Clarity from Chaos

By: Dave Campbell

Federal Trade Commission Bully

By

“The Federal Trade Commission’s data-security enforcement efforts have received a setback—at the hands of the commission’s own in-house judge.

Administrative Law Judge D. Michael Chappell late Friday dismissed a long-running and sometimes bitter case involving LabMD, a former medical testing company the FTC accused of failing to provide reasonable or appropriate cybersecurity protections for patient data.

The FTC’s civil case against LabMD had focused largely on the potential exposure of a 1,718-page company report that contained names, dates of birth, social security numbers and other information about 9,300 patients. Online security firm Tiversa found the document on a peer-to-peer file-sharing network in 2008.

After discovering the file, Tiversa contacted LabMD and sought to sell the company data security services, which the firm declined, according to the judge’s ruling. Tiversa later reported to the FTC that LabMD had exposed sensitive patient information, the ruling said.

LabMD, a Georgia-based firm, went out of business in early 2014. The company’s owner and chief executive, Michael Daugherty, has been an unusually aggressive FTC critic, writing a book about his experiences during the commission’s investigation, entitled “The Devil Inside the Beltway.”

Mr. Daugherty said the FTC probe and lawsuit were costly, burdensome and unfair, contributing to the company’s demise. “Yeah we won, but what did we win? We’re dead,” he said. The FTC, he said, “has way too much lopsided power.”

Corruption in Washington

By

“A cyber-security company faked hacks and extorted clients to buy its services, according to an ex-employee. In a federal court this week, Richard Wallace, a former investigator at cyber security company Tiversa, said the company routinely engaged in fraud — and mafia-style shakedowns.

To scare potential clients, Tiversa would typically make up fake data breaches, Wallace said. Then it pressured firms to pay up. “Hire us or face the music,” Wallace said on Tuesday at a federal courtroom in Washington, D.C.. CNNMoney obtained a transcript of the hearing. The results were disastrous for at least one company that stood up to Tiversa and refused to pay.

In 2010, Tiversa scammed LabMD, a cancer testing center in Atlanta, Wallace testified. Wallace said he tapped into LabMD’s computers and pulled the medical records. The cyber-security firm then alerted LabMD it had been hacked. Tiversa offered it emergency “incident response” cyber security services. After the lab refused the offer, Tiversa threatened to tip off federal regulators about the “data breach.”

When LabMD still refused, Tiversa let the Federal Trade Commission know about the “hack.” The FTC went after the lab, giving the company a choice: sign a consent decree (basically a plea deal which means years of audits and a nasty public statement) or fight in court. The CEO of LabMD, Michael Daugherty, chose to fight, because a plea deal would have tarnished his reputation and killed the business anyway, he said.

Daugherty lost that battle in 2014, having run out of steam. The lawsuit killed LabMD, which was forced to fire its 40 employees last year. “We were a small company,” he said. “It’s not like we had millions of dollars to fight this and tons of employees.”

“The fight with the government was psychological warfare,” he told CNNMoney. “There was reputation assassination. There was intimidation. We thought we were extorted. My staff and management team was demoralized. My VP left. My lawyer left.” Daugherty launched a website and wrote a book about the ordeal. Cause of Action, a government watchdog group, picked up his case.”

Michael Daugherty, is a Senior Writer for Cyber Defense Magazine and is a Board Member at Snoopwall the powerhouse cyber-security firm and is author of The Devil Inside the Beltway: The Shocking Expose of the US Government’s Surveillance and Overreach Into Cyber-security, Medicine and Small Business.