程阳：美国彩票多重安全防护系列措施

A Safety Analysis of Gtech at the Minnesota state lottery

一篇被屏蔽删除而又复活的文章  【PDF全文】

程阳关于吉泰克的更多文章

SUMMARY   

 The Minnesota State Lottery is both the promoter and regulator of lottery games, a situation that could compromise the integrity of the games. However, with its comprehensive security procedures, the Lottery protects the security of both its scratch and online games and ensures that Lottery proceeds are allocated properly. We found two instances in which the Lottery did not fully follow its procedures to ensure scratch game security—not conducting full internal security testing on scratch game tickets and not always receiving timely written documentation from the independent security lab that tests scratch game tickets—but we do not believe that either of these compromised the Lottery’s scratch games. The Lottery has thorough procedures to protect its online games, and we found no evidence that these procedures were not followed. The Lottery relies on very sophisticated information technology systems to keep games secure. As such, the Lottery should have regular information technology security audits to ensure that its technology systems are reliable.  

 Online Games  

  Similar to scratch games, the Lottery has designed comprehensive security procedures that protect the integrity of online games. As detailed in Table 4.2, the Lottery’s online game security procedures include having secured ticket stock, double-recording all online game transactions, conducting random drawings, and electronically validating winning tickets. Most of the online game operations are conducted by GTECH, the Lottery’s online games vendor. Based on our observations, interviews, and review of Lottery documents, we found the online game security procedures to be sound and found no evidence that they were not followed.

  • Ticket stock. The ticket stock used for Minnesota online games is secure and controlled. Two outside vendors produce the ticket stock that Minnesota uses for its online games. The ticket manufacturers ship the ticket stock directly to GTECH, where it is stored in a secure location and monitored by Lottery camera surveillance. Entry into the room holding the ticket stock requires two card keys. The ticket vendors send a computer file to the Lottery that links each unique ticket number to a specific carton number. GTECH uses the carton number assigned by the ticket vendor to distribute the ticket stock to retailers; only Lottery security officials can link a specific ticket to a specific retailer.  

 • Online transactions. The Lottery adequately deters insiders from creating “winning” tickets by requiring that all online ticket sale transactions be recorded in two information systems—one at the Lottery and one at GTECH. When a player purchases an online game ticket, the retailer enters the transaction into a terminal provided by GTECH. The transactions are transmitted from the terminal to GTECH’s main computer system, which records the numbers that were selected for every online ticket purchased at each retailer location. Every 20 to 30 minutes, all of the transactions recorded in the GTECH information system are transmitted to the Lottery and recorded in the Lottery’s information system. A person trying to cheat the Lottery after a drawing was held (once the winning numbers were known) would have to enter the “winning” ticket into both information systems.

Drawings. The drawings for Minnesota’s online games are secure. For Minnesota-only games (Daily 3, Gopher 5, and Northstar Cash), an independent auditor verifies that ticket sales have stopped for that day’s game and authorizes the drawing to occur. Lottery officials, using a computer program, randomly select one of the two on-site random number generators to use for that day’s drawing. Using the chosen random number generator, a Lottery official conducts the drawings for Minnesota’s online games. The Lottery conducts regular statistical analysis on the winning numbers to verify that the drawings are random.

 The Lottery’s procedures also help to protect the integrity of the multi-state drawings. Before every multi-state drawing (for Powerball and Hot Lotto), the Lottery compares its transaction report with the report from GTECH. The Multi-State Lottery Association (MUSL) hires an auditor to be present when the reports are compared and certify that the Lottery and GTECH reports balance. In MUSL drawings (which are held in Iowa), the winning numbers are selected from machines using hard rubber balls. The machines and balls are selected randomly for every drawing, and the balls are weighed and x-rayed several times a year. At every Powerball drawing, a MUSL supervisor, an independent auditor, and a police officer are present. According to the Lottery, MUSL performs regular statistical analysis on the winning numbers to verify that the drawings are random. The Minnesota Lottery began conducting its own statistical analysis of the MUSL drawings in 2004 to provide additional oversight.