Can the 2016 Better Online Ticket Sales Act Beat Advanced Persistent Bots?
According to Northcoast Research, the U.S. ticket resale market is big business—booming to $5 billion dollars. And CNBC’s Zach Guzman mentions that, as primary market leaders such as TicketMaster (a unit of Live Nation Entertainment) have entered the space, software advances have made price scalping even easier for those wanting to enter the business.
Guzman particularly mentions TicketUtils as one such software that posts and pushes inventory to multiple resale markets—nearly 90% of all tickets posted to eBay come through it. TicketUtils admits that while most of its users are professional ticket brokers, many resell on the side. Yet the top 1% of its sellers provide over half the site's inventory.
According to a New York attorney general report, tens of thousands of tickets are being purchased every year by bots. Moreover, third-party brokers resell tickets on sites such as StubHub and TicketsNow at an average 49% above face value—sometimes at more than 1,000% above that.
Bots are the engine that drive the ticket resale market, according to Distil Networks’ 2016 Bad Bot Report. These are a web scraping tool that harvest data, intellectual property, price lists, product availability, and other information that comprises the competitive advantage of legitimate website owners.
In the end it’s the fans who get a raw deal. U.S. Sen. Charles Schumer calls bot operators (or scrapers in this context), “Nefarious bottom-feeding people who take people’s joy away.”
The two major components of this legislation are:
- It prohibits intentionally using or selling software to circumvent a security measure, access control system, or other control or measure on a ticket seller's website that is used by the seller to ensure equitable consumer access to tickets for any given event;
- It prohibits selling any ticket in interstate commerce knowingly obtained in violation of such prohibition. Moreover, it treats a violation as an unfair or deceptive act or practice under the Federal Trade Commission Act. It authorizes a person who suffers injury as a result of a violation of this Act to bring a civil action for damages plus $1,000 for each distinct use or sale of software, or sale of a ticket, that caused such injury, along with reasonable attorney fees. Additionally, it amends the federal criminal code to prescribe criminal penalties for such an offense.
At its core, scraping is a technical problem. The BOTS Act does not account for the recent development of sophisticated bots and their ever-evasive, exploitive technologies. After all you can only legislate against bots you can actually identify.
About the Author
Stephen Singam is Managing Director of Security Research at Distil Networks. He's a veteran Information Security & Technology Management professional with extensive experience in the Financial Services, Healthcare, Media & Entertainment and Cybersecurity Consulting industries, having held senior cybersecurity positions at Hewlett Packard (Asia Pacific & Japan), Commonwealth Bank of Australia (Sydney), 20th Century Fox/News Corporation (Los Angeles), Salesforce.com (San Francisco), IBM Corp (New York City & Singapore) and Nokia (Helsinki, Finland).More Content by Stephen Singam