Leaders of Online Ticket Scalping Enterprise Charged With Cyber Crimes

March 15, 2010 by David S. Seltzer

A news story out of New Jersey caught the attention of Miami cyber crime criminal defense attorneys like me. Wired’s Threat Level blog reported March 1 that four people involved in a company called Wiseguy Tickets and Seats of San Francisco were charged with hacking, wire fraud and other federal crimes for running a large-scale scheme to scalp tickets. Federal prosecutors say the defendants made $25 million in profits between 2002 and 2009 by bypassing online security measures and buying hundreds of tickets to high-demand events like Miley Cyrus concerts and the Rose Bowl. They would then re-sell the tickets at higher prices. Prosecutors say they were so successful that they were the best source of the best tickets to some events.

Online ticketing companies have security measures in place to ensure that this sort of large-scale scalping cannot occur. In addition to limiting how many tickets any one person can buy for an event, they use programs called CAPTCHA or reCAPTCHA, which require users to prove they are human by entering deformed text shown in a picture. The Wiseguy defendants are accused of hiring an overseas programmer to write a program to read and retype the text. Then, they were able to write programs that connected to ticketing websites and bought tickets automatically the moment they went on sale -- depriving human fans of a chance to buy them. To make it look like the programs were thousands of individuals, they used thousands of IP addresses and email addresses, as well as credit card numbers of brokers who would later sell the tickets back to Wiseguy.

The actual charges against the defendants are conspiracy to commit fraud, wire fraud, accessing a protected computer with intent to defraud, obtaining information from a protected computer and transmitting a program that causes unauthorized damage. Interestingly, though, this case first came to my attention through a New Jersey Star-Ledger blog post suggesting that the defendants didn’t really break any laws. There is no federal law against scalping, and many states don’t outlaw it either. (In fact, Florida legalized it in 2006.) As a result, federal prosecutors had to use hacking and wire fraud charges in ways that Congress may not have originally envisioned.

It’s not at all clear to me, as a Fort Lauderdale cyber crime criminal defense lawyer, that the defendants’ behavior met the definitions of some of these laws. Many of them turn on the definition of “fraud,” which is so broad that lying to someone over the phone may be considered wire fraud. Obtaining information from a protected computer may apply if the defendants had to bypass security to get the source code for CAPTCHA, for example. But it seems likely that the charge wouldn’t stand if charged just for using the LiveNation website in an intended and publicly available way that LiveNation doesn’t happen to like. The indictment makes much of the measures Wiseguy took to avoid detection by ticket sellers, but while those sellers have every right to set their own rules, breaking them is not a federal crime.

Some of the commenters to the Wired post complained that the defendants were essentially charged with violating the terms of service at ticketing websites. As the Star-Ledger columnist pointed out, Wiseguy was in direct competition with a ticket reselling company run by LiveNation itself -- so this case could be considered an attempt to protect LiveNation’s monopoly. Nonetheless, as a West Palm Beach cyber crime criminal defense attorney, I think there are some novel legal issues at stake in this case -- for example, whether end-runs around a private company’s rules are considered fraud. I look forward to seeing how the court rules.