A few weeks after the federal indictment of a group of alleged ticket hackers, Vermont legislators are zeroing in on a new law to ban the use of software “bots,” computer programs that can rapidly circumvent online security protocols to procure large blocks of tickets. The operators of Wiseguy Tickets, the subjects of the national case, allegedly used such software to obtain millions of dollars worth of high-profile event tickets.
Early last month, Vermont politicians began deliberating on the state’s first ticket resale bill, which initially included language that would limit what a broker or fan could resell a ticket for at 110 percent of face value. Under that requirement, a ticket with a face value of $100 could only be resold for $110, which often would not cover the fees and convenience charges placed on tickets.
That language has now been stripped out of the bill, and it has been replaced with the bot passage:
A person shall not intentionally use a computer program or other software to interfere with or circumvent on a ticket seller’s website a security measure, access control system, or other control or measure used to ensure an equitable ticket buying process for tickets of admission to a sporting event, theatre, musical performance, or place of public entertainment or amusement of any kind.
A person who suffers damages or injury as a result of a violation of this section may sue for: (1) appropriate equitable relief; (2) reasonable attorney’s fees and costs; and (3) the greater of: (A) actual damages suffered; or (B) $25,000 per violation of this section.
Over the past couple of years, several states have sought to outlaw the use of software bots, due in part to the Hannah Montana ticketing fiasco. But, the amended Vermont bill also takes the unique approach of delineating the legal recourse aggrieved parties can take in civil court if they fall victim to a bot attack. It also spells out how and when consumers must be notified of such security breaches because in such cases private consumer purchasing information may have been compromised. The bill requires consumers must be notified as quickly as possible, or no later than 45 days after the breach, unless if law enforcement has requested a delay, because disclosure might impede an investigation.
“Any data collector that maintains or possesses computerized data containing personal information of a consumer that the business data collector does not own or license or any data collector that acts or conducts business in Vermont that maintains or possesses records or data containing personal information that the data collector does not own or license shall notify the owner or licensee of the information of any security breach immediately following discovery of the breach, consistent with the legitimate needs of law enforcement,” the bill states.
In addition, the bill also no longer requires resellers to obtain written permission from promoters, venues or other ticket issuers to allow them to resell tickets.
State Rep. Jason Lorber, the lead sponsor of the bill, did not return a message seeking comment. The bill recently received unanimous support from the House Commerce and Economic Development Committee (one committee member did not vote), and it possibly could be voted on by the full House in the spring or summer.