The FTC and MoviePass settled a dispute over the company’s business practices and data security this week, with the company facing few consequences for a wide variety of offenses alleged by the commission in a 13-page complaint.
MoviePass — a controversial subscription app that allowed people to see one movie per day for a monthly fee of $9.95 — had a tumultuous run since its founding in 2011. At its peak, the company had more than three million subscribers.
Before long, the people behind MoviePass realized they would not be able to bulk purchase tickets or make up costs in other ways, instead pivoting to making the app more difficult to navigate for people using it multiple times each month. They told regulators in 2018 that they were losing $20 million per month. The app was shut down in 2019 and the company declared bankruptcy in 2020.
Daniel Kaufman, the FTC’s Acting Director of the Bureau of Consumer Protection, said MoviePass and its executives went to great lengths to deny consumers access to the service they paid for while also failing to secure their personal information.
In the complaint, the FTC criticized MoviePass and its leaders for intentionally invalidating subscriber passwords in order to stop people from using the app too often each month. The MoviePass team repeatedly lied to users that they discovered “suspicious activity or potential fraud” and had to shut down accounts that were viewing many films each month. They did this to more than 75,000 users.
The company also created a ticket verification program for about 450,000 high-volume users as a way to purposefully limit their usage. The verification system had significant problems but, like the first issue, operators at the company used the system as a way to shut down accounts using the app too often.
The FTC also alleged that MoviePass created “trip wires” that allowed them to block users who saw more than three movies a month from using the service. Once a user began to cost the company more than a certain threshold, they were put in a group that was blocked.
Mitchell Lowe and Theodore Farnsworth, the CEOs of MoviePass and parent company Helios and Matheson Analytics respectively, were both personally involved in these efforts. The FTC accused Lowe of personally choosing the number of users to target with the schemes and Farnsworth of coming up with excuses for account disruptions.
The company was also accused of violating the Restore Online Shoppers’ Confidence Act for deceptive practices and providing lackluster security for users’ names, email addresses, birth dates, credit card numbers, and geolocation information.
MoviePass allegedly held personal financial information in plain text and did not have any encryption or restrictions on who could access the data.
Despite all of this, Lowe, Farnsworth and the other operators behind MoviePass will largely face no penalties. A Supreme Court ruling in April effectively stripped the FTC of any power it had to secure consumer restitution and monetary relief, leaving them with few options for penalizing companies engaged in deceptive practices.
Acting Chairwoman Rebecca Kelly Slaughter said the Supreme Court ruled “in favor of scam artists and dishonest corporations, leaving average Americans to pay for illegal behavior.”
“With this ruling, the Court has deprived the FTC of the strongest tool we had to help consumers when they need it most,” Slaughter added.
Lowe, Farnsworth and the other operators behind MoviePass did not have to officially admit to any of the violations listed in the complaint or the 17-page settlement.
The only penalty the FTC handed down was an order that bars the MoviePass operators from committing the same violation again. Lowe and Farnsworth will be forced to “implement a comprehensive security program” for whatever venture they start next and will face scrutiny from regulators over their practices. Someone from the new venture will need to update the FTC on compliance with the order.
The vote to approve the consent agreement passed 3-1, but commissioner Noah Joshua Phillips issued a scathing dissenting statement where he said the ruling added more confusion to the process while allowing the companies to get away with paying nothing.
Juliana Gruenwald, a spokesperson for the FTC, defended the settlement, saying that if anyone involved in MoviePass violates the order, they could face monetary penalties of up to $43,792 per violation.
Justin Brookman, director of consumer privacy and technology policy for Consumer Reports, explained that Congress has not given the FTC the authority to get penalties for violations of this kind.
This system has led to a situation where companies “often get one free bite at the apple to violate the law with limited consequences.”
“The FTC used to be able to at least order disgorgement of ill-gotten gains and refunds, but the Supreme Court recently held 9-0 that the FTC doesn’t actually have that authority in most of their cases. So the FTC has gotten even weaker,” Brookman said.
He added that Congress is looking into legislation that explicitly grants the FTC the ability to force companies to give up profits from illegal activity and to get refunds, but that legislation hasn’t passed yet.
Yet even that proposed bill wouldn’t let the FTC impose penalties on top of disgorgement of profits or restitution, Brookman explained, noting that the FTC’s mention of both companies’ bankruptcy was meant to show that monetary penalties would be difficult to get even if they were allowed to impose them.
“In general, I think the FTC has been too soft in looking to impose monetary relief where they can, but if the company is bankrupt, they have limited options,” Brookman said. “They could perhaps have tried to go directly after the individuals, but I don’t know the state of their financial situation, and the FTC has generally been reluctant to go after individuals financially.”