If you thought we’d heard the last from MoviePass, you were wrong. On Monday, the Federal Trade Commission reported the operators of MoviePass, a movie subscription service, will settle with the FTC over the company’s deceptive business practices. The settlement says that MoviePass, Inc., parent company Helios and Matheson Analytics, Inc. and principals Mitchell Lowe and Theodore Farnsworth are prohibited from misrepresenting their business and data security practices in the future. They must also employ comprehensive information security programs to secure customer data and prevent it from being misused.
“MoviePass and its executives went to great lengths to deny consumers access to the service they paid for while also failing to secure their personal information,” said Daniel Kaufman, the FTC’s Acting Director of the Bureau of Consumer Protection, in the June 7, 2021 announcement. “The FTC will continue working to protect consumers from deception and to ensure that businesses deliver on their promises.”
FTC complaint against MoviePass
In its complaint against MoviePass, the FTC makes the following allegations:
- The defendants deceptively marketed their movie subscription service to customers who paid $9.95 a month to see one movie per day.
- To prevent subscribers from using their subscription, MoviePass invalidated subscriber passwords, discouraged use of the subscription service through a “ticket verification program,” and used “trip wires” that blocked groups of users from using the service, usually users who saw more than three movies per month.
- The fraudulent behavior went beyond MoviePass; it also involved Lowe and Farnsworth who personally ordered that subscriber passwords be “disrupted.” They also determined how many subscribers would be targeted.
- MoviePass’s business practices violated the Restore Online Shoppers’ Confidence Act (ROSCA) which requires businesses like MoviePass to be truthful with consumers, disclosing all materials terms and conditions of their agreement and obtaining the informed consent of subscribers before charging them for their services.
- MoviePass did not comply with ROSCA. Not only did they fail to provide subscribers with the promised one-movie-per-day offer, but they made it difficult for consumers to actually use the service.
- MoviePass did not take reasonable steps to secure personal data from subscribers (e.g., names, emails, birth dates, credit card numbers and geolocation information).
Proposed FTC order
The proposed order binds all parties – Lowe, Farnsworth, MoviePass and Helios and Matheson Analytics, Inc. – to the conditions of the order. This includes the following:
- The named parties are prohibited from misrepresenting their services, and they must implement “a comprehensive security program” that requires them to identify internal and external security risks and to take any steps necessary to manage those risks.
- MoviePass must conduct biennial assessments of their information security program through a third party, approved by the FTC, to see if the program is effective.
- MoviePass and other named parties must notify FTC of any future data breaches, and a senior executive must certify each year that MoviePass is complying with data security requirements.
Violations of an administrative complaint can carry civil penalties of up to $43,792 per violation.
Though the FTC is not seeking monetary relief for consumers, MoviePass and Helios and Matheson Analytics, Inc. have filed for bankruptcy.
Three of the four commissioners voted in favor of the administrative complaint. One commissioner, Commissioner Noah Joshua Phillips, voted against the complaint. The agreement is open for public comment for 30 days after it is published in the Federal Register. After the public comment period, the FTC can choose to make the finalize the consent order.
We have written countless stories about MoviePass and its failed subscription service. With so many operational difficulties and business model changes, it seemed like the company was plagued with bad decision making and even worse management. Now we know why. The question is which came first: the chicken or the egg? Did MoviePass fail because it was never intended to succeed, or did the company, its parent and principals abandon ship because they did not know how to successfully build and grow a subscription company? Regardless of the origin of their difficulties, MoviePass serves as a cautionary tale to anyone considering a subscription business. Bravo to the FTC for standing up to the company. It is just a shame that subscribers bore the brunt of MoviePass’s mismanagement and bad behavior. It seems they should be somehow compensated for their trouble.