The message is pretty clear: don’t fuck with Taylor Swift fans. Days after the most popular music artist in America announced her first tour in four years, the concert industry plunged into turmoil and the company that largely controls it is now facing stern criticism from all quarters, including those that should really put a fright in Live Nation’s C-Suite.

Two million outraged Swifties have compelled the US Department of Justice to leak information to the media that they are knee-deep in a previously undisclosed anti-trust investigation of Live Nation, parent company of Ticketmaster. The monopoly power of Ticketmaster — unbowed for decades — is finally being challenged, or at least acknowledged.

That anyone questions whether Ticketmaster is a functional monopoly is almost laughable. The handful of smaller ticketing companies live in their giant rival’s shadow and fear invoking its wrath.

CrowdSurge was one company that invoked that wrath in a telling way: they created a better product. In response to their challenge, Ticketmaster employees hacked CrowdSurge’s systems in order to clone their products and ultimately destroy the company.

The government’s statement of facts is a shocking narrative of crime, describing the abuse of monopoly power by Ticketmaster deployed to crush a rival start-up.

If you’ve been a touring artist in the industry for a decade or so, you probably got a little kick of nostalgia when you read that name. CrowdSurge (which later merged with Songkick) was once praised as the best of a new generation of ticketing start-ups, one which aggressively pursued artists and provided them with a suite of tools that helped the tricky process of selling pre-sale tickets.

In December 2015, after the merger, Songkick learned of Ticketmaster’s hack and filed a civil complaint for anti-trust violations. Ticketmaster responded with scorn, which seemed to be proven out when Songkick exited from the ticket business and sold the remnants of the company two years later. The US government would eventually pick up the trail and, in a case settled two years ago, would prove that the allegations outlined by Ticketmaster’s crushed rival were substantially true.

Two Ticketmaster employees were initially promoted after hacking CrowdSurge on behalf of their bosses. Later, they would be fired. In their settlement with the government, Ticketmaster “admits, accepts and acknowledges that it is responsible under United States law for the acts of its officers, directors, employees and agents” who committed several substantial crimes.

Yet the US government inexplicably went soft on Ticketmaster from the start. The government and Ticketmaster entered into a “deferred prosecution agreement,” despite the government’s complaint that Ticketmaster did not fully disclose all information to investigators, as they had been compelled to do. The settlement itself was announced on New Year’s Eve 2020, regarded by the press as the slowest news day of the year and a time when powerful companies dump their bad news on a nation in the process of developing a splitting migraine. For a case involving hacking, crime and the abuse of monopoly power, reporting on the matter was curiously muted.

With Ticketmaster and Live Nation again in the news for abuse of their monopoly power, it’s worth revisiting the case of US vs. Ticketmaster LLC. It shows the peril that awaits those who challenge the industry giant, and perhaps draws attention to a type of power that even US Attorneys fear.

o o o

A “deferred prosecution agreement” is a term more frequently associated with criminal justice reform than white collar crime committed by employees of a $15 billion company. It’s often used as part of a broader settlement and, when used by US Attorneys or the SEC, as a means to impose a form of “probation” upon corporations.

One of the terms of the deferred prosecution of Ticketmaster is that the company stipulates that they will not challenge the “Statement of Facts” outlining the criminal behavior by Ticketmaster’s employees. Even if the government picks up the gauntlet and pursues penalties for the charges that are presently deferred, Ticketmaster “will not dispute the Statement of Facts set forth in this Agreement” and acknowledges it as “true and accurate.” Part of the terms is that Ticketmaster will not “make any public statement, in litigation or otherwise, contradicting the acceptance of responsibility by the Company.” What’s a loss for consumer justice is a gain for journalism because this means the story presented here, drawn from the narrative in the Statement of Facts, isn’t our account of Ticketmaster’s crime spree. It’s their own.

Songkick was a start-up founded in the UK by Ian Hogarth, Michelle You and Pete Smith in 2007. A New York Times profile published four years later suggested it was becoming an “Internet Music Database for live music.” Songkick aspired to “do more than just sell tickets” but planted social functions right into the heart of the site. As the Times described this early iteration:

CrowdSurge usernames and passwords were being passed around by Ticketmaster executives, who were encouraged to “screen-grab the hell out of the system.”

Songkick’s main function is simple on an almost Web 1.0 level. After users sign up to track their favorite bands, the service sends free e-mail notifications when those acts are going to be in town, drawing from its database of more than 100,000 concert listings around the world. To fill in any gaps, it can also scan a user’s playlists on iTunes, Pandora or other digital music services, and recommend relevant events.

“We want to make it as easy to go to a concert as it is to go to the movies on a Friday night,” said Ian Hogarth, the company’s chief executive.

Hogarth argued passionately (and naïvely) for a site that would “represent live music fans online. Not focused on the venue or the particular tickets system, but focused on the fan. And we believe that can be a huge company.”

In 2015, Songkick merged with another company called (rather unfortunately, given the concert tragedies of recent times) CrowdSurge. Founded a year after Songkick, CrowdSurge was in the business of providing services to enable artists to sell tickets directly-to-customers. The combined company, which also obtained a new funding round of $16 million from several venture capital firms, would form “the world’s largest artist-ticketing platform [combined] with the world’s largest concert discovery service.”

What no one knew at the time was that CrowdSurge had been targeted as a “threat” by executives at Ticketmaster as the industry giant sought ways to defeat what they considered a dangerous “insurgent.”

o o o

Back in 2013, a Ticketmaster executive named Zeeshan Zaidi had arrived at the company, seemingly with this single target in sight. In “one of the very first documents he ever created at Ticketmaster” after his appointment as the head of the company’s Artist Services division, Zaidi drafted an extensive plan to “defeat this threat/insurgent.” The threat was CrowdSurge.

Ticketmaster also hired a person identified in court documents as “Coconspirator-1” and from Songkick’s civil complaint is believed to be a man named Stephen Mead. Mead arrived at a Ticketmaster subsidiary called “TicketWeb” from a previous stint as general manager of US operations for CrowdSurge. (Mead’s LinkedIn page shows he worked as General Manager and SVP Global Operations at CrowdSurge from 2010 to July 2012. Interestingly, it also describes a two year stint as “Digital Business/Merchandise Manager” for Tiësto.)

Mead had proprietary knowledge of CrowdSurge’s systems and strategy. He also had in his possession tens of thousands of their internal documents. But most importantly, he knew multiple usernames and passwords to access the systems of what the Statement of Facts refers to as the “Victim Company.” The Statement of Facts indicates that “Coconspirator-1” used these to repeatedly login and siphon off confidential data and real-time information about his old company on behalf of his new one.

By 2014, Ticketmaster’s infiltration of CrowdSurge was so in the open that an employee was reportedly logging into his old company’s proprietary systems in front of more than a dozen Ticketmaster employees attending a summit. The goal of the summit was “to pow-wow about strategy and [Ticketmaster’s] platform plan to trump CrowdSurge.”

The information began to flow “just weeks after Coconspirator-1 started working” for TicketWeb. An unnamed executive asked Mead to provide Zaidi with information pilfered from hacking CrowdSurge so Ticketmaster would be able to “formulate a compelling offer for Artist (presales, merch, fanclubs, etc)” — in essence, to clone CrowdSurge’s platform and steal their customers. As early as November 2013, Mead promised to “pass on as much information as you [Zaidi] need” about CrowdSurge. One executive said the goal was to “choke off [CrowdSurge]” and “steal back one of [CrowdSurge’s] signature clients.” Mead had previously “personally handled” an artist’s North and South American tours for CrowdSurge; his information, he told the Ticketmaster executives, would “cut [CrowdSurge] off at the knees.”

By 2014, CrowdSurge usernames and passwords (initially established for artist management companies) were being passed around among Ticketmaster executives, who were encouraged to “screen-grab the hell out of the system.”

At issue was mainly CrowdSurge’s ticket analytics and sales tools for artists (the company boasted of clients including Paul McCartney, Ellie Goulding, Childish Gambino and John Legend, according to the Guardian). These tools helped artists sell pre-sale tickets. Pre-sale tickets were often for Ticketmaster events, but were sold “off-platform” — meaning Ticketmaster was unable to charge ticket buyers their often exorbitant “service charges.” The “Artist Services” division of Ticketmaster embroiled in this crime spree was responsible for persuading artists and management to use Ticketmaster’s own platform to sell pre-sale, “and in certain circumstances to discourage artists from using competitor ticketing services” like Songkick and CrowdSurge.

By 2014, Ticketmaster’s infiltration of CrowdSurge was so in the open that Mead was reportedly logging into his old company’s proprietary systems in front of more than a dozen Ticketmaster employees attending a summit. The goal of the summit was “to pow-wow about strategy and [Ticketmaster’s] platform plan to trump CrowdSurge.” During a presentation projected onto a large screen in the conference room, Mead demo’d CrowdSurge’s tools for artists live after logging in and showed the attendees the various analytics CrowdSurge generated for them. Later Zaidi showed slides to Ticketmaster executives featuring screen captures of CrowdSurge’s proprietary tools. The hacking team at Ticketmaster used this information to create a list of 125 artists that CrowdSurge was pitching on their services. Ticketmaster used this list to pressure those artists to use Ticketmaster’s services instead.

o o o

That all of this was highly illegal was known at the time. In multiple emails, Mead warned against “snooping around” after accessing the systems and advised fellow Ticketmaster employees to use caution. Investigators later verified these multiple intrusions (including when Zaidi was showing off for other Ticketmaster executives) with log data from Songkick’s servers.

After this crime spree, Zaidi was promoted to head of Ticketmaster’s Artist Services division and the former CrowdSurge employee was made Director of Client Relations and given a raise. He sent an email to someone else inside the company expressing his joy at being “part of the Artist Services team! Now we can really start to bring down the hammer on [Victim Company].”

The Statement of Facts is a shocking narrative of crime and the abuse of monopoly power by Ticketmaster, deployed to crush a rival start-up. They almost got away with it. The criminal activity was revealed in 2015 when a former Ticketmaster executive was hired by their rival and revealed the extent of Ticketmaster’s infiltration of their systems. In December 2015, Songkick (now representing the two combined companies) filed a civil complaint against Ticketmaster for anti-trust violations. Two years later, Songkick amended their complaint to add charges of hacking.

Unfortunately, the damage was done. Songkick had no chance to compete after their business had hacked and cloned by Ticketmaster. Ticketmaster initially claimed the allegations in Songkick’s lawsuit were “a new set of dubious arguments and theories… based on the alleged misappropriation of information that Songkick did not even try to keep secret.” This was a pretty brazen defense, and one which crumbled after the FBI became involved. Ticketmaster only handed over thousands of documents substantiating Songkick’s claims of antitrust, unfair competition, trade secret misappropriation and hacking as a result of court-ordered discovery just two months before Songkick’s civil trial against Ticketmaster was to begin.

You and I would go to jail for this. Ticketmaster paid a fine and had the press release about it dumped on New Year’s Eve.

The documents in this dump formed the spine of the federal prosecution against Ticketmaster. Mead was found to have brought 85,000 company documents along with financial data, contracts and dozens of passwords to various accounts to Ticketmaster, which he and the Artist Services group in Ticketmaster used to “create a clone of CrowdSurge’s business model.” Internal emails reveal Ticketmaster employees openly discussing the repeated hacking of Songkick and warnings about getting too greedy. “We’re not supposed to tip anyone off that we have this view into CrowdSurge’s activities,” Zaidi wrote.

After having promoted both, Ticketmaster would fire Zaidi and Mead in 2017, and less than a year later Ticketmaster settled Songkick’s lawsuit under apparently very generous terms, with Ticketmaster parent Live Nation agreeing to acquire all of Songkick’s remaining technology assets (the “concert discovery service and brand” were sold to Warner in 2017). In October 18, 2019, Zaidi pled guilty to one count of conspiracy to access protected computers without authorization and to commit wire fraud.

Ticketmaster received “partial credit” for cooperation with the government, but not “full credit” because, the US Attorney’s office alleged, the company did not fully disclose all information to investigators.

You and I would go to jail for this. Ticketmaster paid a fine and had the press release about it dumped on New Year’s Eve.

Per the deferred prosecution agreement, Ticketmaster was fined $500,000 for each felony offense, of which they were “at least twenty separate violations.” This $10 million fine can be contrasted with Live Nation Entertainment, Inc’s 2019 revenue of $11.5 billion.

The deferred prosecution agreement is a result of adjudication in which Ticketmaster admits to responsibility, pays a fine, and (essentially) agrees not to do it again. It often is compared to “corporate probation,” but there is little oversight. The irony is that Zaidi will probably be more exposed to a probation regime than the company that paid and promoted him.

People hired by Ticketmaster hacked a rival’s computer systems to help their employer crush the company. And in exchange for a small fine and a little court-mandated public embarrassment, they got away with it. Beyond the inflated prices, side deals with ticket brokers and outrageous service fees that have outraged Taylor Swift’s fans, these are the real benefits of operating a monopoly, as Live Nation does. Everyone else — they don’t stand a chance.