– Write Gambling Software, Go to Prison (Wired, Dec 3, 2013):
In a criminal case sure to make programmers nervous, a software maker who licenses a program used by online casinos and bookmakers overseas is being charged with promoting gambling in New York because authorities say his software was used by others for illegal betting in that state.
New York authorities say that about $2.3 million that Robert Stuart and his company, Extension Software, received in cash and money orders for licensing his software constitutes direct proceeds of illegal, U.S.-based bookmaking operations.
“These defendants abetted large-scale illegal gambling in the U.S. and abroad,” said District Attorney Cyrus R. Vance, Jr. in a press release in October when Stuart was charged. “In doing so, they gave bettors an easy way to place illegal wagers, and created an appetite for further unlawful activity.”
But Stuart, who has been charged along with his wife and brother-in-law with one felony count for promoting gambling in New York through their software firm, says that his company sells the software only to entities outside the U.S. and that he’s not aware of anyone using it in the U.S. or using it to take illegal bets in the U.S. He also says the software doesn’t place bets, it simply provides online gambling sites with the infrastructure to select and display which sporting events they want to offer for betting and also stores the bets.
“It’s overreaching where they’re going after a software developer who sells the software with a legal license, and yet we’re still being prosecuted on how it’s being used,” Stuart says. He notes that authorities have not told him yet who exactly he’s accused of aiding and abetting.
A hearing in the case is scheduled to be held in New York on Jan. 8.
The prosecution of a commercial programmer for crimes committed by people who used his software would set a dangerous precedent for other software makers who might be held liable for how their legally licensed software is used, says Jennifer Granick, director of civil liberties for the Center for Internet and Society at Stanford University.
“It’s scary for software distributors, if someone happens to use their software for illegal activity,” she says. “If you know what people could use it for, and didn’t prevent it, did you take enough steps? What level of knowledge you need to have and all of that is not as clear as it should be [under current laws].”
Stuart asserts that New York authorities only came after him because they wanted to use him as a conduit to uncover illegal gambling operations in that state. He says the New York district attorney’s office tried to strong-arm him into a plea agreement that would have had him hacking into the systems of his software clients in order to obtain the usernames and passwords of gamblers and their bookmakers to help authorities gather evidence of illegal gambling.
Although Stuart initially agreed to the terms of the plea, he later recanted because he said he was uncomfortable being used as a pawn to secretly collect information on his customers. He claims authorities are charging him now in retaliation for refusing to cooperate with them.
Under plea agreement discussions that were never finalized by a judge, and that occurred in February 2011 before Stuart was charged with any crime, Stuart says New York authorities pressed him to install a backdoor in his software and distribute it to clients so the data of gamblers and bookmakers could be retrieved.
Stuart showed Wired a plea agreement (.pdf) signed by former Manhattan Assistant District Attorney James Meadows, which stated that he would plead guilty to second- and fourth-degree money laundering charges and assist the DA’s investigations by, among other things, “aiding in the design of software used to obtain records, usernames, passwords, and other information stored on websites using” his company’s software.
Stuart says authorities specifically told him that they would not use the backdoor themselves but that he would be expected to access the servers of online casinos and others who used his software overseas in order to retrieve the information of gamblers and bookmakers on their behalf.
“They made it clear that they would do nothing. I was expected to do everything, to modify the system to allow myself to get in to get the information they wanted,” he says. “Their whole intention was for me to retrieve information from those databases that were located in foreign countries…. They were going to use me to get to the clients…. But I’m not a hacker, I’m a software developer.”
While it’s not unusual for suspects to become informants and work undercover with authorities to gather evidence against others, pressuring a software vendor to backdoor his own software and then sneak into his customers’ systems is an “outlandish” law enforcement tactic, says Granick, and would make him criminally liable under the Computer Fraud and Abuse Act unless authorities obtained a court order in the U.S. and also obtained all of the relevant legal permissions in the countries where his customers operate.
“Sending something to backdoor people’s systems and to steal customer data would violate the CFAA and would without a doubt be crimes in any country in Europe, particularly any that are signatories to the Cybercrime Treaty,” she says. “Many of these people will not be Americans, and it’s not unlawful for them to gamble, but [authorities] are taking their usernames and passwords. Someone needs to be investigated, but I’m not sure it’s [Stuart]…. If I were his lawyers, I’d be investigating to see where they got the idea that this was okay.”Although Daniel R. Alonso, chief assistant in the Manhattan District Attorney’s Office, was reluctant to discuss the terms of the confidential plea agreement or how his office planned to implement them, he insisted there was nothing unlawful about what was proposed.
“The provision you have questioned is perfectly consistent with the obligations of all law enforcement officials to follow state and federal law to secure evidence of criminal conduct,” Alonso said in an e-mail statement. “The staff of the Manhattan District Attorney’s office involved in this case, both prosecutors and investigators, have behaved ethically and consistent with their obligation to seek justice in every case.”
The case began in February 2011, when Stuart says he and his wife got the Kim Dotcom treatment after about 30 local Arizona law enforcement agents wearing SWAT gear and camouflage dress — some of them with bushes attached to their shoulders to blend into the woods around his house — descended on his home and threatened to send him and his wife to prison for 35 years if he didn’t cooperate.
The search warrant used in the raid said Stuart and his wife were engaged in money laundering, operating an illegal enterprise and engaging in the promotion of gambling. Stuart has tried to obtain a copy of the affidavit used to get the search warrant, but it’s currently sealed.
The conversation for the plea agreement occurred the day after the raid, when Stuart says he was still traumatized by the experience and had only rent-a-lawyers, hired quickly over the internet, to represent him. The lawyers urged him to cooperate and agree to the terms.
Although he signed the plea agreement, Stuart says he changed his mind after he had time to reflect on what authorities were asking him to do.
“We demanded that we would accept no plea, not even for a parking ticket, because we have done nothing wrong,” he says.
Some 18 months passed before he and his wife and brother-in-law were indicted this last October. By then, all of the allegations in the search warrant were gone except for a single count charge for first degree promotion of gambling (.pdf).
According to New York authorities, Stuart and his employees “knowingly advanced and profited from unlawful gambling activity by engaging in bookmaking to the extent that they received and accepted in any one day more than five bets totaling more than five thousand dollars.”
Stuart isn’t actually accused of making or taking bets, however, just creating the software that allowed other people to do so. The New York district attorney’s office says his software was used to make illegal bets in that state between Sept. 2008 and June 2011.
Stuart’s company, formerly based in Arizona but now based out of Nevada, created and supports online gaming software called Action Sportsbook International, which he has been licensing to clients for a little more than a dozen years. The software provides online sports bookers and casinos with the infrastructure to run operations for betting on horse-racing and a variety of sporting events, such as professional and college football and basketball games and soccer.
Clients pay quarterly to license the software at rates that vary between $6,000 and $45,000 per quarter.
“We deliver our software and help set it up and we make sure it’s being used in places where it is legal to be used,” Stuart says. The software, however, is designed to be used in a time-shared environment where clients can place it on a server and sub-license it to casinos and other sports bookers. “We have very few clients that are actually in the gambling business themselves. In some cases they’re directly taking the bets, but it’s more likely that it’s people who provide gambling services to others, to agents or casinos.”
Stuart says his company is not involved in the sub-licensing and doesn’t know who his clients’ clients are. He thinks some of his clients may have rented the software to others who misused it.
At the time of the raid, Stuart had about 20 clients, all of them outside the U.S. in Costa Rica, Panama, Australia, Jamaica, the UK, the Dominican Republic and elsewhere. Now he’s down to 10 clients.
“This has had a real devastating effect on the business,” he says. “Any time you’re indicted, people are going to question.”
Granick says authorities may have a tough time proving their case since they will have to show that Stuart or his employees knew that their software was being used for illegal gambling by residents in New York and did nothing to stop this.
“They can’t prove that merely from the distribution of the software itself,” she says. “They need additional information to show he knew and intended the unlawful activity. You would have to prove that through emails or statements he made that show that he knew the money was coming from someone he knew shouldn’t be gambling and was approving it.”