Did LabMD, the now-defunct cancer testing company, expose sensitive patient information with shoddy data security practices as U.S. regulations have charged, or was the company victimized by a private forensics firm extorting it for business – raising the troubling question of whether the entire case against LabMD was built on a false premise.
That is a central question in Daugherty et al. v. Sheer et al., a case pending before the U.S. Court of Appeals for the D.C. Circuit. LabMD has asked the court to reconsider its decision that two Federal Trade Commission lawyers are immune from a lawsuit filed against them by LabMD, charging that its First Amendment rights were violated when the FTC lawyers engaged in a “deliberate and successful effort to cause the Commission to authorize an enforcement action” based on misrepresenting critical facts in the case. LabMD has charged that FTC lawyers Alain Sheer and Ruth Yodaiken recommended that the commission start an enforcement action that “was laced with lies.”
As readers of this blog know, the FTC sued LabMD in 2013, claiming that poor security practices allowed medical information about 9,300 patients to be exposed on peer-to-peer network LimeWire, which was often used for downloading music. LabMD vehemently denied the charges.
The crux of LabMD’s argument is that the D.C. Circuit suffered from a “fundamental misunderstanding of the technology at issue,” and that there is no basis to conclude that LabMD’s file with sensitive patient information “was ever publicly available.” Instead, LabMD argues, the sensitive patient file – which had been on a company computer that had LimeWire installed on it – was never publicly available but that a forensic firm trolled peer-to-peer networks in a “profit-motivated shakedown” and accessed the patient file through the LimeWire connection.
“Mail deposited in millions of U.S. mailboxes every day is ‘available’ to anyone but it is not considered ‘publicly available’ despite the ease with which mail can be taken from so many boxes,” argues LabMD.
Earlier this year, the D.C. Circuit dismissed LabMD’s case against the FTC lawyers, concluding that the lawyers had qualified immunity because – even if their motives were retaliatory – that did not automatically mean that their actions were unconstitutional if there is another legitimate basis for them. It was undisputed, the court found, that a “data-security breach underlying the FTC’s investigation” provided the alternative cause for the enforcement action.
It is this conclusion that LabMD argues is fundamentally at odds with the record.