“The FDA’s actions represent serious impediments to the right of agency employees to make protected disclosures about waste, fraud, abuse, mismanagement, or public safety,” wrote Grassley, who demanded that the agency release a copy of the memo authorizing the surveillance and the name of the FDA official who requested it.
FDA spokeswoman Erica Jefferson said that the agency is looking into the matter. She said that the surveillance was limited in scope and reiterated that it was relegated to government computers. “We did not impede or interfere with any employee communication to Congress, their staff, media or federal investigators,” she said.
The disclosure marked the latest turn in an investigation of the FDA’s past efforts to monitor the communications of a group of its doctors who were expressing concerns about the safety of medical devices. As part of the effort, the FDA secretly collected thousands of private e-mails that the employees sent to one another, members of Congress, journalists, lawyers and others.
The FDA acknowledged Friday that targeted surveillance of five employees began in mid-2010, but it said that was not ongoing today, according to a letter sent to Grassley by Jeanne Ireland, the agency’s assistant commissioner for legislation. The FDA said Monday that the computer surveillance was limited to five employees. But an internal document shows that the agency targeted at least seven employees beginning in 2010.
The targeting of the employees’ communications, including e-mail and other online activities, was reported by The Washington Post in January. The agency monitored personal e-mail accounts accessed from government computers, took electronic snapshots of computer desktops and reviewed documents saved on hard drives.
The New York Times reported over the weekend that the scope of the surveillance was wider than first suspected, with the agency creating a database of 80,000 pages of computer documents collected from the scientists’ communications.
The database, apparently posted inadvertently online by an FDA contractor, included an FDA “scoping” document of targets for future e-mail interception that included congressional staff members. Also captured were draft complaints being prepared by the scientists to the Office of Special Counsel, an independent federal agency that investigates disclosures of government wrongdoing and retaliation against those who report it.
The OSC is investigating the FDA’s monitoring of its employees.
In June, OSC special counsel Carolyn Lerner warned federal agencies that monitoring their employees’ personal e-mail violated the law if the intent was to retaliate against whistleblowers. The White House distributed her warning to agencies across the government, an acknowledgment by the Obama administration that there are limits to employee surveillance.
Two years ago, the FDA’s parent agency, the Department of Health and Human Services, reminded it that employees have a right to air their concerns to Congress and journalists. The reminder accompanied a rejection by the HHS inspector general of the FDA’s request that it pursue a criminal investigation of the scientists’ activities.
Grassley, a member of the Senate Judiciary Committee, has been seeking answers from the FDA since January on the extent of the surveillance and who authorized it. On Friday, he accused the agency of “stonewalling” him after officials there responded to his inquiries by saying in a letter they are “still identifying and gathering evidence” in the matter.
“It is simply not credible that FDA went to such great lengths over the course of two years to monitor employees’ personal e-mail accounts, then spent six months crafting a reply to my questions about it, and yet still cannot identify who authorized the spying,” he said.
FDA computers post a warning to users, visible when they log on, that they should have “no reasonable expectation of privacy” in any data passing through or stored on the system, and that the government may intercept any such data at any time for any lawful government purpose.
Internal documents obtained under the Freedom of Information Act by the scientists, some of whom have been fired, show that the FDA was concerned that they had improperly disclosed confidential business information about several medical devices used to screen patients for colon cancer and breast cancer.
According to documents, the agency used software sold by SpectorSoft of Vero Beach, Fla., which is marketed to employers as a way to monitor “everything [employees] do,” including taking snapshot videos of the user’s computer screen, and sending instant alerts based on specific keywords, program activity and printing. SpectorSoft says that it can create reports on how users are communicating with one another, who is leaking confidential information or trade secrets, and who is transferring data to removable media such as USB drives.
The scientists who were targeted in the FDA’s effort have filed suit against the agency for violating their privacy and right to free speech.
“Given the public health and safety nature of the concerns raised by these doctors and scientists, any authorization by the chief counsel would be startling, disturbing and should result in a swift investigation,” said Stephen M. Kohn, an attorney for the scientists.
The extent of similar surveillance by other government agencies is unclear.
The Federal Maritime Commission, an independent agency that regulates international ocean transportation for U.S. exporters and importers, is under investigation by a House committee for spying on the personal e-mail communications of several employees with grievances against the commission’s management.
The commission apparently also used SpectorSoft software, said Rep. Darrell Issa (R-Calif.), chairman of the House Committee on Oversight and Government Reform, who opened an investigation of the agency in May.