3.1.  Counterfeit ICT equipment examples

The following are key examples of the impact of counterfeit ICT equipment:

4.1.  The Paris Convention for the Protection of Industrial Property and the Berne Convention for the Protection of Literary and Artistic Works

The World Intellectual Property Organization (WIPO) administers multilateral treaties concerning intellectual property. The fundamental treaties are the Paris Convention for the Protection of Industrial Property and the Berne Convention for the Protection of Literary and Artistic Works.

The Paris Convention was concluded in 1883 and has been subsequently revised on a number of occasions. Its aim is to protect "patents, utility models, industrial designs, trademarks, service marks, trade names, indications of source or appellations of origin, and the repression of unfair competition" [69]. As regards counterfeiting, this convention requires contracting states to take measures against "direct or indirect use of a false indication of the source of the goods or the identity of the producer, manufacturer or merchant".

4.2.  World Trade Organization (WTO) Trade-Related Aspects of Intellectual Property Rights (TRIPS)

The World Trade Organization (WTO) administers the TRIPS Agreement which sets minimum standards to be applied by all WTO Members both with respect to the substantive protection and the enforcement of IPRs. The TRIPS Agreement thus introduces for the first time a comprehensive set of enforcement provisions into a multilateral agreement. Any disputes among WTO Members in this regard are to be settled under the WTO's Dispute Settlement Understanding.

TRIPS provisions on enforcement have two basic objectives, i.e. to make effective means of enforcement available to right holders and to ensure that enforcement procedures are balanced and proportionate and do not impede legitimate trade. They are divided into five sections. The first section lays down general obligations that all enforcement procedures must meet. These are notably aimed at ensuring their effectiveness and that certain basic principles of due process are met. The following sections deal with civil and administrative procedures and remedies, provisional measures, special requirements related to border measures and criminal procedures.

The Agreement makes a distinction between infringing activities in general, in respect of which civil or administrative procedures and remedies must be available, and counterfeiting and piracy – the more blatant and egregious forms of infringing activity – in respect of which certain additional procedures and remedies are mandatory, namely border measures and criminal procedures. For this purpose, counterfeit goods are in essence defined as goods involving slavish copying of trademarks, and pirated goods as goods which violate a reproduction right under copyright or a related right.

In detail, the obligations of WTO Members are as follows:

1. Civil and administrative procedures: The right holder must be able to initiate civil, judicial or, on an optional basis, administrative procedures against an IPR infringer. Those procedures must be fair and equitable. Certain rules on evidence are established. Furthermore, Members are required to provide judicial authorities with the authority to award three types of remedies: injunctions, damages and other remedies. As part of the safeguards against abuse, the obligations also extend to the indemnification of the defendant where enforcement procedures have been abused by the right holder.

2. Provisional measures: Temporary injunctions constitute an important tool pending the solution of a dispute at a trial. Therefore, judicial authorities must have the authority to order prompt and effective provisional measures to take action against alleged infringements. Those measures aim to prevent an IPR infringement from occurring and to preserve relevant evidence concerning the alleged infringement. Like in other sections on enforcement, certain procedural requirements and safeguards against abuse are provided for.

3. Border measures: Enable the right holder to obtain the co-operation of customs administrations to intercept infringing goods at the border and to prevent the release of such goods into circulation. They are mandatory for counterfeit trademark and pirated copyright goods, while Members may also make them available for infringement of other IPRs, infringing goods destined for exportation, goods in transit, de minimis imports and parallel imports. Border measures are subject to certain procedural requirements and safeguards against abuse, similar to those applying to provisional measures. As regards remedies, the competent authorities must be empowered to order the destruction or disposal outside the channels of commerce of infringing goods.

4. Criminal procedures: These must be put in place to address cases of wilful trademark counterfeiting or copyright piracy on a commercial scale. Their application to other cases of IPR infringement is optional. In terms of remedies, the agreement stipulates that sanctions must include imprisonment and/or monetary fines, and, in appropriate cases, also seizure, forfeiture and destruction of the infringing goods and of materials and equipment used to produce them.

Least developed country WTO Members currently benefit from transitional arrangements that exempt them from the obligation to apply the protection and enforcement standards set by the TRIPS Agreement in general until July 2021, as well as to comply with the provisions regarding the protection and enforcement of patents and undisclosed data in the pharmaceutical sector until January 2016. Among others, the objective is to enable them to create a viable technological basis.

5.1.  World Intellectual Property Organization (WIPO)

The World Intellectual Property Organization (WIPO) established an Advisory Committee on Enforcement (ACE) in 2002 with the aims of co-ordination with other international organizations and the private sector to combat counterfeiting and piracy. It provides training programmes and technical assistance.

WIPO is also collaborating with the United Nations Environment Programme (UNEP) and other organizations such as the United Nations Economic and Social Commission for Asia and the Pacific (UNESCAP) to raise awareness of the challenge of recycling and disposal of the growing volumes of counterfeit products.
http://www.wipo.int/wipo_magazine/en/2012/06/article_0007.html http://www.unep.org/ozonaction/News/Features/2012/SoutheastAsiaexploressynergies/tabid/104354/Default.aspx
http://www.unescap.org/events/wipoescapunep-workshop-environmentally-safe-disposal-ip-infringing-goods

5.2.  World Trade Organization – Council for TRIPS

The Council for TRIPS is one of the three sectoral Councils operating under the WTO's General Council. It is responsible for the administration of the TRIPS Agreement and, in particular, for monitoring the operation of the Agreement and Members' compliance with their obligations under the TRIPS Agreement. The Council has formal meetings in Geneva three times per year, as well as informal meetings as required. The meetings constitute a forum for discussion and consultation on any matter related to the TRIPS Agreement, as well as for clarifying or interpreting provisions of the Agreement. IPR enforcement has been discussed on an ad hoc basis in the TRIPS Council on several occasions, most lately 2012.

5.3.  UN Office of Drugs and Crime (UNODC)

UNODC is the custodian of the United Nations Convention against Transnational Organized Crime that is the worldwide platform for co-operation in tackling all forms of organized crime. Currently, 167 countries are party to the Convention and have committed themselves to fighting organized crime through collaboration and ensuring that domestic laws are suitably structured.

UNODC holds biannual meetings of the Parties to the United Nations Convention against Transnational Organized Crime. These meetings bring together governments from across the world to promote and review the implementation of the Convention in order to ensure better approaches to tackling transnational organized crime. The last meeting was in October 2012.

The UN Office of Drugs and Crime has focused on the linkage between the trade in counterfeit goods and transnational organized crime http://www.unodc.org/counterfeit/. UNODC launched the "Counterfeit: Don't Buy into Organized Crime" campaign in January 2014 to raise consumer awareness of the USD 250 billion a year of illicit trafficking of counterfeit goods. The campaign – "Counterfeit: Don't buy into organized crime" - informs consumers that buying counterfeit goods could be funding organized criminal groups, puts consumer health and safety at risk and contributes to other ethical and environmental concerns.

UNODC also works to counter the flow of illicit goods such as counterfeit products and drugs by means of technical assistance programmes. UNODC and the World Customs Organization launched the Container Control Programme (CCP) in 2006. The programme has resulted in the seizure of 487 containers of fraudulent and contraband goods alongside a further 195 containers of drugs.

https://www.unodc.org/unodc/en/frontpage/2014/January/counterfeit-dont-buy-into-organized-crime---unodc-launches-new-outreach-campaign-on-250-billion-a-year-counterfeit-business.html

https://www.unodc.org/unodc/en/frontpage/2012/July/criminals-rake-in-250-billion-per-year-in-counterfeit-goods-that-pose-health-security-risks-to-unsuspecting-public.html

5.4.  World Customs Organization (WCO)

WCO is an intergovernmental organization comprised of 179 Customs administrations that provides leadership, guidance and support to its Members to secure and facilitate legitimate trade, realize revenues, protect society and build capacity. As Customs administrations are responsible for protecting national borders from the illegal flow of counterfeit and pirated goods, WCO leads discussions on global efforts to fight such crimes. This entails bolstering efforts to combat counterfeiting and piracy by improving enforcement methods and promoting the exchange of information between Customs as well as between Customs and the private sector.

Capturing the attention of Customs officers and industries worldwide and ensuring their vigilance with regards to counterfeit products is at the heart of the WCO IPR and Health and Safety Programme. With the protection of consumer health and safety as a key priority, WCO is extremely active in delivering extensive capacity building actions and developing various enforcement tools.

Conscious of the importance of collaborating with the private sector, WCO works very closely with industry members and associations in order to assess their needs and difficulties when tackling this phenomenon. WCO regularly invites rights holders to participate in its various anti-counterfeiting activities, such as field operations, regional or national seminars and has developed an online tool, interface public-members (IPM), to arm Customs officers with the means to detect counterfeit and pirated products and to communicate with economic players in real time.

Large scale Operations are a vital part of the WCO anti-counterfeit initiatives in which multiple numbers of Customs administrations simultaneously raise their level of enforcement on counterfeit items to quantify and qualify the impact of global counterfeiting activities. In 2013 alone, over 1.1 billion counterfeit items were intercepted by Customs Administrations in an Operation in the African region and an Operation in the Latin American region.

WCO has also developed a global online detection tool, IPM, aimed at frontline Customs officers to facilitate the distinction between genuine products and their fake reproductions. Since its launch in 2010, IPM has become a real communication hub between Customs officers on the ground and the private sector by allowing them to exchange crucial information in real time in order to intercept counterfeit goods.

With the recent launch of IPM mobile, field Customs officers can now access IPM via their mobile devices and retrieve all relevant information contained in the database. This new version offers the possibility to use mobile devices to scan industry standard GS1 barcodes found on millions of products, enabling to search the products database in a more time-efficient manner. Furthermore, scanning the barcodes will enable automatic connection to any authentication services linked to the product controlled. This new feature is known as IPM Connected - a global network of security features providers (SFPs) interfaced with IPM. With this growing network of SFP, the number of rights holders to join IPM is also seeing a boost with over 700 brands currently in the system, covering a wide-range of industry sectors from pharmaceutical, foodstuff, pesticides, to fast-moving goods and luxury items [124].

5.5.  European Union

At the level of the EU a series of public consultations have been carried out since 2011 regarding Directive 2004/48/EC on the enforcement of intellectual property rights. The previous public consultation on the efficiency of IP civil enforcement systems in EU Member States closed in March 2013. The European Commission published a summary of the replies in July 2013.

The Commission adopted on 1st July a Communication "Towards a renewed consensus on the enforcement of Intellectual Property Rights: An EU Action Plan" – COM (2014)932.

The ten actions listed in the Action Plan focus on commercial scale infringements (the so-called "follow the money" approach) and aim at improving prevention, increasing cross-border cooperation between Member States and prioritising IP enforcement policy on the basis of objective data.

The European Observatory on Counterfeiting and Piracy was created in 2009 as part of the European Commission. Regulation No 386/2012 of the European Parliament and of the Council renamed it the European Observatory on Infringements of Intellectual Property Rights and fully entrusted it to the Office of Harmonisation of the Internal Market on 5 June 2012. The Observatory serves as a platform for private and public actors allowing them to share best practices and experiences on IPR enforcement, to raise public awareness and to collaborate on collecting and monitoring data.

The European Commission promoted at EU level a Memorandum of Understanding on the sale of counterfeit goods via the Internet (MoU). It was signed in May 2011 between internet platforms, brand owners and trade associations. The MoU established a code of practice in the fight against the sale of counterfeit goods over the internet and enhanced collaboration between its signatories.

Customs

The Council Regulation No 1383/2003 of 22 July 2003 on customs actions against goods suspected of infringing certain intellectual property rights was replaced by Regulation 608/2013.

5.6.  Interpol

Interpol, the international police organization with 190 member countries, started an Intellectual Property Crime Action Group in 2002. This group supports regional and global operations to seize counterfeit goods, organizes training courses through the International IP Crime Investigators College (IIPCIC), and has created a database on international intellectual property crime.

5.7.  United Nations Economic Commission for Europe (UNECE)

The UNECE Working Party on Regulatory Cooperation and Standardisation Policies (WP.6) has established an advisory group on market surveillance (MARS group) that aims to encourage member states to coordinate their efforts to contain the problem of counterfeit goods. They have produced Recommendation M. on the "Use of Market Surveillance Infrastructure as a Complementary Means to Protect Consumers and Users against Counterfeit Goods" [69].

5.8.  National Initiatives (a few examples)

6.1.  International Chamber of Commerce (ICC)

ICC represents the world's business organizations. Thousands of companies and associations in about 120 countries are members. It acts on behalf of business in making representations to governments and intergovernmental organizations. ICC was founded in 1919 and itself established the ICC International Court of Arbitration in 1923.

ICC created a Counterfeiting Intelligence Bureau in 1985 and, more recently, the Business Action to Stop Counterfeiting and Piracy (BASCAP) group.

The ICC Counterfeiting Intelligence Bureau maintains a case study database and also provides investigative services.

BASCAP continued the study of the economic and social impacts of counterfeiting and piracy begun by OECD [106] and has developed an information clearing house which provides information by country [72] and sector [73] and also brand protection [74] and worldwide contact directories [75].

ICC also publishes an Intellectual Property Roadmap [76].

6.2.  International Anti-Counterfeiting Coalition (IACC)

IACC [77] was founded in 1979 and has members from all branches of industry. It aims to combat counterfeiting and piracy by promoting anti-counterfeiting regulations.

6.3.  Mobile Manufacturers Forum (MMF)

The Mobile Manufacturers Forum maintains a website (spotafakephone.com) that provides information on counterfeit mobiles and batteries.

6.4.  Association of Service and Computer Dealers International and North American Association of Telecommunications Dealers (AscdiNatd)

The AscdiNatd has developed an anti-counterfeit program that includes an anti-counterfeit policy for adoption by member companies and counterfeit information resources, including information from HP and Cisco [78].

6.5.  Alliance for Gray Market and Counterfeit Abatement (AGMA)

AGMA was formed in 2001 by 3Com, Cisco Systems, Hewlett-Packard, Nortel and Xerox with the aim of combating trade in counterfeit high-technology products.

6.6.  British Electrotechnical and Allied Manufacturers Association (BEAMA) Anti-counterfeit Working Group

BEAMA is the independent expert knowledge base and forum for the electrotechnical industry for the UK and across Europe. It represents over 300 manufacturing companies in the electrotechnical sector, and it has significant influence internationally as well as in the UK's political, standardization and commercial policy.

The BEAMA Anti-Counterfeiting Working Group (ACWG) was formed in 2000. Its objective is to take action against counterfeiters manufacturing counterfeit electrical installation products, and the traders who distribute them into many international markets, including those in Europe, the Middle East and Africa. As well as BEAMA members, the WG comprising many of the leading industry associations from the installer, distributor, test and certification and law enforcement sectors. It has achieved global recognition for its proactive work and receives co-operation from trade associations and law enforcement bodies around the world.

A database of counterfeiters for use by the electrical installation industry has been created, which is passed to authorities worldwide for them to follow up in the local markets.

The Working Groups' activities are publicized through trade magazine articles, presentations, participation in conferences and the production of guides and posters to raise awareness of this rapidly growing, potentially damaging threat to consumer safety and business integrity.

This Working Group is responsible for managing anti-counterfeiting action projects, collecting and disseminating information on IPR issues, and responding to government and others on behalf of the association. It also offers advice and information to any company or association which has a problem with IPR issues.

Current activities include projects in China, UAE, UK, Nigeria and Iraq, plus comprehensive web and port watch programmes.

In the UK, BEAMA are working with many of the leading industry bodies to raise awareness and fight counterfeit and non-compliant products – the industry portal www.counterfeit-kills.co.uk has been launched specifically for this purpose.

6.7.  UKEA (United Kingdom Electronics Alliance)

UKEA is a consortium of UK trading associations representing the electronics sector. It aims to coordinate the discussion of issues within the sector and communicate with the government. UKEA has established an Anti-Counterfeiting Forum [79] that publishes information on the problem of counterfeit electronic components, potential solution providers and best practices.

6.8.  Anti-Counterfeiting Group (ACG)

ACG is a UK trade association that was created in 1980 with members mainly in the automotive industry but now represents most sectors of industry.

6.9.  UNIFAB - Union des Fabricants

The Union des Fabricants is a French organization dedicated to combating counterfeiting by increasing public awareness (by opening a Museum of Counterfeiting in addition to other activities), providing information to businesses and lobbying. http://www.unifab.com/en/

6.10.  International Electronics Manufacturing Initiative (iNEMI)

The iNEMI has defined a project on "Counterfeit Components – Assessment Methodology and Metric Development".
http://thor.inemi.org/webdownload/projects/Miniaturization/Counterfeit_WhitePaper_110513.pdf

7.1.  Introduction

Counterfeiting equipment can be combated by marking products in some way so that they can be authenticated by strictly controlling the product life cycles. Labels that are difficult to forge can be attached to products and serial numbers assigned which can be used to authenticate that the item is genuine (by accessing a database, for example).

Individual items may be assigned unique identifiers. An example of a system that is used to combat counterfeiting is mPedigree which is used to counter pharmaceutical counterfeiting in Africa. This system allows consumers to check whether medicines are genuine or counterfeit and potentially dangerous by sending a (free) short message service (SMS) to a registry of pharmaceutical products.

Strict control of supply chains, and possibly of complete product life cycles, is required with testing, evaluation and certification as necessary to ensure the security of the product and that appropriate quality is maintained. In addition, customs officials need to be given the tools to identify counterfeit products, and market surveillance mechanisms may be employed.

Identifiers can be made on an object in clear text or can be encoded on an "identification (ID) tag" such as a barcode, a radio frequency identification (RFID) tag, smartcard or an infrared tag so that they can be read automatically. Three levels can be distinguished in the identification of an object. First, there is a pure identifier level at which objects are uniquely identified, for example, by an electronic product code (EPC). The second level is an encoding level as the pure identifiers can be encoded in different formats, and finally there is a physical realization, when the encoded identity is written onto an RFID tag, for example.

To ensure that identifiers are globally unique for specific applications, they must be managed in an organized fashion, with some form of allocation procedure. For example, the GSM Association (GSMA) manages the international mobile equipment identities (IMEIs) for the global system for mobile communications (GSM), the universal mobile telecommunications system (UMTS) and the long-term evolution (LTE) devices; the Telecommunications Industry Association allocates the mobile equipment identifiers (MEIDs) for the code division multiple access (CDMA) devices, and GS1 manages barcode identifiers. ISO manages a number of identifier domains and also acts as a top-level authority incorporating the identifier schemes of other organizations such as GS1.

Another example is that of the marking of equipment to indicate that it has been approved to be marketed within a country. For example, Anatel requires mobile phone chargers and batteries to carry a secured label defined by their Resolution 481/2007². See Figure 1.

This approach has been used in the telecommunication equipment industry for many years and was successfully implemented by some countries/regions³ (e.g. FCC⁴, Anatel⁵, EU⁶).

Customs officials need to be able to identify counterfeit products and market surveillance and other enforcement measures which may be employed. In addition, importers with a track record of ignoring import controls can be identified and put on a special list. When shipments of ICT equipment are being imported by rogue importers, regulatory authorities can be notified so that a decision can be made to carry out inspections, and enforcement should then be warranted. See Figure 2.

It is to be noted that counterfeit products could in fact conform with specified requirements, interoperate with genuine products, and hence pass the conformance and interoperability test. As such, product evaluation by trademark holder may be required to accurately identify counterfeit products and distinguish them from genuine products.

The ICT sector is marked by a large presence of international competitors that promote constant innovation. While this is a desirable condition, the market is, at the same time, exposed to manufacturers/vendors that are not committed to following established international, regional or national rules.

The problem of asymmetric information is more marked in developing countries, where there is little or no development of technologies and conformity assessment procedures. The typical problems commonly faced when managing a conformity assessment system are the lack of trusted and traceable information, as in the following cases: i) identification of the origin or the juridically responsible agent for the products; ii) manufacturing plant sites; iii) certification bodies; and iv) qualified laboratories with legitimated accreditation certificate. In some cases, importers without any technical knowledge and capability to provide assistance can represent foreign companies that have outsourced their engineering and manufacturing units displaced in other countries (e.g. outsourcing schemes). Although such processes may represent savings in the production process, quality and accountability in the manufacturing telecommunication/ICT equipment are weakened.

One could further contend that vested interest, greed, consumer demand, lack of standards and/or poor enforcement are conducive to low-quality equipment. In some cases the same brand or model, because of the lack of a proper conformance process in a specific target market, is fitted and sold with different electronic components, some good, some bad, and shipped to selected destinations according to their relative laxity on quality. A procedure known as tropicalização (Portuguese for tropicalization) springs to mind as an example of such tampering with equipment meant for sales south of the Equator. See Figure 3.

7.2.  Abuse of identifiers and type approval logos

All identifiers that are created by authentic manufacturers of goods can and are abused by counterfeiters in order to achieve their aims of duping consumers and the authorities that their product is genuine. This is a problem in many industries, not just ICT. The reader should bear in mind that any identification mechanism and the security around it will become a target for counterfeiters and criminals. Type approval logos and icons as well as electronic identifiers are often deliberately subverted in order to evade customs and law enforcement checks at borders. This creates practical issues for manufacturers, consumers, customs and law enforcement officials who then have trouble distinguishing the fake identifying marks from genuine ones, even before considering the product itself.

7.3.  International mobile equipment identity (IMEI)

As already noted, mobile phones have been a particularly attractive target for counterfeiters and, in response, the Mobile Manufacturers Forum (MMF) has created a website giving information for consumers on how to spot counterfeit phones and batteries. http://spotafakephone.com. They advise that one should get to know the appearance, capabilities, availability and price of the genuine articles and also check the international mobile equipment identity (IMEI) number. IMEI is a unique identifier for each mobile phone and counterfeits often do not have an IMEI or have a fake number. One problem for manufacturers, network operators and the authorities is that counterfeiters have evolved their manufacturing in such a way that they sometimes steal legitimate ranges from existing manufacturers as part of their counterfeiting strategy. This can be used as one method to evade systems for checking IMEIs.

The allocation of IMEIs is managed by GSMA so as to ensure that they are unique. The allocation scheme is hierarchical with the GSMA assigning 2-digit identifiers to Reporting Bodies that then allocate IMEI and the serial number of the equipment. The Reporting Bodies currently authorized to allocate IMEIs are the CTIA – The Wireless Association, BABT (British Approvals Board for Telecommunications), TAF (Telecommunications Terminal Testing and Approval Forum) (China), and MSAI (Mobile Standards Alliance of India).

The format of IMEI valid from 1 January 2003 is to be found in Table 1, as follows [112]:

Table 1 — IMEI format

Type allocation code (TAC)	Serial number	Check digit
NNXXXX YY	ZZZZZZ	A
TAC Type allocation code, formerly known as type approval code. NN Reporting Body identifier. XXXXYY Mobile equipment (ME) type identifier defined by Reporting Body. ZZZZZZ Allocated by the Reporting Body but assigned per ME by the manufacturer. A Check digit, defined as a function of all other IMEI digits.

GSMA registers additional information such as the manufacturer name and model number and the technical capabilities, such as the frequency bands supported and the power class, for each device identified by its IMEI.

GSMA maintains the IMEI DB (IMEI Database) [85], previously known as the central equipment identity register (CEIR). The IMEI DB contains a "white list" of equipment that is considered to be suitable for use worldwide, and a "black list" of IMEIs related to devices that are not considered suitable for use due to their being lost, stolen, or faulty and posing a threat to network integrity. It should be noted that the IMEI DB white list is a list of TACs rather than full IMEIs and the data is freely available to eligible parties including national regulators, law enforcement agencies and customs agencies. In addition to the IMEI DB, individual network operators may implement their own equipment identity registers (EIR), to which they can download the "white list", and these allow operators to control which devices can access their networks.
http://www.gsma.com/managedservices/mobile-equipment-identity/the-imei-database/accessing-the-imei-database/

The primary use of the IMEI DB is for operators to be able to identify the devices, and their characteristics, being used on their networks and for the blocking of stolen handsets. The IMEI DB can also be used to detect counterfeit devices, which helps prevent device laundering, deter crime and support prosecutions.

There have been problems, however, with the implementation of IMEI. Cases have been reported of equipment with no IMEI, with an all-zero IMEI, duplicate IMEIs and IMEIs allocated by unauthorized organizations. Some of these devices with invalid or non-unique IMEIs are counterfeits but others are genuine but not in compliance with the GSMA IMEI allocation procedure due to misunderstandings on the part of the manufacturers. For example, there were estimated to be 30 million GSM handsets in India with no IMEI, and MSAI was authorized by GSMA to offer a temporary amnesty programme involving the implantation of genuine IMEIs (genuine IMEI implant (GII) programme) in order to be able to uniquely identify each device.

As an example of duplicate IMEIs, 6,500 handsets with the IMEI 135790246811220 have been detected in Australia. As for unregistered IMEIs, a network operator in Uganda reported that the number of TACs on its network that are not registered in the IMEI DB is greater than the number allocated by GSMA and that are registered in the IMEI DB.

There is therefore good reason to ensure that the use of IMEI is mandated and that IMEIs are allocated in accordance with the GSMA process. The IMEI DB is one tool for detecting counterfeit mobiles and, to give one example, Kenya denied access to mobiles with invalid IMEIs from the end of September 2012 as there were estimated to be 2.3 million subscribers using fake handsets. Further information on these examples and other cases in which IMEIs have been used as the basis of identifying counterfeit mobiles is provided in Annex A. As several national efforts aimed at addressing the issue of counterfeit mobile devices rely on the use of IMEI, it is essential that the IMEI allocation procedure and database is secure and reliable, and that IMEI is securely encoded within the devices.

One option is that operators be required to block devices with duplicate and invalid IMEI's as these devices must be authenticated on a network in order to work. Blocking these devices when first connected is probably the most effective tool to address the problem at this time.

However, there are several constraints to blocking IMEIs. One is that GSMA does not maintain a full IMEI white list but rather a white list of TAC codes only. Secondly, IMEIs from legitimate devices have been cloned onto counterfeit and substandard devices complicating the blocking process, and finally, any blocking solution must prevent or prohibit other cloned IMEIs from being copied to the devices in question.

While there are challenges with blocking, solutions are available on the market. At the same time, it is important to avoid a patchwork of unique national solutions that will simply shift the problem across national borders. Given that IMEIs are allocated by GSMA and that IMEI DB is maintained by GSMA, it would seem logical that they should be involved in some way in national initiatives in order to utilize the full suite of available lists and other technical measures.

However, considering that the estimated number of counterfeit devices is simply enormous, just blocking operational terminals would cause heavy and unexpected impacts to networks and end users. This fact cannot be ignored.

In this regard, it is important to take into consideration the fact that in developing countries, with low social and economic conditions, mobile phones are the main gateway to communicate and participate in the information society⁷. Sadly, this happens using a considerable number of cheaper counterfeit devices.

For this reason, the entire society has to be prepared for such a change. Best approaches must be studied, considered and planned. For instance, the motives (of safety risks, lower quality of service and consequently increase in complaints, interference hazards, and IPR infringement, etc.) for not allowing counterfeit devices must be clearly explained to consumers.

In this sense, if regulators and governments choose to put in force terminal blocking actions, it is important to adopt transition policies, such as starting by blocking only new terminals and allowing devices that are already on the network to continue to operate but, ultimately, users will have to move to genuine terminals since the estimated life cycle of a mobile terminal is 18 months⁸.

7.4.  Unique identifiers

Electronic product codes (EPCs) were first developed by the Massachusetts Institute of Technology Auto-ID Centre that was created in 1999 and are today managed by EPCglobal, a subsidiary of GS1 which has defined the most widely used specifications for global supply chain systems. The International Organization for Standardization (ISO) and the Ubiquitous ID Centre (Japan) have also defined identifiers for a number of applications.

GS1 defines nine "identification keys" for the identification of items, locations, shipping containers, assets, services, document types, shipments and consignments, as follows:

• GTIN - global trade item number

• GLN - global location number

• SSCC – serial shipping container code

• GRAI – global returnable asset identifier

• GIAI – global individual asset identifier

• GSRN – global service relation number

• GDTI – global document type identifier

• GSIN – global shipment identification number

• GINC – global identification number for consignment

GTIN is used to identify categories of objects whereas GLN, SSCC, GIAI and GSRN identify individual objects; GRAI and GDTI can be used to identify either categories of objects or individual items depending upon the absence or presence of a serial number. GINC and GSIN identify logical groupings rather physical objects. These identification keys are intended for realization using barcodes. There is a correspondence between these codes and EPCs defined by EPCglobal for use with RFID. GTIN is extended in the EPC scheme by the addition of a serial number so as to uniquely identify an object. The other keys that are used to identify individual objects have a direct EPC equivalent. The following EPCs are defined [107]:

• General identifier (GID)

  • urn:epc:id:gid:ManagerNumber.ObjectClass.SerialNumber

• Serialized global trade item number (SGTIN)

  • urn:epc:id:sgtin:CompanyPrefix.ItemReference.SerialNumber

• Serial shipping container code (SSCC)

  • urn:epc:id:sscc:CompanyPrefix.SerialReference

• Global location number with or without extension (SGLN)

  • urn:epc:id:sgln:CompanyPrefix.LocationReference.Extension

• Global returnable asset identifier (GRAI)

  • urn:epc:id:grai:CompanyPrefix.AssetType.SerialNumber

• Global individual asset identifier (GIAI)

  • urn:epc:id:giai:CompanyPrefix.IndividulAssetReference

• Global document type identifier (GDTI)

  • urn:epc:id:gdti:CompanyPrefix.DocumentType.SerialNumber

• Global service relation number (GSRN)

  • urn:epc:id:gsrn:CompanyPrefix.ServiceReference

• US Department of Defense (DoD)

  • urn:epc:id:usdod:CAGEOrDODAAC.SerialNumber

• Aerospace and defence identifier (ADI)

  • urn:epc:id:adi:CAGEOrDODAAC.OriginalPartNumber.Serial

ISO/IEC 15459 [ISO/IEC 15459] defines unique identifiers for supply chain tracking that can be represented in automatic identification and data capture (AIDC) media such as barcodes and RFID.

Parts 1, 4, 5, 6 and 8 of ISO/IEC 15459 specify the unique string of characters to identify transport units, individual items, returnable transport units, product groupings and transport units, respectively. In each case, the unique identifier is structured into classes so as to facilitate the efficient management of the identifiers for that class of object.

Part 2 specifies the procedural requirements for allocating unique identifiers for item management applications and describes the obligations of the Registration Authority and Issuing Agencies. These procedures do not apply to those items for which ISO has already designated Maintenance Agencies or Registration Authorities to provide identification schemes. It therefore does not apply to:

• freight containers, as their unique coding is specified in ISO 6346 [ISO 6346:1995];

• vehicles, as their unique identification is specified in ISO 3779 [ISO 3779:2009];

• car radios, because their unique identification is specified in ISO 10486 [ISO 10486:1992]; and

• ISBN [ISO 2108:2005] and ISSN [ISO 3297:2007] schemes.

Part 3 specifies the common rules that apply to unique identifiers for item management that are required to ensure full compatibility across classes of unique identifiers.

ISO Technical Committee 246 is chartered to produce standard anti-counterfeiting tools. This committee is developing a standard on the performance criteria for authentication solutions for combating the production of counterfeit goods [ISO 12931:2012].

In addition to ISO and EPCglobal, the Ubiquitous ID Centre in Japan has defined a generic identifier called an "ucode" [87], which is not only intended to identify physical objects but also may be used to identify places and digital information, see Table 2. Basic ucodes are 128 bits in length (but can be extended in multiples of 128 bits) and may embed other identifiers such as ISBNs, Internet protocol (IP) addresses or ITU-T E.164 telephone numbers [ITU-T E.164]. The ucode is basically a number that needs to be assigned a meaning in a relational database. Any individual or organization can obtain ucodes from the Ubiquitous ID Centre, which acts as the registration authority for these numbers.

Table 2 — ucode format

Version (4 bits)	TLDc (16 bits)	cc (4 bits)	SLDc (variable)	ic (variable)
TLDc top level domain code (assigned by the Ubiquitous ID Centre) cc class code (indicating the boundary between the SLDc and ic) SLDc second level domain code ic identification code for individual objects

ITU-T is working on systems for accessing multimedia information triggered by the tag-based identification of things. As part of this work, a description of the various ID schemes that could be used for such identification is being produced. The Ubiquitous ID Centre has submitted their ucode scheme such that the ucode would be assigned an object identifier (OID) registered under the branch {joint-iso-itu-t(2) tag-based(27)} in compliance with Recommendation ITU-T X.668 [ITU-T X.668]. The ISO/IEC Unique ID scheme described earlier is assigned an object identifier under the branch {iso(1)} of the Object Identifier tree. This results in the ISO/IEC (including EPCglobal) and Ubiquitous ID Centre identifier schemes being assigned object identifiers either under the {iso} branch (ISO and EPCglobal) or {joint-iso-itu-t} branch (Ubiquitous ID Centre) and allows the coexistence of the various identification schemes that have different registration authorities. For RFID tags, the object identifier (OID) and ID would be encoded as defined in ISO/IEC 15962 [ISO/IEC 15962:2013].

Data associated with an object may be stored on a tag along with the identifier if the tag has sufficient memory. However, another possible means to find information associated with an identifier is to use an identifier resolution mechanism.

A very wide variety of services and applications for RFID can be envisaged, once it becomes possible to provide information associated with a tag identifier in different forms (text, audio or image). For example, in a museum, an identifier on a tag attached to a painting could be used to find further information on the painting and the artist. In a grocery store, an identifier on a food package could be used to check that the food is safe to eat and not one of a sample that has been found to be contaminated in some way. Identifier-triggered information access could be valuable in medicine/pharmaceuticals, agriculture, libraries, the retail trade and supply chain management. Such mechanisms could also be employed to combat counterfeiting. Recommendation ITU-T F.771 [ISO 15394:2009] describes a number of services that could be based on the use of information associated with tagged objects and the requirements for these services.

A model for accessing the information associated with a tagged object is specified in Recommendation ITU-T H.621 [ITU-T Y.4405] (see Figure 4). Within this model, a multimedia information discovery function can send the identifier obtained from an ID tag reader to an ID resolution function, thereby obtaining a pointer (such as a uniform resource locator (URL)) to the appropriate multimedia information manager. As a result, it becomes possible to access the information associated with the tag ID. As the number of identifiers is expected to be very large, the ID resolution function is likely to be distributed in a tree structure.

The ID resolution function could be based on the use of the Internet domain name system (DNS) that usually provides the Internet protocol (IP) address corresponding to a uniform resource locator (URL). The object naming service (ONS) described by EPCglobal uses DNS mechanisms to find information associated with electronic product codes.

In addition, Recommendation ITU-T X.1255 [ITU-T X.1255] https://www.itu.int/rec/T-REC-X.1255-201309-I/en provides a framework for the discovery of identity management information that is recognized in the ITU Plenipotentiary Resolution on Combating counterfeit telecommunication/information and communication technology devices.

7.5.  Automatic identification and data capture (AIDC)

7.6.  Secure printing and hologram labels

Secure printing techniques can be used to create tamper-evident labels, and labels may also be complemented with hologram images that are difficult to forge. It should be noted, however, that such mechanisms are widely abused and copied by counterfeiters.

7.7.  Supply chain management

Maintaining the security of supply chains is very important to combat counterfeiting activities. The ISO 28000 series of International Standards specify the requirements for the secure management of supply chains. These standards are applicable to organizations of any size involved in manufacturing, service, storage or transportation by air, rail, road and sea at any stage of the production or supply process. The following standards are available:

• ISO 28000:2007, Specification for security management systems for the supply chain. [ISO 28000:2007]

• ISO 28001:2007, Security management systems for the supply chain – Best practices for implementing supply chain security assessments and plans – Requirements and guidance. [ISO 28001:2007]

• ISO 28003:2007, Security management systems for the supply chain – Requirements for bodies providing audit and certification of supply chain security management systems. [ISO 28003:2007]

• ISO 28004-1:2007, Security management systems for the supply chain – Guidelines for the implementation of ISO 28000 – Part 1: General principles. [ISO 28004-1:2007]

• ISO 28005-2:2011, Security management systems for the supply chain – Electronic port clearance (EPC) – Part 2: Core data elements. <<iso28005-2011>

ISO 28000 requires organizations to assess the security environment in which they operate and to determine if adequate security measures have been implemented. The elements of a security management system are shown in Figure 9.

The World Customs Organization (WCO) SAFE Framework of Standards [89] is intended to ensure the security of global supply chains and includes a handbook describing the factors indicating that shipments have a high-risk of containing counterfeit goods. The SAFE Framework is based on customs-to-customs agreements and also customs-to-business partnerships with benefits being given to businesses that meet supply chain security standards.

IEC TC 107, whose field of activity is process management for the avionics industry, has produced a specification concerned with the avoidance of use of counterfeit, fraudulent and recycled electronic components [IEC TS 62668-1]. This committee is also currently working on a specification for managing electronic components from non-franchised sources to prevent counterfeit components entering the supply chain [IEC TS 62668-2].

SAE International (originally the Society for Automotive Engineers) has developed a number of specifications specifically intended to avoid counterfeit electronic components being introduced in the supply chains of the aerospace and automotive industries that are widely referred to in the electronics industry. SAE has produced two documents that are intended for the use of those making purchasing decisions:

SAE AS5553 [118]

"Counterfeit Electronic Parts; Avoidance, Detection, Mitigation"; and

SAE ARP6178 [117]

"Counterfeit Electronic Parts; Tool for Risk Assessment of Distributors"; and a specification intended for use by distributors: SAE AS6081 [119]: "Counterfeit Electronic Parts; Avoidance Protocol, Distributors". SAE has also produced a specification on testing: SAE AS6171 [120]: "Test Methods Standard; Counterfeit Electronic Parts".

IEC TC 107 works closely with SAE International on SAE AS5553 through a liaison arrangement.

Most of the forums concerned with the problem of counterfeit goods mentioned earlier offer advice or guidelines on supply chain management. In general, there are requirements for product traceability, inspection and testing (performed by a 1^st, 2^nd or 3^rd party).The UK IP Crime Group has produced a Supply Chain Toolkit in 2011.

7.8.  Testing

The International Electrotechnical Commission (IEC) operates the following conformity assessment schemes http://www.iec.ch/about/activities/conformity.htm:

• IECEE – IEC System of conformity assessment schemes for electrotechnical equipment and components;

• IECEx – IEC system for certification to standards relating to equipment for use in explosive atmospheres;

• IECQ – IEC quality assessment system for electronic components.

These IEC CA schemes are based on 3^rd party certification and employ online systems to provide information on certificates that can be used in the effort to identify counterfeit products.

The IECEE operates the certification body (CB) scheme that is based on the principle of mutual recognition by its members of the test results for obtaining certification or approval at the national level. The CB Bulletin http://members.iecee.org/iecee/ieceemembers.nsf/cb_bulletin?OpenForm is a database for users of the CB scheme that provides information on:

• The standards accepted for use in the scheme;

• The participating National Certification Bodies including product categories and the standards for which they have been recognized; and

• National differences of each member country for each standard.

IECEE CBTC Online is an online test certificate registration system for national certification bodies that also allow public access.

The IECEE has established a Task Force to study measures to combat counterfeiting (CMC-WG 23 "Counterfeit").

The IECEx international certification system consists of the following components:

IECEx Certified Equipment Scheme;
IECEx Certified Service Facilities Scheme;
IECEx Conformity Mark Licensing System;
IECEx Certification of Personnel Competencies (CoPC).

The IECEx CoC Online provides information on certificates and licenses issued in accordance with these schemes.

The IECQ operates the IECQ Electronic Components Management Plan (ECMP) for avionics systems and the IECQ Hazardous Substances Process Management (HSPM) scheme. Certificates are available online.

7.9.  Databases

Databases of known counterfeits are provided for the use of enforcement agencies, such as those operated by WCO and Interpol, and also consumers. The ICC Counterfeiting Intelligence Bureau maintains a case study database.

7.10.  Market surveillance

Market surveillance consists of the "activities carried out and measures taken by designated authorities to ensure that products comply with the requirements set out in the relevant legislation and do not endanger health, safety or any other aspect of public interest protection" [99].

Counterfeit goods may be identified during market surveillance activities, and market surveillance authorities could be involved in the effort to combat the trade in counterfeit goods. UNECE recommends that national market surveillance and customs activities be coordinated and that rights holders be given the possibility of informing market surveillance authorities about counterfeits [115].

Some countries require the registration of products for them to be marketed. For example, the Standards Organization of Nigeria has recently introduced an e-product registration scheme in an attempt to limit the sale of counterfeit products.