Online Crackdown: Lock Down Gambling Sites, Go To Jail!
A new U.S. Justice Department policy threatens to jail security professionals who help lock down online gambling sites anywhere in the world.
For example, you're a computer security expert who's hired by an offshore casino in Costa Rica to develop a security and authentication technology. Your client is a licensed Costa Rica Casino that has been operating for years, and wants to make a foray into online gaming.
You perform a standard penetration test, a security assessment, an architecture and code review, help establish the SSL and authentication protocols, and help with firewall implementation and monitoring - you know: the full suite of security services. You test the beta site and its configuration, and give your stamp of approval.
With check in hand, you return to America and days, weeks or months later, the site goes active. A few weeks after that, you are visited by an FBI agent with a federal grand jury subpoena seeking records relating to your security work. Weeks after that, a knock on the door announces the arrival of deputy US Marshals with a warrant for your arrest for violation of 18 U.S.C. 1084 and 18 U.S.C. 2.
Your computer security consulting may have earned yourself a one-way ticket to the hoosegow.
US law generally makes it a crime if you are "engaged in the business of betting or wagering" and you "knowingly [use] a wire communication facility for the transmission in interstate or foreign commerce of bets or wagers or information assisting in the placing of bets or wagers on any sporting events, or contest..."
This statute, 18 USC 1084, is called the "wire act" and has been applied for more than 70 years to go after offshore bookies who seek to evade US law by locating overseas.
However, Internet gambling is legalized in Liechtenstein, Gibraltar, Australia, New Zealand, Costa Rica, and a few Caribbean islands. So the first question is whether Internet gaming by a company in a country that permits it is a violation of US law. The US Justice Department argues that it is - and has the arrests and convictions - guilty pleas - to prove it. The theory is that entities that are in the business of betting or wagering (even where this is legal), who use international communications facilities like the Internet, and in some way "enter" or "affect" the United States or US citizens, are violating the Wire Act.
What could does this mean to you, the security professional? You aren't in the "business" of betting or wagering. You haven't taken any bets over international wires.
The punishment for aiding and abetting, however, is the same as for committing the underlying crime.
A new U.S. Justice Department policy threatens to jail security professionals who help lock down online gambling sites anywhere in the world.
For example, you're a computer security expert who's hired by an offshore casino in Costa Rica to develop a security and authentication technology. Your client is a licensed Costa Rica Casino that has been operating for years, and wants to make a foray into online gaming.
You perform a standard penetration test, a security assessment, an architecture and code review, help establish the SSL and authentication protocols, and help with firewall implementation and monitoring - you know: the full suite of security services. You test the beta site and its configuration, and give your stamp of approval.
With check in hand, you return to America and days, weeks or months later, the site goes active. A few weeks after that, you are visited by an FBI agent with a federal grand jury subpoena seeking records relating to your security work. Weeks after that, a knock on the door announces the arrival of deputy US Marshals with a warrant for your arrest for violation of 18 U.S.C. 1084 and 18 U.S.C. 2.
Your computer security consulting may have earned yourself a one-way ticket to the hoosegow.
US law generally makes it a crime if you are "engaged in the business of betting or wagering" and you "knowingly [use] a wire communication facility for the transmission in interstate or foreign commerce of bets or wagers or information assisting in the placing of bets or wagers on any sporting events, or contest..."
This statute, 18 USC 1084, is called the "wire act" and has been applied for more than 70 years to go after offshore bookies who seek to evade US law by locating overseas.
However, Internet gambling is legalized in Liechtenstein, Gibraltar, Australia, New Zealand, Costa Rica, and a few Caribbean islands. So the first question is whether Internet gaming by a company in a country that permits it is a violation of US law. The US Justice Department argues that it is - and has the arrests and convictions - guilty pleas - to prove it. The theory is that entities that are in the business of betting or wagering (even where this is legal), who use international communications facilities like the Internet, and in some way "enter" or "affect" the United States or US citizens, are violating the Wire Act.
What could does this mean to you, the security professional? You aren't in the "business" of betting or wagering. You haven't taken any bets over international wires.
The punishment for aiding and abetting, however, is the same as for committing the underlying crime.
