Blog

10 Feb San Francisco Book Review reviews The Devil Inside the Beltway

Screen shot 2014-02-06 at 6.52.53 AM

Read the latest review of my book! The San Francisco Book Review has shared their thoughts about The Devil Inside the Beltway.

The Devil Inside the Beltway: The Shocking Expose of the US Government’s Surveillance and Overreach Into Cybersecurity, Medicine and Small Business
By Michael Daugherty
Broadland Press, $29.95, 504 pages, Format:Star Rating: 5 out of 5

In 2008, Michael Daugherty, CEO of LabMD, a private Atlanta-based cancer detection facility, received a call from Tiversa, a Pittsburgh-based data security firm, stating that they had obtained a 1,718-page patient health information file belonging to LabMD through a peer-2-peer (P2P) network. Tiversa wasn’t about to divulge any further information about its acquisition until LabMD bought into their unsolicited lawyer-fee services. Daugherty had no idea that his polite refusal to Tiversa’s assistance would lead to an investigation by the Federal Trade Commission (FTC), and thereby thrusting him into a nightmarish four-year journey Inside the Beltway – “an idiom used to characterize matters that seem to be important primarily to U.S. federal government officials, its contractors, lobbyists, and the corporate media who cover them, as opposed to the interests and priorities of the general U.S. population.” (Edited from Wikipedia).

Written with a “Jon Stewart flair” minus the colorful metaphors, Daugherty’s satirical humor isn’t simply for the sake of satire. He narrates a story that could easily be mistaken for conspiracy theory. If it wasn’t for the copious amounts of well-documented information directly connected with the ridiculously superfluous process that he had to undergo with the FTC, as well as the company’s development funds that were drained to cover traveling expenses, court costs, and the myriad of lawyers hired in an effort to, as Daugherty puts it, “make them (the FTC) go away,” Daugherty could quickly be labeled a nut case.

//The Devil Inside the Beltway// is not limited to Daugherty’s harrowing story. It is replete with enough factual information about the FTC that would make our Founding Fathers voluntarily turn in their graves just to hide their utter shame over a system they painstakingly sculpted that has gone awry. As of January 29, 2014, Daugherty announced on his blog (http://michaeljdaugherty.com/) that “the debilitating effects of the FTC investigative practices and litigation have forced him to wind down operations” at LabMd. His story, which has “transcended” his own personal troubles and now turned him into a whistleblower, is not over. “What started with a phone call from Pennsylvania has turned into a call for action.” We will have to see what form that action takes.

Sponsored Review

To read the entire review, click HERE

Read More

03 Feb When The Government Closes Your Business

Screen shot 2014-02-03 at 10.16.25 AM
Michael J. Daugherty is interviewed on Forbes!

Here’s an excerpt:

For those unaware of the case, Daugherty is the founder of LabMD, an Atlanta-based medical testing laboratory that has been caught up in a four-year-long battle with the FTC. Days ago, the company issued a press release: Following a 4:0 vote by the FTC on January 16 to reject LabMD’s motion to dismiss an August 2013 complaint against the facility, the company announced that it has begun the process of winding down. The book documents the company’s saga. While it’s highly specific to the FTC battle, Daugherty’s experience as a founder is also a sobering story for any business owner to read.

1653750_502816693171017_449940493_n

Daugherty opened LabMD 18 years ago, in 1996. The lab operated as a small business of 20-some employees and analyzed blood, urine and tissue samples for cancer, micro-organisms and tumor markers. The nightmare began like most any misadventure in business: a company spreadsheet showed up in a research project on accidental data leakage.  Somehow, the company’s database of private client information had escaped the firewall boundary. Upon investigation, the company discovered the unwitting culprit: an employee had downloaded LimeWire, a peer-to-peer sharing program, onto a company workstation to listen to music files during work. The peer sharing protocol, of course, created the means for sensitive client data to leave the network as well.

Yes, it was a serious issue and one that required corrective action. New security measures. Stronger employee procedures. Penalties, perhaps. Even fines.

But LabMD’s nightmare had only begun. What makes the LabMD story interesting is that the company has actually never been charged with a HIPAA violation (the federal government’s privacy regulation that governs who can look at and receive an individual’s private health information.) Instead, LabMD became one of a set of companies aggressively pursued by the Federal Trade Commission (FTC) for allegations of failure to protect sensitive client information, not as a HIPAA violation, but as a “deceptive and unfair trade practice.”

To read the whole article, click on the graphic below

Screen shot 2014-02-03 at 10.16.25 AM

Read More

29 Jan FTC Cyber Case Has Nearly Put Us Out of Business, Firm Says

By: RACHEL LOUISE ENSIGN of the Wall Street Journal

A firm battling the Federal Trade Commission’s authority to regulate its corporate cybersecurity said it has stopped most of its operations because of costs tied to the agency’s case.

Medical testing laboratory LabMD Inc. stopped collecting new specimens earlier this month, according to a letter to customers filed in federal court as part of its dispute with the agency. The firm is also now “closed for phone calls and Internet access” though reports and billing are still available, the letter said.

“This action is in large part due to the conduct of the Federal Trade Commission,” President and Chief Executive Michael J. Daugherty wrote in the letter. “The FTC has subjected LabMD to years of debilitating investigation and litigation regarding an alleged patient-information data-security vulnerability.”

The privately held Atlanta firm has shrunk to three employees including Mr. Daugherty from a peak of about 40 in recent years, he said in an interview.  It does not plan to file for bankruptcy, he said.

A drop in reimbursements and marketplace changes from the Affordable Care Act also played a role in LabMD’s recent cuts, he said.

The FTC filed a complaint against LabMD in August alleging that the firm failed to reasonably protect data after an investigation that began in 2010. It alleged that information on more than 9,000 consumers was found on a file-sharing network and that LabMD documents with “sensitive personal information” of at least 500 consumers was “found in the hands of identity thieves.”

The agency faulted the company for allegedly lax data-security practices and proposed an order that would require the firm to implement information-security improvements and send data-breach notices to customers.

But LabMD fought back, disputing the FTC’s authority and saying its data-security practices are covered by other laws, including the Health Insurance Portability and Accountability Act of 1996 or HIPAA, with which the firm said it was in compliance.

“The goal in this case has always been to ensure that this sensitive information is appropriately protected.  FTC attorneys litigating this matter will gather information about the reported changes to LabMD’s business operations and determine how best to protect the sensitive consumer data the company has collected,” said Jessica L. Rich, director of the FTC’s bureau of consumer protection, in a statement to Risk & Compliance Journal. The bureau is litigating part of the case with LabMD.

The dispute is now playing out in an administrative law court. Nonprofit group Cause of Action in November also filed a lawsuit in Washington, D.C., federal court against the FTC on behalf of LabMD.

Mr. Daugherty and Cause of Action have alleged that the FTC investigation of the alleged data security problems has been onerous. “Complying with the FTC’s demands has cost LabMD hundreds of thousands of dollars as well as thousands of hours of management and employee time,” Cause of Action said in a press release.

The FTC has tried to fill the gap left by a congressional stalemate on cybersecurity legislation, which has left the U.S. without a clear national data-security regulator. But it can be difficult for firms to know what exactly they need to do to comply with to stay on the FTC’s good side. “The agency has not issued detailed regulations to help businesses understand what sort of cybersecurity requirements it expects,” said Craig Newman, managing partner at Richards Kibbe & Orbe LLP and chief executive of the Freedom2Connect Foundation, a nonprofit organization that opposes Internet censorship.

Wyndham Worldwide Corp. has also challenged the FTC’s authority to regulate cybersecurity. The hotelier is in an ongoing legal battle with the regulator, which has faulted it for a data breach.

Write to Rachel Louise Ensign at rachel.ensign@wsj.com 

Read More

23 Dec Patient Data On Filesharing Service Provokes Legal Trouble

Screen Shot 2016-01-11 at 9.05.08 AM

Quote from Information Week

In 2008, cyber-intelligence company Tiversa notified LabMD, a small Atlanta medical testing lab, that it had found a 1,700-page file from the lab containing sensitive patient information on a peer-to-peer network and offered its services to remediate the problem.

But Tiversa wouldn’t reveal where the file was found or how it was discovered unless LabMD hired the company.

“This smelled of extortion,” said LabMD president and CEO Michael J. Daugherty, and he refused to do business with Tiversa. So began a twisted and cautionary tale for small businesses about government requirements for protecting sensitive data.

The Federal Trade Commission obtained a copy of the stolen document from Tiversa and in August of this year filed an administrative complaint alleging the lab failed to secure patient data reasonably and lacked a comprehensive data security program. Daugherty calls this action regulatory overreach and chose to fight back, writing about his experience in a recently published book, “The Devil Inside the Beltway.” In it, he accuses Tiversa and the FTC of conspiring in a shakedown.

Read More
FTC against music teachers

06 Dec FTC “Keying” in on Music Teachers; Strikes a “Chord”

In case you didn’t quite get that the FTC and the rest of their ilk are a bunch of bloodless bastards….feast your eyes on this.   Truly shocking….and every commissioner, Republican or Democrat, is just fine with it.  Some stories are so over the top the general public and mainstream media dismiss them as hyperbole, thus shooting the messenger.  My message: Believe it, it could happen to you, and it won’t stop until you take a stand.  Don’t believe what your  government says, watch what it does.

http://online.wsj.com/news/articles/SB10001424052702303562904579224251626379422

Read More

04 Dec LabMD latest to challenge FTC’s cybersecurity regulation authority

Screen Shot 2016-01-11 at 10.42.29 AM

Quote from Inside Counsel

Hotelier Wyndham Worldwide Corp. has been engaged in a battle with the Federal Trade Commission (FTC) for months over whether the commission holds the right to regulate corporate cybersecurity. But now, the FTC faces a similar challenge from another corporation — this time from the medical field.

Medical testing laboratory LabMD Inc. has filed a complaint against the FTC in an administrative law court, challenging the FTC’s authority to file an August 2013 complaint against the company for a data breach. In the complaint, the FTC had alleged that sensitive information from 9,000 LabMD users was found on a file sharing network.

Read More

03 Dec A Question for the Judges: Can the FTC Regulate Cybersecurity?

Screen Shot 2016-01-11 at 9.27.45 AM

Quote from the Wall Street Journal

Another firm is challenging the Federal Trade Commission’s authority to regulate corporate cybersecurity.

Medical testing laboratory LabMD Inc. is fighting back against an August FTC complaint that alleged the company failed to protect consumers’ personal data.

The move comes as Wyndham Worldwide Corp. continues its legal battle with the regulator, which has faulted the hotelier for a data breach. The outcome of that case could help determine the scope of the agency’s authority.

Lawyers for the two firms say the FTC has no authority to regulate cybersecurity. “Both the Wyndham and the LabMD cases show businesses are ready to force this issue with the FTC,” said Craig Newman, partner at Richards Kibbe & Orbe LLP and chief executive of the Freedom2Connect Foundation, a nonprofit organization that opposesIinternet censorship.

Read More

02 Dec Can the FTC regulate digital health privacy?

Screen Shot 2016-01-11 at 10.59.31 AM

Quote from Government Health IT

“From the outset of the FTC’s investigation, the Commission has exerted authority it does not have to punish a business that has done nothing wrong,” said Dan Epstein, executive director of Cause of Action, a nonprofit representing LabMD that “fights to protect economic opportunity when federal regulations, spending and cronyism threaten it.”

Cause of Action and LabMD argue that Congress authorized only one agency to regulate personal health information, the Department of Health and Human Services, and that Section 5 of FTC Act, covering “unfair acts and practices,” does not apply to patient health data.

“No court has ever said that Section 5 authorizes the FTC to regulate patient information data-security practices, or any other data-security practices, for that matter,” said Reed Rubinstein, Cause of Action’s litigation VP and a lawyer with the firm Dinsmore & Shohl. “Despite the Commission’s repeated requests, Congress has refused to confer upon the FTC jurisdiction over such data-security cases,” Rubinstein said.

In response, FTC lawyers argue that the issue of LabMD’s apparent breach “fits squarely within” the agency’s “broad mandate.” They also noted that the FTC has brought close to 50 data security cases against companies since 2000, with 18 of them alleging unreasonable security practices as unfair under the FTC Act’s Section 5.

“It is true that the statute does not specifically mention data security,” but it also
does not specifically mention other consumer issues that the agency has long pursued under Section 5, including online check drafting, the sale of telephone records, breach of contracts and telephone billing, FTC lawyers wrote.

Read More