Legal Issues

by Mike Masnick


Filed Under:
hacking, terms of service

Companies:
ticketmaster



Judge Refuses To Dismiss Criminal Charges For Violating Ticketmaster's Terms Of Service; Trial Moves Forward

from the read-the-fine-print dept

We've discussed how it's becoming unfortunately common for companies to use the The Computer Fraud and Abuse Act to turn things that should not be criminal cases into criminal cases. What's often done is that someone will find a part of a website's terms of service that was not obeyed, and then use that to claim that the access to the website was "unauthorized," thus triggering criminal charges under the CFAA. We've seen it in the recent Facebook/Power.com lawsuit as well as, most famously, in the Lori Drew case, which eventually was dismissed, only after a jury ruled on the matter.

During the summer, we had discussed how the same issue was coming up in a case involving a ticket reseller who had created computer systems to get by Ticketmaster's attempts to limit ticket sales. They would get around purchase limits and things like CAPTCHAs with some automated software that, from the sound of things, was incredibly effective. Now, violating the site's terms of service might be a contractual violation, but a criminal one? As much as people might dislike scalpers buying up tickets to popular events and then reselling them, that doesn't mean we should let those feelings cloud the specific legal questions.

Unfortunately, a judge has decided to punt on the matter, at least for now, refusing to dismiss the case at this stage, and setting a date for a trial next year. While the judge is aware of the Lori Drew case, she claimed that the fact pattern there was really different and, anyway, the decision on the appropriateness of using the CFAA was ruled on after the trial. That last point seems rather meaningless. The appropriateness of the CFAA doesn't seem like something that requires a trial. In the Drew case, the trial was a total waste for everyone involved, because after it was decided, the judge decided to toss everything out anyway. Why not save everyone the time and handle it up front?

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    TheStupidOne, 22 Oct 2010 @ 2:54pm

    This might make sense ...

    The defendants "obtained source code, in some cases through hacking."

    Now I have no idea of the validity of that statement, but if they actually hacked into ticketmaster's system and stole source code that would be a criminal act. The rest of it sounds more like a contract dispute, but I'm no legal expert.

    reply to this | link to this | view in chronology ]

    • identicon
      Rich Kulawiec, 22 Oct 2010 @ 3:09pm

      Re: This might make sense ...

      Yes, if true, then it might be appropriate to bring charges under the statutes applicable to breaking into systems and stealing source code.

      However, courts have been notoriously dim-witted about what it means to "hack" or "obtain source code": people have been dragged into court for using dig to look up DNS records and for using "view source" in web browsers. So until the precise details of this allegation are known, I'm not inclined to give it much weight.

      reply to this | link to this | view in chronology ]

    • identicon
      MrWilson, 22 Oct 2010 @ 3:18pm

      Re: This might make sense ...

      The problem with that description is that I've heard of people referring the act of right-clicking on a page in a browser and selecting View Source as "hacking" a website and obtaining "source code." I wouldn't put it past a lawyer to make the same claim, while assuming (probably correctly) that the judge in the trial won't know that that isn't actually hacking and that source code is by necessity public already. Granted that such a method is a step in other hacking methods, simply right-clicking and viewing the source are not, in themselves, hacking.

      reply to this | link to this | view in chronology ]

      • identicon
        abc gum, 22 Oct 2010 @ 5:49pm

        Re: Re: This might make sense ...

        html is source code?
        Funny how definitions change over time.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 23 Oct 2010 @ 6:32am

          Re: Re: Re: This might make sense ...

          Unless your site is dynamic, yes it is. Else it is part generated code, part source code from your CMS's templates.

          reply to this | link to this | view in chronology ]

          • identicon
            abc gum, 23 Oct 2010 @ 8:14am

            Re: Re: Re: Re: This might make sense ...

            Definitions change within a dynamic language and English is no exception. It can however lead to comic results.

            If people want to call html a programming language, so be it. I think the point being made here is that the html you see when using the "View Source" button didn't used to be considered source code and the act of viewing it is certainly not hacking. Neither is it trespassing, what is being viewed resides in local storage.

            The fact that some refer to URL changes as hacking is rather funny, and the lengths to which they go in the attempt to build rational is truly amazing. The sad part is that others believe it and eventually it becomes fact.

            reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 25 Oct 2010 @ 2:04pm

        Re: Re: This might make sense ...

        Yes a lawyer will make this argument, which is why the other party must hire a good lawyer so that lawyer can EDUCATE the judge.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Oct 2010 @ 3:33pm

    Is browsing url directories hacking? Is guessing urls hacking? Perhaps you think that accessing any publicly accessible information isnt hacking.. but any information is publicly accessible if you know the right tricks to get to it. Perhaps if such barriers are put up that its clear the operators of the site didnt intend for you to get to it, then we could agree that it isn't publicly accessible? Who has to define what those barriers are? Maybe a captcha is a barrier. Maybe a EULA is a barrier.

    The line between hacking and not hacking is not as clear-cut as you might imagine.

    The only clear-cut way to handle this is to outlaw EULAs and let the internet be the wild west. I'm game for it. I think we can handle it.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Oct 2010 @ 3:52pm

      Re:

      the strong CAN handle it..

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Oct 2010 @ 3:54pm

      Re:

      Perhaps you think that accessing any publicly accessible information isnt hacking.. but any information is publicly accessible if you know the right tricks to get to it.

      Or even enough force, eh? Why, there's really no such thing as non-public!
      /s
      Bull.
      Perhaps you don't know what people mean when they say "publicly accessible information". The mean information that the holder *intentionally* makes public. Not that which requires "hook, crook or force" (as the saying goes) to access.

      reply to this | link to this | view in chronology ]

    • identicon
      abc gum, 22 Oct 2010 @ 5:52pm

      Re:

      changing a url is hacking?
      Funny how definitions change over time.

      reply to this | link to this | view in chronology ]

  • icon
    Hugh Mann (profile), 22 Oct 2010 @ 3:40pm

    Why not a criminal act?

    If I have a business that charges admission to enter my premises (like an amusement park, for instance), and someone sneaks in under the fence somewhere and starts riding my roller coaster, that's more than just violating my "terms of use" for being on my property. It's trespassing. If I can call the cops and have the trespasser thrown in the hoosegow for entering my physical property in an "unauuthorized" way (by not paying admission, for instance), why not be able to similarly have someone charged with a crime for trespassing on my computer system (by not complying with the terms of service)?

    While I agree that we need to be careful that such concepts are not abused or otherwise taken too far, I do not disagree with the core concept.

    HM

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Oct 2010 @ 4:04pm

      Re: Why not a criminal act?

      I can call the cops and have the trespasser thrown in the hoosegow for entering my physical property in an "unauuthorized" way

      I'd like to know where you live that has that as law. In my state, you can call the police and have the police issued a lawful order to them to leave and not return. If they then violate that order, they can be arrested. You can't, for example, put up a sign in a bar prohibiting people from criticizing the libertarian party while there and then have those who do so arrested for "violating your terms".

      So where is this law you're talking about?

      reply to this | link to this | view in chronology ]

      • icon
        Hugh Mann (profile), 22 Oct 2010 @ 4:22pm

        Re: Re: Why not a criminal act?

        Mixing in free speech issues is not really relevant here. If I had a private club, I could set whatever rules I wanted, including limits on the ability of members to speak their minds. However, if the public is invited - even though it's private property - they generally get to spout off about whatever they want, as long as they're not actually causing a real problem (like interfering with others, intimidating/threatening people, etc., etc.).

        Yes, most likely, the cops will just see to the removal of the trespasser - unless it can be argued that it's not merely trespass, but actually breaking and entering. And if it's MY property, I'm certainly going to insist that I have the right to at least make that argument.

        HM

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 22 Oct 2010 @ 4:58pm

          Re: Re: Re: Why not a criminal act?

          Mixing in free speech issues is not really relevant here.

          It is if you're claiming that you can have people arrested for violating your "terms of use" for being on your property, as you claimed.

          If I had a private club, I could set whatever rules I wanted, including limits on the ability of members to speak their minds. However, if the public is invited - even though it's private property - they generally get to spout off about whatever they want, as long as they're not actually causing a real problem (like interfering with others, intimidating/threatening people, etc., etc.).

          Actually, you can make them leave if you want to (even if they aren't "interfering with others, intimidating/threatening people, etc., etc."), but you can't have them "thrown in the hoosegow", to use your term.

          reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Oct 2010 @ 5:22pm

      Re: Why not a criminal act?

      "If I can call the cops and have the trespasser thrown in the hoosegow for entering my physical property in an "unauuthorized" way (by not paying admission, for instance), why not be able to similarly have someone charged with a crime for trespassing on my computer system (by not complying with the terms of service)?"

      Not paying admission means bypassing an access-control mechanism, which is not at all the case with most terms of service violations. If website's terms of service say I'm not allowed to criticize the owner, I don't suddenly become a trespasser if I criticize the owner after having visited his website. If the website required a password and I were to break that password to gain unauthorized access, then and only then could you make a reasonable trespassing analogy.

      reply to this | link to this | view in chronology ]

    • identicon
      Bad Analogy Guy, 22 Oct 2010 @ 6:10pm

      Re: Why not a criminal act?

      What a horrible analogy.

      Treaspassing is not even close to being the same as violating the terms of service of a web site.

      As already pointed out, you can not "have the trespasser thrown in the hoosegow". At least not in most civilized societies. Who are you - Judge Dread?

      Pro-Tip: To score extra points with your bad analogy, include an automobile. For example, you could say that noncompliance with your website terms of service is like a drunk barfing all over the interior of your yellow cab.

      reply to this | link to this | view in chronology ]

      • identicon
        MrWilson, 22 Oct 2010 @ 9:22pm

        Re: Re: Why not a criminal act?

        I'm pretty sure making a car analogy outside of Slashdot commenting threads is against Slashdot's terms of use...

        reply to this | link to this | view in chronology ]

      • icon
        Gabriel Tane (profile), 25 Oct 2010 @ 6:53am

        Re: Re: Why not a criminal act?

        Sorry... my inner-geek is hopping up and down...

        "Judge Dredd". No 'a', two 'd's.

        We now return you to actually important info... sorry for the interruption.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Oct 2010 @ 3:41pm

    The System Profits Anyway

    In the Drew case, the trial was a total waste for everyone involved...

    Umm, no. The judge, lawyers, etc. involved were all paid very well for their time. So while it may have been a total waste for Drew, the legal system made a nice profit off it. I suspect that's the judge doesn't want to dismiss this case: The lawyers and others involved stand to make a nice profit however it turns out and she doesn't want to spoil the opportunity for everyone.

    reply to this | link to this | view in chronology ]

  • icon
    ofb2632 (profile), 22 Oct 2010 @ 9:07pm

    scalping

    Does it seem weird that people are saying that this company is scalping tickets when, in essence, ticketmaster is doing the exact same thing? The only difference is that ticketmaster has a monopoly on it and are trying hard to keep it that way.

    reply to this | link to this | view in chronology ]