• Complaint by LabMD alleges former U.S. Attorney and Bryan Cave partner Mary Beth Buchanan gave FBI surveillance tools to Tiversa Inc.
• Tiversa allegedly used tool to hack LabMD, then released patient data to P2P site and alerted FTC when company refused “remediation” service
• Buchanan unethically represented whistleblower in FTC proceeding to keep him from divulging how Tiversa got hacking tool, complaint says
A little-noticed lawsuit filed in New York federal court last weekend accuses a former federal prosecutor of unethically preventing a whistleblower from telling the FTC that he hacked an embattled company’s files using “FBI surveillance software” that the prosecutor gave him.
The lawsuit, filed April 28, makes explosive allegations against former U.S. Attorney Mary Beth Buchanan and Bryan Cave Leighton Paisner LLP, the global megafirm where she is now a partner.
The plaintiff is LabMD Inc., a cancer-screening lab that says it went out of business after falling victim to a “shakedown scheme” by a cybersecurity firm that hacked the lab’s files—and then reported it to the FTC when it refused to pay for “remediation” services.
LabMD has sued the cybersecurity firm, Tiversa Inc., in Pennsylvania federal and state court, and is also actively litigating civil rights claims against FTC investigators who relied on Tiversa to bring a data security prosecution that LabMD blames for its demise.
LabMD’s latest complaint highlights facts that have come to light in the other cases, which have survived motions to dismiss.
But the new lawsuit—filed in the U.S. District Court for the Southern District of New York—adds striking allegations about Buchanan’s relationship with Tiversa, a company that is now being investigated by the U.S. Attorney’s Office that Buchanan once ran.
In 2013 the FTC initiated a data security enforcement action against LabMD, alleging that a file containing cancer patient information was stolen from the company’s computers and had been found on a peer-to-peer file-sharing network.
The complaint says Tiversa used the FBI tool to hack a LabMD computer and obtain “a 1,718-page LabMD file containing confidential personal health information.” The company allegedly disseminated the file and reported the alleged data breach to the FTC, after LabMD refused to pay for Tiversa’s “remediation” services. LabMD produced an email it received from Tiversa’s owner, Robert J. Boback, offering those services.
The complaint says Tiversa’s actions came to light during the FTC action because of immunized testimony from Richard E. Wallace, a former Tiversa employee who was fired for refusing to lie under oath about the company’s alleged crimes.
Buchanan entered an appearance in the FTC action, representing Wallace in his role as a whistleblower. The LabMD complaint says that violated the Ethics in Government Act, which prohibits former government officials from participating in matters related to work they did while in government.
LabMD alleges that Buchanan’s relationship with Tiversa dated back to 2007, when she was U.S. Attorney for the Western District of Pennsylvania. The complaint alleges that, in that role, Buchanan “called upon Tiversa, Boback and Wallace to help her office identify, locate, surveil, secure evidence from and prosecute child pornographers.”
To assist in that task, Buchanan allegedly “authorized the Pittsburgh FBI office to install a dedicated DSL line in Wallace’s home office” and gave him access to “FBI proprietary surveillance software and equipment,” the complaint alleges.
The complaint says that FTC officials knew that Buchanan’s involvement in the enforcement action violated the Ethics in Government Act—and that they used that knowledge to shape Wallace’s testimony, by getting him to agree “not to disclose that he and Tiversa had acted as government agents in the FTC investigations.”
LabMD says Buchanan had her own interest in appearing in the FTC matter: ensuring that Wallace didn’t reveal that she had given him access to the FBI surveillance tools.
“Buchanan’s self-interest in keeping her violation of [the Ethics in Government Act] secret and her participation in Tiversa’s wrongdoing was so extreme that she was willing to jeopardize her client’s immunity by directing him to omit critically important and material facts from his testimony,” the complaint says.
The complaint says Buchanan’s actions doomed LabMD’s defense in the FTC enforcement action. It says Buchanan’s actions also damaged a defamation claim that LabMD and its founder, Michael J. Daugherty, have brought against Tiversa and Boback, and a qui tam suit that Daugherty and Wallace brought against Tiversa.
The complaint says that because Daugherty and Wallace are partners in the qui tam action, “Buchanan and BCLP had a special, fiduciary and privity-like relationship with Daugherty that imposed on them a duty to impart correct and complete information.”
The complaint asserts claims for “negligent omissions” and “fraudulent omissions” against Buchanan and Bryan Cave Leighton Paisner.
The law firm did not respond to Bloomberg Law’s request for comment.
‘Hi-Tech Protection Racket’
In 2015, congressional investigators released a report titled, “Tiversa Inc.: White Knight or Hi-Tech Protection Racket.” The report is attached as an exhibit to LabMD’s complaint, which catalogs some of the findings.
The complaint says Tiversa has admitted hacking and stealing confidential information from corporations, government entities, and individuals.
Examples of confidential corporate files Tiversa allegedly admitted taking include product launch plans, merger and acquisition plans, employee performance evaluations, and reports about clinical drug testing trials that occurred before FDA approval.
Examples of personal confidential files Tiversa allegedly admitted to taking include individual tax returns, credit reports, and psychiatric records.
Tiversa allegedly admitted taking government information such as FBI investigative files, “including, for example, surveillance photos of an alleged Mafia hit man that were ‘leaked’ while he was on trial,” and information disclosing “the identities of NSA employees,” the complaint says.
The case is LabMD, Inc. et al v. Bryan Cave Leighton Paisner LLP et al, S.D.N.Y., No. 1:18-cv-03790, complaint filed 4/28/18.