IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF GEORGIA ATLANTA DIVISION
LabMD, Inc.,
Plaintiff, Case No. 1:21-cv-3525-MLB v.
United States of America,
Defendant.
________________________________/
OPINION & ORDER Plaintiff LabMD, Inc. (“LabMD”) sued the United States of America claiming the Federal Trade Commission acted improperly in a civil enforcement action. (Dkt. 5.) Defendant moved to dismiss pursuant to Fed. R. Civ. P. 12(b)(1) and 12(b)(6). (Dkt. 22.) The Court GRANTS Defendant’s motion. I. Background Plaintiff LabMD previously operated a cancer detection laboratory. (Dkt. 5 ¶ 4.) It claims that, sometime before 2007, the U.S. Attorney for the Western District of Pennsylvania (Mary Buchanan) retained Tiversa Holding Corporation (a company that provides cyber and data security services) to assist the Federal Bureau of Investigation in locating digital evidence of child pornography. (Dkt. 5 ¶¶ 41, 45.) As part of this, the
FBI gave Tiversa access to a programed called the “enhanced peer-to- peer sharing program” (“eP2P”). (Dkt. 5 ¶ 42.) That program allows a user to search peer-to-peer networks for child pornography. (Dkt. 5 ¶ 52.)
A. Tiversa’s Alleged Shakedown Scheme and Partnership with the FTC
Plaintiff LabMD claims Tiversa misappropriated the eP2P system. (Id.) Specifically, it claims Tiversa used the system to access private companies’ networks and steal personal health information, protected personal information, and other valuable data. (Id.) Plaintiff claims that, after launching such an attack, Tiversa manipulated the data to
make it appear an unauthorized user had stolen the data, created false Internet Protocol packets to make it appear the stolen data was available on the Internet, contacted the victim company to explain it had suffered
a cyber-attack (from an unidentified entity), and offered its cyber- security recovery and monitoring services to remediate the alleged attack. (Dkt. 5 ¶¶ 53, 55.) Plaintiff says that, if the company refused to
hire Tiversa, Tiversa “reported fabricated data security breaches” to the Federal Trade Commission (“FTC”). (Id.) Plaintiff refers to this as Tiversa’s “shakedown scheme.” (Id.)1
According to Plaintiff, the FTC became aware of Tiversa’s investigations and wanted access to its information to identify companies for civil enforcement investigations. (Dkt. 5 ¶¶ 64, 71-73.) The FTC
considered issuing subpoenas to Tiversa. (Id.) Tiversa, however, did not want to be identified as the source of information it provided the FTC.
(Dkt. 5 ¶ 73.) So, the FTC—acting through attorneys Alain Sheer, Ruth Yodaiken and Carl Settlemyer—proposed Tiversa create a pass through company called “The Privacy Institute.” (Id.) That would allow the FTC
to subpoena information from the company while disguising Tiversa’s role. (Dkt. 5 ¶¶ 71-81.) Tiversa did that. B. Tiversa Targets Plaintiff and Works With the FTC to Manipulate Data
Plaintiff contends that, in 2008, Tiversa used the eP2P program to breach its network and steal its confidential patient information—
1 Plaintiff also includes a variety of allegations regarding other misconduct by Tiversa, including stealing blueprints for a helicopter used by President Obama and financial information belonging to Justice Breyer. (Dkt. 5 ¶ 59.) None of those allegations are relevant to Plaintiff’s claims against the United States, and the Court will not consider them. specifically a document referred to as the “1718 File.” (Dkt. 5 ¶ 97.) Tiversa then contacted Plaintiff, claimed it had found the 1718 File on
the Internet, said the file was “spreading over the Internet,” and tried to sell Plaintiff its remediation services. (Dkt. 5 ¶¶ 98-101.) Because Plaintiff could find no evidence of an actual breach, it refused to hire
Tiversa. (Dkt. 5 ¶¶ 99-100.) In an alleged act of retaliation, Tiversa told the FTC that Plaintiff
had suffered a security breach and (through The Privacy Institute) gave the FTC a copy of the 1718 File. (Dkt. 5 ¶ 101.) The FTC then began talking with Plaintiff about the alleged data breach. (Id.) Plaintiff
believed no intrusion had occurred and refused to accept a consent decree. (Dkt. 5 ¶ 82.) The FTC, therefore, began preparing a civil enforcement action against Plaintiff. (Id.) But it faced a problem. To
prosecute Plaintiff successfully, the FTC would have to show Plaintiff’s patients were harmed by the 1718 File having spread across the Internet. (Dkt. 5 ¶¶ 83-84.) The information Tiversa provided the FTC, however,
showed the file had not done so. Plaintiff says Sheer met with Tiversa employees to explain this problem. (Dkt. 5 ¶ 88.) Plaintiff claims that, “by sharing with Tiversa their need for ‘spread,’ the FTC investigators should have known and had reason to know that they created pressure on Tiversa to provide the needed information.” (Id.)
Plaintiff alleges that, in response to this pressure, Tiversa “manufactured ‘proof’ of spread.” (Dkt. 5 ¶¶ 88-89.) Specifically, in October 2013, Tiversa created a “.txt file” to show four San Diego IP
addresses on the 1718 File to make it look (falsely) like the file had been “found” in California. (Dkt. 5 ¶¶ 107-08.) Plaintiff claims Tiversa did
this, not only to fabricate evidence of “spread,” but also to make it appear the file was still available on the Internet as of November 2013. (Dkt. 5 ¶ 108.) Plaintiff says Tiversa did this to “bolster” the FTC’s claims
against Plaintiff. (Id.) Indeed, Plaintiff claims Tiversa did this after FTC attorney Sheer specifically told Tiversa the FTC needed evidence the file had “spread” across the Internet to make the prosecution of Plaintiff
worthwhile. (Dkt. 5 ¶ 87.) The FTC used the doctored file to pursue a civil enforcement proceeding against Plaintiff. (Dkt. 5 ¶ 107.) An administrative law judge
ruled in Plaintiff’s favor, but the FTC reversed that decision and issued a cease-and-desist order against Plaintiff. (Dkt. 5 ¶¶ 112-114.) The Eleventh Circuit reversed. (Dkt. 5 ¶ 115.) The Eleventh Circuit did not reverse the order because it concluded the FTC engaged in the type of misconduct alleged here. Rather, it found the order unenforceable
because it did not enjoin a specific practice but rather mandated a complete overhaul of Plaintiff’s data-security program without adequately explaining what Plaintiff was required to do. LabMD, Inc. v.
Federal Trade Commission, 894 F.3d 1221, 1237 (11th Cir. 2018). C. Plaintiff Sued the FTC
Plaintiff now claims the entire enforcement proceeding against it was bogus—having been manufactured by Tiversa with the knowledge and willing participation of several FTC employees. Plaintiff claims the
FTC brought and pursued its civil action against Plaintiff even though it knew (or should have known) that Tiversa had altered the 1718 File as explained above, that the unaltered file showed Plaintiff had never
suffered a data breach, and that individuals at the FTC worked with Tiversa to manipulate and falsify the evidence against Plaintiff. (Dkt. 5 ¶ 110.) In other words, Plaintiff alleges the FTC conspired with and
aided and abetted Tiversa to obtain confidential information from Plaintiff that the FTC knew or should have known did not support an enforcement action but commenced and continued an enforcement action anyway. (Dkt. 22-1 at 2.)
Plaintiff filed an administrative complaint with the FTC on September 4, 2020. (Dkt. 5 ¶ 39-41.) The FTC rejected Plaintiff’s complaint as barred by the statute of limitations but added it would have
also rejected the claim on the merits. (Dkt. 5 ¶ 44.) Plaintiff now sues the United States for negligence and negligence per se under the Federal
Torts Claims Act (“FTCA”). (Dkts. 5 ¶ 116-133.) Plaintiff also filed two previous lawsuits related to Tiversa’s alleged hacking of the 1718 File. In November 2015, Plaintiff sued Alain Sheer and the two other FTC
attorneys allegedly responsible for the FTC’s improper investigation. (Dkt. 22-2.) In April 2018, Plaintiff sued Mary Buchanan. (Dkt. 22-3.) II. Standard of Review
A. Motion to Dismiss Pursuant to 12(b)(1) A motion under Fed. R. Civ. P. 12(b)(1) challenges the Court's subject matter jurisdiction. “A motion to dismiss for lack of subject
matter jurisdiction ... can be based upon either a facial or factual challenge to the complaint.” McElmurray v. Consol. Gov't of Augusta- Richmond Cty., 501 F.3d 1244, 1251 (11th Cir. 2007). “A ‘facial attack’ on the complaint ‘require[s] the court merely to look and see if [the] plaintiff has sufficiently alleged a basis of subject matter jurisdiction, and
the allegations in [their] complaint are taken as true for the purposes of the motion.’” Id. A factual attack, however, challenges the underlying facts supporting the Court's jurisdiction. Odyssey Marine Exploration,
Inc. v. Unidentified Shipwrecked Vessel, 657 F.3d 1159, 69 (11th Cir. 2011). When evaluating a factual attack, “the district court is not
obligated to take the allegations in the complaint as true.” Id. Instead, the Court “may consider extrinsic evidence such as deposition testimony and affidavits.” Id. And from this evidence, the Court may
“independently weigh the facts, and is not constrained to view them in the light most favorable to the non-movant.” Id. B. Motion to Dismiss Pursuant to 12(b)(6)
“To survive a motion to dismiss, a complaint must contain sufficient factual matter, accepted as true, to state a claim to relief that is plausible on its face.” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009). “A claim has
facial plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Id. This requires more than a “mere possibility of misconduct.” Id. at 679. Plaintiff’s well-pled allegations must “nudge[] [his] claims across the line from conceivable to plausible.” Bell Atl. Corp.
v. Twombly, 550 U.S. 544, 570 (2007). III. Discussion A. Timeliness
A defendant may raise a statute of limitations defense in a motion to dismiss for failure to state a claim “when the complaint shows on its
face that the limitation period has run.” Avco Corp. v. Precision Air Parts, Inc., 676 F.2d 494, 495 (11th Cir. 1982). “A tort claim against the United States shall be forever barred unless it is presented in writing to the
appropriate federal agency within two years after such claim accrues.” 28 U.S.C. § 2401. “The general rule is that a claim under the FTCA accrues at the time of injury.” Diaz v. United States, 165 F.3d 1337, 1339
(11th Cir. 1999). “In certain situations, such as medical malpractice, the claim may accrue at a later date,” i.e., “when the plaintiff knows of both the injury and its cause.” Id. “The rationale behind the modified rule is
to protect plaintiffs who are blamelessly unaware of their claim because the injury has not yet manifested itself or because the facts establishing a causal link between the injury and the [Defendant] are in the control of the tortfeasor or are otherwise not evident.” Id. “Under this rule, the plaintiffs need not know that [they have] a legally cognizable claim for
the claim to accrue and may not bury [their] head in the sand once [they are] put on notice that the government may have caused an injury.” Id. Since Plaintiff filed its administrative complaint with the FTC on
September 4, 2020, the claim is time-barred if it accrued before September 4, 2018.2 28 U.S.C. § 2401. The United States argues
Plaintiff’s two prior lawsuits, Sheer and Buchanan, show the statute of limitations on Plaintiff’s claim has run.3
2 FTCA claims are actionable for more than two years after accrual if equitable tolling applies. United States v. Wong, 575 U.S. 402 (2015). That means a court usually may pause the running of a limitations statute in private litigation when a party has pursued his [or her] rights diligently but some extraordinary circumstance prevents him [or her] from meeting a deadline.” Id. at 408. Plaintiff argues the Court should apply equitable tolling here but does not point to any “extraordinary” circumstance. (Dkt. 31 at 22-23.) So, the Court will not apply it. 3 Although Plaintiff did no not include the Sheer and Buchanan complaints in its filings, the Court may consider them without converting Defendant’s motion to dismiss into a motion for summary judgment: “a court may take notice of another court's order ... for the limited purpose of recognizing the ‘judicial act’ that the order represents or the subject matter of that litigation.” Haddad v. Dudek, 784 F. Supp. 2d 1308, 1324 (M.D. Fla. 2011), citing United States v. Jones, 29 F.3d 1549, 1553 (11th Cir.1994). See also Universal Express, Inc. v. U.S. S.E.C., 177 F. App'x 52, 53-54 (11th Cir. 2006) (taking judicial notice of a complaint filed in another judicial district when deciding a motion to dismiss). Importantly, the court is not taking notice of the contents of the The Court agrees. Assuming the claim accrued at the time of the injury, the Sheer and Buchanan complaints show Plaintiff’s claim
accrued before 2015 because the injury in those complaints are the same injury alleged here. Id. But some courts have applied a more forgiving standard for accrual, deciding a plaintiff must be aware of both the injury
and its cause. See, e.g., Nunnelee v. United States, 972 F. Supp. 2d 1279 (N.D. Ala. 2013), aff'd, 573 F. App'x 886 (11th Cir. 2014). Even under
this standard, the Court agrees the statute of limitations has run. In the Sheer complaint, Plaintiff essentially alleged the same thing it alleges here—that Sheer (one of the FTC attorneys referenced
repeatedly in the amended complaint) conspired with Tiversa to manufacture evidence that the 1718 File had spread across the Internet for the purpose of advancing the FTC’s claim against Plaintiff. More
specifically, Plaintiff alleged in the Sheer complaint that “Tiversa had,
complaints for their truth, but rather to determine Plaintiff’s knowledge of relevant facts. Cf. Campo v. Granite Servs. Int'l, Inc., 584 F. Supp. 3d 1329, 1335, 36 (N.D. Ga. 2022) (not considering Plaintiff’s declaration from a prior case because “defendants rely on [plaintiff’s] declaration for more substantive purposes, such as for the proposition that [plaintiff] performed the exempt duties or responsibilities of an executive.”). without any authority, accessed and downloaded (‘hacked’) the 1718 File from a LabMD billing computer in Atlanta, Georgia on February 25,
2008.” (Dkt. 22-2 ¶ 49.) It alleged “Sheer [and other FTC attorneys] learned or should have learned in the spring of 2009 that the only source of the 1718 File was an IP address for LabMD in Atlanta, Georgia”—
meaning it had not been breached. (Dkt. 22-2 ¶ 71.) And it alleged “[n]either Tiversa nor The Privacy Institute ever provided any evidence
that the 1718 File had proliferated on a peer-to-peer network. Sheer, Yodaiken and Settlemyer knew this but, on information and belief, consciously disregarded and failed to disclose these facts to responsible
individuals at the FTC.” (Dkt. 22-2 ¶ 105.) So, back in 2015, Plaintiff knew the central facts of its current claims—Tiversa hacked Plaintiff, the FTC knew or should have known the 1718 File had been manipulated,
and the FTC concealed the 1718 File’s origin from other FTC officials in order to pursue its bogus claim against Plaintiff. Plaintiff also knew of the government’s alleged role in its injury
when it sued Buchanan in April 2018. In that complaint, Plaintiff alleged Tiversa “used the [P2P] software” to steal the 1718 File and that, while “[t]he FTC’s investigation of LabMD lasted over three and a half years, . . . [t]he FTC never revealed the fact that Tiversa found and downloaded the 1718 File exclusively from a LabMD billing computer in Atlanta.”
(Dkt. 22-3 ¶¶ 24, 29.) Again, key facts from Plaintiff’s present claim, including the government’s role. Plaintiff appears to concede most of its current claims are time-
barred because its sole substantive response to the statute of limitations argument is that Plaintiff only learned in October 2018 that FTC officials
instructed Tiversa to remove metadata from the 1718 File. (Dkt. 30 at 19.) In support, Plaintiff cites paragraphs 105 and 106 from its current complaint. The former alleges neither Plaintiff nor its CEO “had access
to any notice that Tiversa had removed metadata from files given to the FTC until attorney notes that contained this information were first made available to them on or about October 26, 2018, in a different lawsuit.”
(Dkt. 5 ¶ 105.) The second alleges “Sheer had indicated to Tiversa how to provide him with actionable files, including stripping metadata on the 1718 File’s IP address.” (Dkt. 5 ¶ 106.) These are references to the
manipulated 1718 File. As explained above, Plaintiff’s core factual allegations against the FTC in this case are, first, that Tiversa created a “.txt file” to show four San Diego IP addresses on the 1718 File to make it look (falsely) like the file had been “found” in California and, second, that the FTC knew this but used the fraudulent file anyway. (Dkt. 5 ¶¶
107-08.) Plaintiff made the same allegation in the Sheer complaint. It alleged Tiversa manufactured evidence of spread by creating a file
(identified in Sheer as “CX0019”) that added false information pertaining to four IP addresses (including one in San Diego) and by making it appear
the file had NOT been found in Atlanta (that is, removing the actual Atlanta IP address). (Dkt. 22-2 ¶146.) Plaintiff also specifically alleged the FTC (through Sheer) was actively involved in the purported
malfeasance. It alleged Sheer and other FTC staff members told Tiversa they did not have enough evidence to investigate certain companies. (Dkt. 22-2 ¶ 94.) So, Sheer (and other FTC lawyers) “expressly or tacitly
agreed and conspired in 2009” with Tiversa to provide the FTC with false evidence of source and spread. (Id.) In so doing, FTC lawyers “conspired to deprive” Plaintiff of its constitutional rights. (Id.) Plaintiff alleged
Sheer, and other FTC lawyers, knew “Tiversa would, upon request for additional evidence, manufacture and provide false evidence of source and spread.” (Dkt. 22-2 ¶ 98.) Plaintiff further alleged Sheer and other FTC attorneys “expressly or implicitly conspired to allow this to happen and thereby deprived [Plaintiff of its] constitutional rights.” (Id.)
Finally, Plaintiff alleged in 2015 that Sheer knew that information it obtained from Tiversa through The Privacy Institute “was fraudulent but proceeded with the evidence anyway.” (Id. ¶ 146.)
This means Plaintiff knew it had a claim against Sheer and the FTC well before 2018. Plaintiff’s current contention that Sheer “indicated”
how to manipulate evidence—that is, Sheer was the “idea guy,” gave the directions, or acted as the leader—just goes to the role he allegedly played in the malfeasance. Regardless of that detail—at least by the time of the
Sheer complaint—Plaintiff knew of its allegation that Sheer was in on the use of bogus metadata to prosecute Plaintiff. So, it knew it had a claim against the United States.
Plaintiff’s claims are barred by the statute of limitations and must be dismissed pursuant to Fed. R. Civ. P. 12(b)(6). Harris v. United States, 627 F. App'x 877, 879 (11th Cir. 2015) (considering motion to dismiss
based on the time bar in § 2401 under Federal Rule of Civil Procedure 12(b)(6), not 12(b)(1), because the time bar is “non-jurisdictional.”) B. Subject Matter Jurisdiction As a general principle, the United States “may not be sued without
its consent.” United States v. Mitchell, 463 U.S. 206, 212 (1983). In the FTCA, however, the federal government waives its immunity for some actions. It allows a person to sue the United States “for injury or loss of
property, or personal injury or death caused by the negligent or wrongful act or omission of any employee of the Government while acting within
the scope of his office or employment.” 42 U.S.C. § 1346(b)(1). In other words “[w]hen the United States, if a private person, would be liable to a claimant, the FTCA provides a limited waiver of sovereign immunity to
permit imposing liability on the government for an injury caused by the negligent or wrongful act or omission of any government employee who is acting within the scope of his office or employment.” Reed v. U.S.
Postal Service, 288 F. App'x 638, 639 (11th Cir. 2008). Plaintiff asserts claims for negligence and negligence per se, thus ostensibly asserting claims falling within the scope of the waiver.
The FTCA’s waiver, however, is subject to several statutory exceptions, two of which are relevant here. First, the FTCA does not waive sovereign immunity for claims arising from “the exercise or performance or the failure to exercise or perform a discretionary function or duty.” 28 U.S.C. § 2680(a). This is called the discretionary function
exception. Second, the FTCA does not waive sovereign immunity for “[a]ny claim arising out of assault, battery, false imprisonment, false arrest, . . . misrepresentation [or] deceit.” 28 U.S.C. § 2680(h) (emphasis
added). This is called the intentional tort exception. 1. Discretionary Function Exception
The United States argues that, based on the allegations in the complaint, the FTCA’s discretionary function exception applies, and the Court lacks subject matter jurisdiction. (Dkt. 9 at 11.) The United
States’s motion is a facial challenge under Rule 12(b)(1), and the Court limits its review to the allegations in the complaint and views those allegations in the light most favorable to Plaintiff. Brignac v. United
States, 239 F. Supp. 3d 1367, 1373 (N.D. Ga. 2017). The Court uses a two-prong test to determine whether the “discretionary function exception” applies. United States v. Gaubert, 499
U.S. 315, 322 (1988). The first prong asks whether the challenged conduct involves “an element of judgment or choice.” Id. The second prong asks whether the judgment is grounded in considerations of public policy because “the purpose of the exception is to prevent judicial second- guessing of legislative and administrative decisions grounded in social,
economic, and political policy.” Id. at 323. “At the pleading stage, [Plaintiff] must allege a plausible claim that falls outside the discretionary function exception.” Douglas v. United States., 814 F.3d
1268, 1276 (11th Cir. 2016). If the discretionary function exception applies, the Court lacks subject-matter jurisdiction over the claim. Moore
v. United States, 2014 WL 949985, at *4 (N.D. Ga. Mar. 11, 2014). a) FTC Investigations Are Discretionary in Nature
An act is discretionary in nature unless “a federal statute, regulation or policy specifically prescribes a course of action for an employee to follow.” OSI, Inc. v. United States, 285 F.3d 947, 952 (11th Cir. 2002)). That is, whether the government employees lacked the authority and discretion to deviate from a mandated procedure or,
alternatively, whether they had some element of choice in the actions allegedly giving rise to liability. See Berkovitz by Berkovitz v. United States, 486 U.S. 531, 544 (1988) (The discretionary function exception
does not apply where “[t]he agency has no discretion to deviate from [its] mandated procedure.”) Plaintiff identifies multiple applicable regulations or statutes it claims prescribe an FTC employee’s conduct, including regulations
requiring FTC employees to perform their duties “in accordance with the laws of the United States” and to maintain “integrity and confidentiality” of documents as well as a federal criminal law that prohibits the
alteration of records with the intent to influence an investigation. (Dkt. 30 at 14-15 (citing e.g., 16 C.F.R. § 2.5 (“Commission investigators are
authorized to exercise and perform the duties of their office in accordance with the laws of the United States and the regulations of the Commission.”); 18 U.S.C. § 1519 (prohibiting the alteration of records
with the intent to . . . influence [an] investigation).) But a “[a] general statutory duty”—like the duty to perform one’s job or to comply with the law while doing so—does not allow Plaintiff to escape the discretionary
function exception. Brown v. United States, 2022 WL 16744392 at * 3 (N.D. Ga. Nov. 4, 2022). Plaintiff argues “[a] federal employee directing a third party to
trespass or convert the rightful property of a private party for use as evidence against that lawful owner is never within [an employee’s] discretion.” (Dkt. 31 at 14.) It cites Hatahley v. United States, 351 U.S. 173, 181 (1956) in support of this proposition, claiming the Supreme Court has already found that "trespass" falls outside the discretionary
function exception. That is not correct. In Hatahley, federal rangers systemically and discriminatorily killed horses belonging to the Navajo Nation. Id. at 176-77. A federal statute expressly required them to
provide the Navajo Nation notice before doing so. Id. at 178-80. They had no discretion but failed to provide notice. Id. The Supreme Court
thus found the rangers’ actions constituted “wrongful trespasses not involving discretion.” Id. at 181. Plaintiff has not pointed to a similar statute here that expressly controlled the way Sheer and the other FTC
employees were required to act. So, Plaintiff has not identified “a federal statute, regulation, or policy [that] specifically prescribes a course of action for an employee to follow,” OSI, Inc., 285 F.3d at 952, and the
United States meets the first prong of the discretionary function exception. b) FTC Investigations Are Susceptible to Policy Analysis
In assessing the second prong, “[t]he focus of the inquiry is not on the agent's subjective intent in exercising the discretion conferred by statute or regulation, but on the nature of the actions taken and on whether they are susceptible to policy analysis. If the decision could objectively be made on policy grounds within the discretion afforded the
decision maker, then we presume that the act was grounded in policy whenever that decision is employed.” Cosby v. U.S. Marshals Serv., 520 F. App'x 819, 821 (11th Cir. 2013).
Plaintiff characterizes its claims against the FTC as “theories of cyber conversation and trespass” arising from the FTC wrongfully
“indicat[ing] to Tiversa how to provide it with actionable files, including stripping the metadata on the 171 File’s IP address.” (Dkt. 30 at 14 (citing Dkt. 5 ¶ 106).) While those are part of Plaintiff’s factual
allegations, Plaintiff is actually challenging the FTC’s decision-making in its investigation and prosecution of Plaintiff. In the negligence claim, Plaintiff alleges (among other things) that the FTC breached is
“nondiscretionary duties . . . and exceeded its permissible discretion in its conduct of its investigation and civil enforcement action”; breached its “duties and exceeded its permissible discretion in its conduct of its
investigation and civil enforcement against [Plaintiff]”; and “brought and pursued an unlawful and improper investigation” of Plaintiff in a manner that “exceeded its permissible discretion.” (Dkt. 5 ¶¶ 119-124.) Plaintiff’s negligence per se claim similarly also focuses on the FTC’s investigation and prosecution, claiming that, as part of the investigation, the FTC
violated Georgia laws protected computers and computer networks. (Id. ¶¶ 127-132.) The relevant question here is whether the FTC’s mandate to
conduct investigations and enforcement actions is subject to policy analysis. The Eleventh Circuit and numerous other courts have
concluded investigatory and enforcement decisions by regulatory agencies are susceptible to policy analysis and fall with the discretionary function exception. In Goble v. Ward, 628 F. App'x 692, 700 (11th Cir.
2015), for example, a plaintiff sued the SEC for conversion under the FTCA, claiming the United States “intentionally stole and appropriated . . . computer equipment, office supplies, and proprietary and confidential
information.” Id. at 700. But the United States took the plaintiff’s property “as part of the SEC's investigation.” Id. So the Eleventh Circuit found the United States’s conduct was still subject to policy analysis. Id.
The Court of Appeals explained the “subjective intent” of the government employee (for example in stealing or cheating) is irrelevant. Id. (“[W]e reasonably assume that the SEC investigators ground their investigative decisions on policy considerations.”); see also Illinois Metro. Inv. Fund v. United States, 773 F. App'x 540, 541 (11th Cir. 2019) (claim “USDA
negligently investigated [a financial institution’s] statements about its operations, principals, and auditor, which proved to be false” barred by the discretionary function exception because “decision of how much
investigation to conduct is precisely the type of governmental decision that the discretionary function exception was designed to protect.”);
Hartje v. F.T.C., 106 F.3d 1406, 1408 (8th Cir. 1997) (“The district court correctly found that Rushkoff was performing a discretionary function while conducting the FTC enforcement action in his position as FTC
Counsel.”); Garrett’s Worldwide Enterprises, LLC v. United States, 2015 WL 11825762, at *5 (D. Kan. Mar. 6, 2015) (“The decision to monitor, investigate, and enforce regulations governing the shipment of
hazardous materials is conduct which involves an element of choice and is the kind of decision that implicates policy concerns relating to accomplishing the agency's mission.”)
The Court agrees with these cases. When deciding whether or how to conduct investigations and enforcement actions, the FTC “may balance its policy goals alongside its available resources in reaching such decisions.” LeMaster v. United States, 521 F. Supp. 3d 815, 825 (D. Minn. 2021). Plaintiff cannot avoid this authority by classifying the FTC’s
investigatory conduct here as criminal or borderline criminal. The discretionary function exception bars Plaintiff’s claims. 2. Intentional Tort Exception
The United States also argues Plaintiff’s claims are barred by the intentional tort exception because Plaintiff’s claims allege
misrepresentation and deceit. (Dkt. 22-1 at 13, 18.) As explained, the exception exempts from the waiver of sovereign immunity any claim “arising out of” misrepresentation deceit, or certain other torts. 28 U.S.C.
§ 2680(h) (emphasis added). “The phrase ‘arising out of’ is interpreted broadly to include all injuries that are dependent upon one of the listed torts having been committed.” Zelaya v. United States, 781 F.3d 1315,
1333 (11th Cir. 2015). “So, a claim will be deemed to have arisen from a § 2680 excepted tort if the governmental conduct that is essential to the plaintiff's cause of action is encompassed by that tort. And this is so even
if the plaintiff has denominated, as the basis for the cause of action, a tort not found within § 2680(h)'s list of excepted torts.” Id. “In other words, a plaintiff cannot circumvent the misrepresentation [or deceit] exception simply through the artful pleading of its claims. Instead, the misrepresentation [or deceit] exception applies when the basis for the . .
. action is an underlying claim for misrepresentation [or deceit].” Id. at 1334. a) The Claims Sound in Misrepresentation
“Misrepresentation” is a breach of the “duty to use due care in obtaining and communicating information upon which [another] may
reasonably be expected to rely.” United States v. Neustadt, 366 U.S. 696, 706 (1961). “Deceit” refers to a “deliberately false representation.” Id. at 707. So, “the essence of an action for misrepresentation, whether
negligent or intentional, is the communication of misinformation on which the recipient relies.” Omnipol, A.S. v. Multinational Def. Servs., LLC, 32 F.4th 1298, 1306 (11th Cir. 2022); Alvarez v. United States, 207
F. Supp. 3d 1291, 1301 (M.D. Fla. 2016) (“misrepresentation exception covers direct miscommunications by government employees, implied misrepresentations, and failures to communicate, and applies to both
negligent and intentional misrepresentations”).4
4 By defining the “misrepresentation exception” as covering both negligent and intentional miscommunication, many courts treat misrepresentation and deceit as one. See Alvarez, 207 F. Supp. 3d at Plaintiff challenges governmental conduct that involved alleged misrepresentation and deception. Plaintiff alleges, for example, the FTC
“never revealed” the 1718 File was “taken directly and only from LabMD, which meant that there was no security breach to investigate or about which to bring an enforcement action,” (Dkt. 5 ¶ 2) and the FTC “had
reason to and should have revealed, but failed to ever reveal . . . not only to [Plaintiff] but also to the FTC administrative law judge, the FTC
Commissioners, and the US Court of Appeals for the Eleventh Circuit” that “Tiversa . . . had changed the metadata on the LabMD files provided to the FTC, and the FTC had taken action based on those changes.” (Dkt.
5 ¶ 34) (emphasis added). Much of Plaintiff’s complaint alleges FTC investigators knew the 1718 File was manipulated, yet they failed to disclose, i.e., communicate, this to officials both within and outside the
FTC, allowing the investigation and enforcement action to go forward.5
1301; Lawrence v. United States, 340 F.3d 952, 958 (9th Cir. 2003). To avoid duplicity, the Court does the same here. Any reference to the “misrepresentation exception” from this point of the opinion thus refers to both negligent and intentional acts. 5 The fact that the FTC made the allegedly false representations to third parties, rather than Plaintiff, is immaterial for purposes of the misrepresentation exception. JBP Acquisitions, LP v. U.S. ex rel. F.D.I.C., 224 F.3d 1260, 1266 (11th Cir. 2000) (“Moreover, it does not matter for purposes of the misrepresentation exception whether the This failure to communicate, whether negligent or intentional, puts the complaint squarely within the misrepresentation exception. See Goble,
628 Fed. Appx. At 698-99 (misrepresentation exception barred negligence claim against the United States based on its negligent representation of “false corporate financial and operational information to the Courts,
which resulted in a needless Temporary Restraining Order, liquidation, and destruction of [Plaintiff] as an operating firm.”)
b) Plaintiff Cannot Hide Behind Trespass and Conversion
Plaintiff’s response concedes some portion of its complaint falls within the misrepresentation exception. (Dkt. 31 at 6.) (“The Intentional Tort Exception—Which Includes Misrepresentation and Deceit—Does Not Dictate Dismissal of the Entire Complaint.”) (Emphasis added.) But Plaintiff argues that part of its claim in Count II, which alleges the FTC aided and abetted Tiversa in converting the 1718 File in violation of
Georgia statutes on computer theft and trespass, are actionable under the FTCA. (Dkt. 31 at 7-13.) Claims for trespass and conversion are not
misrepresentations causing [Plaintiff’s] claims were made directly to it or to some third party.”); see also Schneider v. United States, 936 F.2d 956, 960 (7th Cir. 1991); Baroni v. United States, 662 F.2d 287, 288–89 (5th Cir. 1981). barred by the intentional tort exception, but “a plaintiff cannot circumvent the misrepresentation exception simply through the artful
pleading of its claims.” Zelaya, 781 F.3d at 1334. The question is whether “the basis for the ... action is an underlying claim for misrepresentation.” Id.
The Eleventh Circuit’s decision in Evergreen Marine, Ltd v. United States, 789 F. App'x 798, 799 (11th Cir. 2019) is instructive. There,
Plaintiff purchased a vessel in “reliance on the U.S. Coast Guard’s representation that the vessel was unencumbered by a mortgage or other lien. In fact, the vessel was subject to a mortgage, and the mortgage
holder later seized the vessel and initiated a foreclosure action.” Id. Plaintiff sued under the FTCA and argued the misrepresentation exception did not apply “because the United States’s breaches of its
regulatory duties to maintain vessel documentation records were both distinct from any representation it made concerning those records and also breaches of common law duties under state law.” Id. at 799-800. But
the Eleventh Circuit disagreed: “If the plaintiff’s injury is based on the communication or miscommunication of information upon which others might be expected to rely in economic matters, § 2680(h) applies to bar the claim. But if the plaintiff alleges injury suffered independently of his reliance on the misrepresentation, § 2680(h) does not apply.” Id. at 800-
801.6 Because the injury in Evergreen arose from “a commercial decision—purchasing a vessel encumbered by a mortgage—that [the plaintiff] may not have made had the [United States] not negligently
failed to communicate the existence of the mortgage on the vessel,” the misrepresentation exception applied. Id. at 801. Like in Evergreen,
Plaintiff’s injuries arise from the FTC’s investigation and civil enforcement action against it, which only occurred because of certain FTC officials’ alleged misrepresentations regarding the 1718 File.
Plaintiff alleges no independent injuries resulting from the FTC’s control over the 1718 File (like some injury from trespass or conversion). Rather, the entire injury resulted from the false representation of what the
metadata for the file allegedly showed.
6 Plaintiff argues the misrepresentation exception does not apply because “[w]hile there may be common factual and legal questions to both a misrepresentation/deceit theory and Count Two, the claims under Georgia law are distinct and focus on separate, actionable conduct.” (Dkt. 31 at 12.) But the relevant inquiry is not whether there is separate conduct, but rather whether the injury arises from that separate conduct. Evergreen, 789 F. App'x at 800. Here, it does not. Plaintiff’s reference to the Supreme Court’s decision in Block v. Neal, 460 U.S. 289, 298 (1983), does not help either. In that case, the
Supreme Court determined misstatements by a federal employee that the construction of the plaintiff’s home complied with applicable industry standards did not invoke the misrepresentation exception to the FTCA
because those misrepresentations were not really part of the plaintiff’s negligence claim. Id. Instead, the plaintiff’s claim arose from the United
States’s alleged failure to use due care in supervising the construction of the home. Id. The plaintiff in Evergreen (like Plaintiff here) cited Block to try to avoid the misrepresentation exception. Evergreen, 789 F. App'x
at 802. But the Eleventh Circuit found “unlike in Block, the sufficient cause of the injury was not the breach of a duty that was distinct from the duty not to miscommunicate.” Id. It explained the plaintiff “would
have suffered no injury caused by the [United States’s] failure to maintain accurate records absent the [United States’s] communication of its inaccurate record to [Plaintiff].” Id. The same applies here. The
FTC’s alleged involvement in the conversion or theft of the 1718 File would have inflicted no injury on Plaintiff had the FTC not allegedly misrepresented the legitimacy of the file or falsely asserted Plaintiff had suffered a breach. So the misrepresentation exception bars Plaintiff’s claim.
3. Private Analogue Defendant also claims the Court lacks subject matter jurisdiction because “there is no private person analogue for Plaintiff’s claim.” (Dkt.
22-1 at 1, 27.) This is a reference to the core concept that the FTCA waives sovereign immunity only in “circumstances where the United
States, if a private person, would be liable to the claimant in accordance with the law of the place where the act or omission occurred.” 28 U.S.C. § 1346(b)(1). The FTCA requires courts to look to the “state-law liability
of private entities, not to that of public entities, when assessing the Government’s liability under the FTCA in the performance of activities which private persons do not perform.” United States v. Olson, 546 U.S.
43, 46 (2005). Courts thus adhere to this “private person” standard, even when uniquely governmental functions are at issue. Id. at 43. And it is well-established that “the violation of a federal statute or regulation by
government officials does not of itself create a cause of action under the FTCA.” Hornbeck Offshore Transp., LLC v. United States, 569 F.3d 506, 509 (D.C. Cir. 2009). Further, the FTCA makes the United States liable “in the same manner and to the same extent as a private individual under like circumstances.” 28 U.S.C. § 2674 (emphasis added). “[T]he words
‘like circumstances' do not restrict a court's inquiry to the same circumstances, but require it to look further afield.” Olson, 546 U.S. at 46.
Plaintiff’s claims related to the FTC’s failure to disclose information about the 1718 File to other government officials, and the subsequent
enforcement action, are based solely on the FTC’s duties under federal law and regulations. Plaintiff seems to concede as much, because Plaintiff’s response brief addresses only its claim rooted in trespass and
conversion. (Dkt. 31 at 16.) The Court thus only addresses Plaintiff’s allegation that the FTC aided and abetted Tiversa in converting the 1718 File. Plaintiff points to Georgia law on computer theft, which includes a
civil right of action. See O.C.G.A. § 16-9-93(g). Defendant, on the other hand, cites cases finding no private analogue when the claims are premised upon agencies’ investigatory responsibilities. (Dkt. 22-1 at 28-
29.)7
7 The cases Defendant cites are all distinguishable. In all but two, courts found no private analogue because the duty at issue arose exclusively from federal law and the claims were not actionable under state tort Generally, the United States is not barred from liability simply because it was performing a uniquely governmental function. Olson, 546
U.S. at 43. Rather, the question is whether Georgia tort law imposes an analogous duty on private individuals in similar circumstances. Id. In other words, would a private person be subject to liability if he or she did
what the government employee allegedly did? Under O.C.G.A. § 16-9- 93(g), “any person whose property or person is injured as a result of a
violation of any provision of this article” may bring a civil claim.
law—not because a regulatory entity was involved. See Pate v. Oakwood Mobile Homes, Inc., 374 F.3d 1081, 1083 (11th Cir. 2004) (OSHA’s duty arose from its own regulations, not the state’s good Samaritan statute); Hardaway Co. v. U.S. Army Corps of Engineers, 980 F.2d 1415, 1417 (11th Cir. 1993) (The government only breached its duty under the Miller Act); Zelaya, 781 F.3d at 1325 (defendants breached “the duty of care owed to investors as a result of violations of its federal statutory duties”); Chen v. United States, 854 F.2d 622, 623 (2d Cir. 1988) (claims arose from federal procurement regulations); Barnes v. United States, 448 F.3d 1065, 1967 (8th Cir. 2006) (claims not actionable under Missouri’s good Samaritan law); United States v. Agronics Inc., 164 F.3d 1343, 1346 (10th Cir. 1999) (claim based on the government’s determination of its statutory jurisdiction). One of the other two found no private analogue because the relevant action was “quasi-legislative” or “quasi- adjudicative.” Jayvee Brand, Inc. v. United States, 721 F.2d 385, 390 (D.C. Cir. 1983). That is of no use here. The final case, Andela v. Admin. Off. of U.S. Cts., 569 F. App'x 80 (3d Cir. 2014), arose from a pro-se complaint and contains only a cursory treatment of the relevant issue. The Third Circuit’s holding is not binding, and the Court does not agree with it. “Although Plaintiff do[es] not allege which specific computer crime was violated, [its] allegations appear to assert a claim for computer theft
under O.C.G.A. § 16-9-93(a). Under this provision, a person may not use a computer or computer network with knowledge that such use is without authority and with the intention of: (1) taking or appropriating property
of another, whether or not with the intention of depriving the owner of possession; (2) obtaining property by any deceitful means or artful
practice; or (3) converting the property to such person's use in violation of an agreement or other known legal obligation to make a specified application or disposition of such property.” Daugherty v. Adams, 2019
WL 7987859, at *30 (W.D. Pa. Nov. 15, 2019). Georgia statute O.C.G.A. § 16-9-93(a) provides a private analogue for claims where someone stole or converted a computer file. But, while
Plaintiff claims that the United States aided and abetted Tiversa in stealing the 1718 File, it provides no authority for aiding and abetting liability under O.C.G.A. § 16-9-93(a). The Court can find no authority to
impose that liability either. Given the Court’s determination the misrepresentation and discretionary function exceptions apply, the Court declines to decide this issue. The Court dismisses Plaintiffs entire claim pursuant to 12(b)(1) for lack of subject matter jurisdiction. IV. Conclusion The Court GRANTS Defendant’s motion to dismiss (Dkt. 22). The Court DIRECTS the Clerk to close this case. SO ORDERED this 2nd day of March, 2023.
Mv L. BROWN UNITED STATES DISTRICT JUDGE