Searching over 5,500,000 cases.

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

People v. Bollaert

California Court of Appeals, Fourth District, First Division

June 28, 2016

THE PEOPLE, Plaintiff and Respondent,
KEVIN CHRISTOPHER BOLLAERT, Defendant and Appellant.

         APPEAL from a judgment of the Superior Court of San Diego County No. SCD252338, David M. Gill, Judge.

          Patrick J. Hennessey, Jr., under appointment by the Court of Appeal, for Defendant and Appellant.

          Kamala D. Harris, Attorney General, Gerald A. Engler and Julie L. Garland, Assistant Attorneys General, Eric A. Swenson, Junichi P. Semitsu, Garrett A. Gorlitsky, Deputy Attorneys General, and Steven Taylor Oetting, Deputy Solicitor General, for Plaintiff and Respondent.

          O'ROURKE, J.

         A jury convicted Kevin Christopher Bollaert of extortion (Pen. Code, [1] § 520; counts 3, 16, 18, 21, 27, 29) and the unlawful use of personal identifying information (§ 530.5, subd. (a); counts 2, 4-15, 17, 19, 20, 22-24, 26, 28), stemming from his operation of Web sites, ", " through which users posted private, intimate photographs of others along with that person's name, location and social media profile links, and ", " through which victims could pay to have the information removed. As to some of the victims, the jury unanimously found that Bollaert committed the unlawful act of an invasion of privacy by disclosure of private facts. The trial court declared a mistrial as to one of the identity theft charges (count 25) and a conspiracy charge (count 1). It sentenced Bollaert to a split sentence of 18 years: eight years of local confinement followed by 10 years of mandatory supervision.[2]

         Bollaert contends his convictions under section 530.5, subdivision (a) must be reversed for insufficient evidence because (1) he is immunized from liability under section 530.5, subdivision (f) as an "interactive computer service" or "access software provider" within the meaning of the Communications Decency Act (the CDA; 47 U.S.C. § 230(c)(1));[3] (2) he did not take action to develop or create the content of his Web site, and therefore was not liable as an "information content provider" as defined by the CDA; and (3) he did not willfully obtain the personal identifying information for an unlawful purpose. Bollaert further contends there is insufficient evidence supporting his extortion convictions because he did not directly or implicitly threaten any of the victims to expose any secret; the alleged secrets-the photographs-were already in the public domain; and he merely engaged in a business practice whereby legally posted information could be removed. Finally, Bollaert contends the trial court erred by giving the jury instructions on civil liability-CACI Nos. 1800 and 1801-regarding intrusion into private affairs and public disclosure of private facts.

         We conclude the evidence is sufficient to support Bollaert's convictions for unlawful use of personal identifying information as well as extortion, and that the jury's rejection of CDA immunity is likewise supported by evidence that Bollaert developed, at least in part, the offensive content on his Web site by requiring users to input private and personal information as a condition of posting the victims' pictures, making him an information content provider within the meaning of the CDA. We further conclude Bollaert invited the claimed instructional error, but hold in any event that he has not shown error in the instructions as a whole. We affirm the judgment.


         In 2012, 2013 and 2014, a number of individuals discovered that photographs of themselves, including nude photographs, as well as their names, hometowns, and social media addresses, had been posted without their permission on a Web site, Most of the pictures were taken by or for former significant others or friends.[5] Some of the pictures the victims had taken on their own phones or placed on personal webpages for private viewing by themselves or select others. Some had been taken while the victim was drugged and in a compromised state or otherwise unaware of the photographing. Victims received harassing and vulgar messages from strangers. Many of the victims contacted the Web site administrator at to try to get their photographs and information removed without success. One of the victims testified that when she tried to communicate with the UGotPosted contact, she reached a person named "James Smith, " not realizing it was Bollaert, who told her that to remove her photos she would have to provide two forms of identification and show an unspecified sign. The UGotPosted Web site contained a link to another Web site,, where victims were told that for payment of a specified amount of money, their pictures and information would be taken down. Six of the victims paid money to an account on to have their pictures removed from the Web site.

         Bollaert was the administrator and registered owner of the UGotPosted Web site. He created it with another person, Eric Chanson, who eventually declined to participate and transferred his interest to Bollaert. Bollaert was in control of the Web site, and he managed and maintained it; changed, added and deleted content; and updated software that operated the site. He designed the Web site so that he had to review the content before it was posted, and it had "required fields" by which a user who wanted to post pictures of another person had to input that other person's full name, age, location ("city, state, country") and Facebook link. Bollaert had the only user account on the computer; he looked at every single post that came through the Web site and decided what would get posted on it, placed watermarks on each photograph to discourage others from stealing the pictures, and accessed the site remotely. He kept a spreadsheet recording every single post. Bollaert would not post pictures that he deemed "garbage, " including pictures that did not include nude persons. He removed pictures of minors and some other content depending on the nature of the request. He moderated and approved the comments that were posted on the Web site, and edited the contents of the posts. At some point, Bollaert received about $800 or $900 in monthly income from advertising off the site. Bollaert felt the Web site was "kinda fun and entertaining" at the beginning, but he later took it down because it was causing him stress and "ruining his life."

         Bollaert also set up and managed the Web site, to which individuals who had pictures posted on the UGotPosted site would be directed and told they could pay money to have the information removed. A Department of Justice forensic auditor determined that victims paid a total of $30, 147.73, which eventually was forwarded to Bollaert's personal PayPal account. Law enforcement later used Bollaert's site to contact victims. At one point, a legal analyst with the Attorney General's office created a user account and attempted to post pictures of her pet cats on the Web site, but they never appeared.

         At trial, the People proceeded on the charges of unlawful use of personal identifying information (§ 530.5, subd. (a)) under three theories: That Bollaert, without authorization, willfully obtained the victims' personal identifying information via the design, maintenance and operation of the Web site for the unlawful purpose of annoying or harassing via electronic communication device under section 653m, subdivision (a).[6] Or, that Bollaert, without authorization, willfully obtained the victims' personal identifying information for the unlawful purpose of an invasion of privacy either via public disclosure of private facts, or intrusion into private affairs. Bollaert defended in part on grounds his Web site was an interactive computer service or access software provider expressly immunized under subdivision (f) of section 530.5 because there was no evidence of intent to defraud, and was also protected under the CDA. The court instructed the jury on these theories and Bollaert's defense at Bollaert's request.[7]


         I. Convictions for Unlawful Use of Personal Identifying Information (§ 530.5)

         Bollaert contends the evidence is insufficient to support his convictions under section 530.5 under any of the prosecution's theories. He continues to maintain that his Web site is an interactive computer service or access software provider subject to immunity under the CDA and section 530.5, subdivision (f), and that the People presented no evidence he possessed any personal information with the intent to defraud. He further argues that he cannot be an information content provider under the CDA (§ 230, subd. (f)) because in operating the Web site, he "took no action that amounted to developing or creating the content, " similar to the defendants who were held immune from tort liability in Zeran v. America Online, Inc. (4th Cir. 1997) 129 F.3d 327 (Zeran), Carafano v. Inc. (9th Cir. 2003) 339 F.3d 1119 (Carafano), and Jones v. Dirty World Entertainment Recordings LLC (6th Cir. 2014) 755 F.3d 398 (Jones).) He additionally argues that with regard to actions not protected by the CDA, there is no evidence he willfully obtained someone else's personal identifying information without that person's consent and used it for an unlawful purpose.

         A. Standard of Review

         The principles governing sufficiency of the evidence claims are "clear and well settled." (People v. Abilez (2007) 41 Cal.4th 472, 504.) " 'The proper test... is whether, on the entire record, a rational trier of fact could find the defendant guilty beyond a reasonable doubt. [Citations.] On appeal, we must view the evidence in the light most favorable to the People and must presume in support of the judgment the existence of every fact the trier could reasonably deduce from the evidence.' " (People v. Perez (2010) 50 Cal.4th 222, 229; People v. Rangel (2016) 62 Cal.4th 1192, 1212-1213 [relevant question is " ' "whether, after viewing the evidence in the light most favorable to the prosecution, any rational trier of fact could have found the essential elements of the crime beyond a reasonable doubt" ' "].) " ' " 'Circumstantial evidence may be sufficient to connect a defendant with the crime and to prove his guilt beyond a reasonable doubt.' " ' " (People v. Abilez, at p. 504.) "If the circumstances reasonably justify the trier of fact's findings, reversal of the judgment is not warranted simply because the circumstances might also reasonably be reconciled with a contrary finding." (People v. Lindberg (2008) 45 Cal.4th 1, 27.) We may reverse for lack of substantial evidence only if " ' "upon no hypothesis whatever is there sufficient substantial evidence to support" ' the jury's verdict." (People v. Zamudio (2008) 43 Cal.4th 327, 357.)

         B. Section 530.5 and CDA Immunity

         Section 530.5, subdivision (a), proscribes the unauthorized use of personal identifying information (conduct often referred to as "identity theft"). (People v. Barba (2012) 211 Cal.App.4th 214, 226; People v. Hagedorn (2005) 127 Cal.App.4th 734, 743-744.) It provides: "Every person who willfully obtains personal identifying information, as defined in subdivision (b) of Section 530.55, of another person, and uses that information for any unlawful purpose... is guilty of a public offense.... " (§ 530.5, subd. (a).) Personal identifying information includes "any name, address [and]... date of birth" as well as "unique electronic data including information identification number assigned to the person, address or routing code...." (§ 530.55, subd. (b).) "The elements of the crime defined by the language of the statute may be summarized as follows: (1) that the person willfully obtain personal identifying information belonging to someone else; (2) that the person use that information for any unlawful purpose; and (3) that the person who uses the personal identifying information do so without the consent of the person whose personal identifying information is being used." (People v. Barba, at p. 223; see also People v. Tillotson (2007) 157 Cal.App.4th 517, 533.)

         Subdivision (f) of section 530.5 provides: "An interactive computer service or access software provider as defined in subsection (f) of [the CDA][8] shall not be liable under this section unless the service or provider acquires, transfers, sells, conveys, or retains possession of personal information with the intent to defraud."

         In the CDA, Congress declared that "[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider." (§ 230, subd. (c)(1).) The CDA further states: "No cause of action may be brought and no liability may be imposed under any State or local law that is inconsistent with this section." (§ 230, subd. (e)(3).) These provisions have been held to confer broad immunity against defamation and other civil liability for those who use the Internet to publish information originating from another source. (See Barrett v. Rosenthal (2006) 40 Cal.4th 33, 39; Doe II v. MySpace Inc. (2009) 175 Cal.App.4th 561, 568; Fair Housing Counsel of San Fernando Valley v., LLC (9th Cir. 2008) 521 F.3d 1157, 1162 (Roommates) (en banc); Carafano, supra, 339 F.3d at p. 1122; Batzel v. Smith (9th Cir. 2003) 333 F.3d 1018, 1026; Zeran, supra, 129 F.3d at pp. 330-331.)

         Section 530.5, subdivision (f) sets forth an exemption for interactive computer services or access software providers within the meaning of the CDA, but the California Legislature limited that exemption to interactive computer services that do not act with the intent to defraud. Thus, if an interactive computer service acquires or retains personal identifying information with the intent to defraud, it will be criminally liable under the statute. Under the CDA, however, an interactive computer service likewise loses its immunity if it also functions as an "information content provider" for the portion of the statement or publication at issue. (Roommates, supra, 521 F.3d at p. 1162; Carafano, supra, 339 F.3d at pp. 1123, 1125; Doe II v. MySpace Inc., supra, 175 Cal.App.4th at p. 568.) The CDA defines an information content provider as "any person or entity that is responsible, in whole or in part, for the creation or development of information provided through the Internet or any other interactive computer service." (§ 230, subd. (f)(3).)

         C. The Evidence Demonstrates Bollaert Willfully Obtained the Victims' Personal Identifying Information and Used It for an Unlawful Purpose

         Before we reach the question of CDA immunity, we address Bollaert's challenge to the evidence supporting the elements of section 530.5 liability. He first argues the evidence does not support a finding that he willfully obtained any personal identifying information of the alleged victims. He points out it was the third parties-ex-boyfriends or personal enemies-who submitted the personal information and maintains he only "provided the opportunity for third parties to post the information of their choice." According to Bollaert, imposing liability for his conduct would "criminalize the business practice of merely hosting a website." Bollaert further contends there is no evidence he used the identifying information for an unlawful purpose. As we explain, the contentions are meritless.

         1. Willful Conduct

         " 'The word "willfully, " when applied to the intent with which an act is done or omitted, implies simply a purpose or willingness to commit the act, or make the omission referred to.' In other words, '[t]he word "willfully" as generally used in the law is a synonym for "intentionally, " ' [citation], and ' "... implies no evil intent; ' "it implies that the person knows what he is doing, intends to do what he is doing and is a free agent." ' " ' " (In re Rolando S. (2011) 197 Cal.App.4th 936, 941.) In Rolando S., the Court of Appeal upheld a petition finding a minor willfully obtained personal identifying information of another in violation of section 530.5-the victim's e-mail account password-even though the minor had received the password in an unsolicited text message, and then accessed the victim's Facebook page to write "sexually explicit and vulgar comments on the victims' [sic] friends' walls, accessible by the victims' [sic] friends and acquaintances, " thereby "clearly expos[ing] the victim to hatred, contempt, ridicule and obloquy...." (Id. at p. 947.) The court held the minor willfully obtained the password when he chose to remember it and affirmatively used it to gain access to the victim's electronic accounts: "Appellant freely accepted the password information provided in the text message" and "no evidence suggests [he] was forced to remember the password or otherwise keep a record of it so that he could use it later, as he admitted to doing.... [A]ppellant willfully obtained the password information from the text message, knowing that he was continuing to possess the password, intending to do so, and was a free agent when securing the password for his future use." (Id. at pp. 941.)

         Here, the evidence shows Bollaert designed the UGotPosted Web site for the specific purpose of eliciting nude photographs and private information of other persons; the information was not provided to him by the victims depicted in the photographs whose names and locations were used. Because Bollaert "freely accepted" all of the victims' personal information, intended to continue to possess it, and used it for his own purposes, i.e., for display on his Web site and receipt of advertising income as well as payments from, Bollaert willfully obtained the information for purposes of section 530.5. (In re Rolando S., supra, 197 Cal.App.4th at p. 941.)

         2. Unlawful Purpose

         We further conclude substantial evidence demonstrates Bollaert obtained and retained the information for an unlawful purpose, namely, to invade the victims' privacy. In In re Rolando S., the court was faced with the minor's claim that he did not use the victim's information for an unlawful purpose, because at most he " 'possibly defamed' the victim" and such civil torts did not meet that standard. (In re Rolando S., supra, 197 Cal.App.4th at p. 942.) In addressing that contention, the court examined the legislative history of section 530.5, specifically the 1998 amendment to the statute that added the phrase "any unlawful purpose" (Stats. 1998, ch. 488, § 1, p. 3531) and observed that the Legislature "clearly intended to greatly expand the scope of unlawful conduct underlying the identity theft offense." (Rolando S., at pp. 944-945.)The court applied the California Supreme Court's definition of "unlawful, " stating: "Our Supreme Court has defined the term 'unlawful' to include wrongful conduct which is not criminal. In determining the scope of the term, it held that an act is 'unlawful... if it is proscribed by some constitutional, statutory, regulatory, common law, or other determinable legal standard. [Citations.]' [Citation.] Under this definition, unlawful conduct includes acts prohibited by the common law or nonpenal statutes, such as intentional civil torts." (Rolando S., at p. 946, citing Korea Supply Co. v. Lockheed Martin Corp. (2003) 29 Cal.4th 1134, 1159 & fn. 11; see also Edwards v. Arthur Andersen, LLP (2008) 44 Cal.4th 937, 944.)

         Thus, the term "unlawful" as used in section 530.5 includes intentional civil torts, including those relied upon by the People here: invasion of privacy by means of intrusion into private affairs and public disclosure of private facts. (See Shulman v. Group W Productions, Inc. (1998) 18 Cal.4th 200, 214, 231 (Shulman) [discussing elements of both causes of action].) Bollaert does not, in his opening brief, separately address the torts, but rather sets out only the elements of the intrusion tort as the elements of "invasions of privacy." Because he does not address the public disclosure tort or its elements-(1) public disclosure (2) of a private fact (3) that would be offensive and objectionable to the reasonable person and (4) which is not of legitimate public concern (Shulman, at p. 214)-on the public disclosure tort theory of unlawful use alone we may affirm Bollaert's 530.5 convictions.

         Nevertheless, we conclude substantial evidence supports the jury's verdicts on a theory of invasion of privacy based on intrusion into private affairs. "A privacy violation based on the common law tort of intrusion has two elements. First, the defendant must intentionally intrude into a place, conversation, or matter as to which the plaintiff has a reasonable expectation of privacy. Second, the intrusion must occur in a manner highly offensive to a reasonable person." (Hernandez v. Hillsides, Inc. (2009) 47 Cal.4th 272, 286; see Shulman, supra, 18 Cal.4that p. 231 [" '[o]ne who intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the intrusion would be highly offensive to a reasonable person' "].) "To prove actionable intrusion, the plaintiff must show the defendant penetrated some zone of physical or sensory privacy surrounding, or obtained unwanted access to data about, the plaintiff." (Shulman, at p. 232, italics added.)

         Bollaert suggests that liability for this tort would attach only to the third parties who "of their own free will" posted the offensive content without the victim's permission; that he is not responsible because he "could not tell from the submissions whether the people submitting the photos were submitting photos of themselves or other people without their permission." Interpreting this challenge as directed to the intent element, we reject it. As the People point out, the tort is proven where the defendant obtains unwanted access to private data about the plaintiff (Shulman, supra, 18 Cal.4th at p. 232), and evidence of Bollaert's willful receipt of the intimate photographs from others without the victims' consent meets that standard. Additionally, the evidence contradicts Bollaert's assertions concerning his lack of knowledge, as the evidence shows he required users to post both their own e-mail address, as well as the full name of the victim and the victim's Facebook ...

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.