As the head of the Vulnerability Assessment Team at the famed Los Alamos National Laboratories, Roger Johnston has seen every tampering and anti-tampering scheme imaginable, with tamperers taking aim at products as large as freighter cargo and as small as pill bottles.
The news is not good for industry. Johnstons team did some tampering of its own with over 200 products, including many drug products, and was able to defeat them all, using fairly low-tech methods, in less than an hour.
In this PharmaManufacturing.com exclusive, Q & A, Johnston says the drug industry has its work cut out for it in tamper-proofing its precious products, and RFID, covert tags, and expensive programs arent the answer. Whats more, FDA needs to do a lot more than it is right now.
Johnston also details one strategy, the CNT ("Call In the Numeric Token") technique, that he believes firms need to be using.PM: You say existing tamper-evident packaging, in all industries, isn't effective. Why not?RJ: To a considerable extent, tamper detection is an unsolved problem. Tamper detection is a field that is over 7000 years old, yet it is very poorly understood and has not received the research and development attention it deserves. In my view, manufacturers who use tamper-evident packaging do it primarily as a compliance measure (as with OTC pharmaceuticals), as a show of good faith to consumers, and/or as a cost-effective way to reduce jury awards should product tampering occur. Effective tamper detection doesn't really seem to be the goal, or else we would see far better designs for tamper-evident packaging.PM: Just how effective are most drug manufacturers' anti-tampering safeguards?RJ: Most or all tamper-evident packaging for pharmaceuticals can be quickly defeated by almost anyone who has just a little bit of skill with his or her hands, or at least some patience and resourcefulness. (Tamper-evident packaging is "defeated" when the package, bottle, or container has been opened, then reclosed, without the unauthorized access being detected by the end-user, typically the consumer.) About the best we can say at this point is that defeating thousands of drug containers would be boring to do, but not difficult or particularly time-consuming.PM: What are the most common failings of anti-tampering strategies for pharmaceuticals? Why can they be defeated so quickly?RJ:
The news is not good for industry. Johnstons team did some tampering of its own with over 200 products, including many drug products, and was able to defeat them all, using fairly low-tech methods, in less than an hour.
In this PharmaManufacturing.com exclusive, Q & A, Johnston says the drug industry has its work cut out for it in tamper-proofing its precious products, and RFID, covert tags, and expensive programs arent the answer. Whats more, FDA needs to do a lot more than it is right now.
Johnston also details one strategy, the CNT ("Call In the Numeric Token") technique, that he believes firms need to be using.PM: You say existing tamper-evident packaging, in all industries, isn't effective. Why not?RJ: To a considerable extent, tamper detection is an unsolved problem. Tamper detection is a field that is over 7000 years old, yet it is very poorly understood and has not received the research and development attention it deserves. In my view, manufacturers who use tamper-evident packaging do it primarily as a compliance measure (as with OTC pharmaceuticals), as a show of good faith to consumers, and/or as a cost-effective way to reduce jury awards should product tampering occur. Effective tamper detection doesn't really seem to be the goal, or else we would see far better designs for tamper-evident packaging.PM: Just how effective are most drug manufacturers' anti-tampering safeguards?RJ: Most or all tamper-evident packaging for pharmaceuticals can be quickly defeated by almost anyone who has just a little bit of skill with his or her hands, or at least some patience and resourcefulness. (Tamper-evident packaging is "defeated" when the package, bottle, or container has been opened, then reclosed, without the unauthorized access being detected by the end-user, typically the consumer.) About the best we can say at this point is that defeating thousands of drug containers would be boring to do, but not difficult or particularly time-consuming.PM: What are the most common failings of anti-tampering strategies for pharmaceuticals? Why can they be defeated so quickly?RJ:
- The designs are unimaginative.
- The designs (understandably) must be very inexpensive.
- The designs (understandably) cannot appreciably get in the way of the consumer being able to open the container without a lot of fumbling around.
- The designs have not, in most cases, been subject to a serious vulnerability assessment(VA) by qualified personnel (or even by someone just trying to be resourceful). In the rare cases when a VA is undertaken, it is usually done by packaging (not security) personnel within the company -- sometimes the very people who developed the tamper-evident packaging -- and/or is done under the assumption that potential tamperers are stupid. This is not conducive to producing a good tamper-indicating seal.
- The notification to the consumer that tamper-evident packaging is in place is often written right on the seal. When the seal is removed by a tamperer, the consumer may not think to look for signs of tampering. Packaging and bottles need much more blatant indicators that are not removed when the seal is removed, and not hidden in tiny lettering somewhere on the package or bottle. Manufacturers understandably do not want their product linked with tampering in the minds of their customers, but unless the tamper-indicating features are more openly flagged on the product, effective tamper-detection by consumers is unlikely.
- While it's not so much a problem for pharmaceuticals, food manufacturers like to talk about having a "freshness seal." The use of such euphemisms is not helpful.
- The FDA, which must approve OTC tamper-evident packaging, does not appear to have a sophisticated definition for tamper-evident packaging, nor a meaningful standard for evaluating it. (On the other hand, it is not at all clear what such a standard should look like.)
- Product tampering with drugs, fortunately, has not been a large-scale recent problem, so there is very little incentive to try to deal effectively with the threat.
- A tamperer does not need to remove the seal to tamper with most containers. The bottles or containers themselves need better tamper-detection capabilities.
- Over-reliance on adhesives creates a lot of the vulnerabilities.
- I believe the FDA (or DHS or NIH) needs to be funding or otherwise supporting research and development on better tamper-indicating and anti-counterfeiting techniques and technologies.
- For anti-counterfeiting, I believe that the FDA's current love affair with RFIDs needs to be redirected towards the true issue: effective track and trace. RFID is just a tool for making track and trace feasible; it is not the essence of the anti-counterfeiting approach. Track and trace also needs to occur all the way down to the consumer, perhaps using something like a CNT technique; otherwise, counterfeiters will just shift their level of operation, and consumers will continue to get dangerous counterfeits.
- I think the FDA needs to forget about covert tags and fancy taggants. Secrecy is not a viable long-term security strategy, especially for consumer products that are released in enormous quantities to the public. Besides, pharmaceuticals already contain an almost unspoofable tag: their trace contaminants. More effort should be devoted to developing inexpensive, rapid, easy-to-use analytical methods (perhaps even for field use) to uniquely identify drugs.
- Criminal penalties for making or dealing in fake drugs are not severe enough.