Statement on FTC Denial of Motion to Dismiss

On January 16, 2014, and as predicted, the FTC denied LabMD’s Motion to Dismiss its administrative case against the company.

FTC has never issued data security regulations for patient information.  The Department of Health and Human Services has.  And, FTC admits LabMD complied with those regulations.  But in its decision and order, which can be found here, FTC said compliance with HHS regulations did not matter.  Instead the “concrete circumstances of this case” provide an opportunity for the FTC to address “whether or not LabMD’s data security procedures constitute ‘unfair . . . acts or practices’” without regard for HHS’s rules.

Furthermore, FTC already had the opportunity to investigate whether or not it believed that LabMD’s data security procedures were “unfair” by issuing a Civil Investigative Demand (CID).   After years of investigation, FTC sued LabMD.  In other words, FTC’s approach is verdict first, trial after.

In its decision, FTC justifies its actions by saying Congress extended it rulemaking tools to regulate data security problems. The FTC concedes that they have the rulemaking authority, yet they chose to not engage in rulemaking. Instead they issued a CID and brought an enforcement action.

FTC’s actions here, from its claim of authority over patient information to its “pre-cooked” administrative action and verdict to its refusal to issue regulations and provide fair notice, have resulted in a gross bureaucratic overreach that is destroying a small cancer detection laboratory business.   This overreach must be stopped.  And that’s why Cause of Action will continue to fight the FTC’s arbitrary abuse of power in federal court.

 

FOIA Requesters Misled by Military to Waive Appeal Rights

UPDATE: We added clarification that our numbers concerning SOCOM’s FOIA appeals were taken from FOIA.gov

At least two military offices have been found to use a puzzling FOIA request form that may be an attempt to get requesters to give up their rights to appeal FOIA decisions.

The request forms, which are included below, appear on the FOIA web sites of the U.S. Army Special Operations Command (SOCOM) and the U.S. Navy’s Space and Naval Warfare Systems Command(SPAWAR).   In both forms, the offices ask requesters to agree to accept “a releasable copy” of the requested records; however, they fail to expressly inform requesters that electing this option may legally prevent them from appealing if the agency withholds any records.

If requesters do not agree in advance to accept “releasable” records, the forms indicate that their request will be “referred to the appropriate reviewing authority for a final review and release determination.”  This is precisely the procedure that the Department of Defense’s FOIA regulations already require.  Specifically, all Department of Defense FOIA requests must be reviewed by a designated “Initial Denial Authority,” and all decisions to withhold requested records must be explained in sufficient detail so as to allow requesters to decide whether to appeal.

Making matters worse, SOCOM’s version of the FOIA request form implies that the referral procedure described above will dramatically increase the time needed to process the request, noting that “it could take a year” for a decision — essentially coercing the FOIA requester to select the “releasable” records option if they want to receive the production in a timely manner.  As a result SOCOM’s form has effectively minimized FOIA appeals.  During fiscal years 2008 to 2012, SOCOM adjudicated 933 FOIA requests, yet it received zero administrative appeals according to FOIA.gov. Do the zero administrative appeals accurately reflect that in fact there were no appeals by requesters during this four year period regardless of whether they accepted the “releasable” records option, or are these statistics the result of virtually all 933 FOIA requesters abdicating their rights to appeal?

Notably, these forms do not conform to the FOIA request template recommended by the Department of Defense’s main FOIA office.   Nor are they even consistent with sample request letters provided by the FOIA offices of the Department of the Navy or the Department of the Army.  In the words of Victor Hugo, no army can withstand the strength of an idea whose time has come.  It is time for these forms to go.

SOCOM FOIA Request Form

Socom

SPAWAR FOIA Request Form

SPAWAR

Liability Alert Letter to the General Counsel of Covered California regarding Enroll America

Cause of Action sent a letter to Covered California, California’s state health exchange, to alert them of liabilities under federal and state laws and guidelines. Enroll America will be a liaison to state health exchanges across the country, such as Covered California, who manage the sale of health insurance policies.

“The risk of spending federal money in wasteful, fraudulent or abusive ways as they fund outreach activities to enroll the uninsured should put state exchanges on high alert,” said Dan Epstein. “Covered California creates a one-stop insurance marketplace, while conducting outreach similar to that of Enroll America, and we want these exchanges to be aware of the numerous laws and regulations that could present multiple liabilities for them as enrollment begins.”

Liability Alert Letter to the General Counsel of Covered California regarding Enroll America

What to Do about Data Security? A Discussion of the FTC’s LabMD & Wyndham Cases

What to Do about Data Security? A Discussion of the FTC’s LabMD & Wyndham Cases

Over the last decade, the Federal Trade Commission has settled nearly four dozen cases alleging that a failure to have “reasonable” data security constitutes an unfair or deceptive trade practice. The FTC has established no clear data security standards, and no court has ever ever ruled on the FTC’s assertions, but two pending litigations may finally finally allow the courts to rule on the legal validity of what the FTC calls its “common law of settlements” — and whether the agency can continue bringing such data security enforcement actions.

Join TechFreedom and Cause of Action for a livestreamed luncheon discussion on September 12 about these two cases and what they might mean for the future of consumer protection and competition regulation. We’ll hear from Mike Daugherty, founder of LabMD, a small cancer diagnostic lab based in Atlanta. Represented by Cause of Action, a non-profit dedicated to government transparency and accountability, LabMD is defending against the FTC complaint, which focuses on the fact that, in 2007, a government-funded surveillance program was able to access a file containing patient information on LabMD’s network through the Limewire filesharing program. Mike will preview his new bookThe Devil Inside the Beltway: The Shocking Exposé of the US Government’s Surveillance and Overreach into Cybersecurity, Medicine and Small Business, due out September 17. (Hint: the “devil” is a broader regulatory mentality.)

Our panel of legal experts will discuss the unique aspects of the LabMD case, especially the FTC’s decision not to prosecute filesharing services like Limewire for unfair trade practices in configuring their software to trick users into sharing files unintentionally — a decision the FTC eventually reversed, but not until it finally brought an enforcement action against Frostwire in 2011 for the same unfair practice. The panel will also discuss the larger legal issues raised by the LabMD case, the FTC’s pending litigation with Wyndham Hotels, and other recent cases settled by the FTC. Is the FTC’s approach consistent with the rule of law? Could it be? Does it actually protect consumers? What should the courts and Congress do?

Space is limited so RSVP now if you plan to attend in person. A livestream of the event will be availablehere. You can follow the conversation on Twitter on the #LabMD hashtag.

When: 
Thursday, September 12, 2013
12 p.m. (registration and coffee opens at 11:45, event and livestream at 12:15)

Where:
100 Maryland Ave NE
Washington D.C. 20002

Questions? 
Email contact@techfreedom.org.

Read TechFreedom’s amicus brief in the recent Wyndham and POM Wonderful cases for more legal analysis of how the FTC’s extra-legal regulations.

Submission to ProPublica’s Redaction Classic

ProPublica’s Redaction Classics highlights egregious examples of redacted documents obtained with FOIA requests. Our submission:

Responding to our FOIA request seeking information about discretionary grants at the Department of Education, DoE provided us with 665  BLANK pages in one document with a (b)(5) at the top. These documents were related to the discretionary grants for the High School Equivalency Program (HEP).

665 Blank Pages for FOIA response

 

FOIA Follies: HUD Flags Sensitive Freedom of Information Act Requests for Extra Scrutiny; Political Appointees Involved

Field offices of the Department of Housing and Urban Development (HUD) may not release records in response to FOIA requests deemed “sensitive” without obtaining approval from three HUD offices, according to a policy document obtained by Cause of Action from HUD’s Office of Inspector General.

A “sensitive” FOIA request is defined by the policy document as one that involves any of the following:

  • National significance, serious injury, or loss of life;
  • Information that could subject HUD to substantial litigation;
  • Current or former senior HUD management officials; or
  • Questions about HUD’s policies or the performance of departmental responsibilities.

The policy document, which is labeled “current as of April 7, 2008” and confirmed by HUD Public Affairs as still in effect, provides that any field office receiving such a request must notify its “Regional Director” and “Regional Field FOIA Liaison,” as well as “the Headquarters Division in the Office of Litigation.”  If a sensitive request is submitted by the media, the “Regional Public Affairs Officer” also must be notified.

After the above offices are notified, the field office handling the request must prepare a proposed response and obtain the “concurrence” of the Headquarters FOIA Division of the Office of Litigation, the Regional Director’s Office, and the “head of the relevant program office in Headquarters.”  If any of these offices disagree with the proposed response, the “Field FOIA Liaison must arrange a conference call with the FOIA division in Headquarters and the office(s) not approving of the response in order to resolve the outstanding issues and arrive at a consensus as to the appropriate response to the sensitive FOIA request.”

Notably, HUD Regional Directors and at least eight of twenty-two heads of HUD Program Offices, such as the General Counsel and Public and Indian Housing offices, are political appointees.

HUD’s policy concerning sensitive FOIA requests was initially revealed by the HUD IG to Congress on September 29, 2010 in response to an inquiry concerning the politicization of FOIA.  Neither the IG nor HUD has proactively disclosed this policy document to the public, nor is it referenced in HUD’s publicly available FOIA material.**  Perhaps worst of all, the IG’s report to Congress downplayed the policy’s significance.  Despite the fact that HUD’s FOIA policy allows political appointees to weigh in on sensitive requests, the IG accepted the agency’s assertion that “political appointees have a limited role in request reviews and no role in the decision-making regarding the documents to be released to the requester.”

HUD’s FOIA policy is similar to the secret policies that we uncovered at the Department of Defense and the Department of the Treasury, and its impact is equally harmful.   Specifically, it usurps the authority of career FOIA professionals, delays and/or prevents the release of requested records, and further erodes the public’s trust in government.

 

**HUD’s policy document for sensitive requests includes a URL and is dated “9/16/2010,” but that link does not work.  Nor were we able to locate the document on the HUD website or via the “Wayback Machine” or Google.

HUDFOIA1
HUDFOIA3

HUDFOIA4


 

FOIA Requesters Misled by Military to Waive Appeal Rights

UPDATE: We added clarification that our numbers concerning SOCOM’s FOIA appeals were taken from FOIA.gov

At least two military offices have been found to use a puzzling FOIA request form that may be an attempt to get requesters to give up their rights to appeal FOIA decisions.

The request forms, which are included below, appear on the FOIA web sites of the U.S. Army Special Operations Command (SOCOM) and the U.S. Navy’s Space and Naval Warfare Systems Command (SPAWAR).   In both forms, the offices ask requesters to agree to accept “a releasable copy” of the requested records; however, they fail to expressly inform requesters that electing this option may legally prevent them from appealing if the agency withholds any records.

If requesters do not agree in advance to accept “releasable” records, the forms indicate that their request will be “referred to the appropriate reviewing authority for a final review and release determination.”  This is precisely the procedure that the Department of Defense’s FOIA regulations already require.  Specifically, all Department of Defense FOIA requests must be reviewed by a designated “Initial Denial Authority,” and all decisions to withhold requested records must be explained in sufficient detail so as to allow requesters to decide whether to appeal.

Making matters worse, SOCOM’s version of the FOIA request form implies that the referral procedure described above will dramatically increase the time needed to process the request, noting that “it could take a year” for a decision — essentially coercing the FOIA requester to select the “releasable” records option if they want to receive the production in a timely manner.  As a result SOCOM’s form has effectively minimized FOIA appeals.  During fiscal years 2008 to 2012, SOCOM adjudicated 933 FOIA requests, yet it received zero administrative appeals according to FOIA.gov. Do the zero administrative appeals accurately reflect that in fact there were no appeals by requesters during this four year period regardless of whether they accepted the “releasable” records option, or are these statistics the result of virtually all 933 FOIA requesters abdicating their rights to appeal?

Notably, these forms do not conform to the FOIA request template recommended by the Department of Defense’s main FOIA office.   Nor are they even consistent with sample request letters provided by the FOIA offices of the Department of the Navy or the Department of the Army.  In the words of Victor Hugo, no army can withstand the strength of an idea whose time has come.  It is time for these forms to go.

SOCOM FOIA Request Form

Socom

SPAWAR FOIA Request Form

SPAWAR