Read the full story: Gov Info Security 

The Federal Trade Commission has confirmed that it will not call a witness to refute damaging testimony given last week by a former employee of Tiversa, the peer-to-peer security firm at the center of the FTC’s security enforcement case against medical testing company LabMD. That means the case potentially could proceed to closing arguments in the coming weeks.


The case is being closely watched by Congress and others because it has raised questions about the FTC’s jurisdiction on security cases as well as its methods for gathering evidence for these cases.


Last week, after months of delay in the FTC administrative hearing on the LabMD data security investigation, former Tiversa employee Richard Wallace testified with immunity that the Pittsburgh-based security firm exaggerated the extent to which a LabMD insurance-related spreadsheet file containing information on 9,000 individuals was exposed and “spread” on the Internet in 2008.


After LabMD CEO Michael Daugherty refused to buy Tiversa’s services, Tiversa reported false information to the FTC about an alleged security incident involving LabMD’s data, Wallace claimed in his testimony. Wallace additionally testified that it was a “common practice” by Tiversa to approach prospective clients with exaggerated information about their allegedly unsecured files that Tiversa found “speading” on the Internet in an attempt to sell the company’s security monitoring and remedial services.


“The FTC has confirmed that it found no reason to challenge the testimony given last week,” says attorney Reed Rubinstein of Cause of Action, a non-profit organization representing LabMD in the FTC legal dispute. “The only evidence in the record now is that LabMD was telling the truth from the beginning that they were hacked by a cyberthief, and that the FTC did nothing to verify the information it was given by Tiversa.”