Focusing On Google Getting Emails & Passwords Via Data Collection Misses The Point: Anyone Could Have Done It

Judge Refuses To Dismiss Criminal Charges For Violating Ticketmaster's Terms Of Service; Trial Moves Forward

from the read-the-fine-print dept

Fri, Oct 22nd 2010 2:45pm — Mike Masnick

We've discussed how it's becoming unfortunately common for companies to use the The Computer Fraud and Abuse Act to turn things that should not be criminal cases into criminal cases. What's often done is that someone will find a part of a website's terms of service that was not obeyed, and then use that to claim that the access to the website was "unauthorized," thus triggering criminal charges under the CFAA. We've seen it in the recent Facebook/Power.com lawsuit as well as, most famously, in the Lori Drew case, which eventually was dismissed, only after a jury ruled on the matter.

During the summer, we had discussed how the same issue was coming up in a case involving a ticket reseller who had created computer systems to get by Ticketmaster's attempts to limit ticket sales. They would get around purchase limits and things like CAPTCHAs with some automated software that, from the sound of things, was incredibly effective. Now, violating the site's terms of service might be a contractual violation, but a criminal one? As much as people might dislike scalpers buying up tickets to popular events and then reselling them, that doesn't mean we should let those feelings cloud the specific legal questions.

Unfortunately, a judge has decided to punt on the matter, at least for now, refusing to dismiss the case at this stage, and setting a date for a trial next year. While the judge is aware of the Lori Drew case, she claimed that the fact pattern there was really different and, anyway, the decision on the appropriateness of using the CFAA was ruled on after the trial. That last point seems rather meaningless. The appropriateness of the CFAA doesn't seem like something that requires a trial. In the Drew case, the trial was a total waste for everyone involved, because after it was decided, the judge decided to toss everything out anyway. Why not save everyone the time and handle it up front?

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: hacking, terms of service
Companies: ticketmaster

29 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

TheStupidOne, 22 Oct 2010 @ 2:54pm

This might make sense ...
The defendants "obtained source code, in some cases through hacking."

Now I have no idea of the validity of that statement, but if they actually hacked into ticketmaster's system and stole source code that would be a criminal act. The rest of it sounds more like a contract dispute, but I'm no legal expert.
[ link to this | view in chronology ]
- Rich Kulawiec, 22 Oct 2010 @ 3:09pm
  
  Re: This might make sense ...
  Yes, if true, then it might be appropriate to bring charges under the statutes applicable to breaking into systems and stealing source code.
  However, courts have been notoriously dim-witted about what it means to "hack" or "obtain source code": people have been dragged into court for using dig to look up DNS records and for using "view source" in web browsers. So until the precise details of this allegation are known, I'm not inclined to give it much weight.
  [ link to this | view in chronology ]
- MrWilson, 22 Oct 2010 @ 3:18pm
  
  Re: This might make sense ...
  The problem with that description is that I've heard of people referring the act of right-clicking on a page in a browser and selecting View Source as "hacking" a website and obtaining "source code." I wouldn't put it past a lawyer to make the same claim, while assuming (probably correctly) that the judge in the trial won't know that that isn't actually hacking and that source code is by necessity public already. Granted that such a method is a step in other hacking methods, simply right-clicking and viewing the source are not, in themselves, hacking.
  [ link to this | view in chronology ]
  - abc gum, 22 Oct 2010 @ 5:49pm
    
    Re: Re: This might make sense ...
    html is source code?
    Funny how definitions change over time.
    [ link to this | view in chronology ]
    - Anonymous Coward, 23 Oct 2010 @ 6:32am
      
      Re: Re: Re: This might make sense ...
      Unless your site is dynamic, yes it is. Else it is part generated code, part source code from your CMS's templates.
      [ link to this | view in chronology ]
      - abc gum, 23 Oct 2010 @ 8:14am
        
        Re: Re: Re: Re: This might make sense ...
        Definitions change within a dynamic language and English is no exception. It can however lead to comic results.
        
        If people want to call html a programming language, so be it. I think the point being made here is that the html you see when using the "View Source" button didn't used to be considered source code and the act of viewing it is certainly not hacking. Neither is it trespassing, what is being viewed resides in local storage.
        
        The fact that some refer to URL changes as hacking is rather funny, and the lengths to which they go in the attempt to build rational is truly amazing. The sad part is that others believe it and eventually it becomes fact.
        [ link to this | view in chronology ]
  - Anonymous Coward, 25 Oct 2010 @ 2:04pm
    
    Re: Re: This might make sense ...
    Yes a lawyer will make this argument, which is why the other party must hire a good lawyer so that lawyer can EDUCATE the judge.
    [ link to this | view in chronology ]
Anonymous Coward, 22 Oct 2010 @ 3:33pm

Is browsing url directories hacking? Is guessing urls hacking? Perhaps you think that accessing any publicly accessible information isnt hacking.. but any information is publicly accessible if you know the right tricks to get to it. Perhaps if such barriers are put up that its clear the operators of the site didnt intend for you to get to it, then we could agree that it isn't publicly accessible? Who has to define what those barriers are? Maybe a captcha is a barrier. Maybe a EULA is a barrier.

The line between hacking and not hacking is not as clear-cut as you might imagine.

The only clear-cut way to handle this is to outlaw EULAs and let the internet be the wild west. I'm game for it. I think we can handle it.
[ link to this | view in chronology ]
- Anonymous Coward, 22 Oct 2010 @ 3:52pm
  
  Re:
  the strong CAN handle it..
  [ link to this | view in chronology ]
- Anonymous Coward, 22 Oct 2010 @ 3:54pm
  
  Re:
  Perhaps you think that accessing any publicly accessible information isnt hacking.. but any information is publicly accessible if you know the right tricks to get to it.
  
  Or even enough force, eh? Why, there's really no such thing as non-public!
  /s
  Bull.
  Perhaps you don't know what people mean when they say "publicly accessible information". The mean information that the holder *intentionally* makes public. Not that which requires "hook, crook or force" (as the saying goes) to access.
  [ link to this | view in chronology ]
- abc gum, 22 Oct 2010 @ 5:52pm
  
  Re:
  changing a url is hacking?
  Funny how definitions change over time.
  [ link to this | view in chronology ]
Hugh Mann (profile), 22 Oct 2010 @ 3:40pm

Why not a criminal act?
If I have a business that charges admission to enter my premises (like an amusement park, for instance), and someone sneaks in under the fence somewhere and starts riding my roller coaster, that's more than just violating my "terms of use" for being on my property. It's trespassing. If I can call the cops and have the trespasser thrown in the hoosegow for entering my physical property in an "unauuthorized" way (by not paying admission, for instance), why not be able to similarly have someone charged with a crime for trespassing on my computer system (by not complying with the terms of service)?

While I agree that we need to be careful that such concepts are not abused or otherwise taken too far, I do not disagree with the core concept.

HM
[ link to this | view in chronology ]
- Anonymous Coward, 22 Oct 2010 @ 4:04pm
  
  Re: Why not a criminal act?
  I can call the cops and have the trespasser thrown in the hoosegow for entering my physical property in an "unauuthorized" way
  
  I'd like to know where you live that has that as law. In my state, you can call the police and have the police issued a lawful order to them to leave and not return. If they then violate that order, they can be arrested. You can't, for example, put up a sign in a bar prohibiting people from criticizing the libertarian party while there and then have those who do so arrested for "violating your terms".
  
  So where is this law you're talking about?
  [ link to this | view in chronology ]
  - Hugh Mann (profile), 22 Oct 2010 @ 4:22pm
    
    Re: Re: Why not a criminal act?
    Mixing in free speech issues is not really relevant here. If I had a private club, I could set whatever rules I wanted, including limits on the ability of members to speak their minds. However, if the public is invited - even though it's private property - they generally get to spout off about whatever they want, as long as they're not actually causing a real problem (like interfering with others, intimidating/threatening people, etc., etc.).
    
    Yes, most likely, the cops will just see to the removal of the trespasser - unless it can be argued that it's not merely trespass, but actually breaking and entering. And if it's MY property, I'm certainly going to insist that I have the right to at least make that argument.
    
    HM
    [ link to this | view in chronology ]
    - Anonymous Coward, 22 Oct 2010 @ 4:58pm
      
      Re: Re: Re: Why not a criminal act?
      Mixing in free speech issues is not really relevant here.
      
      It is if you're claiming that you can have people arrested for violating your "terms of use" for being on your property, as you claimed.
      
      If I had a private club, I could set whatever rules I wanted, including limits on the ability of members to speak their minds. However, if the public is invited - even though it's private property - they generally get to spout off about whatever they want, as long as they're not actually causing a real problem (like interfering with others, intimidating/threatening people, etc., etc.).
      
      Actually, you can make them leave if you want to (even if they aren't "interfering with others, intimidating/threatening people, etc., etc."), but you can't have them "thrown in the hoosegow", to use your term.
      [ link to this | view in chronology ]
- Anonymous Coward, 22 Oct 2010 @ 5:22pm
  
  Re: Why not a criminal act?
  "If I can call the cops and have the trespasser thrown in the hoosegow for entering my physical property in an "unauuthorized" way (by not paying admission, for instance), why not be able to similarly have someone charged with a crime for trespassing on my computer system (by not complying with the terms of service)?"
  
  Not paying admission means bypassing an access-control mechanism, which is not at all the case with most terms of service violations. If website's terms of service say I'm not allowed to criticize the owner, I don't suddenly become a trespasser if I criticize the owner after having visited his website. If the website required a password and I were to break that password to gain unauthorized access, then and only then could you make a reasonable trespassing analogy.
  [ link to this | view in chronology ]
- Bad Analogy Guy, 22 Oct 2010 @ 6:10pm
  
  Re: Why not a criminal act?
  What a horrible analogy.
  
  Treaspassing is not even close to being the same as violating the terms of service of a web site.
  
  As already pointed out, you can not "have the trespasser thrown in the hoosegow". At least not in most civilized societies. Who are you - Judge Dread?
  
  Pro-Tip: To score extra points with your bad analogy, include an automobile. For example, you could say that noncompliance with your website terms of service is like a drunk barfing all over the interior of your yellow cab.
  [ link to this | view in chronology ]
  - MrWilson, 22 Oct 2010 @ 9:22pm
    
    Re: Re: Why not a criminal act?
    I'm pretty sure making a car analogy outside of Slashdot commenting threads is against Slashdot's terms of use...
    [ link to this | view in chronology ]
  - Gabriel Tane (profile), 25 Oct 2010 @ 6:53am
    
    Re: Re: Why not a criminal act?
    Sorry... my inner-geek is hopping up and down...
    
    "Judge Dredd". No 'a', two 'd's.
    
    We now return you to actually important info... sorry for the interruption.
    [ link to this | view in chronology ]
Anonymous Coward, 22 Oct 2010 @ 3:41pm

The System Profits Anyway
In the Drew case, the trial was a total waste for everyone involved...

Umm, no. The judge, lawyers, etc. involved were all paid very well for their time. So while it may have been a total waste for Drew, the legal system made a nice profit off it. I suspect that's the judge doesn't want to dismiss this case: The lawyers and others involved stand to make a nice profit however it turns out and she doesn't want to spoil the opportunity for everyone.
[ link to this | view in chronology ]
ofb2632 (profile), 22 Oct 2010 @ 9:07pm

scalping
Does it seem weird that people are saying that this company is scalping tickets when, in essence, ticketmaster is doing the exact same thing? The only difference is that ticketmaster has a monopoly on it and are trying hard to keep it that way.
[ link to this | view in chronology ]
- James, 23 Oct 2010 @ 2:02pm
  
  Re: scalping
  I agree, if we properly focused on the practice of scalping (and outlawing it) this might not be an issue--at least in this particular case.
  
  Scalpers, like email spammers, should be shot. And anyone purchasing from them is just exacerbating the problem.
  [ link to this | view in chronology ]
- Gabriel Tane (profile), 25 Oct 2010 @ 7:03am
  
  Re: scalping
  "The only difference is that ticketmaster has a monopoly on it and are trying hard to keep it that way. "
  No, not really. Any performer can sell tickets themselves... and if a venue won't let them, the performer can choose another venue. I remember a while ago there was a lot of noise from some bands (Pearl Jam was one, if I remember correctly... it WAS a long time ago) that refused to use TM because of the ridiculous fees they add on. Too bad TM is still around and the 'movement' wasn't successful. I hate TM. BUT, they are a business that is not breaking any law or regulation... and they are far from a monopoly. They have just set themselves up as the most convenient option for many venues and bands. As a consumer, I am arguing with my money and choosing not to purchase through TM. Honestly, most of the time, I can't afford to go to shows anyway... partially because of TM's fees inflating the price. Oops on TM!
  
  For example, I can purchase tickets to the local symphony directly from the symphony's website and they send me the tickets... nothing to do with TM. And only a small service & printing fee, I might add!
  [ link to this | view in chronology ]
Anonymous Coward, 23 Oct 2010 @ 7:05am

Got a Judge coming up for re-election, or looking for media attention. Something stinky here. Judgie smells.
[ link to this | view in chronology ]
Ryan Diederich, 23 Oct 2010 @ 5:24pm

I dont understand...
Ticketmaster is in this business to make money, correct? So if they sell out tickets, does it matter who got them?

I understand over the course of time people would become annoyed with the higher prices, and venues would no longer sell through the company.

Nonetheless, I could do the same thing without a computer or "hacked" software. Ill just hire 10 people to click thru the captchas constantly. Hell, Ill even use a credit card with rewards to make even more money.

The point is, ticketmaster should be able to get a ruling making sort of a restraining order against the opposing company.

While I do believe it is wrong for this company to take advantage of a system like that, I DONT think it is a criminal case. At the most, the offending company should have to pay the legal bills.
[ link to this | view in chronology ]
Anonymous Coward, 25 Oct 2010 @ 6:10am

It should be criminal! Every time I go to buy tickets for something 5 minutes after they go on sale most are already sold to these sites that raise the ticket prices by up to and in some cases more than 500%!
[ link to this | view in chronology ]
- Gabriel Tane (profile), 25 Oct 2010 @ 7:13am
  
  Re:
  And why should the law fight for your convenience? It's up to the venue and the performer to choose how to distribute admission to a show. It is up to the distributor to decide how fair they want to be and come up with a system to enforce thier system (within the law, of course). If someone breaks the law by defeating that system of fair distribution, then fine... go get 'em. Otherwise, your convenience (in and of itself) does not need a law to protect it.
  [ link to this | view in chronology ]
Anonymous Coward, 25 Oct 2010 @ 12:39pm

Hope they hang them high!
Lets step back. You are a organization hosting an event. Say, Baseball Opening Day, You price your tickets and open up your site for fans to purchase tickets to see the game. Then Some DIRT BAG comes in with a robot to buy up 80% of the tickets avaialble. You are trying your best to get the ticket to teh fan but the DIRT BAG keeps getting around your defenses. So what does the Fan have to do. One get lucky and hope to get in the 20% or to pay an ADDITIONAL MARK UP to the DIRT BAG. Why is this good or fair? I say throw them in jail.

Wait I have an Idea, I'll go to the gas station and buy all but 20% of the gas and then if 80% of the motorists want to drive their car they will have to pay my mark up.
[ link to this | view in chronology ]
- Gabriel Tane (profile), 25 Oct 2010 @ 1:54pm
  
  Re: Hope they hang them high!
  Out of curiosity, where do you stand on the whole Big Government issue?
  
  Why do we constantly turn to the government to police our convenience? Back in the day, you had to go to the ticket window to buy most tickets to most events. Along came technology and made things more convenient. Unfortunately, that also came with people looking to take advantage of that for money. I TRUELY wish we as a race have evolved past this petty greed by now, but alas we have not. I fully agree that the offending dirt bag (I think your word is too nice, by the way) should be cursed, mocked, and banned from ever buying from those vendors again. The last part of that is something the vendor is fully within its right to do. But why should it be made illegal?
  
  If this is such a problem, them swallow your convenience and tell your local vendors to go back to a box-office system. So you won't be able to buy tickets online in advance... but they won't be as easily scalped, will they? Let's keep this in perspective here... these people are not robbing you of money... they're just taking advantage of your desire for convenience and your willingness to pay. Does it suck? Yes, absolutely. Should it be illegal? No.
  [ link to this | view in chronology ]