LabMD Inc. v. Boback

• Decision Date: 30 August 2022
• Docket Number: 20-1446,s. 20-1731,20-1732,20-3191,20-3316,21-1429
• Citation: 47 F.4th 164
• Parties: LABMD INC., Appellants v. Robert J. BOBACK; Eric D. Kline; Tiversa Holding Corp.; LabMD, Inc., v. Tiversa Holding Corp., fka Tiversa Inc.; Robert J. Boback; M. Eric Johnson; Does 1-10 LabMD Inc., Appellant in 20-1731, 20-3191 and 21-1429 *James W. Hawkins, Appellant in 20-1732 *Pursuant to Fed. R. App. P. Rule 12(a) Marc E. Davies, Appellant in 20-3316
• Court: U.S. Court of Appeals — Third Circuit

47 F.4th 164

LABMD INC., Appellants

v.Robert J. BOBACK; Eric D. Kline; Tiversa Holding Corp.;

LabMD, Inc.,

v.Tiversa Holding Corp., fka Tiversa Inc.; Robert J. Boback; M. Eric Johnson; Does 1-10

LabMD Inc., Appellant in 20-1731, 20-3191 and 21-1429

*James W. Hawkins, Appellant in 20-1732

*Pursuant to Fed. R. App. P. Rule 12(a)

Marc E. Davies, Appellant in 20-3316

No. 20-1446

Nos. 20-1731

20-1732

20-3191

20-3316

21-1429

United States Court of Appeals, Third Circuit.

Nos. 20-1446, 20-1731, and 21-1429 Argued November 16, 2021

Nos. 20-1732, 20-3191, and 20-3316 Submitted under Third Circuit L.A.R. 34.1a November 15, 2021

Filed August 30, 2022

Ronald D. Coleman, Christie C. Comerford [ARGUED], Lawrence G. McMichael, Dilworth Paxson, 1500 Market Street – Ste. 3500E, Philadelphia, PA 19102, Richard B. Robins, Michael A. Saffer, Mandelbaum Salsburg, 3 Becker Farm Road – Ste. 105, Roseland, NJ 07068, Counsel for Appellant, LabMD, Inc.

Cary Ichter, Ichter Davis, 3340 Peachtree Road, N.E. – Ste. 1530, Atlanta, GA 30326, Counsel for Appellant, James W. Hawkins

Marc E. Davies, 1315 Walnut Street – Suite 320, Philadelphia, PA 19107, Appellant Pro Se, Brandon J. Verdream, Clark Hill, 301 Grant Street, One Oxford Centre – 14^th Fl., Pittsburgh, PA 15219, Counsel for Robert J. Boback

Eric N. Anderson, John L. Wainright [ARGUED], Meyer Darragh Buckler Bebenek & Eck, 600 Grant Street – Ste. 4850, Pittsburgh, PA 15219, Counsel for M. Eric Johnson

John C. Toro, King & Spalding, 1180 Peachtree Street, NE – Ste. 1600, Atlanta, GA 30309, Counsel for Eric D. Kline

Jamie S. George [ARGUED], Michael P. Kenny, Alston & Bird, 1201 West Peachtree Street – Ste. 4900, Atlanta, GA 30309, Counsel for Pepper Hamilton

Jarrod S. Mendel, McGuire Woods, 1230 Peachtree Street, NE, Suite 2100, Promenade II, Atlanta, GA 30309, Jarrod D. Shaw [ARGUED], Natalie L. Zagari, McGuire Woods, 260 Forbes Avenue – Ste. 1800, Pittsburgh, PA 15222, Counsel for Tiversa Holding Corp. and Robert J. Boback

Before: AMBRO, JORDAN, and RENDELL, Circuit Judges

OPINION OF THE COURT

JORDAN, Circuit Judge.

In 2008, Tiversa Holding Corp., a cybersecurity company, informed LabMD, Inc., a medical testing business, that it had found some of LabMD's confidential patient information circulating in cyberspace and that it could provide services to help LabMD respond to the data leak. LabMD's own investigation revealed no such leak, and it accused Tiversa of illegally accessing the patient information. Tiversa submitted a tip to the Federal Trade Commission ("FTC"), prompting an investigation into LabMD's cybersecurity practices, and the regulatory pressure resulting from that and a subsequent FTC enforcement action, along with the reputational damage associated with public disclosure of the supposed leak, ultimately ran LabMD into the ground. Later, in 2014, a former Tiversa employee confirmed LabMD's suspicions about Tiversa when he claimed that the patient information in question did not spread from a leak but that Tiversa itself had accessed LabMD's computer files and then fabricated evidence of a leak.

Following that accusation, LabMD initiated numerous lawsuits against Tiversa and its affiliates. Two of those suits form the basis of this appeal. The complaint in the first asserted, among other things, claims for defamation and fraud. The District Court dismissed all of those claims, except for one defamation claim that was subsequently defeated on summary judgment. The Court limited the scope of discovery on that defamation claim, including a prohibition on the discovery or use of expert testimony. It then imposed severe sanctions when, in its view, LabMD and its counsel breached those limits. In addition to awarding fees and costs to the defendants, the Court struck almost all of LabMD's testimonial evidence and revoked its counsel's pro hac vice admission. When LabMD's replacement counsel later tried to withdraw, the Court denied that request, and when LabMD failed to pay the monetary sanctions, the Court held it in contempt. The second lawsuit proceeded in somewhat the same timeframe as the first and asserted similar claims for fraud. The District Court dismissed that case in its entirety, for a variety of procedural and substantive reasons.

LabMD now appeals the dispositive rulings in both cases, along with the rulings on sanctions, contempt, and the motion to withdraw. We agree with LabMD that, in the first case, the District Court erred in granting summary judgment, primarily because the Court's prohibition on expert testimony was unwarranted. We also hold that the Court abused its discretion in imposing sanctions and that it erred in denying the motion to withdraw. But we agree with the District Court in general that LabMD's other claims in that case were properly dismissed. Thus, we will affirm in part and vacate in part the judgment of the District Court in that matter. In the second case, because LabMD does not challenge independently sufficient grounds for the District Court's decision, we will affirm in full.

I. BACKGROUND ¹

LabMD is a privately owned Georgia corporation based in Atlanta, Georgia. It had been a cancer-testing enterprise and, at its peak, employed approximately forty medical professionals. Before ceasing its ordinary business operations, it had served many thousands of patients. Its CEO is Michael J. Daugherty, a citizen of Georgia.

Tiversa is a Delaware corporation based in Pittsburgh, Pennsylvania. It is a self-proclaimed world leader in peer-to-peer ("P2P") network cybersecurity.² Tiversa has provided to the FTC information about data breaches on P2P networks, and representatives from Tiversa have testified before Congress about cybersecurity. Tiversa's CEO is Robert J. Boback, a citizen of Pennsylvania. During times relevant to this litigation, Tiversa had an agreement with Professor M. Eric Johnson, a former director of the Center for Digital Strategies at Dartmouth College, pursuant to which the professor worked with Tiversa on cybersecurity research. Johnson is a citizen of Tennessee.

A. The Alleged Data Leak and FTC Actions

In mid-2008, Tiversa informed LabMD that it had obtained a 1,718-page computer file containing the confidential data of more than 9,000 LabMD patients (the "1718 File"). Tiversa represented that it had found the 1718 File on a P2P network and that it "continued to see individuals ... downloading copies of the [1718 File]." (1731 App. at 223.) Tiversa tried to use that purported breach to persuade LabMD to purchase its incident response services. LabMD rejected the offer but still "spent thousands of dollars, and devoted huncdreds of man hours," seeking to detect and remedy the supposed data leak. (1731 App. at 223.)

In what LabMD alleges to be retaliation for its refusal to purchase Tiversa's services, Tiversa took two actions. First, it gave the 1718 File to Johnson for use in an upcoming research paper. That paper, published in April 2009 under the title "Data Hemorrhages in the Health-Care Sector," prominently featured a redacted version of the 1718 File, although it did not name LabMD as the company whose data had been leaked. (1731 App. at 226-28.) Second, Tiversa provided the 1718 File to the FTC. It told the FTC that it had found the 1718 File on a P2P network and that third parties were also downloading the file from that network.

Relying on Tiversa's tip, the FTC commenced an investigation in 2010 into the suspected failure of LabMD to protect its customers' personal information. That investigation eventually resulted in an FTC enforcement action against LabMD in August 2013. According to LabMD, the repercussions of the investigation and enforcement action were devasting to its business:

As a direct consequence of the FTC's proceedings, including the attendant adverse publicity and the administrative burdens that were imposed on LabMD to comply with the FTC's demands for access to current and former employees and the production of thousands of documents, LabMD's insurers cancelled all of the insurance coverage for LabMD and its directors and officers, and LabMD lost virtually all of its patients, referral sources, and workforce, which had included around 40 full-time employees. Consequently, LabMD was effectively forced out of business by January 2014, and it now operates as an insolvent entity that simply provides records to former patients.

(1731 App. at 229.)

LabMD, for its part, believes that its data was secure, despite some indications to the contrary. (See 1731 App. at 53 (Daugherty noting in his book, The Devil Inside the Beltway , that a particular P2P file-sharing program "was an unruly beast that could cause [LabMD] to expose ... workstation files without ... ever knowing").)³ It did, however, "suspect[ ] from as early as May 2008 that [Tiversa was] lying about the source of the 1718 File." (1731 App. at 909.)

B. The Georgia Action

In October 2011, during the early days of that FTC investigation, LabMD filed a lawsuit against Tiversa in Georgia (the "Georgia Action").⁴ The suit included claims for violations of the federal Computer Fraud and Abuse Act ("CFAA") and Georgia's computer crimes statute, along with conversion and trespass claims, all of which were based on allegations that Tiversa had unlawfully obtained the 1718 File. Tiversa was represented in the Georgia Action by the law firm of Pepper Hamilton LLP – now constituted as Troutman Pepper Hamilton Sanders LLP ("Troutman Pepper") – and, in particular, by a partner named Eric D. Kline.

Tiversa moved to dismiss the Georgia Action for lack of personal jurisdiction. In support of its motion, it submitted a declaration from its CEO, Boback, asserting that it did not regularly solicit business in Georgia, and it argued that its only solicitation of business in Georgia was its contact with LabMD in 2008 regarding the 1718 File. The U.S. District Court for the Northern District of Georgia accepted those representations and dismissed the claims against Tiversa for lack of personal...