Clickability tracking pixel

Massachusetts Lags Other States on Regulating Fantasy Sports Cybersecurity

Critics call for more state oversight to better secure sports gaming, a computer-driven operation in which billions of dollars are up for grabs each day.

by The Patriot Ledger, Quincy, Mass. / August 9, 2017

(TNS) -- Since November 2015, there have been calls to change a serious and increasingly obvious oversight in our commonwealth's regulation of daily fantasy sports.


Contrary to how other states handle matters, Massachusetts' regulation of daily fantasy sports gaming doesn't provide any state oversight to ensure the games are honest, including protections against hackers penetrating the systems that companies use to run their competitions.

One might think there's no need for state oversight because the various computer systems driving this industry essentially referee peer-to-peer play versus gambling against "the house." Who would dare try to hack a computer-driven gambling operation in which billions of dollars are up for grabs? Has anyone been paying attention recently?

Meanwhile, Nevada has requirements on "maintenance of all aspects of security of the interactive gaming system," and for "testing the integrity of the interactive gaming system on an ongoing basis." New Jersey specifies the level of certification that a gaming company's IT staff must have to oversee systems security. State regulators there get notifications if any lines of computer code are changed and even when there's a system anomaly. And specifically regarding that peer-to-peer play, well, a year ago New York State adopted regulations governing fantasy sports. New York specifies that each "platform," which includes "hardware, software, and data networks" managing the contests, must be approved by the state.

The regulations drawn up by the attorney general's office, which are praiseworthy (and now apparently considered a national model) in every aspect except this security gap, operate under a consumer protection model that protects fantasy sports players "from unfair and deceptive acts and practices that may arise in the gaming process."

DraftKings, the Massachusetts giant that, along with FanDuel, dominates the industry, said that it monitors its systems to ensure they're secure. We're certain they do. But that's not state oversight used to make sure all gaming is honest.

Massachusetts requires the industry to keep records of money flowing into and out of fantasy sports player accounts for 10 years. It even requires that records of marketing efforts be kept for four years. But where's the requirement for maintaining all system logs or programming changes?

Fortunately, system security was addressed recently on Page 47, under "Recommended Regulations," in The Report of the Special Commission of the Massachusetts Legislature. The commission conducted a comprehensive study on regulation of online gaming, fantasy sports gaming and daily fantasy sports. There's a reference to a Massachusetts Gaming Commission report from 2011, on factors to consider in crafting state regulatory legislation: "(3) security against data hacking and money laundering." That report, incidentally, also advised testing to ensure systems can't be penetrated by hackers – sort of like the DNC server was. And on Page 49, under Data/network security: "The Special Commission further recommends regular audits and third-party testing to examine and analyze platforms" for data integrity.

On Page 86, in testimony by John T. Holden, a visiting scholar from Florida State University, on state regulators as well as companies protecting the integrity of the games: "Measures can be taken through the implementation of best practices and protocols, as well as the monitoring of online systems to ensure systems are protected from outside threats."

The special commission's recommendations cover a broad swath of online gaming. Next steps are now up to the legislature. Whether as part of an omnibus package or an immediate fix to existing regulations, the sooner Massachusetts establishes systems oversight, the better.

The risk that hackers, from anywhere, could penetrate systems for nefarious purposes should be a given. Just ask Hillary Clinton.

Here's one opinion. What's yours? Click here to write a letter to the editor of up to 200 words or leave a comment on the story. To give everyone a chance to be heard, we allow one letter per writer every 30 days. Read more columns, editorials and letters

©2017 The Patriot Ledger, Quincy, Mass. Distributed by Tribune Content Agency, LLC.

Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.

E.REPUBLIC Platforms & Programs