Ticketfails have become as much a part of fandom as slashfic and cosplay. While PR flubs and angry complaints get a fair bit of attention, the crash of ticket sales for last week’s promotion of a Doctor Who premiere in New York also illustrates the potential for legal problems.
A few thoughts on the legal dimension of online event ticketing — and why it matters — after the jump.The past few years have given rise to several interesting examples of how online event registration has made ticketing both more simple and complex. The iconic example of ticketing problems in the pop-culture world is probably that of Comic-Con International, where enduring a server crash became an annual ritual as the charity grew into the Woodstock of the entertainment world.
Like Comic-Con, BBC America is a charitable enterprise adapting to pop culture fandom’s transition from the cultural margins to the mainstream. (BBCA is part of a network of ventures operated for the benefit of the public-purpose BBC Trust.) The good Doctor’s spike in popularity since the first New York screening two years ago made tickets inevitable, not just to avoid turning away fans at the end of a long line but to forestall liability from an accident, health problem or other incident camping out by a busy city thoroughfare.
In its basic structure BBCA’s event management was relatively typical. The company scheduled the upcoming August 25 premier at a large theater, the Ziegfeld, and it outsourced the distribution to MovieTickets.com. handling the BBCA’s marketing team also took the opportunity to leverage public interest in its most popular program by directing people to follow its Twitter feed in order to be first to get the link to buy tickets.
This is where things got interesting. The price for each tickets was just eleven cents—a penny for each of the Doctor’s eleven incarnations. As a result, amplifying the series’ growing popularity was a lack of any of price discrimination, which would have tempered, say, more expensive pricing for a premiere at the Paley Center. Once the BBCA Twitter feed posted the link, thousands of people hit MovieTickets.com and the site crashed.
If all that had happened was a server crash precipitated by a massive amount of traffic, the basis for legal action would be weak at best. The mere inability to get tickets is not a viable basis for a lawsuit—although stranger things have happened in tort-friendly jurisdictions, a New York court would not likely be your friend. Disappointed fans could try to seek compensation for lost time and event access due to BBCA’s decision to patch around the crash by posting a backdoor link on tumblr instead of Twitter, but the minimal damages and excessive cost of litigation would make for at best a pyrrhic victory. Moreover, BBCA has already taken remedial measures to make sure that future ticket distributions will not suffer from similar miscommunication.
Where things get more problematic from a legal perspective is the apparent breakdown in credit card processing. Within a few minutes frustrated would-be ticket buyers began reporting on Twitter that movietickets.com was collecting their credit card information but not confirming their purchases. Several people noted that their cards had been charged but they didn’t receive tickets, while others reported that in the confirmation process MovieTickets.com was displaying strangers’ credit card information in place of their own.
Happily, MovieTickets.com and BBCA seem to have already taken one step to prevent legal problems in a situation such as this. There were indications initially that MovieTickets.com would not give tickets or refunds to individuals whose credit cards had been charged without a separate confirmation. If the companies had not relented on this alleged response, those affected would have had a clear basis for alleging larceny and fraud. Since the problem appeared to stem from a systemic programming flaw, an ambitious lawyer would have sued on behalf of the class of all similarly situated MovieTickets.com customers—the sort of expensive, bad publicity lawsuit that most companies and their insurers prefer to resolve with a quiet settlement.
Where MovieTickets.com and BBCA remain vulnerable is the apparent mishandling of confidential credit data by its ticket processing system. Multiple independent reports of individuals being shown credit card information from other other people or having their credit cards charged for the benefit of unnamed third parties should have led MovieTickets.com and also BBCA to conduct an immediate investigation. As evidenced by Federal Trade Commission actions and the recent LinkedIn lawsuit following a data leak, such breaches of security can expose organizations to fines and class action lawsuits. For example:
- Representations of data security on MovieTickets.com could provide a credible basis for the Federal Trade Commission to file a fraud complaint.
- Likewise, akin to the recent class action filing against LinkedIn, individuals who put their data at risk by entering into the MovieTickets.com system could file a class action based on state law fraud and negligence claims.
- A state law class action could arguably also include BBCA on the negligence grounds based on an alleged failure to investigate whether its chosen ticket seller handled data in a secure fashion.
- In addition, self-regulatory and security certification organizations could also have a basis for imposing penalties based on violation of payment card industry compliance standards.
Although it is possible, even likely, that disgruntled Doctor Who fans won’t turn their disappointment into a federal or state case, every organization engaged in selling tickets for an event needs to be aware of possible exposure. There is, after all, a cottage industry in class actions, and it only takes one upset patron to file a multimillion dollar claim on behalf of everyone affected by the system failure.
As someone who is equally intrigued by the logistics of organizational planning and Dalek politics, I decided to see how service reps and executives for both organizations would respond to concerns about a data breach as well as MovieTickets.com’s harvesting of card numbers without a purchase. The results were, shall we say, less than optimal, although an attorney looking for a payday would no doubt be glad to hear that such issues are routine and not worth fixing.
For a charity or charitable enterprise, the costs of such a lawsuit could have a substantial effect on programming, if not the organization’s very existence. At the very least, organizations planning to get involved in online transactions should consider engaging in substantial due diligence in regard to data security, particularly if there is a possibility of demand scaling beyond the norm. Insurance against possible liability is never a bad idea if your group can afford it, and savvy training in client communications can help prevent potential legal problems from escalating.