In the motion to dismiss documents filed with the ALJ, LabMD specifically referenced the congressional committee’s investigation, which called into question information provided by Tiversa to the FTC during its investigation of LabMD. Specifically, LabMD mentioned a letter written to the FTC by Darrell Issa, the chairman of the House Committee on Oversight and Government Reform. In that letter, Rep. Issa expressed concerns to the FTC that the peer-to-peer intelligence provider, Tiversa, may have submitted “inaccurate” findings to the agency, which “played a role in the FTC’s decision to initiate enforcement actions against LabMD.” LabMD claims in its filings that the “FTC’s responses to Congress were aimed at protecting its reputation, not LabMD’s due process rights or the integrity of this proceeding.”
The FTC responded to LabMD’s motion by arguing the lab has wrongly accused the commission of misconduct in order to distract from the “voluminous evidence” the regulator has presented to support its case. The FTC rejected the accusations, saying that the lab’s assertions that the commission had engaged in misconduct and indiscretions from the inception of the case were off-base and distracted from the central question of whether the company had violated the unfairness prong of Section 5 of the FTC Act by failing to adequately protect the sensitive client data it held. According to the FTC’s opposition, “[r]espondent’s motion is the latest in a series of attempts to avoid the court’s determination on that question and distract from respondent’s data security failures with unfounded, unsupported and untrue suggestions of complaint counsel misconduct and conspiracy.” The ALJ has yet to rule on the motion to dismiss.
However, when the administrative trial resumed recently, Mr. Wallace gave shocking testimony regarding Tiversa’s role in the LabMD data breach. Mr. Wallace’s statements were shocking to say the least, and did more than just accuse Tiversa of providing inaccurate data to the FTC as the Issa letters asserted. Instead, Mr. Wallace testified that Tiversa would typically make up false data breaches to scare potential clients, and would then pressure those companies to pay up or Tiversa would be forced to report the breach to the FTC. According to Mr. Wallace, Tiversa scammed LabMD in 2010, when he tapped into LabMD computers and pulled patient medical records. Tiversa then alerted LabMd of the breach, and offered its services to respond to the breach. When LabMD refused, Tiversa threatened to tip-off the FTC about the breach. Ultimately, Tiversa notified the FTC of the hack, and the resulting lawsuit ensued. The FTC’s suit against LabMd has effectively killed the company and its CEO, Michael Daugherty.
The FTC’s response to LabMD’s motion to dismiss was filed just one day after Mr. Wallace gave his testimony. According to the FTC’s response, Mr. Wallace’s testimony had only helped to bolster the FTC’s case against LabMD because he admitted that he had found the patient file on an external file-sharing network “without the aid of proprietary technology.” “Up until Wallace’s testimony, LabMD and its counsel, Cause of Action, continually argued that Tiversa used it ‘specialized technology’ to ‘hack into’ LabMD computers to ‘look around and take what we want,’ which they described as ‘stealing,’” said Tiversa CEO Robert Boback. “Wallace’s testimony completely renders that argument moot as he testified that he used LimeWire and a stand-alone desktop computer without the aid of any proprietary technology. This made the case for the FTC, as ironically, LabMD’s own witness has rendered their arguments completely moot.”
If Mr. Wallace’s statements are true, then the FTC’s entire case against LabMD may be based on entirely bogus evidence. The FTC has declined to publicly comment on Mr. Wallace’s testimony, citing the ongoing case against LabMD. However, Mr. Wallace’s testimony certainly calls into question the business practices of Tiversa, who Mr. Wallace testified had extorted more clients than just LabMD. It also calls into question the FTC’s relationship with Tiversa, which Mr. Wallace claims involves data leak investigations of approximately 100 companies. Mr. Wallace’s testimony could go a long way to taint those other investigations as well. At present, the FTC appears bound and determined to continue its prosecution of LabMD, even in light of the bombshells dropped by Mr. Wallace.