A recent California decision, Ticketmaster LLC v. Prestige Entmt Inc. (C.D.Cal 2018), pitted a website owner, Ticketmaster, against a company that used internet bots and other technical tricks to make massive purchases of tickets and then resell them for profit, something Ticketmaster strenuously wished to avoid. On a motion to dismiss the complaint, the district court dismissed some claims by Ticketmaster but kept others.
The decision teaches important lessons for companies whose websites contain large amounts of data or transactions to the public, but wish to keep competitors from extracting this data in mass amounts or engaging in mass transactions:
One of the advantages of the internet is that it allows companies to offer consumers access to massive databases containing large amounts of useful information or conduct large-scale transactions with consumers. But, the open access to consumers also allows competitors to use the same access to engage in competing services.
The recent decision in Ticketmaster is a case in point. Ticketmaster is a service that sells tickets to the public for live entertainment events – concerts, sports events, live theater. Its website allows consumers to purchase tickets for the events in a convenient way, and gives it access to a large market. But, ticket demand often exceeds supply. So, a parallel industry was born whereby secondary companies purchase tickets in large blocks and then resell them at a profit.
These purchasers often use “bots” − software applications that run automated tasks (scripts) over the internet. Typically, bots perform tasks that are both simple and structurally repetitive, at a much higher rate than would be possible for a human alone. More than half of all web traffic is made up of bots.
Ticketmaster’s conundrum – continue to allow access to consumers, but limit access to large-scale purchasers through bots and other technical measures.
Modify, adapt, sub-license, translate, sell, reverse engineer, decompile, or disassemble any portion of the Site;
Use any robot, spider, offline reader, site search/retrieval application or other manual or automatic device, tool, or process to retrieve, index, data mine or in any way reproduce or circumvent the navigational structure or presentation of the Content or the Site, including with respect to any CAPTCHA displayed on the Site . . .;
Use any automated software or computer system to search for, reserve, buy or otherwise obtain tickets . . .;
Take any action that imposes or may impose, in Ticketmaster’s sole discretion, an unreasonable or disproportionately large load on our infrastructure;
Access, reload or refresh transactional event or ticketing pages, or make any other request to transactional servers, more than once during any three-second interval;
Request more than 1,000 pages of the Site in any 24-hour period, whether alone or with a group of individuals;
In the litigation, Ticketmaster asserted various federal and state theories against Prestige Entertainment, a company who allegedly used bots to access large numbers of tickets. The district court’s mixed decision provides guidance to companies in similar situations. (It is important to keep in mind, however, that this decision was at the pleading stage, where complaints are liberally construed. It remains to be seen whether Ticketmaster can prevail on its claims.)
Contractual terms surrounding such a license can be viewed in one of two ways – conditions or covenants. Conditions qualify a party’s rights and obligations – failure to meet the condition terminates the contract. Covenants, on the other hand, are simply contractual promises to do or refrain from doing something.
In the context of copyright, this distinction is important because breach of a condition would terminate a copyright license and then allow a claim for copyright infringement. Breach of a covenant, on the other hand, would not, since the copyright license would remain unterminated, and hence there could not be copyright infringement claim, since the use was licensed. The only claim for breach of a covenant is for breach of contract.
The Digital Millenium Copyright Act (DMCA) prohibits persons to “circumvent a technological measure that effectively controls access to a [copyrighted] work." 17 U.S.C. § 1201(a)(1). Circumvention is defined as including efforts to “descramble a scrambled work, decrypt an encrypted work, or otherwise avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner.’” The DMCA provides a private cause of action for victims of circumvention. Notably, no showing of actual copyright infringement is required.
Ticketmaster employed two such measures – CAPTCHA and splunk, basically measures for identifying the user as an individual customer, not a bot. Prestige used bots and “CAPTCHA farms laborers” to circumvent these measures.
Not surprisingly, the district court held, at least at the pleading stage, that this constituted circumvention under the DMCA. That legitimate customers could complete the CAPTCHA to accomplish the same goal (access to Ticketmaster’s offerings) was irrelevant – ordinary customers did so with permission (and hence, under the DMCA, the authority) of the website owner, Ticketmaster.
The lesson: employ robust technical measures like CAPTCHA, preferably those that can track abusers of the system.
Breach of Contract
To enforce a liquidated damages provision in a contract, two requirements must be met: (1) the damages must be of the type that are difficult to calculate and (2) the amount must be a reasonable attempt to estimate the actual damages. Both requirements were met, at least at the pleading stage.
On the first requirement, the district court noted that while some damages (infrastructure costs, such as additional security measures and monitoring costs) would be easily calculable, other (loss of consumer goodwill and deterrence) were not.
On the second requirement, the district court noted that Ticketmaster's liquidated damages provision set liquidated damages at $0.25 per page request or reserve request made in excess of 1,000 pages or 800 reserve requests per 24-hour period. The high threshold for these damages and the reasonable per-page charge convinced the district court to allow this claim to proceed, at least at the pleading stage.