Codentify

Codentify is the name of a product serialization system developed and patented back in 2005 by Philip Morris International (PMI) for the verification of authenticity and production volume, as well as supply chain control of tobacco products. In the production process, each cigarette package is marked with a unique visible code (also called “Codentify”), that allows authenticating the code against a central server.

In November 2010, PMI licensed this technology to its three main competitors, namely British American Tobacco (BAT), Imperial Tobacco Group (ITG), and Japan Tobacco International (JTI), and the four companies together formed the Digital Coding and Tracking Association (DCTA) which works to promote the system in order to replace governmental revenue stamps. Codentify was branded by its inventors as a “track & trace and product authentication technology”.

History
In July 2004, Phillip Morris International and the European Union had settled a 12-year-long legal dispute concerning cigarette smuggling allegations. PMI agreed to pay 1.25 Billion USD to the EU budget and its member states. In addition, PMI was legally obligated to mark its products with trackable serial codes. Agreements were subsequently signed with the other three major tobacco companies.

PMI's affiliate company, Philip Morris Products S.A. created and patented the Codentify system in 2005.

In late 2010, PMI licensed Codentify technology to its main competitors BAT, JTI, and ITG free of charge. The four companies, which together account for 71% of global cigarette sales (excluding China), agreed to use the PMI-developed system on all of their products to ensure “the adoption of a single industry standard, based on Codentify.” The Framework Convention on Tobacco Control (FCTC) immediately voiced concerns that “Codentify should never be used for tracking and tracing purposes as tracking and tracing provisions should be implemented under the strict control and management of governments.”

In 2011, the four companies formed the Digital Coding and Tracking Association (DCTA) to promote international standards and digital technologies to help governments fight smuggling, counterfeiting, and tax evasion. The association was officially launched in 2013.

According to the DCTA, around 12% of the global cigarette market is illicit, depriving national governments of more than US$40 billion a year in lost tax revenues and some say this is a serious underestimate. The agreements between the EU and the four major tobacco companies aim to stem the illicit trade of cigarettes, but some academics and the anti-tobacco movement have criticized it as a wholly inadequate deterrent. The EU has since not renewed this deal after MEPs complained that it was inappropriate for governments and tobacco companies to have such a deal.

Inexto
In June 2016 the DCTA announced that it transferred Codentify to Inexto, an affiliate of the French Group Impala. This was criticized by leading industry watchdogs such as the FCTC and academics such as Anna Gilmore, who is the director of the tobacco control research group at the University of Bath. She said that “Inexto could not be considered sufficiently independent from the tobacco industry". Martyn Day, Scottish National Party Member of Parliament, says while Codentify was sold "the new owner is merely a front company and that the system is still under the effective control of the tobacco firms". Other academics such as Luk Joossens, who is the advocacy officer of the Association of European Cancer Leagues, said the sale was “predictable” and that tobacco companies will now “pretend” that Codentify is no longer part of the tobacco industry. PMI have rebutted that “Inexto is fully independent from the tobacco industry."

Technology
The Codentify system is based on a machine-created, unique, human-readable multi-digit alphanumeric code that is printed directly onto every individual product during the manufacturing process. A double key encryption system, with separate central authority level and factory level encryption keys are stored on a respective server, allows for factory line production of a pre-defined number of Codentify codes that have been authorized by a central (e.g.: government) server.

The system-generated 12-digit variant of the code is described as pseudo-random, offering 3412 possible combinations. Data that is unique and attributed to each discrete item (product) is encrypted into the code such as the date and exact time of manufacture, machine count of the item, specific machine line of manufacture, brand, variant, pack size, pack type, destination market, and price.

Critics of this system have argued that this approach only allows for the verification of the code itself and not of the product the code is printed on; thereby leaving the potential for copying. A European Commission Assessment Report into Tracking and Tracing notes in section 5.1.2 that in addition to the Codentify code being easily copied, it also fails to link the cigarette packets to the master cases.

However, this critique fails to recognize that the system does allow for the recognition of copied codes when an illegitimate copy is queried. The system logic leverages geo-positioning data and will recognize if a code has been previously queried to highlight and notify that the item is suspect. Illegitimate products are invariably developed and replicated in significant numbers from a legitimate example. Once the system logic recognizes illegitimate code, it is able to notify the system authority that this code has been compromised and is no longer valid. Due to the pseudo-random encrypted design of Codentify, illegitimate parties cannot predict codes and therefore can either default to replication of one legitimate code, which the system will logically identify from duplicate queries and provide notification, or the generation of random illegitimate codes, which the system will immediately recognize. Given the geo-positioning data at the time of query, both illegitimate approaches provide legitimate authorities with important data on the suspect supply chain.

Furthermore, when the Codentify technology is coupled with aggregated data (parent-child packaging) and supply chain event tracking, the ability of the system to identify a suspect query is thereafter immediate. In essence, supply chain event tracking along the legitimate supply chain generates additional data encompassing that legitimate product’s specific provenance. Provenance that the illicit supply chain cannot replicate.

Criticism
Codentify has been the subject of harsh criticism as a tobacco industry-promoted system that is aimed at undermining public health efforts and is not capable of curbing the illicit trade of cigarettes. This criticism has come from some academics and pro-health groups, to include the WHO.

The WHO FCTC Protocol on the Elimination of the Illicit Trade in Tobacco products states in article 8, section 12 that tobacco tracking and regulation “shall not be performed by or delegated to the tobacco industry”. Today, the Codentify technology is under totally independent ownership and management, having no capitalistic or governance link to the tobacco industry, with application of a successor product (INEXTOR) that is now present across multiple industries outside of tobacco, to include beer, fine spirits, luxury goods, automotive parts, and pharmaceuticals.

Critics of the tobacco industry say Codentify is simply not good enough, “because it focuses too much on production and does not store product codes or track them.” However, the Codentify system does not require the storage of codes in the clear for security purposes (though it is capable to perform this task if specified by the central authority), as such mass storage of legitimate codes exposes them to potential compromise. The Codentify technology uses decryption processes to deliver authentication and validation of an item and is able to provide the item’s descriptive and unique attributes in parallel, with a near-instant response time.

Heavy criticism has also been launched at the factory-level keys the system uses to provide unique verification codes for the product. Since these secret keys are stored on company and government servers, abuse of privileges on this level would allow criminals to generate additional codes, which would appear to be genuine to the system. However, this criticism does not take into account that the central server keys are not shared with the manufacturer nor does it account for the dynamic and static key multi-level encryption method designed into the system, which jointly provide the legitimate authority with complete and secure control over the code authorization process.

The decentralized nature of the system the realities of imperfect connectivity across complex, cross-border supply chains by ensuring a central control and oversight of secure code generation within production environments whilst providing legitimate manufacturing assets continuity of production under parameters dictated by the central authority.

Action on Smoking and Health (ASH) described the system as a black box created by the tobacco industry that uses unsecured equipment that is vulnerable to code recycling. However, this criticism does not take into account that: (i) codes can only be legitimized by the central authority server, (ii) the algorithm and both static and dynamic keys remain secret to and under strict control of the central authority, (iii) the method applied in the generation of the codes is patented and therefore visible by the public. Under this strict control regime, illegitimate creation of codes is not possible. Illicit techniques such as “code recycling”, using codes of products rejected in quality control, “code cloning”, printing the same code on multiple products, and “code migration”, reprinting codes used in one country elsewhere, allowing the reuse of genuine codes multiple times, are therefore rendered obsolete and defeated by this multi-layer encryption method.

Philip Morris has been accused, via its South American subsidiary Massalin Particulares, of using bribery and extortion to implement Codentify and Inexto in Argentina.

“The directors, managers, and legal representatives of PMI and its Argentine subsidiary Massalin Particulares S.R.L. (MP) are being investigated within the framework of a criminal case in federal court…,” Attorney Alejandro Sánchez Kalbermatten wrote in a 2017 letter to the Security and Exchange Commission in the United States.

A decision by the Federal Court of Argentina overseeing the case concluded that the plaintiff, Attorney Alejandro Sánchez Kalbermatten, had no standing and that material facts did not substantiate the accusations made in the complaint. As a consequence, the case No.17.766/2016 was fully dismissed on September 28, 2017.