Tag Archives: software

urban-gro Launches Cannabis Industry’s First Line Of IoT Solutions

By Aaron G. Biros
No Comments

Last week at the MJBizCon, a major cannabis industry event held annually in Las Vegas, urban-gro launched the first technology line for cannabis growers utilizing Internet-of-Things (IoT). urban-gro, a cultivation technology company for commercial-scale growers, announced the launch of announced Soleil® Technologies, an integrated portfolio of hardware, software, and services that uses IoT.

“The solution suite includes per-plant sensing, environmental monitoring, machine diagnostics, fertigation management, lighting controls, inventory management, and seed-to-sale tracking,” reads the press release. IoT is essentially a network of devices embedded with sensors and software that allow the devices to connect and exchange data. IoT devices are used extensively in the food industry, including for integrated pest management, restaurant food safety and management and tracking product conditions such as temperature and humidity throughout the supply chain, among other uses.

Soleil consists of three primary lines:

  • Soleil 360 is the cloud-based software-as-a-service (SASS) platform that integrates all Soleil solutions.
  • Soleil Sense is the brand for all of urban-gro’s low-power wireless sensors that deliver data with the scale, precision and resolution needed for analytics and machine learning.
  • Soleil Controls is urban-gro’s product set for climate and irrigation controls, lighting systems, and other focused controls.

The core, low-power sensor that makes this unique was licensed from Edyza, a wireless innovator that specializes in low-power wireless grids that scale. urban-gro then developed on top of that sensor, including its cloud-based management, analytics, what the sensors detect and cover, etc., to make it ideal for cannabis growers.

According to Brad Nattrass, urban-gro’s chief executive officer, finding an IoT solution that can easily scale was a key goal for their business. “When evaluating the most advanced market-ready sensor technology available, it was crucial that we deliver a solution that can easily scale to thousands of sensors in order to satisfy the needs of large-scale commercial cultivators,” says Nattrass. “The introduction of Soleil demonstrates urban-gro’s commitment to going beyond simply supplying equipment, to truly serving our clients as an ongoing technological innovator and advisor, enabling cultivators to leverage today’s more advanced technologies to rise above the competition.”

“Cultivators will be able to monitor substrate moisture and EC (electrical conductivity) levels on a per plant basis, as well as track key environmental metrics like temperature, humidity, air movement, and probability of infestation,” reads the press release. “With multiple device options, cultivators can choose between several deployment options.” With the data hosted on the cloud, users can access it through web browsers, Android and iOS devices.

According to Jay Nichols, a representative of urban-gro, they have hired (and is hiring) code developers, product developers, etc. in order to expand this unit. Plant sensors are just one piece of the system, with the goal to automate the entire cultivation process, including controlling lights, pest management, irrigation and fertigation. They say it will be available in late Q1/early Q2.

BioTrackTHC To The Rescue: Contingency Plan for Washington

By Aaron G. Biros
1 Comment

According to a press release published this morning, BioTrackTHC successfully implemented their Universal Cannabis System (UCS) in Washington State, a temporary solution for the state’s seed-to-sale cannabis tracking system, while the new system is yet to be deployed.

BioTrackTHC had a contract with Washington State for four years, which expired just weeks ago at the beginning of November. Back in June, after a few minor hiccups, the state announced that MJ Freeway would be the successive software platform used for the state’s seed-to-sale traceability system.

The deadline for the new software to be ready for deployment was set for November 1st, when the BioTrackTHC contract would expire and the MJ Freeway contract would begin. Between when the contract was awarded and the deadline for implementation, MJ Freeway made headlines for a series of security hacks and systems failures. Subsequently, MJ Freeway said they could not deliver the software platform until January of 2018, leaving a two-month gap where businesses have no state-mandated software to use for the tracking system.

The contingency plan that the state laid out consisted of business owners manually inputting data in excel spreadsheets. When first pressed for a Band-Aid solution, representatives of BioTrackTHC cited security concerns related to MJ Freeway’s hacks as reason for being hesitant to extend their contract through the interim period.

In an open letter to the Washington cannabis industry back in October before the end of their contract, Patrick Vo, president and chief executive officer of BioTrackTHC, laid out an explanation for what went wrong and provided an alternative solution, essentially a private sector version of their government-mandated traceability software system.

The open letter to the Washington cannabis industry, written by Patrick Vo

Announced this morning, the new system, UCS, is being used by over 1,600 of the 1,700 cannabis licensees in Washington. The UCS has so far submitted 39,000 individual excel spreadsheets to the Washington State Liquor and Cannabis Board (WSLCB). “After the WSLCB announced that their replacement system would not be ready in time and that the only other option was for all 1,700 licensees to submit their seed-to-sale data via manual spreadsheets, BioTrackTHC created the UCS—a privatized clone of the government system—within a few days and deployed it minutes after the termination of the old system to minimize the impact on all licensees,” reads the press release.

The UCS allows business owners to streamline data recording, instead of manually entering information into spreadsheets. It is also integrating with 3rd party software competitors such as WeedTraQR, GrowFlow, Mr. Kraken, TraceWeed, GreenBits, S2Solutions and DopePlow. “After the WSLCB’s announcement, we knew that we had only a few days to provide a universal system to which the whole industry could submit compliance data and enable communication across the supply chain between licensees and their seed-to-sale system,” says Vo. “Our priority was to ensure that licensees could continue to operate in the absence of a government seed-to-sale system. Not having that system in place could have left Washington licensees vulnerable to noncompliance in a variety of ways, not to mention the potentially crippling volume of extra work needed to manually track a business’ entire inventory.”

Washington State’s new traceability software system by MJ Freeway is expected to deploy in January of 2018.

KIND Financial Launches Canadian Payment Solution

By Aaron G. Biros
1 Comment

KIND Financial, a technology and compliance software solutions provider in the cannabis industry, is launching a new e-commerce and payment processing platform in Canada. According to the press release, they are partnering with a Canadian bank to launch the KIND Seed to Payment platform, which is essentially an e-commerce gateway integrated with their compliance software, KIND’s RegTech platform.

David Dinenberg, founder and CEO of KIND Financial

David Dinenberg, founder and CEO of KIND Financial, says this is an approach to help alleviate the cannabis industry’s banking woes. “We’ve been very focused on a global vision and taking a strategic approach towards solving the cannabis industry’s largest problem – banking,” says Dinenberg. “Not only have we built a broad portfolio of finance and compliance solutions with a high-level of technical sophistication, but we’ve made a strong commitment to security and compliance, which is evident through our partnership with Microsoft.” A little over a year ago, they entered a partnership with Microsoft to utilize their cloud-based solutions for government traceability software.

According to the press release, the software has regulatory and security features built in, such as age and identity verification, which can help companies comply with security and chain of custody regulations. “Our mission is to ensure business and technological growth for all constituencies within the cannabis industry while ensuring full compliance with evolving regulations, and that’s why we’re thrilled to make these services available to our great neighbors in the north,” says Dinenberg. “We understand compliance will be a critical issue for some time to come, but with our solution, all providers and their partners can focus on the job at hand while keeping in line with regulatory mandates.”

KIND Financial has not done much work in Canada previously, but this could be a sign of a greater push for international expansion. “We’re excited to be working in a new country to boost the Canadian cannabis industry in a safe and regulated manner, and we look forward to expanding into other markets overseas,” says Dinenberg. The press release says the new platform is designed to work with different languages and foreign currencies, including the euro and Australian dollar, which could help Canadian producers enter emerging markets.

In addition to their announcement of the KIND Seed to Payment platform, the company also announced they will be rolling out a mobile payment system called KIND Pay, a digital payment option for consumers that will accept Visa and MasterCard. They anticipate that KIND Pay will launch before the end of this year.

MJ Freeway Hardships Linger

By Aaron G. Biros
No Comments

MJ Freeway, a seed-to-sale traceability software company with a number of government contracts, has been making headlines this year for all the wrong reasons. A series of security breaches, website crashes and implementation delays have beleaguered the software company throughout 2017.

Just this morning, the Philadelphia Inquirer reported the company’s services crashed Saturday night and Monday afternoon. That article also mentions an anonymous hacker tried to sell sensitive information from the Washington and Nevada hacks in September. Back in April, when Pennsylvania awarded the state’s contract to MJ Freeway for its tracking system, Amy Poinsett, co-founder and chief executive officer of MJ Freeway told reporters “I think I can confidently say we are the most secure cannabis company in this particular industry.” It is safe to say this is now being called into question.

Earlier this week, New Cannabis Venture’s Alan Brochstein reported that MJ Freeway is unable to meet Washington’s October 31st deadline to integrate their software with the state, forcing customers to manually report data.

Roughly a month ago, Nevada suddenly cancelled their contract with MJ Freeway, just two years into their five-year deal. Back in June, the company’s source code was stolen and published online. And back in January of this year, the company’s sales and inventory system was the target of a cyber attack.

According to an email we obtained, all of MJFreeway’s clients in Spain experienced an online outage, but that services were restored within 24 hours. In an email sent to clients in Spain, the company told customers that the problems were the result of a system failure. “Our initial analysis indicates that this was a system failure and unfortunately none of the data was able to be successfully retrieved from the backup archive due to an error but we can assure you that none of your data was extracted or viewed at any moment,” reads the email. “We are extremely distressed regarding the event that occurred with the system and the service interruption that occurred yesterday. We recognize that this is a situation that is very serious and negatively impacts your club.” The email says that MJ Freeway is addressing those problems in a few ways, one of which being ongoing audits of their data backups. “The event has led us to reconstruct our “hosting environment” in Europe to use the latest technology from Amazon Web Services with the best redundancy, flexibility and security, using the highest stability measures in the AWS environment,” reads the email. While the site will be restored fully, according the email, historical data is lost. The company is working with their clients to help them get data back into the system. 

MJ Freeway’s Source Code Stolen & Published Online

By Aaron G. Biros
9 Comments

Portions of MJ Freeway’s source code were reportedly stolen and posted in Reddit threads as well as on Gitlab.com, a source code hosting website. On June 15th, the account “MJFreeway Open Source” was made on Gitlab.com, and portions of the source code were posted, but have since been taken down. Source code is essentially a list of commands of a program, the basis for making improvements and modifications to a software system. Source code can sometimes contain sensitive information. To be clear, MJ Freeway does not use an open source model; their source code is the basis of their traceability software. Open source is a tool that fosters public collaboration on software development, helping identify weaknesses or areas for improvement.

When asked to comment on the matter, MJ Freeway issued the following statement:

“Last week we discovered that someone had obtained an outdated portion of MJ Freeway’s source code. This incident has absolutely no impact on our systems or MJ Freeway services, and client and patient data is not at risk. While this theft poses no risk to our clients, patients, or business operations, we take any incident involving unauthorized access very seriously and have reported it to the Colorado Bureau of Investigation.

Unfortunately, it has come to our attention that our competitors are spreading inaccurate information about the incident, including baseless claims about SSL info and the potential for client data being compromised – neither of which is true. We encourage our customers to contact us directly with any questions they may have.

We follow or exceed all relevant industry security standards and are confident that we have the most robust security measures in our industry. None of our peers come close. However, we live in a world of determined cyber-criminals and we operate in a competitive environment. Success and size makes a company a bigger target for malicious actors, as other large companies also know. We will continue to investigate and take follow-up action as we learn more about this incident.”

On Sunday, June 18th, a user by the name of ‘techdudes420’ posted in the subreddit, r/weedbiz, a thread titled “MJFreeway goes open source.” The link for that post was the Gitlab.com page where MJ Freeway’s source code was published briefly. The same user then published a second reddit post the following day with the same link to the stolen code, but this time in the r/COents, a subreddit for the Colorado cannabis community. MJ Freeway is based in Denver. That post claimed the user found the stolen source code with a quick search and that the user was banned because of that. The moderator of the thread chimed in, saying they banned the user for posting the stolen code. “We received a takedown request from the software owner stating the code had been stolen and released without permission,” says the moderator. “After investigating the matter I reached the same conclusion and removed the thread.” The moderator then updated the comment shortly after: “Edit: As for OP [original poster] ‘finding’ the code, if that were true I don’t know why he or she would have created a new Reddit account just to post the link.”

In addition to their own cybersecurity analysis, a spokeswoman for MJ Freeway says they will be performing a third party audit and analysis this week as well. When that information becomes available, we will update this article.


Update: Multiple sources have reported that portions of MJ Freeway’s source code are still available online on torrent sites like PirateBay.

Biros' Blog

Washington Changes Course, Selects MJ Freeway as New ASV

By Aaron G. Biros
3 Comments

Two weeks ago, we reported on the State of Washington choosing Franwell as their apparent successful vendor (ASV) for their seed-to-sale traceability system contract. Late last week, the Washington State Liquor and Cannabis Board (WSLCB) sent out an email explaining that they are no longer going with Franwell and the new ASV is MJ Freeway.

The email (left) consisted of a letter sent by Peter Antolin, Deputy Director of the WSLCB, to licensees “who had written to the Board and staff regarding the marijuana traceability Apparent Successful Vendor and RFID tags.” Apparently, the reason behind switching the ASV to MJ Freeway is because Franwell’s system requires only one method for tagging plants- RFID tags. According to the letter, Deputy Director Antolin says the initial request for proposal (RFP) stated that the traceability system needs to support a variety of tagging methods, including bar codes and RFID. “The RFP requirements did not allow a vendor to make any assumptions regarding use of a single tagging methodology or allow vendors to include any such costs affecting the state or our licensees in their proposal,” says Antolin. As they made clear in the previous press release, the ASV is not the official contract winner until they complete negotiations and sign the contract.

On June 7th, Franwell withdrew their proposal for the state’s traceability system, thus Washington went with the second highest scoring vendor, MJ Freeway. Deputy Director Antolin says they submitted a strong bid, but there are still many questions left unanswered. How could such a glaring mistake be overlooked when the state named Franwell the highest scoring bidder? Is MJ Freeway’s system robust enough and capable of handling the state’s cannabis licensees’ traceability requirements even though they were not the highest scoring bidder? The deadline for the new system to be in place is October 31, 2017, which is quickly approaching for such a massive systems overhaul.

The WSLCB’s oversight highlights a few inadequacies with the state’s regulatory agency, particularly their indecision and lack of foresight. So much of the concept behind seed-to-sale traceability rests on Cole Memo compliance. A big reason why some states seek to implement a robust tracking system is to remain compliant with the Cole Memo; preventing diversion to crime organizations with regulatory oversight is a key tool that states use to tell the federal government they are complying with their directive and intend to protect their state’s legal cannabis operations from federal prosecution. Without a proper system in place, the state runs the risk of exposing their entire cannabis market to threats of federal enforcement, a scenario that seems unlikely but could be disastrous to cannabis businesses and the local economy.

The WSLCB needs to get their act together fast.

Washington Selects Franwell’s METRC for Traceability Program

By Aaron G. Biros
No Comments

The Washington State Liquor and Cannabis Board (WSLCB) announced today they plan to choose Franwell as their technology partner for the state’s cannabis seed-to-sale traceability system. While the release states they have not yet officially awarded them the contract, it says Franwell is the apparent successful vendor (ASV) to replace their current system. “An ASV is the procurement term used for the highest scoring, responsive vendor,” says the press release.

Rick Garza, director of the WSLCB, says they plan on making a number of changes that they couldn’t under their current contract. “Over the last four years we have learned a lot about this industry, including aspects to the industry that were unknown when the current traceability system was implemented,” says Garza. “We need a system that will grow and flex with Washington’s maturing marijuana system.”

Seven companies submitted bids for the new contract and the agency narrowed that down to three finalists, each of which gave presentations and demonstrations on their software products to WSLCB staff last week. They also worked with folks in the cannabis industry, selected by trade organizations, that provided input on the requests for proposal. Those industry stakeholders that participated with input will get a demonstration of the new software system in early June.

They plan on transitioning to the new system no later than October 31, 2017. Franwell’s METRC product is currently used in Colorado, Oregon and Alaska.

BioTrackTHC Awarded Delaware’s Tracking Software Contract

By Aaron G. Biros
No Comments

According to a press release, the State of Delaware has chosen BioTrackTHC as their partner in seed-to-sale tracking software. Delaware’s Department of Health and Social Services (DHSS) signed a contract with BioTrackTHC for the tracking and patient registry software.

In 2016, Delaware issued a request for proposals for “the Delaware Enterprise Consolidated Cannabis Control System,” which encompasses the statewide patient registry and seed-to-sale traceability systems. “Our sincerest thanks to DHSS for choosing Team BioTrack,” says Patrick Vo, CEO of BioTrackTHC. “DHSS has been wonderful to work with throughout the contracting process, and we look forward to partnering with them to provide the tools and data they need to continue overseeing the industry and protecting their patients.” BioTrack’s software was selected as the winner of a number of government contracts in other states previously for the same role.

Their software is currently used in government traceability systems in Washington, New Mexico, Illinois, Hawaii, New York and the city of Arcata, California. The press release states regulators will have the ability to view the retail data “including plant counts and usable inventory, lab results, transportation, and point-of-sale data—to perform periodic audits and ensure compliance.” The patient registry will also provide better patient accessibility through the new software with a faster turn around time and automated application processing.

BioTrackTHC provides technology solutions for businesses and governments to tracking products throughout the supply chain to the point of sale. The software systems help businesses remain compliant with regulations and monitor data for things like inventory management.

marijuana buds drying in racks biotrackthc

BioTrackTHC Uses Amazon Web Service’s Government Cloud for Traceability System

By Aaron G. Biros
No Comments
marijuana buds drying in racks biotrackthc

BioTrackTHC, partnering with the Hawaii Department of Health, is deploying the first live seed-to-sale traceability system for cannabis in a FedRAMP-authorized environment, according to a press release. The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide risk management platform that provides standards for security assessment, authorization and continuous monitoring for cloud products and services. “BioTrackTHC, utilizing Amazon Web Service’s Government Cloud (AWS GovCloud), has met all necessary requirements to host its live government cannabis seed-to-sale Traceability Systems in one of the most secure cloud platforms in the world,” states the press release.

“The BioTrackTHC team invested an incredible amount of time and effort into this high priority project, and we are excited to see it transform from last year’s concept to clean execution,” says Patrick Vo, president and chief executive officer of BioTrackTHC. “We are grateful for the Hawaii Department of Health’s trust in us to get it right the first time.” Hawaii working with BioTrackTHC and AWS GovCloud essentially affords them an ultra-high level of data security in their state traceability program.

“We’re pleased to know that our state’s seed-to-sale Traceability System is now housed in the most secure cloud server available,” says Keith Ridley, chief of the Hawaii DOH Office of Health Care Assurance. “This ensures safety and comfort for our licensees, business operators, and our patients, who can all be confident in knowing their business data and protected patient information is being stored in the most secure traceability system in the world.” The FedRAMP decision-making body is comprised of the Chief Information Officers (CIOs) from the Department of Defense, Department of Homeland Security, and the General Services Administration, with additional collaboration from the National Institute of Standards and Technology, National Security Agency, Office of Management and Budget, and the Federal CIO Council.

The FedRAMP standards include “400 security measures and allows government agencies to use these and only these cloud environments for high-impact data where the loss of data confidentiality, integrity, or availability could be expected to have a severe or catastrophic effect on organizational operations, assets, or individuals,” according to the press release. Essentially this means that they meet the highest security requirements of the program.