In a report published in conjunction with a congressional hearing, two Republicans said that the FDA's computer surveillance may have overstepped federal laws designed to protect government whistleblowers. Using software that took rapid-fire screen shots of employees' desktops, the FDA swept up emails from several whistleblowers to members of Congress and their private attorneys. Such communications are protected from disclosure by federal law.
The report is the product of a two-year investigation by Rep. Darrell Issa, R-Calif., and Sen. Chuck Grassley, R-Iowa. Issa acknowledged in his opening statement that federal workers should have no expectation of privacy when using government computers.
"But that is not to say that targeting is appropriate. That is not to say that these five scientists' concerns are unreasonable—they are." Issa said.
FDA spokeswoman Erica Jefferson said the agency did not have a chance to review the report before its release Wednesday.
"However, many of the findings outlined paint an incomplete picture of the matter, and many of the recommendations are based on an inaccurate understanding of current HHS and FDA policy" Jefferson said in a statement.
House Democrats defended the surveillance Wednesday, in part, by pointing to the findings of the inspector general that oversees the FDA. In a report released just ahead of the hearing, the Department of Health and Human Services' inspector general concluded that the surveillance had a "reasonable basis" because the employees were leaking confidential information to the press about devices under review. The report also concluded that the surveillance was not targeted to capture communications with Congress or any other specific parties.
While finding justification for the monitoring, the report still faults the agency for having no system to ensure that "their investigations were conducted in accordance with laws and regulations." As a result, the program "had significant negative consequences for FDA."
The report does not make a final judgment on whether the FDA monitoring was lawful, noting that that question is the subject of litigation. Several of the whistleblowers have a lawsuit pending against the FDA, alleging unreasonable search and seizure by the agency.
The FDA's chief operating officer, Walter Harris, told lawmakers that the agency recently put in place guidelines for monitoring employees' computers.
In testimony before the House Committee on Oversight and Government Reform, Harris said policies issued last September are designed to ensure that "monitoring is utilized for appropriate purposes and takes place for no longer than necessary."
Not present at the hearing were the FDA whistleblowers themselves, several of whom have since left the agency.
The dispute that prompted the surveillance stretches back to 2009, when Dr. Robert Smith and several other FDA reviewers sent letters to Congress and the incoming Obama administration about alleged misconduct in the agency's medical device center.
Smith and others later took their complaints to the media, claiming they were bullied and harassed by managers into approving high-tech medical scanners, despite concerns that the devices might needlessly expose patients to excessive radiation.
In 2010, the HHS inspector general twice reviewed the employees' allegations, but concluded there was "no evidence of retaliation" by FDA managers.
According to the Republican report, FDA managers hired an outside contractor to begin monitoring Smith's computer in April 2010, eventually expanding the surveillance to four other employees. At the same time that the whistleblowers were seeking an investigation by the HHS inspector general, their managers were urging the same inspectors to open a criminal investigation into the whistleblowers' disclosures about products under review.
"The managers kept looking for information that would convince the inspector general to seek a criminal prosecution. It was a sort of management by investigation," said Grassley, who appeared before the House committee. "That's no way to run an agency."
The FDA's monitoring program eventually became public knowledge in May 2012, after a cache of 80,000 documents collected by the contractor was inexplicably posted online. The documents detailed emails to Congress, the government's Office of Special Counsel and members of the media, including The Associated Press.