Column: Major League Baseball’s other hacking problem

WASHINGTON — I’d like to take a moment to address the bizarre, possibly illicit hacking scenario involving a certain Missouri-based Major League Baseball team making news this week, which threatens to undermine the integrity of the game. I’m speaking, of course, about the extreme, online ballot-stuffing measures taken by fans of the Kansas City Royals in voting for the All-Star Game.

All-Star ballot stuffing is nothing new. Major League Baseball and its teams have been allowing — and downright encouraging — such practices for years. In 1957, the Cincinnati Enquirer printed pre-marked ballots in their Sunday editions. The Nationals used to hold contests for who could fill out the most paper ballots, with prizes being awarded to fans for reaching certain benchmarks.

But as the voting has moved to become online only this year, suddenly the Kansas City Royals are dominating in a way we’ve never seen, especially for a team from the 38th-largest television market in the country, from a fan base that hasn’t elected a single player to the game since Jermaine Dye in 2000. Eight Royals, the most ever for one team, are currently in position to be elected to the starting lineup for the American League. That includes second baseman Omar Infante, objectively one of the worst players in the Major Leagues.

A major part of what has caused this problem is the laughable simplicity and lack of any form of verification on the front end of the voting process, which has left the system open to be gamed. All the ballot asks for is a name, birth date, unverified email address and a favorite team, then it’s open season.

The lack of said verification goes beyond the ability to use someone else’s email address, though. According to Ken Colburn of WTOP’s Data Doctors, a moderately-skilled programmer could design a system to register fake email addresses and vote automatically, a possibility that would help account for the discrepancies in vote totals.

“The possibility of an automated script exists precisely because the validation process isn’t there,” he explains. “I used a made-up email address to vote yesterday.”

An MLB official explains that there are safeguards in place when it comes to email confirmations, spotting patterns, or weeding out bots, but declined to get into the specifics, lest this turn into a game of whack-a-hacker. MLB also claims it restricts voting via IP addresses, but Colburn says that is fairly easy to work around.

“Spoofing the IP address is not that difficult for people who are very tactical,” explains Colburn. “There are certainly ways to get past the security system.”

While all this may seem like a stretch for the average Royals fan, Colburn says there are now Reddit threads that have been promoting the idea of hijacking votes for the game, encouraging those with no normal interest in baseball to get involved, simply for the sake of ruining the party.

The solution, to Colburn, is simple.

“One way to minimize fraudulent voting — since we know people are using falsified email addresses to vote — is just by creating a validation system for the email address, much like software companies do to download software,” says Colburn.

Of course, the whole voting process is also sponsored by Esurance, and MLB.com’s ability to sell itself to advertisers depends on its ability to drive traffic to its sites. Limiting such traffic would be something of a self-defeating enterprise from a financial standpoint. With more than 300 million votes already reported to be tallied already, why stop?

“If they’re charging Esurance based on actual traffic?” says Colburn. “What a windfall.”

Commissioner Rob Manfred told reporters at Fenway Park on Tuesday that “We are responsive and open to change if in fact it appears we get a result that is not consistent with the goals of the system that is currently in place.” But MLB has not publicly tightened the front end of its systems yet. After all, there have been several cases of clear fraud, or identity theft.

On Wednesday, Sporting News baseball writer Jesse Spector wrote that he had received a bizarre email thanking him for voting, when he had not done so. The same happened to Athletics Nation editor Alex Hall and Big League Stew writer Mike Oz, with even more troubling follow-up emails.

Oz had written something critical about the ballot-stuffing taking place earlier this week. He then received a series of MLB emails, all time-stamped at 9:33 p.m. PT, thanking him for voting 10, 25 and 35 times. Later, he received another follow-up thanking him for voting for the Royals, complete with a ticket offer.

It was pretty easy for Oz to connect the dots to what had happened, considering his work email address is publicly accessible.

“I wrote something bad about the Royals yesterday, so I took that as a ‘haha, we showed you’ kind of thing,” he said Wednesday. “I guess I just resign myself, having been involved in the Internet so long, that people will find a way to game the system.”

Oz says he isn’t bent out of shape about the incident, but has a hard time believing that MLB, which runs multiple major online voting campaigns each year, couldn’t have seen the potential pitfalls of such a loose, unregulated voting format.

“When you put yourself in the situation where you’re doing this kind of vote, you know this kind of thing is going to happen,” he says. “I don’t think MLB — or whoever it is behind it — can say ‘We didn’t expect this to happen.’ You did. It’s 2015.”

The same MLB official says that if you encounter someone using your email address, you can call MLB.com customer service and they will investigate the situation. It’s a reactive solution, but at least there is recourse. And while the total amount of votes is quite high this year, the official says the percentage of fraudulent votes (roughly 20 percent, per MLB Advanced Media Chief Bob Bowman) has remained level to past years of voting.

More than simple homerism, though, these cases of fraud threaten to hurt the game. With home field advantage in the World Series resting on the outcome of the All-Star Game, the ramifications could stretch much further than a Tuesday exhibition in Cincinnati this July.

According to Forbes, the San Francisco Giants brought in $230 million in revenue during their World Series run in 2010, causing the franchise’s value to skyrocket from $483 million to $563 million in a single season.

If a Royals-stocked American League team gets walloped by a deserving National League team in the Midsummer Classic, it will cost the AL representative home field advantage for the World Series. Considering that team last year was the Royals, it could even be a self-defeating act for Kansas City fans. Never mind the fact that several of the players have All-Star appearance clauses tied into their contracts. If Infante (the least deserving player) makes it, his appearance will end up costing the Royals $1 million over the next two years.

Ultimately, the All-Star Game’s undeserved importance is the piece that really needs to change. The game has always been a popularity contest, not a meritocracy. Yes, MLB needs to clean up its voting systems to reward the players that are actually the most popular. But the biggest change that this should precipitate is the end of the charade of awarding home field advantage to the winner of the game, a practice only put into place by former commissioner Bud Selig to cover for his own inept handling of the 2002 game, which ended in a tie.

You think fans were upset over a tie? They got over it — it was an exhibition. But if this potential fiasco ostensibly costs a city a World Series? Good luck explaining how that is “consistent with the goals of the system in place.”

Follow @WTOP on Twitter and WTOP on Facebook.

© 2015 WTOP. All Rights Reserved.

More from WTOP

Log in to your WTOP account for notifications and alerts customized for you.

Sign up