An Experiment in vial behiaviour
I am only the sales guy….I’m not responsible. Sounds familiar. We wonder if CSIRO will attempt a similar defence of its unconscionable participation in such a “vial” deceit by claiming that it was the spin-off rather than the CSIRO own willful actions that resulted in such a catastrophic breach of trust! We suspect so!
- April 11, 2013
Linton Besser and Nicky Phillips
A high-tech CSIRO spin-off company was so desperate for cash it crossed the line.
Things had not been going well for DataTraceDNA until a glimmer of hope appeared in 2006.
In November that year, the firm signed a deal with a Las Vegas gaming company called VendingData Corporation, which wanted to protect its casino chips from being counterfeited. By embedding DataTrace’s invisible forensic marker into the chips, a technology made using a ”trade secret” method, the chips could be scanned by casino staff at the cashier to ensure they were were genuine.
For DataTrace, the deal meant some much-needed revenue. And for VendingData, the deal meant peace of mind. It had just bought anti-counterfeit technology from one of Australia’s most respected national brands – the Commonwealth Scientific and Industrial Research Organisation. Not only was DataTrace’s key technology a CSIRO invention, but Australia’s peak scientific body owned half the company. VendingData made it clear to the market that it did the deal because ”the patented inventions are owned by a national government statutory authority”.
With the money from the casino-chip deal in mind, DataTrace and its CSIRO partners began casting about for another similar deal in what is known as the ”high-security” field – protecting documents, currencies or highly sensitive components.
So when DataTrace landed a five-year contract with one of the world’s biggest companies, it should have been a landmark moment for that firm and for the CSIRO. Instead, the contract it signed with Novartis, a Swiss global pharmaceutical firm, was built on a falsehood. The effect was that today, hundreds of millions of vials of injectable the anti-inflammatory Voltaren are potentially at risk of being counterfeited – worldwide. The once-secret deal raises questions about the conduct of the company and CSIRO management. Chief among them are: Was the deception of Novartis a singular and discrete mistake? Or was it emblematic of an organisation in crisis?
The breakthrough came in 2004. A team at the CSIRO discovered micro-particles of phosphor that carry a luminant pigment easily detected with a spectrometer. In essence, what they had found was an invisible, forensic marker because different phosphor formulas emitt different light frequencies. Officials immediately recognised the commercial possibilities. With a portable spectrometer at the far end of a supply chain, the phosphor-based ”tracer” could be used in stock and batch control for bulk products such as cement, timber and paint. It could even be used to authenticate explosives.
In August 2005, it set up a joint venture with DataDot Technology, a small public company that already sold authentication products for the motor-vehicle market. Initially, the CSIRO hoped the real money-spinner would be found in the resources sector, and it held talks with companies, including Rio Tinto. DataTrace tried to persuade several companies that it could help sort purer iron ore from contaminate and solve other similar problems. To pitch the idea and to test it, DataTrace bought several kilos of bulk lamp phosphor from a supplier to the lighting industry, DaMing Phosphor, in Hangzhou, China.
But the mining deals never went ahead and the Chinese phosphor sat in white jars stored at DataDot’s headquarters in Frenchs Forest in Sydney.
In March 2006, it secured its first customer – a plastics manufacturer – and then in November, it signed up VendingData. It began looking for other high-security deals, but the next two years were grim. A $10 million licensing deal with a Chinese distributor went sour after DataTrace received only a 10th of what it was owed. In 2007, it reported a $722,000 loss for the year, and in 2008, the loss was $586,000. ”It is taking longer than anticipated to bring revenue on stream from the sale of product”, it told the market.
The pressure was falling on the shoulders of DataTrace’s general manager, Greg Twemlow. So early the following year, when he saw that Novartis was seeking an anti-counterfeiting device for its glass ampoule drugs, he fired off an application. It is not clear what promises Twemlow made in the application, but the test results and specifications he sent were based on the white jars of phosphor stored in the office. Perhaps he felt the application was a long shot and he could have a better product made up later.
So to some, it was a shock when Novartis announced it had placed DataTrace on its shortlist. The company told Twemlow that it intended to come to Australia as ”you had informed us that your production facility and your labs are actually in Melbourne”. But there were two glaring problems.
The first was obvious – the tracer offered by Twemlow was not coming out of a DataTrace ”production facility” in Melbourne or anywhere else. It was being shipped in from eastern China. The second was really just a variation of the first. The Chinese tracer was cheap, widely available, and suitable for bulk goods that did not face a counterfeiting threat. But for high-security applications – such as protecting pharmaceuticals from the booming black-market trade in fake medicines – a custom formula was required.
The ex-CSIRO scientist working on the project, Gerry Swiegers, immediately recognised the danger, and urged DataTrace to switch the tracer. But what frightened them was that Novartis had been very clear about what it wanted. The tracer it bought was to be mixed into the ink painted on the neck of its drug vials, and in order to comply with medical-safety rules set by regulators, the tracer needed to take up no more than 2 per cent of the volume of the ink.
But so far, the higher security, self-manufactured tracers that CSIRO had come up with needed to be 5 per cent by volume. ”I have thought about your suggestion to introduce new markers and the security marker which I can’t agree with,” Twemlow wrote to Swiegers in June. ”We answered the RFP with a specific code and provided costing and test results. To move away from that now would either cause us to be dropped from the race or have the whole process restarted.”
Twemlow and others began work on the due diligence that Novartis demanded. But with each step they took towards closing the sale, the deception at the heart of the deal calcified. On July 30, 2009, Twemlow circulated a list of questions for which Novartis was seeking answers. It included: ”Where are the materials manufactured?” Under this, Twemlow wrote, ”Answer: at CSIRO’s Clayton campus.”
The same day, Patrik Merckell, the Novartis head of product security verification, wrote to Twemlow to organise the company’s visit. ”I would like to spend more time in your production facilities as this is a critical criteria for the final selection process,” he wrote.
The pressure mounted. A Novartis security consultant, Jacques Nahon, explained to Twemlow that a ”critical point” was that DataTrace be impregnable to any kind of counterfeit threat. ”You must absolutely have a clear concept and method of controlling the marker substance, not only in your own shop, but also at third-party sites which handle it.”
Novartis was clearly proceeding on the understanding it was getting a custom-designed tracer, and scheduled an audit visit for August 10-11. On August 7, Twemlow wrote to two senior CSIRO officials – Dr Peter Osvath and Dr Geoff Houston. The subject of the email was: ”Proposed answer to the question, ‘is our Tracer code commercially available,”’
”For your approval. This is how we propose to answer the question if it’s posed. We want everyone answering consistently.
”Answer: The CSIRO will make your Novartis codes using their Trade Secret methods and I’m sure you’ll appreciate the importance of secrecy for Novartis and all of our clients. Having said that there may well be a possibility that aspects of the code could be simulated with commercially available products. In that event we have mechanisms to deal with the challenge.”
When Nahon and the auditors arrived and toured the CSIRO facility, they were treated to a series of presentations, including Osvath’s, which was titled: ”CSIRO: secure supply and support for Datatrace DNA/Novartis project.” They left satisfied and began organising tests in Europe to ensure the tracer mixed with the ink and painted neatly on to the ampoules.
But Swiegers, who had left the CSIRO after a bitter falling-out, was becoming uneasy about what was being proposed. He was sure the solution being offered Novartis was not fit for purpose, and he raised concerns about ”safety and audit issues” in a formal meeting in December 2009. Then in the new year, he wrote a long email to Twemlow urging the company to consider putting a higher security ”sleeper” into the tracer.
”Greg, when we talked just before Xmas you indicated that if we used Chinese lamp phosphors in high security applications, then it would be ‘only a matter of time’ (your words, not mine) before the system would be copied and compromised. I also have that concern.”
”In that case, shouldn’t we move Heaven and Earth to ensure that we have a proprietary material like the security marker, that is difficult (impossible) to copy, present in our high-security products? The lamp phosphors were meant for bulk applications, not high security ones. This is especially significant in pharmaceutical applications where counterfeit pharmaceuticals could have serious safety implications (life-and-death implications).”
But the company forged on after Twemlow received an encouraging request to attend a meeting in Basel on February 3. With the final hurdle ahead, he began work on a ”highly confidential” 18-page report for a meeting scheduled for January 28, which was attended by CSIRO officials. The paper said precisely what it was selling to Novartis.
”We currently source end-product, i.e. we deploy the product as purchased by us for our clients,” the paper said, explaining that the tracers available were far cheaper from their supplier in China than another company in Britain. ”Our view is that we need to move to making Tracers that have non-standard emissions … on this basis the UK or Chinese phosphors become an input material … given this approach the source of the input material is less of an issue.”
”The key question from our clients has generally been ‘Do we make our own Tracers?’
Our answer has always been that CSIRO handles this.”
The tempo continued when Novartis confirmed a pilot run would go ahead in Cairo in April.
DataTrace and CSIRO did make significant efforts to put itself into a position to abide by its representations. Osvath and two other CSIRO scientists began trying to replicate the DaMing phosphor. Despite this, Swiegers was experiencing an ”increasing sense of disquiet”. In a last-ditch effort to alert the company to the dangerous territory it was in, he wrote another strongly worded letter to DataTrace.
”The code which has been offered to Novartis may not be fit for purpose,” he said. ”We have another code – a proprietary security marker – that is suitable for high-risk, safety-related applications. It is not commercially available.”
”Greg appears, however, to have created the impression with Novartis that the brand-protection code we are offering is a high-security one suitable for high-risk, safety-related applications. Indeed, he has roped in CSIRO to synthesise the brand-protection code, to reinforce that impression. However, the brand-protection code that CSIRO would be synthesising can be bought from a wide variety of other vendors. If there is a serious counterfeiting threat to the Novartis ampoules, then this code risks being quickly and easily cracked in a counterfeiting attack. Serious questions could then be raised, especially if the successful counterfeiting attack resulted in injury or death.”
The effort to fool Novartis reached an almost absurd climax. As the eve of the signing approached, Twemlow, Osvath and Houston became concerned about any further audits by the pharmaceutical company. So, in May, they began working on upgrading a laboratory on the Clayton campus – Lab 3.22 in Building 207 – to Novartis security specifications.
Osvath sent an $8000 quote for the work to Twemlow, which included a new wall and door, and security access readers, and asked him to approve the job quickly ”to ensure speedy action, especially if Novartis decides to pay a visit in the near future to audit the facility”.
”I was wondering whether it would also suit DataTrace’s purposes, to have signage on the door, identifying the area as a ‘DataTrace Lab’ – while it will be used for other purposes … it might be useful for you, and not stretching the reality too far,” Osvath wrote on May 12.
The deal was announced on July 27, 2010. But it seems that efforts by CSIRO to replicate the cheap Chinese tracer were for nought. A year later, DataTrace ordered another 150kg of the same Novartis codes from DaMing.
On Wednesday, DataTrace declined to comment citing confidentiality restrictions.
Twemlow said he, too, was bound by confidentiality agreements, but said in his defence he was only ”the sales guy” and the deal had been ”ratified” by the company.