Thursday, May 31, 2007

How Good Are the Counterfeiters, Really?

This recent
article in BusinessWeek contains a lot of data we've blogged about here already - but leads with an intriguing sub-headline: "
Faced with a tidal wave of counterfeit goods, companies are turning to secretive sci-fi technology. But crooks catch on fast". This raises a good question: how quickly do counterfeiters really copy or beat new technologies?

"The half-life of a security system is a year or six months before someone is nipping at your heels," says the director of business development for JDS Uniphase Corp.'s Flex Products Group (which makes color shifting inks, such as those used in banknotes) in this article. Doesn't it seem like the security industry is doing itself a dis-service by making sweeping statements about how vulnerable solutions are. Where's the data?

The answer is: no-one really knows. But where there's evidence, it's not overwhelming that the counterfeiters are that good. The best public example is the multiple iterations of fake holograms on counterfeit Guilin
artesunate ... they are somewhat convincing, but by no means perfect. The trained eye can spot them. We've seen a lot of fake holograms, and when compared to the original, it's usually possible to spot the fake. The latest holograms with advanced features - such as those from Kurz or DuPont - have yet to be copied at all convincingly. Nanotechnology is certainly extremely hard to fake .(but it's also impossible to check for ordinary users). The point is ... it doesn't have to be perfect to fool most ordinary consumers, only good enough.

The BusinessWeek article rightly makes a lot out of the emergence of unique, encrypted codes, such as those proposed by AstraZeneca for Nexium. These have the advantage of being unique at the unit level, and databases can easily determine whether a code has been copied and read before. However, it pays to be precise when talking about them. While the article quotes
AstraZeneca's director of product security as saying: "We believe [the numbers] cannot be copied," this is either a misquote or misleading. The numbers themselves are trivial to copy ... what cannot be done is (one hopes) generate valid numbers without having to collect and copy thousands of valid numbers. By combining codes with other features on the packaging - AstraZeneca should be able to deter, diminish and measure counterfeiting.

The appearance of unique codes on products is a very good thing... as long as they are thoughtfully deployed and very securely generated. There are already too many broad-brush statements made about the size of the counterfeiting problem which is understandable given the paucity of data collection; however, the industry should strive for more accuracy when talking about the strength (or weakness) of countermeasures.