The Federal Trade Commission and a Maryland-based ticket selling firm are locked in a legal fight that could reshape the ticket resale industry — and determine how far the government can go in policing alleged “bot” activity in the live events market. 

At the heart of the dispute is a disagreement of what constitutes the use of bots. Most in the ticketing industry agree that bot usage involves using scripted programs to jump the line during popular ticket sales and automatically buy up tickets, often overwhelming sites like Ticketmaster to keep other buyers out. But lawyers for the government argue that any software that allows a single user to operate multiple Ticketmaster accounts simultaneously could be considered a bot. 

On August 18, FTC attorney Molly Rucki filed a sweeping complaint accusing Key Investment Group executives of using “illegal means to purchase hundreds of thousands of tickets from Ticketmaster” for Taylor Swift’s Eras Tour and Bruce Springsteen’s 2023 tour. The agency alleges that Key deployed “thousands of fictitious Ticketmaster accounts, thousands of virtual and traditional credit card numbers, proxy or spoofed IP addresses, and SIM banks to bypass or otherwise avoid security measures” meant to enforce ticket limits. 

These tools — such as a web browser that allows a user to open tabs with different IP addresses — are technical violations of the Better Online Ticket Sales (BOTS) Act, passed by Congress in 2016, which makes it unlawful to “circumvent a security measure, access control system, or other technological control or measure on an Internet website used by the ticket issuer to enforce posted event ticket purchasing limits.”

According to the government’s filing, Key made nearly $7 million in profits in 2023 from Taylor Swift’s Eras Tour, buying nearly 380,000 tickets at a cost of $57 million and reselling them for $64 million. In one cited example, Key employees used 49 accounts to scoop up 273 tickets for Swift’s March 25, 2023 Allegiant Stadium show — far beyond the six-ticket-per-person limit Ticketmaster places on customers — and resold them for a $119,227 profit. 

But before the FTC filed its case, Key had caught wind of the FTC’s legal plans and preemptively sued the agency, arguing the government was twisting the BOTS Act beyond its original meaning. In its July complaint, Key attorney Bezalel Stern with Manatt, Phelps and Phillips flatly states, “Plaintiffs do not use bots.” Instead, Stern argues, Key purchases tickets the same way “the entire legitimate secondary-ticket market” does, using multiple Ticketmaster accounts, often under pseudonyms, managed by human employees. 

Key’s lawsuit insists the law was never meant to cover such practices. “The BOTS Act’s legislative history could not be clearer. The BOTS Act was meant to target bots,” the filing says. In support, the company cites Senate hearings from 2016 where lawmakers emphasized that the bill was designed to stop computer scripts and “sophisticated ticket bots that overwhelm the ticketing website through brute force” — not to outlaw resellers altogether. 

The company also points to Ticketmaster’s own rules for resellers, noting that the primary seller has long been aware of brokers’ use of multiple accounts on its ticket resell platform. According to Key, Ticketmaster “works actively with Key Investment Group to resell tickets KIG purchased using accounts with pseudonyms on Ticketmaster’s platform,” and even “syncs all Key Investment Group accounts and pays Key Investment Group a single check for all tickets resold.” 

More Bot Than Human? Cyber Expert Weighs In 

For cybersecurity researcher Jérôme Segura, the distinction between “bots” and “armies of humans” is more rhetorical than practical. “I read that Key Investment Group claimed they didn’t use bots, that they relied on humans to buy all these tickets,” Segura tells Billboard. “To me, it doesn’t really change the harm to users and fans in general.” 

Segura, vp of threat research for DataDome, adds, “Whether you use bots or an army of humans, you’re still doing something that’s harmful. What really matters is the intent: is it to purchase a number of tickets like a regular fan, or is it to hoard inventory and scalp it for profit?” 

Segura explains that even manual methods, such as creating dozens of accounts to get around ticket limits, can be “fraudulent if it is done by the same entity with the goal of inflating prices and maximizing profit.” He notes that this activity also distorts the dynamic pricing algorithms platforms like Ticketmaster use. “Bots, or even humans with malicious intent, will create fake activity that games the algorithms,” he says. “The result is increasing the ticket price for the entire fan base.” 

Since the BOTS Act was signed into law, enforcement has been rare — and always squarely focused on automated software. In 2021, the FTC brought its first-ever cases, settling with three groups of ticket brokers who “allegedly used automated software to illegally buy up tens of thousands of tickets” and then resell them at higher prices. Those cases were not litigated; all three defendants entered consent decrees. Key argues that the contrast is telling. “In each of those three cases, the defendants were recidivist bot users,” the company’s lawsuit says, whereas Key insists it does not “run a script or use a bot to enter Ticketmaster’s virtual waiting room.” 

Segura agrees that the landscape has shifted. “The BOTS Act goes back to 2016. Things have evolved pretty quickly,” he says. “It doesn’t really account for new kinds of attacks that you can make using AI. I think the Act needs to be updated,” adding the law should “not strictly be limited to traditional bots, but any other means that could be used to grab tickets.” 

For now, Key’s attorneys say the FTC should focus on a narrow application of the BOTS Act, only prosecuting automated scripts instead of technological workarounds that let resellers skirt limits. Key warns that if the FTC’s broader interpretation prevails, “any individual or company who uses more than one account to purchase tickets from a primary ticket seller” could be swept up, effectively shutting down the resale industry and giving “a very few multinational conglomerates who sell tickets on the primary market an effective monopoly.” 

Other ticket brokers appear to agree with Key. In August, Gary Adler, an attorney representing the National Association of Ticket Brokers, of which Key is a member, highlights an important issue for ticket resellers: “The line between innovative, widely available tools that facilitate secure transactions and software designed to cheat fans,” he wrote in an email to Billboard. “For example, password managers or virtual credit cards should not be presumed nefarious, while automated programs that bypass security measures clearly should be.”  

The FTC counters that Key’s methods are precisely the kind of unfair ticket-buying practices Congress wanted to end — even if the word “bot” conjures images of code and scripts rather than SIM banks and IP masking. 

Segura sees the fight as highlighting an undefined area of the law. “It’s pretty interesting that Key is suing the FTC, when what they’re doing is really in the gray area,” he says. “They may argue they didn’t violate the BOTS Act because they used humans, but the end result is the same: higher prices and fewer tickets for real fans.”