FDA on Defensive for Snooping on Employees’ Computers
A once-secret move by the Food and Drug Administration to monitor the computer screens and keystrokes of five scientists suspected of press leaks in 2010 was blasted on Wednesday as a “Big Brother” tactic out of George Orwell’s 1984 and a damaging disservice to agency whistleblowers.
A joint report from Sen. Charles Grassley, R-Iowa, and Republicans on the House Oversight and Government Reform Committee found that the monitoring of scientists who had complained that the FDA was giving approval to questionable medical devices was carried out with “insufficient authorization and guidelines,” included the “unlawful capturing of protected communications” (such as letters to Congress, attorneys or the Office of Special Counsel), lacked sufficient rationale and failed to honor whistleblower protections.
“There need to be more comprehensive policies on employee computer monitoring across the entire government,” Grassley testified before the House panel. “These policies need to ensure that any monitoring is limited to achieve only a legitimate purpose. Watching an employee’s every move leads to a culture of intimidation and fear.”
The report, the result of a 20-month probe led by Grassley’s staff, was triggered by a 2010 New York Times story about disgruntled FDA scientists in the agency’s Center for Devices and Radiological Health whose bosses suspected them of leaking proprietary company information in an effort to block FDA approvals.
Oversight Chairman Darrell Issa, R-Calif., called capturing employees’ keystrokes and screens every five seconds in real time “an attempt at gotcha” worthy of 1984. Federal employees “know all communications on government time and on government assets is subject to being looked act -- there’s no expectation of privacy,” he said. But the FDA’s approach of targeting some rather than all employees “is not reasonable” and fails to protect whistleblowers from retaliation, Issa added. “Federal employees are highly trusted, and we depend on them until the trust is broken. Our skilled and motivated workforce knows they’re not working for Big Brother.”
But the panel’s ranking member, Rep. Elijah Cummings, D-Md., objected to the report, calling it an unofficial, Republican-only version of events. “Unfortunately, the majority has taken a traditionally bipartisan issue -- something that all committee members should be investigating together -- and turned it into another partisan spectacle for which our committee has become well-known,” he said. “One of the most basic steps our committee should have taken was to interview the FDA employees who had concerns.”
Cummings criticized Republicans for rushing ahead with their report and the hearing when they knew the Health and Human Services Department’s inspector general was nearing completion of his own report.
Released on Tuesday night, the IG report said FDA management “had reasonable concern that confidential information, including possibly trade secrets and/or confidential commercial information, had been disclosed by agency employees without authorization.” The report, Cummings noted, found no evidence of retaliation against whistleblowers.
But the IG report went on to say, “despite the reasonableness of the [FDA’s] concerns,” the agency “failed to fully assess beforehand and with the timely assistance of legal counsel whether the scope of potentially intrusive…. monitoring would be consistent with constitutional and statutory limitations on government searches and consistent with whistleblower protections.”
Issa said his staff had been in contact with the whistleblowers -- who have backing from advocacy groups such as the National Whistleblowers Center and the Project on Government Oversight -- but that the primary role of whistleblowers is to quietly report information and let Congress take over the investigation, to avoid retaliation.
Walter Harris, the FDA’s chief operating officer and acting chief information officer, noted at the hearing that the agency had implemented new standards governing employee monitoring in September 2013. But the agency must enforce “protection of intellectual property against theft and unauthorized disclosure, which can result in civil suits against the FDA,” he said. “Employees are regularly advised on expectations of privacy, including a warning banner they must acknowledge every time they log on,” he said.
Dr. Jeffrey Shuren, director of the FDA’s Center for Devices and Radiological Health, said leaks by employees who disagree with decisions undermine protections of confidential information and that “companies rely on the fact that we protect it.” Unauthorized disclosures mean that “public health gets hurt” and violate personnel policy and the law, he added. Shuren said the complaints “stifle other scientists who feel harassed and retaliated against,” leaving them “afraid to put their opinions in writing because will be exposed to the press.”
Angela Canterbury, director of public policy for POGO, said both reports “document the FDA as reckless,” noting that its system for approving devices such as hip replacements, cardiac defibrillators and syringes had been “broken” since at least 2008. “We question whether FDA should be in the surveillance business,” when that’s the job of law enforcement, she said. “Federal agencies can’t be left to police themselves. The FDA is in a tough spot, but it doesn’t have it right yet. Its new policy won’t prevent information from falling into the hands of those in a position to retaliate against whistleblowers.”
The new standards process for monitoring put in place last September, Issa said, “to be honest, sucks.”
Harris replied that the process does not focus on employees’ passwords, private accounts, or communications with their union or an attorney. “But the process is not fully understood across the agency,” he said. “We could have taken a Keystone Kops approach, but we decided to step back and do it more thoughtfully. We consider whistleblowers not as outsiders but as part of our staff.”