Tuesday, May 02, 2006

The Other Side of the Coin: When Online Poker Security Gets it Wrong

Let's face it. If you're going to play poker online, then you have to have interest in the measures that online sites take to protect the integrity of their games. This blog has touched on a couple of recent big-name scandals in other posts, but this time we head down another path. What happens when a big site that prides itself on its security measures screws up, and wrongly accuses one if its players of cheating?

It's not a made-up question. It happened recently at Poker Stars, one of the sites at the forefront of security-related news. And it calls into question the limits and drawbacks that even the most well-intentioned security systems can have.

The story was... odd. On April 17th, a frequent poster on the 2+2 poker forums, "TeddyFBI," started a small storm with a post entitled, "Stars catches a bot and it's........my mom." The poster, who also maintains his own poker blog here, told the tale of his 55-year-old mother, who had been thrown off Poker Stars for purportedly running a bot. The poster's mother exhibited behavior perhaps not normally seen --- such as multi-tabling up to six games at the mind-blowing .02 and .05 limits --- and there was once a period of 43 hours where her Stars client was open and running continuously. (I've actually done that one myself --- taking a break from the games, moving to the couch for the respite... and waking up in the morning.)

But in the above case, it turned out that there never was a bot at all. It was just overzealous interpretation of misleading data by one of the security savants at Stars.

It took 72 hours of bad publicity on the 2+2 forums for Stars to get their proverbial shit together and reinvestigate, and in the end they found that their original judgments had been mistaken. The second of the 2+2 threads, detailing the followup, can be found here.

The fact that the big poker sites can and do get it wrong should give us all pause. In a recent piece, webcast host and resumed poker blogger Amy Calistri rails against these sites for playing it so close to to the vest, in not sharing more detail about the measures they use to identify online cheaters. The case above inadvertently proffered one of the "flag" triggers --- having the poker client open and continuously in use for 40-plus hours of play.

Calistri's point is valid; and though it's also easy to understand the sites' desire to keep their cheating countermeasures secret, they're not quite in tune with the real world. Because of this, they come off as being too high-handed and self-righteous in their efforts. Let's create an example to illustrate:

If Stars (or any site) implements Measure XYZ and it's a success, they'll catch a handful of cheaters. But those cheaters don't operate in a vacuum: they'll be out there telling other cheaters their own best guesses at what led to their discovery. Soon, after some short period has elapsed, this fictitious Measure XYZ stops being an effective measure --- its time has come and gone. And at that point, there's no valid reason for a site to not publicly disclose what that measure was, and even such proprietary concerns such as not wanting to let other poker sites in on their secrets doesn't cut it; poker sites need to work in concert, rather than as independent entities, to combat online cheating.

In the above instance, Stars screwed up, though they recognized the error of their ways and made things right. Yet in other ways, they've still got it wrong.

2 comments:

Grinder said...

I would rather them be over zealous then under though!

Haley (a.k.a. "Cawt") said...

Good point, grinder. Perhaps the greater issue is how deep the level of technological awareness and savvy is within the poker-playing public. Since so much of this seems to be a "black box" issue for online players, it may be in online sites' best interest to do a little bit more technological hand-holding of their clientele. Call it good p.r.