Mobile Platform As A Unique Global Tool
Here is my keynote which I delivered at the Pharma Security World 2019 conference in London. I have edited and woven together my pre-event thoughts and notes with the presentation slides, transcript and knowledge gleaned whilst listening to the other speakers.
The slide deck can be downloaded for free, and hassle-free, no need to include an email address or create an account.
I chose to speak on a broad topic, with scope to step back and view the spiderweb of brand protection, anti-counterfeiting, supply-chain management and technology through the lens of the pharma industry. Attempting to understand the technology in isolation would not reflect the real-world implications and potential to create a digitally integrated brand protection strategy. As I later discuss, technology is merely a facilitator of efficiency in brand protection, technology is important for scale and reducing complexity, however this comes with its’ own overhead. Pharma is an industry with highly complex, global supply-chains facing immense product security issues, including theft, product diversion and counterfeiting, amongst others.
“Thank you. Over the past 2 days I have learnt a lot and a lot of the stuff I planned to talk about has been covered, I might skip over some slides fairly quick. I help brand owners define their brand protection strategy, dealing with physical products and digital content. Let’s start.”
Contents & Overview
“We are going to start off talking about the actual branding side and how that links with all of the different technologies and we are going to try keeping these altogether, as an integrated digital solution.”
Branding – why is it important for pharma? A brand is not a trade mark, a symbol or a logo. The concept of branding is intrinsically linked with trust, it is the trusted brand a consumer turns to when making a purchasing decision – this is amplified when we call the consumer a patient and the product medicine. Counterfeit drugs cost lives.
No one single technological solution is about to end the trade in counterfeit drugs in the next 5 years. That is the unfortunate reality. Technology, applied properly, can help pharma align with its core – humanity and compassion. Health is indivisible. The most at-risk regions are already the most vulnerable. Up to 2 billion people do not have access to the medicines they need, mainly in Africa, Asia and Latin America.
Technology, applied properly, can help pharma align with its core – humanity and compassion.
“Starting with infrastructure, this will briefly cover cloud technologies. They got a bit of bad press earlier and we will talk about some of the limitations they have. We are going to talk about blockchain then move on to artificial intelligence, cover some of those applications and how they can help reduce costs and also be used in law enforcement. Track & trace we will probably skip over a lot of it as it has been very well covered over the last 2 days. Verification we are going to quickly touch on. Then come onto integration. Then finish up with online strategies to remove infringements. There has been a bit of talk about online pharmacies and the issues they cause, we are going to talk about some online enforcement tactics, what we can actually do to shut-down the illicit pharmacies, how we can tackle them and how we can use technology to equip field investigators, who remain essential to anti-counterfeiting.”
Understanding the limitations of each technology, whether its blockchain or any other, is the only way to ensure security through-out the entire supply-chain. From data breaches to social engineering to state-sponsored hacking, the more connected we are, the more susceptible we become. Security does not work in isolation. It’s the understanding of the limitations that enable us to combine all of the new techs, into a package which maximizes the overall impact of each technology in implementing a successful anti-counterfeiting program. With considered anti-counterfeiting planning and implementation, from manufacture to dispensing, the legitimate supply of medicines can crowd-out counterfeits, technological innovation can drive research costs lower, getting drugs to market quicker, deliver the medicines people need faster, and more reliably, denying the space for counterfeits to exploit.
Health At Heart
“The first thing I do when starting with a new customer I ask them what their brand is about, what it represents. With healthcare, it is very obvious what it is and has been covered – always putting patient first and safety. Once you can understand that you can then start to define your brand protection strategy and where you want to tackle. It is about understanding what you are trying to do and then build the strategy around that.”
“In pharma, technology is a pervasive facilitator in delivering healthcare outcomes, but it should not be the main focus. You need to be careful to bear in mind what you need, what would help, what can be hired out to do, what can be brought in house and the security risks around that. It is about bringing all of these technology solutions into one single package that will help. It doesn’t mean you have to develop or buy whatever new technology is out there or sign a high-value contract with a solution provider, you have to carefully think about what is needed and what will deliver value.”
“Moving on to infrastructure, cloud technology is something talked about earlier, getting some bad coverage from a few speakers, describing the cloud as ‘just outsourcing all of your information to someone else’s computer hoping you can trust them’.” This argument is the equivalent of storing all of your money under the bed. “Not sure if anyone saw yesterday Google’s new announcement about Stadia, anyone see that, no, ok I’ll use the example anyway. It’s a new gaming platform Google are building, basically, on an old computer you can have double the computing power of the latest generation gaming consoles. That’s a video gaming example but it shows the power you can have if you leverage cloud technology.”
The data that you collect, you may have it in the most secure vault ever but it’s no use to anyone there, locked away, if the data is not being used.
“You can have, all of the power transmitted back to a device in your hand or your computer, imagine the power field investigators can have out in the field. That is the importance of it. The data that you collect, you may have it in the most secure vault ever but it’s no use to anyone there, locked away, if the data is not being used. It’s about sharing it and leveraging the power of the insights drawn from the data. That really shows the power of the cloud, it’s also very scalable. Obviously (the cloud) needs to be thought of in terms of your own risk, security and protocols.”
“Coming onto blockchain, which works very differently. The key is in creating immutable, sequential distributed ledger.”
I planned to discuss blockchain implementations with track & trace. But given the abundance of track & trace and serialization information given by other speakers, I double-downed on the risk assessment that the pharma industry should consider when talking to blockchain focused solution providers. Blockchain technology will have much wider use than it does today and has many more use-cases than cryptocurrencies (or cryptoassets, as now commonly referred to), however it is not the answer to all questions. Creating immutable, sequential distributed ledger, creating an audit trial and a decentralised system sounds perfect for implementation with track & trace solutions. In many ways it is. However, blockchain is not perfect, it is not an anti-counterfeiting silver bullet.
“Because blockchain is decentralised people say it’s secure. This is not true. What it means is blockchain has a different risk profile to a centralised system. One of the risks of having a decentralised system means it is susceptible to hijacking from the inside. If enough of the users have gathered together, they can attack the integrity of the data recorded on the blockchain.”
Because blockchain is decentralised people say it’s secure. This is not true. What it means is blockchain has a different risk profile
One of the speakers – Dr Abdullah Albeyatti – described in great depth how ‘51% attacks’ work, or are theorised to work in practice. There are some fantastic pieces on Medium – equally frightening and informative discussing the inner workings of such attacks.
“If you just want a database, lots of people say put it on the blockchain, but that is just using blockchain to say you use blockchain, and is more difficult than connecting to a secure database in the cloud. If you need another layer of security, you can hash files. You need to make sure you are using the right technology. Blockchain given its transactional nature can have an unlimited amount of people adding to the blockchain, for a public blockchain. That is where the real benefit comes from. Although, one of the theoretical risks is the actual size a blockchain can get to before there are security concerns. This is something that has been theorised but hasn’t been tested, so whether you want to take that risk or not is something to consider.”
“Social engineering is always a problem there and how secure the actual devices which are being connected. The endpoints are as important as the actual blockchain itself, if they are not secure through whatever means, then the data recorded on the blockchain or in the cloud is unreliable. You need to make sure all of the endpoints are covered.”
“Up next, Artificial Intelligence. AI relies on data, for pharma, and healthcare more generally, this means these industries can feast. Healthcare related data is estimated to be 30% of world data generated. Through trials, testing, patient records etc, everything in its entirety is estimated 30%, a huge amount. With that you can really leverage AI to see trends into that data. And see where we can do different thing. One of the main use cases being talked about is identifying good areas for new drug research, this will save money at the manufacturing stage and reduce costs when innovators introduce new drugs into market. That is important because access is one of the best ways to reduce counterfeit issues, whether it’s in legitimate supply-chain or illegitimate supply-chain. If there is product out there, everywhere, everyone has access at a reasonable price – that is the biggest way to get people away from buying counterfeit products. We still have issues, it’s not a way of solving things completely. It is the best way, proven through physical products and digital content. Having good mechanisms of getting out, products that people can access in a reasonable timeframe is the best way to reduce illicit trades.”
If there is product out there, everywhere, everyone has access at a reasonable price – that is the biggest way to get people away from buying counterfeit products.
“The other point with AI that I wanted to touch upon quickly was about law enforcement. Let me give an example. A minor civil offence, J-walking in certain cities, can be picked up by security cameras, identifies the people through AI-powered image recognition, connects to central database which links to a person’s social media account and automatically applies the fine through their connected electronic payment processor. Many of us might think that is overstepping the boundaries of what law enforcement should do, but it shows artificial intelligence, facial recognition, these things are becoming more and more powerful, these things can be used in different way. We are not going to have harmonised rules on these areas throughout the world, every country will have their own ways of implementing this into law enforcement, whether minor civil infractions or with criminal activity in how it’s applied. So you need to be really careful and bear in mind the power AI can bring and how best to utilise.”
Track & Trace
“Track & trace has been covered a lot in terms of the new directive and regulations. That it focuses on the legitimate supply-chain, which is very important to crowd-out the counterfeits from the legitimate supply-chain. But then, as we know, the criminals shift to illegitimate channels to circumvent track & trace and serialization. So once they are crowded out from there you need to target the illicit channels. So it is not which one is more important, it is how we can tackle all of them together.”
consumer shifting the burden of verifying drugs to end-users is not a reliable, or fair means of counterfeit detection
The Falsified Medicines Directive had been discussed in great depth and how it interacted with regulations from other countries, including USA, Turkey, China, South Korea, India, Russia and Brazil. I wanted to unpack a few points. Firstly, consumer shifting the burden of verifying drugs to end-users is not a reliable, or fair means of counterfeit detection. With the EU approach being almost all prescription drugs needing to be scanned when dispensed, this seemingly avoids the end-user shifting issue. However, non-prescription drugs are often counterfeited or falsified, both branded and generic. Also, scanning the outer packaging doesn’t verify each tablet – therefore track & trace must be combined with secure packaging, or it is entirely useless. Secure or tamper-evident packaging needs to be robust as counterfeiters will try to replicate. Secure packing has many different implementations, ideally a mix of overt and covert technologies would be applied. This creates an interoperability issue, and an obvious cost issue too. Full track & trace solutions are extremely difficult to implement, given the number of players and standards which apply when trading internationally. Point of dispensing checks are useful as a stepping stone, whilst full scale track & trace should firmly remain the target.
Full track & trace solutions are extremely difficult to implement
In terms of scanning tech, traditional barcodes and QR codes require direct reading by optical scanners, in practice this means if I had a drug packet in my hand, a secure mobile app could scan the QR and tell me instantly whether the code is identifying the product in my hand. Scanning at this level is largely a solved issue, combine existing technologies with secure devices, quality tamper-evident packaging and IT security measures – the costs for counterfeiters start to get unfeasibly high to replicate. Scanning individual cartons within a batch suffers from obvious efficiency issues. Aggregation aids efficiency, but regulations on aggregation are not harmonised, limiting this method.
RFID tags do not require direct optical scanning and therefore can be used to solve this issue, they are more expensive than QR codes and obviously cannot be printed, therefore increasing complexity into the packaging of the products. But, RFID tags still have a way to go before wholesale implementation, given they can suffer from signal interference and damage in transit, rendering the tracking ineffectual. Mixing optical tags such as QR codes and RFID chips is optimal, cost permitting.
But, RFID tags still have a way to go before wholesale implementation
Tracking technology is again, making great strides forward, in terms of miniaturisation, security and reliably. Other new tracking technologies include ultra wide-band RTLS or Bluetooth based solutions. As with packaging, an interoperable mix would be the ideal solution. With costs rapidly decreasing, security and reliability increasing, full track & trace is becoming increasingly viable, with global regulatory and cultural differences becoming the biggest obstacle.
The elephant in the room with track & trace is when consumers deliberately go outside the legitimate supply-chain.
The elephant in the room with track & trace is when consumers deliberately go outside the legitimate supply-chain. The massive growth in online pharmacies, pseudo Canadian-pharmacies selling to US customers for example. In these areas counterfeit and dangerous drugs will remain prevalent after the implementation of FMD and the equivalent US track & trace system. Drugs obtained through these channels is still a major problem that requires careful anti-counterfeiting policies to tackle.
My only advice for giving presentations, is to include at least one cat!
“Then we come to verification. There has been a lot of people talking about what is and what isn’t verification and actually testing the products. With pharmaceuticals, they need to be tested in a lab environment that can take long. But there are new technologies which can digitally scan or you can use minilabs which will give you, to a high degree accuracy, obviously more testing is needed, but it does provide good assurance out in the field. This can enable law enforcement to be alerted quickly, enabling them to go in seize the counterfeit items out of that market as quickly as possible. We’ve seen pictures of some nice fancy labs but you can’t just send pharmaceutical products across the world so quickly, given the regulated nature of them. So there needs to be ways for field investigators to take action.”
“Next up integration, estimated 26 billion connected internet of things devices by 2020, with economic value of 11 trillion. That is huge. So when people say we shouldn’t be using these devices or sharing our personal data with technology companies, or the cloud to sync our experience across devices, it doesn’t reflect what is happening, it’s happening, people are doing it, I’m sure there are people here with smartwatches and have Alexa type devices at home.”
“People are using these things more and more. Health apps are one of the biggest and most important categories on wearables. Connected with fitness tracking, monitoring things such as diabetes are good examples of people using wearable devices to monitor their health, blood sugar levels and then it can alert them when they need their insulin injections. The opportunity with this is, connecting the technology people are already using and the health. And a lesson pharma can learn from, to say, if people are already using health apps, we can combine and build on top of for other purposes, including anti-counterfeiting.”
“Just having an app that scans a device or product to say ‘I verify this comes from where it says it is’ – no one will download this app. People spend all days looking at their phones, but are very selective about which apps they put on their phone, they don’t want a one-time app when they collect medicine from a pharmacists. But if they are already using a smartwatch that is tracking fitness, and has other health data on there, they can then apply such technology, fed in with verification. It doesn’t need to be separated, but included, bundled into existing applications / devices that are already being used in similar use-cases. Combining them altogether, that is how we can deliver a fully integrated approach.”
People spend all days looking at their phones, but are very selective about which apps they put on their phone
“Pharma needs to identify which areas would be good for patients to have more understanding with and for them to take more control over their own personal privacy, in the way they share their data and which healthcare providers they share with. At the moment, we sort of just click yes to everything, I think in future we will move away from that approach and start to really think about who we share our data with and actually want to see that full chain of who they share their data with. The entire supply-chain of their data, that is coming in and more and more regulation to the big advertising companies, digital advertising companies, we are talking Google and Facebook that have their business model based on advertising.”
The commoditisation of healthcare data is leading us forward to integration
“China is already mobile-led, smartphone and wearable devices. Other countries will move towards that approach, including voice-activated devices. As people become more familiar with the internet it has been use for more and more things, at the start it was ‘who would buy from the internet now people do this all the time with their details saved on Amazon and by their browser, saved in multiple online locations already. Taking that a step forward with voice activated commands, you start to feel ill, you launch your voice-activated device, there are already applications specifically for this, to connect you to proper health advice, rather than an open internet search given the dangers that presents. Some of these are doing risk ratings, at a certain level you will be connected to an actual medical professional, who can provide proper professional advice and even prescriptions! Rather than reading about illnesses from forums. The commoditisation of healthcare data is leading us forward to integration.”
The point above links beautifully with Amazon’s purchase of PillPeck and their subsequent marketing. You can imagine lying in bed feeling ill, using your gruff voice to fire-up Alexa which still recognises you, detail your symptoms, get connected to a specific app on the Alexa device to handle the medical query, the automated-AI-led risk assessment then arranges an online appointment with a doctor, who issues a prescription, which then connects seamlessly to PillPeek who immediately dispense and post your medication, charged via your Amazon account. All without leaving the comfort of your bed – genius when you are feeling ill.
“Last up, we have opportunities! Technology can help plug the gaps that criminals exploit. Organised crime groups are better at identifying gaps in the market than and are more agile, faster to react to exploit gaps. Through technology, this can help prevent this. Law enforcement see an issue, report on it, make a procedure to deal with it, and then try to actually deal with the issue post-fact. We need to get to the point where data is used to see the trends early, put processes in place to tackle. Detecting and resolving criminality early is vital, once the criminals start to realise the financial potential of the new endeavour they becomes professionalised and deep-rooted.”
brands, they need to build social legitimacy
“Also, with brands, they need to build social legitimacy, this is where it comes to tackling online pharmacies selling online counterfeits. Many things we can do disrupt the networks as lots of the online pharmacies are connected and linked to organised crime. It needs tackling in both physical world and digital world.”
Criminals are opportunists, without regard for the risks they are taking with other people’s lives. They step-in when they can undercut legitimate business, through not complying with regulation, or by underdosing active ingredients to cut costs. Not only do counterfeit drugs kill people, but drugs without the correct, tested level of ingredients can promote antimicrobial resistance, a public health concern – further fuelling the trade in counterfeit drugs and draining R&D budgets. To get to the root we need to assess the entire supply-chain and see both how and why organised crime groups are targeting pharma. Human investigative approaches will still be fundamental to any well-designed anti-counterfeiting program.
Online you need to understand the underlying infrastructure supporting the website.
Visibility Of Counterfeit Medicines
You have the visibility of the website, how people are finding these online unauthorised pharmacies and medicines, generally through search engines. Or it’s through social media, that is a huge one – Facebook posts that are worded ‘5 tips to help you lose 20lbs in 2 weeks’, we’ve all seen those, you click on them, then they follow through to selling products, weight-loss drugs, counterfeit drugs, unsafe products, or sometimes just sugar pills.
Lots of these ads target what people are looking for on social media already. Social media platforms have automated filters for this, preventing and removing posts before ever reaching users, but there is still the issue of criminals adapting, as a mentioned above, to hide the counterfeit drugs behind a normal social media activity. Criminals adapt. The reach of Facebook is very desirable to criminals, so the criminals will continue to use the platform whilst there remains profit to be made.
Online Pharmacies Takedowns
Then the actual websites, the online pharmacies, seeing how they work, seeing the intermediaries behind them, in terms of technical intermediaries – talking about hosting providers, registrars, registry operators etc. and also the payment intermediaries i.e. PayPal, Visa, MasterCard. All of these can be notified and will block services, given the right evidence is provided. This is possible. The website operators will still find other ways of accepting payment, Bitcoin etc. But if you stop the main, credible ways, people who might be confused, thinking this looks sort of legitimate, they will think twice. If the only way a customer can pay is Bitcoin or Ethereum customers will start to think ‘this is maybe not something I should be doing’. It’s a great indicator to customers, that the online pharmacy is not a proper channel, somewhere they should be obtaining medicines, for any purpose.
In 2018 the European Commission released their inaugural ‘Counterfeit and Piracy Watch List’. This included a section about intermediaries who facilitate the online pharmacies and how the websites are actually groups of websites, which link back to organised crime. Whilst the online pharmacies remain resilient, they can be disrupted and forced toward using a few select irresponsible service providers. This enables targeted legal action aimed at the irresponsible service providers, reducing the regulatory gaps for the criminals to operate in.
Please visit the World Health Organisation for more information relating to counterfeit medicines. https://www.who.int/medicines/publications/counterfeitguidelines/en/