FTC Gives MoviePass Execs A Wrist Slap For Changing Passwords So Users Couldn't Watch Movies
from the wrist-slaps dept
Originally, the MoviePass business model seemed like a semi-sensible idea, though we were quick to wonder if it would ever actually make a profit. Under the model, users paid $30 (eventually $10) a month in exchange for unlimited movie tickets at participating theaters, provided they signed up for a full year of service. There were, of course, caveats: you could only buy a ticket per day, and could only buy one ticket per movie. It also prohibited users from viewing 3D, IMAX, or XD films. Still, the proposal was widely heralded by some as a savior for the traditional, brick and mortar, sticky floor movie industry.
It wound up….not being that.
In 2019, a four-month investigation by Business Insider (paywalled) found that the company had been bleeding money for years, and misleading investors for much of that time. Not only was the idea never really profitable, the company couldn’t even manage to acquire enough plastic to keep up with membership card demand. Showcasing the width and depth of the dodgy effort, at one point executives genuinely thought it would be a good idea to actually change user passwords so they couldn’t use the service, thinking this would let them get their head above water.
Needless to say, this behavior was so extreme it finally got the attention of the under-funded and over-extended FTC, which finally announced it had struck a settlement with MoviePass. The settlement isn’t much to look at: because the companies involved are bankrupt there’s no financial penalty, but the executives behind the effort are barred from ?misrepresenting their business and data security practices” and “must implement comprehensive information security programs.” (Execs did have to shell out $400,000 in penalties to select California counties in a different agreement).
The full FTC complaint (pdf) indicated that the company’s not-so-clever password changing efforts impacted roughly 75,000 subscribers in total. Those users were first blocked from using the service, then when they inquired why they couldn’t login they were falsely told they were the victim of fraud:
“Under Respondents? password disruption program, Respondents invalidated the passwords of the 75,000 subscribers who used the service most frequently while claiming that ?we have detected suspicious activity or potential fraud? on the affected subscribers? accounts.”
The full complaint is worth a read, and includes details in several other bizarre efforts execs engaged in to prevent customers from actually using a service they paid for. From the FTC press release:
“MoviePass and its executives went to great lengths to deny consumers access to the service they paid for while also failing to secure their personal information,? said Daniel Kaufman, the FTC?s Acting Director of the Bureau of Consumer Protection. ?The FTC will continue working to protect consumers from deception and to ensure that businesses deliver on their promises.”
It’s not clear that a light wrist slap for executives years after it matters genuinely “protects consumers from deception,” but in a country where a regulator like the FTC is routinely under-funded, under-staffed, and demonized, you get what you ask and pay for.