CoA Institute Submits Comment to FTC, Recommends Multiple Reforms to Curb Agency Overreach and Abuse

Cause of Action Institute (“CoA Institute”) today submitted a public comment to the Federal Trade Commission (“FTC” or “Commission”) in advance of a series of hearings concerning the agency’s efforts to evaluate its law enforcement and policy agenda, improve investigative processes, and otherwise reform its implementation of the FTC Act.

CoA Institute’s recommendations are based on considerable experience dealing with the FTC.  Our attorneys regularly practice before the Commission.  At present, CoA Institute represents D-Link Systems, a networking equipment manufacturer, which is fighting vague and unsubstantiated allegations that it placed consumers “at risk,” despite any evidence of actual or likely substantial injury.  CoA Institute also represents Vylah Tec, LLC, a family-run technical support company that has been targeted on suspicion of “deceptive” sales practices.  The FTC has failed to uncover any concrete evidence of wrongdoing, yet the company remains subject to a punitive injunctive order.  In the past, CoA Institute represented LabMD, Inc., a small cancer-detection company, against claims that it had unreasonable data-security practices.  And CoA Institute has directly litigated against the FTC over matters related to the Freedom of Information Act.

As explained in the comment, CoA Institute’s track-record with the FTC gives it unique insight into how the agency can be improved in four general areas:

Reforming the FTC’s Enforcement Processes

When FTC staff believes there has been a violation of the law, the agency typically threatens a regulated entity with an enforcement proceeding and attempts to settle the matter by consent order.  This is the outcome in most cases.  But these consent orders tend to be vague; they provide little guidance about the standards with which other regulated companies are expected to comply.  This opens the door to regulatory overreach.  The FTC should provide specificity in its consent orders.

The FTC also should refine its use of ex parte injunctions, which are an extraordinary remedy.  Without clearer guidance limiting the use of temporary restraining orders and asset freezes, the FTC may continue to raise due process concerns and impose unjustifiable hardships on regulated entities defending themselves in enforcement proceedings.

Concerns about due process likewise arise with respect to the FTC’s own rules of procedure, which differ in material ways from well-accepted rules of procedure and evidence in federal courts.  The Commission’s rules provide its staff a decided advantage, particularly given the relatively boundless resources available to the agency.  This is unfair and flouts the rule of law.

Finally, the FTC should eliminate its practice of seeking legal damages in excess of what the agency is statutorily authorized to pursue.  Although the FTC may request equitable monetary damages, including restitution or disgorgement of ill-gotten gains, in practice the damages sought by the Commission are pecuniary and ultra vires.  In short, they amount to the imposition of personal liability on defendants.  This approach cannot be countenanced by the FTC Act.

Increasing FTC Transparency

Related to the reforms of the FTC’s enforcement regime are the changes that should be made to its disclosure practices.  As mentioned, the FTC regularly relies on consent orders to settle matters before an actual enforcement proceeding is opened.  The use of these negotiated orders, which are party-specific and, again, vague, fails to provide the requisite notice of legal standards to which regulated parties are expected to conform.  The FTC should abandon efforts to treat consent orders as a “common law” body of precedent that shapes future obligations for regulated parties.

To the extent the FTC continues to use consent orders in this problematic way, however, it should aim to make the orders specific, with detailed analysis about the application of generally applicable standards.  The Commission also should proactively disclose the closing letters and closing memoranda from matters where enforcement is not pursued.  In these cases, the FTC has determined that a potential respondent is operating within legal bounds.  The Commission itself admits that these documents are useful, but they are not uniformly disclosed to the public.

Developing a Proper Understanding of “Substantial Injury”

At the heart of Section 5 of the FTC Act is the concept of “substantial injury.”  Without actual, or the threat of “likely,” substantial injury, the FTC can do nothing.  But the exact scope of what is “likely” and “substantial” harm is unclear.  The FTC does not define the terms precisely, and the body of consent orders that reflect settled matters provide little further detail.  What is clear, however, is that the FTC prefers to maintain ambiguity to facilitate its overreach.

The Commission should do a better job considering the countervailing benefits to consumers or competition provided by allegedly unfair acts or practices, too.  This can be done with rigorous cost-benefit analysis.  The FTC often focus on amorphous concepts of harm while ignoring how regulated entities’ practices benefit the consumer or, more broadly, competition in the marketplace.

How Congress Should Amend the FTC Act

Although CoA Institute’s recommendations are principally directed to the FTC, Congress should play a key role in reforming the Commission’s enforcement processes.  We propose that legislators amend the FTC Act to allow direct appeals to a U.S. Court of Appeals following an administrative law judge decision.  This would replace the current process by which an appeal is first made to the full Commission.  It would be better to permit respondents to seek appellate relief in an Article III venue, and bypass the full Commission, because the FTC has a remarkable track record of never losing its own administrative appeals.  Regulatory agencies should not be allowed to wear the dual hats of prosecutor and judge.

Ryan P. Mulvey is Counsel at Cause of Action Institute

Click here to access the full comment or read below.


Court of Appeals Rebukes Federal Trade Commission’s Data Security Overreach


JUNE 8, 2018

WASHINGTON, D.C. – In a landmark ruling on June 6, 2018, the Eleventh Circuit Court of Appeals invalidated a Federal Trade Commission (FTC) order against cancer-screening facility LabMD.  The agency had hounded LabMD for years claiming the company violated an undefined data security rule known only to the FTC.  The opinion sends a clear message that the FTC’s enforcement of data security, without publishing any standards, disregards the rule of law, violates due process, and will not be tolerated by the Courts. Cause of Action Institute represented LabMD in the proceedings at the FTC and filed an amicus curiae brief in the Eleventh Circuit on behalf of nine medical doctors harmed by the FTC’s actions.

Cause of Action Institute’s President and CEO John Vecchione commented on the decision:

“The FTC’s lawless bullying of companies and actions that drove LabMD out of business and denied our physician clients’ access to its services have suffered a stern and public rebuke. Standardless regulatory overreach in this case forced the closure of a successful small business even though the FTC has never presented any evidence of consumer harm, nor published any data security standards with which it says the company should have complied.  Notably the 11th Circuit ruled the FTC-issued injunction was so vague and unintelligible that no court could intelligently enforce it.  The Court made no finding and affirmed no decision of the FTC that LabMD had done anything wrong.

“Scores of companies have knuckled under to the FTC’s insistence on ‘consent’ orders to buy peace.  This ruling is a signal that they don’t have to.  The Court signaled that vague, standardless dictates by unelected bureaucrats would not be enforced in Courts of law.  LabMD’s experience in this case is a stark reminder of the costs required to fight a federal agency that is willing to spend millions of taxpayer dollars over more than eight years of investigation and litigation, all in the pursuit of wrong.  We congratulate Ropes & Gray for its representation of this case before the Circuit and LabMD itself for daring to fight the good fight.  We are also proud of our attorneys and Cause of Action Institute’s contribution to that fight.”

In the opinion, the court explained the absurdity of the FTC’s position– namely that the agency requires data security standards without providing any specificity on those very standards.  From the opinion:

“[T]he Commission’s cease and desist order is nonetheless unenforceable. It does not enjoin a specific act or practice. Instead, it mandates a complete overhaul of LabMD’s data-security program and says precious little about how this is to be accomplished. Moreover, it effectually charges the district court with managing the overhaul. This is a scheme Congress could not have envisioned. We therefore grant LabMD’s petition for review and vacate the Commission’s order.”

While the decision may appear to be narrowly related to the cease and desist order at issue in LabMD, in practice, it will have broad ranging implications for how the agency investigates and enforces data security. The Court also recognized the constitutional injustice of the FTC’s enforcement action in this case: “Being held in contempt and sanctioned pursuant to an insufficiently specific injunction is therefore a denial of due process.”  This abuse of due process by going after a company for allegedly violating Section 5 of the FTC Act, but never telling the company what it is actually supposed to have been doing has been a central theme of the LabMD case from the start.

The FTC lost this case before its own FTC’s chief administrative law judge (ALJ) and now before the Eleventh Circuit. The FTC’s disregard of the ALJ’s opinion, when the Commission considered the case at the administrative level, illustrates the unfairness of the FTC enforcement process where the agency acts as its own detective, prosecutor, judge, and executioner. As former FTC Commissioner Joshua Wright explained: “[I]n 100 percent of the cases in which the administrative law judge ruled found no liability, the Commission reversed. This is a strong sign of an unhealthy and biased institutional process.

Read the full opinion here.

Read more about Cause of Action Institute’s efforts to hold the FTC accountable here and here.

About Cause of Action Institute

Cause of Action Institute is a 501(c)(3) non-profit working to enhance individual and economic liberty by limiting the power of the administrative state to make decisions that are contrary to freedom and prosperity by advocating for a transparent and accountable government free from abuse.

For more information, please contact Mary Beth Gombita,

Opposing Government Retaliation Against Free Speech

Cause of Action Institute Files Amicus Brief in Support of LabMD’s Bivens Claim Against FTC Officials

Cause of Action Institute filed an amicus curiae brief (“Brief”) in Michael Daugherty, et al v. Alain Sheer, et al[1] in support of Appellees Michael Daugherty and LabMD, Inc. in their Bivens lawsuit against certain FTC employees in their individual capacities seeking monetary damages. The Brief argues that the Federal Trade Commission (“FTC”) Act does not displace Bivens or immunize First Amendment retaliation, and that  the misconduct and collusion of individual FTC staff directly infected the investigation and administrative prosecution of LabMD after the company’s CEO spoke out against the agency.

In Bivens v. Six Unknown Named Agents of Federal Bureau of Narcotics, 403 U.S.C 388 (1971), the Supreme Court first recognized an implied private action, directly under the Constitution, for damages against federal officials alleged to have violated a citizen’s constitutional rights.

As our Brief argues, Appellees’ complaint “alleges a straightforward First Amendment retaliation claim actionable under Bivens: LabMD’s CEO, Michael Daugherty, publicly criticized the Defendants’ abusive investigation of LabMD. In response, Defendants retaliated by ramping up the investigation to harm LabMD; bamboozling the Commission into authorizing an administrative prosecution based on false pretenses and stolen files; and then continuing to retaliate against LabMD throughout the enforcement action (including by subpoenaing its CEO’s book drafts and allegedly importuning the creation of false evidence for use against LabMD).”

Importantly, the Brief continues, “Defendants’ conduct led to the destruction of LabMD, formerly a thriving cancer-detection business supporting numerous jobs. That is a plausible Bivens claim. Therefore, Appellees should be entitled to discovery and the opportunity to make their case on the merits.”

Cause of Action Institute adamantly opposes any administrative action that exceeds Constitutional bounds. As the Brief states, “[i]t is never permissible for federal law enforcement to retaliate against citizens or businesses for exercising their First Amendment rights, no matter how vigorously law enforcement may disagree with or is offended by the speaker’s message.”

In March, the United States District Court for the District of Columbia partially rejected Defendants’ motion to dismiss. As Judge Tanya Chutkan wrote, “[i]n the court’s view, Plaintiffs’ First Amendment rights to criticize the actions of the federal government without fear of government retaliation are as clearly established as can be, and a serious escalation of an agency’s investigation or enforcement against Plaintiffs for publicly criticizing the agency would appear to violate that clearly established constitutional right.”[2]

In July, the FTC issued a final rule permitting indemnification of FTC employees in certain circumstances for claims made against them as a result of actions taken by them in the scope of their employment.[3] This general statement of policy relating to FTC management and personnel was published without the opportunity for public notice and comment, pursuant to the Administrative Procedure Act. As the agency stated, “[t]his policy is applicable to actions pending against FTC employees as of its effective date, as well as to actions commenced after that date.”[4] According to Bloomberg Law, the “FTC didn’t mention the LabMD case when it rolled out its new liability protection policy, but Daugherty said he believes there’s an obvious connection. ‘We’re hard pressed to believe this isn’t about us,’ he said.”[5]

Nichole Wilson is strategy officer at Cause of Action Institute.

[1] 17-5128 Michael Daugherty, et al v. Alain Sheer, et al (1:15-cv-02034-TSC)


[3] “Indemnification of Federal Trade Commission Employees,” July 5, 2017; Federal Register Number: 2017-14008

[4] Id.

[5] Bloomberg Law, “FTC Tackles ‘Intimidating’ Threat of Lawsuits Against Staff,” Alexei Alexis, July 12, 2017

LabMD and the FTC–Rough Day for the Government

On January 21, 2017 LabMD v. FTC, a case where we here at Cause of Action Institute weighed in with a friend of the Court brief on behalf of affected medical professionals [see brief here], was argued.  You should listen to it here.

CoA Institute also represented LabMD in the FTC proceedings and in collateral federal court actions seeking to halt the FTC’s administrative prosecution in the U.S. District Court for the Northern District of Georgia and in the U.S. Court of Appeals for the Eleventh Circuit. The arguments made here, and seemingly grasped by the 11th Circuit at oral argument, have been made by CoA Institute for quite some time.  This case was heard before three experienced jurists Gerald B. Tjoflat, Charles R. Wilson and Senior U.S District Court Judge Eduardo C. Robreno. (Interestingly, Judge Robreno is within the Third Circuit but sat on the 11th here).

Suffice to say it was not a good day for the ham-handed actions of the FTC in this case. The Court focused on the fact there appeared to be no harm to anyone from the action sued upon.  “A tree fell and nobody heard it, that’s the case we have here,” said Judge Tjoflat (if my memory for voices is accurate).  A nice summary of some of the more pungent comments from the bench were listened to, are found in Westlaw, and transcribed here:

“Counsel, let me put it this way. What the aroma that comes out of this case is that Tiversa was shaking down private industry with the help of the FTC, with the threat of going to the FTC. If you don’t cooperate, we will go to the FTC. It may well be how they got some of their clients…

“That’s an aroma, with falsifications to the commission. The administrative law judge just shredded Tiversa’s presentation, just totally annihilated it.”

In this case, the FTC with no consumer complaints, and no evidence of injury, and with no prior standards issued by the FTC for data security, put a company many physicians relied upon completely out of business. This is so even though the medical privacy act embodied by HIPAA was not violated.

The FTC relied on false information from Tiversa. “Oh, Come on!” said Judge Tjoflat responding to the assertion the FTC did not rely on that information to prosecute the matter.   Their own ALJ heard the facts (presented by CoAI) and destroyed the case and the Commission just overruled it; an appeal to Power and not Reason.  Judge Wilson specifically asked how LabMD would know it’s procedures would violate any standard.

The 11th Circuit already stayed the FTC Order with an Order of its own that bodes ill for Government.  Now we have this oral argument where the FTC was completely friendless.

Douglas Meal of Ropes & Gray, who argued the matter for LabMD, deserves kudos for a job well done. as does the rest of the Ropes & Gray team.  I will also note that Patrick Massari and Michael Pepson did a splendid job on the amicus brief which argument was also mentioned by the Court.

John J. Vecchione is President and CEO of Cause of Action Institute.

Doctors Say FTC Overreach Endangers Patient Welfare

Washington, D.C. – Cause of Action Institute (“CoA Institute”) filed an Amicus Curiae brief on behalf of nine medical doctors who outlined to the court how regulatory overreach by the Federal Trade Commission (“FTC”) has harmed their patients’ welfare. The doctors argue that patients benefit from more competition and more providers of specialized cancer-diagnostic services. When the FTC put LabMD, a small cancer-detection laboratory, out of business for no reason, the FTC harmed the very consumers it was supposed to help.

Many of them former LabMD clients, the Amici doctors offer unique insight into the practical benefits of LabMD’s cancer-detection services.  While in operation, they say that LabMD’s business model was years ahead of its time and its services benefited doctors, healthcare providers, and patients through more accurate tests, reduced costs, and faster turn-around for patients to receive test results.

Congress chose to regulate medical data security by giving the Department of Health and Human Services (“HHS”) comprehensive authority to protect patient health information.  HHS has exercised this authority by creating regulations that set medical data security standards, which it actively enforces. While LabMD was in business, its work required securely storing personal health data and medical records in compliance with these HHS regulations.

In their Amicus brief, the doctors argue that the FTC overstepped its authority to regulate the practice of medicine by imposing new, confusing, and burdensome patient information data security obligations inconsistent with established federal healthcare law through HHS.

The doctors wrote:

Amici doctors are extremely concerned that, given its wholesale lack of healthcare expertise, the FTC’s recent decision to layer conflicting medical data-security requirements on top of those set by federal healthcare law will endanger their patients and have a deleterious effect on the practice of medicine and the patients whose care is entrusted to these providers.”

Ultimately, the doctors conclude that the FTC’s lack of medical expertise will “endanger patient welfare and stifle healthcare innovation.”

“In its disregard for the rule of law and due process, the FTC destroyed a small cancer detection laboratory whose primary mission was to serve its physician-clients and save lives,” said CoA Institute Assistant Vice President Patrick Massari. “The FTC’s ill-conceived foray into medical data security, where it has neither legal authority nor expertise, has endangered patient welfare.”

“The healthcare market does not need another player inserting itself  into the complex field of medicine,” added Amicus Doctor David L. Black, founder of Nashville-based Aegis Sciences Corporation. Aegis performs numerous types of laboratory testing and analysis, including workplace drug testing, prenatal monitoring, behavioral health testing, testing of food supplements to ensure that athletes do not ingest prohibited substances, and toxicology and consulting services to medical examiners, crime laboratories and police departments throughout the country.

Dr. David Black’s extensive work presenting at programs around the nation, authoring dozens of industry publications, and serving as an expert witness for testimony in federal, state, local and international courts of law, has made him a highly-respected industry leader. Dr. Black is acutely familiar with regulators in the healthcare space and has never before heard of the FTC wielding such authority as it has against LabMD in his 30-plus years of experience.


Last year, LabMD appealed a crippling FTC order that found the company’s data security practices were unreasonable. The case is now before the U.S. Court of Appeals in the 11th Circuit.

The agency has already caused irreparable harm to LabMD, forcing the small business to close its doors in 2014. If upheld, the agency’s order would cause continued harm to LabMD, requiring the company to submit to 20 years of monitoring that could cost the company, now virtually defunct, hundreds of thousands of dollars. This brief was filed in support of LabMD’s request to the Court to vacate the FTC’s order.

Amici are as follows:  Dr. David Lee Black, Ph.D., D-ABFT, FAIC, Aegis Sciences Corporation; Dr. Bruce G. Green, MD, FAC, Urology Specialists of Atlanta; Dr. Joan E. Hader, MD, Urology Specialists of Atlanta; Dr. Brian E. Hill, MD, Urology Specialists of Atlanta; Dr. Warren Hitt, MD, Gulf Coast Regional Medical Center; Dr. William L. Nabors, MD, FACS, Urology Specialists of Atlanta; Dr. Robert R. Ross, M.D., F.A.C.S., RTR Urology; Dr. Bradley N. Secrest, MD, Hattiesburg Clinic; and Dr. David C. Stout, MD, Hattiesburg Clinic.

Institutional affiliations of the individual signatories are given for purposes of identification only and do not constitute endorsement by any institution listed with respect to the contents of Cause of Action Institute’s brief.

Read the full Amicus brief here

The FTC Is Appealing Its Loss In The LabMD Case. Here’s What You Need To Know.

Yesterday, the FTC appealed the decision by its Chief Administrative Law Judge to dismiss the agency’s case against LabMD. 

The ALJ ruled “historically, liability for unfair conduct has been imposed only upon proof of actual consumer harm” and that the “record in this case contains no evidence that any consumer…has suffered any harm as a result of Respondent’s alleged failure to employ ‘reasonable’ data security for its computer networks.” Yet the agency continues on, notwithstanding the fact that it has destroyed LabMD, an innovative and effective cancer detection laboratory, apparently only to punish the company’s CEO, Michael Daugherty, for speaking out, and to intimidate anyone else who might dare stand up against the agency.

Every unbiased decision-maker who has reviewed this case, including the FTC’s own Chief Administrative Law Judge, the U.S. House of Representatives Oversight & Government Reform Committee, and a U.S. District Court Judge, has found FTC’s claims against LabMD to be baseless, and its conduct inexplicable and an “embarrassment” to the government.  

Complaint counsel’s appeal of the ALJ’s decision will not be to an independent court, but to the Commission – the very body that decided to sue LabMD in the first place. It is worth noting that one Commissioner has “voluntarily” recused herself because she prejudged the outcome of the case, and the facts suggest other Commissioners also may have conflicts of interest that prevent a fair and level hearing of the matter. This is not a fair fight. 

As former FTC Commissioner Joshua Wright said earlier this year, “in 100 percent of cases where the administrative law judge ruled in favor of the FTC staff, the Commission affirmed liability; and in 100 percent of the cases in which the administrative law judge ruled found no liability, the Commission reversed. This is a strong sign of an unhealthy and biased institutional process…Even bank robbery prosecutions have less predictable outcomes than administrative adjudication at the FTC.”

Nevertheless, Cause of Action looks forward to contesting the FTC’s appeal.  

Ultimately, there will be no vindication for FTC, no matter what the Commission might do, because the agency cannot run and hide from the facts of this case. Thanks to the ALJ, the truth is out. The FTC’s reputation has been severely stained by its cronyism with Tiversa, its abusive overreaching and out-of-control power grab, and its inexplicable decision to waste millions of taxpayer dollars to crush a good and innovative business providing critical, even life-saving, services to doctors and patients.  Based on the facts, Congress and the American people have ample reason to doubt the FTC’s judgment, competence and technical expertise to regulate data security, and there is nothing the Commission can do to make those facts disappear.

Congress Questions FTC’s Evidence Against LabMD

FOR IMMEDIATE RELEASE                                                                                                   

June 12, 2014


 Congress Questions FTC’s Evidence Against LabMD

WASHINGTON – On June 11, 2014 Congress’s chief watchdog, the House Committee on Oversight and Government Reform, advised the Federal Trade Commission (FTC) that the information the FTC obtained from Tiversa, Inc. is “false,” “incomplete” and “inaccurate.”   The Committee also said that it expected the FTC to “cooperate fully” with any subsequent document requests or transcribed interviews with FTC employees.

Cause of Action, a government accountability and transparency organization, has been defending LabMD, an Atlanta-based cancer-detection lab, in an ongoing Federal Trade Commission enforcement action alleging that LabMD’s data security, though not in violation of applicable HIPAA regulations, is unreasonable.

The FTC commenced its four and one-half year assault against LabMD based on information it obtained from Tiversa, Inc. Tiversa is a company claiming to specialize in peer-to-peer network security.

The FTC obtained confidential LabMD patient information from Tiversa in 2009 by way of a sham corporation located in the home of Tiversa’s CEO’s uncle Although Tiversa had a strong commercial interest in the FTC’s commencement of enforcement proceedings, there is no evidence that the FTC took any steps to authenticate Tiversa’s claim that LabMD patient files had been found in multiple places on a peer-to-peer network.  As the FTC and Tiversa were both aware, the unauthorized taking of patient files from a Georgia workstation, by peer-to-peer software or by any other means, is a crime under Georgia law.

To date, the FTC has refused to make public the full nature and extent of its relationship with Tiversa.

According to Dan Epstein, Cause of Action’s Executive Director, “the House Oversight Committee’s investigation should send a message to federal agencies, the President and the courts that the arbitrary abuse of administrative power will not go unchecked.  Cause of Action exists to hold accountable those who so choose to abuse their office.  This is why it has investigated and litigated for LabMD to stop the FTC from arbitrarily expanding and abusing its power by victimizing an entrepreneur who did nothing wrong.  The Committee’s action, and the record of testimony before the Administrative Law Judge and Judge Duffey in the U.S. District Court in Georgia, all lead to a single conclusion:  That the FTC – including its commissioners and staff attorneys – must be stopped.”

Excerpts from today’s hearing before the Chief Administrative Law Judge Michael Chappell of the FTC as well as statements from FTC Commissioner J. Thomas Rosch and U.S. District Court Judge William Duffey all point to the dangers or the FTC relying upon unauthenticated evidence as the basis for targeting LabMD:

Commissioner J. Thomas Rosch from his dissent on June 21, 2012 to the FTC’s denial of LabMD’s request to quash civil investigative demands against the company:

Specifically, I am concerned that Tiversa is more than an ordinary witness, informant, or “whistle-blower.” It is a commercial entity that has a financial interest in intentionally exposing and capturing sensitive files on computer networks, and a business model of offering its services to help organizations protect against similar infiltrations. Indeed, in the instant matter, an argument has been raised that Tiversa used its robust, patented peer-to-peer monitoring technology to retrieve the 1,718 File, and then repeatedly solicited LabMD, offering investigative and remediation services regarding the breach, long before Commission staff contacted LabMD. In my view, while there appears to be nothing per se unlawful about this evidence, the Commission should avoid even the appearance of bias or impropriety by not relying on such evidence or information in this investigation.

Judge William Duffey, from the May 7, 2014 United States District Court Northern District of Georgia hearing in LabMD v. FTC:

THE COURT: But the assistant director has just said that there will be evidence presented before a judicial officer, I guess an administrative law judge, in which somebody will state these nine thousand individuals — information about  individuals in a single record was accessed by an outside source through a file-sharing program that had been installed on LabMD’s computers. You are going to say that there is no evidence of that —that that ever happened, and you are going to believe that you are right, and the FTC, although sometimes I wonder if they are — just how compelling their evidence is, that they are going to claim that they are right, and somebody will make a determination of whether there has been a breach or not. Then the question is — and I do find this — and I think I know enough about this, and I learned a lot from the CID hearing — is that the FTC is going to go into the business of monitoring and investigating and regulating security breaches and that they have decided I think to do that within what they believe is their administrative authority, because I think they went to Congress and Congress wouldn’t authorize that for whatever reason, whether it’s politics or not. But I think there has been no amendment to Section 5 to specifically allow that. But they are taking the position that they have the authority to do that.

During that same hearing, Mr Schoshinski, an attorney representing the FTC, stated:

THE COURT: So sitting here today, you have no idea where the documents came from, whether they came from LabMD or some other source? Is that a fair thing to say?

MR. SCHOSHINSKI: No. We believe they were LabMD’s documents.

THE COURT: Well, they might have been LabMD’s documents, but you don’t know how they got into the possession of the two individuals that you tried to contact that pled guilty to this offense?

MR. SCHOSHINSKI: That’s correct, Your Honor.

THE COURT: So you have no information to establish how those documents were obtained; is that right?

MR. SCHOSHINSKI: That’s correct, Your Honor.

THE COURT: And you are still proceeding on this claim?

MR. SCHOSHINSKI: Yes, Your Honor, because the claim is not concerning that incident alone. It’s concerning —

THE COURT: All right. But are you still proceeding on that claim?

MR. SCHOSHINSKI: We are proceeding on that evidence, Your Honor.

THE COURT: And that evidence relates to other claims, because you have other documents that were found in other places?

MR. SCHOSHINSKI: That evidence relates to the potential injury suffered by consumers as a result of exposure of this information.

THE COURT: Are you serious about that last response?

MR. SCHOSHINSKI: Yes, Your Honor, I am.

THE COURT: So you don’t know where the documents came from, you don’t know how these people got the possession of it, you don’t know whether they originated from LabMD or some other place, but you are going to use that to show that, because they committed identity theft, that certain individuals were damaged by documents, the source of which you don’t even know?

MR. SCHOSHINSKI: Yes, Your Honor.

THE COURT: Holy cow.

From the June 12, 2014 proceedings before the Administrative Law Judge Chappell at the FTC. The “letter” referenced below is a June 11, 2014 letter from the House Oversight Committee to the FTC found here. Ms. VanDruff, counsel representing the FTC, stated:

JUDGE CHAPPELL:  Ms. VanDruff, what part of this letter do you think is not relevant to this proceeding? Stand up and address that question immediately.  I just read paragraph 2.  I want to hear from you.

MS. VANDRUFF:  Your Honor, I didn’t say it wasn’t relevant, Your Honor.  And Mr. Sherman is also copied on this letter and it is Mr. Sherman who raised the issue of Mr. Wallace this morning.  To the extent that Mr. Sherman believed that this letter was relevant to Your Honor’s —

JUDGE CHAPPELL:  You would agree this letter refers to the 1718 File.

MS. VANDRUFF:  Absolutely, Your Honor.

JUDGE CHAPPELL:  In black-and-white, it’s right there.  You would agree it refers to testimony being accurate or not regarding this case.

MS. VANDRUFF:  Yes, Your Honor.  I made no representation to the contrary.

JUDGE CHAPPELL:  Yet you didn’t talk about the letter until I asked you; is that correct?

MS. VANDRUFF:  Your Honor.

JUDGE CHAPPELL:  Until this lady brought it up.

MS. VANDRUFF:  The issue that Your Honor —

JUDGE CHAPPELL:  Were you going to sit there and not tell me about this letter?  Were you going to do that if I hadn’t asked you?  That’s what I want to know.

MS. VANDRUFF:  Your Honor, I was prepared address this letter today.  Mr. Wallace is not our witness, nor is Mr. Boback, and so if it was in the interest of — I don’t know.

JUDGE CHAPPELL:  You don’t think in the interest of truth this information should be disclosed to this court in this proceeding?

MS. VANDRUFF:  I was not withholding the information, Your Honor.

JUDGE CHAPPELL:  We’re trying to get to the truth here, aren’t we?

MS. VANDRUFF:  Of course we are.

JUDGE CHAPPELL:  You don’t think this letter touches on this matter in truth on this matter that we’re having a trial.  You were not going to bring up this letter; is that correct?

MS. VANDRUFF:  No, Your Honor, that is not what I said.  No.  That is not the position of the government, of course not.

JUDGE CHAPPELL:  Then you had plans to offer this letter because it’s relevant?  Is that what you’re doing?

MS. VANDRUFF:  Excuse me, Your Honor?

JUDGE CHAPPELL:  You had plans to offer this as an exhibit?

MS. VANDRUFF:  Your Honor, I don’t think that it is admissible for any purpose in this matter because it is hearsay.  Nonetheless, I think it’s appropriate in the context of Ms. Dickie’s representations to the court regarding Mr. Wallace and the conduct of the committee for Your Honor to have been advised about the current state of the committee’s investigation.

JUDGE CHAPPELL:  This is a letter to the head of the FTC.

MS. VANDRUFF:  Correct.

JUDGE CHAPPELL:  Talking about fundamental matters in this proceeding about truth or veracity, fundamental matters of a source that’s been very helpful to the government I might add in its case based on what I’ve heard.  I’m very disappointed this was not brought to my attention by the government.  Go ahead.

MS. VANDRUFF:  I apologize, Your Honor.  Thank you.