Crack CAPTCHA – Get Jail Time?

Posted by Ad Hustler | Posted in Off Topic | Posted on 08-07-2010

CAPTCHA also known as “The Completely Automated Public Turing test to tell Computers and Humans Apart” (what nerd came up with that name?) is now at the center of a controversy involving Ticketmaster and a bunch of ticket scalpers called Wiseguy Tickets.  You can read the article here.  Wiseguy Tickets allegedly used multiple servers and computers to bulk order tickets from Ticketmaster and cracked the CAPTCHA using an automated process to bypass the human element normally needed to order tickets.  The Wired article claims that “This violated the sites’ terms of service, and according to prosecutors constituted unauthorized computer access under the anti-hacking Computer Fraud and Abuse Act, or CFAA.”

I admittedly don’t know much about the CFAA but my own common sense dictates that if this is any kind of issue it would have to be a civil one.  Wiseguy Tickets allegedly did something that goes against Ticketmasters TOS but is it really fraud or abuse?  They didn’t hack into Ticketmasters system. I don’t believe that they effected Ticketmasters profits in any way.  What if they didn’t use an automated system but instead hired hundreds of employees to buy the tickets?  Would that change whether the process was legal or not?

Regardless of who is right and who is wrong in this case, one thing proves to be clear.  We are at a point where the actual laws and who has jurisdiction over complaints on the internet is extremely fuzzy.

Should CAPTCHA cracking be illegal?

Ad Hustler | Subscribe To Ad Hustler

Comments

  1. Great post AdHustler. If the captcha was protecting something more important that creating Squidoo accounts, I could maybe agree with it being illegal. It would be hard to enforce. If I was Ticketmaster, or someone trying to really secure something lately, your normal captcha will almost as bad as having no captcha at all.

  2. I’ve heard about this issue for awhile now. From my understanding, it may be illegal to create fake accounts to buy tickets. The fake accounts had fake names associated with them. This could be a false identity issue.

  3. This isn’t the first time a lawsuit has come up regarding captcha and for a smart enough coder, those things are less and less of an effective solution anyway.

  4. Very interested in how this is gonna turn out. Doesn’t seem to me like this was “unauthorized access”, just a TOS violation. If TOS violations constitute unauthorized access then you now literally have thousands of felonies occurring daily.

  5. I think it’s silly. No matter what kind of script or code or whatever you make people are going to crack it for their benefit.

  6. Whats in a name?

    Scripting submissions on a website
    Automating data retrieval on a website
    Hacking a website to get data.

    Loose terms that mean the same to the uneducated in internets terminology.

  7. If I was Ticketmaster, I’d be happy selling tickets so fast

  8. Legal complaints tend to list as many incriminating issues as possible. Their biggest issues revolve around all the use of all the false identities and intent to commit fraud, unauthorized access to ticketmasters system and so on.

  9. Legal or not will depend heavily on jurisdiction. When in doubt, incorporate holdings overseas… Then it becomes an eternal game of whack-a-mole.

    Tipjar, Ticketmaster pobably isn’t happy because their level of transparency, customer confidence, etc plummets. They mecome a second-tier middleman instead of a ticketretailer – suddenly they are not doin what they’re being paid to do: distribute tickets to customers, and show managers can just skip Ticketmaster and go straight to Wiseguy Tickets and pocket whatever Ticketmaster’s cut woul have been.

    -Slave.

Post a comment