Bots and Touts: A summary of offences potentially committed by bot owners and ticket resellers.

01 April 2021

At 11am on 15 March 2021, hundreds of thousands of tickets went on sale for the next Rugby World Cup which will be held in France in 2023. Rugby fans had received messages for months urging them to sign up as part of the “2023 Family” to give themselves a head start on securing tickets. When the ticket website opened people all over the globe found themselves in a digital queue. On their screen they saw the image of a little ball sailing through the air at snail’s pace towards rugby goal posts, with a progress counter ticking towards 100%.

And then people’s numbers started going backwards. Their progress dropped from 35%, to 23%, to 20%, up to 22%, back down to 19% - and then began to crawl upwards. Other faced a worse fate, their number stopped increasing entirely. Soon the numbers disappeared, the sailing rugby ball frozen in time somewhat short of the posts. Others reached 100% and were then told that there had been an error on the website. Thousands of unlucky punters swarmed onto social media complaining about the poor organisation; about how the organisers could not organise a website, let alone a tournament; how they felt let down by the poor technology. A few, very lucky, others claimed to have been successful.

A narrative began to emerge. The suspicion among many was not that there had been some massive failure of technology or organisation. Instead, they suspected the insidious influence of ‘bots’.

What are bots?

Think about the normal process of buying a ticket online. You go to the website, have a browse for what you want to buy, choose the tickets you want, check they’re still available, add them to your shopping cart, confirm that you want to pay for them, perhaps go through an account creation process, enter your billing address, enter your shipping address, enter a card number, tick to confirm that you have read all of the terms and conditions, tick to confirm you accept the privacy policy, re-enter your security code because you got a digit wrong, click purchase, pray that the website doesn’t crash, receive confirmation that your purchase has been successfully completed. And breathe.

Bots automate all of that. They are sophisticated pieces of software that can complete any number of tasks to save real human users time and effort. There are thousands of bots on Wikipedia, and on twitter, and all over the web. Google has a whole series of bots, billions of them, to automate their process of cataloguing the entire internet. More or less anything you can do online can be automated by a bot.

Ticket bots are used to automate the ticket buying process; but most people do not use bots. Most people just log on and take their chances. Bots are predominantly used by ticket resellers – “touts” to you and me – to secure as many tickets as possible as quickly as possible. Bots don’t have to take time to read a screen like you and me, they can read the entire page and look out for pre-programmed key words in the blink of an eye. They are programmed to find the quickest way to buy tickets that they can. Moreover, one average powered computer can run hundreds of bots. It’s a numbers game.

There is an ongoing cold war, fought between bot designers and website operators to try to keep bots out of the process by using “Captcha” tests (the standard “prove you’re not a robot” stuff) but the bots are normally one step ahead of the game.

Surely there are laws against that?

Touts and their practices can be something of a divisive issue. Some argue that they are predatory, taking advantage of the pressures on event organisers to price their products competitively to increase participation and access. Others worry that touts enable those who are excluded from sporting events (due to Football Banning Orders, for instance) to attend events unchecked. Conversely, others see tickets as a simple possession that the owner may dispose with as they wish – and why shouldn’t people make a profit on their investment if there is enough demand in the market?

This article takes no moral stance on the activities of touts or resellers. For some 30 years, however, Governments have been persuaded to rein in some of their activities.


Football has been afforded some protection since the Criminal Justice and Public Order Act 1994. That Act criminalises the sale or disposal of tickets to “designated” football matches (as determined by the relevant Secretary of State).

Consumer Rights Act 2015

In 2011, the Rugby Football Union (“RFU”) obtained an Order that the ticket resale website Viagogo provide them with the full details of the tickets that had been advertised for sale for a series of international rugby fixtures. The RFU, thanks to very tightly drafted terms and conditions, was able to allege that those reselling their tickets on Viagogo had breached their terms and so had committed actionable wrongs against the RFU.

This approach was copied in s90 of the Consumer Rights Act 2015. Under that provision, where a ticket for a recreational, sporting or cultural event in the UK is resold through a secondary ticketing facility, the facility must provide the buyer with specified information including the details of the particular seat on sale and the face value of the ticket. This allows event organisers, at a glance, to identify the tickets which have been advertised for resale. In turn it may be that the organiser enforces its rights against the first instance purchaser by, for instance, cancelling the ticket or claiming damages.

Breaches of this requirement are enforced by Trading Standards offices, and can be punished by fines of up to £5,000 for each offence.

Digital Economy Act 2017

Section 106 of the Digital Economy Act 2017 empowered the Secretary of State to make regulations to create an offence in relation to online ticket purchases. This offer was taken up by the Department for Digital, Culture, Media and Sport in 2018 in the form of The Breaching of Limits on Ticket Sales Regulations 2018.

These Regulations appear to be aimed squarely at ticket bots. The Regulations only apply for online sales of sporting, recreational or cultural events held in the UK. Further, they only apply when the organiser has set limits on the number of tickets that may be purchased by any one purchaser.

The offence created is to “use software that is designed to enable or facilitate completion of any part of a [ticket purchase process]” and to do so with the intent of obtaining more tickets than authorised to do so by the organiser with a view to making a financial gain. On summary conviction this may be punished with a fine.

It is important to note that under this provision, bots are still perfectly legal. It is simply the way that they are used that is potentially criminalised. The offence also relies upon organisers setting clear limits on ticket numbers in their terms and conditions.

Other approaches

Although not specifically targeted at touts and ticket resellers, it is possible that other areas of law could apply to their activities.

The case of R v Marshall [1998] 3 WLUK 158 related to the sale of discarded London Underground tickets. In that case, Marshall and his co-defendants obtained discarded travelcards and tickets and sold them on to transport users. The Court of Appeal held that the terms and conditions of London Underground tickets gave them the right to insist that only the original purchaser use the ticket to travel. To breach such conditions was an appropriation of the right of London Underground, and so (along with the other elements of the offence) Marshall and others were guilty of theft.

In a similar vein, it could well be argued that if terms and conditions are drafted tightly enough, a similar offence would arise when individuals attempt to resell tickets for sporting events. Threats to pursue prosecutions against resellers have already been made by the producers of certain West End shows.

It is also worth considering the provisions of the Computer Misuse Act 1990. Section 1 of that Act provides that a person is guilty of an offence if he (i) causes a computer to perform any function with intent to secure access to any program or data held in any computer (or enable any such access to be secured), (ii) the access he intends to secure (or enable to be secured) is unauthorised; and (iii) he knows at the time he causes the computer to perform the function that that is the case.

It is not difficult to see the link between such an offence and the use of ticket bots. Where such bots are prohibited by the conditions of sale, to use them would be unauthorised and therefore arguably an offence under Section 1.


It seems clear that where event organisers seek to prevent (or potentially even criminalise) the use of bots, it is vital that they have very clear, tightly drafted terms and conditions of sale which make it clear that such activities are prohibited. It is also important, should they wish to take advantage of the provisions in the Digital Economy Act 2017 that there is a clear limit upon the number of tickets that may be purchased. The more speculative actions under the Theft Act or Computer Misuse Act also require specific terms and conditions in place in order for their provisions to bite.

At Crucible, we have a number of expert criminal barristers with significant experience of computer related offences, and solid commercial awareness, who are able to advise event organisers and producers who wish to enforce their rights. We are also very well placed to advise ticket resellers to assist in ensuring that they do not open themselves up to any criminal liability. If you would like advice on any of these matters please do not hesitate to get in touch.

Ben Rowe.
Related specialisms.