The Attorney General of California, Kamala Harris, announced today that her office is seeking criminal charges against the operator of a “revenge porn” website called ugotposted.com. The website hosted nude and explicit images of people that, according to the arrest warrant, had been uploaded by jilted lovers in “revenge” for some perceived transgression, or by hackers who stole the pictures by breaking into the victim’s computer or Facebook account. The defendant, Kevin Christopher Bollaert, could face as many as 31 felony charges ranging from identity theft to extortion.
Mr. Bollaert will claim, I imagine, that he is not responsible for what his users happen to upload to ugotposted.com. He just hosted a website. There is indeed a federal law known as Section 230 of the Communications Decency Act that immunizes websites for what users post there. So, for instance, when Sheriff Thomas Dart of Cook County, Illinois sought to bring criminal charges against Craigslist for prostitution allegedly taking place within Craigslist’s “erotic services” section, the website argued that it cannot be charged with the crimes of its users.
Sheriff Dart was named as one of Time Magazines 100 most influential people in 2009 for his innovative approach to law enforcement. But he was not innovative enough. The court in Dart v. Craigslist, Inc. invoked Section 230 and dismissed the lawsuit.
Attorney General Harris, faced with admittedly different conduct, would like to avoid Sheriff Dart’s fate. Her strategy, it seems, is to charge Mr. Bollaert with affirmative acts like soliciting the photos or blackmailing (or “extorting”) victims with the threat of leaving the photos up.
There is something to this approach. Section 230 represents a powerful safeguard for free speech and innovation on the Internet; many think tinkering with it would be dangerous. But Section 230 also creates a kind of formula that permits website operators not only to avoid liability for highly objectionable material users post, but to profit by it.
The steps of the formula, seemingly followed by the defendant in the case of ugotposted.com, are:
- Create a website that attracts unlawful or victimizing material.
- Do not collect any information about people that post there so they cannot be easily identified.
- Tell the victim, or wait for her (probably) to approach you.
- Cite Section 230 but offer to take down the material… for a price.
We shall see what the court does here. A judge will want to respect federal legislative intent, while preserving a state attorney general’s ability to enforce state law. The court could find that, as in FTC v. Accusearch, Inc., Mr. Bollaert actively solicited illegal activity. Or, depending on how the facts develop, the court could follow the reasoning of Fair Housing Council of San Fernando Valley v. Roommates.com, LLC and treat Mr. Bollaert as a kind of co-publisher of the material on his website. Or a court could simply dismiss the charges outright as an attempt to end run Section 230 immunity. None are a perfect fit. I imagine many people, not to mention household-name Internet companies, will be watching this case closely.
For more on revenge porn, I recommend the work of Danielle Keats Citron at University of Maryland School of Law (including her forthcoming book, Hate Crimes in Cyberspace) and Mary Anne Franks at University of Miami School of Law (including her blog). For more on Section 230, see the writings of national expert and fellow Forbes contributor Eric Goldman at Santa Clara Law.