FDA staffers sue agency over surveillance of personal e-mail
The surveillance — detailed in e-mails and memos unearthed by six of the scientists and doctors, who filed a lawsuit against the FDA in U.S. District Court in Washington last week — took place over two years as the plaintiffs accessed their personal Gmail accounts from government computers.
(FDA) - The startup screen on FDA computers warns employees,
“you have no reasonable expectation of privacy,” including any
communication accessed or sent from the machine. This specific message
has appeared since at least December 2010. The screenshot and other
materials were compiled by Kohn, Kohn and Colapinto, the law firm
representing the whistleblowers, on behalf of the National Whistleblower
Center, as part of the lawsuit against the agency.
Read selected documents compiled as part of the
lawsuit against the FDA for monitoring personal communications on work
computers.
Information garnered this way eventually contributed to the
harassment or dismissal of all six of the FDA employees, the suit
alleges. All had worked in an office responsible for reviewing devices
for cancer screening and other purposes.
Copies of the e-mails show that, starting in January 2009, the FDA intercepted communications with congressional staffers and draft versions of whistleblower complaints
complete with editing notes in the margins. The agency also took
electronic snapshots of the computer desktops of the FDA employees and
reviewed documents they saved on the hard drives of their government
computers.
FDA computers post a warning, visible when users log
on, that they should have “no reasonable expectation of privacy” in any
data passing through or stored on the system, and that the government
may intercept any such data at any time for any lawful government
purpose.
But in the suit, the doctors and scientists say the
government violated their constitutional privacy rights by gazing into
personal e-mail accounts for the purpose of monitoring activity that
they say was lawful.
“Who would have thought that they would have
the nerve to be monitoring my communications to Congress?” said Robert
C. Smith, one of the plaintiffs in the suit, a former radiology
professor at Yale and Cornell universities who worked as a device
reviewer at the FDA until his contract was not renewed in July 2010.
“How dare they?”
An FDA spokeswoman, Erica Jefferson, said the agency does not comment on litigation.
But
according to FDA internal documents that the scientists and doctors
obtained under the Freedom of Information Act, the agency told the
Department of Health and Human Services’ inspector general that they had
improperly disclosed confidential business information about the
devices. The agency requested that an investigation be opened in May
2010.
The scientists and doctors denied sharing information
improperly. The HHS inspector general’s office, which oversees FDA
operations, declined to pursue an investigation,
finding no evidence of criminal conduct. It also said that the doctors
and scientists had a legal right to air their concerns to Congress or
journalists.
FDA officials sought a second time that year to
initiate action against the scientists and doctors. “We have obtained
new information confirming the existence of information disclosures that
undermine the integrity and mission of the FDA and, we believe, may be
prohibited by law,” wrote Jeffrey Shuren, director of the FDA’s Center
for Devices and Radiological Health, on June 28, 2010.
Michael Sussmann, a former federal prosecutor who is now a partner at the Perkins Coie law firm, said the FDA’s warning on its computers gave the agency latitude to conduct extensive monitoring. “Anything on this agency’s network is fair game by use of this banner, as long as they’re lawfully targeting their employee.”
(FDA) - The startup screen on FDA computers warns employees,
“you have no reasonable expectation of privacy,” including any
communication accessed or sent from the machine. This specific message
has appeared since at least December 2010. The screenshot and other
materials were compiled by Kohn, Kohn and Colapinto, the law firm
representing the whistleblowers, on behalf of the National Whistleblower
Center, as part of the lawsuit against the agency.
Read selected documents compiled as part of the
lawsuit against the FDA for monitoring personal communications on work
computers.
“The FDA has a huge responsibility to protect public health and safety,” Sen. Charles E. Grassley (R-Iowa) said in a statement last week. “It’s hard to see how managers apparently thought it was a good use of time to shadow agency scientists and monitor their e-mail accounts for legally protected communications with Congress.”
Concerns about devices
The FDA scientists and doctors, all of whom worked for the agency’s Office of Device Evaluation, said they first made internal complaints beginning in 2007 that the agency had approved or was on the verge of approving at least a dozen radiological devices whose effectiveness was not proven and that posed risks to millions of patients. Frustrated, they also brought their concerns to Congress, the White House and the HHS inspector general.
Three of the devices risked missing signs of breast cancer, the scientists and doctors warned, according to documents and interviews. Another risked falsely diagnosing osteoporosis, leading to unnecessary treatments; one ultrasound device could malfunction while monitoring pregnant women in labor, risking harm to the fetus; and several devices for colon cancer screening used such heavy doses of radiation that they risked causing cancer in otherwise healthy people, the FDA scientists and doctors said.
They also had expressed concern about a computer-aided imaging device that searched for signs of breast cancer. Three times, a team of experts, including Smith, recommended against approval, and middle managers agreed in each case, he said. After the third rejection, a senior manager approved the device in 2008, he said.
Most of the devices the scientists and doctors questioned have received approvals only in the past two years, making it difficult to evaluate whether the fears that the FDA scientists and doctors expressed were valid.
But the concerns were not isolated. In 2009 and 2011, the Government Accountability Office, Congress’s auditing arm, warned that some risky medical devices win approval through a process that is insufficiently stringent. The Institute of Medicine concluded in a major study last year that the FDA process for approving medical devices needed to be revised and based on “sound science.”
Though the FDA declined to comment for this story, agency officials last year dismissed an analysis by the Archives of Internal Medicine claiming that unsafe medical devices were rushed to market, saying a relatively small number were recalled between 2005 and 2009. An FDA spokeswoman also said last year the agency had made changes to make the review process safer.
Snapshots of desktops
After President Obama’s election, the FDA scientists and doctors wrote to his transition team in 2009, alleging corruption at the agency and warning about risks posed by the breast-cancer screening device.
After they sent the letter, which they shared with members of Congress, several news organizations reported on the concerns. In some of those reports, FDA officials said they were addressing the issues.
Within days after the news reports appeared, the president of the company that made the device, Ken Ferry of iCAD Inc., based in Nashua, N.H., wrote a letter to the FDA alleging that confidential business information had been leaked. Ferry declined to comment for this story.
Using automated software, the agency began taking snapshots of the scientists’ computer screens showing documents as they were being backed up and e-mails being moved from one file to another, the FDA documents show. The agency created a file, “FDA 9,” to store e-mails and documents gathered from nine scientists and doctors who originally had complained. (Three of them are not involved in the lawsuit filed last week.)
The first documented FDA interception was of an e-mail dated Jan. 29, 2009, shortly after the letter from Ferry. In it, device reviewer Paul T. Hardy asked a congressional aide, Joanne Royce, for assurances that “it is not a crime to provide information to the Congress about potential misconduct by another Agency employee.”
Royce replied: “[Y]ou and your colleagues have committed no crime. . . . you guys didn’t even provide confidential business information to Congress.”
Hardy, who is among the six employees who filed the suit, was fired in November after a negative performance review; an internal FDA letter obtained in separate litigation quoted managers saying they did not “trust” him. Of the other five scientists and doctors, the suit says two did not have their contracts renewed, two suffered harassment and werepassed over for promotions, and one was fired.
More national security coverage: