Scumbag Revenge Porn Site Operator Arrested… But Many Of The Charges Are Very Problematic
from the bad-cases-make-bad-laws dept
A fair amount of attention has been paid to the announcement from Kamala Harris, the attorney general for California, that Kevin Bollaert, the operator of a revenge porn site, and corresponding “pay me to take down the revenge porn” site, has been arrested and charged with a variety of crimes, including extortion. Make no mistake about it: Bollaert is a scumbag and these revenge porn sites — especially those with the extortionate concept of “pay us to take down those nude photos you never wanted posted in the first place” — are highly problematic. But… as with all kinds of “highly problematic” activities, it all too often happens that law enforcement’s zeal to take down the bad guy means they twist laws in dangerous ways that could have significant consequences for plenty of good sites. That appears to be the case here.
Again, Bollaert is a despicable person. A year ago, Adam Steinbaugh was one of the first to detail the nasty practices of “YouGotPosted” (or “UGotPosted”) and the companion site “ChangeMyReputation.” However, as Eric Goldman details, there are a bunch of dangerous problems with the charges that Harris filed against Bollaert, mainly in that many of them seem to blame him for the way users use the site — something that the site is protected from under Section 230:
The other two asserted unlawful purposes are (1) online harassment per Penal Code 653m(b) (criminalizing “repeated contact by means of an electronic communication device”), and (2) the civil tort of public disclosure of private facts (citing a troubling precedent, In Re Rolando S.). Unlike the extortion claim, both allegations depend on the behavior of the website’s users. The complaint doesn’t allege that Bollaert himself made repeated contacts with victims using an electronic communication device, or that Bollaert himself disclosed anyone’s private facts. Instead, the complaint alleges that Bollaert ran a UGC website where users performed unlawful activities. But that’s exactly what UGC websites do: they let users publish content online for both good and evil. If we hold UGC website operators responsible for the fact that their users sometimes commit crimes, then all UGC website operators are criminals.
Fortunately, that’s not the law. In 1996, in 47 USC 230 (Section 230), Congress said that websites aren’t liable for third party content, even if the third party violates state criminal law. From my perspective, based on the allegations in the complaint and arrest warrant, the identity theft charges predicated on harassment and privacy violations appear to be preempted by Section 230
It’s no secret that the various state attorneys general, including Harris, would love to wipe out Section 230. So perhaps she sees this as a chance to take a case so emotionally charged that she can get a favorable ruling. That’s dangerous, since as Goldman notes, this would effectively wipe out Section 230 for many, many sites that allow user contributed content.
A second problem with the complaint is that it relies on an identity theft law used against Bollaert. But anyone looking at the situation would know right away that this isn’t any kind of identity theft. Again, Goldman explains:
The crime asserted here, Penal Code 530.5(a), has two elements. First, the defendant must willfully obtain personal identifying information. Second, the defendant must use that information for an unlawful purpose.
When applied to actual identity theft, these elements make sense. If I steal your social security number and use it to obtain a credit card that I use to run up fraudulent charges, the two elements are clearly satisfied.
As applied to Bollaert, in contrast, the elements are confusing. (The criminal complaint, as typical for the genre, doesn’t explain how the law applies to the facts). How did Bollaert willfully obtain personal identifying information? He allegedly ran a UGC website where users could submit photos and personal information structured into standardized categories. It seems like this allegation would equally describe how all UGC websites “willfully” obtain content from their users.
The one area where the claim may actually make some sense is the extortion claim — as that definitely seems questionable. However, once again, this can run into some problems. For example, you can see a perfectly legitimate service that charges some sort of processing fee to take down content that had been previously posted. Merely charging to remove content, by itself, shouldn’t be seen as extortion. Hell, we’ve recently had comment spammers who apparently got punished by Google’s search rankings email us about removing the comment spam they were able to sneak through our spam filters. When I mentioned how silly this was on Twitter, many people suggested that we should charge the spammers to remove their spam comments. That actually seems like a reasonable (if amusing) idea. But would that be extortion? Under the claims against Bollaert, it’s possible that such an action would be considered the same thing — but I doubt most people would think the request to spammers would be extortion (not that we’ve done it either way).
And that leaves this whole case in a tricky spot. Bollaert’s site was a problem. What he was doing was despicable in so many ways it’s almost difficult to keep track of them all. But, if the case is allowed against him, it’s quite possible that very bad precedents will be set that lead to significant problems for tons of legitimate sites. As Goldman notes, however, there’s a good chance it will never get this far. Bollaert almost certainly will take a plea deal, and Harris will get yet another headline about how she’s protecting the citizens of California, even if her legal theories might undermine its economy — and many of the sites that people around the globe enjoy.
Filed Under: california, extortion, identity theft, kamala harris, kevin bollaert, liability, revenge porn, section 230
Companies: changemyreputation, yougotposted
Comments on “Scumbag Revenge Porn Site Operator Arrested… But Many Of The Charges Are Very Problematic”
It’s simple.. Pay me or I will harm you (or continue to harm you in this case) is extortion.. the scumbag is responsible for the harm, is doing the harm for the purpose demanding payment to stop it.
If you change it to “pay me or I will not give you this latte” or “pay me to take down something that I did not put up for the purpose of harming you until you pay to make it stop” (you know, like as a service) then it’s not really extortion anymore.
Re: Re:
“Pay me or I will harm you” is exactly how the government operates.
Charging spammers to remove content they put up willingly is one thing.
Charging someone to remove content someone ELSE put up for revenge porn is definitely extortion. It’s a service that only serves to embaress someone, they don’t want to appear on it, but they get put up on it, and the only way to get themselves taken off is to pay.
“The crime asserted here, Penal Code 530.5(a), has two elements. First, the defendant must willfully obtain personal identifying information. Second, the defendant must use that information for an unlawful purpose.”
That STILL doesn’t necessarily describe identity theft. You have to use the information to IMPERSONATE the person for an unlawful purpose for it to be identity theft.
Re: Re:
“That STILL doesn’t necessarily describe identity theft. You have to use the information to IMPERSONATE the person for an unlawful purpose for it to be identity theft.”
It may not describe identity theft in the popular imagination, but it describes it well under California statutory law: obtaining personal information and using it for an unlawful purpose.
Re: Re: Re:
the issue here is what does “using it” mean? If you get someone’s phone number and call them to buy drugs from them, is that identity theft? You used the information, and you did something illegal, but it wasn’t the act of using the information that was unlawful as it is in identity theft.
Linked Court Document?
I am not sure what the linked court document had with this case, or even if the linked document’s “Kevin Bollaert” is the the same person as the one here. This is reference for a Federal case, and the Revenge Porn case has been filed in the State court (San Diego Superior Court to be exact.)
I believe the document you want is https://oag.ca.gov/system/files/attachments/press_releases/Complaint_3.pdf
Re: Linked Court Document?
You’re right. I posted the wrong doc. Putting the correct one up now.
“It’s no secret that the various state attorneys general, including Harris, would love to wipe out Section 230. So perhaps she sees this as a chance to take a case so emotionally charged that she can get a favorable ruling. That’s dangerous, since as Goldman notes, this would effectively wipe out Section 230 for many, many sites that allow user contributed content.”
Well there goes YouTube, Dropbox etc. so can understand that the MAFFIA should want to get rid of Section 230.
You know, Mike, one can get into "phony" trouble with real actions.
And yet you carry a banner for every chiseler or extortionist or grifter rightly accused of illegals actions, do all that you can to show that common law complaints should be thrown out because of some legalistic weenie-ing, here your favored “Section 230”.
Let’s just REVILE THE BAD ACTORS FOR MAKING US BEAR THE “very bad precedents”! Coming down hard on those few is the only way to stop them, and is entirely justified. — And that’s going with your notion that all the bad precedents are used without prosecutors ever exercising any common sense at all: in fact, most prosecutors remain surprisingly right-minded and ONLY apply extra on cases like this which are WAY beyond the pale.
Whenever restraints are taken off, people NEVER become better. Especially not The Rich.
04:09:59[f-82-5]
Re: You know, Mike, one can get into "phony" trouble with real actions.
…do all that you can to show that common law complaints should be thrown out because of some legalistic weenie-ing, here your favored “Section 230”.
Care to link to a citation from your distorted view of common law where society held the blacksmith accountable for the actions of the swordsman or anything similar?
Section 230 is about placing liability where it belongs – on the user who actually committed the act, not the tool used.
Re: Re: You know, Mike, one can get into "phony" trouble with real actions.
This is actually the best (and most original) analogy for this situation. I was going to make a comment about blaming the car manufacturer for the actions of a car’s owner, but yours is much more appropriate for this scenario.
Let’s just hope the US justice system doesn’t screw up so much that we end up having to support this scumbag because his trial could set some really, really bad precedents.
Wait a second. A government lawyer blaming the site’s owner for the actions of its users? I feel like I’ve heard this song and dance before…
Re: Re: Re: You know, Mike, one can get into "phony" trouble with real actions.
In this case, if you want a direct analogy minus the internet it’s basically someone took a picture of someone in a compromising position, gave it to scumbag and who posts it in his shop window. Scumbag then tracks down the subject and told them to pay them money or they will leave it in their shop window for everyone to see. It’s straight up extortion. It’s different if the tool is blind, but it obviously is not if the host is tracking down the people in the picture to get them to pay for removal.
Re: Re: You know, Mike, one can get into "phony" trouble with real actions.
I don’t believe your analogy quite holds. I would say more like the blacksmith being accountable for the actions of the swordsman where the blacksmith owned and and operated a death match venue. He profited from the website. Though I haven’t seen it I’m sure there were adverts on it not to mention he charged to take the pictures down.
Re: Re: Re: You know, Mike, one can get into "phony" trouble with real actions.
I don’t believe your analogy quite holds. I would say more like the blacksmith being accountable for the actions of the swordsman where the blacksmith owned and and operated a death match venue.
Ok, I see your point in that, but your analogy is also off a bit. You might have a stronger point if the blacksmith was forcing the swordsman to participate in the death match. But that’s not like what is happening here, the swordsman is participating of his own free will. (just to be clear – the person I am equating the swordsman to is the person who uploaded the images – not the subjects of the photos themselves – they were wronged and the uploaders are liable for that IMHO).
Also, like Mike, I believe that site operator is a total asshole and deserves punishment, just not at expense of all the other user-generated sites on the web. That type of collateral damage is way too much.
He profited from the website. Though I haven’t seen it I’m sure there were adverts on it not to mention he charged to take the pictures down.
From the other exchanges we’ve had I can tell your a pretty intelligent person, but you do have a HUGE blindspot when it comes to liability and making money from something. Making a profit does not necessarily infer responsibility for another’s actions.
For example, if someone commits suicide because they listened to one of your songs, are you liable because you sold that song for money?
Re: Re: Re:2 You know, Mike, one can get into "phony" trouble with real actions.
Making a profit does not necessarily infer responsibility for another’s actions.
absolutely not. However, I must say if the “blacksmith” is selling tickets to the death match (advertising profits) he is running a business. As a business owner, he can’t say “I’m not responsible for what happens in the death match.” Making money changes the equation. He is an active participant and there in lies the liability. He no longer can say I just made the sword. He made the sword, provided the venue and is getting paid from people buying tickets to the spectacle HE created. He becomes responsible because he facilitated and orchestrated the entire thing. It doesn’t matter if the swordsman volunteered or not because, but not for the blacksmith, none of it would have happened.
Re: You know, Mike, one can get into "phony" trouble with real actions.
“And yet you carry a banner for every chiseler or extortionist or grifter rightly accused of illegals actions”
Yeah, fuck rights! Only innocent people deserve rights, and anyone accused by the state can’t be innocent! If necessary, we should make up laws on the spot to punish the obviously guilty!
(Do you even read what you write before you post it, or does your inane babbling spew forth involuntarily, like explosive diarrhea?)
Re: You know, Mike, one can get into "phony" trouble with real actions.
I love that outro line there. It paints a picture if a country run like an insane asylum where the patients/citizens must be out in restraints because they cannot be trusted with control over their own persons. Not sure if it has never occurred to you that to be in restraints someone has to be doing the restraining, in which case you’re an idiot, or if it has occurred and you’re just a giant fucking hypocrite. My money is on the later, at least until the right to control my money in such a way is restrained away from me.
Where?
Where do you draw the line with Section 230, tho?
With Techdirt, it would be quite simple, if someone posted something illegal in comments. Site operator isn’t liable.
With a UGotPosted site, it’s sole purpose for being is to allow and invite the illegal posts. The site operator might not make the posts himself, but it seems to me he’s a clear participant of the posts since he not only invites only that type of post but it’s the sites only reason for existence.
Same for a “reasonable” administrative cost charged by a site to remove any such post. $25-$50 nuisance fee to the person that posted it, like you mentioned about spam comments? Or charge several hundred dollars to somebody else who didn’t post it? And again, that’s the sites sole reason for existence.
Re: Where?
The should be a federal law banning the posting of explicit images (moving or otherwise) of people having sex when those people have a reasonable expectation to privacy and websites that exist mainly to distribute such material, except when the images are all ready online or they severe a research or news reporting related propose (e.g. an article on a political sex sandal). This would allow sites like UGotPosted to get punished without poking hole in to Section 230 with identity fraud laws or harming legitimate, but occasionally abused website like YouTube, Flickr and free webspace sites (e.g. AngleFire,100MegsFree, etc.).
this not so savory gentleman needs to be strip searched including a body cavity inspection and videoed with a hand up his @55 and hosted on his own site
How many of the charges are their to try and force a plea bargain, rather than because Harris thinks the reelevant law has been broken.
Not as problematic
The problem for this site is that the posters don’t have the right to post the images (for one thing I doubt they have model releases for anyone in the images), and the site operator knows this. In fact he markets the site specifically for the purpose of posting that kind of image. That takes him quite a ways away from what Section 230’s intended to protect. I’d refer to the FHA case against Roommates.com which rejected Section 230 immunity where the site selected questions whose answers the FHA prohibited from being used for housing decisions and required users to answer them as part of the process. And that the site then tries to charge non-users a rather high fee to remove images other people had posted of that non-user, images the site had solicited because they could be used to extort that fee, is not going to help their case that they should be allowed to hide behind Section 230.
So how is this different then, say, SpamHouse, that willfully blacklist you, refuse to provide evidence, and request payment to delist?
I guess some politician’s daughter got exposed for everyone to see, so now we see retardness happening. Let’s go against the service providers and not the real scam artists that break the internet. Let’s not even go against people uploading the said videos without authorization, just the provider.
Priorities. God bless ‘murikah.
Re: Re:
In the case of SpamHaus, it is your actions that result in you being blacklisted. To my knowledge SpamHaus does not charge for removal of listings, however it may be difficult to get your listing removed if it was caused by eg. mail that’s not an account-signup confirmation request arriving at a SpamHaus spamtrap address that’s never ever been used to request e-mail from anyone.
By contrast, it would not have been your action that got your images posted to this revenge-porn site, the site knows the person who did post it doesn’t have the right to and actively solicits such postings and it isn’t the person who made the posting who’s being charged to remove it.
Re: Re: Re:
SpamHouse are notorious for keeping blacklists alive years after the IPs have been re-assigned; thus preventing legitimate businesses from operating properly on the net. They refuse to provide evidence and refuse to delist old records. Thus, they are scam artists.
I agree that for the end user, it’s more disastrous to have their privates posted online… but again, service provider. They chose to have those pictures taken knowing full well of the possible consequences. Why not go after the ex’es that uploaded it? Because going after an ass hole gets more public empathy.
So back to the analogy:
– We have some asshole company that willfully makes it so you cannot communicate with other companies that aren’t so tech-savvy.
– You have some asshole that allowed major assholes to upload asshole videos.
I rest my case.
Re: Re: Re: Re:
They chose to have those pictures taken knowing full well of the possible consequences.
That’s the excuse the dirtbags who run these sites use.
They did not choose to have them posted publicly. Only the person they specifically sent them to had the right to view (not publish) them, unless explicit consent was given.
There’s the consequence of having your phone conversations and private emails recorded by the people you converse with and they could be posted on a website somewhere. Does that make it your fault too? Should you just give up communicating?
Re: Re:
First, they’re called “Spamhaus”.
Second, they’re VERY conservative about what they list. Far too conservative in my opinion, but that’s their choice.
Third, when the spam stops, they delist. (I disagree with that too, but again: their choice.)
Fourth, if what you’re doing is so persistent and egregious that you come to Spamhaus’s attention, then you deserve FAR worse punishment than merely being listed by them. In my opinion, you should be banished from the Internet for life. Unfortunately, that’s not their policy nor is it possible.
Finally, if you don’t grasp the difference between an innocent person’s naughty bits being put on display to the world and a spammer’s despicable abuse being cataloged, then you really need to adjust your perspective.
Re: Re: Re:
Refusing to provide evidence, blacklisting an entire company’s IP list, refusing to communicate with them: that’s not conservative by any stretch of the imagination. What they do is take your company hostage, prevent you from doing business, because “they can”.
I dare you to find a decent sysadmin that still uses those criminals.
In wisconsin - did you have premission to delete the google cookies?
What if your modification of a cookie lets you go someplace you should not?
943.70(2)
(2) Offenses against computer data and programs.
(a) Whoever willfully, knowingly and without authorization does any of the following may be penalized as provided in pars. (b) and (c):
1. Modifies data, computer programs or supporting documentation.
2. Destroys data, computer programs or supporting documentation.
3. Accesses computer programs or supporting documentation.
4. Takes possession of data, computer programs or supporting documentation.
5. Copies data, computer programs or supporting documentation.
6. Discloses restricted access codes or other restricted access information to unauthorized persons.
(am) Whoever intentionally causes an interruption in service by submitting a message, or multiple messages, to a computer, computer program, computer system, or computer network that exceeds the processing capacity of the computer, computer program, computer system, or computer network may be penalized as provided in pars. (b) and (c).
(b) Whoever violates par. (a) or (am) is guilty of:
1. A Class A misdemeanor unless any of subds. 2. to 4. applies.
2. A Class I felony if the offense is committed to defraud or to obtain property.
I see this as Franz in that you cannot hide behind the veil of UGC if the whole purpose of the site is to post this content. If the whole purpose of the site is to encourage behavior you say you have no control over, then aren’t you ultimately responsible for the content?
Re: Re:
I think it heavily depends on what you’re soliciting. For instance, Facebook is soliciting content in general and their marketing is asking for content the posters in fact have a right to post and that isn’t illegal. If despite that a user posts something illegal or something they have no right to post, Facebook didn’t solicit that and doesn’t have any control over it.
Contrast that to a site that actively markets itself as a place to post ads and solicitations for stolen car parts. The site has to know that the posts it’s soliciting are illegal. When the users post exactly what the site asked for, the site can’t hide behind “We don’t control what they post.” because it could have controlled it (eg. by not asking for posts offering stolen parts).
inducement
Sounds to me a lot like the “inducement” theory that file sharing sites occasionally have problems with. Running a file sharing site with the tagline “share your stuff” would be covered by 230, but a site with the line “pirate some stuff” is usually considered to be inducing or encouraging the infringement. In fact, isn’t that one of the things they tried to nail megaupload with based on their bounty program?
Re: inducement
MGM v. Grokster, Ltd., 545 U.S. 913 (2005) used the same theory. It’s the “don’t play dumb,” the whole purpose of the website is to post this kind of user generated content so the owner of the site is liable.
Re: Re: inducement
MGM v. Grokster, Ltd., 545 U.S. 913 (2005) used the same theory. It’s the “don’t play dumb,” the whole purpose of the website is to post this kind of user generated content so the owner of the site is liable.
MGM v. Grokster is based on copyright law which includes provisions for contributory infringement. This case is not about copyright law.
It’s a fairly simple 3-prong test that determines if Section 230 immunity applies:
1) The defendant must be a “provider or user” of an “interactive computer service.”
2) The cause of action asserted by the plaintiff must “treat” the defendant “as the publisher or speaker” of the harmful information at issue.
3) The information must be “provided by another information content provider,” i.e., the defendant must not be the “information content provider” of the harmful information at issue.
There is nothing (afaik) concerning inducement of illegal actions that would limit the protection Section 230 provides.
Re: Re: Re: inducement
Here’s the catch, though, as the courts ruled in the Roommates.com case: just because a site is a provider of a service hosting content provided by a content provider [i]does not[/i] make it impossible for them to be a content provider themselves. Where the site actively selects which information to post, which this site does through it’s solicitation of particular kinds of content for specific purposes, then it is a publisher itself and not merely a provider.
Long and short, you don’t get to solicit blackmail material, use it to pry money out of people and then hide behind “Someone else gave me the stuff, I’m not responsible for having used it.”.
Re: Re: Re:2 inducement
Where the site actively selects which information to post, which this site does through it’s solicitation of particular kinds of content for specific purposes, then it is a publisher itself and not merely a provider.
I thought (I could be wrong, IANAL) the sticking point in the Roommates.com case was the illegal questionnaire they required their users to answer in order to use the site that caused the loss of Section 230 immunity, not the actual nature of the site itself or it’s solicitation for any particular kind of content.
How is that applicable here? To be honest I’ve never visited this stupid revenge porn site, nor do I really want to, so I really don’t not know how it’s setup.
I also wonder if 18 USC 2257 requirements could be used to support his collection of the information.
Available Law
There probably is a statute on the books that can be used to nail people operating revenge porn sites. Which law can be used would probably depend on the state. However what will probably happen instead is a moral panic will ensue and several badly written laws will be passed to criminalize this when it probably already is a criminal violation.
Most people do not realize the people behind the Enron fraud were convicted on the basis of various fraud statutes on the books before the collapse of Enron.
SMMFH
I might have took his side by that I mean our rights if he did not make names, numbers, and addresses available.
There is only one goddamn reason for that and it’s so make sure people find out. It would be pretty damn unlikely that anyone would actually find themself posted all over an informative murder porn site.
There will always be people that’s going to push the limits of freedom, but we must remain vigilant. If not everything we stand for will become even more meaningless than it already is.
Aren't there enough laws?
If somebody is doing something illegal, aren’t there enough laws, maybe even too many that they charge you with? What’s the need to make new even more complicated laws. If somebody is selling crack, does it matter if he sold it on the computer? He is still a crack dealer right? Why need more laws?
All nudity must have a license to use. The license may contain terms. License is non-transferable. As always, minors cannot give consent.
Re: Re:
You’ve never been to imgsrc.ru have you?
Re: Re: Re:
No. Should I stay or should I go?
Re: Re: Re: Re:
Well, if you don’t have the answer, why you still standing here? Hey, hey, hey, hey…just walk away.
Re: Re: Re:2 Re:
If I go there will be trouble
If I stay it will be double
Extortion
The extortion claim would be the same as for those mug shot websites that post mug shots along with the person’s name and then charge for removal. Have any of them been successfully prosecuted for extortion?
There was talk that the credit card companies were going to stop processing payments for them, but I don’t think that happened except for American Express. I know that Google made a change so that when you search for a person’s name the mugshot websites have been moved way down the list and off the first page of results.
It’s simple: Any law that protects people and serves as an impediment to filing charges and/or lawsuits is seen as a problem that must be eradicated.
sumbag revenges video
http://t.co/Jwct9YeDiz watch his arrest video here http://t.co/Jwct9YeDiz