Lessons from Arizona: Redefining Transparency for Lottery Draws
Arizona Lottery glitch produces same numbers in multiple drawings
A RNG machine used by Arizona Lottery generated duplicate numbers for several consecutive games. Read the news story in AZCentral by clicking HERE.
This type of problem can be a result of defective hardware or faulty software. Such problems can be avoided by using Szrek’s Trusted Draw RNG system. The draw system detects defective RNG hardware and will not issue random numbers from flawed devices. Draw software creates an irrefutable proof of integrity for every draw, which can be verified by the Trusted Audit system. By using the Szrek RNG solution, the Lottery can always independently verify the integrity of draw numbers and the draw process before confirming and posting the draw results.
Arizona Lottery glitch produces same numbers in multiple drawings
(Photo: Republic file photo)
Following the recent incorrect draw results in Arizona, perception of electronic lottery drawings are at an all-time low. Helena Pereira and Walter Szrek have written an article in response to what happened.
We invite you to read below about how such problems can be prevented in the future. (And don’t forget to read the second part of this post, Lessons from Arizona, Part II: A Solution.)
Lessons from Arizona: Redefining Transparency for Lottery Draws
Security in the lottery industry is essential. Players must trust that every step of the way, lotteries provide secure games from beginning to end – including for electronic draws. Automated draw machines are integral to the lottery industry for many reasons, including that they help streamline the draw process with consequent cost-savings, and they are an important vehicle for launching new games and seizing new markets. Lotteries, Gaming Authorities, and Certification Agencies have defined certification standards for the generation of random numbers, security requirements for protecting ADMs, and auditable processes to ensure procedures are correctly implemented.
The certification and security standards support a strong rapport between consumers and lotteries. These measures, however, do not protect ADMs against hardware defects, software failures, or insider fraud. Many cases of errors or fraud have taken place in the US within the last decade despite the best practices that have been defined and numerous certifications of ADMs by independent labs. The industry keeps being confronted with situations of faulty random numbers due to improper machine setup, hardware malfunctions, software glitches, and fraud. While mistakes, hardware or software malfunctions, human mistakes, and cases of fraud are bound to happen, the problem persists because the random number generation process is not transparent. Problems are hidden inside the ADM computer and they are not evident externally, so they can exist without being detected.
The industry is realizing that the traditional security and certification approach fails because it does not provide transparency into the RNG process. The cost of a single problem is very high and hurts the whole industry. Consequently, transparency into the RNG process should be a requirement – at the very least to protect consumers.
The technical solution to the problem exists, and lotteries and operators worldwide have been deploying this technology since 2005. Early adopters include Danske Spil, Lottomatica, IGT, Sisal, and more recently Texas Lottery, Iowa Lottery, and Ithuba, South Africa – amongst others.
The currently available RNG system ensures fault-tolerance and provides nonrepudiation, proof of the origin and integrity of the generated random numbers. The process of generation in its initial step verifies if the RNG hardware generates a correct RNG seed and proceeds with a draw only if there is no device error, otherwise it switches to a second device. The verified digital signature, which functions as a RNG seed for random number generation, is saved as a Draw Signature. This Draw Signature allows for recreating every draw, and it serves as proof of draw integrity. The Draw Signature cannot be altered or manipulated and it provides information to identify any malfunction of the hardware, software, configuration errors, or fraud.
The result: the draw generation process is transparent and there is independent verification of the numbers drawn on an independent system by internal auditing departments or outside entities. The verification can take place at the very time of the draw, just after the draw, or at any other later time following the draw. If there is any problem with the RNG generation process, this problem can always be detected. The Draw Signature existing in the form of a digital signature can also serve as legal protection.
In the recent Arizona draw machine malfunction, the same numbers were generated for consecutive draws. If the described RNG technology were used, the problem would have been detected before the first incorrect draw took place. This would have allowed the lottery to switch to another ADM, avoid an incorrect draw, and address the problem immediately instead of unknowingly continuing to use a faulty machine.
The lottery would also have the draw signature – the irrefutable proof of integrity that would protect it against any liability cases. As it was, without draw transparency, it required multiple failures for the problem to be noticed. This, in turn, casts needless doubt on the integrity of the lottery and the industry as a whole.
The nonrepudiation of RNGs and draw transparency have not been made a requirement for RNGs/ADMs. Any lack of transparency in any part of the draw opens the industry to vulnerabilities that could easily be avoided. Regulators and lottery executives are in a position to protect consumers and build trust by demanding verifiable proof of draw outcomes, required for transparency in the draw process.
See the same article in La Fleur’s.
See the original news story about what happened in Arizona.
Have you already read our thoughts on how to address the problem? See part 2 of this post.