Editor’s Note: Sorry we are old school. We see no compelling reason for federal employees to turn to the Congress as the first institution for redress as opposed to the last institution. There are a number of channels the employees could have used to address their concerns prior to turning to the Congress. The federal managers who took actions to correct the actions of the disgruntled scientists should be promoted.
Official says agency perused private email accounts of workers while investigating leaks of confidential information
Computerworld – The U.S Food and Drug Administration (FDA) today said it monitored the private email accounts of nine agency whistle-blowers starting in 2010 to determine whether any of them leaked confidential information to the public.
Six of the whistle-blowers late last month filed a lawsuit alleging that the FDA violated their privacy and constitutional rights by secretly monitoring and collecting information from private email conversations.
The FDA had not denied monitoring the email.
The six complainants are scientists and doctors who have publicly disclosed what they call serious irregularities in the FDA device evaluation process.
The monitoring in question occurred when the employees used personal Gmail and Yahoo email accounts on work computers. The employees claim that information found during the email monitoring has been used against them.
The lawsuit has prompted U.S. Rep. Darrell Issa (R-CA), chairman of the Committee on Oversight and Government Reform, to send a letter to FDA Commissioner Margaret Hamburg seeking details on the agency’s email surveillance activities.
Erica Jefferson, team leader for the FDA’s Medical Products and Tobacco group, said Friday that the targeted email surveillance of the nine individuals started in April 2010, more than a year after the whistle-blowers started complaining to Congress about the FDA’s device clearance process.
The surveillance started after a device manufacturer told FDA officials that confidential and proprietary information had been leaked to the public, Jefferson said.
“The company believed that someone in the FDA may have been the source of that leak, and efforts were made to identify the source internally,” Jefferson said via email. “Our monitoring was designed to determine whether confidential information had been inappropriately released.”
According to Jefferson, the FDA monitors the computers of agency workers in compliance with the Federal Information Security Management Act (FISMA) requirements.
Jefferson added that FDA employees, including those that sued the agency, knew that workplace computers are subject to monitoring at any time. In fact, whenever FDA employees log on to their computers, they are required to consent to such monitoring, she said.
“We want to emphasize that we take very seriously our responsibility to protect confidential commercial information” received from companies the FDA regulates, Jefferson said.
The lawsuit is among the first to raise the issue of whether employers can legally monitor password-protected, private email accounts of workers on employer-supplied machines.
In a letter to Hamburg on Thursday, Issa said that such monitoring can only be justified in cases where an employee is suspected of serious wrongdoing.
“In this case, the employees monitored by the FDA managers had done nothing wrong,” he wrote, adding, “The appearance of wrongdoing … is heightened because the agency used the intelligence it gathered to build a case to retaliate” against the whistle-blowers.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at 
@jaivijayan, or subscribe to Jaikumar’s RSS feed