The FDA is being sued by six employees and contractors who are accusing the agency of harassing or dismissing them, in part by secretly monitoring their personal email, after they began warning Congress that FDA was approving devices for breast cancer screening and other uses that they contended would be too risky for use on patients.
In papers filed at US District Court in Washington, DC, according to The Washington Post, the six—all current or former scientists and doctors who had worked for the agency—alleged that the FDA read email from the personal Gmail and Yahoo accounts they accessed from their work computers. In those emails, the plaintiffs recounted their complaints to Congress and the transition team of then-President-elect Barack Obama in 2009 that the agency’s top managers had coerced experts to modify their reviews, conclusions, and recommendations about the screening devices.
According to documents and interviews by the Post, the plaintiffs told members of Congress, the White House, and the inspector general for the US Department of Health and Human Services that three of the devices risked missing signs of breast cancer, another risked falsely diagnosing osteoporosis, one ultrasound device could malfunction while monitoring pregnant women in labor, and several devices for colon cancer screening used doses of radiation heavy enough to risk causing cancer in otherwise healthy people. In another instance, a computer-aided breast cancer imaging device was approved in 2008 over objections from the scientists and doctors.
The plaintiffs emailed many of their communications from their government computers to their personal email accounts and the accounts of other third parties. It is those emails—not the ones directly sent to Congress—that the agency read, then according to the plaintiffs used as the basis of disciplinary actions against them.
The FDA did so, plaintiffs allege, by installing secret spyware on its computers allowing for real-time screen shots to be taken without their knowledge, then filing the information on each plaintiff, and three people who did not join in the lawsuit, in separate computerized folders with the names of the employees or contractors involved, then filing those nine in one computer folder named “FDA Nine” or “FDA 9.”
The plaintiffs, however, argue in their suit that they were whistleblowers entitled to protection against retaliation by the federal government and that the activity they discussed in their email was lawful, while the FDA policies violated the First, Fourth, and Fifth Amendments of the U.S. Constitution. Plaintiffs argued that the federal court should therefore issue an injunction barring the FDA or other federal agencies from reading employees' private communications.
The plaintiffs also accuse FDA of violating the entitlement to confidentiality of attorney-client communications by viewing emails that included drafts of complaints against agency actions that they were writing to Congress. Using the Freedom of Information Act, the plaintiffs obtained internal FDA correspondence to the HHS inspector general, accusing them in May 2010 of improperly disclosing confidential business information about the devices and demanding an investigation.
However, HHS’ inspector general’s office found no evidence of criminal conduct and on that basis declined to investigate. It also said that the doctors and scientists had a legal right to air their concerns to Congress or journalists. The inspector general also declined a second FDA request, made a month later, for a probe of the scientists and doctors.
Last year, FDA faulted an analysis by the Archives of Internal Medicine siding with the plaintiffs that many medical devices were recalled between 2005 and 2009 after they were rushed to market. However, with the lawsuit having been filed, predictably the FDA isn’t commenting now.
That said, winning a federal case against the FDA will be tough at best. As noted by InformationWeek, the FDA warns that its computer users “have no reasonable expectation of privacy.” The agency further warns: “At any time, the government may monitor, intercept, and search and seize any communication or data” on its computers. What part of “no” or “any,” the FDA could argue, don’t the plaintiffs understand?
Worse, the email allegedly spied on by FDA includes advice from someone working in 2009 as a Congressional staffer, who cautions one of the plaintiffs that "it's a debatable legal question [whether] even confidential and confidential business info submitted to Congress is legal."
However, the plaintiffs are likely to counter that by citing another portion of the note from Royce: “You and your colleagues have committed no crime. . . . you guys didn’t even provide confidential business information to Congress.”
The suit against the FDA offers the federal court system another opportunity to be clearer about how far agencies can go in monitoring the communications of their employees and contractors and, by extension, how far they can go in criticizing their bosses using government computers.
To read the original story in The Washington Post, click here.