Marijuana Inventory Tracking system security complaints to prompt video changes

mits.graphic.205x205.jpg
Video below.
Yesterday, we posted about a new video intended to reassure members of the cannabis industry about the new and controversial Marijuana Inventory Tracking system, shorthanded as MITs.

Looks like this clip will have to be amended, however. According to the Marijuana Enforcement Division spokeswoman who stars in the footage, complaints from a local ganjapreneur about a lack of security on the MITS website suggest a misunderstanding that needs to be addressed.

The complaints about MITs, a system created by the contractor Franwell, come from Jessica LeRoux, aka the Cheesecake Lady, whose marijuana edibles company is called Twirling Hippy Confections. Here's an item she posted on her Facebook page about mymits.com, the system's website:

jessica.leroux.cheesecake.lady.jpg
Jessica LeRoux.
We've already found a glitch in the MITS system: System to track and regulate cannabis isn't even on line yet and we already have a major security breach in the website to set up owners to take the classes to learn to use the incomplete system. Holy FUCK! Not only is the website not secured, in and of that anybody can use it even if they are not in the CO cannabis industry in any way shape or form... BUT once you enter a license number (it could be found on any packaging, maybe in the trash, or on many industry websites), if you enter any badge number into the system that turns out to be a valid badge, that badge holder's name automatically is filled in... giving persons with no business or right to know access to the name of virtually every person who has ever been badged in the state of Colorado... LEOs can be playing with the system right now, so can identity thieves.... Oh, and since the manifest system for transport of cannabis has never been secure now, black marketers have access to the names and badge numbers they can plug into a manifest and carry their weight from border to border w/o a LEO getting a clue... great!
LeRoux adds: "MED/FRANWELL you are all completely INCOMPETENT. A64 supporters you've all fucked the cannabis world beyond words...."

When we contacted Marijuana Enforcement Division spokeswoman (and video star) Julie Postlethwait about these claims, she noted via e-mail that she had already seen LeRoux's post "and have provided a response that will be added to the mymits YouTube site. I cannot access YouTube from a state computer, so our vendor, Franwell, will be posting my response on my behalf."

Julie.Postlethwait.screen.capture.205x205.jpg
Julie Postlethwait.
As for the meat of LeRoux's complaint, Postlethwait writes, "Basically, we have a public informational site, which we are using to provide information to the public at large. We are also using the site to get industry members started on registering for MITS training. It is true that they must provide a business license number and we are requiring current occupational licenses for participation in the training -- neither of which is protected information. This will kick-off the registration process, so that we can begin a stringent authentication process for MITS industry training. The important point is that the informational site is NOT the MITS system, which is fully protected by layers of security and encryption."

Postlethwait also shared her response to LeRoux, which covers the points above and reveals that the post above was also shared on a state website -- prompting some stern words about profanity.

Jessica,

We're glad you were able to access this public informational site. In an effort to increase efficiency we used this communications tool to provide you with information needed to obtain MITS industry training. This is not the MITS system -- which will contain several layers of security and encryption - it is a public informational site which contains ONLY public information. As you know MED business license numbers and the name of the MED licensed holder's are public information.

As this is a public site please refrain from using offensive language. Because your comments ask good questions, we will maintain them on the site. However, future use of obscene language will cause us to remove comments.

Thanks you for your feedback.

Here's the MITs video featuring Postlethwait.

More from our Marijuana archive: "Marijuana: Department of Revenue releases final recreational pot rules."

My Voice Nation Help
13 comments
KathleenChippi
KathleenChippi topcommenter

Sounds like the MMJ 'industry still hasn't  listened to the 64 tile board hearings where the 64 SCAMpaign said "we have a mmj model that works...."  this is what they promised. 

KathleenChippi
KathleenChippi topcommenter

Hey Twirling Hippy - HB1284 and the DoR rules, the 'program' you all signed up to operate under --offered NO privacy protections of any kind--not even for patients, let alone workers or businesses. 

It was one of the MANY reasons I called for a state wide boycott of applying for a HB1284 business license. As usual, no one listened. THIS INSECURE, UNPROTECTED MODEL IS the seed to sale regulation you (all post 1284 MMJ applicants) signed up for. Patient PRIVACY was ONE of THREE MAIN ISSUE"s in my lawsuits, that you donated not $1 to. 

Patient privacy is protected in our constitution -- MMC's workers have NO PROTECTION--so in this case, there is NO BREACH of DoR data--ONLY A BREACH of the PATIENT REGISTRY that is constitutionally protected. 

 Sure 64 sucks--but they adopted the MMJ model instead of alcohol--YOU ALREADY ARE in the MMJ model and you signed up on your own free will. Quit acting like you have been screwed.

George
George

Can anyone tell us how the DOR got the confidential patient data into this database? 

1) Did the CDPHE give it to the DOR?
2) Did the DOR steal it from the CDPHE?
3) Or did MMC owners hand over the information to the DOR?

Either way, it is a violation of both state statute and the Constitution. But since there are no lawyers with any balls or integrity in the state, this is just another injustice that will go ignored by the Greedy Big $$$ Dispensary Cartel.

Monkey
Monkey

Yep, last time I was in a brewery or liquor store, all the employees were badged, and the products they were handling were electronically tracked from fermentation to sale. Even the grain and hops they use were weighed during cultivation and electronically tracked from seed to sale, and delivered by badged personnel. I guess they were right, marijuana is regulated just like alcohol. 

Cognitive_Dissident
Cognitive_Dissident

@KathleenChippi The last people who have a gripe are the industry people who voluntarily put their hands around their ankles before getting spanked. As you say below, some of us tried to stop them.

McShyster
McShyster

@Monkey ... an no ex-drug criminals or ex-felons were allowed to work as waitresses, busboys, dishwashers or bartenders ... and customers were only allowed to purchase 1 (one) six-pack or bottle of wine, and only allowed to possess same 1 (one) bottle of wine at any given time even in the privacy of their own home..

As Lying Brian Vicente, Mendacious Mason Tvert and the rest of the tools and fools who supported that worthless piece of shit A64 chanted -- 

                  **** REGULATION WORKS! ****

... now BEND OVER and receive the Government FIST of REGULATION you fools begged for!


George
George

@McShyster I'm sorry, if alcohol were regulated like Lyin' Brian wants weed regulated, there is no way you'd be walking out of a liquor store with a whole bottle of wine!  Bend over and take your ounce of wine or your ounce of beer or your shot of whiskey up your ass.  Alcohol is far too dangerous to let someone have a whole bottle or can!!!

JDGM
JDGM

@George @McShyster Creating even more fake names to carry on conversations with yourself?

Your life must be really dull, Donkey.

Now Trending

Denver Concert Tickets

From the Vault

 

Loading...