The Crooked and the Straight

That might not seem like it has anything to do with security, but it does. The cost of eating spoiled yogurt—a much greater risk of getting sick—is actually quite high. It may not be high for you (maybe you’ve got an iron stomach or excellent immunoresponse). For the yogurt manufacturers, it’s an enormous cost because they produce millions of units of yogurt, and therefore they could potentially be responsible for thousands or millions of illnesses if they don’t properly secure their yogurt.

The solution is simple and obvious: print the expiration date on each unit of yogurt. Ah, but the devil is in the details.

There is an expiration date on the yogurt, but the consumer isn’t the only one who has an interest in that date. The retailer has an interest now, too, because they are supposed to remove units from their shelves that have passed their expiration dates. To put it cynically, the retailer isn’t really interested in whether the yogurt is spoiled or not, just whether the yogurt is sold or not. Unsold, expired yogurt is thrown away and represents a financial loss to the store.

If the retailer could very easily modify or forge the expiration dates on the units of yogurt, it might become worthwhile to him to do so to avoid losing money on expired unsold product. (I admit, this is a simplistic analysis, but bear with me.)

So the yogurt maker actually has three different goals in designing their expiration security system: To make it cheap for the manufacturer to implement (so as to increase the cost per unit as little as possible), to make it easy for the customer to distinguish good versus expired product, and to make it hard for the retailer to tamper with. Any system which fails to meet any one of these three requirements is inherently flawed.

At the local grocery store I frequent, there is a brand of yogurt that implements their security like this: Each unit is sealed with an airtight plastic film, topped with a lit, and has the expiration date printed on the lid.

You can probably spot the problem already: the fact that the expiration date is on the lid is a fatal flaw. The lid is removable. Worse, it is removable without otherwise affecting the rest of the unit of yogurt. And worse still, the lids are identical for this brand, independent of the flavor or variety of yogurt.

This means that you could swap lids between different units and you would have no way of detecting this kind of tampering. Because the lid is the only place that bears the expiration date, you have no way to be confident that the expiration date on the lit corresponds to the actual freshness of the food inside.

I imagine that the manufacturer implemented their security this way because it’s easier (and therefore cheaper) to print the date on the lid, which is basically a short, flat cylinder, instead of the container itself, which is conical, labeled differently for each variety, and has to be sterilized, filled, and sealed. In so doing, however, they’ve completely violated one of the three goals: the expiration date is trivially easy to tamper with.

Now, even given all of that, I have a lot of confidence that my grocer isn’t going to go swapping lids around. Selling expired yogurt is a good way to lose customers, and losing one customer is probably much more costly to them than throwing away some expired yogurt.

But because the tampering is trivially easy, it means that any shopper in the store—some mischievous kids, for example—could also tamper with the yogurt by swapping lids. I might trust my grocer, and I probably trust the people that work there, but I would be foolish to trust everyone who ever shops there and wanders through the dairy section.

I purchase a different brand of yogurt.