So there you are, minding your own business, running a company that provides a much-needed medical service – lab analysis of specimens to help doctors diagnose and treat cancers and other dread diseases. And out of the blue you find you are under attack by your own government.
Michael Daugherty, founder and CEO of LabMD, has been through hell, at the hands of the “Devil Inside the Beltway”.
His story defies logic and reason. Why would the federal government – specifically the FTC – join forces with a for-profit extortionist hacker to wreak havoc on a private company? And how could our court system not recognize theft of personal data as a crime?
Here’s the story, in a nutshell: In 2008 a LabMD employee, against company policy, installed a peer-to-peer (P2P) file-sharing application called LimeWire to her computer so she could share music files with other subscribers. She just wanted to listen to music. Unfortunately, this opened a port which made other data on her computer accessible to outsiders. And an opened port is all the Devil needs to do his evil work.
In this case, the Devil is a company named Tiversa, Inc. – the self-proclaimed “World Leader in P2P Cyberintelligence”. Tiversa developed a program which scours the internet, looking for open P2P ports and any tasty files that might be exposed, in the hope that a particularly delectable file might be useful for the purpose of extortion.
During the very short time that the LabMD employee’s computer was vulnerable, Tiversa grabbed a file that included patient data including social security numbers, medical codes, etc. – information that could be used by a bad actor for identity theft, blackmail, or other nefarious purposes. And what did Tiversa do with their ill-gotten booty? First they attempted to extort LabMD with an expensive, open-ended and loosely-defined service contract. When LabMD CEO Daugherty logically told them to take a hike, they turned the file over to the FTC as an indictment of LabMD’s failure to protect their clients’ data.
This is where it gets crazy.
The federal government is there to protect and serve its constituents, right? You would think that if somebody hacks into your computer system, and steals your sensitive information and then blackmails you with the release of it, the feds will help you nail them. Right?
Instead, the FTC, typical of today’s over-reaching federal bureaucracy, decided to join forces with the bad guys to beat up on one of those despicable, “for-profit” private businesses. “You didn’t build that!” , they declare. “And we will punish you for your success!”
Instead of pursuing the people who aggressively sought to steal sensitive data (they claim their program performs exponentially more searches than Google) the FTC went after the victims of the theft. Most of their victims acquiesced to the relentless FTC pressure and accepted demands for consent decrees (guilty without proof). LabMD and Michael Daugherty took a courageous stand against this extortion, and continue their brave battle today.
The obvious questions beckon: what is the relationship between the top brass of the FTC and for-profit hackers like Tiversa? Will the federal courts recognize data as property, and accept theft of data as theft of property? And most importantly – when a federal agency like the FTC (or the IRS or EPA) lines up its infinite roster of taxpayer-funded lawyers against an individual or private company with limited resources in a ideological battle, is there any hope that justice will prevail?
Cyber-security is the 600 pound gorilla in the room. Our government admits that China, North Korea, and Russia routinely hack our government databases. It’s bad enough that foreign bad guys feverishly work at worming their way into our national databases. How can we tolerate our own government cooperating with extortionist hackers who attack our private data?
Tom Balek – Rockin’ On the Right Side
Do you promise not to tell?
Closer, Let me whisper in your ear,
Say the words you long to hear,
I’m in love with you!