law

Home > law (Page 2)

09 Feb Privacy Group Of The Year: Ropes & Gray LLP

Posted at 15:26h in Blog, law, News by Michael Daugherty
0 Likes
unnamed
By Kat Sieniuc

Law360, New York (February 2, 2017, 6:53 PM EST) — Ropes & Gray’s work on what’s sure to be one of the most important privacy decisions coming down the pipe in 2017 — LabMD’s appeal against the Federal Trade Commission over its data security practices — makes the firm’s privacy team one of Law360’s Practice Groups of the Year.

Ropes & Gray defended some of the biggest privacy cases of the year, including taking on the role of lead counsel in the LabMD appeal against the FTC, which will serve as an important test deciding whether the Federal Trade Commission has authority to bring cases on intangible consumer injuries.

LabMD tapped the firm in August to bring the case to the Eleventh Circuit, part of a sprawling grudge match with cybersecurity company Tiversa that started with the alleged theft of a patient data file.

The FTC began its investigation into LabMD’s data security practices in early 2010 after cybersecurity firm Tiversa Holding Corp. allegedly stole medical data from the company’s systems. The commission then opened an administrative complaint against the lab in August 2014, saying the company violated the FTC Act’s prohibition on unfair acts and practices on the basis that its security measures didn’t provide reasonable security against theft.

In that case, Ropes & Gray attempts to portray an FTC that has too rigorously flexed its regulatory muscle. The firm argues that an order issued by the commission against the cancer-testing company in July, which requires that LabMD take measures like setting up an information security program and obtaining biennial assessments by an outside auditor — would “effectuate a breathtaking expansion of the FTC’s authority that the legal community and members of Congress have already called into serious question” if allowed to stand.

”What the FTC did here was so egregious in so many different ways,” co-chair Doug Meal said about the case, adding that an appeal win for LabMD “will make the playing field way different.”

In Ropes & Gray’s view, the FTC’s enforcement authority in the privacy and data security space will be dramatically expanded if the FTC decision is upheld.

When it comes to those high-stakes cases like LabMD, it’s all hands on deck, said the group’s co-chairs Meal and Heather Sussman in Boston, and Rohan Massey in the UK. Ropes & Gray has a big team of privacy attorneys that work together across geographies to bring to bear the right expertise and strategies on a case. Sometimes that means being selective with bringing arguments, Meal said.

“We really pressure tested every argument at length to identify which arguments we thought would be the ones to advance,” Meal said about the LabMD case, which meant leaving “some very, very substantial issues on the cutting-room floor because we felt there were better tactics to make certain arguments in detail, and tellingly.”

“Those are the kind of choices you have to make when you’re arguing an appeal,” he added.

But the LabMD litigation, as Meal puts it, isn’t the group’s first rodeo when it comes to handling a major appeal, and the case adds to an already meaty list of data breach clients, including Wyndham, Hilton, Genesco, Aldo, Target, TJX, Heartland, Home DepotNeiman Marcus, Sony, and Supervalu, among others.

In the Wyndham case — the first-ever lawsuit challenging the FTC’s authority to regulate data security practices and to hold a franchisor liable for alleged data security infractions committed by its franchisees — Ropes & Gray negotiated a consent order with the FTC that dismissed the lawsuit and imposed narrower obligations on Wyndham than the FTC has typically obtained against targets of its data security actions.

That groundbreaking dispute over the scope of the commission’s data security authority was sparked in June 2012, when the FTC filed its complaint alleging Wyndham had violated both the unfairness and deception prongs of Section 5 by failing to maintain reasonable and appropriate security measures. The security failures allegedly led to at least three data breaches between April 2008 and January 2010, which exposed more than 600,000 consumer payment card account numbers and led to more than $10.6 million in fraud loss, according to the regulator.

Also this past year, Ropes & Gray’s privacy group continued advising and representing Target stores in the company’s response to the highly-publicized data breach that Target announced in December 2013, securing approval of a proposed settlement of the class actions filed by banks and credit unions on May 12, 2016, and a dismissal of those class actions in May.

As for the success of the privacy group, the co-chairs agree Ropes & Gray’s “one-firm” approach and culture of collaboration across practice groups and geographies (the firm has offices in New York, Boston, London, Tokyo and Shanghai, to name a few) has been very effective in servicing clients.

“We always have and continue to work together as a team and very collaboratively on all of our matters,” Meal said, noting that “everyone on the team knows pretty much what everyone else is doing,” helping each other out on projects.

Sussman agreed, noting companies around the world increasingly tap the compliance arm of Ropes & Gray’s privacy practice to get in line with data security regulatory requirements, knowing the firm has a network of the best local experts to call on.

— Additional reporting by Cara Salvatore and Allison Grande. Editing by Ben Guilfoy.

Read More

12 Jan FTC vs LabMD : Who Committed the Original Sin?

Posted at 18:37h in Blog, law, News by Michael Daugherty
0 Likes

image1-1

The FTC has accused and sued LabMD for doing allegedly terrible things.  Way back in 2008 file sharing software named Limewire was found linked to one folder on one LabMD workstation that contained two files containing patient billing information of 9000 patients. The media took the bait and reported this as if our entire network of nearly one million patients was exposed. That was absolutely not the case. Limewire created potential access to nothing more than a single folder. Tiversa, a company describing itself as a cybersecurity firm later proven to have stolen the file, pretended they had found it and wanted to make us aware. However, what they really wanted was money, as they would not give us any information unless we paid them $475 per hour. This was later shown by Congress to be a scheme of lies, blackmail and extortion. The FTC, who was working with Tiversa, kept their involvement in this racket hidden until I exposed their lies six years later.

Not adequately protecting our patient’s information was a faux accusation that killed the medical facility. And now, finally, the 11th Circuit Court of Appeals has stayed the FTC’s case, stating LabMD has a high likelihood of winning. Later rather than sooner, people are finally considering the facts rather than believing the accusations. LabMD has had to survive reputation assassination via the FTC. This is an example of the FTC’s playbook, a foundational tactic used by the US Government to exploit the trust of Americans. LabMD was destroyed in their wake. Once caught red handed, rather than admit they’ve done something terribly wrong, the FTC doubled down by trying to bury the truth.

When the Tiversa/FTC relationship was exposed, after the FTC had rested their case, the FTC took the flimsy remaining allegations and blew them out of proportion. They had no choice. It was all they had if they weren’t going to admit they were wrong. And bureaucrats will never admit they are wrong. The FTC cavorted with and trusted criminals, using this fake information to go after 86 companies…and it’s appalling that this original sin is repeatedly tossed aside. Frankly, I am baffled this isn’t focused on more by media and the legal profession.

Over the past five years I have seen lawyer after lawyer and journalist after journalist report what the FTC accuses LabMD of as if it were true. These people clearly spent little time researching. Taking my word for it isn’t necessary. The cold hard facts are all in the House Oversight Congressional Report, trial briefs, testimony and exhibits. A Tiversa insider was given criminal immunity by the Justice Department. The FBI raided Tiversa. Yet they ignored this evidence as if it was all untrue and assumed LabMD must have done SOMETHING to deserve all this. When this level of corruption and damaging behavior can go on right under our noses and is considered just another day in DC we have a very big problem; a problem larger than the LabMD case.

LabMD’s accusations sounded unbelievable…so they remained that way…unbelievable. What is really unbelievable, terrifying actually, is all the facts are now lying out for the entire world to see while these people still don’t bother to look. What’s even more terrifying is the FTC court would not allow LabMD to have discovery on the very case we were being tried on. This baked in the cake lack of accountability is a recipe for government corruption. The FTC lawyers, current and former, who now reside in major law firms across the country, are masters of silence. The silence is intentional and unethical.

Why have these facts been barely skimmed? Does it take time to confirm and that is time they don’t have?  Are they only reporting for marketing purposes? Is corruption and working with criminals not a news story? I suspect many writers and attorneys want to be seen as experts so you’ll read their columns or hire them for their services and they don’t want to get on the bad side of the FTC. Therein lies the frustration. The FTC consciously and willingly destroyed a 700,000 patient cancer detection center to advance their agenda to become Cyber Security Cop.  That is just too terrifying an accusation for some people to believe. I’ve had to bite my tongue as the company collapsed, as real people were hurt, and as everyone else whistled passed the graveyard. And it has required millions of dollars and years of patience to finally get out of the FTC’s biased system, a system built to drain you dry, before being released to federal courts in a weakened and tortured state. But we survived…and once out of the FTC’s corrupt and biased system, built and approved by the courts and Congress, LabMD starting winning. How does this happen? Where do the 700,000 patients go to complain about their clinical process being interrupted by power grabbing lawyers?

I’ve learned that most people, even lawyers, don’t clearly understand the powers and procedures of government agencies. 20th century congresses made the FTC judge, jury and prosecutor. There is neither outside oversight nor judicial jurisdiction allowed until the FTC is finished with their entire investigation and internal court procedures. This allows the agency time to beat you to a pulp with the referee locked outside the ring.  And these bureaucrats, who also have qualified immunity, use that time to treat you like a prisoner in the coliseum, attacking you like lions. This behavior is so foreign to what Americans believe is how our justice system operates that upon hearing this they think I am exaggerating, misspeaking or they’ve not heard me correctly.

The choice to fight is dark and bleak on both sides. Either surrender for business reasons and then walk through life knowing a huge injustice has occurred (that nobody will believe) or stand up and allow the government agency’s unelected rule makers to come after you with guns blazing. They will hold you in their own biased system that is allowed to keep you away from an outside court and their outside tentacles of power will try to snuff you out. And during that time employees will be terrified that the company has a bleak future. They will resign and your company will die from the inside out. Congress and the public must understand what’s really going on here. A cancer detection center was destroyed…and the bureaucrats are fine with it as others stare into space.

LabMD is finally entering the fourth quarter of this very long, very destructive game. The federal appeals court, only now being allowed to intervene, has looked at the facts and stayed the case. The truth will eventually win out. The wounded, cornered and panicked FTC has lobbed accusations at LabMD which will be proven false.

But LabMD can’t come back again. A LabMD legal victory will be a win for no one, especially former doctors, patients and employees. You can burn a house down in one hour but you can’t rebuild it in even one year. This is what happens when government keeps bags over the heads of its citizens via silence, active tentacles of power and intimidation.  Please help me shed light on the legal changes needed to protect the public from rogue bureaucrats and cybercriminals. Until we get educated technologists running the show rather than rogue lawyers, the security of our nation will be compromised. The wrong people are guarding the door.

Read More

06 Jan Leaders from medical, business, tech rally around LabMD appeal of FTC ruling

Posted at 14:23h in Blog, law, Michael in Print by Michael Daugherty
0 Likes

image1

Reblogged from SC Media written by Teri Robinson

Six amicus briefs filed by business, tech and medical interests in a federal court Tuesday and on Dec. 28 support LabMD’s argument that the Federal Trade Commission (FTC) operated outside its authority when it found the now defunct cancer testing firm to in violation of Section 5 of the FTC Act following what the commission has characterized as a data breach.

“I am heartened that leaders from business, healthcare and technology are so supportive of LabMD,” company founder, President and CEO Michael J. Daugherty said in comments to SC Media. “They understand how this case will impact their own compliance efforts.”

He added that since “the FTC has tried everything to vilify LabMD, having our own physician clients eager to sign on and file their own brief was the cherry on top.” In addition to a group of doctors, cybersecurity pro Gary Miliefsky, TechFreedom, the International Center for Law and Economics, the National Federation of Independent Business Small Business Legal Center, and the National Technology Security Coalition filed in favor of the company’s efforts to challenge the FTC.

LabMD launched its appeal in December in the Eleventh Circuit court after the same court granted a temporary stay of the FTC’s order against the company. The case against LabMD has stretched from 2013 when the commission pursued enforcement action against the facility for leaving information on patients vulnerable to exposure through a file-sharing program. It has taken a number of twists and turns, some of them ugly and even sparked a congressional committee probe.

FTC Chief Administrative Law Judge Michael Chappell, dismissed the case on November 16, 2015, ruling that the FTC “failed to carry its burden of proving its theory that Respondent’s alleged failure to employ reasonable data security constitutes an unfair trade practice because Complaint Counsel has failed to prove the first prong of the three-part test – that this alleged unreasonable conduct caused or is likely to cause substantial injury to consumers.”

But the commission challenged Chappell’s ruling and found LabMD to be in violation of Section 5 because it did not reasonably secure the data in its custody. The Eleventh Circuit gave the Atlanta-based company an opening for appeal in the fall with the temporary stay and the company filed the appeal in late December.

Arguing that medical data is governed and protected by HIPAA and noting the potential conflicts between that law and Section 5, a group of doctors in one brief said they and others “have a strong interest in ensuring that the FTC cannot abuse its “unfairness” authority to regulate the practice of medicine by imposing new, confusing, and burdensome patient-information data-security obligations inconsistent with federal healthcare law.”

Read More

22 Nov LabMD refuses to back down in battle with FTC over data protection

Posted at 17:54h in Blog, law, Michael in Print by Michael Daugherty
1 Like

img_0265

Reblogged from CIODive, written by Justine Brown

Dive Brief:

  • Three judges of the 11th Circuit Court of Appeals last week granted LabMD’s request to stay enforcement of the Federal Trade Commission’s decision against LabMD from August, according to Tech Policy Daily.
  • The court indicated it is “skeptical of the FTC’s underlying theory” about its decision to force the now-defunct company to conduct a number of activities to shore up cybersecurity that the company estimates would cost it about $250,000. The judges said LabMD would be “irreparably harmed” if forced to obey the FTC’s order.
  • The FTC has pushed for LabMD to take extensive measures to secure customer data secured on its computers.

Dive Insight:

The move may call into questions the FTC’s self-proclaimed role of ensure companies maintain data security measures to protect customers.

The FTC began investigating LabMD for allegedly failing to protect thousands of patient records because of lacking cybersecurity practices. Last November, administrative law judge D. Michael Chappell dismissed FTC charges against LabMD, saying that the agency had overstepped its authority. In August, the FTC reversed the administrative law judge’s decision.

Over the past decade the FTC has established itself as the government’s chief cyber­security enforcer, suing LabMD and several other entities, including Wyndham Hotels, on similar grounds. But Lab­MD has challenged the FTC’s authority to police cybersecurity shortcomings.

LabMD’s CEO and others had said Congress did not give explicit directions for the agency to go after companies with weak cybersecurity. The 11th Circuit’s order is an indication that the FTC may not have as broad authority to protect consumers from data mismanagement as it has claimed.

Read More

11 Nov LabMD stay granted!

Posted at 16:26h in Blog, law, Michael in Print by Michael Daugherty
1 Like

image1

LabMD scored a huge win in the Court of Appeals today. The FTC ruling was stayed. Finally out of the biased and vicious grasp of FTC bureaucrats, the scales of justice quickly start to balance. Don’t believe all the accusations that have come out of the FTC about LabMD. They want to control your company through me and will lie to do it.

Read the decision below or download your own copy here.

Stay Opinion by Mike Daugherty on Scribd

Read More

12 Oct More Congressional Scrutiny of FTC’s LabMD Case

Posted at 13:26h in Blog, law, Michael in Print by Michael Daugherty
0 Likes

more-congressional-scrutiny-in-ftcs-labmd-case-showcase_image-9-a-9445

Reblogged from Bank Info Security

Two Republican U.S. Senate subcommittee chairmen are demanding answers from the Federal Trade Commission about the “due process afforded” LabMD in the agency’s data security enforcement case against the now-shuttered cancer testing laboratory.

Meanwhile, LabMD has requested that a federal appeals court issue an “emergency stay,” or delay, in the FTC’s enforcement of its order against LabMD pending the lab’s appeal of the order in the court. The FTC recently rejected LabMD’s stay request.

The FTC’s final order, issued in July, requires, among other things, that LabMD establish a comprehensive information security program; obtain periodic independent, third-party assessments over the next 20 years regarding the implementation of the information security program; and notify consumers whose personal information was allegedly “exposed on a peer-to-peer network about the unauthorized disclosure of their personal information and about how they can protect themselves from identity theft or related harms.”

Although LabMD stopped accepting specimen samples and conducting tests in January 2014, the company continues to exist as a corporation and has not ruled out a resumption of operations, the FTC notes. LabMD continues to maintain the personal information of approximately 750,000 consumers on its computer system, according to the agency.

LabMD CEO Michael Daugherty, who has portrayed the FTC’s actions against his company as unfair, tells Information Security Media Group that he’s pleased that the case is now being considered by the court. “We’re really happy to be on a level playing field now,” he says.

Senators’ Letter

The Sept. 20 letter sent to FTC chairwoman Edith Ramirez by Sen. Jeff Flake, R-Ariz., chair of the Senate Subcommittee on Privacy, Technology and the Law, and Sen. Mike Lee, R-Utah, chair of the Senate Subcommittee on Antitrust, Competition and Consumer Rights, notes that the legislators are reviewing the facts pertaining to why the FTC commissioners decided in July to reverse a decision last fall by FTC’s own administrative law judge, Michael Chappell, to dismiss the case against LabMD.

Chappell had ruled that the FTC’s counsel had not shown that LabMD’s data security practices either caused or were likely to cause substantial injury. In reversing Chappell’s ruling, however, the FTC commissioners concluded that LabMD’s data security practices constitute an unfair act or practice that violated Section 5 of the Federal Trade Commission Act.

Immediate Concern

The senators, in their letter to the FTC, express concern about “the extent to which the FTC’s cybersecurity regime complies with the protections of due process under the constitution.” They ask FTC’s Ramirez several questions about the agency’s cybersecurity enforcement efforts, including:

  • What, if any, guidance has the FTC given as to how small businesses are to weigh the costs and benefits of data security?
  • How does the relative size or sophistication of a business affect the extent to which the FTC’s enforcement activities provide the business with notice of their cybersecurity obligations?
  • How many other cybersecurity enforcements had the FTC completed prior to LabMD’s 2008 incident?

A spokeswoman for Flake tells ISMG that the senators have not yet received an FTC response to the letter. Neither Lee nor FTC immediately responded to ISMG’s request for comment.

Previous Scrutiny

The FTC complaint against LabMD, filed in August 2013, alleged that a LabMD spreadsheet containing insurance billing information was found on a peer-to-peer network in 2008. The spreadsheet allegedly contained sensitive personal information for more than 9,000 consumers, putting individuals at risk for identity theft and medical identity theft, the FTC contends. LabMD’s allegedly unsecured spreadsheet was discovered by peer-to-peer security firm Tiversa, which reported the matter to the FTC.

During testimony at the FTC’s 2015 administrative hearing into the case, however, LabMD’s Daugherty alleged that Tiversa reported false information to the FTC about the supposed security incident involving LabMD’s data after the lab refused to buy Tiversa’s remedial services. A former Tiversa employee also testified that it was a “common practice” for Tiversa to approach prospective clients with exaggerated information about their allegedly unsecured files that the security firm found “spreading” on the Internet in an attempt to sell the company’s security monitoring and remedial services (see Bombshell Testimony in FTC’s LabMD Case). Tiversa CEO Robert Boback, in a May 2015 statement provided to ISMG, called the former worker’s testimony “purely baseless allegations from a terminated employee.”

The recent letter from the senators to the FTC is just the latest Congressional scrutiny over the LabMD case. In 2014, the House Committee on Oversight and Government Reform conducted an investigation into the business practices of Tiversa (see LabMD Case: House Committee Gets Involved). A resulting staff report by the committee alleged that Tiversa “often acted unethically and sometimes unlawfully in its use of documents unintentionally exposed on peer-to-peer networks.”

Lasting Legacy?

Privacy attorney Kirk Nahra of the law firm Wiley Rein says the long LabMD legal saga has been particularly unusual.

“I continue to believe that this LabMD case is essentially one-of-a-kind, given the relatively crazy twists and turns it has taken,” he says. “I doubt the appeals court will stay the order only because it is generally hard to get an appeals court to stay an order. I also doubt that this case will have much overall impact on the FTC, until the time – if at all – that they get struck down on their approach.”

As for the direction that FTC provides the private sector when it comes to data security issues, Nahra says: “The FTC, over time, has given a good amount of guidance, and generally has tried reasonably hard to convey to all kinds of businesses – small and large – what they should be doing in this area. The question of whether they should have their enforcement authority on these points without a specific regulation is a different issue.”

Read More

04 Oct LabMD Appeals Data Security Ruling As FTC Heads Deny Stay

Posted at 02:46h in Blog, law, Michael in Print by Michael Daugherty
0 Likes

image1

Reposted from Law360, New York (September 30, 2016, 8:02 PM EDT)  LabMD moved to bring its heated dispute with the Federal Trade Commission over the strength of the lab’s data security to the Eleventh Circuit on Thursday, the same day that the agency’s heads rejected the lab’s bid to pause pending the appeal their recent ruling finding the lab’s practices to be unreasonable.

In its highly anticipated petition for review, LabMD Inc. urged the appellate court to take a look at “all aspects” of the administrative proceeding that the FTC brought against the medical testing laboratory more than three years ago, which culminated with the commissioners issuing a final order in July that overturned their own administrative law judge in finding that LabMD’s data security practices had caused harm to consumers and directing LabMD to undertake a series of corrective measures.

Besides the final order, the lab also asked the Eleventh Circuit to review “all interlocutory orders, rulings and opinions.” The lab specifically drew the appellate court’s attention to more than two dozen developments in the complex dispute, including multiple refusals by the commissioners to toss the case and to disqualify FTC Chairwoman Edith Ramirez’s and the administrative law judge’s rulings on issues ranging from the lab’s bid to sanction the FTC for its handling of a patient data file that LabMD claims was stolen by cybersecurity firm Tiversa to fights over the admissibility of conversations that FTC attorneys allegedly had about the evidence.

To continue reading, download a pdf here, or read the embedded version below.

LabMD Appeals Data Security Ruling As FTC Heads Deny Stay – Law360 Article by Mike Daugherty on Scribd

Read More

20 Sep LabMD’s CEO warns FTC decision creates overbroad data-security power

Posted at 17:37h in Blog, law, Michael in Print by Michael Daugherty
0 Likes

img_0087

Original article by Erica Teichert  

Modern Healthcare
Reblogged with permission

The Federal Trade Commission has allegedly given itself new authority to investigate and prosecute data-security issues, and a defunct clinical laboratory says the ramifications could be huge.

LabMD has called on the agency to hold off on enforcing its ruling that the company’s data-security practices violated federal law, claiming it has been irreparably harmed by the FTC’s “unconstitutional, unsupported by evidence and contrary to law” decision. But the effects of the decision could ripple beyond LabMD, the company claimed, which is why it should be stayed until a federal appeals court can review the order.

“Every U.S. business that uses computers has an interest in a full stay,” LabMD said in its brief Thursday. “Absent this, FTC will have obtained that which Congress refused to give it by FTC’s own admission through its administrative prosecution of LabMD: new data-security civil-penalty powers on a national scale.”

In July, the FTC commissioners unanimously voted that LabMD’s security practices didn’t adequately protect consumers’ personal and medical information. The move reversed an administrative law judge’s ruling that the commission hadn’t proven that consumers were harmed by the allegedly lax security.

LabMD maintains that the decision is unsupported and is a means for the FTC to punish the company’s CEO, who criticized the agency. After the July decision, LabMD CEO Michael Daugherty said he would appeal the order and was relieved to get away from the FTC’s “dirty system.”

LabMD went out of business in 2014, and Daugherty attributed the move to the costs of fighting the agency.

Nevertheless, LabMD is fighting on because of the overarching concerns it sees with the decision. As it stands, LabMD claims the FTC hasn’t made it clear what kind of data-security system the company would need to comply with the ruling—even though it’s out of business. In addition, the FTC could use the LabMD decision as authority to investigate other U.S. businesses’ data-security practices, the company alleged.

“This is not an overstatement,” the brief said. “Without a stay, FTC will be able to use the commission opinion and order to threaten any U.S. business at any time (even without a breach, with or without evidence of actual harm) with massive civil penalties unless they do what FTC says.”

LabMD maintained that Congress has refused to give the FTC this type of power, and the FTC acknowledged as much during administrative proceedings, the company said.

The FTC first went after LabMD with a complaint in 2013, alleging the company was hit by two data breaches because of its shoddy security policies. One alleged breach occurred in 2008 when personal information became available on a peer-to-peer file sharing network. The other alleged breach happened in 2012 when some of LabMD’s data was found in the hands of individuals who pled no contest to identity theft.

The agency was alerted to the issues by an intelligence services company, Tiversa, which had offered its services to LabMD to fix any data-security issues after it found a LabMD report on a peer-to-peer file sharing network

Read More

01 Sep Judge Duffey addressing the FTC in court regarding LabMD in the Northern District Court of Georgia.

Posted at 14:14h in Blog, law, Michael in Print by Michael Daugherty
0 Likes

 

Mike Sept1st

 

…. how does any company in the United States operate when they are trying to focus on what HIPAA requires and to have some other agency parachute in and say, well, I know that’s what they require, but we require something different, and some company says, well, tell me exactly what we are supposed to do, and you say, well, all we can say is you are not supposed to do what you did.  And if you want to conform and protect people, you ought to give them some guidance as to what you do and do not expect, what is or is not required.  You are a regulatory agency.  I suspect you can do that.  But I think that’s what happens when you jump too quickly into something that you want to do, and whether that’s circumstances or whether that’s agency motivation, I don’t know.  But it seems to me that it’s hard for a company that wants to — even a company who hires people from the outside and says what do we have to do, and they say you have to do this, but I can’t tell you what the FTC rules are because they have never told anybody.  Again, I think the public is served by guiding people beforehand rather than beating them after they — after-hand.  But the assistant director doesn’t have the authority to do that.  He reports to the deputy director, who reports to the director, who reports to the commission.  So he’s way down in the pecking order.

Read More