Articles & Blogs

Unsecured Technology Raises the Stakes on a Business's Exposure to Risk

A case filed recently in District Court for the Eastern District of California ups the ante on business’s exposure to liability due to the lack of security measures concerning their technology.  The case of Veronica Brill, et al. vs. Michael L. Postle, King’s Casino, LLC d/b/a Stones Gambling Hall, Justin F. Kuraitis, John Does 1-10 and Jane Does 1-10 involves one of the largest alleged cheating scandals known in the history of broadcast poker.

Ever since Chris Moneymaker’s 2003 win at the World Series of Poker, the broadcast of poker over television and the internet has become more mainstream.  Poker broadcasts were made more viewership friendly through RFID technology, which displaced the use of cameras embedded in the tables.  RFID, or radio frequency identification, allowed for broadcasts to show the “hole cards” dealt to players during the broadcast.  RFID technology works through implantation of chips into the cards themselves which are then read by sensors placed under the felt of the poker table.  The RFID signals, which are unique for each card in the deck, allow the hole cards of each player to be known by the television audience—a construction which is essential for any poker broadcast—though there is always a delay on the broadcast for obvious reasons.

One such broadcast has occurred regularly at Stones Gambling Hall located just outside of Sacramento, California.  Stones devotes the majority of its gambling space to live poker and has one high stakes table outfitted with RFID technology and various cameras.  When coupled with a commentator(s), Stones maintains a poker broadcast of this live table on a regular basis for the past several years for entertainment value and to promote itself, with the broadcast at times including notable poker players such as Chris Moneymaker.

Mike Postle was a player at the Stones broadcast table.  Mr. Postle is not a poker professional, but does have a history of playing in casino tournaments at various locations with occasional modest success.  His poker play at the Stones broadcast table, however, evolved into something else with a level of success and cash-game winnings described as unparalleled.  

A YouTube search for Mike Postle yields numerous videos with commentary from various individuals, some of which played against Mr. Postle at Stones.  The videos show the miraculous post-flop play by Mr. Postle and discuss the suspected conduct explaining Mr. Postle’s ability to successfully pressure and prevail against his opponents repeatedly.  As alleged in the complaint, “Mr. Postle’s winnings on the Stones Live Poker broadcast, and his correlative play of poker, have been so exceptionally outstanding as to lead the commentator to note his seemingly mystical abilities on numerous occasions, and to lead Stones Live Poker to produce various graphics portraying Mr. Postle as a deity-like individual imbued with omniscient powers (with one such graphic conflating an image of Mr. Postle and an image of Jesus Christ).”  

In the complaint filed with the District Court for the Eastern District of California, 25 Plaintiffs who played at the broadcast table at Stones brought claims against Mr. Postle, Stones Gambling Hall, the poker room manager at Stones, and various John Does representing individuals whose identities are presently unknown.  More plaintiffs are supposedly being added as other individuals who played at the broadcast table with Mr. Postle come forward.  The claims asserted include counts of negligence, negligence per se, negligent misrepresentation, fraud, constructive fraud, libel, and violation of federal racketeering statutes.  

The complaint avers that Mr. Postle engaged in continuous and systematic cheating while playing at the broadcast table as a result of having access to information allowing him to know the “hole cards” of other players during live poker play.  The complaint alleges that Mr. Postle received information about the cards held by other players on his phone and/or through a baseball cap imbedded with a communication device allowing for sound to be transmitted directly into his inner ear without any visible earpiece.  The complaint also alleges that the commentators for the Stones’ broadcast provide commentary on the already-delayed footage, meaning the commentators are not seeing the live cards in play at the table, and instead are viewing and commentating on footage from 30 minutes prior.  

Before suit was filed, concerns were raised by various players regarding Mr. Postle, supposedly leading Stones to conduct a “full” investigation which found “no evidence” of cheating; Stones claimed that the suspicions of Mr. Postle were “completely fabricated.”  The complaint alleges that Postle’s purported cheating persisted over 15 months and allowed Mr. Postle to illicitly extract more than $250,000 from players.  The complaint seeks a recovery of $10 million dollars and claims that this is the largest known cheating scandal in the history of broadcast poker.  

With suit having already been filed, the questions for discovery in the litigation will undoubtedly focus on the security measures used by Stones for the RFID information employed in creating the visual portion of the poker broadcast.  The issues to explore will encompass the physical and cyber security in place for the RFID data and the computerized equipment containing/depicting the data, whether the RFID data is maintained on site at Stones or off-site at a different geographic location, the number and clearance of individuals with access to the RFID data, the use of electronic devices (such as phones) by individuals with access to the RFID data, the existence of non-disclosure agreements for individuals with access to the RFID data, the policies and procedures employed by Stones in creating the visual portion of poker broadcast, and how those policies and procedures as well as security compare to other operations involved in poker broadcasting.  The frequency which Stones would review its procedures for effectiveness and compliance will also feature prominently in either the defense or prosecution of the case.  Regardless of whether the conduct by any supposed confederate of Mr. Postle was known by Stones or not, the focus by plaintiffs will be to demonstrate apathy and ignorance at best, or complicit behavior at worst by Stones.  

Aside from the questions that will ultimately determine liability, the coverage questions to determine whether any insurance maintained by Stones applies to this incident are similarly sizeable.  Are the duties of any insurance carrier triggered to defend and/or to indemnify Stones for the allegations asserted in the complaint?  The employment status of any supposed confederate of Mr. Postle, as well as whether the conduct is an intentional act could be deterministic on whether insurance applies to the suit.  

Even though cyber insurance is increasing available on the open market from standard insurance carriers, many of the questions involved in this suit do not have known answers from existing precedent.  Moreover, whether carriers fully understand the risks involved with cyber insurance will merit further scrutiny.  Many applications for such cyber insurance ask elementary questions such as the type of email encryption and what cloud services are employed by the entity seeking insurance; these applications are often devoid of any inquiry into the policies and procedures for handling of sensitive data such as the RFID data involved in the creation of any poker broadcast.  

The allegations set forth in the suit against Mr. Postle and Stones make self-evident the importance of security—not just in a physical sense, but also for data both in terms of transmission and access.  The suit leaves business owners asking real questions about their own security, and arguably more importantly, whether their insurance adequately addresses any potential shortcomings in their security—shortcomings which may or may not be known to exist.