II
119THCONGRESS
1
STSESSION S. 196
To improve online ticket sales and protect consumers, and for other purposes.
IN THE SENATE OF THE UNITED STATES
JANUARY22, 2025
Mrs. B
LACKBURN(for herself and Mr. LUJA´N) introduced the following bill;
which was read twice and referred to the Committee on Commerce,
Science, and Transportation
A BILL
To improve online ticket sales and protect consumers, and
for other purposes.
Be it enacted by the Senate and House of Representa-1
tives of the United States of America in Congress assembled, 2
SECTION 1. SHORT TITLE. 3
This Act may be cited as the ‘‘Mitigating Automated 4
Internet Networks for Event Ticketing Act’’ or the 5
‘‘MAIN Event Ticketing Act’’. 6
SEC. 2. STRENGTHENING THE BOTS ACT. 7
(a) I
NGENERAL.—Section 2 of the Better Online 8
Ticket Sales Act of 2016 (15 U.S.C. 45c) is amended— 9
(1) in subsection (a)(1)— 10
VerDate Sep 11 2014 23:24 Feb 18, 2025 Jkt 059200 PO 00000 Frm 00001 Fmt 6652 Sfmt 6201 E:\BILLS\S196.IS S196
ssavage on LAPJG3WLY3PROD with BILLS 2
•S 196 IS
(A) in subparagraph (A), by striking ‘‘; 1
or’’ and inserting a semicolon; 2
(B) in subparagraph (B), by striking the 3
period at the end and inserting ‘‘; or’’; and 4
(C) by adding at the end the following new 5
subparagraph: 6
‘‘(C) to use or cause to be used an applica-7
tion that performs automated tasks to purchase 8
event tickets from an Internet website or online 9
service in circumvention of posted online ticket 10
purchasing order rules of the Internet website 11
or online service, including a software applica-12
tion that circumvents an access control system, 13
security measure, or other technological control 14
or measure.’’; 15
(2) by redesignating subsections (b) and (c) as 16
subsections (c) and (d), respectively; 17
(3) by inserting after subsection (a) the fol-18
lowing new subsection: 19
‘‘(b) R
EQUIRINGONLINETICKETISSUERSTOPUT 20
INPLACESITEPOLICIES ANDESTABLISHSAFEGUARDS 21
T
OPROTECTSITESECURITY.— 22
‘‘(1) R
EQUIREMENT TO ENFORCE SITE POLI -23
CIES.—Each ticket issuer that owns or operates an 24
Internet website or online service that facilitates or 25
VerDate Sep 11 2014 23:24 Feb 18, 2025 Jkt 059200 PO 00000 Frm 00002 Fmt 6652 Sfmt 6201 E:\BILLS\S196.IS S196
ssavage on LAPJG3WLY3PROD with BILLS 3
•S 196 IS
executes the sale of event tickets shall ensure that 1
such website or service has in place an access control 2
system, security measure, or other technological con-3
trol or measure to enforce posted event ticket pur-4
chasing limits. 5
‘‘(2) R
EQUIREMENT TO ESTABLISH SITE SECU -6
RITY SAFEGUARDS.— 7
‘‘(A) I
N GENERAL.—Each ticket issuer 8
that owns or operates an Internet website or 9
online service that facilitates or executes the 10
sale of event tickets shall establish, implement, 11
and maintain reasonable administrative, tech-12
nical, and physical safeguards to protect the se-13
curity, confidentiality, integrity, or availability 14
of the website or service. 15
‘‘(B) C
ONSIDERATIONS.—In establishing 16
the safeguards described in subparagraph (A), 17
each ticket issuer described in such paragraph 18
shall consider— 19
‘‘(i) the administrative, technical, and 20
physical safeguards that are appropriate to 21
the size and complexity of the ticket issuer; 22
‘‘(ii) the nature and scope of the ac-23
tivities of the ticket issuer; 24
VerDate Sep 11 2014 23:24 Feb 18, 2025 Jkt 059200 PO 00000 Frm 00003 Fmt 6652 Sfmt 6201 E:\BILLS\S196.IS S196
ssavage on LAPJG3WLY3PROD with BILLS 4
•S 196 IS
‘‘(iii) the sensitivity of any customer 1
information at issue; and 2
‘‘(iv) the range of security risks and 3
vulnerabilities that are reasonably foresee-4
able or known to the ticket issuer. 5
‘‘(C) T
HIRD PARTIES AND SERVICE PRO -6
VIDERS.— 7
‘‘(i) I
N GENERAL.—Where applicable, 8
a ticket issuer that owns or operates an 9
Internet website or online service that fa-10
cilitates or executes the sale of event tick-11
ets shall implement and maintain proce-12
dures to require that any third party or 13
service provider that performs services with 14
respect to the sale of event tickets or has 15
access to data regarding event ticket pur-16
chasing on the website or service maintains 17
reasonable administrative, technical, and 18
physical safeguards to protect the security 19
and integrity of the website or service and 20
that data. 21
‘‘(ii) O
VERSIGHT PROCEDURE RE -22
QUIREMENTS.—The procedures imple-23
mented and maintained by a ticket issuer 24
VerDate Sep 11 2014 23:24 Feb 18, 2025 Jkt 059200 PO 00000 Frm 00004 Fmt 6652 Sfmt 6201 E:\BILLS\S196.IS S196
ssavage on LAPJG3WLY3PROD with BILLS 5
•S 196 IS
in accordance with clause (i) shall include 1
the following: 2
‘‘(I) Taking reasonable steps to 3
select and retain service providers 4
that are capable of maintaining ap-5
propriate safeguards for the customer 6
information at issue. 7
‘‘(II) Requiring service providers 8
by contract to implement and main-9
tain adequate safeguards. 10
‘‘(III) Periodically assessing serv-11
ice providers based on the risk they 12
present and the continued adequacy of 13
their safeguards. 14
‘‘(D) U
PDATES.—A ticket issuer that owns 15
or operates an Internet website or online service 16
that facilitates or executes the sale of event 17
tickets shall regularly evaluate and make ad-18
justments to the safeguards described in sub-19
paragraph (A) in light of any material changes 20
in technology, internal or external threats to 21
system security, confidentiality, integrity, and 22
availability, and the changing business arrange-23
ments or operations of the ticket issuer. 24
VerDate Sep 11 2014 23:24 Feb 18, 2025 Jkt 059200 PO 00000 Frm 00005 Fmt 6652 Sfmt 6201 E:\BILLS\S196.IS S196
ssavage on LAPJG3WLY3PROD with BILLS 6
•S 196 IS
‘‘(3) REQUIREMENT TO REPORT INCIDENTS OF 1
CIRCUMVENTION; CONSUMER COMPLAINTS .— 2
‘‘(A) I
N GENERAL.—A ticket issuer that 3
owns or operates an Internet website or online 4
service that facilitates or executes the sale of 5
event tickets shall report to the Commission 6
any incidents of circumvention of which the 7
ticket issuer has actual knowledge. 8
‘‘(B) C
ONSUMER COMPLAINT WEBSITE .— 9
Not later than 180 days after the date of enact-10
ment of the Mitigating Automated Internet 11
Networks for Event Ticketing Act, the Commis-12
sion shall create a publicly available website (or 13
modify an existing publicly available website of 14
the Commission) to allow individuals to report 15
violations of this subsection to the Commission. 16
‘‘(C) R
EPORTING TIMELINE AND PROC -17
ESS.— 18
‘‘(i) T
IMELINE.—A ticket issuer shall 19
report known incidents of circumvention 20
within a reasonable period of time after 21
the incident of circumvention is discovered 22
by the ticket issuer, and in no case later 23
than 30 days after an incident of cir-24
VerDate Sep 11 2014 23:24 Feb 18, 2025 Jkt 059200 PO 00000 Frm 00006 Fmt 6652 Sfmt 6201 E:\BILLS\S196.IS S196
ssavage on LAPJG3WLY3PROD with BILLS 7
•S 196 IS
cumvention is discovered by the ticket 1
issuer. 2
‘‘(ii) A
UTOMATED SUBMISSION .—The 3
Commission may establish a reporting 4
mechanism to provide for the automatic 5
submission of reports required under this 6
subsection. 7
‘‘(iii) C
OORDINATION WITH STATE AT -8
TORNEYS GENERAL .—The Commission 9
shall— 10
‘‘(I) share reports received from 11
ticket issuers under subparagraph (A) 12
with State attorneys general as appro-13
priate; and 14
‘‘(II) share consumer complaints 15
submitted through the website estab-16
lished under subparagraph (B) with 17
State attorneys general as appro-18
priate. 19
‘‘(4) D
UTY TO ADDRESS CAUSES OF CIR -20
CUMVENTION.—A ticket issuer that owns or operates 21
an Internet website or online service that facilitates 22
or executes the sale of event tickets must take rea-23
sonable steps to improve its access control systems, 24
security measures, and other technological controls 25
VerDate Sep 11 2014 23:24 Feb 18, 2025 Jkt 059200 PO 00000 Frm 00007 Fmt 6652 Sfmt 6201 E:\BILLS\S196.IS S196
ssavage on LAPJG3WLY3PROD with BILLS 8
•S 196 IS
or measures to address any incidents of circumven-1
tion of which the ticket issuer has actual knowledge. 2
‘‘(5) FTC
GUIDANCE.—Not later than 1 year 3
after the date of enactment of the Mitigating Auto-4
mated Internet Networks for Event Ticketing Act, 5
the Commission shall publish guidance for ticket 6
issuers on compliance with the requirements of this 7
subsection.’’; 8
(4) in subsection (c), as redesignated by para-9
graph (1) of this subsection— 10
(A) by striking ‘‘subsection (a)’’ each place 11
it appears and inserting ‘‘subsection (a) or (b)’’; 12
(B) in paragraph (2)— 13
(i) in subparagraph (A), by striking 14
‘‘The Commission’’ and inserting ‘‘Except 15
as provided in paragraph (3), the Commis-16
sion’’; and 17
(ii) in subparagraph (B), by striking 18
‘‘Any person’’ and inserting ‘‘Subject to 19
paragraph (3), any person’’; and 20
(C) by adding at the end the following new 21
paragraphs: 22
‘‘(3) C
IVIL ACTION.— 23
‘‘(A) I
N GENERAL.—If the Commission has 24
reason to believe that any person has committed 25
VerDate Sep 11 2014 23:24 Feb 18, 2025 Jkt 059200 PO 00000 Frm 00008 Fmt 6652 Sfmt 6201 E:\BILLS\S196.IS S196
ssavage on LAPJG3WLY3PROD with BILLS 9
•S 196 IS
a violation of subsection (a) or (b), the Commis-1
sion may bring a civil action in an appropriate 2
district court of the United States to— 3
‘‘(i) recover a civil penalty under 4
paragraph (4); and 5
‘‘(ii) seek other appropriate relief, in-6
cluding injunctive relief and other equi-7
table relief. 8
‘‘(B) L
ITIGATION AUTHORITY.—Except as 9
otherwise provided in section 16(a)(3) of the 10
Federal Trade Commission Act (15 U.S.C. 11
56(a)(3)), the Commission shall have exclusive 12
authority to commence or defend, and supervise 13
the litigation of, any civil action authorized 14
under this paragraph and any appeal of such 15
action in its own name by any of its attorneys 16
designated by it for such purpose, unless the 17
Commission authorizes the Attorney General to 18
do so. The Commission shall inform the Attor-19
ney General of the exercise of such authority 20
and such exercise shall not preclude the Attor-21
ney General from intervening on behalf of the 22
United States in such action and any appeal of 23
such action as may be otherwise provided by 24
law. 25
VerDate Sep 11 2014 23:24 Feb 18, 2025 Jkt 059200 PO 00000 Frm 00009 Fmt 6652 Sfmt 6201 E:\BILLS\S196.IS S196
ssavage on LAPJG3WLY3PROD with BILLS 10
•S 196 IS
‘‘(C) RULE OF CONSTRUCTION .—Any civil 1
penalty or relief sought through a civil action 2
under this paragraph shall be in addition to 3
other penalties and relief as may be prescribed 4
by law. 5
‘‘(4) C
IVIL PENALTIES.— 6
‘‘(A) I
N GENERAL.—Any person who vio-7
lates subsection (a) or (b) shall be liable for— 8
‘‘(i) a civil penalty of not less than 9
$10,000 for each day during which the vio-10
lation occurs or continues to occur; and 11
‘‘(ii) an additional civil penalty of not 12
less than $1,000 per violation. 13
‘‘(B) E
NHANCED CIVIL PENALTY FOR IN -14
TENTIONAL VIOLATIONS .—In addition to the 15
civil penalties under subparagraph (A), a per-16
son that intentionally violates subsection (a) or 17
(b) shall be liable for a civil penalty of not less 18
than $10,000 per violation.’’; 19
(5) in subsection (d), as redesignated by para-20
graph (1) of this subsection, by striking ‘‘subsection 21
(a)’’ each place it appears and inserting ‘‘subsection 22
(a) or (b)’’; and 23
(6) by adding at the end the following new sub-24
sections: 25
VerDate Sep 11 2014 23:24 Feb 18, 2025 Jkt 059200 PO 00000 Frm 00010 Fmt 6652 Sfmt 6201 E:\BILLS\S196.IS S196
ssavage on LAPJG3WLY3PROD with BILLS 11
•S 196 IS
‘‘(e) LAWENFORCEMENTCOORDINATION.— 1
‘‘(1) I
N GENERAL.—The Federal Bureau of In-2
vestigation, the Department of Justice, and other 3
relevant State or local law enforcement officials shall 4
coordinate as appropriate with the Commission to 5
share information about known instances of 6
cyberattacks on security measures, access control 7
systems, or other technological controls or measures 8
on an Internet website or online service that are 9
used by ticket issuers to enforce posted event ticket 10
purchasing limits or to maintain the integrity of 11
posted online ticket purchasing order rules. Such co-12
ordination may include providing information about 13
ongoing investigations but may exclude classified in-14
formation or information that could compromise a 15
law enforcement or national security effort, as ap-16
propriate. 17
‘‘(2) C
YBERATTACK DEFINED .—In this para-18
graph, the term ‘cyberattack’ means an attack, via 19
cyberspace, targeting an enterprise’s use of cyber-20
space for the purpose of— 21
‘‘(A) disrupting, disabling, destroying, or 22
maliciously controlling a computing environ-23
ment or computing infrastructure; or 24
VerDate Sep 11 2014 23:24 Feb 18, 2025 Jkt 059200 PO 00000 Frm 00011 Fmt 6652 Sfmt 6201 E:\BILLS\S196.IS S196
ssavage on LAPJG3WLY3PROD with BILLS 12
•S 196 IS
‘‘(B) destroying the integrity of data or 1
stealing controlled information. 2
‘‘(f) C
ONGRESSIONAL REPORT.—Not later than 1 3
year after the date of enactment of this paragraph, the 4
Commission shall report to Committee on Commerce, 5
Science, and Transportation of the Senate and the Com-6
mittee on Energy and Commerce of the House of Rep-7
resentatives on the status of enforcement actions taken 8
pursuant to this Act, as well as any identified limitations 9
to the Commission’s ability to pursue incidents of cir-10
cumvention described in subsection (a)(1)(A).’’. 11
(b) A
DDITIONALDEFINITION.—Section 3 of the Bet-12
ter Online Ticket Sales Act of 2016 (15 U.S.C. 45c note) 13
is amended by adding at the end the following new para-14
graph: 15
‘‘(4) C
IRCUMVENTION.—The term ‘circumven-16
tion’ means the act of avoiding, bypassing, removing, 17
deactivating, or otherwise impairing an access con-18
trol system, security measure, safeguard, or other 19
technological control or measure described in section 20
2(b)(1).’’. 21
Æ
VerDate Sep 11 2014 23:24 Feb 18, 2025 Jkt 059200 PO 00000 Frm 00012 Fmt 6652 Sfmt 6301 E:\BILLS\S196.IS S196
ssavage on LAPJG3WLY3PROD with BILLS