Bellow is one of the more insightful replies I have received in recent weeks.
Thanks Peter for taking the time to write.
One of the best investigative articles I’ve read on the topic of the Codentify scheme is the article written by Luk Joosens and Anna B Gilmore: http://tobaccocontrol.bmj.com/content/23/e1/e3.full#aff-1
I really recommend reading it fully, yet there are some parts I would like to address specifically because I personally think it’s amazing how they mentioned the EXACT SAME FLAWS confirmed by the words of the tobacco industry’s whistle-blower that hase decided to come forward through your blog.
The article describes that Codentify does not comply with universal standards:
1. “Codentify cannot determine whether a product subsequently enters an illegal distribution route.”
2. “Article 8.10 of the ITP specifically requires the tracking and tracing system to deliver information up to the point that all duties and relevant taxes have been discharged. A database which registers data on the product throughout its supply chain is therefore required. Codentify does not meet these standards because it does not store the codes or register events after the product is manufactured.”
That’s EXACTLY what the factory’s ex-employee stated:
1. “The code is only linked back to the factory and has no way of tracking pallet box number of transfer routes.”
2. (** no track no trace quote **)
The article also elaborates on the danger of replacing governmental tax-stamps by industry’s self-regulation:
“Replacing tax stamps with Codentify would require delegating the power and technology for tax collection from government to an industry that could and has obviously benefitted from non-payment of tobacco excise.”
Reminding us that the industry potentially PROFITS from tax avoidance. So why would it invest efforts in tax-verification? Yet again, this is EXACTLY what our man says in the video:
1. “Why Codentify doesn’t store codes? Every security feature leads to additional costs, tobacco companies decided the system is good enough with these flaws.”
2. “All the disadvantages of Codentify I’ve specified, were because of the interests of the Tobacco lobby. Programmers will do whatever you pay them to do, if they were paid to ensure product’s security – They would have done it.”
But the thing is, even though this paper is very thorough, it is basically THEORETICAL. It was limited by the information provided by the industry. Therefore, IN THEORY, it must at least assume tobacco companies are doing a decent job at complying with their own requirements, at providing the minimal level of security to their own interests. But in the REAL LIFE as it is brought in the video, this isn’t the case:
1. For example, that the REAL LIFE FACTORIES are less protected than a candy store: “Security measures INSIDE the factory!? In my factory, if you were wearing a buttoned shirt, workers would think “he’s probably somebody important” and gain you access practically anywhere…”
2. Or the fact that a disconnected code generator might produce for an ENTIRE WEEK without reporting back (and don’t get me started talking about them using the most vulnerable IT settings): “Yes. Code generator can work for an entire WEEK without reporting back the number… The IT sets the limit on when to report back. It’s just an SQL query, sent from a standard Windows computer…
3. And of course my personal favorite, just to remind you who are the REAL TOBACCO MANAGERS we’re dealing with: “as a manager IT the bosses used to tell me “If you stop the production, you die”