Healthcare // Analytics
News
1/30/2012
01:56 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

FDA Spied On Employee Personal Emails, Lawsuit Alleges

Six former employees and contractors of the Food and Drug Administration have filed suit, saying documents show the agency monitored their personal email and retaliated against their whistleblowing.

Top 10 Government Stories Of 2010
(click image for larger view)
Slideshow: Top 10 Government Stories Of 2010
The Food and Drug Administration peered into the personal Yahoo Mail and Gmail accounts of agency employees and contractors who were acting as whistleblowers, and might have disciplined or fired those employees based on information gleaned from the emails, according to a newly filed complaint and a number of government documents.

A lawsuit brought by six current and former scientists and doctors who worked with or for the FDA seeks, among other things, an injunction to prevent the agency from reading employees' private communications, and claims that the government by its actions violated the First, Fourth, and Fifth Amendments of the Constitution. The scientists and doctors seek to back those claims with, among other evidence, documents received through Freedom of Information Act requests and subsequently posted online.

Although the FDA warns computer users that they "have no reasonable expectation of privacy" and that "at any time, the government may monitor, intercept, and search and seize and communication or data" on the computer, the lawsuit alleges that the FDA had no right to monitor the doctors' and scientists' communications.

[ The FDA attempts to regulate mobile medical apps. See Should Mobile Medical Apps Require FDA Approval?. ]

Monitoring of employee email has long been a touchy subject. Laws such as the Electronic Communications Privacy Act give employers leeway to monitor employees' emails under certain conditions, and cases about email monitoring date back more than a decade.

Laws prevent federal employees from disclosing confidential information, but also protect communications with Congress. However, in a 2009 email, then-Congressional staffer Joanne Royce told one of the scientists bringing suit that "it's a debatable legal question" whether "even confidential and confidential business info submitted to Congress is legal."

The scientists and doctors had complained that FDA senior managers had coerced experts to modify their reviews, conclusions and recommendations. For example, they indicated that certain breast cancer detection devices were being approved despite flawed science and over the objections of some within the agency.

Documents that the scientists and doctors procured via Freedom of Information Act requests indicate that, shortly after the whistleblowers complained to Congress and the Obama Transition Team alleging problems with the FDA's review process and retaliation against whistleblowers, the FDA intercepted emails and other documents, even taking screenshots of employees' computers.

Some of the employees were subsequently disciplined or fired. In notices of proposed removal or discipline of the whistleblowers, the government singled out emails sent from government accounts to personal accounts and emails sent to non-government third parties, rather than the emails sent to Congress.

According to the lawsuit, the FDA installed spyware on the computers that allowed it to take real-time screen shots without the whistleblowers' knowledge. Among the emails that were intercepted were draft complaints and other material that the whistleblowers claim consisted of privileged attorney-client communications.

The lawsuit and the documents indicate that the FDA began referring to the whistleblowers--not all of whom are represented in the suit--as the "FDA Nine" or "FDA 9." According to the lawsuit, the FDA created a computerized file folder called "FDA 9" with separate folders containing information on each of the whistleblowers.

Heightened concern that users could inadvertently expose or leak--or purposely steal--an organization's sensitive data has spurred debate over the proper technology and training to protect the crown jewels. An Insider Threat Reality Check, a special retrospective of recent news coverage, takes a look at how organizations are handling the threat--and what users are really up to. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Tom LaSusa
50%
50%
Tom LaSusa,
User Rank: Apprentice
1/31/2012 | 4:13:05 PM
re: FDA Spied On Employee Personal Emails, Lawsuit Alleges
Great article, Nick!

Tom LaSusa
InformationWeek
Bprince
50%
50%
Bprince,
User Rank: Apprentice
1/31/2012 | 1:01:14 AM
re: FDA Spied On Employee Personal Emails, Lawsuit Alleges
@readers: What do you think? Did the FDA overstep its bounds?
Brian Prince, InformationWeek/Dark Reading Comment Moderator
Big Love for Big Data? The Remedy for Healthcare Quality Improvements
Big Love for Big Data? The Remedy for Healthcare Quality Improvements
Healthcare data is nothing new, but yet, why do healthcare improvements from quantifiable data seem almost rare today? Healthcare administrators have a wealth of data accessible to them but aren't sure how much of that data is usable or even correct.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and community news at InformationWeek.com.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.