Tag Archives: MJ Freeway

How Barcode Labeling Improves Traceability & Security

By Travis Wayne
1 Comment

One of the biggest challenges that cultivators, processors and distributors face in doing business is the requirement to track the product at every step in the production process, from seed to sale. When you add the wide range of label sizes and requirements across the supply chain, labeling can feel overwhelming. While business systems such as METRC, BioTrack, MJFreeway and others are key, integrating accurate and secure barcode labeling with those systems will streamline the end-to-end process while meeting traceability requirements. Here are some things to consider, no matter what role in the cannabis supply chain you play.

Cultivation: Where Tracking and Labeling Starts

Cultivation is where the tracking process begins – integrating barcode labeling METRC, BioTrack, MJ Freeway from the start will streamline the end-to-end process

It’s crucial to implement accurate labeling processes from the beginning, whether growing for a customer or your own vertically integrated operation. The cannabis industry is faced with strict labeling regulations for a variety of cannabis products. Start with a labeling system that can integrate with METRC, BioTrack, MJ Freeway or other seed to sale software solutions. Your barcode labeling solution should also include label approval requirements, so you have role-based access and transparency with label changes and print history in case of issues or recalls. Whatever cannabis labeling regulations your business faces, label design software helps you create compliant cannabis labels throughout the supply chain, from grower to consumer.

Radio Frequency Identification (RFID) Labeling

Select regulations require growers to leverage RFID technology to track the location of the plants in their grow houses. RFID technology also enables accurate real-time inventory analysis and helps reduce manual labor costs, as well as errors that can occur with manual counting. To accurately encode RFID tags with variable plant data, be sure you are using a barcode labeling system that can enable easy RFID tag encoding that integrates data from all your business systems. Fastening RFID tags to plants across your grow house floor enables quick and easy location tracking, and RFID reading removes the need for a manual line of sight and allows hundreds of tags to be read at the same time, speeding up shipping and receiving.

Lab Testing

After a plant is cultivated, a certain percentage is sent to a lab to be tested to ensure its proper strain, weight and compound makeup. After your product has been lab tested, leverage the data from your certificate of analysis to accurately display on your cannabis product labels, including:

  • Pass/fail chemical testing
  • Final date of testing & packaging
  • Identification of testing lab
  • Cannabinoid profile & potency levels
  • Efficiently display lab testing results on product labels with the use of a QR code for the consumer to review the independent lab’s certificate of analysis

Processing and Production: Tracking and Labeling After the Plant Has Been Harvested

A lot of information needs to go on a cannabis label. Whether you’re producing pre-rolls, packaged flower, edibles, beverages, topicals or cartridges, your labeling software must have the capability to create a wide variety of label sizes with barcodes that encode a large volume of data, while also being fully compliant and showing consumer appeal.

Your cannabis labeling software should do the following for you:

  • Support database integration to populate variable data from METRC, BioTrack, and other systems
  • Import high-resolution artwork and leverage with dynamic barcodes and variable data
  • Contain barcode creation wizards for 1D & 2D barcodes
  • Automate weigh & print
  • RGB/CMYK color matching
  • Feature secure label approval processes, label change tracking and print history
  • Offer WYSIWYG (What You See is What You Get) printing
  • Automatically trigger printing directly from scales and scanners when cannabis is weighed
Automatically integrating data with your barcode labeling software improves regulatory compliance, security and reduces manual processes that can lead to labeling errors

Integrate labeling with your seed to sale software solution to automatically trigger label printing by an action in your seed to sale system or by monitoring a database. By integrating your label printing system with your seed to sale traceability system, you can expect to minimize errors, increase print speeds and maximize your ROI. Your business system already holds the variable data such as product names, license number, batch or lot codes, allergens, net quantity, cannabis facts, warning statements and more. By systematically sending this data to the right label template at the right time, labeling becomes an efficient and cost-effective process.

Distribution: labeling for consumer and industry demands

The ability to manage and distribute inventory efficiently is critical in the cannabis market. Warehouses and distributors need to ensure proper storage, handling and traceability of product, from the warehouse to the truck.

Leverage your labeling software to easily create:

  • Packaging labels
  • Shipping labels
  • Case & pallet labels
  • Inventory labels

If you use the same data for your documents and labels, consider moving document printing into your label design software for greater efficiency. An advanced label creation and integration software enables label and document printing standardization by allowing multiple database records to be on one file. That means when new documents or labels come into your database, your software can seamlessly integrate.

Dispensaries can benefit from integrated seed to sale labeling for traceability, speed to market

Whether you’re a small outlet or a large dispensary, you benefit from integrated barcode labeling that starts from the beginning of the process. How? When barcode labeling software is integrated with seed to sale software, product is fully traced throughout the entire process, from tagging each plant at cultivation to identifying the consumer at point of sale, and accurately communicating that data back to METRC, BioTrack and other critical systems. Some dispensaries do package raw flower onsite, which many times means manually weighing, recording and entering the weight on the label, which is a time consuming and error-prone process. Integrating weigh and print functionality with barcode software enables dispensaries to use the action of weighing raw flower to automatically trigger the label print job. The variable weight is then accurately and automatically populated on cannabis flower package labels, creating an accurate and efficient on-demand labeling process for dispensaries. With efficient labeling processes, time spent creating, correcting, approving and printing labels will be reduced, getting product on the shelves faster.

Washington Security Breach Delays Traceability System Rollout

By Aaron G. Biros
No Comments

On February 8th, Peter Antolin, the deputy director for the Washington State Liquor and Cannabis Board (WSLCB), sent an email to licensees explaining why the transition to their new traceability system was disrupted. Last Saturday, someone gained access to the sensitive information in Leaf Data Systems, the state’s traceability software that is powered by MJ Freeway.

“A computer vulnerability was exploited on Saturday, allowing unauthorized access to the traceability system,” Antolin told licensees in the email. “There are indications an intruder downloaded a copy of the traceability database and took action that caused issues with inventory transfers for some users. We believe this was the root cause of the transfer/manifest issue experienced between Saturday and Monday.”WSLCB

The email goes on to say that no personally identifiable information was available to the ‘intruder,’ but some sensitive information was clearly accessed. That data includes route information of manifests filed between February 1st and 4th as well as transporter vehicle information including VIN, license plate number and vehicle type, according to the email.

That email leaves much to be desired. For one, they do not exactly have a solution, instead trying to alleviate licensees’ worries with a hollow inanity full of meaningless jargon: “The WSLCB and MJ Freeway continue to implement several strategies to prevent future vulnerabilities to future intrusions,” reads the email. “This includes full logging and monitoring and working with third-party entities. Since this remains an active investigation, details on security are not publicly available.” However, today the WSLCB is hosting a webinar where Peter Antolin, their IT division, the MJ Examiners unit and enforcement will be available to answer questions, according to the email.

WSLCB emailThis is by no means the first security breach that Washington and MJ Freeway have suffered. In May of 2017, Washington originally selected Franwell’s METRC as the contract partner for their traceability software system. Less than a month later in June of 2017, after a mistake in the selection process, Washington selected MJ Freeway instead of Franwell for the traceability contract. Three days later, MJ Freeway’s source code was stolen and published online. Then in September, Nevada cancelled their contract with MJ Freeway after a security breach, their services crashed in Pennsylvania and Spain, and in October it became clear that the company could not meet the October 31 deadline for their new Washington contract.

In November of 2017, BioTrackTHC, the company that held the previous contract for Washington’s traceability software, helped the state through the transition period with a temporary Band-Aid solution to hold the state over until January of 2018. A month after they expected to implement the new MJ Freeway system, the latest security breach occurred this week and disrupting the rollout yet again.

At the end of the email Antolin sent to licensees yesterday, he says there will continue to be attempts to breach the system’s security. “The bottom line is that this incident is unfortunate,” says Antolin. “There will continue to be malicious cyberattacks on the system. This is true of any public or private system and is especially true of the traceability system.” This begs a few questions: why aren’t we hearing about this kind of security breach in other states’ traceability systems? What are other companies doing that prevents this from happening? Why does this keep happening to MJ Freeway?

BioTrackTHC To The Rescue: Contingency Plan for Washington

By Aaron G. Biros
1 Comment

According to a press release published this morning, BioTrackTHC successfully implemented their Universal Cannabis System (UCS) in Washington State, a temporary solution for the state’s seed-to-sale cannabis tracking system, while the new system is yet to be deployed.

BioTrackTHC had a contract with Washington State for four years, which expired just weeks ago at the beginning of November. Back in June, after a few minor hiccups, the state announced that MJ Freeway would be the successive software platform used for the state’s seed-to-sale traceability system.

The deadline for the new software to be ready for deployment was set for November 1st, when the BioTrackTHC contract would expire and the MJ Freeway contract would begin. Between when the contract was awarded and the deadline for implementation, MJ Freeway made headlines for a series of security hacks and systems failures. Subsequently, MJ Freeway said they could not deliver the software platform until January of 2018, leaving a two-month gap where businesses have no state-mandated software to use for the tracking system.

The contingency plan that the state laid out consisted of business owners manually inputting data in excel spreadsheets. When first pressed for a Band-Aid solution, representatives of BioTrackTHC cited security concerns related to MJ Freeway’s hacks as reason for being hesitant to extend their contract through the interim period.

In an open letter to the Washington cannabis industry back in October before the end of their contract, Patrick Vo, president and chief executive officer of BioTrackTHC, laid out an explanation for what went wrong and provided an alternative solution, essentially a private sector version of their government-mandated traceability software system.

The open letter to the Washington cannabis industry, written by Patrick Vo

Announced this morning, the new system, UCS, is being used by over 1,600 of the 1,700 cannabis licensees in Washington. The UCS has so far submitted 39,000 individual excel spreadsheets to the Washington State Liquor and Cannabis Board (WSLCB). “After the WSLCB announced that their replacement system would not be ready in time and that the only other option was for all 1,700 licensees to submit their seed-to-sale data via manual spreadsheets, BioTrackTHC created the UCS—a privatized clone of the government system—within a few days and deployed it minutes after the termination of the old system to minimize the impact on all licensees,” reads the press release.

The UCS allows business owners to streamline data recording, instead of manually entering information into spreadsheets. It is also integrating with 3rd party software competitors such as WeedTraQR, GrowFlow, Mr. Kraken, TraceWeed, GreenBits, S2Solutions and DopePlow. “After the WSLCB’s announcement, we knew that we had only a few days to provide a universal system to which the whole industry could submit compliance data and enable communication across the supply chain between licensees and their seed-to-sale system,” says Vo. “Our priority was to ensure that licensees could continue to operate in the absence of a government seed-to-sale system. Not having that system in place could have left Washington licensees vulnerable to noncompliance in a variety of ways, not to mention the potentially crippling volume of extra work needed to manually track a business’ entire inventory.”

Washington State’s new traceability software system by MJ Freeway is expected to deploy in January of 2018.

MJ Freeway Hardships Linger

By Aaron G. Biros
1 Comment

MJ Freeway, a seed-to-sale traceability software company with a number of government contracts, has been making headlines this year for all the wrong reasons. A series of security breaches, website crashes and implementation delays have beleaguered the software company throughout 2017.

Just this morning, the Philadelphia Inquirer reported the company’s services crashed Saturday night and Monday afternoon. That article also mentions an anonymous hacker tried to sell sensitive information from the Washington and Nevada hacks in September. Back in April, when Pennsylvania awarded the state’s contract to MJ Freeway for its tracking system, Amy Poinsett, co-founder and chief executive officer of MJ Freeway told reporters “I think I can confidently say we are the most secure cannabis company in this particular industry.” It is safe to say this is now being called into question.

Earlier this week, New Cannabis Venture’s Alan Brochstein reported that MJ Freeway is unable to meet Washington’s October 31st deadline to integrate their software with the state, forcing customers to manually report data.

Roughly a month ago, Nevada suddenly cancelled their contract with MJ Freeway, just two years into their five-year deal. Back in June, the company’s source code was stolen and published online. And back in January of this year, the company’s sales and inventory system was the target of a cyber attack.

According to an email we obtained, all of MJFreeway’s clients in Spain experienced an online outage, but that services were restored within 24 hours. In an email sent to clients in Spain, the company told customers that the problems were the result of a system failure. “Our initial analysis indicates that this was a system failure and unfortunately none of the data was able to be successfully retrieved from the backup archive due to an error but we can assure you that none of your data was extracted or viewed at any moment,” reads the email. “We are extremely distressed regarding the event that occurred with the system and the service interruption that occurred yesterday. We recognize that this is a situation that is very serious and negatively impacts your club.” The email says that MJ Freeway is addressing those problems in a few ways, one of which being ongoing audits of their data backups. “The event has led us to reconstruct our “hosting environment” in Europe to use the latest technology from Amazon Web Services with the best redundancy, flexibility and security, using the highest stability measures in the AWS environment,” reads the email. While the site will be restored fully, according the email, historical data is lost. The company is working with their clients to help them get data back into the system. 

MJ Freeway’s Source Code Stolen & Published Online

By Aaron G. Biros
9 Comments

Portions of MJ Freeway’s source code were reportedly stolen and posted in Reddit threads as well as on Gitlab.com, a source code hosting website. On June 15th, the account “MJFreeway Open Source” was made on Gitlab.com, and portions of the source code were posted, but have since been taken down. Source code is essentially a list of commands of a program, the basis for making improvements and modifications to a software system. Source code can sometimes contain sensitive information. To be clear, MJ Freeway does not use an open source model; their source code is the basis of their traceability software. Open source is a tool that fosters public collaboration on software development, helping identify weaknesses or areas for improvement.

When asked to comment on the matter, MJ Freeway issued the following statement:

“Last week we discovered that someone had obtained an outdated portion of MJ Freeway’s source code. This incident has absolutely no impact on our systems or MJ Freeway services, and client and patient data is not at risk. While this theft poses no risk to our clients, patients, or business operations, we take any incident involving unauthorized access very seriously and have reported it to the Colorado Bureau of Investigation.

Unfortunately, it has come to our attention that our competitors are spreading inaccurate information about the incident, including baseless claims about SSL info and the potential for client data being compromised – neither of which is true. We encourage our customers to contact us directly with any questions they may have.

We follow or exceed all relevant industry security standards and are confident that we have the most robust security measures in our industry. None of our peers come close. However, we live in a world of determined cyber-criminals and we operate in a competitive environment. Success and size makes a company a bigger target for malicious actors, as other large companies also know. We will continue to investigate and take follow-up action as we learn more about this incident.”

On Sunday, June 18th, a user by the name of ‘techdudes420’ posted in the subreddit, r/weedbiz, a thread titled “MJFreeway goes open source.” The link for that post was the Gitlab.com page where MJ Freeway’s source code was published briefly. The same user then published a second reddit post the following day with the same link to the stolen code, but this time in the r/COents, a subreddit for the Colorado cannabis community. MJ Freeway is based in Denver. That post claimed the user found the stolen source code with a quick search and that the user was banned because of that. The moderator of the thread chimed in, saying they banned the user for posting the stolen code. “We received a takedown request from the software owner stating the code had been stolen and released without permission,” says the moderator. “After investigating the matter I reached the same conclusion and removed the thread.” The moderator then updated the comment shortly after: “Edit: As for OP [original poster] ‘finding’ the code, if that were true I don’t know why he or she would have created a new Reddit account just to post the link.”

In addition to their own cybersecurity analysis, a spokeswoman for MJ Freeway says they will be performing a third party audit and analysis this week as well. When that information becomes available, we will update this article.

Update: Multiple sources have reported that portions of MJ Freeway’s source code are still available online on torrent sites like PirateBay.

Biros' Blog

Washington Changes Course, Selects MJ Freeway as New ASV

By Aaron G. Biros
3 Comments

Two weeks ago, we reported on the State of Washington choosing Franwell as their apparent successful vendor (ASV) for their seed-to-sale traceability system contract. Late last week, the Washington State Liquor and Cannabis Board (WSLCB) sent out an email explaining that they are no longer going with Franwell and the new ASV is MJ Freeway.

The email (left) consisted of a letter sent by Peter Antolin, Deputy Director of the WSLCB, to licensees “who had written to the Board and staff regarding the marijuana traceability Apparent Successful Vendor and RFID tags.” Apparently, the reason behind switching the ASV to MJ Freeway is because Franwell’s system requires only one method for tagging plants- RFID tags. According to the letter, Deputy Director Antolin says the initial request for proposal (RFP) stated that the traceability system needs to support a variety of tagging methods, including bar codes and RFID. “The RFP requirements did not allow a vendor to make any assumptions regarding use of a single tagging methodology or allow vendors to include any such costs affecting the state or our licensees in their proposal,” says Antolin. As they made clear in the previous press release, the ASV is not the official contract winner until they complete negotiations and sign the contract.

On June 7th, Franwell withdrew their proposal for the state’s traceability system, thus Washington went with the second highest scoring vendor, MJ Freeway. Deputy Director Antolin says they submitted a strong bid, but there are still many questions left unanswered. How could such a glaring mistake be overlooked when the state named Franwell the highest scoring bidder? Is MJ Freeway’s system robust enough and capable of handling the state’s cannabis licensees’ traceability requirements even though they were not the highest scoring bidder? The deadline for the new system to be in place is October 31, 2017, which is quickly approaching for such a massive systems overhaul.

The WSLCB’s oversight highlights a few inadequacies with the state’s regulatory agency, particularly their indecision and lack of foresight. So much of the concept behind seed-to-sale traceability rests on Cole Memo compliance. A big reason why some states seek to implement a robust tracking system is to remain compliant with the Cole Memo; preventing diversion to crime organizations with regulatory oversight is a key tool that states use to tell the federal government they are complying with their directive and intend to protect their state’s legal cannabis operations from federal prosecution. Without a proper system in place, the state runs the risk of exposing their entire cannabis market to threats of federal enforcement, a scenario that seems unlikely but could be disastrous to cannabis businesses and the local economy.

The WSLCB needs to get their act together fast.