Michael in Print

28 Nov FTC loses cybersecurity case against medical lab

Reblogged from here

The Federal Trade Commission routinely holds companies responsible for data breaches that expose consumers’ private data to intruders. But the commission’s recent loss in the case of LabMD raises questions about its ability to prevail in other consumer cybersecurity cases.

The agency had sought to hold the medical testing lab responsible for a data breach that exposed the records of 9,000 patients. But LabMD fought back, refusing to sign a consent order and arguing that there was no proof any consumer had suffered any actual harm as a result of the breach.

Late last week, FTC Chief Administrative Law Judge Michael Chappell agreed and dismissed the commission’s complaint.

“FTC spent millions of taxpayer dollars to pursue its baseless case against LabMD, an innovative and successful provider of cancer diagnostics,” said Daniel Epstein of Cause of Action Institute, which defended LabMD. “Although FTC’s ostensible justification for this boondoggle was ‘data security,’ it produced no evidence that even a single patient was harmed by LabMD’s alleged inadequacies.”


Read More

27 Nov FTC to appeal LabMD dismissal ruling

This is a perfect example how people don’t understand the administrative law process.  The FTC STAFF is appealing the decision to the FTC COMMISSIONERS. Then the commissioners get the option of siding with their staff, which they usually do – over 95% of the time, and THEN LabMD would appeal to Federal court….FINALLY.  In Federal Court the smug, save the world FTC gets overturned 50% of the time. This system is so biased and corrupt that reporters don’t believe what they are serving…so the torture rolls on as Congress does nothing and the crushed can’t speak. Nauseating.


The following is written by Teri Robinson and reblogged from SC Magazine

A little more than a week after a Federal Trade Commission (FTC) administrative law judge tossed the FTC’s data breach case against LabMD, the agency has filed an appeal of the ruling.

The decision to appeal drew immediate sharp response from Dan Epstein, executive director of Cause of Action, the non-profit that has defended LabMD in the case.


Read More

25 Nov LabMD CEO Speaks About FTC Legal Battle

Michael was interviewed, drop by the post and listen to the interview here

After seven contentious years, LabMD won a major victory in its legal battle with the Federal Trade Commission. But CEO Michael Daugherty says his recent triumph could be short-lived, and he’s hoping – long term – that he case shines a new light on FTC’s data security enforcement practices.


Read More

23 Nov What are they saying about Michael and LabMD’s win?

Here’s a selection of quotes from Michael and LabMD’s win against the FTC.



Screen Shot 2015-11-23 at 10.00.23 AMThe Wall Street Journal: “The Federal Trade Commission’s Data-Security Enforcement Efforts Have Received A Setback—At The Hands Of The Commission’s Own In-House Judge. Administrative Law Judge D. Michael Chappell late Friday dismissed a long-running and sometimes bitter case involving LabMD, a former medical testing  company the FTC accused of failing to provide reasonable or appropriate cybersecurity protections for patient data.”(Brent Kendall, “Federal Trade Commission Loses Data Security Ruling,” http://blogs.wsj.com/law/2015/11/16/federal-trade-commission-loses-data-security-ruling/tab/print/)



Screen Shot 2015-11-23 at 10.23.03 AM“In A Data Security Enforcement Action That Some Have Characterized As A Modern Version Of David Vs. Goliath, David Won Today, And The FTC Lost.It was an enforcement action that the FTC never should have commenced, as I’ve argued repeatedly, and today’s loss may actually make future enforcement actions more difficult for them as the standard for demonstrating likelihood of substantial injury has now been addressed in this ruling.”(Dissent, “FTC V. LabMD Ruling Issued: FTC Loses Data Security Enforcement Case,”Databreaches.Net, 11/13/15)



Read More

21 Nov Michael Daugherty CEO of LabMD speaks for the first time after landmark FTC Ruling


Reblogged from here

Michael Daugherty Founder President and CEO of LabMD speaks to Government and IT Business Leaders for the first time after landmark court ruling at November 2015 GTRA Council Meeting.


GTRA November 17 2015 – Founder President and CEO of LabMD and author Michael Daugherty discussed his major win against the Federal Trade Commission at GTRA’s SecureGOV summit yesterday. After seven years of litigation court battles and testimonials ALJ ruled in favor of LabMD determining that the FTC failed to provide substantial evidence of any theft-related or emotional harm in the aftermath of an alleged security breach.


Read More

16 Nov International Borders Mean Nothing When it Comes to Computer Hackers


Data breaches have become so commonplace that we almost expect them.

Credit cards are compromised when retail stores are hacked. Social Security numbers are at risk when government agencies or physician’s offices fall prey to phishing expeditions.

And those are just the perils the average American faces with domestic hackers. It’s just as easy for people from far-flung countries – some of whom may be working on the behest of their governments – to infiltrate our computer systems and disrupt our way of life.

“The Internet is taking down the borders around countries all over the world,” says Michael Daugherty, a cybersecurity expert and author of the book “The Devil Inside the Beltway: The Shocking Expose of the U.S. Government’s Surveillance and Overreach into Cybersecurity, Medicine and Small Business” (www.michaeljdaugherty.com).

This year, the federal Office of Personnel Management was hacked, putting the data of more than 22 million Americans at risk. That hack reportedly originated in China. In another case, four people were arrested this summer in Israel and Florida in connection with fraud schemes related to a 2014 hack of JPMorgan Chase & Co.

Meanwhile, The Wall Street Journal just recently reported that 29 countries have formal military or intelligence units dedicated to offensive hacking efforts.

“It’s scary what the possibilities are, because this isn’t quite the same as securing our borders against a military attack,” Daugherty says. “Not every country has a powerful military, but it’s so much easier to wage a cyber war.”

He suggests several reasons why this can be a concern for everyone.

• All individuals are at risk. Maybe no one in North Korea or Pakistan is targeting you personally, but that doesn’t keep you from being affected. “The downside of technology is that it pools everything together, and if someone breaks into it, there’s just a whole lot there to take,” Daugherty says. “Your information is there. My information is there. Everyone else’s information is there. That’s the problem from an individual American’s standpoint.”

Advances happen too quickly. The development of technology has moved so fast that government and laws have struggled to keep up. “We are still in a very early stage of an explosive new era of technology, almost like medicine was 150 years ago,” Daugherty says. “So we’re going to have governments behind. Everyone is behind. While on my recent speaking and book tour in Australia, I was saying there that it’s all the more reason why we have to help each other, co-educate and collaborate.”

Cyber attacks don’t need to be sophisticated. A hacker can use the email address of an employee of a federal agency to send emails with a malicious link to other employees. Those employees, thinking the email comes from someone they know and trust, open the email and the link, allowing the breach to occur. “This all boils down to knowledge and training,” Daugherty says. “You are only as strong as your weakest employee.”

About Michael J. Daugherty

Michael J Daugherty is Founder, President & CEO of LabMD, a cancer detection laboratory based in Atlanta, Georgia, as well as the author of the book “The Devil Inside the Beltway, The Shocking Expose of the US Government’s Surveillance and Overreach into Cybersecurity, Medicine and Small Business.” The book details Daugherty’s battle with the Federal Trade Commission over its investigation into LabMD’s data security practices. It is an insider’s look at how agencies exploit the Administrative Procedure Act to grab for power by exploiting the small and weak to control the big and powerful.

Because of his work, Daugherty has testified before the House of Representatives House Oversight Committee and regularly keynotes in front of healthcare, law, business and technology audience educating them on what to expect when the Federal Government investigates you. He spoke at the Gartner Security Summit in Washington, D.C., in June and in August also spoke at a Black Hat USA security gathering in Las Vegas. He holds a BA in Economics from University of Michigan-Ann Arbor, regularly blogs at www.michaeljdaugherty.com and sits on the board of Snoopwall, a privacy company based in Nashua, N.H. He is also a pilot and resides in Atlanta, Ga. He can be followed on Twitter at @DaughertyMJ.

Reblogged from IT Briefcase


Read More

27 Oct Mike Comments on Hillary Clinton Benghazi Hearing


The follow article is reblogged from here. Michael Daugherty is quoted as commenting on the Hillary Clinton Benghazi Hearing.


Screen Shot 2015-10-27 at 7.15.40 AM


Hillary Clinton will be in the hot seat Thursday when she appears before the House Select Committee on Benghazi, but so will the Republicans questioning her on the State Department’s response to the 2012 attacks.

For Clinton, her questioning comes amid the FBI investigation into her private email server, brought to light by the Benghazi panel. But Republicans on the committee, led by Chairman Trey Gowdy of South Carolina, must demonstrate through their questions that the entire investigation isn’t a partisan endeavor, as the Clinton campaign, congressional Democrats and the White House all have charged.

Democratic presidential candidate Hillary Clinton is introduced at a campaign event at Keene State College in New Hampshire. (Luke William Pasley/Pacific Press/LightRocket via Getty Images)

Public opinion doesn’t bode well for either side, according to a Wall Street Journal-NBC News poll released Wednesday: Forty-four percent of Americans said they aren’t satisfied with Clinton’s response to the Benghazi attack, compared to 27 percent who are satisfied. Opinion on her email is more divided, with 47 percent calling the private server an important factor in their vote, and 44 percent saying it isn’t. And it’s close on the GOP-led investigation: Thirty-six percent of those polled said they think the Benghazi committee is unfair and too partisan, while 29 percent believe it’s a fair probe.

Though Thursday’s focus will be on the lead-up to Benghazi, what the State Department could have done to prevent it, and how the government responded, questions will certainly touch on Clinton’s private email system, which she used while she was secretary of state.

“It will be interesting to see how cautious and careful … Clinton will be in the testimony,” Matthew Whitaker, former U.S. attorney for the Southern District of Iowa, told TheBlaze. “This will be a high-stakes situation. For her, it will be an opportunity to put at least some of these questions to bed.”

Whitaker guessed that Clinton’s server likely won’t be the first question to come up during the hearing, but said legitimate questions remain about whether Congress had full access to all the information it has requested – including information that existed in her personal system.

“The questions that have to be answered are all related to Benghazi. There is some doubt by the committee as to whether everything has been turned over. Most on the committee will try to get the answers on Benghazi and what was done to protect the compound,” said Whitaker, now the executive director of the Foundation for Accountability and Civic Trust, a government watchdog group. “In my mind it will be very important to paint a real-time picture of the State Department in the lead-up to the attack and the decisions made.”

The White House hit the committee hard ahead of Clinton’s testimony.

“Republicans on the committee are going to be under intense pressure to justify their very existence of this committee and to prove to the American people that this committee is not just an arm of the Republican National Committee,” White House press secretary Josh Earnest told reporters Tuesday. “Given that pressure that Republicans on the committee are feeling, they are going to come loaded for bear and they are going to come out with aggressive, hostile questioning of the secretary of state.”

The question of her email server is key, and this is a rare opportunity to question her under oath regarding exposing security information on an unsecure network, said Michael Daugherty, a cybersecurity expert and board member at cybersecurity firm Snoopwall.

He said in this particular case, the “Clinton playbook” of blaming the investigators might not work.

“They are using a 20th-century playbook with 21st-century technology. The facts will eventually be there,” Daugherty said.

The partisan clashes between Rep. Elijah Cummings (D-Md.), the committee’s top Democrat, and Gowdy have created an opening for Clinton, Daugherty said. He also has doubts about the legal or political impact of the hearing.

“It boils down to the memories of the public. It is an advantage to Clinton that this is happening in October of this year and not May of 2016,” Daughterty said. “Elijah Cummings will suppress, circle and confuse and spin and say don’t look at the evidence. It has been a source of frustration to people like Trey Gowdy.”

House Select Committee on Benghazi Chairman Trey Gowdy (R-S.C.) speaks with reporters on Capitol Hill, Sept. 10, 2015. (SAUL LOEB/AFP/Getty Images)

House Select Committee on Benghazi Chairman Trey Gowdy (R-S.C.) speaks with reporters on Capitol Hill, Sept. 10, 2015. (SAUL LOEB/AFP/Getty Images)


On Monday, committee Democrats released a 124-page report declaring the investigation has determined nothing, as Cummings alleged “wild Republican conspiracy theories about Secretary Clinton and Benghazi,” and calling the House probe a “fishing expedition.”

The committee’s majority spokesman Jamal Ware said in a statement that the Democrats are too quick to draw conclusions.

“Why is every single bullet point in the Democrats’ press release about Clinton and not a single one about the four people who were killed or about providing better security in the future? This is further proof of the Democrats’ obsession with covering for Hillary Clinton instead of investigating the Benghazi terrorist attacks,” Ware said.

“For the majority members of this committee, they will continue to wait until after hearing from all witnesses, up to and including the very last one, before drawing conclusions, because that is what serious investigations do,” Ware continued. “As Chairman Gowdy said this weekend, the past 18 months of the investigation conducted by the majority members has not been about Clinton, it has been about the four brave Americans we lost in Benghazi.”

House Majority Leader Kevin McCarthy’s statement last month on the panel’s role in causing a dip in Clinton’s polling numbers was a game-changer that allowed her to go from being on the defensive to going on offense, said Gary Rose, a political science professor at Sacred Heart University in Connecticut.

“It’s quite possible Hillary will come out looking even stronger from this,” Rose said. “It will be a political chess game, watching how each side makes its move. Hillary has mastered dodging questions and turning the tables.”

That said, Rose said Clinton has been off her game in the past, such as when she lost her cool at a 2013 Senate hearing and notably said in response to questions about Benghazi, “What difference at this point does it make?”

“She can get rattled,” Rose said. “If Republicans are able to get her to respond emotionally and we see a repeat of ‘what difference does it make,’ that would give Republicans a tremendous advantage. But she has almost certainly been preparing for this for a while.”

Read More

18 Sep Government has cyber security in wrong hands

Michael was recently quote in The T and D.com. See an excerpt below:

Screen Shot 2015-09-17 at 12.58.39 PM

Retail giants aren’t the only target of hackers who infiltrate computer systems to gain access to sensitive information.

The federal government also falls victim, such as recently when the Obama administration revealed that 21.5 million people were affected by a breach at the Office of Personnel Management.

Social Security numbers and other records were stolen, and likely anyone given a government background check in the last 15 years was affected.

That’s disturbing, both because it happened and because of the ease with which the hackers were able to circumvent government security measures, cyber security expert Michael J. Daugherty says.

“The government is quick to criticize security breaches and weaknesses in the private sector, but isn’t able to shore up its own weaknesses,” says Daugherty, author of the book “The Devil Inside the Beltway: The Shocking Expose of the U.S. Government’s Surveillance and Overreach into Cybersecurity, Medicine and Small Business” (www.michaeljdaugherty.com).


To read the full article click HERE

Read More

30 Jun Cybersecurity Firm Tiversa Accused of Extortion


Reblogged from Hacked – written by Neil Sandesai – to view the original post, click HERE

Large corporations and government organizations are often targets for hackers, and as a result, rely on cybersecurity firms to provide security guidance. However, in an ironic twist, one cybersecurity firm may have actually hacked its own clients. Tiversa is a Pittsburgh-based security consultancy, and according to an ex-employee, Tiversa stages data breaches to extort clients.  

Tiversa’s Mafia-Style Tactics

According to Richard Wallace, the whistleblower accusing Tiversa of fraud, Tiversa engages in mafia-style shakedowns to pressure potential clients. Wallace gave his testimony in a federal court in May, and according to a transcript obtained by CNNMoney, Tiversa’s strategy can be summed up as, “Hire us or face the music.”

Wallace describes how Tiversa ruined at least one company – LabMD, a small Georgia-based cancer testing laboratory. While working as an investigator at Tiversa, Wallace hacked LabMD’s servers and obtained a file containing patient data. His then-boss, Tiversa CEO Robert Boback, asked Wallace to make it look as if the breach had originated from IP addresses associated with known identity thieves. Tiversa then approached LabMD, informing the company that it had been hacked, and offered “incident response” services. However, LabMD refused to pay up, and Tiversa threatened to notify the Federal Trade Commission of the (staged) data breach. Soon afterwards, Tiversa carried out the threat, and the FTC ended up taking LabMD to court. LabMD ultimately had to let go of its staff as the long legal battle bankrupted the company. According to Michael Daugherty, CEO of the now-dead cancer lab,

We were a small company…It’s not like we had millions of dollars to fight this and tons of employees.

There was reputation assassination. There was intimidation. We thought we were extorted. My staff and management team was demoralized. My VP left. My lawyer left.

Furthermore, the LabMD incident isn’t the only example of Tiversa making up a hack, says Wallace. Tiversa also made up information pointing to Iran for allegedly stealing blueprints for Marine One, President Obama’s helicopter. If Wallace’s story is true, LabMD and other companies may have been destroyed by fraudulent “evidence.”

Tiversa has firmly denied Wallace’s allegations, dismissing them as “baseless” claims from a disgruntled former employee. Tiversa’s CEO told CNNMoney,

This is an overblown case of a terminated employee seeking revenge…Tiversa has received multiple awards from law enforcement for our continued efforts to help support them in cyber activities.

However, if the allegations against Tiversa are true, they will be very embarrassing for the company and its highly-decorated board members, including Wesley K. Clark, former NATO Supreme Allied Commander in Europe, and Howard Schmidt, former cyber-security coordinator for the Obama administration.

Read More