Reading through Brian Kreb’s blog last week, he has an interesting post up on the White House’s call upon the industry on how to formulate a plan to stem the flow of illegal pharmaceuticals:
The Obama administration is inviting leaders of the top Internet domain name registrars and registries to attend a three-hour meeting at the White House next month about voluntary ways to crack down on Web sites that are selling counterfeit prescription medications.
The invitation, sent via e-mail on Aug 13 by White House Senior Adviser for Intellectual Property Enforcement Andrew J. Klein, urges select recipients to attend a meeting on Sept. 29 with senior White House and cabinet officials, including Victoria Espinel, the Obama administration’s intellectual property enforcement coordinator.
“The purpose of this meeting is to discuss illegal activity taking place over the internet generally, and more specifically, voluntary protocols to address the illegal sale of counterfeit non-controlled prescription medications on-line,” the invitation states.
Klein did not return calls seeking more information. A spokeswoman for the White House Office of Management and Budget confirmed the event, but declined to offer further details. The meeting appears to be a continuation of the administration’s Joint Strategic Plan on Intellectual Property Enforcement, an initiative unveiled in June that promised to “address unlawful activity on the internet, such as illegal downloading and illegal internet pharmacies.”
According to the World Health Organization, approximately 8 percent of the bulk drugs imported into the United States are counterfeit, unapproved, or substandard, and 10 percent of global pharmaceutical commerce — or $21 billion — involves counterfeit drugs. LegitScript.com, a verification service for online pharmacies, is currently tracking more than 45,000 rogue Internet pharmacies.
It is unclear to me whether or not the goal of this initiative is to stem the flow of online crime in general or to reduce the flow of illegal pharmaceuticals flowing into the United States (since presumably this cuts into the profits of large pharmaceutical companies… who would naturally want to see their profit margins increased in return for pledging their support for health care reform that was passed earlier this year). Assuming that the target of this are the online pharmaceuticals, there are a few things I can think of. Unfortunately, a three hour meeting really isn’t enough to get this off the ground because it is a series of interconnected events that would need to take place. Anyhow, here’s a list of things I’d do:
- Stopping illegal pharmaceuticals piggy-backs onto stopping illegal <anything> on the ‘net. Spammers who advertise illegal software, or fake degrees, or fake enlargement pills, or fake mortgages are all basically doing the same thing. So, any strategy that is aimed at stopping those other things will extend to stopping fake pharmas as well. My point here is that concentrating only on fake pharmaceuticals may exclude strategies that scale to others.
- Registrars need to get their act in gear. When a website advertising cheap Viagra goes up, somebody somewhere needs to register that site. Whoever registers is needs to do a better job of verification of the identity who registered it. The problem here is that so many of these sites are registered by registrars in foreign countries which is outside the jurisdiction of the US. However, just like in the Wizard of Oz, there’s no place like home and the government can pressure domestic ones to do better proactive abuse mitigation.
- WHOIS protected services are questionable. I don’t deny the need for WHOIS-protected services in some cases. However, any time I am looking up a suspicious site and the WHOIS registration is protected, that’s pretty much all I need to make the determination that the site is abusive. It doesn’t cost much to shield your WHOIS information. If you want to do it, that’s fine but there should probably be a stricter set of criteria who shielding your information like this requiring you to jump through a couple of more manual hoops.
- Crack downs on spammers will go a long ways. One of the chief mechanisms of advertising illegal pharmaceuticals is through the use of spam. We all get it in our inboxes. Of course, there are other avenues of advertisement such as black search engine optimization. However, because it is not particularly difficult to send out a lot of spam and make money off of it, and because there is little chance of repercussion, spammers continue to do it. If law enforcement had more resources dedicated to prosecuting spammers such that it became more de-incentivized, then the supply part of the equation would start to dry up. In other words, putting spammers in prison will help in this regards, and this requires a prioritization of law enforcement resources. Whether or not they are willing to divert resources from one area of law enforcement to another is an open question.
- Perhaps walled gardens are a good idea. In Australia, some ISPs kick infected computers off of their network if the ISP can detect that the machine connecting to it is infected with malware. Or, they redirect them to a sandbox and alert the user that they cannot continue until they clean their system. If more ISPs made this a policy, then maybe we’d have less malware abuse flowing back and forth in cyber space. I don’t think I’d want government to enforce this, but perhaps ISPs might be willing to voluntarily comply with this.
This is a small list of things that could be done but by no means it is exhaustive. Running up-to-date software is a good idea, and so is running the latest patched version of one’s software. What other ideas do you have to cut down on the flow of illegal online pharmaceuticals?