Limewire, LabMD & the FTC – Talking Tech w/ Michael Daugherty
CDT Tech Talks | 2015-11-23 | 21:25
Host Brian Wesolowski sits down with Michael Daugherty to discuss in-depth his recent court win against the Federal Trade Commission, how the long-term experience turned into his recent book "The Devil Inside The Beltway," and more. The issue at hand raises questions about the agency's ability to protect consumers against risky business practices that have not yet led to actual harm.<br><br>Attribution: sounds used from Psykophobia, Taira Komori, BenKoning, Zabuhailo, bloomypetal, guitarguy1985, bmusic92, and offthesky of freesound.org.
Top Keywords
- ruling 0.014
- labmd 0.011
- lawyers 0.011
- book 0.011
- mean 0.009
- lawyers lawyers 0.009
- cancer 0.007
- case 0.007
- company 0.007
- medicine 0.007
- business 0.006
- federal trade 0.006
Transcript
Speaker 0
0:10 – 0:13
Welcome to Tech Talk. Bye. CT.
Speaker 1
0:16 – 1:55
Welcome to CDT's Tech Talk, where we dish on tech and Internet policy while also explaining what these policies really mean to our daily lives. I'm Brian Waslowski, and it's time to talk tech. Since many of you will be listening to this podcast during the short Thanksgiving week, we'll keep the show short with just one segment. Today, we welcome a former small business owner who recently took the FTC to court and won. At CDT, we are committed to bringing diverse perspectives to all of our advocacy work, and this certainly is a unique firsthand perspective. The recent Friday the thirteenth was not a good one for the Federal Trade Commission with a judge ruling against the FTC and its enforcement case against LabMD. LabMD, a cancer detection laboratory, received a complaint from the FTC after some patient records were exposed on a peer to peer file sharing network. Although the records were apparently not downloaded by any outside party, the FTC complaint held that LabMD had put consumers at risk through unreasonable data security practices. The ruling against the FTC is likely to to have implications well beyond this case, raising questions about the agency's abilities to protect consumers against risky business practices that have not yet led to an actual harm. Michael Daugherty, the founder of LabMD and author of the book, The Devil Inside the Beltway, has an amazing cover. If you haven't seen it, you should. Joins us on Tech Talk to discuss this important ruling, share his experience, and talk about this compelling book. Welcome, Michael. Oh, good to be here. Thank you. It's been a long time coming. You're a Michigan alum, so it's amazing to have you on here. It's wonderful.
Speaker 0
1:56 – 2:01
My cardiologist is working overtime with the Michigan football results. Oh, my goodness. I'm
Speaker 1
2:02 – 2:20
tough. No doubt. No doubt. So I read an article after the the ruling just this past Friday that described this case as David versus Goliath with David winning. My hunch is you'd agree with this assessment. Yeah. I you know, it it is, but I really want people to not
Speaker 0
2:20 – 2:53
just look at what happened to us, although that's tragic. But I wanna look at the circumstances and and everyone understand this can happen to anyone, and that's how this the case is impacted. And that's really more around, you know, not being told what standards are, fighting that they shouldn't have to tell us what standards are. And the facts of the case, really makes it amazing to me that they would have even brought a case against us in the first place. And once the facts became public, that they didn't drop the case. I mean, this brings up
Speaker 1
2:54 – 3:09
larger questions about the agency. So why don't you go through a little bit of, you know, for people who haven't read the book or who haven't been following the story Right. What the background is, you know, and then what what process it took you to get to this ruling and then kind of what that ruling means.
Speaker 0
3:09 – 7:14
Well, LabMD It's a lot of questions. It is. But LabMD is a private company I founded, in 1996, and it's a pathology laboratory that there was only at its peak 40 the employees, very small business of cancer detection. We we, small businesses and medicine are important when they focus on small niches, and we were in the niche of prostate cancer and bladder cancer. And so really, every everything came in in jars, tubes, and, you know, and and and, and and blood tubes to analyze cancer. And it was a really successful company that was differentiated itself because we had software that that gave great access and speed of results and eliminated a lot of human data interaction. And so we had we were faster. We took work off the back of the office. We're more accurate. And, and we had really good pathologists had worked at just that area of cancer. So that was the so we were doing quite well. And then out of the blue, like a movie, the phone rings in 2008. Some guy says, we found your, information on a peer to peer network. This is a company that called named TyVersa Right. Out of Pittsburgh. And, again, yes, it's hard to go back seven years. But you go back seven years, and and we're immersed in HIPAA. It's before Assange. It's where people thought the word breach meant a breach birth. You know, we just were not, so many of our clients had just gotten broadband, you know, physician's offices. So it's a different time and but we were so trained in HIPAA, and we're like, okay. Who are you? How'd you get it? We're terrified. Sure. And he wouldn't tell us anything unless we hired him at $475 an hour, and that was a problem. That's not how you work in medicine. In medicine, we're not business. We're collaborative. We're community. You know, when you're in medicine, you're more than just a business. And I said, you have to pay the bills to say to to make the rent clear so you can save the world, but you there's more than just business. So that wasn't a that wasn't a health care security mindset that we got a call from. And so I didn't trust him. I started I refused to communicate with him other than email, and that was a very good thing. And then, we kept looking for the file. We found Limewire on a workstation. It was there without authorization. We still have the state on how it got there because the install date was before the employee joined the company. Oh, wow. It it later got, you know, it's malware. It it was only exposed one folder on one file. And and she it was inadvertently shared one file with 9,000 patients in the other billing department, not the laboratory side. Okay. But the billing side was taken by them, and they sent it to us and they had it. Taken by the company. By the company. Traversea. Again, they downloaded it back to us that day. Oh, wow. So we immediately knew, like, that is a billing file. That is only Limewire. We got rid of it that day, took the file. She didn't have a long tenure with the company after that. She was listening to music. And and while I'll tell you. She did not understand this is 2008 again. You know, the FTC didn't even have p two p on their, you know, website till 2009. This is she did not think she was violating patient privacy or security. She thought she was violating privacy listening to music, and she couldn't figure what the big deal was. Somehow, that got in there. And that's a whole another story about LimeWire, their business, and how the people have said that it's been intended to dupe, but it was there. We got rid of it right away. We couldn't find the file anywhere. This company is calling us saying we wanna remediate it spreading. It could be spreading all over, and we're like, it's we don't find anywhere. And so that's how that happened. And after, we told him to go away, he said later in 2008, he was calling the Federal Trade Commission. And in 2010, the Federal Trade Commission started let us know they were investigating us. They were investigating before then, but they let us know in January 2010 through an 11 pages single state single spaced lawyer special
Speaker 1
7:15 – 7:29
that they were investigating us. And things went downhill pretty quickly from there. And is that the basis then for where the book is? Kind of the initial and Yeah. Do you go tell walk us through the process for sure. The book is I wanted people to understand,
Speaker 0
7:30 – 9:02
what happens to you. And because I it was a learning process for me. So I had to write about my head back then versus my head at the end of the book of two different things. And I learned that to write for social change, you have to regardless of what social change you want, you have to engage people and let them be the decision maker and bring them into story. You can't yell and scream like a diatribe. So I wrote it like a novel. And I and I I document it like a thesis, and then I want the reader to decide story. I also want the readers to see, like, these are the letters these government people send you. This is actually what they write. Like, one of my favorite things was the FTC doesn't want us to use the post office. They want us to use FedEx. I mean, that would just be like, that was just so bizarre. You know? Or some of the things they'd say or some of the things I mean, it's like, this is this is so different than our medical regulation. Our medical regulatory was so clear, so collaborative. Actually, I I I this might sound so weird, but we actually enjoyed each other. I mean, I know it sounds so strange. Develop a working relationship. We worked in for years. We went to our new space. The inspector was so excited. She took her shoes off and ran through it. I mean, that would never happen with the Federal Trade Commission. And so we but we, you know, they're just we just felt like they were out to get us from square one. They wouldn't tell us what we did wrong. They would just hand us consent decrees. So it was a it was a bad relationship from the very early on to find out what did we do wrong, what do we have to do right. So let's jump forward then to today. I mean, just
Speaker 1
9:02 – 9:46
under a week ago, you had a ruling in your favor. Right. I mean, it must make you feel great. Tell us about that ruling. And I'll I'll preface that, of course, with a little bit that there's people at CDT Yeah. And other civil liberties organizations that will say, you know, the ruling whether they agree with you specifically or not, there are elements of the ruling that, are a little bit concerning, you know, especially the ones that could be interpreted to read that the FTC could not hold businesses accountable for risky business practices that don't have a demonstrable harm. So that's probably the part that, you know, we would have some concerns about. But tell us what it means for you. Well, it actually, I I people want me to be so ecstatic and, and I I feel like I'm disappointing everyone last few days.
Speaker 0
9:47 – 14:00
I see us as in a tennis match, and that this isn't over. And this was the first set, and everyone is stunned that we beat the FTC like six love. I mean Yeah. People read this ruling and they go, wow. But I've also learned that people don't get into the details. And and that's what protects agencies from accountability. The facts of the matter, not my opinion, is that there were bad actors that they relied on, that they couldn't prove they verified any evidence. For the FTC to go after cancer detection center with unverified evidence and to say they get to basically say we violate section five, ruin our reputation, create such internal stress, destroy the company, which is exactly what they did. Yeah. That's not okay. So that, you know, no. You can be guilty of a violation if there's no harm. Well, that's notify us. They said in court, there's no have to notify us. They said in court there's no place for businesses to go. I shutter. I don't like centralized power, whether it be in multinational corporations, in big governments, in big anything. I don't like centralized power because as we all know, it's human nature, not government, that that's what happens with corruption. And because they had such centralized power and they want such centralized power, that's great in theory. But what happens is you you aren't held accountable, accountable, and they they they sat with bad actors. They lost the case because all their evidence, they pulled back because they were with a bad actor. And that company was TyVersa, and the judge threw it out because the justice department gave criminal immunity to a witness that said that the IP addresses that they relied upon and told their expert witnesses relied upon were made up lies. And all the Federal Trade Commission had to do was verify evidence like any Department of Justice lawyer one zero one would have done, and we wouldn't be here. So it's chilling to me that people wanna allow an agency to not have not so much have, power if there's no harm, because I can see how the potential it's like saying, you know, well, your your brakes can be bad on your car, but you never crash, so that's okay. That's not what the judge is saying. That's how they wanna select to read this ruling. The judge is saying, you can't haul LabMD in with no evidence. You didn't verify anything. And then, the book is actually what brought all this out, which is amazing to me. That's where I'm stunned. Is this book brought the whistleblower to me. We went to congress. The justice department gave immunity. The or the judge asked for the justice department for him to give immunity. And the the justice department gave the judge permission, if you wanna be technically correct. And that's what blew their case up. And and the federal if you love the FTC or or you're into regulation, you should want them to deal at an appropriate behavioral and professional level. And I'm sorry, they didn't. And this is a bad case for them. That's why they lost. And it'll be worse for them if they appeal. They probably will appeal. Yeah. Do you think they will? Yeah. I do. Because just based on their track record, they they have so much look. There's so much of their power, but, you know, they picked this case. They chose to not verify evidence. They chose to sit in bed. They chose to not disengage from that company even when there was testimony, congressional reports. I mean, you know, we have FOIA, docs to show, you know, actors of of the FTC sitting there trying reaching out to congressmen and staff. A lot of inappropriate behavior that goes on that that just is not okay. So, you know, the icing on the cake is really lovely, and that's how we love the FTC to act, but the cake is not so good. What is if you had,
Speaker 1
14:01 – 14:10
what you know, give me your sound bite on what should the reforms of the FTC be to make it a regulatory agency that actually protects consumers
Speaker 0
14:11 – 15:35
but also doesn't harm businesses. Well, I also yeah. I I think look. Every one that protects consumers in medicine in my world that I've been in for thirty years is collaborative. We don't have lawyers doing inspections on on on medicine. We have medical people. In technology, you have to have technology technology experts. I had two lawyers, then even more lawyers. And in our scheduling conference, we had more lawyers. Lawyers, lawyers, lawyers, lawyers. Lawyers don't care about the truth in technology. Lawyers care about what fits into the law. And when you fit into the law and you don't care about technology because you don't know what you don't know, people get harmed. And the Federal Trade Commission harmed a lot of doctors, a lot of patients, a lot of employees that lost their job because they completely rolled over LabMD. And it's become a fight it's been a become a a fight for their power. And they they, you know, they should have backed off long ago because it's a bad case. They picked a bad case, but they did a bad job because they didn't have job on a bad case. A bad I mean, and and they and I'm I I know, I have a responsibility to all those people that lost their jobs, and I have responsibility to all those people that that that that work in regulation, that that work appropriately. And, you know, coming from medicine and to see such collaborative regulation and to see this, they have to grow up and change. And they must involve the technology world and the business world much more.
Speaker 1
15:36 – 15:57
Good advice. I mean, that's something we approach even in our policy making at CDT. We have technologists. We have policymakers. We have lawyers. Lawyers have a place. Right. And lawyers have a place. Absolutely. We hit in that town. Part of the part of the equation here. So I'm sure that you have some lessons for other people in business, maybe health business specifically. Anything you wanna share,
Speaker 0
15:58 – 17:57
advice that you've learned through this whole process, things you would have done differently or ways You know, it's funny. I would do very little differently, but it's been a terrible thing. But it's been a wonderful thing. I mean, you you it's all your perspective on what happens to you. And I have you know, I'm very depressed that I lost a company. It's it's such a personal tragedy. It is a real tragedy that I struggle with a lot. So I put on 25 pounds and I have to some days I have a hard time waking up. But the other side is I got to write a book. I got to speak to congress. I got to fight back. I get to speak out against them. I I get to, try to make them better. I mean, I I'm not sitting here like some crazy man that says no regulation. You know, that's no. Never heard that from you. No. I I I just they have this this bully pulpit stuff, this centralization of power, I'm really big on no centralized power anywhere. And and that's my biggest thing. If if people would educate themselves on the power that the agencies have, the administrative process, they would be shocked. And that has goes back a a century, and I talk about every talk where Woodrow Wilson wanted these administrative agencies to be areas of expertise. That's what's so ironic. But he also thought that the separation of powers was out date and we'd outgrown it. And that's the huge mistake. The congress and the judicial system allow these agencies to to have their own rules, to allow hearsay. I mean, the FTC relied heavily on a former employee that was fired, but we didn't even know they interviewed him until after they started the case because we weren't didn't know, and and we didn't cross examine before he made a decision. I mean, we could have cross examined him and put a whole new light on that. But, again, it's it's it's there are so many So ruling in your favor. Yeah. So
Speaker 1
17:58 – 18:00
book. So ruling in your favor
Speaker 0
18:01 – 20:34
Yeah. Still days that are tough for you. What's next? What's next? What's now I'm working on another book on the rest of this because what real the book was so I mean, what happened after the book was incredible. So I'm working on the next book, and I'm speaking. I've done I've I've been to Sydney, Australia, and I've been to Europe, and I've been on a lot of radio, and I'm I'm speaking at Black Hat Executive. I've done a lot of I I I just keynoted government security, conference in in Hot Springs. So I'm trying to, you know, be part of the community and and and and and, you know, because cybersecurity now is, like, cutting edge. And I'm one of the few people that have walked through the fire of a regulator. Did you ever think that you'd be cybersecurity expert? I just and I know now I'm, like, on on the board of Snoop Ball, and I've been writing for Cyber Defense magazine. And I'm I know people enter I it's, you know, but it's, you know, so I it I take it as it comes, and it it's it's good. So, you know, I I know this process involves more than just, okay, the ALJ role. A lot of people all weekend were like, oh, you won. You won. I'm like, what did we win? The company's dead. But and also, well, people don't understand us. The commissioners they they took us through this trial that went on for an hour, a year and a half, and the commissioners can just overturn it. Snap of the finger. Oh, wow. And people don't understand how much power they have and the lack of inside FTC interaction oversight so that something so bad can happen. I can't make the commissioners look at that, but they need to look at it. We've already had one commissioner have to recuse herself. And so, it's not over if they decide to go to federal court. But I look forward to federal court because that's where they don't get to allow hearsay, and they don't get to have the judge at FTC dot gov, and they don't get to make their own roles, and they don't get to use lawyers and investigators so you you so that you are not allowed discovery. Have you ever heard that you're not allowed discovery? I mean, folks, it's it's that's the type of stuff, you know, that that that I I'm really motivated to to educate and change. Do you think you'll ever start another business? I'm I don't know. Right now, I'm so exhausted. I really need to heal. There's been a lot of I really need to heal. And but maybe maybe a little bit. But this is sort of I'm still in this, adventure mode. Like, I'm, you know I mean, I can't believe I'm speaking of blackhead executive. I couldn't believe I was speaking of blackhead. I couldn't believe I got flown to Sydney, Australia. I mean, you know, so I don't know yet. You know? Or the book or I I I mean, I have spoken to seven production companies in LA about the book being a movie. That is that is hilarious to me.
Speaker 1
20:36 – 21:20
Never I'm like, oh my. It's just Well, it sounds like you have a lot more to share with a lot more audiences and perhaps on the big screen. So we look forward to that, very, very interesting perspective. I encourage everyone to check out the book, The Devil Inside the Beltway by Michael Dougherty. Thanks so much for joining us on Tech Talk. Great talking to you guys. That's it for this week's CDT Tech Talk. You can find more information about today's topic at www.cdt.org. And if you want to buy Michael's book, be sure to use Amazon Smile and support CDT a bit with every purchase you make. As always, tweet us any questions or topics you'd like us to cover to at sen dem tech. Thanks for listening.