Nonrepudiation and Draw Integrity
Defining the Case for
Nonrepudiation and Draw Integrity
Draw Nonrepudiation protects lotteries against draw system vulnerabilities. Draw system susceptibilities include hardware failures, software defects, and insider fraud – all which are difficult to spot because incorrect or fraudulent numbers may look just like randomly generated outcomes!
But what is Draw Nonrepudiation?
Draw nonrepudiation: proof of the draw outcomes and their origin. With this evidence, the draw generation process can be fully transparent through:
(1) systemic proof of draw integrity of the random outcomes and the process that generated them,
(2) verification of the proof on an independent system by third parties such as auditors or outside entities,
(3) detection of faults or fraud immediately when they occur and at any later time when needed, and
(4) legal protection to prove in the court of law that draws were (not) interfered with and were (not) resulting from faulty systems.
It is impossible to prevent all faults and fraud; we believe that equally important to prevention is detection of all draw problems, with irrefutable proof that can hold up in a court of law. Transparency and audit of all aspects of the draw provides proof of the origin and integrity of the generated random numbers.
Most electronic draw systems on the market use the traditional method of random number generation that does not offer full draw transparency. A traditional RNG is secured by restricting access to the electronic draw machine, while protecting it from known threats. The weakness of traditional draw methods is that they rely highly on processes and people, with limited visibility into the system itself: unexpected problems such as a hardware or software errors may not be exposed. Similarly, a concealed break-in into the system may easily go unnoticed. When they rely on processes, the draw team, lottery, and all other stakeholders need to take a leap of faith – they must trust that there are no hardware, software, or integrity issues. Sometimes a gross problem will be exposed but other times, the parties assume that there are no problems because they cannot prove otherwise.
Szrek offers a solution with nonrepudiation where the draw machine creates un-modifiable data- the Draw Signature. This Draw Signature is independently verified by a second system. This second system, Trusted Audit, detects problems that could otherwise go unnoticed. With this model – through nonrepudiation – Szrek’s RNG solution detects 100% of draw faults and fraud. By using a draw signature, Szrek’s RNG can address any customer or stakeholder concerns about a specific draw or all draws made. For example, if a rare random event occurs, like a draw of similar or identical numbers on proximate days, the numbers can be checked for integrity. Repetition of identical numbers does happen (Weiss, 2010), and may even be more likely than we think (Hand, 2014). It may however cause concern from stakeholders and with a transparent draw system, this is a concern that can easily be addressed.
There are many cases of draw faults and fraud that could have been avoided and detected if the Szrek RNG systems providing nonrepudiation had been used. These include, recent events like the Tipton fraud case and the Arizona draw game flaw which have left lottery executives’ confidence at an all-time low. In a recent scandal (see Khan, 2017 and Clayworth, 2017), an insider was able to obtain large winnings over several years in multiple states. He was only caught after he won more than $2 million in rigged games and carelessly tried to claim a lottery ticket worth over $14 million. Had the Szrek RNG technology been used, the problem would have been detected the first time a rigged game was played before the winning numbers were announced – when the independent verification failed to confirm the draw numbers. It would have been clear that someone had interfered with the drawing, and the draw would have invalidated. This would have allowed lotteries to catch the perpetrator right away, not permitting the fraud to continue for several years.
In Arizona, there were two separate recent incidents of draw machine malfunctions, with the same numbers generated for consecutive draws in games played from end-September to October and then again in November (Coppola, 2017; Marsh, 2017). If the Szrek RNG technology were used, the problem would have been detected before the first incorrect draw took place. This would have allowed the lottery to switch to another electronic draw machine, avoid an incorrect draw, and address the immediately, instead of unknowingly continuing to use a faulty machine (twice!). Szrek’s RNG would also have provided the lottery with a Draw Signature – the irrefutable proof of integrity that would protect it against any liability cases. As it was, without draw transparency, it required multiple failures for the problem to be noticed. This, in turn, cast needless doubt on the integrity of the lottery and the industry as a whole.
The nonrepudiation of RNGs and draw transparency should be made a requirement for electronic draw machines. Any lack of transparency in any part of the draw opens the industry to vulnerabilities that could easily be avoided, such as these recent events. Regulators and lottery executives are in a position to protect consumers and build trust by demanding nonrepudiation, verifiable proof of draw outcomes, required for transparency in the draw process.
This information about non-repudiation can be found in our white paper, Redefining Electronic Draw Security.