FDA staffers sue agency over surveillance of personal e-mail

The inspector general, after consulting with federal prosecutors, declined the second request, as well.

Michael Sussmann, a former federal prosecutor who is now a partner at the Perkins Coie law firm, said the FDA’s warning on its computers gave the agency latitude to conduct extensive monitoring. “Anything on this agency’s network is fair game by use of this banner, as long as they’re lawfully targeting their employee.”

Yet the case sheds light on the lengths to which a federal agency will go to monitor employees. At issue, experts say, is whether the purpose of the monitoring was legal and what level of monitoring on government computers is reasonable at a time when technology increasingly blurs the lines between work and home.

“The FDA has a huge responsibility to protect public health and safety,” Sen. Charles E. Grassley (R-Iowa) said in a statement last week. “It’s hard to see how managers apparently thought it was a good use of time to shadow agency scientists and monitor their e-mail accounts for legally protected communications with Congress.”

Concerns about devices

The FDA scientists and doctors, all of whom worked for the agency’s Office of Device Evaluation, said they first made internal complaints beginning in 2007 that the agency had approved or was on the verge of approving at least a dozen radiological devices whose effectiveness was not proven and that posed risks to millions of patients. Frustrated, they also brought their concerns to Congress, the White House and the HHS inspector general.

Three of the devices risked missing signs of breast cancer, the scientists and doctors warned, according to documents and interviews. Another risked falsely diagnosing osteoporosis, leading to unnecessary treatments; one ultrasound device could malfunction while monitoring pregnant women in labor, risking harm to the fetus; and several devices for colon cancer screening used such heavy doses of radiation that they risked causing cancer in otherwise healthy people, the FDA scientists and doctors said.

They also had expressed concern about a computer-aided imaging device that searched for signs of breast cancer. Three times, a team of experts, including Smith, recommended against approval, and middle managers agreed in each case, he said. After the third rejection, a senior manager approved the device in 2008, he said.

Most of the devices the scientists and doctors questioned have received approvals only in the past two years, making it difficult to evaluate whether the fears that the FDA scientists and doctors expressed were valid.

But the concerns were not isolated. In 2009 and 2011, the Government Accountability Office, Congress’s auditing arm, warned that some risky medical devices win approval through a process that is insufficiently stringent. The Institute of Medicine concluded in a major study last year that the FDA process for approving medical devices needed to be revised and based on “sound science.”

Though the FDA declined to comment for this story, agency officials last year dismissed an analysis by the Archives of Internal Medicine claiming that unsafe medical devices were rushed to market, saying a relatively small number were recalled between 2005 and 2009. An FDA spokeswoman also said last year the agency had made changes to make the review process safer.

Snapshots of desktops

After President Obama’s election, the FDA scientists and doctors wrote to his transition team in 2009, alleging corruption at the agency and warning about risks posed by the breast-cancer screening device.

After they sent the letter, which they shared with members of Congress, several news organizations reported on the concerns. In some of those reports, FDA officials said they were addressing the issues.

Within days after the news reports appeared, the president of the company that made the device, Ken Ferry of iCAD Inc., based in Nashua, N.H., wrote a letter to the FDA alleging that confidential business information had been leaked. Ferry declined to comment for this story.

Using automated software, the agency began taking snapshots of the scientists’ computer screens showing documents as they were being backed up and e-mails being moved from one file to another, the FDA documents show. The agency created a file, “FDA 9,” to store e-mails and documents gathered from nine scientists and doctors who originally had complained. (Three of them are not involved in the lawsuit filed last week.)

The first documented FDA interception was of an e-mail dated Jan. 29, 2009, shortly after the letter from Ferry. In it, device reviewer Paul T. Hardy asked a congressional aide, Joanne Royce, for assurances that “it is not a crime to provide information to the Congress about potential misconduct by another Agency employee.”

Royce replied: “[Y]ou and your colleagues have committed no crime. . . . you guys didn’t even provide confidential business information to Congress.”

Hardy, who is among the six employees who filed the suit, was fired in November after a negative performance review; an internal FDA letter obtained in separate litigation quoted managers saying they did not “trust” him. Of the other five scientists and doctors, the suit says two did not have their contracts renewed, two suffered harassment and werepassed over for promotions, and one was fired.

More national security coverage:

FDA sued over monitoring workers’ personal e-mails

- Army general gives closing words of advocacy

- Russia asserting itself against West

- Read more national security news