Should I be posting this anonymously?
May 17, 2005 9:17 AM Subscribe
Does my reverse engineering a protocol for a poker website constitute a violation of the DMCA (or any other statute?)
So I play a little online poker, and as a programmer, I write stuff related to it. I wrote, in particular, something that takes hand positions and makes analyses of them, things like, what are the odds of improving your hand in the next draw, how many possible hands out there beat yours, etc. Since this is no good if you constantly have to be entering data into it, I fooled around with figuring out how to get the data directly from the poker client while you're playing.
Turns out this is pretty easy. Anyway, in the course of doing so, I *thought* I had discovered a huge security hole in the protocol. Turns out that I was wrong.
But. What if I was right? Is what I did illegal? (reverse-engineering the protocol of a website's poker client). There is not really a moral dilemma here for me. If I was correct, I was planning on notifying the poker website -- but not if doing so would get me in trouble.
Clarifying remark: the client uses openssl encryption. To get around this I modified my version of the ssl library, in a manner that is compatible with the terms of the openssl license. Once the encryption is removed there is no further obfuscation or encryption of the data stream.
Further clarifying remark: all the data sent to "my" client is either public data or intended for me, as far as I can tell, that is, it's either remarks about game play "Player 2 folds" or "2clubs dealt to the river" or it's telling me private things about myself, like the cards that are dealt to me. For a short time I thought you could get info about other players from the protocol, but you can't.
So I play a little online poker, and as a programmer, I write stuff related to it. I wrote, in particular, something that takes hand positions and makes analyses of them, things like, what are the odds of improving your hand in the next draw, how many possible hands out there beat yours, etc. Since this is no good if you constantly have to be entering data into it, I fooled around with figuring out how to get the data directly from the poker client while you're playing.
Turns out this is pretty easy. Anyway, in the course of doing so, I *thought* I had discovered a huge security hole in the protocol. Turns out that I was wrong.
But. What if I was right? Is what I did illegal? (reverse-engineering the protocol of a website's poker client). There is not really a moral dilemma here for me. If I was correct, I was planning on notifying the poker website -- but not if doing so would get me in trouble.
Clarifying remark: the client uses openssl encryption. To get around this I modified my version of the ssl library, in a manner that is compatible with the terms of the openssl license. Once the encryption is removed there is no further obfuscation or encryption of the data stream.
Further clarifying remark: all the data sent to "my" client is either public data or intended for me, as far as I can tell, that is, it's either remarks about game play "Player 2 folds" or "2clubs dealt to the river" or it's telling me private things about myself, like the cards that are dealt to me. For a short time I thought you could get info about other players from the protocol, but you can't.
As with most things gambling related, I'd be less worried about the law, than I was about potentially messing with the mob.
posted by veedubya at 9:27 AM on May 17, 2005
posted by veedubya at 9:27 AM on May 17, 2005
I don't think there's a problem. There's already programs out there that do similar things and as pointed out, the encryption is for your own protection, not copyright issues.
posted by dragstroke at 9:40 AM on May 17, 2005
posted by dragstroke at 9:40 AM on May 17, 2005
I have no idea if what you did is legal or not. But FYI, most of the poker helper programs work by screenscraping. They recognize images of the cards on the screen, then use that to drive the analysis. These programs help you calculate odds. My friends who are serious online poker players say that this doesn't help you very much.
posted by Nelson at 10:08 AM on May 17, 2005
posted by Nelson at 10:08 AM on May 17, 2005
You doubtlessly agreed to some sort of terms of service when you created your account. I'll betcha it forbade reverse engineering.
Further, yes, you're almost certainly in violation of the DMCA, which prohibits circumvention of technological protection (I note you said "to get around this...") to reverse engineer. But IANAL.
If you're just analyzing your own hand, and not setting up a poker-bot, I think what you're doing would be recognized as clearly moral and ethical in a sane world. But that's not what you asked.
On preview, calculating odds won't much help serious on-line poker players who are presumably playing high-limit games with, mostly, other good players. But just being able to calculate pot odds and playing a boring, conservative game would allow you to clean up at low-stakes games.
posted by Zed_Lopez at 10:19 AM on May 17, 2005
Further, yes, you're almost certainly in violation of the DMCA, which prohibits circumvention of technological protection (I note you said "to get around this...") to reverse engineer. But IANAL.
If you're just analyzing your own hand, and not setting up a poker-bot, I think what you're doing would be recognized as clearly moral and ethical in a sane world. But that's not what you asked.
On preview, calculating odds won't much help serious on-line poker players who are presumably playing high-limit games with, mostly, other good players. But just being able to calculate pot odds and playing a boring, conservative game would allow you to clean up at low-stakes games.
posted by Zed_Lopez at 10:19 AM on May 17, 2005
Response by poster: Screen scraping is a poor, poor substitute, imho. I get all kinds of information that would be difficult to get that way. I do agree it doesn't help much. One of the numbers I like to look at though, is pot odds vs. the odds of improving my hand in the next dealt card. This is, in my opinion, an important number, and it's not easy (for me) to calculate in my head. Good poker players probably instintively know this. One other thing I'm looking for that I think will be useful is a) having a good history of all the games that I've played and being able to step through them in debug mode and b) while playing, having a history of what players have done through this game or tournament. Again, something good players probably instinctively do. I could identify calling stations, people who play very loosely (or very tightly), etc. I could look at the percentage of flops people have played to see, how often they fold on the river, how many hands they've won/lost and how much, etc.
posted by RustyBrooks at 10:22 AM on May 17, 2005
posted by RustyBrooks at 10:22 AM on May 17, 2005
The pokertracker program mentioned is worth a look - not only does it do everything you want [and more], it throws all the info in an open MS access DB. I believe they encourage you to do what you want with the data or develop third party applications that take advantage of it.
Free trial, as well. Limited to number of hands, so you can get a look at the DB format.
posted by true at 11:02 AM on May 17, 2005
Free trial, as well. Limited to number of hands, so you can get a look at the DB format.
posted by true at 11:02 AM on May 17, 2005
Well, first of all, Poker isn't like chess. If you go by "the odds" (other then before the flop (assuming texas holdem here)) you'll just lose against anyone with any skill.
Anyway, the answer to your question is no.
posted by delmoi at 11:30 AM on May 17, 2005
Anyway, the answer to your question is no.
posted by delmoi at 11:30 AM on May 17, 2005
Further, yes, you're almost certainly in violation of the DMCA, which prohibits circumvention of technological protection (I note you said "to get around this...") to reverse engineer. But IANAL.
Oh, my god. Have you ever read the DMCA? It explicitly allows people to reverse engineer for interoperability.
And it only applies to DRM stuff, nothing else.
posted by delmoi at 11:31 AM on May 17, 2005
Oh, my god. Have you ever read the DMCA? It explicitly allows people to reverse engineer for interoperability.
And it only applies to DRM stuff, nothing else.
posted by delmoi at 11:31 AM on May 17, 2005
I misread the DMCA. Yeah, it looks like you're right; reverse engineering that's not to evade DRM looks okay.
posted by Zed_Lopez at 11:42 AM on May 17, 2005
posted by Zed_Lopez at 11:42 AM on May 17, 2005
Response by poster: Poker Tracker doesn't seem like a real-time analysis tool, which is one thing I'm after. Also, well, it's just the way I am. I prefer to make my own tools for some things and I like the degree of customizability it gives me.
And sure, going by odds *alone* is a poor strategy that will lose you money. But nonetheless odds can be rather informative. Some games yield to analysis a lot better than others. For example, 7 card stud is a game that benefits a lot from statistical analysis, in my opinion. With texas holdem it's pretty easy to see what's going on and what the basic odds for hands are.
This all came about from checking out various hand analysis tools and realizing that most of them are pretty bad, and make unfounded assumptions to make calculation easier (or in some cases, possible at all). Out tables and the like are even worse unless you really know how to use them. Anyway, I just wanted to see if I could do better.
posted by RustyBrooks at 12:08 PM on May 17, 2005
And sure, going by odds *alone* is a poor strategy that will lose you money. But nonetheless odds can be rather informative. Some games yield to analysis a lot better than others. For example, 7 card stud is a game that benefits a lot from statistical analysis, in my opinion. With texas holdem it's pretty easy to see what's going on and what the basic odds for hands are.
This all came about from checking out various hand analysis tools and realizing that most of them are pretty bad, and make unfounded assumptions to make calculation easier (or in some cases, possible at all). Out tables and the like are even worse unless you really know how to use them. Anyway, I just wanted to see if I could do better.
posted by RustyBrooks at 12:08 PM on May 17, 2005
You're not really "getting around" anything by simply decrypting traffic to your own computer that is intended for you. Just because it's not THEIR program doing the decrypting doesn't mean that it isn't meant to be decrypted, and by you, as the end user.
Now, if you were somehow managing to decrypt someone ELSE's traffic -- that'd be a different story altogether.
posted by dragstroke at 12:59 PM on May 17, 2005
Now, if you were somehow managing to decrypt someone ELSE's traffic -- that'd be a different story altogether.
posted by dragstroke at 12:59 PM on May 17, 2005
Don't see any legal problems except for the license agreement you agreed to when you first installed or signed up for the service. Violating that could cause legal troubles.
posted by knave at 1:09 PM on May 17, 2005
posted by knave at 1:09 PM on May 17, 2005
Response by poster: dragstroke: I do agree with you... however, there are notable cases where defeating DRM on, say, music you bought for yourself, is considered illegal. Likewise, playing a dvd you bought on a dvd player that is not properly licensed is also illegal because you have to decrypt it, even though the DVD belongs to you and the decryption is really silly.
I think my case may be different because the encryption I'm "defeating" is not part of the product, and the changes I'm making are all to publicly available source code. It's not 100% clear to me though.
Doing this has shown me just how vulnerable computers are in some sense. I could drop this .dll onto anyone's computer and basically anything they sent over openssl would be available to me. Physical access to your computer is not widespread of course but more and more infections are coming from within trusted circles, not from the outside.
posted by RustyBrooks at 1:38 PM on May 17, 2005
I think my case may be different because the encryption I'm "defeating" is not part of the product, and the changes I'm making are all to publicly available source code. It's not 100% clear to me though.
Doing this has shown me just how vulnerable computers are in some sense. I could drop this .dll onto anyone's computer and basically anything they sent over openssl would be available to me. Physical access to your computer is not widespread of course but more and more infections are coming from within trusted circles, not from the outside.
posted by RustyBrooks at 1:38 PM on May 17, 2005
The printer manufacturer Lexmark sued a company that was making compatible printer cartridges (which contain a special identification chip), citing the DMCA. They ultimately lost so there's some powerful precedent on your side for reverse-engineering for compatibility.
posted by tommasz at 3:31 PM on May 17, 2005
posted by tommasz at 3:31 PM on May 17, 2005
There are already many screen-scraping AI programs being sold legally. And illegally (as deemed by pokersite), it is neither difficult nor uncommon for a skilled player to write profitable code.
posted by foraneagle2 at 11:25 PM on May 17, 2005
posted by foraneagle2 at 11:25 PM on May 17, 2005
write and use*
posted by foraneagle2 at 11:27 PM on May 17, 2005
posted by foraneagle2 at 11:27 PM on May 17, 2005
IAAL
Read carefully the Terms of Service, which you must agree to to access the site. I'm sure there's a prohibition against anything "detrimental" to the site or its purposes or other players.
If your program increases your chances of winning by making calculations fast enough to keep up with the play, which you couldn't otherwise do, it's likely in violation of the terms of service.
The online site undoubtedly has a computerized monitor that picks out players who win too consistently.
Remember that casinos can eject and blackball "card counters," who increase their odds in blackjack. Counters win against the house, while you win against other players, but I think the online site could get past that by saying you could hurt their business if other players found that you had an artificial advantage.
Finally, remember that anybody can sue anybody else. The only thing the court clerk cares about is whether the plaintiff pays the filing fee. The casino has lawyers on retainer, so it costs them nothing. You will have to hire a lawyer to fight a case that could be difficult.
posted by KRS at 9:54 AM on May 18, 2005
Read carefully the Terms of Service, which you must agree to to access the site. I'm sure there's a prohibition against anything "detrimental" to the site or its purposes or other players.
If your program increases your chances of winning by making calculations fast enough to keep up with the play, which you couldn't otherwise do, it's likely in violation of the terms of service.
The online site undoubtedly has a computerized monitor that picks out players who win too consistently.
Remember that casinos can eject and blackball "card counters," who increase their odds in blackjack. Counters win against the house, while you win against other players, but I think the online site could get past that by saying you could hurt their business if other players found that you had an artificial advantage.
Finally, remember that anybody can sue anybody else. The only thing the court clerk cares about is whether the plaintiff pays the filing fee. The casino has lawyers on retainer, so it costs them nothing. You will have to hire a lawyer to fight a case that could be difficult.
posted by KRS at 9:54 AM on May 18, 2005
Likewise, playing a dvd you bought on a dvd player that is not properly licensed is also illegal because you have to decrypt it, even though the DVD belongs to you and the decryption is really silly.
Playing the DVD isn't illegal, selling the unlicensed DVD player is illegal because it curcumvents a copyright method, not because of the decryption.
posted by delmoi at 9:49 AM on May 20, 2005
Playing the DVD isn't illegal, selling the unlicensed DVD player is illegal because it curcumvents a copyright method, not because of the decryption.
posted by delmoi at 9:49 AM on May 20, 2005
This thread is closed to new comments.
posted by reverendX at 9:20 AM on May 17, 2005