Suit claims ex-Bryan Cave partner hid client's hack using FBI tools she supplied while a prosecutor
Shutterstock.com.
A former partner with Bryan Cave Leighton Paisner is accused of directing a client to hide from the Federal Trade Commission that his cybersecurity firm disclosed patient data obtained with spying software she had supplied while as a federal prosecutor battling child pornographers.
Mary Beth Buchanan is accused in a lawsuit filed by the cancer-screening company LabMD, report Law360 and Bloomberg Big Law Business in a story noted by Above the Law. The negligent and fraudulent omissions suit, filed April 28 in federal court in Manhattan, names Buchanan and Bryan Cave as defendants.
The suit claims LabMD was hacked by the cybersecurity firm Tiversa Inc., which secretly used the government’s surveillance software. Tiversa disseminated the data on a peer-to-peer file sharing network and then offered LabMD its remediation services, the suit says.
When LabMD refused to hire Tiversa, the cybersecurity company reported LabMD to the Federal Trade Commission for a security breach, claiming patient data was taken by identity thieves, according to the lawsuit. The FTC then brought a data security enforcement action against LabMD in August 2013.
Buchanan represented former Tiversa employee Richard Wallace in the FTC action beginning in January 2015, the suit says.
Buchanan had given Wallace the FBI surveillance software in 2007 when she was U.S. Attorney for the Western District of Pennsylvania, according to the suit. Buchanan had worked with Tiversa to prosecute child pornographers.
Wallace used the surveillance software to obtain LabMD’s data. However, he was fired from Tiversa when he refused to lie under oath about the company’s use of the data in its “shakedown scheme,” the suit says.
He then became a whistleblower and joined with LabMD’s former CEO in a qui tam suit against Tiversa. He was given immunity for his FTC testimony, which meant he would have faced no legal jeopardy for revealing his use of the software, the suit says.
Tiversa also used the FBI software to identify other targets for FTC investigations of leaked consumer information, making the cybersecurity firm an agent of the FTC, the suit says.
LabMD claims Buchanan directed Wallace to omit from his FTC testimony that she had given him access to the surveillance tools. The suit also alleges that Buchanan’s representation of Wallace before an FTC administrative law judge was a violation of the Ethics in Government Act, which bars former government employees from trying to influence federal agencies in matters in which they personally participated.
“Buchanan’s self-interest in keeping her violation of [Ethics in Government Act] secret and her participation in Tiversa’s wrongdoing was so extreme that she was willing to jeopardize her client’s immunity by directing him to omit critically important and material facts from his testimony,” the suit alleges.
Bryan Cave told the American Lawyer that Buchanan has left the firm to become an in-house lawyer at one of firm’s clients. “This move had been planned for many months and has nothing to do with the lawsuit or its allegations,” the firm said.
Updated: Wallace emailed a statement to the ABA Journal on May 22. He said the lawsuit allegations are “irresponsible and reckless” and, “None of the allegations contained in the complaint are true.”
“The false allegations contained in the lawsuit are upsetting because Bryan Cave Leighton Paisner and Ms. Buchanan’s legal representation on my behalf was always outstanding,” the statement said.
Corrected on May 10 to remove reference to LabMD as a defunct company. It is still a company, though it is not currently performing lab tests. Updated to report that Buchanan left Bryan Cave to become an in-house lawyer. Updated on May 22 to report on Wallace’s statement.
