LabMD Responds to FTC Complaint: Agency Has No Section 5 Enforcement Jurisdiction

FOR IMMEDIATE RELEASE                                           CONTACT: Mary Beth Hutchins, 202-400-2721

September 19, 2013                                                                                Kevin Schmidt, 202-499-2414

 LabMD Responds to FTC Complaint: Agency Lacks Enforcement Jurisdiction

Government Watchdog Group Says the Agency has no Section 5 Authority 

WASHINGTON – Cause of Action (CoA), a government accountability organization, filed an answer to an aggressive and arbitrary enforcement action brought by the Federal Trade Commission (FTC) against LabMD, a small cancer diagnosis company.

CoA is defending LabMD against a complaint brought by the FTC in August, based, in part, on allegations that a third party was able to obtain data from LabMD’s computers through the peer-to-peer (P2P) file sharing program LimeWire. LabMD denies the FTC’s allegations of violations of Section 5 of the FTC Act as well as allegations that LabMD failed to provide reasonable and appropriate security for personal information on its computer networks. The filed answer also explains that the FTC may lack the statutory authority to regulate data-security practices as “unfair acts or practices” under Section 5.

“The FTC admitted in 2000 that it ‘lacks the authority to require firms to adopt information practice policies,’ and while they have wanted Congressional approval for that authority, Congress has said no,” explained Reed Rubinstein, Cause of Action’s senior vice president of litigation. “This is why we are asking the Administrative Law Judge to deny the Commission’s requested relief and dismiss the Complaint in its entirety.”

Cause of Action’s Executive Director, Dan Epstein explained, “Cause of Action is taking up this fight because the FTC’s attempt to exert authority that it does not have on a business that engaged in no wrongdoing is an abuse of agency authority that threatens American jobs.”

Key evidence of this lack of FTC authority includes:

  • Notwithstanding the FTC’s repeated requests that Congress confer upon it the authority to regulate data-security, Congress has refused to grant the FTC this authority.
    • In a 2000 report to Congress, Privacy Online: Fair Information Practices in the Electronic Marketplace: A Report to Congress, for example, the FTC admitted that it “lacks the authority to require firms to adopt information practice policies” and requested Congress enact legislation providing a federal agency with the authority to regulate data security. Since then, Congress has not passed any such law.
  • The FTC cannot rely on any judicial precedent for the proposition that the FTC has the authority to regulate data-security practices under Section 5.
  • Federal District Judge William Duffy recently noted that “there is significant merit to [LabMD’s] argument that Section 5 [of the Federal Trade Commission Act] does not justify an [FTC] investigation into data security practices and consumer privacy issues….”
  • Even if the Commission did have jurisdiction over the claims in the Complaint, which it does not, because the Commission has not published any rules, regulations, or other guidelines clarifying and providing any notice, let alone constitutionally adequate notice, of what data-security practices the Commission interprets Section 5 to prohibit or require, this administrative enforcement action against LabMD violates due process requirements guaranteed and protected by the Fifth Amendment to the U.S. Constitution.

CoA states in LabMD’s answer that “Section 5 of the FTC Act does not give the Commission the statutory authority to regulate the acts or practices alleged in the Complaint and therefore the Commission’s actions are arbitrary, capricious, an abuse of discretion, or otherwise not in accordance with law; contrary to constitutional right, power, privilege, or immunity; in excess of statutory jurisdiction, authority, or limitations, or short of statutory right; or without observance of procedure required by law.”

A hearing on the matter is scheduled for April 28, 2014 before Chief Administrative Law Judge Michael Chappell.

The FTC complaint can be found here  and the answer filed by CoA can be found here.

About Cause of Action:

Cause of Action is a nonprofit, nonpartisan organization that uses investigative, legal, and communications tools to educate the public on how government accountability and transparency protects taxpayer interests and economic opportunity. For more information, visit

About LabMD:

LabMD is a cancer detection facility that specializes in analysis and diagnosis of blood, urine, and tissue specimens for cancers, micro-organisms and tumor markers. You can find out more about their battle with the FTC here.

To schedule an interview with Cause of Action’s Executive Director Dan Epstein, contact Mary Beth Hutchins, or Kevin Schmidt,


Cancer Detection Business Strikes Back Against Federal Trade Commission’s Arbitrary Enforcement

FOR IMMEDIATE RELEASE                                                                                                   

September 6, 2013


Cancer Detection Business Strikes Back Against Federal Trade Commission’s Arbitrary Enforcement

Cause of Action Challenges FTC Overreach, Claims It Lacks Regulatory Authority


WASHINGTON – LabMD, a small cancer detection facility in Atlanta, Ga., has retained government accountability group Cause of Action (CoA) in order to challenge an aggressive and arbitrary enforcement action brought by the Federal Trade Commission (FTC). LabMD was targeted by the federal agency in what the company calls “an ongoing witch hunt against private businesses.”

The FTC issued a complaint against LabMD in August, alleging  violations of Section 5 of the Federal Trade Commission Act based, in part, on allegations that a third party was able to obtain data from LabMD’s computers through the peer-to-peer (P2P) file sharing program LimeWire.

“The FTC’s targeting of LabMD is the most recent example of a federal agency abusing its authority and acting outside of its power in order to punish American job creators,” said Executive Director of CoA, Dan Epstein. “The FTC has scapegoated a company whose aim is to save lives.”

Cause of Action is representing LabMD in legal proceedings before the FTC in which LabMD will vigorously respond to the FTC’s complaint and address whether the FTC has authority under Section 5 of the Federal Trade Commission Act to bring its enforcement action.

As part of their efforts to educate the public on the dangers posed by the FTC’s actions, CoA and TechFreedom are co-sponsoring a Thursday, September 12, discussion of the FTC and data security issues to be held in Washington, DC and streamed live online. More information can be found here.

About Cause of Action:

Cause of Action is a nonprofit, nonpartisan organization that uses investigative, legal, and communications tools to educate the public on how government accountability and transparency protects taxpayer interests and economic opportunity. For more information, visit



FOIA Requesters Misled by Military to Waive Appeal Rights

UPDATE: We added clarification that our numbers concerning SOCOM’s FOIA appeals were taken from

At least two military offices have been found to use a puzzling FOIA request form that may be an attempt to get requesters to give up their rights to appeal FOIA decisions.

The request forms, which are included below, appear on the FOIA web sites of the U.S. Army Special Operations Command (SOCOM) and the U.S. Navy’s Space and Naval Warfare Systems Command(SPAWAR).   In both forms, the offices ask requesters to agree to accept “a releasable copy” of the requested records; however, they fail to expressly inform requesters that electing this option may legally prevent them from appealing if the agency withholds any records.

If requesters do not agree in advance to accept “releasable” records, the forms indicate that their request will be “referred to the appropriate reviewing authority for a final review and release determination.”  This is precisely the procedure that the Department of Defense’s FOIA regulations already require.  Specifically, all Department of Defense FOIA requests must be reviewed by a designated “Initial Denial Authority,” and all decisions to withhold requested records must be explained in sufficient detail so as to allow requesters to decide whether to appeal.

Making matters worse, SOCOM’s version of the FOIA request form implies that the referral procedure described above will dramatically increase the time needed to process the request, noting that “it could take a year” for a decision — essentially coercing the FOIA requester to select the “releasable” records option if they want to receive the production in a timely manner.  As a result SOCOM’s form has effectively minimized FOIA appeals.  During fiscal years 2008 to 2012, SOCOM adjudicated 933 FOIA requests, yet it received zero administrative appeals according to Do the zero administrative appeals accurately reflect that in fact there were no appeals by requesters during this four year period regardless of whether they accepted the “releasable” records option, or are these statistics the result of virtually all 933 FOIA requesters abdicating their rights to appeal?

Notably, these forms do not conform to the FOIA request template recommended by the Department of Defense’s main FOIA office.   Nor are they even consistent with sample request letters provided by the FOIA offices of the Department of the Navy or the Department of the Army.  In the words of Victor Hugo, no army can withstand the strength of an idea whose time has come.  It is time for these forms to go.

SOCOM FOIA Request Form


SPAWAR FOIA Request Form


National Law Journal: Group Wants Justices to Lift Limits on Political Giving

Integer quis lectus in mauris aliquet mollis et in ligula. Sed sed tempor velit. Pellentesque venenatis ipsum a ipsum scelerisque, vitae consectetur lectus accumsan. Nunc dapibus aliquet mollis. Pellentesque vel cursus orci. Donec aliquam at odio non porta. Nam tortor turpis, mollis sed rhoncus ut, pulvinar et magna. Proin pretium feugiat sem, bibendum suscipit erat rhoncus at. Cras tristique, nibh at placerat facilisis, arcu odio blandit neque, id auctor tellus turpis sed diam. Nam venenatis risus a lorem tristique, eu sagittis eros placerat. Nulla non libero nulla.

Liability Alert Letter to the General Counsel of Covered California regarding Enroll America

Cause of Action sent a letter to Covered California, California’s state health exchange, to alert them of liabilities under federal and state laws and guidelines. Enroll America will be a liaison to state health exchanges across the country, such as Covered California, who manage the sale of health insurance policies.

“The risk of spending federal money in wasteful, fraudulent or abusive ways as they fund outreach activities to enroll the uninsured should put state exchanges on high alert,” said Dan Epstein. “Covered California creates a one-stop insurance marketplace, while conducting outreach similar to that of Enroll America, and we want these exchanges to be aware of the numerous laws and regulations that could present multiple liabilities for them as enrollment begins.”

Liability Alert Letter to the General Counsel of Covered California regarding Enroll America

Statement: Cause of Action on Proposed Advertising Campaign for Affordable Care Act

Yesterday, Senator Rubio asked HHS Secretary Sebelius to cancel $8.7 million in planned advertisement buys made through the Centers for Medicare & Medicaid Services (CMS) to promote the Patient Protection and Affordable Care Act using taxpayer dollars.

Dan Epstein, executive director of Cause of Action, offered this response to the possible misuse of federal dollars through efforts to promote the Patient Protection and Affordable Care Act:

“HHS must take seriously the concerns that have arisen about use of taxpayer money for advertising campaigns promoting the Patient Protection and Affordable Care Act. We are already troubled by the fact that HHS has spent nearly $60 million in taxpayer funds to contract with huge PR companies to promote the implementation of the new law, while Secretary Sebelius has simultaneously asked executives from pharmaceutical and insurance companies to support Enroll America, an organization that has spent ‘at least seven figures’ on paid advertising.  Cause of Action’s warning about the high risk of misuse of taxpayer dollars has recently been expressed through letters to state health exchanges and we will continue to monitor any wasteful spending or abuse of federal funds as the law goes into effect.”

What to Do about Data Security? A Discussion of the FTC’s LabMD & Wyndham Cases

What to Do about Data Security? A Discussion of the FTC’s LabMD & Wyndham Cases

Over the last decade, the Federal Trade Commission has settled nearly four dozen cases alleging that a failure to have “reasonable” data security constitutes an unfair or deceptive trade practice. The FTC has established no clear data security standards, and no court has ever ever ruled on the FTC’s assertions, but two pending litigations may finally finally allow the courts to rule on the legal validity of what the FTC calls its “common law of settlements” — and whether the agency can continue bringing such data security enforcement actions.

Join TechFreedom and Cause of Action for a livestreamed luncheon discussion on September 12 about these two cases and what they might mean for the future of consumer protection and competition regulation. We’ll hear from Mike Daugherty, founder of LabMD, a small cancer diagnostic lab based in Atlanta. Represented by Cause of Action, a non-profit dedicated to government transparency and accountability, LabMD is defending against the FTC complaint, which focuses on the fact that, in 2007, a government-funded surveillance program was able to access a file containing patient information on LabMD’s network through the Limewire filesharing program. Mike will preview his new bookThe Devil Inside the Beltway: The Shocking Exposé of the US Government’s Surveillance and Overreach into Cybersecurity, Medicine and Small Business, due out September 17. (Hint: the “devil” is a broader regulatory mentality.)

Our panel of legal experts will discuss the unique aspects of the LabMD case, especially the FTC’s decision not to prosecute filesharing services like Limewire for unfair trade practices in configuring their software to trick users into sharing files unintentionally — a decision the FTC eventually reversed, but not until it finally brought an enforcement action against Frostwire in 2011 for the same unfair practice. The panel will also discuss the larger legal issues raised by the LabMD case, the FTC’s pending litigation with Wyndham Hotels, and other recent cases settled by the FTC. Is the FTC’s approach consistent with the rule of law? Could it be? Does it actually protect consumers? What should the courts and Congress do?

Space is limited so RSVP now if you plan to attend in person. A livestream of the event will be availablehere. You can follow the conversation on Twitter on the #LabMD hashtag.

Thursday, September 12, 2013
12 p.m. (registration and coffee opens at 11:45, event and livestream at 12:15)

100 Maryland Ave NE
Washington D.C. 20002


Read TechFreedom’s amicus brief in the recent Wyndham and POM Wonderful cases for more legal analysis of how the FTC’s extra-legal regulations.