LabMD CEO Takes on FTC with “Devil Inside the Beltway”
On November 24th the FTC decided to appeal the decision of its Chief Administrative Law Judge to dismiss the agency’s suit against LabMD. The FTC will now appeal before the full FTC Commission. In 2013 the FTC brought suit against LabMD for failing to “reasonably protect the security of consumers’ personal data, including medical information.”
The LabMD case has taken many twists and at times resembles more of a cybercrime thriller than a routine federal agency enforcement proceeding. LabMD argues that a security company named Tiversa vastly exaggerated evidence of a data leak by accessing files on LabMD’s own network and claiming they were compromised. Tiversa allegedly attempted to use this information to strong arm LabMD into employing Tiversa’s breach response services. LabMD’s claims of this activity were bolstered when one of Tiversa’s own former investigators testified on the record that Tiversa would convince companies that criminals had already started using stolen information in an attempt to scare companies into hiring the firm. When LabMD denied Tiversa’s services, Tiversa then allegedly turned to tipping off the FTC about LabMD’s security practices, culminating in an investigation and proceeding by the FTC against LabMD. According to LabMD’s CEO this investigation eventually forced LabMD out of business, and with it, the end of his company’s cancer diagnosis technology.
The question on the minds of many observers is: does the protection of customers’ health information merit the end of a small company that is laudably trying to solve serious health problems? According to LabMD’s former CEO, Michael J. Daugherty, the answer is perhaps unsurprisingly a resounding “no way.”
But what is surprising is the extent to which Mr. Daugherty has gone to fight the FTC, even after his company has shut its doors. He has responded with strong moves such as writing a book titled “The Devil Inside the Beltway,” starting a website, and even producing an “eight part saga” on YouTube bringing his book to life. After reading the articles and watching some of the media, I thought this material has too good not to share on the blog:
In light of his campaign, Mr. Daugherty has also started making appearances at security conferences around the United States, including the upcoming Black Hat Executive Summit in Arizona. This is an impressive amount of activism and it will be interesting to see how Mr. Daugherty continues to respond to the ongoing battle between LabMD and the FTC. One day prior to the FTC’s appeal LabMD actually filed a federal lawsuit against the individual FTC lawyers who began the LabMD case, alleging that the FTC lawyers based their suit on “fictional evidence.” It will be interesting to see how both of these cases turn out. The FTC has a lot riding on their appeal and the eventual decision may shape the contours of the Commission’s future authority under Section 5 of the FTC Act to regulate security practices.
Delayed post - but excited to have my USF Law Review Forum article up on their site! In the article I address some of the issues with soliciting securities under the new 506( c ) exemption. Many thanks to the staff editors for the help!
500 Startups to Take Advantage of JOBS Act 506(c) Regulations to Raise 100M Fund
In an interesting development, 500 Startups is launching its third investment fund with the aid of new regulations put into effect by the JOBS (Jumpstart Our Business Startups) Act. A section of the JOBS Act, rule 506(c) of Regulation D, allows companies to raise money by issuing securities using general solicitation. Under a previous exemption from having to publicly register securities, general solicitation was prohibited and the number of investors was capped to 35. (codified as SEC Regulation D Section 506(b) Now, under 506(c) companies in theory can reach out to large groups of investors and individuals to garner investment. However, 506(c) imposes a requirement that all investors that are being generally solicited must be accredited investors.
The company or individual soliciting investment must be reasonably certain that their audience is comprised of accredited investors by conducting background research. The SEC did not provide exact specifications on what would clear this hurdle, however they did provide examples of what would be sufficient, such as examining tax documents or income statements. Understandably, some investors might shy away from having to disclose sensitive income information before investing.
However, 500 Startups appears confident that it can raise a significant portion of its $100 million goal using money raised from general solicitation. 500 Startups is partnering with SeedInvest to launch a portal that will allow users to verify their accredited investor status, thus clearing the 506(c) hurdles. The investors, once verified as accredited, can then learn more about 500 Startups offerings and invest in the funds.
This is one of the first examples of a large fund using the new JOBS Act exemptions to raise money for startup businesses. Eyes will undoubtedly be watching to see if their diligence efforts clear SEC regulations or attract regulatory scrutiny. If successful, it could mean that the often maligned JOBS Act may have introduced effective regulations to foster the startup economy.
Proposed Trade Secrets Act Would Create Federal Right of Action for Misappropriation
Sen. Chris Coons (D-Delaware) has been circulating a bill that would create a federal civil right of action for trade secret misappropriation. The Senator has passed a draft of the bill around to interested parties and IP lawyers. The proposed law is titled the Protecting American Trade Secrets and Innovation Act of 2014 (“PATSIA 2014”). It tracks several former attempts at passing similar legislation.
PATSIA 2014 incorporates the Uniform Trade Secret Act’s definitions of “trade secret” and “misappropriation” as well as providing damages and injunctive relief as remedies. Significantly, the bill involves the misappropriation of a trade secret that is “related to or included in a product, process, or service used in, or intended for use in, interstate or foreign commerce.” (emphasis added). Previous versions only covered a “product that is produced for or placed in interstate or foreign commerce.” This change ensures that the bill covers a wider range of trade secrets, and that injunctive relief can be offered for products intended for use in interstate commerce before they are introduced into the market.
The act will also allow parties to apply for an ex parte seizure of items used in connection with the trade secrets theft. It will be interesting to see if trade secrets misappropriation moves from the domain of state legislation, to allowing companies to bring suit in federal court.
The Dolan Law Firm Relies on California Vehicle Code, Not CPUC Regulations in Suit Against Uber
By Noah Johnson (reposted from GAMA LLP blog)
Christopher Dolan, a well-known Bay Area plaintiff’s attorney, has filed a wrongful death suit against Uber stemming from a tragic New Year’s Eve accident. The accident involved a driver named Syed Muzzaffar, believed to be on the UberX system at the time of the crash. Mr. Muzzaffar was making a turn at Polk St. and Ellis St. in San Francisco when he struck and killed six-year-old Sofia Liu, and seriously injured Sofia’s mother and brother.
In response to the crash, Uber quickly posted “the driver in question was not providing services on the Uber system during the time of the accident.” However, Mr. Muzzaffar’s attorney asserts that his client was logged into the UberX application, had previously picked up a rider that evening, and was waiting to be contacted by another passenger. This presents a question within a legal grey area that has yet to be tested in the peer-to-peer transportation industry. It is a grey area that Dolan will attempt to clarify in favor of his client with the wrongful death suit.
Conspicuously, Dolan largely ignores any of the recently approved regulations by the California Public Utilities Commission (CPUC) that govern companies such as UberX and Lyft. Instead, the complaint focuses on a surprising source of legal authority: the California Vehicle Code (CVC). Specifically, the complaint states UberX compels drivers to violate CVC 23123.5, which prevents drivers from driving a vehicle while “using an electronic wireless communications device to write, send, or read a text-based communication.” The only exception to this regulation is if the device is specifically designed to allow voice operated and hands-free operation, and is actually used in this manner while driving. Additionally, the complaint cites CVC 26708, which restricts the usage of GPS devices to a seven-inch square in the lower corner of the windshield farthest from the driver, or in a five-inch square in the lower corner of the windshield nearest to the driver. Additionally, the regulation states that such a GPS system may only be used for door-to-door navigation while the motor vehicle is being operated.
The complaint alleges that the business activity generated by UberX does not fall under the definition of door-to-door navigation in the CVC. Additionally, Dolan alleges that the UberX application is a GPS device within the meaning of the CVC and that it violates 23123.5 because it facilitates text-based communication.
The complaint goes on to state that violation of these regulations caused Uber to breach a duty of reasonable care towards Sofia Liu and her family and that this breach was the proximate cause of the injuries to the family.
Using the CVC is an interesting legal strategy. It is likely Dolan did not want to stand on the shaky legal ground the CPUC has established for companies such as UberX, Lyft, and Sidecar. The CPUC’s regulations left a number of liability questions largely unanswered. Instead, the firm wanted to find more established regulations that hold more weight with the court. While very few enforcement actions have been taken against private or personal drivers who are using their smartphones as GPS navigation devices, the fact remains that these CVC regulations are codified and technically in effect. While the regulations have not been applied to companies such as UberX to this point, Dolan is definitely forcing the issue in this high stakes case. It will be interesting to watch this case unfold as the future of liability in the transportation industry is decided.
Uber Sued over Death of San Francisco Girl on New Year's Eve by KQED News
Attorney Christopher Dolan Files Complaint Against Uber After NYE Crash
A complaint has been filed against Uber stemming from the NYE crash in San Francisco. I was wondering if and when this was coming and it's now shaping up to be an interesting battle. Christopher Dolan, a well known plaintiff's attorney from the Bay Area, has filed the case against Uber. The story is now making its way across the media. It will be interesting to see who Uber hires in response. Quinn Emanuel, perhaps?
It seems unlikely the case will be quietly settled at this point, since the question of liability is such an important one for Uber. The company now has the unenviable task of managing a public relations nightmare and fighting a tooth-and-nail legal battle against a family mourning the loss of their 6 year old daughter.
I've attached the complaint below, and will post more updates as they become available.
Just before 8p.m. on New Year’s Eve, a mother and her two young children were struck by an SUV while walking in a crosswalk at Polk St. and Ellis St. in San Francisco. One of the children, Sophie Liu, tragically died of her injuries at SF General Hospital. The other two...
On January 10, 2014, the Supreme Court granted certiorari in the case ABC, Inc. v. Aereo from the Second Circuit Court of Appeals. The case pits media heavyweights such as ABC Networks, the NFL and Fox Television against the New York City-based startup Aereo. Aereo was...
Overstock.com began accepting Bitcoin today, becoming the first major U.S. retailer to accept the virtual currency. Many smaller companies accept Bitcoin, but Overstock.com, with its approximately $1.3 billion in yearly revenue, will immediately become the largest...
On Christmas Eve 2013, the organization Gibson Security posted portions of Snapchat’s source code online. The source code revealed weaknesses that allow hackers to download user information from the application. Within days, a website emerged that enables anyone in...
Battle of the Pin Buttons: Pinterest Sues Pintrips
Pinterest has filed a trademark infringement suit against a startup called Pintrips in the U.S. District Court for Northern California. Pintrips is a small travel planning startup that launched in 2012. Pintrips provides travel-planning services such as flight tracking where users “pin” routes they are interested in to monitor prices. There are limited social network elements where a user can interact and share tips with others. Pinterest on the other hand is an internet giant and currently the third largest social network by user count in the United States behind only Facebook and Twitter.
Pinterest alleges that a number of specific actions taken by Pintrips amount to trademark infringement. First is the fact that both sites prominently use a “pin” button that allows users to save information. The complaint alleges that “[a]n important element in Pinterest’s success has been the popularity of its PIN IT button” which allows users to save content on the site. (Pg. 5). Pintrips has a similar button as can be seen from the graphic above. What is interesting here is whether Pinterest will successfully lay claim to the “Pin” button. While not a ubiquitous feature of the internet, the “Pin” feature is used in a variety of applications such as Google Maps for instance. “Dropping a Pin” has become synonymous with letting your friends know if you are in a certain place while using certain apps.
Significantly, Pinterest is stating that it is a social media bookmarking service “for all types of media” while Pintrips is a social media bookmarking service for “information about travel and flights exclusively.” (Pg. 7). Pinterest is attempting to establish that it exclusively owns the trademark rights to “Pin” buttons and “PIN-formative” marks within the realm of social media.
This brings up whether or not Pintrips is a “social media bookmarking service” at all. Pintrips is different from traditional social media sites like Facebook and Pinterest in several ways. First, Pintrips operates as a browser plugin. Once you download the Chrome plugin it sits on top of your existing browser and allows you to pin things as you visit different sites. Second, while Pintrips does allow you to collaborate with others, the service’s main function is to assist people in finding flights and streamlining the travel-planning process. Pintrips is a viable service that users may find useful even if social networking was completely absent from the design. Granted, the social aspect is what makes the service “fun” and would allow it to grow quickly if people adopted the service. But classic social networks such as Facebook or Pinterest do not offer services that can be viably separated from the social component of their business model.
It will be interesting to see if Pinterest can make a convincing argument that there’s a strong “relationship between the goods or services of the parties in terms of utility, use, and trade channels” in line with the likelihood of confusion test for trademark infringement. This factor of the test is not dispositive, but may be weighed heavily. It could come down to how expansive or narrow a definition the court gives to a “social network.” If the court adopts a wide definition, something akin to “a web service that allows users to connect with another” that definition will cover Pintrips. But if the court adopts a narrow definition similar to “a web service that has the primary purpose of connecting users and facilitating relationships using messages, comments, and images” the result could be different.
The question remains to be answered and I may post updates on the docket as the case progresses. The bottom line is that Pinterest is aggressively defending its trademark territory. In this case Pinterest has asked for an immediate injunction of the use of “Pintrips, Pin or any other PIN-formative mark.” Pinterest also requests three times Pinterest’s damages from Pintrips’s use of the marks, or thee time Defendant’s profits. If Pinterest prevails, this will either radically change Pintrips’s identity and brand, or put them squarely out of business.
Geoff Mathieux is the CEO and Co-Founder of Tickengo, a transportation start-up that provides prearranged rides to the airport. I had the opportunity to interview Geoff for Briefs + Bytes. Our conversation is below.
Noah: First off, thanks Geoff for joining me on Briefs + Bytes! So, when did you first have the idea for Tickengo?
Geoff: I had the idea in Paris in 2007. I stepped outside my building with two heavy suitcases to go to the airport, and I just knew there was a better way to do this. I figured there were people around me who wanted to go to the airport, and who would gladly give me twenty Euros for a ride, but I had no way of contacting them. I joined with a couple of partners and started the company. Tickengo was one of the first ridesharing startups and the first to offer easily scheduled rides, especially useful for airport rides, which is our focus. We have invented great technology for this.
Noah: How did Willie Brown get involved with Tickengo?
Geoff: I emailed him a couple of blogs about how ridesharing would change the face of transportation 1.5 years ago. He was interested in the topic as he had dealt with many transportation issues as Mayor of San Francisco and as Speaker of the California Assembly. Ridesharing enabled less traffic, less cars, less pollution and cheaper transportation for all (without raising taxes). We met to chat about Tickengo a few times. When we received a cease and desist letter from the California Public Utilities Commission (CPUC), Mayor Brown agreed to become our lawyer and help with our model of ridesharing, which was the purest form of ridesharing among the four companies who received cease and desist letters (Uber, Lyft, Sidecar and Tickengo).
Noah: Do you see the CPUC ruling as a victory?
Geoff: Absolutely. This is the beginning of a new age of transportation. California is the first state in the country to legalize transportation network companies (TNCs) that allow citizens to become private drivers. I believe it will set off a domino effect across the United States and the world. The CPUC ruling went beyond what we imagined. It shows great foresight by the CPUC and it shows that California is a great place for innovators.
Noah: I know Tickengo pushed for a roughly $8,800 cap on earnings for drivers. This was not included in the ruling. Was this disappointing?
Geoff: We wanted to take the middle ground in negotiations with the CPUC and ensure our model could survive. We argued the cap so they would hopefully allow us to coexist with taxis. Instead, the CPUC created an entirely new category of transportation in California and legalized our entire industry. That works for us.
Noah: The ruling specifically allowed airports to come up with their own regulations. Is that a barrier moving forward?
Geoff: Yes and no. We have to clear our operations with every single airport where we offer service. That is a lot of negotiation. Our whole brand is that we’re the best way to get to the airport. And we are. With Tickengo it’s a $35 flat rate from San Francisco, whereas taxis, Lyft, and Sidecar are usually $55 or more.
However, the ruling gives us legitimacy. We received confirmation from the CPUC that they plan to give us a permit. This is a big step for Tickengo, as airports will look to the ruling as legal confirmation of our business.
Noah: Do you think other states will look to California as a model for regulating this industry?
Geoff: Undeniably. We are a state of innovators and this is a strong reiteration that our government supports young innovative industries. Other states are determining how to approach this issue and they will inevitably keep an eye on California’s model. The judges on the commission knew they were issuing a historic decision and I think they recognized it could become a model across the United States.
The taxi rules were made 100 years ago when telecommunications didn’t exist as they do today. There is safety in email tracking, technology and reputation. No one is going to just disappear without a trace as could have happened 100 years ago without regulated taxis. The ruling promotes competition and that’s really the foundation of our country and innovation.
Noah: Thanks Geoff for speaking with Briefs + Bytes! It will be exciting to keep an eye on Tickengo in this new industry.
CPUC Creates New Category of Transportation Company
On September 19 the California Public Utilities Commission (CPUC) published its decision from a rulemaking session about new transportation companies such as Uber, Lyft, and Sidecar. The decision is a strong victory for new transportation companies, but also leaves open a number of questions. My main takeaways are below.
1) The new category of company is titled a “Transportation Network Company” or TNC. According to the CPUC a TNC is: “A Company or organization, operating in California that provides transportation services using an online-enabled platform to connect passengers with drivers using their personal, non-commercial, vehicles.” (CPUC 65).
A) First, this is a strong victory for Lyft, UberX, and Sidecar. The definition essentially describes exactly the type of services those companies provide. The decision legalizes their business model and later tacks on requirements such as criminal background checks, and minimum insurance levels.
B) However, Uber’s core service that involves the use of licensed livery-car drivers and “black car” sedans, which are owned by livery car companies, is not included under this definition. The TNC definition requires the drivers use their “personal, non-commerical, vehicles.” It will be interesting to see how this develops. I imagine some black car drivers already own their own vehicles, but if they use them for their job at an established livery company, it may be hard to classify them as “non-commercial” vehicles. (CPUC 26).
This may explain Uber’s surprisingly hard line argument throughout the rulemaking process, in contrast to Lyft and Sidecar’s relatively cooperative arguments. Uber essentially argued that the CPUC absolutely does not, and should not have jurisdiction over them. Uber stuck to the argument that they are not a transportation company at all and are only a software platform that connects drivers and passengers. Uber also argued extending Commission regulations would conflict with Federal and State policies involving information service providers. This may merit its own post for further discussion.
2) Picking up Street Hails will remain the exclusive domain of Taxis. The CPUC states that TNC drivers may only transport passengers on a prearranged basis. (CPUC 20). For the purpose of TNC services, a ride is prearranged “if the ride is solicited and accepted via a TNC digital platform before the ride commences.” TNCs are “strictly” prohibited from picking up people impromptu on the street like a taxi.
A) This is somewhat of a victory for Taxis, but may prove not that important of a distinction. With modern smartphones and apps, a ride may be “prearranged” even if a car can be called within seconds. The CPUC asserts two rather subtle guidelines for how rides are “prearranged” by TNCs.
First, before a passenger can even request a ride, the passenger has to download the TNCs “app” and agree to a TNC’s service agreement. There is no such “agreement” when you enter a taxi. Thus, the CPUC states, using a given TNC is at the sole discretion of the user because they chose which TNC service to use.
Second, the CPUC requires that for any particular trip with a TNC the passenger must input both current location and trip destination. In this way, a trip is prearranged because both parties know the pickup location and trip destination. The TNCs must keep a copy of this information, which is considered an “electronic waybill.”
This is interesting because it’s different than the way Uber and Sidecar currently operate. There are ways for users to enter the end location, but it’s not required. It also often changes while the passenger is in the vehicle. It will be interesting to see if the CPUC will allow the proposed waybill before a ride is ordered to be different than the eventual provided ride – or if that violates the notion of “prearranged.”
In an abstract sense, these requirements seem to fit the definition of prearranged. However, as a practical business matter, and the currency that drives all transportation companies – time – this is a minor differentiation. Users want convenient transportation from point A to point B as quickly as possible. If it takes the exact amount of time (or less) to enter a “to and from” destination and hail a TNC as it does to “street hail” a Taxi, this creates no real difference between the services. I would argue this is another victory for TNCs.
3) The CPUC outright rejects Lyft and Sidecar’s contention that the services operate for a “donation” and not a fee. (CPUC 19). Lyft and Sidecar argued that their business model only supports “voluntary” payments and are thus donations that should not be regulated.
The CPUC refers to previous rulings that transportation offered by business enterprises without monetary charge still fits under the definition of “compensation” if the organization sponsoring the trip receives a “business benefit.” Even if the payment is voluntary, Sidecar and Lyft still take a percentage fee of the donation and receive a business benefit. At a minimum, the CPUC reasons that the increased patronage and usage of the smartphone application for each service contributes to the growth of the business. This falls under the definition of business benefit.
4) The CPUC is staying out of the jurisdiction of airports to allow them to create their own regulations. The transportation of individuals to and from the airport is a major source of revenue for these companies. Uber charges a flat rate to travel to SFO for instance, and all the companies have encountered crackdowns on their services within the confines of airports.
The CPUC decision puts it quite bluntly, “TNCs shall not conduct any operations on the property of or into any airport unless such operations are authorized by the airport authority involved.” (CPUC 33). This may provide airports with additional leverage, because repeated infractions may allow the CPUC to revoke TNC status, which would be devastating to a young company.
5) Interestingly, TNC status will only be granted to companies “utilizing smart phone technology” to coordinate transportation of passengers. (CPUC 25). This seems overly absolute by the CPUC. Why can’t services use 3G enabled iPads or tablets that use chat, or VOIP, as the main means of communication? Where do you draw the line between today’s large touchscreen “smartphones” and small tablets? Is this a necessary distinction? This may not prove significant down the line, but it reflects some of the disconnect between regulation and evolving technology – the lines between smartphone and other devices are still in flux.