Washington’s Marijuana Compliance Software At Security Risk? LCB Says No

WASHINGTON: Reports that the software powering Washington State Liquor Control Board’s I-502 Portal contained serious security vulnerability have circulated widely on Reddit and across the cannabis industry blogs in the past several weeks.

MJ News Network asked the author of that software, BioTrackTHC, to clarify.  The company CTO, Patrick Vo, passed along a note from Liquor Control Board spokesperson Brian Smith that flatly denies the reports.

We reprint the contents of that memo here, in its entirety:

From: Smith, Brian E (LCB) ‪<brian.smith@lcb.wa.gov>‬

Date: Tue, Jan 13, 2015 at 4:02 PM

Subject: LCB Follow Up

To: Patrick Vo <patrick.vo@biotrackthc.com> 


It has been reported online that Washington State’s recreational marijuana seed-to-sale traceability system has shown potential vulnerabilities that could lead to the software system being compromised. It has also been reported that the system could be temporarily shut down.


We are confident in the security of the system. As with any steward of private data, we ensure that strenuous precautions are taken to prevent any vulnerabilities. Our vendor has scanned the system and has seen no evidence of anomalies or any breach.


The Washington State Liquor Control Board and our vendor, BioTrackTHC, were not contacted for comment or fact-checking before this story was published. We recognize that attempts to hack an organization’s software systems is commonplace in today’s society.  We will continue to ensure that the system is protected using the latest and best security practices.


Brian E. Smith

Communications Director

Washington State Liquor Control Board