Reblogged from Drug and Device Law
law
The following post was reblogged from E-Commerce Times
The U.S. Federal Trade Commission is engaged in an internal struggle over how it should assess the effect on consumers when businesses fail to provide proper e-commerce security.
Reblogged from Lawfare
Michael Vatis tells us that Michael Daugherty of LabMD is officially the only challenge facing the FTC as it sets (or at least enforces) cybersecurity requirements for American business. That’s because Wyndham Hotels has officially given up the ghost, agreeing to twenty years of privacy and security monitoring by the FTC…..
….The podcast will be on hiatus over the holidays, but we won’t completely abandon you. While I was at a BlackHat Executive conference last week, I had a chance to do a short interview of Mike Daugherty about his LabMD experience, and we’ll be releasing that as a special bonus edition of the podcast over the Christmas break. (We’re holding it because I’ve offered the FTC a chance for equal time. But we’ll be releasing the interview next week in any event, with or without the FTC’s input.)
Host Brian Wesolowski sits down with Michael Daugherty to discuss in-depth his recent court win against the Federal Trade Commission, how the long-term experience turned into his recent book “The Devil Inside The Beltway,” and more. The issue at hand raises questions about the agency’s ability to protect consumers against risky business practices that have not yet led to actual harm.
Reblogged from here
The Federal Trade Commission routinely holds companies responsible for data breaches that expose consumers’ private data to intruders. But the commission’s recent loss in the case of LabMD raises questions about its ability to prevail in other consumer cybersecurity cases.
The agency had sought to hold the medical testing lab responsible for a data breach that exposed the records of 9,000 patients. But LabMD fought back, refusing to sign a consent order and arguing that there was no proof any consumer had suffered any actual harm as a result of the breach.
Late last week, FTC Chief Administrative Law Judge Michael Chappell agreed and dismissed the commission’s complaint.
“FTC spent millions of taxpayer dollars to pursue its baseless case against LabMD, an innovative and successful provider of cancer diagnostics,” said Daniel Epstein of Cause of Action Institute, which defended LabMD. “Although FTC’s ostensible justification for this boondoggle was ‘data security,’ it produced no evidence that even a single patient was harmed by LabMD’s alleged inadequacies.”
Michael was interviewed, drop by the post and listen to the interview here
After seven contentious years, LabMD won a major victory in its legal battle with the Federal Trade Commission. But CEO Michael Daugherty says his recent triumph could be short-lived, and he’s hoping – long term – that he case shines a new light on FTC’s data security enforcement practices.
Here’s a selection of quotes from Michael and LabMD’s win against the FTC.
Enjoy!
The Wall Street Journal: “The Federal Trade Commission’s Data-Security Enforcement Efforts Have Received A Setback—At The Hands Of The Commission’s Own In-House Judge. Administrative Law Judge D. Michael Chappell late Friday dismissed a long-running and sometimes bitter case involving LabMD, a former medical testing company the FTC accused of failing to provide reasonable or appropriate cybersecurity protections for patient data.”(Brent Kendall, “Federal Trade Commission Loses Data Security Ruling,” http://blogs.wsj.com/law/2015/11/16/federal-trade-commission-loses-data-security-ruling/tab/print/)
“In A Data Security Enforcement Action That Some Have Characterized As A Modern Version Of David Vs. Goliath, David Won Today, And The FTC Lost.It was an enforcement action that the FTC never should have commenced, as I’ve argued repeatedly, and today’s loss may actually make future enforcement actions more difficult for them as the standard for demonstrating likelihood of substantial injury has now been addressed in this ruling.”(Dissent, “FTC V. LabMD Ruling Issued: FTC Loses Data Security Enforcement Case,”Databreaches.Net, 11/13/15)
Reblogged from here
Michael Daugherty Founder President and CEO of LabMD speaks to Government and IT Business Leaders for the first time after landmark court ruling at November 2015 GTRA Council Meeting.
GTRA November 17 2015 – Founder President and CEO of LabMD and author Michael Daugherty discussed his major win against the Federal Trade Commission at GTRA’s SecureGOV summit yesterday. After seven years of litigation court battles and testimonials ALJ ruled in favor of LabMD determining that the FTC failed to provide substantial evidence of any theft-related or emotional harm in the aftermath of an alleged security breach.
On September 16, 2015, closing arguments were held in FTC Administrative court in Washington, DC.
This is the court Congress created over a century ago. They allowed this court to be subject to FTC rules. Rules that are stacked way in the FTC’s favor. And because Congress created the beast there is very little the courts can do about what goes down here.
When you read the transcript you will immediately note the judge going after the FTC. You’ll note his frustration as he grapples with the fact that the FTC argues that their behavior before they sued LabMD is irrelevant.
Working with thieves, not cooperating with a congressional investigation, not verifying evidence, refusing to tell the court or the world what standards and rules exist for cybersecurity compliance, destroying a medical facility, allowing hearsay, recusing a commissioner, speaking to the press, knowingly relying on tainted evidence and still moving forward, and helping create a third party shell company to deceive the public….none of this matters.
At least until they want to use some of it to lie about LabMD.
And because they write the rules, stack the deck, and lie to win….they just might just get away with it. Morality and truth isn’t on the table here. Only shredded reality. Please think hard if this is who you want our government regulating cybersecurity.
The FTC IS CHOCKED FULL OF LAWYERS who don’t care what carnage they wreak on the backs of consumers.
Our cyberdefences are way down and that’s due to their bully idiocy. Enjoy the show…but their tactics will not create a safer world.