Tag Archives: theft

Matt Engle
Soapbox

Insurers Must Play Catch-Up to Meet Cannabis Industry Needs

By Matt Engle
No Comments
Matt Engle

As the cannabis industry continues to grow, demand for insurance products is also increasing. While insurers have been cautious about entering a market that carries the stigma of a Schedule I drug, the cannabis industry is clamoring for insurance coverage options tailored to meet the needs of key players— distributors, growers, processors and retail dispensaries.

The escalating need for insurance products tailored to these cannabis business sectors has not expedited an increase in coverage offerings. The slow entry of insurance carriers into the cannabis sector can be tied to a reluctance to insure an industry with emerging and often unknown risks. This will begin to change as more information becomes available on what loss ratio trends look like in the cannabis industry.

For now, there is a wait-and-see stance held by insurance carriers. This presents a major concern for cannabis-related businesses that are subject to risk at every stage of the supply chain, with particular exposure for theft, general liability, crop loss, and product liability.some degree of crime and theft coverage is needed for these enterprises to help manage the risks associated with a cash-based business

Theft

For cannabis companies, the use of paper currency is a huge part of their risk exposure. Federal banking regulations have limited these businesses to dealing mostly in cash, which makes them a prime target for crime and fraud. Currently, only one carrier will insure coverage for cash and theft risk, and the policy is limited to $1 million for most risks. This is inadequate coverage since many operators have more than that amount on-site.

In states with legislation legalizing cannabis, the cannabis sector will be able to move away from operating in cash if Congress passes the Secure and Fair Enforcement (SAFE) Banking Act, which would protect financial institutions from liability for federal prosecution that could arise from servicing cannabis-related businesses authorized under state law. Until banking regulations give the cannabis industry the ability to operate as legitimate businesses with the stability and safety that would deter criminal activity, some degree of crime and theft coverage is needed for these enterprises to help manage the risks associated with a cash-based business.

General Liability

Cannabis-related businesses need the same general liability coverage as other businesses to protect their premises and operations from lawsuits involving public contact. However, standard general liability policies—which exclude Schedule I substances from coverage—were not created with cannabis businesses in mind. It is still difficult for these businesses to obtain adequate general liability as a result of the legal uncertainty associated with the industry.

Product Liability

Product liability exposures for cannabis businesses encompass a wide range of areas, including edibles, vaporizers, pesticides, mold/fungus, misrepresentation, label claims, breach of warranty, deceptive practices, and failure to warn.

A major area of exposure concerns accidents resulting from impairment. A cannabis cultivator, processor, distributor, or retailer potentially may be considered liable in the event a product defect results in injury after reasonable use or when label defects fail to warn users that a product may have psychoactive effects.

Another area of risk exposure involves products that contain THC, the psychoactive compound that gives cannabis users a high. As the number of THC-containing products such as edibles and tinctures increases, so does the potential exposure to product liability claims for manufacturers and retailers.

The California Cannabis Track-and-Trace (CCTT) system also has implications for product liability. The CCTT is a statewide system used to record the inventory and movement of cannabis and related products through the commercial supply chain. All state cannabis licensees, including those with licenses for cultivation, manufacturing, retail, distribution, testing labs and microbusinesses, are required to use this system. The product liability impact lies in its capacity to determine responsibility along the supply chain from seed to sale.

For example, if a plastic vape pen explodes, a product liability lawsuit could have repercussions for many touch points across the supply chain beyond the manufacturer of the pen–all of which can be identified through CCTT. Entities that touch cannabis products such as soil suppliers or delivery persons also have product liability risk exposure. Personal injury attorneys can find incident-related parties easily and determine liability. This makes it particularly important to add these parties to the policy as additional insureds to help reduce claims exposure.

Crop Loss

Another area of concern for risk exposure is crop loss. Crop insurance is generally hard to obtain due to the significantly different nature of cannabis crops compared to traditional crops like corn or soybeans.

Fires in Sonoma County devastated cannabis crops in Northern California back in 2017.

An indoor crop insurance policy covers cultivators when there is loss resulting from threats such as fire, theft, and sprinkler leakage. However, crop insurance policies generally do not cover losses resulting from mold, rot, disease, changes in climate, or fertilization issues. Many growers forgo this coverage and instead elect to absorb losses and regrow their crops.

Outdoor crop coverage is generally unavailable, or the cost is prohibitive. Any potential for writing outdoor crop insurance for the cannabis industry essentially disappeared as a result of the recent wildfires in California. These devastating fires highlighted the pressing need for property damage and business interruption coverage for growers and dispensaries and other downstream businesses whose supply was disrupted. This lack of available outdoor crop insurance is one of the more notable gaps in available cannabis business insurance coverage.

While cannabis businesses operating in states that have legalized medical and/or recreational cannabis use have challenges getting adequate insurance coverage, there is some good news on the insurance front for those in California. Last year, California’s insurance commissioner announced approval for carriers to offer insurance coverage specifically to cannabis businesses. The state also approved a cannabis business-owners policy (CannaBOP) program that provides a package policy containing both property and liability coverage for qualifying dispensaries, distributors, manufacturers, processors and storage facilities. Colorado is on the verge of being the second state to approve its version of a CannaBOP program.

While more insurance carriers are beginning to write cannabis coverage, the limited insurance options and policies with restrictive plans currently offered todaydo not meet the needs of the cannabis industry. Insurers must catch up to the coverage requirements of this sector by offering more options tailored to growers, retail dispensaries, processors and distributors with better terms and better pricing.

MJ Freeway’s Source Code Stolen & Published Online

By Aaron G. Biros
9 Comments

Portions of MJ Freeway’s source code were reportedly stolen and posted in Reddit threads as well as on Gitlab.com, a source code hosting website. On June 15th, the account “MJFreeway Open Source” was made on Gitlab.com, and portions of the source code were posted, but have since been taken down. Source code is essentially a list of commands of a program, the basis for making improvements and modifications to a software system. Source code can sometimes contain sensitive information. To be clear, MJ Freeway does not use an open source model; their source code is the basis of their traceability software. Open source is a tool that fosters public collaboration on software development, helping identify weaknesses or areas for improvement.

When asked to comment on the matter, MJ Freeway issued the following statement:

“Last week we discovered that someone had obtained an outdated portion of MJ Freeway’s source code. This incident has absolutely no impact on our systems or MJ Freeway services, and client and patient data is not at risk. While this theft poses no risk to our clients, patients, or business operations, we take any incident involving unauthorized access very seriously and have reported it to the Colorado Bureau of Investigation.

Unfortunately, it has come to our attention that our competitors are spreading inaccurate information about the incident, including baseless claims about SSL info and the potential for client data being compromised – neither of which is true. We encourage our customers to contact us directly with any questions they may have.

We follow or exceed all relevant industry security standards and are confident that we have the most robust security measures in our industry. None of our peers come close. However, we live in a world of determined cyber-criminals and we operate in a competitive environment. Success and size makes a company a bigger target for malicious actors, as other large companies also know. We will continue to investigate and take follow-up action as we learn more about this incident.”

On Sunday, June 18th, a user by the name of ‘techdudes420’ posted in the subreddit, r/weedbiz, a thread titled “MJFreeway goes open source.” The link for that post was the Gitlab.com page where MJ Freeway’s source code was published briefly. The same user then published a second reddit post the following day with the same link to the stolen code, but this time in the r/COents, a subreddit for the Colorado cannabis community. MJ Freeway is based in Denver. That post claimed the user found the stolen source code with a quick search and that the user was banned because of that. The moderator of the thread chimed in, saying they banned the user for posting the stolen code. “We received a takedown request from the software owner stating the code had been stolen and released without permission,” says the moderator. “After investigating the matter I reached the same conclusion and removed the thread.” The moderator then updated the comment shortly after: “Edit: As for OP [original poster] ‘finding’ the code, if that were true I don’t know why he or she would have created a new Reddit account just to post the link.”

In addition to their own cybersecurity analysis, a spokeswoman for MJ Freeway says they will be performing a third party audit and analysis this week as well. When that information becomes available, we will update this article.


Update: Multiple sources have reported that portions of MJ Freeway’s source code are still available online on torrent sites like PirateBay.