The government and industry have a made a couple of moves within the past two weeks in the interest of protecting the supply chain: UPS is requiring ID before shipping products from retail outlets; and the US government has seized more than 80 Websites found trafficking in counterfeit goods. Neither is a permanent solution to the fundamental problems in the supply chain, and the application of technology would enhance them both immeasurably. (See: Cargo Security Measures Expanded.)
Requiring ID enables shippers — in this case, UPS — to compare the identification against “watch lists” similar to those used by airport security. UPS didn't indicate if this was the intent of the measure, but doing so would make sense. The biggest flaw in the plan, as EBN readers point out, is the ability to fake IDs. The technology exists that would make IDs more difficult to fake: fingerprint scans; facial recognition; embedded microchips; holograms; RFID; and microscopic materials are just a few of the techniques being used in other applications today.
The problem is, most of these solutions are used in a “closed loop” — within the four walls of a company or organization — or suffer from a lack of standards. Does your company's ID card work at a major customer's site? As another example, let's say Company A, a supplier to Company B, uses microchips to ID its products. Company B uses RFID to ID its subassemblies. The end-customer, Company C, has to be able to verify the microchips and the RFID tags to thwart counterfeiting, but uses bar-codes to track its own products. See the problem?
In terms of personal ID — within the US alone — widely used identification like drivers' licenses differ from state to state. Right now, states use social security numbers and/or random numeric codes to match licenses with people. Photo IDs are eyeballed by clerks and security personnel. Automated verification would require one uniform ID and technology for nationwide use. Unless the US government mandates that and pays for it, that's not going to happen anytime soon.
Anyone with a computer and an Internet link knows shutting down a Website is a temporary measure at best. Just before the so-called Cyber Monday, the US Immigration and Customs Enforcement (ICE) executed seizure orders against 82 domain names of commercial Websites engaged in the illegal sale and distribution of counterfeit goods and copyrighted works. The move was part of Operation in Our Sites v. 2.0, an ongoing investigation.
The operation targeted online retailers of a diverse array of counterfeit goods, including sports equipment, shoes, handbags, athletic apparel, and sunglasses as well as illegal copies of copyrighted DVD boxed sets, music, and software. During the course of the operation, federal law enforcement agents made undercover purchases from online retailers suspected of selling counterfeit goods. In many instances, the goods were shipped directly into the United States from suppliers in other countries using international express mail. (Would UPS's ID policy have helped here?) If the goods were confirmed as counterfeit or otherwise illegal, seizure orders for the domain names of the Websites that sold the goods were obtained from US judges. Individuals attempting to reach one of the Websites will now find a banner notifying them that the domain name of that Website has been seized by federal authorities.
The same technologies mentioned above can be used to identify and track authentic items. Additionally, there are hundreds of solutions for monitoring Web traffic inside and outside of governments and businesses that could be applied to internation online commerce. Again, the expense and red tape make this practically a fantasy — not to mention the legal implications.
But if government and industry were to apply the money spent on closed-loop systems and Website stings to cooperate on a single standard that combines technology and practices, the security possibilities are endless. In the meantime, let's hope Band-Aid solutions like ID and site seizures help stanch some of the bleeding.