Scumbag Revenge Porn Site Operator Arrested... But Many Of The Charges Are Very Problematic
from the bad-cases-make-bad-laws dept
A fair amount of attention has been paid to the announcement from Kamala Harris, the attorney general for California, that Kevin Bollaert, the operator of a revenge porn site, and corresponding "pay me to take down the revenge porn" site, has been arrested and charged with a variety of crimes, including extortion. Make no mistake about it: Bollaert is a scumbag and these revenge porn sites -- especially those with the extortionate concept of "pay us to take down those nude photos you never wanted posted in the first place" -- are highly problematic. But... as with all kinds of "highly problematic" activities, it all too often happens that law enforcement's zeal to take down the bad guy means they twist laws in dangerous ways that could have significant consequences for plenty of good sites. That appears to be the case here.Again, Bollaert is a despicable person. A year ago, Adam Steinbaugh was one of the first to detail the nasty practices of "YouGotPosted" (or "UGotPosted") and the companion site "ChangeMyReputation." However, as Eric Goldman details, there are a bunch of dangerous problems with the charges that Harris filed against Bollaert, mainly in that many of them seem to blame him for the way users use the site -- something that the site is protected from under Section 230:
The other two asserted unlawful purposes are (1) online harassment per Penal Code 653m(b) (criminalizing “repeated contact by means of an electronic communication device”), and (2) the civil tort of public disclosure of private facts (citing a troubling precedent, In Re Rolando S.). Unlike the extortion claim, both allegations depend on the behavior of the website’s users. The complaint doesn’t allege that Bollaert himself made repeated contacts with victims using an electronic communication device, or that Bollaert himself disclosed anyone’s private facts. Instead, the complaint alleges that Bollaert ran a UGC website where users performed unlawful activities. But that’s exactly what UGC websites do: they let users publish content online for both good and evil. If we hold UGC website operators responsible for the fact that their users sometimes commit crimes, then all UGC website operators are criminals.It's no secret that the various state attorneys general, including Harris, would love to wipe out Section 230. So perhaps she sees this as a chance to take a case so emotionally charged that she can get a favorable ruling. That's dangerous, since as Goldman notes, this would effectively wipe out Section 230 for many, many sites that allow user contributed content.
Fortunately, that’s not the law. In 1996, in 47 USC 230 (Section 230), Congress said that websites aren’t liable for third party content, even if the third party violates state criminal law. From my perspective, based on the allegations in the complaint and arrest warrant, the identity theft charges predicated on harassment and privacy violations appear to be preempted by Section 230
A second problem with the complaint is that it relies on an identity theft law used against Bollaert. But anyone looking at the situation would know right away that this isn't any kind of identity theft. Again, Goldman explains:
The crime asserted here, Penal Code 530.5(a), has two elements. First, the defendant must willfully obtain personal identifying information. Second, the defendant must use that information for an unlawful purpose.The one area where the claim may actually make some sense is the extortion claim -- as that definitely seems questionable. However, once again, this can run into some problems. For example, you can see a perfectly legitimate service that charges some sort of processing fee to take down content that had been previously posted. Merely charging to remove content, by itself, shouldn't be seen as extortion. Hell, we've recently had comment spammers who apparently got punished by Google's search rankings email us about removing the comment spam they were able to sneak through our spam filters. When I mentioned how silly this was on Twitter, many people suggested that we should charge the spammers to remove their spam comments. That actually seems like a reasonable (if amusing) idea. But would that be extortion? Under the claims against Bollaert, it's possible that such an action would be considered the same thing -- but I doubt most people would think the request to spammers would be extortion (not that we've done it either way).
When applied to actual identity theft, these elements make sense. If I steal your social security number and use it to obtain a credit card that I use to run up fraudulent charges, the two elements are clearly satisfied.
As applied to Bollaert, in contrast, the elements are confusing. (The criminal complaint, as typical for the genre, doesn’t explain how the law applies to the facts). How did Bollaert willfully obtain personal identifying information? He allegedly ran a UGC website where users could submit photos and personal information structured into standardized categories. It seems like this allegation would equally describe how all UGC websites “willfully” obtain content from their users.
And that leaves this whole case in a tricky spot. Bollaert's site was a problem. What he was doing was despicable in so many ways it's almost difficult to keep track of them all. But, if the case is allowed against him, it's quite possible that very bad precedents will be set that lead to significant problems for tons of legitimate sites. As Goldman notes, however, there's a good chance it will never get this far. Bollaert almost certainly will take a plea deal, and Harris will get yet another headline about how she's protecting the citizens of California, even if her legal theories might undermine its economy -- and many of the sites that people around the globe enjoy.
Filed Under: california, extortion, identity theft, kamala harris, kevin bollaert, liability, revenge porn, section 230
Companies: changemyreputation, yougotposted
