Read the full story: Stewart Baker
c. FTC v. LabMD (Federal Trade Commission)
Stupid Mistake + Media Coverage = Unfair Practice
When LabMD set up security for its network, it didn’t expect a rogue employee to poke holes in its security by running Limewire, a program notorious for sharing pirated music — as well as any business or personal records that happen to be on the same network. And it certainly didn’t expect a complaint from the Federal Trade Commission when Limewire shared a spreadsheet with customer data.
There’s no doubt that LabMD made a mistake, and a bad one. But the Federal Trade Commission isn’t empowered to correct every mistake made by American businesses. It only has authority to charge companies that have committed “unfair practices.” What LabMD did may have been dumb; it may have been sloppy; but you’ve got to strain pretty hard to call it an unfair practice. The FTC has been trying for years to become America’s privacy and security enforcer. For just as long, Congress has refused to give it that role.
You have to admire an agency with the cojones to argue that it can make up its own legal authority as well as the offenses that it chooses to punish. Maybe if you look closely at the seal, you can see the agency’s true motto: “Whatever It Takes: Finding Ways To Punish Companies Criticized by the New York Times Since 1914.”