Related:

29 January 2012, WP: FDA surveillance of whistleblowers document set (PDF, ZIP)
http://www.washingtonpost.com/world/national-security/fda-staffers-sue-agency-over-surveillance-of-personal-e-mail/2012/01/23/gIQAj34DbQ_story.html

FDA staffers sue agency over surveillance of personal e-mail

By Ellen Nakashima and Lisa Rein

January 29, 2012

The Food and Drug Administration secretly monitored the personal e-mail of a group of its own scientists and doctors after they warned Congress that the agency was approving medical devices that they believed posed unacceptable risks to patients, government documents show.

The surveillance -- detailed in e-mails and memos unearthed by six of the scientists and doctors, who filed a lawsuit against the FDA in U.S. District Court in Washington last week -- took place over two years as the plaintiffs accessed their personal Gmail accounts from government computers.

Information garnered this way eventually contributed to the harassment or dismissal of all six of the FDA employees, the suit alleges. All had worked in an office responsible for reviewing devices for cancer screening and other purposes.

Copies of the e-mails show that, starting in January 2009, the FDA intercepted communications with congressional staffers and draft versions of whistleblower complaints complete with editing notes in the margins. The agency also took electronic snapshots of the computer desktops of the FDA employees and reviewed documents they saved on the hard drives of their government computers.

FDA computers post a warning, visible when users log on, that they should have "no reasonable expectation of privacy" in any data passing through or stored on the system, and that the government may intercept any such data at any time for any lawful government purpose.

But in the suit, the doctors and scientists say the government violated their constitutional privacy rights by gazing into personal e-mail accounts for the purpose of monitoring activity that they say was lawful.

"Who would have thought that they would have the nerve to be monitoring my communications to Congress?" said Robert C. Smith, one of the plaintiffs in the suit, a former radiology professor at Yale and Cornell universities who worked as a device reviewer at the FDA until his contract was not renewed in July 2010. "How dare they?"

An FDA spokeswoman, Erica Jefferson, said the agency does not comment on litigation.

But according to FDA internal documents that the scientists and doctors obtained under the Freedom of Information Act, the agency told the Department of Health and Human Services' inspector general that they had improperly disclosed confidential business information about the devices. The agency requested that an investigation be opened in May 2010.

The scientists and doctors denied sharing information improperly. The HHS inspector general's office, which oversees FDA operations, declined to pursue an investigation, finding no evidence of criminal conduct. It also said that the doctors and scientists had a legal right to air their concerns to Congress or journalists.

FDA officials sought a second time that year to initiate action against the scientists and doctors. "We have obtained new information confirming the existence of information disclosures that undermine the integrity and mission of the FDA and, we believe, may be prohibited by law," wrote Jeffrey Shuren, director of the FDA's Center for Devices and Radiological Health, on June 28, 2010.

The inspector general, after consulting with federal prosecutors, declined the second request, as well.

Michael Sussmann, a former federal prosecutor who is now a partner at the Perkins Coie law firm, said the FDA's warning on its computers gave the agency latitude to conduct extensive monitoring. "Anything on this agency's network is fair game by use of this banner, as long as they're lawfully targeting their employee."

Yet the case sheds light on the lengths to which a federal agency will go to monitor employees. At issue, experts say, is whether the purpose of the monitoring was legal and what level of monitoring on government computers is reasonable at a time when technology increasingly blurs the lines between work and home.

"The FDA has a huge responsibility to protect public health and safety," Sen. Charles E. Grassley (R-Iowa) said in a statement last week. "It's hard to see how managers apparently thought it was a good use of time to shadow agency scientists and monitor their e-mail accounts for legally protected communications with Congress."

Concerns about devices

The FDA scientists and doctors, all of whom worked for the agency's Office of Device Evaluation, said they first made internal complaints beginning in 2007 that the agency had approved or was on the verge of approving at least a dozen radiological devices whose effectiveness was not proven and that posed risks to millions of patients. Frustrated, they also brought their concerns to Congress, the White House and the HHS inspector general.

Three of the devices risked missing signs of breast cancer, the scientists and doctors warned, according to documents and interviews. Another risked falsely diagnosing osteoporosis, leading to unnecessary treatments; one ultrasound device could malfunction while monitoring pregnant women in labor, risking harm to the fetus; and several devices for colon cancer screening used such heavy doses of radiation that they risked causing cancer in otherwise healthy people, the FDA scientists and doctors said.

They also had expressed concern about a computer-aided imaging device that searched for signs of breast cancer. Three times, a team of experts, including Smith, recommended against approval, and middle managers agreed in each case, he said. After the third rejection, a senior manager approved the device in 2008, he said.

Most of the devices the scientists and doctors questioned have received approvals only in the past two years, making it difficult to evaluate whether the fears that the FDA scientists and doctors expressed were valid.

But the concerns were not isolated. In 2009 and 2011, the Government Accountability Office, Congress's auditing arm, warned that some risky medical devices win approval through a process that is insufficiently stringent. The Institute of Medicine concluded in a major study last year that the FDA process for approving medical devices needed to be revised and based on "sound science."

Though the FDA declined to comment for this story, agency officials last year dismissed an analysis by the Archives of Internal Medicine claiming that unsafe medical devices were rushed to market, saying a relatively small number were recalled between 2005 and 2009. An FDA spokeswoman also said last year the agency had made changes to make the review process safer.

Snapshots of desktops

After President Obama's election, the FDA scientists and doctors wrote to his transition team in 2009, alleging corruption at the agency and warning about risks posed by the breast-cancer screening device.

After they sent the letter, which they shared with members of Congress, several news organizations reported on the concerns. In some of those reports, FDA officials said they were addressing the issues.

Within days after the news reports appeared, the president of the company that made the device, Ken Ferry of iCAD Inc., based in Nashua, N.H., wrote a letter to the FDA alleging that confidential business information had been leaked. Ferry declined to comment for this story.

Using automated software, the agency began taking snapshots of the scientists' computer screens showing documents as they were being backed up and e-mails being moved from one file to another, the FDA documents show. The agency created a file, "FDA 9," to store e-mails and documents gathered from nine scientists and doctors who originally had complained. (Three of them are not involved in the lawsuit filed last week.)

The first documented FDA interception was of an e-mail dated Jan. 29, 2009, shortly after the letter from Ferry. In it, device reviewer Paul T. Hardy asked a congressional aide, Joanne Royce, for assurances that "it is not a crime to provide information to the Congress about potential misconduct by another Agency employee."

Royce replied: "[Y]ou and your colleagues have committed no crime. . . . you guys didn't even provide confidential business information to Congress."

Hardy, who is among the six employees who filed the suit, was fired in November after a negative performance review; an internal FDA letter obtained in separate litigation quoted managers saying they did not "trust" him. Of the other five scientists and doctors, the suit says two did not have their contracts renewed, two suffered harassment and werepassed over for promotions, and one was fired.