Michael Daugherty

Government consumer protection lawyers are supposed to be the good guys, the ones in white hats sticking up for the citizenry.

Which is why it's particularly upsetting when it turns out they're in the wrong—as was the case with the Federal Trade Commission's misguided (and by misguided, I mean demented) pursuit of LabMD.

Now, it's likely to cost taxpayers $843,000 after a special master on Tuesday recommended that the government pay LabMD's legal fees.

"LabMD was a defendant who obtained complete success defending itself from the government," wrote U.S. Magistrate Judge Walter Johnson in a 75-page report that shreds the FTC's case from beginning to end.

Jenna GreeneIt's sweet vindication for LabMD founder Michael Daugherty, who stubbornly refused to settle, even when continuing to fight the FTC cost him his company, a small Atlanta-based medical testing provider. 

"It's never been about the money," he said. "I knew I could never live with myself if I settled over something like this."

"Anyone who wasn't as pissed off and half-crazy as me," he continued, would have rolled over and cut a deal with the FTC. "It would have been the smart business move."

Instead, Daugherty, who was represented over the years by lawyers from firms including Ropes & Gray; Cause of Action Institute; Dinsmore & Shohl; James W. Hawkins, LLC and Wilson Elser fought back. 

Eventually, he won, first before the U.S. Court of Appeals for the Eleventh Circuit, and now—the cherry on top—in an Equal Access to Justice Act petition for fees. 

I've been following this case for years, and it's exceptionally ugly.

Some background: The FTC in 2013 sued LabMD, which at its height had 30 employees, over a supposed cybersecurity breach. The agency alleged that the company's lax data security practices violated Section 5 of the FTC Act.

Cybersecurity breaches were a bit more novel six years ago, but even then, this one was small potatoes. 

According to the FTC, a careless LabMD employee in 2008 downloaded an application on her work computer to share music—but also inadvertently shared an insurance file containing sensitive medical and personal information of 9,300 consumers.

Cybersecurity company Tiversa Holding Corp. supposedly "found" the file, contacted LabMD and asked for $40,000 to fix the "breach." Daugherty declined their services.

Tiversa then allegedly told Daugherty it was giving its LabMD file to the FTC.

Lo and behold, the next thing you know the FTC is at LabMD's door. 

Sketchy? Oh yes. But that's not the half of it.

Because—as the special master noted—there was apparently never an actual breach. 

"The lack of substantial justification for the FTC's prosecution of LabMD goes back to the very beginning of this matter and arose from the inappropriate relationship between Tiversa and the FTC and its unquestioning reliance on what turned out to be false assertions by Tiversa," Johnson wrote. 

"The record shows that Tiversa infiltrated LabMD's network in 2008, copied the [file] notified LabMD that it had a copy of the [file], and repeatedly asked LabMD to buy its breach detection services, falsely claiming that copies of it were being searched for and downloaded on peer-to-peer networks."

And the FTC went along with it, lending its muscle to Tiversa's threats like some dumb goon in a tank top. Which is madness. It's like they should be suing themselves for consumer protection violations. 

Credit is due to FTC Chief Administrative Law Judge D. Michael Chappell. He oversaw the LabMD trial, which involved 39 witnesses and 1,080 exhibits. In 2015, Chappell issued a lengthy decision siding with LabMD.

One key: He found that there was "no evidence that any consumer whose personal information has been maintained by LabMD has suffered any harm as a result of respondent's alleged conduct."

That should have been the end. Instead, three agency commissioners led by then-Chairwoman Edith Ramirez overruled Chappell and handed the FTC the win. Which c'mon, is just embarrassing. 

On appeal, the FTC lost resoundingly before the Eleventh Circuit. 

As the special master noted, during oral arguments before the appellate panel in 2017, Judge Gerald Bard Tjoflat commented on the impropriety of the FTC's relationship with Tiversa, stating: "[T]he aroma that comes out of the investigation of this case is that Tiversa was shaking down private industry with the help of the FTC."

Johnson in his recommendation also pointed out that the FTC didn't deny its investigation was fueled by Tiversa's fraudulent claims, or that the FTC's prosecution was based on Tiversa's false testimony and fabricated documents.

And yet, agency lawyers including Alain Sheer, Laura Van Druff and Ruth Yodaikan refused to back down. 

"Even if the FTC could be excused for not verifying the facts before issuing a complaint (which it should not be), it became clear during the trial before the ALJ that the Tiversa's assertions about the spread of the [file] were lies," Johnson wrote. "Instead of dismissing the case, which is what Judge Tjoflat said should have happened, the FTC kept going after LabMD."

He concluded, "The FTC encountered in LabMD an opponent who was not buying what the FTC was selling. In response, the FTC crushed LabMD."

The legal fees are small recompense.