[Josem]

Reading the "Gaming Associates" contribution to the Australian Senate Inquiry into the topic, they've made it there under the name of "Global Gaming Services Pty Ltd." Their representative was Stephen Toneguzzo, their Managing Director and Principal Consultant. Apparently, he was (still could be) the boss in October 1999.

(Just a note on this - appearing as a witness to such an inquiry is not evidence in itself that you're a particularly reliable/worthy person. I've provided evidence at an inquiry personally, and it was quite an interesting process.)

Some notes from his contribution
-he is a strong advocate of online gaming regulation (as opposed to banning or doing nothing about it)
-they've been employed to audit Lasseters in the past, a reputable Australian gaming operator
-their audit covered issues such as:[list] [*] the RNG is truly random [*] the games are fair[*]there are no misleading or deceptive comments on the site[*] there are no techniques of psychological manipulation[*] player privacy[*]databases be securely stored[*] the operating environment be behind various levels of firewalls and security and that the defence is in depth[*] applying Australian Dept. of Defence IT security policies to Lasseters[*] stop loss limits[*] self-exclusion[*] money laundering


He had this to say on security:
[ QUOTE ]
Senator STOTT DESPOJA—In relation to online gambling, what are some of the
security threats or issues for online gambling with which the committee should be familiar, and specifically in relation to e-commerce transactions being adequately protected?

[/ QUOTE ]

[ QUOTE ]
Mr Toneguzzo—I have mentioned gambling, stock market, wagering, et cetera. You may hear representations that, ‘It does not need to apply to us because we have never had a problem.’ Quite often that is because they do not know they have ever had a problem. With large organisations, either (a) they do not know they have been hacked or (b) they know they have been hacked but it would affect their share value if they were to announce it to the market so they do not necessarily do that, one could suggest.

Essentially, what we are looking at in terms of security is wanting to protect the privacy
of the players—we are wanting to protect who those players are, how much they are
gambling. That player database is a substantial asset of any operator. It is also a potential source of blackmail. And, as this industry gets more competitive, I would expect that offshore operators or offshore groups may very well attempt to steal that player database to identify who the players are and then try to market to them. So there is that issue, and with that comes not only a loss of consumer confidence but also significant political embarrassment because the regulator has let that happen. The other issue is one of denial of service, and that is that every second you are off line is a second that you are losing money.

So there is that aspect, and a loss of income equals a loss of tax, fundamentally. There is also hacking a site, changing a web page, as has happened to governments here and to
different corporations.

With regard to security, I would suggest that fundamentally it is about maintaining
consumer confidence and continuity of business. If you lose consumer confidence that has a
significant political backlash on the regulators and the politicians. It also has the potential, I would suggest, to damage trade relations, especially if, hypothetically, a database with many Americans in it was suddenly bandied around the Internet. And, make no mistake, we will be a significant target—I know we are, from the sites that are up and running now—of people of other governments, of other corporations and of just the kid at school wanting to hack in and try to prove a point. Again, this is where the federal government comes in. If another government tries to take my site out, what do I do? Do I counterattack—knock out their banking system?


[/ QUOTE ]

He also made the point several times that in an online gaming operator, every transaction is recored.