17 Sep New Comic Strip Highlights The Story Of How Washington Caused A Successful Small Business To Close

Screen shot 2013-11-06 at 8.39.52 PM


Comic debuts as LabMD makes final arguments in its years-long legal battle against the Federal Trade Commission



WASHINGTON – Cause of Action, a nonpartisan strategic oversight group committed to ensuring that government decision-making is open, honest, and fair, is releasing a comic strip today outlining the case of LabMD vs. the Federal Trade Commission (FTC).


Click here to view the full comic strip.


The FTC’s complaint against LabMD, a small, but successful cancer detection facility based in Georgia, relied on faulty allegations made by Tiversa, Inc., a data security company with a direct financial interest in FTC enforcement action against LabMD and others.


The toll of the lawsuit eventually destroyed LabMD, which is making closing arguments in the case today.


Cause of Action Executive Director Daniel Epstein issued the following statement:


“The comic is funny, but the sad reality is that this comic outlines a common example of what happens when the government colludes with crony companies to target the little guy. What may seem like a complicated and convoluted legal case is actually a very simple case of cronyism and federal overreach at its worst.”


Cause of Action is a non-profit, nonpartisan government accountability organization that fights to protect economic opportunity when federal regulations, spending and cronyism threaten it. For more information,

FOR IMMEDIATE RELEASE: September 16, 2015

Media Contact: Geoff Holtzman | | 703-405-3511


Read More

22 Jun The FTC Goes Whistling Past the Graveyard


The FTC has decided not to oppose LabMD’s request for a criminal investigation into Tiversa’s behavior…AS THEY SPIT IN THE FACE OF JUSTICE. They have enabled crime, ignored evidence, and are now sitting on the sidelines. These are hypocritical tyrants as they boast they are out to protect consumers. Their energy is being spent on keeping their incompetent and corrupt culture under wraps.

Not this time.

Look at the facts.

It’s unbelievable but sadly true.


LabMD – Mtn Referral 6 19 15

Read More

10 May Bombshell Testimony as FTC Fails to Verify Evidence

Screen Shot 2015-05-10 at 7.13.02 PM

Grab your popcorn and turn off House of Cards because it doesn’t get better than this.

The testimony of former Tiversa employee Rick Wallace is bombshell transparent testimony.

It took over a year to get Rick on the stand with criminal immunity. This is no “he said she said” game, criminal immunity isn’t easily approved by the Justice Department, but the consistency and forensic evidence provided to Chairman Darreell Issa and the Justice Department must have done the trick.

Tsk Tsk Tsk, if the FTC had only verified evidence before embarking on their shameless seek and destroy fishing expedition.

Download it if you like…and grab a highlighter.

May 5, 2015 PUBLIC Final Trial Transcript

Screen Shot 2015-05-10 at 7.21.05 PM

Read More

07 May Whistleblower accuses cybersecurity company of extorting clients – CNN Money


As reported in CNN Money today by   @Jose_Pagliery

A cybersecurity company faked hacks and extorted clients to buy its services, according to an ex-employee.
In a federal court this week, Richard Wallace, a former investigator at cybersecurity company Tiversa, said the company routinely engaged in fraud — and mafia-style shakedowns.

To scare potential clients, Tiversa would typically make up fake data breaches, Wallace said. Then it pressured firms to pay up.
“Hire us or face the music,” Wallace said on Tuesday at a federal courtroom in Washington, D.C.

CNNMoney obtained a transcript of the hearing.

The results were disastrous for at least one company that stood up to Tiversa and refused to pay.

In 2010, Tiversa scammed LabMD, a cancer testing center in Atlanta, Wallace testified. Wallace said he tapped into LabMD’s computers and pulled the medical records.

The cybersecurity firm then alerted LabMD it had been hacked. Tiversa offered it emergency “incident response” cybersecurity services. After the lab refused the offer, Tiversa threatened to tip off federal regulators about the “data breach.”

When LabMD still refused, Tiversa let the Federal Trade Commission know about the “hack.”

The FTC went after the lab, giving the company a choice: sign a consent decree (basically a plea deal which means years of audits and a nasty public statement) or fight in court. The CEO of LabMD, Michael Daugherty, chose to fight, because a plea deal would have tarnished his reputation and killed the business anyway, he said.

Daugherty lost that battle in 2014, having run out of steam. The lawsuit killed LabMD, which was forced to fire its 40 employees last year.

“We were a small company,” he said. “It’s not like we had millions of dollars to fight this and tons of employees.”

“The fight with the government was psychological warfare,” he told CNNMoney. “There was reputation assassination. There was intimidation. We thought we were extorted. My staff and management team was demoralized. My VP left. My lawyer left.”

Daugherty launched a website and wrote a book about the ordeal. Cause of Action, a government watchdog group, picked up his case.

Wallace’s testimony casts doubt on the FTC’s case against LabMD. If Wallace is telling the truth, the FTC aggressively prosecuted a company based on bogus evidence.

The FTC declined to comment, citing an ongoing lawsuit against LabMD, which still hasn’t reached its conclusion.

LabMD wasn’t the first time Tiversa’s false hacks made national news, Wallace said. He claimed that Tiversa also made up information in 2009 pointing to Iran for supposedly stealing blueprints for President Obama’s helicopter, Marine One. That scare that led to several news stories published byNBC, Fox, CNET and others.

According to Wallace, Tiversa did this by using phony IP addresses — on the orders of Tiversa’s CEO, Bob Boback. The company, which works closely with law enforcement, would look up the Internet addresses that were used by known criminals or identity thieves, then claim that those IP addresses were sharing stolen files online. Wallace said it was a scare tactic that added “spread” to the supposed damage — and “wow factor.”

“So, to boil this down, you would make the data breach appear to be much worse than it actually had been?” FTC Administrative Judge Michael Chappell asked.

“That’s correct,” Wallace responded.

Tiversa denies Wallace’s allegations. On Thursday, Tiversa’s CEO told CNNMoney that the recent revelations were “baseless” and came from an ex-employee still angry for being fired.

“This is an overblown case of a terminated employee seeking revenge,” Boback said. “Tiversa has received multiple awards from law enforcement for our continued efforts to help support them in cyber activities.”

Tiversa is a small cybersecurity consultancy based in Pittsburgh. Its board members include several highly-decorated experts in the security and privacy fields, including the retired four-star U.S. Army General Wesley K. Clark (formerly NATO’s Supreme Allied Commander in Europe) and Larry Ponemon (founder of the Ponemon Institute, a pro-privacy think tank).

U.S. Rep. Darrell Issa, chairman of the House Oversight Committee, demanded last year that the FTC look into allegations of “corporate blackmail” by Tiversa. In a letter to the FTC in December, Issa noted that Tiversa assisted the FTC on data leak investigations of “nearly 100 companies.” This link potentially taints evidence in those cases too.

To see the original article, click HERE

Read More

06 May Analyst Backs LabMD In FTC Row, Alleges Fraud At Tiversa


Originally posted on Law 360

By Jimmy Hoover

Screen shot 2014-08-22 at 5.55.03 AM

Law360, Washington (May 05, 2015, 9:16 PM ET) — LabMD Inc. on Tuesday scored a major hit in its data security fight with the Federal Trade Commission after a former analyst at the cybersecurity firm Tiversa Inc. testified that his company lied to the agency about the extent of LabMD’s data leaks after the medical testing firm turned down its services.

Richard E. Wallace said in a hearing that during his time as one of the company’s chief forensic analysts from 2007 to 2014, he helped Tiversa and CEO Robert J. Boback spin lies to the FTC about the “proliferation” of LabMD-held insurance records among identity thieves — which LabMD claims is the sole basis for the agency’s 2013 administrative complaint against it for alleged data protection failures.

Wallace said that, rather than a proliferation, he merely downloaded a file off of LabMD’s own server and manufactured those claims per Boback’s orders, who he said wanted to steer LabMD into using Tiversa’s monitoring and remedial services.

According to Wallace, Boback became infuriated that LabMD’s president and CEO, Michael J. Daugherty, rejected their services.

“[Boback] basically said F-him, make sure he’s at the top of the list,” Wallace said at the hearing, describing the Tiversa CEO’s reaction to LabMD’s refusal of services.

Atlanta-based LabMD conducts laboratory tests on samples that physicians obtain from patients and also performs medical testing for consumers around the country.

Tuesday’s proceedings before Administrative Law Judge D. Michael Chappell had stalled for several months after Wallace revealed that Tiversa had emerged as the subject of an investigation from the House Committee on Oversight and Government Reform and that he was pursuing immunity for his testimony in the FTC proceedings — immunity he finally received.

Wallace said that he left the company in February 2014 after Boback had pressured him to lie under oath in a planned deposition from LabMD’s attorneys about the extent of LabMD’s data leaks.

According to LabMD’s attorney Reed Rubinstein of Dinsmore & Shohl LLP, the testimony marked a “remarkable day” in the case and vindicated the company’s assertion that “the FTC action was based on manufactured evidence.” At the close of the hearing Tuesday, Rubenstein announced that LabMD will seek a criminal investigation against the Tiversa.

“Obviously the FTC never checked what came in from Tiversa,” Rubinstein said in an interview with Law360.

Under direct examination from William A. Sherman II of Dinsmore & Shohl, Wallace outlined a pattern of fraud and deception at his former company and said it was “common practice” at Tiversa to deceive companies into believing identity thieves had stolen their files off of peer-to-peer networks in an effort to charge for remedial services.

Wallace said Tiversa carried out the scheme by inserting the IP addresses of known identity thieves into a “data store” and making it appear to the companies that the identity thieves had pilfered their files, despite the fact that they had already been shut down by law enforcement. Because their computers were down, Wallace said, “there was no way to contradict what Tiversa was saying.”

During a re-direct examination Tuesday from his own attorney, Mary Beth Buchanan of Bryan Cave LLP, Wallace also recounted an episode in which Boback allegedly forced him to conjure up a report claiming that trade secrets related to the avionics found in the cockpit of Marine One, the helicopter for presidential transport, had been stolen by Iranian nationals — a fake story later plastered in headlines across major news outlets including, CBS News, NBC News and Fox News.

“It was very big press for Tiversa. And believe it or not, it was not easy to find an active Iranian IP address that law enforcement couldn’t get a hold of,” Wallace said.

The FTC declined an opportunity to depose as well as cross-examine Wallace on Tuesday, though FTC attorney Laura Riposo VanDruff indicated that she may file a motion to introduce a rebuttal witness within the next week.

Counsel for Tiversa and Boback could not be immediately reached Tuesday for comment.

LabMD is represented by William A. Sherman II, Reed Rubinstein and Sunni Harris of Dinsmore & Shohl LLP and Hallee Morgan, Kent Huntington, Daniel Epstein, Patrick Massari and Prashant K. Khetan of Cause of Action.

The FTC is represented by Alain Sheer, Laura Riposo VanDruff, Megan Cox, Ryan Mehm, John Krebs and Jarad Brown.

The case is In the Matter of LabMD Inc., docket number 9357, before the Federal Trade Commission Office of the Administrative Law Judges.

–Editing by Emily Kokoll.

To download your own copy of this article, click here

Read More

19 Mar LabMD, FTC Data Security Fight Delayed Again


Screen shot 2014-08-22 at 5.55.03 AMLaw360, New York (March 16, 2015, 8:34 PM ET) —



An administrative law judge has postponed until May 5 the resumption of proceedings in the Federal Trade Commission‘s closely watched data security fight with LabMD Inc., marking the latest delay in a case that has been on hold for almost a year.

In an order dated Thursday, Chief Administrative Law Judge D. Michael Chappell revealed that the evidentiary hearing in the case, which was scheduled to resume on March 19, would instead be rescheduled to May 5.

The order offered no reason for the extension, saying only that the decision was “based upon good cause” and had been made following a conference call with the parties during which there had been no objections. The case has been on hold since May 30, when witness Rick Wallace revealed a congressional investigation into a key player in the FTC’s case.

“The judge told us the hearing was postponed, so we’ll show up on May 5 and we’ll see what Mr. Wallace has to say then,” Reed Rubinstein, a Dinsmore & Shohl LLP partner and the senior vice president of litigation at Cause of Action, which is representing LabMD in the administrative proceeding, told Law360 on Monday.

A spokeswoman for the FTC said that the commission did not have a comment on the extension.

Thursday’s order marks the latest twist in the long-running and hotly contested battle between the regulator and medical testing laboratory.

After a lengthy probe into the laboratory’s data security practices, and shortly after the company’s CEO released an online trailer to his book highlighting corruption at the FTC, the regulator in August 2013 filed an administrative complaint alleging that LabMD violated Section 5 of the FTC Act by failing to safeguard medical and financial information on nearly 10,000 customers.

LabMD shot back that the unfairness prong of Section 5 didn’t give the FTC authority to regulate how a business protects consumer information. And even if it did, LabMD argued, the Health Insurance Portability and Accountability Act would trump it because the information at stake is sensitive medical information.

After the FTC commissioners affirmed the agency’s authority to bring the suit in a January 2014 ruling rejecting the laboratory’s bid to dismiss the action, the focus of the case shifted to whether the data security standards that LabMD had in place to protect consumers’ sensitive medical and personal information could be considered reasonable.

However, shortly after the trial to resolve these issues began, Judge Chappell brought the proceedings to a halt, due to testimony by Wallace that the House Intelligence Committee on Oversight and Government Reform was conducting an investigation into data security firm Tiversa Inc., which had provided the FTC with a the file containing sensitive information that had purportedly been found outside the medical testing laboratory’s internal network.

The FTC’s data security suit rests in large part on Tiversa’s claims that its routine scanning activities found that the LabMD patient file had leaked outside the company, an assertion that Wallace — a former Tiversa employee — is expected to refute by testifying that the file had only been found on the LabMD server.

But while the House Oversight Committee concluded its probe by releasing a Dec. 1 report that Tiversa failed to provide complete information about work it performed, the committee did not address the question of whether Wallace could be granted immunity for his testimony in the administrative proceedings, which Judge Chappell had elected to keep on hold until the immunity issue had been resolved.

The quandary was finally put to rest in January, when after receiving permission from theU.S. Department of Justice, Judge Chappell granted LabMD’s request to give immunity to Wallace, and ordered him to testify at the resumption of the evidentiary hearing, which the judge scheduled for March 3.

As the proceedings were about to get underway, Judge Chappell issued an order granting Wallace’s request to adjourn the trial and his appearance for deposition until March 19, a plan that remained in place until the judge issued his latest extension order Thursday.

LabMD is represented by William A. Sherman II, Reed Rubinstein and Sunni Harris of Dinsmore & Shohl LLP and Hallee Morgan, Kent Huntington, Daniel Epstein, Patrick Massari and Prashant K. Khetan of Cause of Action.

The FTC is represented by Alain Sheer, Laura Riposo VanDruff, Megan Cox, Ryan Mehm, John Krebs and Jarad Brown.

The case is In the Matter of LabMD Inc., docket number 9357, before the Federal Trade Commission Office of the Administrative Law Judges.

–Editing by John Quinn.


Read More

02 Mar FTC To Face Grilling By 3rd Circ. Over Data Security Powers



Shared directly from Law360 Screen shot 2014-08-22 at 5.55.03 AM


Law360, New York (February 27, 2015, 8:55 PM ET) — The scope of the Federal Trade Commission‘s authority will take center stage at the Third Circuit on Tuesday, with questions posed by the appellate panel in advance of the arguments indicating that the regulator faces an uphill battle to fend off Wyndham Worldwide Corp.’s claims that the agency doesn’t have the power to regulate companies’ cybersecurity practices.

The highly anticipated oral argument session, which is slated to kick off on Tuesday morning before a three-judge panel in Philadelphia, will mark the latest step in the appellate court’s interlocutory review of an order issued by U.S. District Judge Esther Salas in April that rejected Wyndham’s contention that the commission does not have the authority under the unfairness prong of Section 5 of the FTC Act to police allegedly lax corporate data security practices.

“This is going to be one of the most important decisions that is going to come down over data security, because it’s really going to determine the jurisdiction of the FTC, which has planted itself as the principal regulator in this area,” said Fox Rothschild LLP privacy and data security practice leader Scott Vernick.

With the potentially game-changing arguments looming, the Third Circuit panel offered some insight into its thinking by taking the unusual step of sending the parties a letter on Feb. 20 that expanded on the pair of questions that Judge Salas had asked the appellate court to consider.

In her June order sending the dispute to the Third Circuit, Judge Salas certified the questions of whether the commission can bring an unfairness claim involving data security under Section 5 and, if so, whether the FTC must formally promulgate regulations before bringing its unfairness claim.

But in its recent letter, the appellate panel asked counsel to be prepared to discuss a slightly different pair of questions during oral arguments, beginning with whether the FTC has declared through the procedures provided in the FTC Act that unreasonable cybersecurity practices are “unfair.”

The panel continued by saying, “Assuming that it has not, is the FTC asking the federal courts to determine that unreasonable cybersecurity practices are ‘unfair’ in the first instance, and if so, can the courts do so in this case” brought under the regulator’s authority to enjoin an entity that the commission believes is violating the FTC Act.

“These questions imply that the Third Circuit is still grappling with the question of what authority the FTC has to enforce the prohibition against unfair practices under the FTC Act in the context of cybersecurity,” said Shook Hardy & Bacon LLP data security and data privacy practice co-chair Al Saikali. “The FTC will want to demonstrate that its treatment of Wyndham is consistent with how it has applied the unfair practice prong of the act in the past. If the FTC can’t make the required showing, it will face an uphill battle trying to establish why it now wants to do so for the first time, and it means that the court may need to apply a tougher standard.”

The possibility that the Third Circuit may push back hard on the commission’s long-running assertion that it has broad authority to regulate practices that it deems to be “unfair” is surprising, giving the reception the contention received at the district court level.

In her opinion, Judge Salas strongly endorsed the regulator’s position, saying that an “untenable consequence” of the hotel chain’s argument that the FTC must provide fair notice of what constitutes “unreasonable” data security standards would be that the commission would have to cease bringing all unfairness actions without first proscribing particularized prohibitions, a result that she characterized as in “direct contradiction with the flexibility necessarily inherent” in Section 5.

“Most people have assumed that the FTC would win this case, but this latest inquiry raises some additional doubt about the approach the FTC has been taking in its enforcement activities,” said Wiley Rein LLP privacy practice chair Kirk Nahra.

With its questions, the Third Circuit appears to be pushing for information on the general use of the unfairness doctrine by the commission, and asking whether the FTC is even using that approach in its actions, or if it is asking the court to create something entirely separate, according to Nahra.

“It raises some questions about whether the FTC has been clear in what it is doing, and whether the FTC’s actions can be traced to a specific statutory requirement,” he said. “In my mind, it is raising some new doubts about whether the FTC will win this case.”

By signaling that it is most interested in the hotel chain’s central argument that the unfairness prong does not provide the commission with broad authority to set data security standards, rather than its narrower contention that the FTC has failed to plead facts sufficient to demonstrate a substantial injury to consumers, the appellate panel has given a significant boost to the widespread belief that its ultimate decision will have a seismic impact on the future of data security regulation, according to attorneys.

“If [the Third Circuit] addresses the broader issue of the FTC’s authority, it would mark the first time that a federal appellate court has determined whether the FTC has the authority to bring Section 5 actions based on allegedly inadequate data security practices,” said Kurt Wimmer, chairman of Covington & Burling LLP’s privacy and data security practice. “Although the Third is just one circuit, this would be a highly influential decision — particularly in light of the lack of judicial precedent for the FTC’s privacy and security jurisdiction.”

The second question posed by the appellate panel also raises the less high-profile but equally important question of what role the courts have in regulating data security, especially given the absence of formal guidance from the FTC on the issue, attorneys noted.

“I’m not sure that the court is in any better position than the FTC to make that determination [of what constitutes reasonable data security],” Vernick said. “If you say that the court can, then it’s going to come down to a battle of experts, because the plaintiff is going to put up an expert that says the company did not adhere to the standard of care, and the defendant’s expert will say that the company did.”

However, having the FTC set out proscriptive data security standards in advance of launching enforcement actions, as Wyndham argues it should, may not be the best way to approach the issue either, according to attorneys.

“While it’s technically true that there is a lack of regulation and we don’t know what the standards are, that argument might be overblown,” Vernick said. “A lack of regulation may ultimately be helpful because you don’t risk setting a one-size-fits-all standard for data security that doesn’t fit anybody.”

Wyndham is represented by Eugene F. Assaf, Christopher Landau, Susan M. Davies and K. Winn Allen of Kirkland & Ellis LLP, Douglas H. Meal and David T. Cohen of Ropes & Gray LLP, and Jennifer A. Hradil and Justin T. Quinn of Gibbons PC.

The FTC is represented by its attorneys Joel R. Marcus-Kurn, David C. Shonka Sr. and David L. Sieradzki.

The case is FTC v. Wyndham Worldwide Corp. et al., case number 14-3514, in the U.S. Court of Appeals for the Third Circuit.

–Editing by Katherine Rautenberg and Kat Laskowski.


Read More

14 Feb Red Auerbach lights his cigar as Congress nails strange bedfellows Tiversa and the FTC

Red Auerbach LightsJust in from Law360…

House Panel Says Tiversa Held Out On FTC In LabMD Fight

 By Emily Field

Law360, New York (February 13, 2015, 9:27 PM ET) — Tiversa Inc.’s credibility as a witness in the Federal Trade Commission’s data breach row with LabMD Inc. was called into question in an investigation by a congressional committee, which said in a report made public Friday that the data security company failed to provide complete information about work it performed.

The House Committee on Oversight & Government Reform said in its Dec. 1 report that, to all appearances, Tiversa kept back information contradicting what it told the FTC about the source and dissemination of a LabMD file. The FTC in August 2013 claimed LabMD failed to protect patient data, largely based on a file handed over by Tiversa, which the company claimed was outside LabMD’s internal network.

Tiversa’s failure to produce the requested documents “calls into question Tiversa’s credibility as a source of information for the FTC,” according to the committee, and the FTC “should no longer consider Tiversa to be a cooperating witness.”

The FTC in August 2013 alleged LabMD failed to protect patient data, largely based on a file handed over by Tiversa.

photo (1)

Strange Bedfellows. FTC & Tiversa


In a separate suit filed last month, LabMD is accusing Tiversa of creating a breach itself and then trying to sell its services to LabMD to repair it, with Tiversa allegedly turning the medical testing laboratory in to the FTC when it refused.

In responding to the FTC’s September 2013 subpoena, the report says, Tiversa kept back information that contradicted testimony CEO Robert Boback gave to the FTC about the LabMD file.

Despite “nearly identical” requests from the FTC and the committee, Tiversa gave the committee documents it didn’t show the FTC, according to the report.

According to an internal Tiversa forensic report, it downloaded the LabMD file from a source in Atlanta by August 2008, the committee said.

“This contradicts Boback’s testimony that Tiversa first downloaded the LabMD file from an IP address in San Diego, California,” the committee said. “If Tiversa had in fact downloaded the LabMD file from a San Diego IP address in February 2008, then that fact should be included in this 2008 report. It is not.”

The committee said, given how Tiversa names files, it’s unlikely that the LabMD file analyzed in the company’s internal records is different from the file at issue in the FTC proceedings.

“If, however, the earlier reports do refer to a different file, then Tiversa neglected to inform the FTC of a second, similarly sized leak of LabMD files,” the report said.

Tiversa created the only forensic report substantiating its claims to the FTC in June 2014, after the committee began its investigation, which “raises serious questions,” according to the report.

Tiversa also didn’t give the committee emails between Boback and Richard Wallace — a former Tiversa employee who was granted immunity for his testimony in the FTC’s trial against LabMD — that were submitted in the FTC proceeding, the committee said.

“Tiversa did not produce these documents to the committee even though they are clearly responsive to the committee’s subpoena,” the committee said. “Their inclusion in the FTC proceeding strongly suggests that Tiversa also never produced these documents to the FTC.”

The committee’s probe into the relationship between Tiversa and federal agencies came to light after Wallace told the FTC’s administrative law court of the investigation and said he wouldn’t testify without immunity, spurring an administrative law judge to stay the case in May.

After receiving permission from the U.S. attorney to grant Wallace immunity for his testimony, the administrative law judge rebooted the case by ordering the evidentiary hearing to resume on March 3.

Representatives for LabMD and Tiversa didn’t immediately respond to requests for comment Friday.

The cases are In the Matter of LabMD Inc., docket number 9357, before the Federal Trade Commission Office of the Administrative Law Judges, and LabMD Inc. v. Tiversa Holding Corp. et al., case number 2:15-cv-00092, in the U.S. District Court for the Western District of Pennsylvania.

–Additional reporting by Michael Lipkin. Editing by Jeremy Barker.

Read More