Blog

05 Jul The FTC Cybersecurity Shakedown Racket: Bulldozing businesses

Screen Shot 2016-07-05 at 2.05.11 PM

The mission of the Federal Trade Commission is to “To Protect Consumers”. They wear that badge as a badge of honor…and a call to war. The victim is the consumer and the offender is you. If you don’t comply with what they think is fair there will be big trouble in store…but what’s wrong with going after bad actors in business, right?

Not so fast. Villainy has many masks, but none more terrifying as the mask of virtue. The FTC lays a foundation of deception to play this game, and if you aren’t aware of it you may fall into their trap, lose your job and waste millions fighting regulatory leviathan.

How do you avoid their radar and wrath?

You’ll learn the entire, juicy and painful story of a great small business – my cancer screening company LabMD being bulldozed into nothingness thanks to corruption and ignorance. It’s a chance to wake up and learn from FTC’s failure in this very important area – cyber security enforcement. As the EPA has stretched beyond its legal bounds to takeover American’s properties, the FTC has done the same in America’s cyber security space.

Read the whole article below:

The FTC Cybersecurity Shakedown Racket: Bulldozing businesses by Mike Daugherty

Read More

23 Jun An explanation of government power you never be taught in civics class.

UN_logo_colors:invert

If you want to understand the shocking power of a government agency then read this.

Congress created the beast.

The Courts strengthened it.

It now hunts us at our peril.

This is best explained by Boston University law professor Gary Lawson, in his 1994 Harvard Law Review article “The Rise and Rise of the Administrative State.”

“The Federal Trade Commission promulgates substantive rules of conduct. The Commission then considers whether to authorize investigations into whether the Commission’s rules have been violated. If the Commission authorizes an investigation, the investigation is conducted by the Commission, which reports its findings to the Commission. If the Commission thinks that the Commission’s findings warrant an enforcement action, the Commission issues a complaint. The Commission’s complaint that a Commission rule has been violated is then prosecuted by the Commission and adjudicated by the Commission. This Commission adjudication can either take place before the full Commission or before a semi-autonomous Commission administrative law judge. If the Commission chooses to adjudicate before an administrative law judge rather than before the Commission and the decision is adverse to the Commission, the Commission can appeal to the Commission. If the Commission ultimately finds a violation, then, and only then, the affected private party can appeal to an Article III court. But the agency decision, even before the bona fide Article III tribunal, possesses a very strong presumption of correctness on matters both of fact and of law.”

Read More

22 Jun FTC Heads Delay Ruling In LabMD Data Security Row

MikeJune21

Share us on: By Allison Grande

Law360, New York (June 16, 2016, 9:19 PM ET) — The heads of the Federal Trade Commission on Thursday gave themselves more time to decide whether to overturn an administrative law judge’s dismissal of the agency’s data security suit against LabMD, extending their deadline for a ruling to July 28.

The decision by FTC Chairwoman Edith Ramirez and Commissioners Maureen Ohlhausen and Terrell McSweeny to extend the time period for issuing a final ruling in the closely watched dispute came on the final day of a 100-day deadline for reaching a final determination that began ticking when the trio heard oral arguments in the appeal on March 8.

The commissioners’ brief one-paragraph order did not offer much insight into the delay, saying only that the deadline was extended until July 28 “in order to give full consideration to the issues presented by the appeal in this proceeding.”

Michael Daugherty, the president and CEO of now-defunct LabMD, blasted the delayWednesday, postulating that the commissioners — whose only options appear to be to either overturn their own administrative law judge or affirm the dismissal of a case that the heads of the commission voted to bring in 2013 — were punting for time.

“The FTC is in unchartered waters: Confirm an ALJ smack in the face or overturn to face their biggest nightmare: a level playing field in front of an Article III judge,” Daugherty said. “Bullies can’t cope with due process.”

The dispute came before the trio of active commissioners after one of the agency’s administrative law judges, D. Michael Chappell, in November rejected the commission’s argument that LabMD’s purported failure to institute reasonable data security constituted an unfair trade practice under Section 5 of the FTC Act.

Instead, the judge concluded in his 92-page order dismissing the case that the FTC had failed to meet its burden of proof under the unfairness prong of Section 5 because there was no evidence that any consumers had suffered harm.

In accordance with the administrative process, the FTC immediately appealed Judge Chappell’s decision to the agency’s acting commissioners. While the agency had four heads when the case was sent up the chain, Commissioner Julie Brill — who left the commission at the end of March to headHogan Lovells‘ privacy and cybersecurity practice — had previously recused herself from the matter.

The remaining three commissioners took up the case, and during the more than hourlong oral arguments session, they honed in on the reach of Section 5(n) of the FTC Act, which stipulates that the commission cannot deem an act or practice unfair unless the conduct “causes or is likely to cause” substantial injury to consumers.

In their attempt to find the proper legal trigger for this authority, the commissioners badgered attorneys from both sides over whether the lab’s  allegedly lax data security practices harmed consumers in any way.

FTC attorney Laura Riposo VanDruff contended that even though no LabMD patients had reported being injured in the more than eight years since their data was allegedly exposed through a peer-to-peer file-sharing network, the risk that they could be injured was enough to sustain the commission’s claims.

In support of her argument, VanDruff pointed to the commissioners’ January 2014 decision rejecting LabMD’s motion to dismiss the dispute, in which they unanimously held that actual economic harm is not needed to sustain an action and that an act or practice that raises the risk of concrete harm is sufficient.

LabMD’s attorney Alfred J. Lechner Jr. from Cause of Action countered that the FTC had fallen well short of its burden to show that LabMD’s data security practices — which the commission contends led to the exposure of a file that contained sensitive data on nearly 10,000 patients — had caused harm to anyone.

“It’s [the commission’s] burden to prove it, and they haven’t offered any evidence other than speculation,” Lechner said.

LabMD is represented by Alfred J. Lechner Jr., Daniel Z. Epstein and Patrick J. Massari of Cause of Action Institute.

The FTC is represented by its attorneys Alain Sheer, Laura Riposo VanDruff, Megan Cox, Ryan Mehm and Jarad Brown.

The case is In the Matter of LabMD Inc., docket number 9357, before the Federal Trade Commission.

–Editing by Jill Coffey.

Read More

15 Jun FTC Cybersecurity battle vs LabMD – An Interview with Craig Newman of Patterson Belknap and Michael Daugherty

Screen Shot 2016-06-15 at 11.31.14 AM

In part II of our interview with LabMD CEO Michael Daugherty, we discuss the Federal Trade Commission’s much anticipated decision in this long-running data security enforcement action. Daugherty also talks about LabMD’s “lessons learned” after more than six years of litigation with the Commission.

 

Screen Shot 2016-06-15 at 11.32.18 AM

Click to Listen

DataSecurityLaw.com

Read More

10 Jun Patterson Belknap Partner Craig Newman Interview With Michael Daugherty

FTC & Data Privacy: An Interview with LabMD CEO Michael Daugherty

Screen Shot 2016-06-10 at 8.02.37 AM

Click to view video

The Federal Trade Commission is expected to issue a ruling later this month in the LabMD case, a closely watched data security case that focuses on the scope and reach of Section 5 of the FTC Act. In November 2015, an Administrative Law Judge concluded — after a full trial on the merits — that the Commission failed to prove its case against LabMD. The matter has been appealed to the full Commission. Patterson Belknap partner Craig Newman sat down with LabMD CEO Michael Daugherty to discuss the appeal and its implications.

Read More

02 Jun Video Interview: LabMD’s Mike Daugherty on Battle With FTC

Screen Shot 2016-06-04 at 7.47.01 AM

Screen Shot 2016-06-04 at 7.58.41 AM

Reblogged from Tracy Kitten‘s post here

Mike Daugherty, the president and CEO of LabMD who is fighting a legal battle with theFederal Trade Commission over two security incidents in 2008 and 2012, contends the agency is overstepping its regulatory authority. And he warns bankers and merchants to beware because new FTC probes into PCI compliance and EMV deployment could be on the way.

See Also: 2016 State of Threat Intelligence Study

“You have a whole bunch of people in Congress who want the administrative state and the regulators to be seen as saviors,” Daugherty says in this video interview with Information Security Media Group. “The problem is, we’re at a tipping point, in finance, in technology, in medicine, because we’re being regulated by lawyers, not people who are really educated in the areas that they’re regulating.”

In this interview at ISMG’s recent Washington Fraud and Breach Prevention Summit, Daugherty also discusses:

  • How he expects the FTC actions related to cybersecurity incidents to soon impact every industry;
  • How he believes LabMD’s case changed the way the FTC investigates security incidents; and
  • Why he contends that more oversight from the FTC will not enhance cybersecurity;

Atlanta-based LabMD, which has ceased operations, was a clinical and anatomic medical laboratory that specialized in analysis and diagnosis of blood, urine, and tissue specimens for cancers, micro-organisms and tumor markers. Daugherty founded LabMD in 1996 after 14 years in surgical device sales with U.S. Surgical Corp. and Mentor Corp. He is author of a book about the FTC’s investigation of his firm: “The Devil Inside the Beltway: The Shocking Expose of the U.S. Government’s Surveillance and Overreach into Cybersecurity, Medicine and Small Business.”

*Tracy Kitten is Executive Editor for http://BankInfoSecurity.com

Read More

26 Apr BusinessWeek reports on the FTC destruction of LabMD

Reblogged from Bloomberg Businessweek

A Leak Wounded This Company. Fighting the Feds Finished It Off

Michael Daugherty learns the high price of resistance.

michael_daugherty_at_home__01

Daugherty at home. Most of what remains of his $4.6 million business fits in his garage.

The first phone call that changed Michael Daugherty’s life came in May 2008. Daugherty was a happy man, running a good business in a nice place. That’s how he talks about it, like the opening five minutes of a movie, setting up how great everything is before disaster strikes. His Atlanta-based company, LabMD, tested blood, urine, and tissue samples for urologists, and had about 30 employees and $4 million in annual sales.

Daugherty is a middle-aged guy distinguished by small, kind brown eyes and a big, meaty laugh—a business everyman of a certain vintage, with a salesman’s mix of friendly and aggressive. He’s from Detroit, and you can occasionally hear it in his vowels. Kevin Spacey could play him in the movie.

Here’s where the story turns dark. That Tuesday, LabMD’s general manager came in to tell Daugherty about a call he’d just fielded from a man named Robert Boback. Boback claimed to have gotten hold of a file full of LabMD patient information. This was scary for a medical business that had to comply with federal rules on privacy, enshrined in the Health Insurance Portability and Accountability Act. I need proof, Daugherty told his deputy. Get it in writing.

 

labmd_file_boxes__02

LabMD artifacts Photographer: Johnathon Kelso for Bloomberg Businessweek

(more…)

Read More

24 Mar Cybersecurity Firm With A History Of ‘Corporate Blackmail’ Raided By The FBI

AAEAAQAAAAAAAAR-AAAAJDlmZTE0YWFiLTM4YTUtNGQ5Zi05Y2RhLThkMWFhZjg0YjY3OA

Sharing the latest from TechDirt

from the fate-of-CEO-Robert-‘Whitey’-Boback-currently-unknown dept

Cybersecurity is a crowded field. Not every competitor will make it. That’s inevitable. Tiversa is one of the also-rans.

Tiversa is helmed by Robert Boback. Back in 2009, Boback was already well-versed in the cybersecurity hard sell. Here’s what he had to say about P2P software in front of a Congressional audience — an audience well-versed in the art of selling fear to fund additional government products.

Boback showed off a document, apparently from a senior executive of a Fortune 500 company, listing every acquisition the company planned to make — along with how much it was willing to pay. Also included in the document were still-private details about the company’s financial performance. Boback also showed numerous documents listing Social Security numbers and other personal details on 24,000 patients at a health care system, as well as FBI files, including surveillance photos of an alleged Mafia hit man that were leaked while he was on trial.

Boback was stealthily pitching his company’s P2P monitoring service. During this hearing, he also claimed to have come across documents containing details about the President’s helicopter on an Iranian computer.

(more…)

Read More

19 Mar Exclusive: DOJ probes allegations that Tiversa lied to FTC about data breaches

Things are finally starting to break through. This is the tip of the iceberg. Stay tuned.

Originally posted Thursday March 17th on Reuters

Federal agents are investigating whether cyber-security firm Tiversa gave the government falsified information about data breaches at companies that declined to purchase its data protection services, according to three people with direct knowledge of the inquiry.

The Federal Bureau of Investigation raided Tiversa’s Pittsburgh headquarters in early March and seized documents, the people said.

The Justice Department’s criminal investigation of Tiversa began after Richard Wallace, a former Tiversa employee, alleged in a 2015 Federal Trade Commission hearing that the cybersecurity firm gave the agency doctored evidence purporting to prove corporate data breaches, the people said.

Wallace testified that Tiversa falsified information to make it appear that sensitive data was being accessed by users across the country.
(more…)

Read More