TECHNOLOGY
TOP STORIES

Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent

(MORE)

BUSINESS
Playing for Iraq's jackpot

Coke & smoke bite Dow

Sun Microsystems posts tiny profit

(MORE)

MARKETS	4:30pm ET, 4/16
DJIA	144.70	8257.60
NAS	3.71	1394.72
S&P	10.90	879.91

SPORTS
Jordan says farewell for the third time

Shaq could miss playoff game for child's birth

Ex-USOC official says athletes bent drug rules

(MORE)

All Scoreboards

WORLD

Quake help not fast enough, says Indian PM

U.S.

Bush: No help from Washington for California power crunch

POLITICS

Bush signs order opening 'faith-based' charity office for business

LAW

Prosecutor says witnesses saw rap star shoot gun in club

ENTERTAINMENT

Can the second 'Survivor' live up to the first?

HEALTH

Heart doctors debate ethics of testing super-aspirin

TRAVEL

Nurses to aid ailing airline passengers

FOOD

Texas cattle quarantined after violation of mad-cow feed ban

ARTS & STYLE

Ceramist Adler adds furniture to his creations

(MORE HEADLINES)

MAINPAGE WORLD U.S. WEATHER BUSINESS SPORTS

TECHNOLOGY

computing personal technology

SPACE HEALTH ENTERTAINMENT POLITICS LAW CAREER TRAVEL FOOD ARTS & STYLE BOOKS NATURE IN-DEPTH ANALYSIS LOCAL
EDITIONS:
CNN.com Europe change default edition
MULTIMEDIA:
video video archive audio multimedia showcase more services

E-MAIL:

Subscribe to one of our news e-mail lists.
Enter your address:

DISCUSSION:

chat
feedback

CNN WEB SITES:

CNNfyi.com
CNN.com Europe
AsiaNow
Spanish
Portuguese
German
Italian
Danish
Japanese
Chinese Headlines
Korean Headlines

TIME INC. SITES:

CNN NETWORKS:

CNN anchors
transcripts
Turner distribution

SITE INFO:

help
contents
search
ad info
jobs

WEB SERVICES:

Opinion: The trouble with online auctions and gambling

From...

March 16, 2000
Web posted at: 8:18 a.m. EST (1318 GMT)

by M. E. Kabay

(IDG) -- In 1998, the Arizona Lottery discovered that no winning number in its Pick 3 game had ever included a single numeral 9. It turned out that the pseudorandom number generator algorithm had an elementary programming error.

"Why do I have a sneaking suspicion that their code probably looked like INT(RND * 9)?" wrote Alan Hamilton in the RISKS Forum (see the RISKS Forum Digest, Vol. 19, Issue 83). You can imagine the howls of outrage by everyone who had used a 9 in their lottery numbers, especially when they were told they could have a refund, but only if they had kept their old losing tickets.

The Arizona lottery was using a simulation of a random process to provide the illusion to gamblers that they were betting on a physical process, such as balls mixing together in a barrel and falling out of a tube.

MESSAGE BOARD

Internet society

One of the problems with the Arizona simulation is similar to a genuine vulnerability in proprietary (i.e., secret) cryptographic algorithms. As Professor Dorothy Denning of Georgetown University and many other cryptographers have stressed over the last two decades, the security of an encryption scheme should not depend on the secrecy of its algorithm. Had the lottery algorithm been exposed to public scrutiny, its flaws would have been detected sooner. For example, in the 1980s there was much excitement over a new encryption scheme called the knapsack algorithm extensive examination by cryptographers proved it was flawed. Mind you, it is conceivable that someone detecting the flaw in the Arizona lottery might have made bets with a higher probability of winning than those of uninformed people. But that would have been made less likely by exposing the algorithm to scrutiny before it went into production.

MORE COMPUTING INTELLIGENCE

IDG.net home page

The ABCs of PKI

Clock ticking on key encryption patent

Mars spacecraft appears--on eBay

IDG.net's network operating systems page

Reviews & in-depth info at IDG.net

E-BusinessWorld

Year 2000 World

Questions about computers? Let IDG.net's editors help you

Subscribe to IDG.net's free daily newsletter for network experts

Search IDG.net in 12 languages

News Radio

Fusion audio primers

Computerworld Minute

By now, I hope that any of my readers who gamble online (or for that matter, use an electronic gambling machine of any kind) are thinking nervously about how much trust they ought to place in such gambles.

On another level, at least physical devices (electronic or mechanical) are located in real-world establishments under the nominal control of regulatory and law-enforcement officials. Gambling schemes based on real-world events such as races and contests have a form of validation in external news reports. But on what basis should a gambler trust the results of computer-generated pseudorandom numbers displayed on a screen or on a browser page?

It's not as if you can use the laws of the market to count on identifying screwy results from online gambling. Most individual gamblers will never know if the long-range analysis of the pseudorandom numbers supports their hope in the fairness of the odds. No one is keeping track of this data except the people making money from the participants, and they're not distributing the results of their goodness-of-fit and runs tests.

A similar concern ought to alarm anyone proposing a major expenditure for items sold at auction through electronic auction services. The theory behind an auction is that the competition for an object or service helps participants determine a fair price. This process can be corrupted in a real-world, physical auction if the seller conspires with confederates to artificially bid up the price.

Unfortunately, such shenanigans are even easier online, where anyone can have as many identities as they want. The ease with which browsers and e-mail systems allow forged headers and forged identifiers means that someone could inflate the price of their own offering.

This theoretical discussion does not even begin to address such questions as whether the auctioned items really exist, are as described, or will ever be delivered. A recent case of such fraud occurred on eBay, where Robert Guest of Los Angeles admitted in court in July 1999 that he defrauded victims of around $37,000 by offering goods for auction via eBay but failing to deliver anything. The customers of Mr. Guest certainly found out the hard way that they were being cheated - but how, exactly, were they to know in advance that he was untrustworthy?

EBay has responded to these concerns by suggesting the use of escrow services and telling its users that it does not guarantee the legitimacy of the transactions it facilitates.

EBay did respond strongly in September 1999 when there was a spate of increasingly ludicrous auctions. Someone put up a human kidney for sale through eBay and received bids of up to $5.8 million. The auction service canceled the sale because selling human organs is a Federal felony with up to $250,000 in fines and at least five years in jail. A week later, eBay had to shut down an auction for an unborn human baby. Offers for the supposed baby had risen into the $100,000 range before eBay pulled the plug. Finally, a fool or a prankster - it's unclear which - tried to sell 500 pounds of fresh marijuana online via eBay. The auction was shut down after 21 hours, during which bids had reached $10 million.

So do you think that all the bids were legitimate? Did everyone who bid for kidneys, babies and pot really intend to pay for what they were claiming? Or was it more like a video game, where no one was taking any of it for real? And what does it mean for ordinary users to realize that nobody knows for sure which explanation was correct? Garrison Keillor of the "Prairie Home Companion" radio show from Minnesota Public Radio says, "Buying lottery tickets is a tax on people who aren't very good at arithmetic." I'd say that online gambling and online auctions are, at this point in their development and regulation, a tax on low IQ.