UPDATE: MLB says there are safeguards in place for All-Star vote shenanigans

51 Comments

An update, via ESPN:

MLB makes a concerted effort to investigate votes that: 1. come from accounts created using email addresses that appear to have been tweaked in some way that too closely resemble another address; 2. multiple voting accounts that come from the same IP address; and 3. troubling patterns in voting that emerge during the reviews by a third-party company employed to chart All-Star Game balloting trends.

[Bob] Bowman [MLB President of Business and Media] said that process alone leads to about 20 percent of the votes that are cast online being eliminated every year. With that in mind, all the votes MLB has reported so far have been sanitized.

And then there’s this from Jeff Passan of Yahoo Sports:

More than 300 million votes have been accepted, according to the league, and the record of 390 million should fall sometime this week. Almost certainly a half-billion votes will be cast by the time balloting ends at 11:59 p.m. ET on July 2. And that doesn’t include the massive amounts of votes Bob Bowman, the CEO of MLB Advanced Media, said the league disallowed because of concerns over fake or improper voting.

“I’m not saying we bat 1.000,” Bowman said. “But it’s between 60 and 65 million votes that have been canceled. We don’t really trumpet it because if someone thinks they’re getting away with it, they’ll try to again.”

Thirty-five of those votes belonged to the email address of Yahoo Sports blogger Mike Osegueda, who received a verification email for ballots he didn’t cast. Alerted to his tweet about it, the league said the votes were taken away. Presumably, MLBAM tries the same with similar such ballots – Bowman said the 20 percent rate of killing ballots is consistent with previous seasons – keenly aware that in addition to civic pride, Kansas City packs a nice wallop of humor.

2:54 p.m. ET: In terms of importance the All-Star vote isn’t exactly Fort Knox of the CIA mainframe or the president’s nuclear launch codes. Indeed, in the grand scheme of things it’s somewhat less important than the Astros’ Ground Control system and somewhat more important than the survey Pizza Hut wants you to do after filling out an online order.

But boy oh boy, you think they’d have at least some sort of security on the thing. Nope. They don’t. From HookSlide at SB Nation’s Bless You Boys blog, who explains how he hacked the All-Star voting page to give him far, far more than the 35 votes Major League Baseball allows each email address:

To be fair, “hacked” really isn’t the right word. That word implies some kind of username/password cracking, which in turn implies some kind of secure system, and quite frankly, the All Star voting page set up by MLB is anything but secure. With a basic knowledge of HTML, a bit of Javascript, and a few minutes to play around, I was able to exploit MLB’s All-Star voting system quite easily.

The key to exploiting the system was realizing that—are you ready for this?—there is zero verification surrounding the most important piece of information supplied in the voting process: your email address. The voting page asks you to supply an email address, along with some other information such as a birthdate, a zip code, and a favorite team, but unlike most systems that at least try to implement some form of security, MLB does not require you to validate your email address. There’s no confirmation email sent with a “click here to verify” or “use this five-digit verification code” message, some way of ensuring that the email address you supplied in the voting process is actually yours.

As he notes, it’s highly doubtful Major League Baseball gives a flying frick about this because they’re getting what they want out of the system: lots of pageviews and user engagement on their voting page which has a corporate sponsor. Lots of people talking about the All-Star Game. Lots of votes — in sheer numbers — which allows them to talk about how excited everyone is about the Midsummer Classic. The All-Star Game is, from its sponsored votes to its sponsored events to its sponsored musical acts, is just a big circus to the league anymore, so there’s no sense in worrying about the voting process being a circus too.

Sure, there will be a ballgame in the middle of all of this and it’ll decide home field advantage in the World Series, but that Esurance doesn’t sell itself.

Report: MLB could fine the Angels $2 million for failure to report Tyler Skaggs’ drug use

Getty Images
Leave a comment

T.J. Quinn of ESPN is reporting that Major League Baseball could fine the Los Angeles Angels up to $2 million “if Major League Baseball determines that team employees were told of Tyler Skaggs’ opioid use prior to his July 1 death and didn’t inform the commissioner’s office.”

The fine would be pursuant to the terms of the Joint Drug Agreement which affirmatively requires any team employee who isn’t a player to inform the Commissioner’s Office of “any evidence or reason to believe that a Player … has used, possessed or distributed any substance prohibited” by MLB.

As was reported last weekend, Eric Kay, the Angels Director of Communications, told DEA agents that he and at least one other high-ranking Angels official knew of Skaggs’ opioid use. The Angels have denied any knowledge of Skaggs’ use, and the other then-Angels employee Kay named, current Hall of Fame President Tim Mead deny that he know as well, but Kay’s admission that he knew — he in fact claims he purchased drugs for and did drugs with Skaggs — would, if true, constitute team knowledge. Major League Baseball would, of course, want to make its own determination of whether or not Kay was being truthful when he told DEA agents what his lawyer says he told them.

Which raises the question of why, apart from a strong desire to get in criminal jeopardy for lying to DEA agents, Kay would admit through his lawyer that he lied to DEA agents. Still, the process is the process, so giving MLB a little time here is probably not harming anyone.

As for a $2 million fine? Well, it cuts a number of ways. On the one hand, that’s a lot of money. On the other hand, (a) a man is dead; and (b) $2 million is what the Angels’ DH or center fielder makes in about 11 minutes so how much would such a fine really sting?

On the third hand, my God, what else can be done here? No matter what happened in the case of Skaggs’ death, this is not a situation anyone in either the Commissioner’s Office nor the MLBPA truly contemplated when the JDA was drafted. We live in a world of horrors at times, and by their very nature, horrors involve that which it is not expected and for which there can be no adequate, pre-negotiated remedy. It’s a bad story all around, no matter what happens.

Still, it would be notable for Major League Baseball to fine any team under the “teams must report players they suspect used banned substances” rule. Because, based on what I have heard, knowledge of players who use banned substances — which includes marijuana, cocaine, opioids and other non-PED illegal drugs — and which have not been reported to MLB is both commonplace and considerable.

But that’s a topic for another day. Perhaps tomorrow.