Michael in Print

photo-1453945619913-79ec89a82c51-1

28 Jul For FTC and LabMD, a turning point is reached with no endgame in sight

photo-1453945619913-79ec89a82c51-1
For FTC and LabMD, a turning point is reached with no endgame in sight (July 27, 2016) – LabMD Inc. CEO Michael Daugherty seems to be winning in the court of public opinion. Now all he has to do is win in federal court and at the Federal Trade Commission. For cybersecurity pros, the more important decision is the one the FTC is due to make July 28 after its original June 16 deadline was delayed “to give full consideration of the issues presented.” In the first FTC data breach case to go this far without settling, as some 60 other companies have done over the years, LabMD is challenging whether a minor data leak of dubious origins that led to no consumer harm is subject to the FTC’s authority.

Read more below:

 

MimFor FTC and LabMD, a turning point is reached with no endgame in sighte Attachment

Credit: Congressional Roll Call

Read More
MikeJune21

14 Jul LabMD Draws Law Firms, Coke Into Tiversa Data Theft Row

MikeJune21

 

Reblogged – original post By Allison Grande

Law360, New York

LabMD on Tuesday piled onto its long-running fight with cybersecurity firm Tiversa, which the lab claims stole a patient data file that it gave to the Federal Trade Commission, by filing a new complaint in Georgia federal court that names two major law firms as co-conspirators and alleges that Tiversa also targeted Coca-Cola, Papa John’s and others.

 

The medical testing laboratory and CEO Michael J.Daugherty cited numerous instances in their 192-page complaint that Tiversa Holding Corp. and more than a dozen purported co-conspirators — including law firms Morgan Lewis & Bockius LLP and Pepper Hamilton LLP as well as the trustees of Dartmouth College — allegedly pulled off their classic “steal, lie, threaten, retaliate” ploy against both LabMD and other Georgia-based businesses, including Coca-Cola and Papa John’s.

 

“This case starts with a crime and a lie,” the complaint said. “The crime — the theft of a confidential file with personal health information on approximately 9,300 patients. The lie — the thief claims the victim made it available to the public.”

 

LabMD first encountered Tiversa in 2007 when the cybersecurity firm informed the lab that it had discovered the confidential file on the peer-to-peer file-sharing network LimeWire. Tiversa then turned the file over to the FTC, which based on the tip launched an action in 2013 accusing the lab of failing to maintain reasonable data security.

 

But in their newest complaint, LabMD and Daugherty reiterated their long-standing position that Tiversa had actually stolen the file from the lab’s servers, and that its referral to the FTC — which ultimately led the lab to shutter its operations — was retaliation for LabMD refusing Tiversa’s security services.

 

“LabMD and Daugherty … knew that LabMD had done no wrong,” the complaint said, adding that their convictions were confirmed by former Tiversa employee and whistleblower Richard Wallace, who after being granted immunity testified during the course of the FTC proceedings that Tiversa had secretly hacked the file directly from a LabMD computer in Atlanta, without any permission or authority, and knew that the file had never “leaked” anywhere.

 

“Immunized testimony from this individual during the trial of the enforcement action was so convincing that the FTC ultimately withdrew all reliance upon Tiversa’s crimes and lies,” the complaint said, referencing representations made by FTC staff attorneys during oral arguments challenging an administrative law judge’s dismissal of the commissioner’s complaint, which were held in front of the acting commissioners in March.

 

Tiversa repeated this pattern of lies and retaliation with several other companies that refused to hire it and pay for its services, according to the complaint, which specifically called out Tiversa’s interactions with Coca-Cola, Papa John’s, Logisticare Solutions and Franklin’s Budget Auto Sales, as well as the Georgia Music Educators Association and an AIDS clinic.

 

According to the complaint, Tiversa executed the “four core steps” of its business model — stealing private, confidential and classified files; lying to its targets about the source of the information; threatening to report reluctant targets to law enforcement; and retaliating against targets that refused to hire it — against all these companies.

 

LabMD also asserted that Tiversa didn’t act alone and names more than a dozen co-conspirators, including Morgan Lewis, Pepper Hamilton, and former Morgan Lewis and current Pepper Hamilton partner Eric D. Kline, which began providing legal services to Tiversa around January 2004 and allegedly helped it create a “shell company” called the Privacy Institute.

 

Altogether, the complaint sets forth approximately 20 predicate acts under the Georgia and federal Racketeer Influenced Corrupt Organizations acts — 15 of which the plaintiffs claim caused actual harm — and over 20 additional criminal violations committed by at least one of the 18 known defendants, including violations of the Computer Fraud and Abuse Act and common law fraud and negligence.

 

“This lawsuit is primarily about Tiversa’s illegal scheme — its pattern of racketeering activity, its theft and other crimes, its lies and other frauds, its conspirators and accomplices, its predicate acts under state and federal RICO and, ultimately, the liability of all defendants for the harms they have caused LabMD and Daugherty,” the complaint said.

 

The complaint that came to light Tuesday marks the latest development in the parties’ long-running scuffle.

 

Shortly after the filing of the FTC’s enforcement action, Tiversa filed the first of several defamation lawsuits against LabMD and Daugherty, which have been dropped, and LabMD currently has a similar fraud and hacking action pending in Pennsylvania federal court against Tiversa, its CEO, Robert Boback, and others, although LabMD noted in its latest complaint that the Pennsylvania action was filed four months before the Tiversa whistleblower testified in the FTC enforcement action and before the House Oversight Committee released its revealing report into Tiversa’s business practices.

 

“Because of the congressional investigation and report and the immunity given to [Wallace], all this stuff didn’t start coming out until 2015,” Daugherty told Law360 Tuesday. “That’s what they do — they try to hide and then run the clock and run the statue of limitations. This took a long time, and what’s really unfortunate is that not many people get to have the luxury of a congressional investigation and report and immunity grants, and it’s just sad that all those parts were necessary to get to justice.”

 

Representatives for Tiversa did not immediately respond to a request for comment late Tuesday.

 

LabMD and Daugherty are represented by James W. Hawkins of James W. Hawkins LLC.

 

Counsel information for the defendants was not immediately available.

 

The case is Daugherty et al. v. Adams et al., case number 1:16-cv-02480, in the U.S. District Court for the Northern District of Georgia.

 

–Editing by Bruce Goldman.

 

Read More
Screen Shot 2016-07-05 at 2.05.11 PM

05 Jul The FTC Cybersecurity Shakedown Racket: Bulldozing businesses

Screen Shot 2016-07-05 at 2.05.11 PM

The mission of the Federal Trade Commission is to “To Protect Consumers”. They wear that badge as a badge of honor…and a call to war. The victim is the consumer and the offender is you. If you don’t comply with what they think is fair there will be big trouble in store…but what’s wrong with going after bad actors in business, right?

Not so fast. Villainy has many masks, but none more terrifying as the mask of virtue. The FTC lays a foundation of deception to play this game, and if you aren’t aware of it you may fall into their trap, lose your job and waste millions fighting regulatory leviathan.

How do you avoid their radar and wrath?

You’ll learn the entire, juicy and painful story of a great small business – my cancer screening company LabMD being bulldozed into nothingness thanks to corruption and ignorance. It’s a chance to wake up and learn from FTC’s failure in this very important area – cyber security enforcement. As the EPA has stretched beyond its legal bounds to takeover American’s properties, the FTC has done the same in America’s cyber security space.

Read the whole article below:

The FTC Cybersecurity Shakedown Racket: Bulldozing businesses by Mike Daugherty

Read More
MikeJune21

22 Jun FTC Heads Delay Ruling In LabMD Data Security Row

MikeJune21

Share us on: By Allison Grande

Law360, New York (June 16, 2016, 9:19 PM ET) — The heads of the Federal Trade Commission on Thursday gave themselves more time to decide whether to overturn an administrative law judge’s dismissal of the agency’s data security suit against LabMD, extending their deadline for a ruling to July 28.

The decision by FTC Chairwoman Edith Ramirez and Commissioners Maureen Ohlhausen and Terrell McSweeny to extend the time period for issuing a final ruling in the closely watched dispute came on the final day of a 100-day deadline for reaching a final determination that began ticking when the trio heard oral arguments in the appeal on March 8.

The commissioners’ brief one-paragraph order did not offer much insight into the delay, saying only that the deadline was extended until July 28 “in order to give full consideration to the issues presented by the appeal in this proceeding.”

Michael Daugherty, the president and CEO of now-defunct LabMD, blasted the delayWednesday, postulating that the commissioners — whose only options appear to be to either overturn their own administrative law judge or affirm the dismissal of a case that the heads of the commission voted to bring in 2013 — were punting for time.

“The FTC is in unchartered waters: Confirm an ALJ smack in the face or overturn to face their biggest nightmare: a level playing field in front of an Article III judge,” Daugherty said. “Bullies can’t cope with due process.”

The dispute came before the trio of active commissioners after one of the agency’s administrative law judges, D. Michael Chappell, in November rejected the commission’s argument that LabMD’s purported failure to institute reasonable data security constituted an unfair trade practice under Section 5 of the FTC Act.

Instead, the judge concluded in his 92-page order dismissing the case that the FTC had failed to meet its burden of proof under the unfairness prong of Section 5 because there was no evidence that any consumers had suffered harm.

In accordance with the administrative process, the FTC immediately appealed Judge Chappell’s decision to the agency’s acting commissioners. While the agency had four heads when the case was sent up the chain, Commissioner Julie Brill — who left the commission at the end of March to headHogan Lovells‘ privacy and cybersecurity practice — had previously recused herself from the matter.

The remaining three commissioners took up the case, and during the more than hourlong oral arguments session, they honed in on the reach of Section 5(n) of the FTC Act, which stipulates that the commission cannot deem an act or practice unfair unless the conduct “causes or is likely to cause” substantial injury to consumers.

In their attempt to find the proper legal trigger for this authority, the commissioners badgered attorneys from both sides over whether the lab’s  allegedly lax data security practices harmed consumers in any way.

FTC attorney Laura Riposo VanDruff contended that even though no LabMD patients had reported being injured in the more than eight years since their data was allegedly exposed through a peer-to-peer file-sharing network, the risk that they could be injured was enough to sustain the commission’s claims.

In support of her argument, VanDruff pointed to the commissioners’ January 2014 decision rejecting LabMD’s motion to dismiss the dispute, in which they unanimously held that actual economic harm is not needed to sustain an action and that an act or practice that raises the risk of concrete harm is sufficient.

LabMD’s attorney Alfred J. Lechner Jr. from Cause of Action countered that the FTC had fallen well short of its burden to show that LabMD’s data security practices — which the commission contends led to the exposure of a file that contained sensitive data on nearly 10,000 patients — had caused harm to anyone.

“It’s [the commission’s] burden to prove it, and they haven’t offered any evidence other than speculation,” Lechner said.

LabMD is represented by Alfred J. Lechner Jr., Daniel Z. Epstein and Patrick J. Massari of Cause of Action Institute.

The FTC is represented by its attorneys Alain Sheer, Laura Riposo VanDruff, Megan Cox, Ryan Mehm and Jarad Brown.

The case is In the Matter of LabMD Inc., docket number 9357, before the Federal Trade Commission.

–Editing by Jill Coffey.

Read More
michael_daugherty_at_home__01

26 Apr BusinessWeek reports on the FTC destruction of LabMD

Reblogged from Bloomberg Businessweek

A Leak Wounded This Company. Fighting the Feds Finished It Off

Michael Daugherty learns the high price of resistance.

michael_daugherty_at_home__01

Daugherty at home. Most of what remains of his $4.6 million business fits in his garage.

The first phone call that changed Michael Daugherty’s life came in May 2008. Daugherty was a happy man, running a good business in a nice place. That’s how he talks about it, like the opening five minutes of a movie, setting up how great everything is before disaster strikes. His Atlanta-based company, LabMD, tested blood, urine, and tissue samples for urologists, and had about 30 employees and $4 million in annual sales.

Daugherty is a middle-aged guy distinguished by small, kind brown eyes and a big, meaty laugh—a business everyman of a certain vintage, with a salesman’s mix of friendly and aggressive. He’s from Detroit, and you can occasionally hear it in his vowels. Kevin Spacey could play him in the movie.

Here’s where the story turns dark. That Tuesday, LabMD’s general manager came in to tell Daugherty about a call he’d just fielded from a man named Robert Boback. Boback claimed to have gotten hold of a file full of LabMD patient information. This was scary for a medical business that had to comply with federal rules on privacy, enshrined in the Health Insurance Portability and Accountability Act. I need proof, Daugherty told his deputy. Get it in writing.

 

labmd_file_boxes__02

LabMD artifacts Photographer: Johnathon Kelso for Bloomberg Businessweek

(more…)

Read More
AAEAAQAAAAAAAAR-AAAAJDlmZTE0YWFiLTM4YTUtNGQ5Zi05Y2RhLThkMWFhZjg0YjY3OA

24 Mar Cybersecurity Firm With A History Of ‘Corporate Blackmail’ Raided By The FBI

AAEAAQAAAAAAAAR-AAAAJDlmZTE0YWFiLTM4YTUtNGQ5Zi05Y2RhLThkMWFhZjg0YjY3OA

Sharing the latest from TechDirt

from the fate-of-CEO-Robert-‘Whitey’-Boback-currently-unknown dept

Cybersecurity is a crowded field. Not every competitor will make it. That’s inevitable. Tiversa is one of the also-rans.

Tiversa is helmed by Robert Boback. Back in 2009, Boback was already well-versed in the cybersecurity hard sell. Here’s what he had to say about P2P software in front of a Congressional audience — an audience well-versed in the art of selling fear to fund additional government products.

Boback showed off a document, apparently from a senior executive of a Fortune 500 company, listing every acquisition the company planned to make — along with how much it was willing to pay. Also included in the document were still-private details about the company’s financial performance. Boback also showed numerous documents listing Social Security numbers and other personal details on 24,000 patients at a health care system, as well as FBI files, including surveillance photos of an alleged Mafia hit man that were leaked while he was on trial.

Boback was stealthily pitching his company’s P2P monitoring service. During this hearing, he also claimed to have come across documents containing details about the President’s helicopter on an Iranian computer.

(more…)

Read More
tech-freedom

10 Feb TechFreedom to FTC: If You Can’t Prove Likely Injury, You Can’t Penalize Security Practices

WASHINGTON, DC — On Friday, TechFreedom urged the Federal Trade Commissioners (FTC) not to reverse the dismissal of a lawsuit brought by FTC staff against LabMD, a small cancer testing lab that went out of business under the weight of the lawsuit, but has continued to challenge the FTC’s approach to data security with pro bono representation. In an Amicus Curiae brief, TechFreedom argues that the FTC must not ignore the most important limit that Congress has placed on the FTC’s sweeping power to prohibit business practices: that a practice must “causes or is likely to cause substantial injury.”

(more…)

Read More
5CB60E14-66E2-457E-BD53-1A0FDA2B5BC3

14 Jan How a Lone Conservative Firebrand Became the FTC’s Worst Nightmare

The article below is reblogged from The Atlantic

Most com­pan­ies fa­cing a law­suit from the Fed­er­al Trade Com­mis­sion try to settle as quickly as pos­sible.
Fight­ing the FTC means years of ex­haust­ing and ex­pens­ive lit­ig­a­tion. The com­mis­sion doesn’t even have the au­thor­ity to im­pose fines for most vi­ol­a­tions, so a set­tle­ment usu­ally just means the com­pany has to change its be­ha­vi­or, agree to some in­de­pend­ent audits, and ride out the wave of neg­at­ive news cov­er­age. It’s an easy choice for most cor­por­ate ex­ec­ut­ives.

(more…)

Read More
top-10-influencers-in-health-infosec-showcase_image-4-a-8775

11 Jan Top 10 Influencers in Health InfoSec – Michael is number 6!

Michael is honored to be #6 on Healthcare Information Security’s List of Leaders!

Fourth Annual List of Healthcare Information Security Leaders

Reblogged from Healthcare Info Security
HealthcareInfoSecurity announces its fourth annual list of top influencers, recognizing leaders who are playing significant roles in shaping the way healthcare organizations approach information security and privacy.

(more…)

Read More