature of the substrate to register along with the unique ID. In fact, US patent 7,028,188, titled "Document authentication using the physical characteristics of underlying physical media", describes:

"A method for authenticating a document in which a document key for the document is generated by examining one or more attributes of a physical media that underlies the document. An original image is then imparted onto the physical media so that the original image is associated with the document key in a way that enables a subsequent recovery of the document key from the original image. This tying together of the underlying physical media, through the document key, with an original image enables detection of a forgery which was performed either through an alteration of the original image, or ink stripping and re-printing, or a printing of the original image on another physical media."

Other means of providing copy-prevention include laser surface authentication system (please see http://www.ingeniatechnology.com/technology.php) and tamper-evident substrates (please see http://www.cortegra.com/ba-offerings.html). In my research and development work, I use high-resolution scanners/cameras, microscopes and/or large arrays of image features to record copy-sensitive information. Taken to the logical limit, copy-prevention and forensics are indistinguishable. The choice of which copy-prevention tactic to take depends on who will perform the product authentication. If customers will be performing authentication, it behooves you to use ubiquitous devices--such as cell phone cameras--to perform the unique ID/copy-prevention analysis. If retailers will be performing the authentication, then the same devices used for track and trace, point-of-sale, and inventory management should be used for the unique ID/copy-prevention. Think RFID and barcodes. If paid inspectors and/or forensic analysts are used for this task, then the use of specialized and/or proprietary devices is warranted.

(3) Tamper-evidence. Given the fact that many security providers conflate mass serialization with authentication (a legitimate unique ID cannot prove authenticity, although a non-legitimate unique ID does prove lack of authenticity), it may be no surprise that some security providers conflate copy-prevention with tamper-evidence. However, copy-prevention is concerned with tying a unique ID with a particular printed object, while tamper-evidence is concerned with preventing the re-use of a legitimate printed object.

To prevent re-use, the copy-prevention (and if possible, the unique ID as well) should be associated with the opening of the package or the use of the printed object. Tear-strips and perforated guides are two means to direct the opening of a material. The use of temperature, humidity or other environmental-responsive materials can be used to prevent reuse, especially if after exposure the printed object is somehow tainted.

With these three attributes deployed successfully, you may not have a perfect deterrent, but you may have a 9.8. Keep in mind, though, that your Deterrent Score must be multiplied by your Ecosystem Score to get your overall brand protection efficacy score. A 9.8 at Billy-Bob & Ethyl's Gymfest is not the same as a 9.8 at Beijing. Next, we'll talk about how to increase your Ecosystem Score.

Thanks!

-Steve

Please spend more on your anti-counterfeiting deterrents

StevenSimske — Sun, 01 Jun 2008 03:52:00 GMT

Guido De Terenza checking in again as the guest blogger for the week. And brand owners, I have a simple request to make of you. Please go out and find the most expensive deterrent you can, purchase it in bulk, and slap it on your products. Don't do any user research, and don't spend a dime on training your retailers, investigators and end users to use it effectively. No, I'd be a lot happier--and I tend to leave your family alone more when I'm happier--if you'd simply pay as much as possible for a deterrent. Spend your whole brand protection budget on this. After all, the more you pay, the more protection you get, right?

I call this approach the cancer bandage approach. You have cancer, and there are several options that make sense--radiation therapy, chemotherapy, tissue excision with a gamma knife, etc. Instead you put a bandage on the affected part of your body. Yeah, that'll make it better.

Here's where I make my money--off people who want to convince themselves, and not the counterfeiters, that their supply chain is safe. You want to convince a counterfeiter your product is safe, then catch him as fast as possible. I doubt you are really setting up your brand protection approach to do that. And so, I am targeting your product.

Next blog: Thanks for the design of your product. How you help me counterfeit directly.

PRACTICE Good Anti-Counterfeiting Techniques

StevenSimske — Mon, 12 May 2008 04:35:00 GMT

In the previous blog, I remarked that the approaches to counter counterfeiting depend on the relative mix of addressable and unaddressable counterfeiting occurring in the supply chain. If the counterfeiting is not addressable, then the brand must continue to message the unique qualities offered by their product so that people will want the authentic—and not the counterfeit—product. If a brand owner cannot address the counterfeiting, then the brand owner must provide a product provably superior to the customer. With “unaddressable” counterfeiting, perhaps paradoxically, the brand owner must struggle with the customer, and not with the counterfeiter.

If the counterfeiting is addressable, on the other hand, then the brand owner is in a direct struggle with the counterfeiter. And to fight the counterfeiter, a single weapon is rarely sufficient. To deter a counterfeiter takes PRACTICE. And this blog addresses how PRACTICE (Plan, Research, Activate, Collect, Train, Investigate, Convict and Evolve) leads to a multifaceted ecosystem of tactics to prevent, detect and react to counterfeiting.

So, a version of an old joke to start. Patient: “Doc, are you comfortable with your diagnosis?” Doctor: “Ma’am, I’ve been practicing medicine for 40 years.” Patient: “Well, I’d like a second opinion from someone doesn’t need any more practice, and actually knows what he’s doing.”

However, any physician worth her salt invests in CME, or continuing medical education. Life is practice. Practice doesn’t make perfect, but it can always improve on the imperfect that is the now. And PRACTICE is the acronym I’ll use for the crucial eight elements in an effective anti-counterfeiting ecosystem.

So, let’s take a look, one element at a time.

P is for Plan. The Plan is paramount, because it anticipates the overall strategy—including the research to be performed. The plan must consider the set of deterrents to be used. Will they be overt, covert, and/or forensic? Who will collect data on them to perform track and trace, inspect, authenticate or forensically analyze? When and how will these deterrents will be researched? When and how will the extent of current and future counterfeiting threat to the product be researched? The plan includes the activation of the ecosystem—the nerve-racking moment when the first products belonging to the security ecosystem roll down the production line—and the data collection roll-out. The plan includes the training: how customers, retailers, inspectors and possibly forensic analysts are educated about the deterrents. How will investigation and potential legal action—based on evidence collection and prosecution—be supported? And, finally, how will the system evolve? That’s right, we must plan for change.

R is for Research. Research includes how you pick your deterrents. Do you pick ones that are easy for the counterfeiter to spoof? If so, they should cost you nothing. Do you pick one that’s hard and/or expensive for the counterfeiter to reproduce? If so, good, but you need to research how easy it is to use for your would-be counterfeiters. Research also includes understanding the counterfeiting threat to your supply chain. If you think it is small, you’d better look hard. It’s much easier to show it is a large problem than a small problem—sorry, that’s just the nature of statistics. You need hundreds of samples from any relevant section of your market to be sure the problem actually is small.

A is for Activate. After your research plan is completed, the system must be turned on. This is a huge step—maybe more accurately a “step function”—but the bump of activation can be smoothed by starting small. A 2D barcode is one way to collect information on where your products are going, but some companies start even smaller. Think of the soda pop folks who print numbers under the caps on their 20-ounce plastic bottles. They’re not doing this so you can win a free can of pop—they’re doing it to see where the unique numbers are going, and validate their supply chain. Their “activation” is a matter of setting up a website and asking people to web/dial in the numbers under their caps. No—this doesn’t give true track and trace, and certainly not authentication, but it does help them collect data (see next step!) useful in assessing just how big a problem they have on their hands.

Activation in full-fledged, label-based security printing and imaging means having the deterrents integrated into the digital front end of the printing. It means having all of the inspection and authentication algorithms, devices and reporting systems fully tested, qualified and in place for the long run. And, it means integrating the data with your existing manufacturing, distribution and reporting registries.

The first C is for Collect. Collecting data is not just about reading the 2D barcodes and other printed features on the label, packaging or document. A lot of data must be collected beforehand, as part of the research. One way to get this kind of data is described in the previous paragraph. However, data must be collected on an ongoing basis to determine the extent, location and nature of the counterfeiting threats. To determine the extent, one must research all channels for sales—from supermarket to information superhighway. What percentage of the product in each channel is counterfeit? How many counterfeiters are there? Do the counterfeiters work together? This data is crucial for later investigation and legal reaction to counterfeiting.

Other data is also collected on an ongoing basis—inspection, authentication and forensic information on the quality of the printed deterrents. I will talk about specifics of these data in a later blog.

T is for Train. Training, or educating, the actors in the product’s supply chain, is tied to the ecosystem planning described above. If you are relying on your end customers to validate—inspect and report anomalies, authenticate, whatever—the product, then you have to provide reliable and easy—preferably really easy—steps for them to follow. If you trust your retailers and want them to authenticate, the training can be a little—but only a little—more involved. If you are relying on paid inspectors, the training can be more complicated, but in general they will still need to be able to validate the products with relatively simple, cheap and portable devices.

The training plan approach is similar to the one you must take for auditing and compliance with most government bodies—for example, NASA and the FDA. The most important consideration is to have a process in place and to then follow it. If you don’t follow the process, your data won’t link together, you won’t pass an audit, and you won’t have reliable estimates on the extent of the counterfeiting. Additionally, abandoning a process just because counterfeiting is occurring causes confusion for those who wish to legitimately validate your product. Counterfeiters love confusion, it helps them in their (non-legitimate) supply chain. There are better ways to address future counterfeiting, and I’ll talk about the “innate moving target” shortly.

I is for Investigate. A lot of brand managers fail to understand that in order to investigate, you typically need an additional type of data to the data you use for track and trace, authentication or inspection. Investigations depend on the investigation plan—how data is collected, retained, analyzed and acted upon. Dynamic research is required. If you start to see sporadic counterfeiting in a new area, for example, it is often the case that these counterfeits originate in another, already “counterfeit-established”, region. Investigation is necessary to test for the link(s). And just investigating the “publicly known” security features may not be enough. Instead, additional features of the product—up to forensic analysis of the printing and/or product ingredients—may need to be analyzed to uncover the counterfeit supply chain. I’ll talk about the collection of salient investigative data in more detail in a later blog.

The second C is for Convict. How do we get a conviction? Well, first of all, you can’t convict anyone if what they’re doing isn’t illegal. So, brand owners who are not working with government (e.g. FDA) and other compliance bodies (e.g. GS1) are encouraging the counterfeiting of their products. If you’re in organized crime and are still resorting to the old ways—gambling, prostitution, weapons, drugs—you’re a fool. Counterfeiting is easier, more rewarding (higher margin!) and less risky. And, brand owners, stay with me here: counterfeiters already know this. So, help stiffen the penalties for counterfeiting, smuggling, product diversion, and other forms of fraud—security is about detection and reaction even more than prevention. Without an onerous reaction, there simply is no deterrence. Even if your deterrents cannot be beaten. With no reaction and unbeatable deterrents, all you do is force the bad guys to resort to old-fashioned insider jobs. Bribery, extortion, blackmail, eavesdropping, collateral theft—they have a lot of options. And they’re creative, so this list is just a sample. To get a conviction, you will need the laws in place.

Additionally, to get a conviction, you need an auditing, compliance and data integrity plan. In many countries, even the counterfeiters are presumed innocent until proven guilty. Make sure your data is credible, auditable, and usable. If it’s not, it’s not data, it’s just wasted storage space.

Finally, E is for Evolve. “They” say people don’t like change. Then, another “they” say that people do like change, and that to be human is to change. “They” are both correct. We like change, when we see it coming. In anti-counterfeiting, we see it coming when we design our security system to be an innate moving target. That is, the system is designed for change, benefits from change, and anticipates the need for change. However, these changes do not cause a system reset, a brand protection blue-screen, a full stop. They simply require the existing system to change its settings. Maybe the counterfeiters have to fully reboot, but that’s OK. Remember the rule, any system that makes the counterfeiters spend more than the brand owner is a deterring system. Any system that doesn’t needs to be changed. I’ll cover this topic more fully in future blogs, including the next.

For now, let’s put PRACTICE into practice. In a healthy anti-fraud ecosystem, all elements of PRACTICE are working together, deployed together and designed to detect counterfeiting as fast as possible. The world’s hardest-to-reproduce deterrents are often compromised precisely because they are the hardest to figure out by someone wanting to validate, too. The difficulty of reproduction is frequently associated with size, features or effects that are also hard to educate people on. An example when the product relies on uneducated consumers to check product validity is the “variable hologram”. Customers are used to looking at holograms for some striking visual effect, but they have no idea the effect should be different from one package to the next—let alone how. The deterrent used, therefore, must match the training given to the would-be validators. And the only way there is an appropriate “impedance match” between the deterrents and how they are successfully used in the ecosystem is if the planning occurs first, the research second, and the activation third. As with all successful security approaches, security printing will only work if it is built from the ground up.

In my next blog, we talk about one enabling technology that helps make PRACTICE possible. It is dynamic data content. And, in printing, dynamic data content is driven by variable data printing, or VDP. See you then!

-Steve

How Do You Address That?

StevenSimske — Tue, 06 May 2008 00:51:00 GMT

We’ve all been there. Meeting that skinny, medium-height, cropped hair, boyish-faced person named “Chris” or “Pat” at a social gathering. Is it a man or a woman? How do you address that person? Thankfully, “Ms.” has entered the English language, but we’re still waiting for the third person equivalent of “it”.

Contrast this with a red-faced, pudgy, bald man with a bad attitude and a bad comb-over. Maybe he’s not as pulchritudinous or as eloquent as our hermaphroditic new acquaintance of the previous paragraph, but he sure is easier to address. We know, instantly, to call him “bud”, or “bro”, or even “dude”, but never “sister” or “girl” or “chica”.

Classes of counterfeits, like classes of people we meet at social events, include “addressable” or “unaddressable” as an attribute. The differences between addressable and unaddressable counterfeits make all the difference in terms of the strategy a brand owner must support for brand protection. In this blog, I hope to show the difference between these two broad types of counterfeiting, and argue why the strategies must differ. Like every complex issue in life, there will be shades of gray; since I argue for a multi-pronged strategy regardless, these shades of gray need not give you the blues.

In this blog, counterfeiting means any product presented as something other than what it really is. This is an important definition, as will be described in the following paragraphs.

Let’s pick two extremes first to define the Platonic “ideals” for addressable and unaddressable counterfeiting. Addressable counterfeiting is exemplified by a counterfeit parenteral (injectable) pharmaceutical needed to save or prolong the life of a cancer patient. The physician, physician’s aide, or nurse thinks, trusts and intends the pharmaceutical to be the right dose with the right strength at the right time with the right biological activity. If it is counterfeit, any of these “rights” can be wrong. The dose could be wrong, in which case ancillary effects such as pharmacokinetics can be altered. The dose could be the wrong strength, in which case patient non-response—underdose—or overdose—which can include mild responses up to anaphylaxis, shock, convulsions, and/or death—occurs. The active ingredients can be past expiry, which usually corresponds to underdose but is often also associated with contamination and concomitant sepsis or worse. Finally, the dose could have the wrong biological activity—often unintentionally—through the use of improper expedient. Any of these leads to complications for the patient—and since the patient is already weakened, well, this is usually quite serious.

On the other end of the spectrum, we have the Rolex with three “X”’s—the kind of watch sold to Olive the Other Reindeer by her friend Martini the Penguin. Olive, naïve soul that she is, expects the watch to work, but most of us would not. We’re willingly purchasing a Rolex for single or double digit dollars for the kitsch or bemusement or relief from ennui. We know, in other words, it’s a counterfeit. And this is unaddressable counterfeiting—even if faux-Rolex sellers do get jailed from time to time. Why? Because it is not substituting for the sale of a real Rolex—a guy buying a $9 Rolex isn’t likely to cough up $5000 for a real one, and —or if he is, he won’t be put off buying the $5000 real one through the disposal of $9.

Many other forms of counterfeiting are clearly addressable. Fake pharmaceutical tablets, fake automobile and airplane parts, and other fake items in which the person’s safety is at risk because of the necessary (for counterfeiter profit reasons) shortcuts the counterfeiters have taken. Given this perspective, it is clear that counterfeit consumables are addressable: food, mouthwash, toothpaste, nutraceuticals, hygiene items, and in the case of infants, the surface coatings of toys and bedding. Anything for which the loss of quality control increases the risk to the end user unbeknownst to the end user, is addressable counterfeiting.

On the other side, unaddressable counterfeiting includes any product that the purchaser understands is not the real thing, and in most cases certainly not “even better than the real thing”. A refilled ink cartridge selling for 50% the cost of an authentic ink cartridge is one example. If the price is too good to be true, you can bet the product is too bad to be true. In today’s world of cutthroat pricing—where differences of 1-2% are discovered, recognized, and acted upon by buyers both economical and extravagant—cost differences of 20% or higher are hallmarks of counterfeited products.

The approaches we take to counterfeiting depend on the relative mix of addressable and unaddressable counterfeiting occurring in our supply chains. If the counterfeiting is unaddressable, the brand must continue to message the unique qualities offered by their product. Sophisticated target customers may own both a “Rolex” and a “Rolexxx”. If the counterfeiting is addressable, however, then the brand owner must use a multifaceted ecosystem of tactics to prevent, detect and respond to counterfeiting. This includes education of the right people in the supply chain, from manufacturer to consumer. It includes authentication of the individual product, if needed. It includes the investigation plan—how data is collected, retained, analyzed and acted upon. And finally, it includes how that data is used as evidence to take action against the appropriate set of counterfeiters.

The next blog will address these important anti-counterfeiting tactics: education, authentication, investigation and prosecution. For now, thanks for reading.

-Steve