Lottery Post Journal

The Tennessee Lottery strikes (out?) again

The Tennessee Lottery posted a video on their web site that demonstrates the security features of their computerized drawing system, and makes claims about the audit trail of the drawings. 

I hope everyone gets a chance to see that video, because it is a great example of how the Tennessee Lottery cannot, in any shape or fashion, show you the actual drawing as it takes place.  All the stuff in that video is a smoke screen, designed to draw your attention to other areas in which they feel they have a firm footing.

It's really wonderful that they have 12 billion video cameras, but can one of them actually capture the method used to select the winning numbers?  Of course not!  It happens inside a computer!

The lottery crows about the fact that each drawing supposedly takes one and a half hours to conduct, and how they use reams of paper to document the drawings.

How is that a good thing?  I thought the whole point was that computers make the process better and more efficient. 

Instead of a nimble, efficient drawing process, they seem to have created a laborious, wasteful, and inefficient slog, in which two employees are dedicated to ticking off dozens of pages of checklists several times a day, and adding nothing of value to the process. 

With all those checklists and pre-draw activities, how did they overlook a colossal error like no doubles and triples being drawn for more than three weeks?

And what happened to the drawings being "exciting", as stated in their first press release?

As I watched the video, I visibly cringed every time the announcer claimed with complete certainty that there was no way for the computer system to be penetrated.  Are they for real?  Don't they know that computers can be hacked?

Every security expert who is worth their salt knows that there is no 100% effective security method.  There are only degrees of safety.  The object is to create the least possible risk. 

Stating that there is no risk is just plain wrong, and highly misleading.  It is a disservice to every citizen of Tennessee.  If the announcer was a security expert he would be laughed out of the business.  He points to the modem line that directly connects the drawing computers with television stations and states that there is no possible way for the modem lines to be hacked.  Dope!

Just the fact that the drawing computers are directly connected to any outside computers is a very poor design!

Despite the announcer claiming to have the only computer system in the world that is incapable of being hacked, I want to show that not only is the statement misleading, but from what I can see, then system is not designed with the proper level of safety protocols.

The drawing computer's line of communications should be designed as follows:

  1. The sensitive drawing computer should only be connected to inside computers (internal network), and that inside network should only consist of the two drawing computers plus one dedicated controller computer.  The two drawing computers should not have any means of communicating directly with any other computer, other than the controller.
  2. The internal network is then connected to another communications computer, which is not on the internal drawing network.  It is a highly firewalled connection, with only a single open port, through which the results are sent (not pulled) from the internal network's controller computer to the communications computer.
  3. The communications computer can then dial up their TV stations to deliver the results.

The reason I am posting this level of detail is because I think it's important for me to back up the allegations I am making about the security weaknesses in their drawing system.

Let me show it to you in another way.

Here is a diagram of how their system currently appears to be connecting with TV stations to deliver the results:

TN Lottery connecting directly to TV stations - bad.

There are several ways that would be acceptable for communicating lottery results to TV stations, but their method is not one of them.

Here is a layout of one method that would be acceptable:

Acceptible method for the TN Lottery to communicate drawing results.

Again, my point in all of this is to show how ridiculous the statements made by the announcer are.  And if you can't trust the statements about one part, can you trust the statements about another part?

The attitude of "we cannot be hacked" and "we cannot be wrong" is the exact attitude that lead to a drawing error that festered at the lottery for more than three weeks in August.  Instead of learning their lesson, the lottery continues to claim they are super-human, and the regular laws of physics do not apply to them.

One last point I'd like to make. 

The video itself is a mistake. 

The lottery basically gave a tour of their security features to the world.  The level of detail shown in the video is a bad idea, because it gives hackers a very good feel for how to attack the system.  ("Attack vectors")

I know in the mind of Hargrove that the video is a pre-emptive strike against anything that might be said against them in the oversight meeting next month.  It's designed to shut down opposition to their massive mistake -- the computerized drawing system.

Earlier in the month when they released some over-inflated monetary numbers for converting back to real drawings, that was another pre-emptive strike.

Hargrove:  instead of these pre-emptive attacks, how about a real dialog with the players?  And when they tell you where to put your computerized drawings, perhaps you should take it to heart, instead of trying to force the players to like it.

Everyone makes mistakes, even you.  Admit this mistake, and correct it.  You will come out a hero if you do. 

Do you see yourself as the people's hero right now?

Link to video demonstration computerized drawing security 


  • Amen Todd. This video is something that will eventually allow people to see the stupidity that inside the lottery headquarters.    No $$ from this pocket. I will spread the word again tomorrow at the store and post all of this around town to warn the players that it is best not to put a cent on pick3 , pick 4, or pick5 in the TN lottery. They can save their money for PB...

    By tntea, at 10:51 AM

  • Cut the phone line and make one of the "2" employees call in the results or email them from another computer. No way should the draw machines be hooked up to any other electronic device.

    By ToadSchmode, at 11:59 AM

  • @TS: That would in fact be the safest approach. I'd be willing to bet that they purposely did not go with that approach because they wanted to differentiate between the computerized system and the real drawings. (According to their logic it would demonstrate efficiency of the new system if it automatically sent the results after the draw.)

    If I were the person making the decision I would either go with the outline in my post above, or else your approach (no connections at all). Their current configuration would not even be considered.

    However, I will preface that by saying that I would never be in the situation of making that decision anyway, because I would have never abandoned real drawings.

    By Todd, at 12:29 PM

  • This type of rhetoric about how they do this and how they do that is what got them in trouble the first time.
    Not only does this video show the ignorance of Hargroves followers, but it's a total injustice to the players in Tenn. Also it shows how this commision believes the people ( players) are as ignorant to believe this insted of the truth.
    The players need to take a survey on their own and send the oversight commitee exactly what they want. If the people of Tenn want to right this ship, they need to do this now, Or otherwise go down with the ship along with hargrove and all of her "cronies" . I say if the " shoe fits " then wear them, or otherwise look for more reliable representitives to do what you want.

    By MADDOG10, at 1:03 PM

  • Too late to be a hero, too myopic to see beyond her well padded ivory tower. She's not changing her abusive 80's CEO mindset for anyone.

    By konane, at 3:59 PM

  • Todd you did a great job of explaining how any system can be hacked. i dont know why he acts like its perfect and cannot be tampered with in the video. when i watched it i was waiting for him to say,"we try our best to take measures so the game cannot be corrupted" people want to know they are trying but when they act so certain by saying it cannot be hacked it just makes things much worse when something does go wrong or when someone does something to affect a drawing even if it is an accident the video makes it seem like the machine is perfect and nothing can ever go wrong.

    By tnlotto1, at 8:14 PM

  • @tnlotto1: You've nailed it. People are unforgiving when their smugness and certainty of perfection does not pan out. They are, in fact, saying the security of their systems is perfect.

    By Todd, at 11:17 PM

  • todd,i think your whole post should be seen by the tennessean.if we could get this stuff seen by the media and keep it in the spotlight showing the brazen idiots these jackasses are at the tennessee lottery.these jokers are twenty times worse than indiana ever thought about being.i think there will be more mistakes in the future with this thing you know it'll spit triples out in the pick 3 three times straight like kansas.people any you see triples like 222 or something of the sort always go buy the same number for the next draw.i'll bet sooner or later the mistake of it hitting twice will happen.when it does i'm going to make a small mint,we'll see.....

    By LOTTOMIKE, at 7:59 AM

  • Carrier pidgeons would be better than what they are doing now.

    By jarasan, at 11:44 AM

Post a Comment

<< Home