We don't outlaw cars just because people have accidents. Rather, we have automotive safety standards, rules of the road and consequences for reckless driving. Similarly, online poker should not be illegal just because there are computer security concerns. Rather, gaming can be regulated and security issues can be managed.
The past 12 months have witnessed an unprecedented number of successful large-scale cyber attacks, resulting in the compromise of hundreds of millions of personal records of individuals in the United States. Notable headline-grabbing compromises include Anthem Insurance, Sony Pictures Home Depot, and Target. Each attack is different, but one fact has become abundantly clear: Poorly managed systems representing high-value targets are increasingly likely to fall victim to highly skilled Internet adversaries.
One might conclude that the Internet has become so dangerous that any application that involves financial information, sensitive personal data or critical infrastructure should be taken offline. Of course, the opposite is happening. Every bank, stockbroker, medical institution and federal, state or local government office that is not pushing to move operations and customer interactions online as quickly as possible is seen as backward and can expect to be left behind in the competitive marketplace.
When it comes to gaming, however, security concerns are cited as a primary reason that online poker should be illegal. In fact, in the United States, only Delaware, Nevada and New Jersey allow online poker; laws in the other 47 states make it illegal to play online poker. Even more troubling is H.R. 707, the Restoration of America's Wire Act. The bill, introduced by Rep. Jason Chaffetz, a Utah Republican, would completely ban online gaming.
Since when do security concerns in an industry result in outlawing that industry? By that logic, all of online banking, online tax filing, computerized health records, automated grocery checkout and just about every other high-tech industry in the world should be outlawed. No, the way to deal with the security concerns in online poker is to work on making poker more secure, not to ban it.
In fact, the online poker industry, which was thriving before April 15, 2011, when all of the major sites were shut down by the Department of Justice, has taken many steps to protect the game. Just like the credit card industry, it has statisticians on the back end constantly checking for anomalous results. Additionally, all of the major online poker sites utilize secure connections using SSL and certificates, and they use proprietary, home-grown client applications rather than standard Web browsers whose security flaws are widely known. The online poker systems that I have examined employ much more sophisticated security measures than I have seen in many other industries. Furthermore, there are new research opportunities for providing even better protection for online poker, for example, by separating out sensitive information (such as one's hole cards) from the public information (such as a poker table) and displaying the cards on a separate, protected device. Further research is sure to yield additional security measures that could apply to other industries as well.
Banks and other financial institutions know that there is a certain amount of loss due to fraud or hacking that they will inevitably suffer. They write it off as a cost of doing business. It would be naive to think that online poker will not face similar losses due to fraud, hacking and other forms of cheating (such as player collusion). Players understand the risks, however, and they should be allowed to make informed decisions about whether to participate. Just as it would be ludicrous to outlaw online banking due to cybersecurity threats, for the same reason, it is wrong to make online poker illegal.
Aviel Rubin is a professor of computer science at the Johns Hopkins University, technical director of its Information Security Institute and an avid poker player and fan. His email address is email@example.com.