May 26, 2024

Kentucky vs. 141 Domain Names

Yes, that is a title of a real, current legal case and controversy.

(And, no, the links in this post are not spam… mostly gambling news sites seem to be reporting on this.)

The Governor of Kentucky, through his Justice and Public Safety Cabinet, has moved in court to have 141 gambling-related domain names transferred to the Kentucky state government, partially because other legal gambling operations in Kentucky, like horseracing, lose revenue to online gaming. Yes, you read that right: by allegedly violating KY law, the state can move to have property used in these unlawful acts transferred to the state. In this case, the “property” in question is the domain names themselves.

This case is definitely novel in the realm of cyberlaw, but also is a bit controversial for how it originally proceeded. At first, the state met with the judge in a unilateral hearing where the judge granted a seizure order directing the registrars of each domain name to transfer the domain name to the state of Kentucky (a few registrars transferred the domain names immediately upon receiving the order). The judge also then established a date for a forfeiture hearing (think of it as a last chance opportunity for affected parties to appear and dispute the seizure of their property). A phalanx of attorneys for various gambling outfits (presumably, see below) as well as industry and players associations showed up to this original hearing. The judge decided to accept briefing on the various issues presented; his order was due on Wednesday but was delayed until yesterday due to a computer glitch.

Judge Wingate’s order was handed down on Thursday. There’s so much interesting stuff in this case, perhaps it deserves a few more posts; I’d like to highlight a few things:

  • Identifying parties — For obvious reasons related to gambling being illegal in many parts of the United States, many of the 141 Domain Names defendants don’t want to be identified. However, to have standing — that is, to be able to present a legal argument as a direct party to a case — one needs to have an attorney and be identified as one of the named defendants (or anyone could make the case).
  • Domain names as property — Are domain names more like an address or phone number or are they more like a piece of physical property? Here the judge relies on a case from the 9th Circuit in California, Kremen v. Cohen 337 F.3d 1024 (9th Cir. 2003), where Justice Kozinski had to decide if a domain name was property that could be stolen under California law. That case established an “attributes test” for intangible property that includes 1) is there an interest capable of precise definition? 2) can it be excluded from possession or otherwise controlled? and 3) can the purported owner establish a legitimate claim to exclusivity? Applying this test (and some additional muddled reasoning), Judge Wingate found that domain names are indeed intangible property.
  • Devices and chance — The state maintains, and presented expert testimony to the effect, that domain names are a “device or transport device allowing Kentuckians to engage in internet gambling.” In my opinion, this is where Judge Wingate goes a bit off the deep end. The part of Kentucky law that defines a “gambling device” (KRS 528.010 (4)(a) and (b)) as a tangible device manufactured and designed specifically for gambling. Wingate compares domain names to “virtual keys” for “virtual casinos” and finds that reading the law literally is not appropriate here and, rather, Kentucky courts have to uphold the intent of the law. And how much virtual intent can we read into Kentucky law? I would further quibble with Wingate’s assertion that these particular domain names have been designed to attract players; most of the successful gambling sites in the list of 141 seem to have more branding value in their domain names rather than cachet due to clever word choice.

    Also, under KY law, games of chance are explicitly illegal while games of skill are not. The Poker Player’s Alliance, a group that represents players of poker and poker enthusiasts, argued in an amicus brief that the poker-related subset of the 141 Domain Names should not be subject to the forfeiture due to their not being illegal under KY law. Wingate seems on more solid ground with the chance element raised by the Poker Player’s Alliance. The part of KY law relevant here (KRS 528.010(3)) in that it defines chance as only one element of what constitutes “gambling” with risking something of value and the opportunity of winning something of value as the other elements.

What’s the upshot of all of this? To me, it’s pretty scary: A state government moved to order seizure of domain names that it found were illegal “devices” and a judge issued an order demanding the transfer of these domain names before any hearing or opportunity to protest. The state has so far successfully argued that domain names are property and devices used for illegal gambling within Kentucky and that the 141 Domain Names defendants must identify themselves to have standing to contest the seizure and forfeiture. The last shoe to drop is that Judge Wingate, as part of his order from yesterday, ordered the state to rescind any forfeiture for gambling sites that block Kentucky gamers using geographical blocking methods (the wording was, essentially: Defendants who install a “software or device […] which has the capability to block and deny access to [the defendant’s] online gambling sites […] from any users or consumers within the […] Commonwealth [of Kentucky] and reasonably establishes to the [state] or this Court that such geographical blocks are operational, shall be relieved from the effects of the Seizure Order and from any further proceedings [in this action.]”).

What is to stop other local governments from mandating blacklisting of geographical user bases (despite the plain futility of this protection measure)? What’s to stop an authoritarian state from seizing the domain name of a dissident group? I don’t see a good solution.

Finally, the only general amicus brief submitted was from the Internet Commerce Association representing domain name registrars. Where is the public interest voices in this? Where are my friends from the Electronic Frontier Foundation?

California Issues Emergency Election Audit Regulations

The Office of the California Secretary of State has issued a set of proposed emergency regulations for post-election manual tallying of paper election records. In this post, my first at FTT, I’ll try to explain and contextualize this development.

Since her election to office, California Secretary of State (CA SoS) Debra Bowen has methodically studied the shortcomings in California’s election equipment. She first initiated a Top-To-Bottom review (TTBR) of California’s voting systems that found them to be of poor technical quality and vulnerable to a myriad of security vulnerabilities, accessibility flaws, reliability issues and inadequate documentation and testing (a number of FTT regulars participated in the TTBR). For this year’s presidential primary in California, Bowen worked to mitigate these problems by decertifying this equipment and then recertifying it subject to a list of about 40 different conditions. One such condition is that the usual 1% manual tally under California law — counties must randomly choose and hand tally ballots cast in 1% of precincts — would be modified to include escalation that would mandate increased tallying for close races (where even small amounts of possible fraud and/or error could make a difference in the outcome of a contest).

Bowen issued these additional requirements (the “PEMT Requirements”) under her authority as CA SoS to regulate election technologies (here are the original PEMT Requirements). Unfortunately, the Registrar in San Diego County sued Bowen arguing that she 1) didn’t have such broad authority and 2) that, even if she did, she could only issue the PEMT Requirements through the California regulatory procedure (specified by the CA Administrative Procedure Act). A state Superior Court found in favor of the CA SoS but a Court of Appeal found that the PEMT Requirements did indeed betray characteristics of regulations and should therefore have gone through the regulatory procedure (for the legal eagles out there, see: County of San Diego v. Debra Bowen (2008) 166 Cal.App.4th 501).

By the time the Court of Appeal had made its decision on August 29, there was no time to follow the normal regulatory process, which takes about four months. Instead, the CA SoS had to follow the process for adopting an emergency regulation which applies when a regulation “is necessary for the immediate preservation of the public peace, health and safety, or general welfare.”

What is so special about these emergency manual tally provisions? First, it represents the increasing relevance and importance of adversarial considerations in the design of an election audit process. As we describe in the NYU Brennan Center / UC Berkeley Samuelson Clinic report on post-election audits (“Post-Election Audits: Restoring Trust In Elections”), fixed-percentage audits of election records are only particularly useful in detecting wide-ranging anomalies in vote counts. Methods that “tune” the amount of records audited depending on the margin in contests on the ballot do a much better job of ensuring that they’ll find evidence of possible error or fraud. Per the emergency PEMT Regulations, any contest with a margin (difference between the winning and losing choice in a contest) of 0.5% or lower is subject to a 10% manual tally, an order of magnitude more scrutiny than the statutory default.

Second, the CA SoS’ emergency PEMT Regulations reflect many best practices from audit theory and research: precincts to audit must be chosen randomly; the precincts to audit are only chosen after the semi-official vote tallies are arrived at; tally activities must be announced publicly and available for public observation; tallies must be conducted under “blind count” rules where the talliers do not know the totals in the precincts they’re tallying; differences between machine and hand counts must be explained or investigated.

The elephant in the room is always Los Angeles County; LA is so amazingly enormous for an election jurisdiction that some things simply aren’t possible. (For example, they frequently pick up ballot materials from precincts in helicopters; that is, traffic in LA is so bad and there are so many polling places (~5,000 or so) that the most reliable form of ballot transmission is via helicopter.) These rules are going to be exceedingly difficult for LA to comply with. I expect they will hire an army of tally managers and talliers to perform their tally and that it will be a race against the clock, counting 24 hours a day, seven days per week, to try and get it all done in the 28-calendar day canvass period.