Who says Congress can’t get anything done – this both fills someone’s real need, plus has a good acronym. This is from my Thompson-Reuters newsletter.
December 19, 2016
The United States Congress recently passed the “Better Online Ticket Sales Act” (BOTS Act). The new law, which President Obama is expected to sign, makes it illegal to use automated software (“bots”) to circumvent security systems that are designed to restrict purchases of tickets to public events, such as concerts and athletic events.
Currently, a variety of companies that sell event tickets use bots to make mass ticket purchases immediately after event tickets go on sale to the public. In some instances, the bots are designed to circumvent computer systems that are intended to limit the number of tickets that can be purchased by a single buyer.
These mass purchases sometimes result in extremely rapid ticket sell-outs, frustrating individual ticket buyers. Often, the tickets purchased using bots are re-sold to the public. The re-sale price for the tickets is generally higher than face value. This process thus generally results in greater costs to consumers.
The BOTS Act makes it illegal to bypass computer security measures in order to make mass purchases of tickets for events with a capacity of more than 200 attendees. Under the terms of the Act, bypassing the computer security measures is characterized as an “unfair or deceptive act” and is thus within the regulatory jurisdiction of the Federal Trade Commission.
The goals of the BOTS Act are sensible and useful. It is uncertain, however, that specific federal legislation was necessary in order to accomplish the objective of limiting computer security circumvention. It seems that existing federal laws, such as the Computer Fraud and Abuse Act, provide adequate authority to support legal action against parties who engage in circumvention of computer systems that are engaged in interstate commerce.
One noteworthy apparent consequence of the BOTS Act is the formal expansion of the FTC’s role in regulation of online transactions and activities. The BOTS Act characterizes efforts to circumvent computer security systems as illegal commercial trade practices. This appears to grant to the FTC the lead role in regulating U.S. computer security.
With the implementation of the BOTS Act, it seems that the FTC has joined law enforcement authorities at the leading edge of computer security enforcement in the United States. That role will likely require significant resources for the FTC. In order to execute this mission effectively, the FTC must receive substantial additional resources.