Homeless in Arizona

In Vast Effort, F.D.A. Spied on E-Mails of Its Own Scientists

By ERIC LICHTBLAU and SCOTT SHANE

Published: July 14, 2012

WASHINGTON — A wide-ranging surveillance operation by the Food and Drug Administration against a group of its own scientists used an enemies list of sorts as it secretly captured thousands of e-mails that the disgruntled scientists sent privately to members of Congress, lawyers, labor officials, journalists and even President Obama, previously undisclosed records show.

What began as a narrow investigation into the possible leaking of confidential agency information by five scientists quickly grew in mid-2010 into a much broader campaign to counter outside critics of the agency’s medical review process, according to the cache of more than 80,000 pages of computer documents generated by the surveillance effort.

Moving to quell what one memorandum called the “collaboration” of the F.D.A.’s opponents, the surveillance operation identified 21 agency employees, Congressional officials, outside medical researchers and journalists thought to be working together to put out negative and “defamatory” information about the agency.

F.D.A. officials defended the surveillance operation, saying that the computer monitoring was limited to the five scientists suspected of leaking confidential information about the safety and design of medical devices.

While they acknowledged that the surveillance tracked the communications that the scientists had with Congressional officials, journalists and others, they said it was never intended to impede those communications, but only to determine whether information was being improperly shared.

The agency, using so-called spy software designed to help employers monitor workers, captured screen images from the government laptops of the five scientists as they were being used at work or at home. The software tracked their keystrokes, intercepted their personal e-mails, copied the documents on their personal thumb drives and even followed their messages line by line as they were being drafted, the documents show.

The extraordinary surveillance effort grew out of a bitter dispute lasting years between the scientists and their bosses at the F.D.A. over the scientists’ claims that faulty review procedures at the agency had led to the approval of medical imaging devices for mammograms and colonoscopies that exposed patients to dangerous levels of radiation.

A confidential government review in May by the Office of Special Counsel, which deals with the grievances of government workers, found that the scientists’ medical claims were valid enough to warrant a full investigation into what it termed “a substantial and specific danger to public safety.”

The documents captured in the surveillance effort — including confidential letters to at least a half-dozen Congressional offices and oversight committees, drafts of legal filings and grievances, and personal e-mails — were posted on a public Web site, apparently by mistake, by a private document-handling contractor that works for the F.D.A. The New York Times reviewed the records and their day-by-day, sometimes hour-by-hour accounting of the scientists’ communications.

With the documents from the surveillance cataloged in 66 huge directories, many Congressional staff members regarded as sympathetic to the scientists each got their own files containing all their e-mails to or from the whistle-blowers. Drafts and final copies of letters the scientists sent to Mr. Obama about their safety concerns were also included.

Last year, the scientists found that a few dozen of their e-mails had been intercepted by the agency. They filed a lawsuit over the issue in September, after four of the scientists had been let go, and The Washington Post first disclosed the monitoring in January. But the wide scope of the F.D.A. surveillance operation, its broad range of targets across Washington, and the huge volume of computer information that it generated were not previously known, even to some of the targets.

F.D.A. officials said that in monitoring the communication of the five scientists, their e-mails “were collected without regard to the identity of the individuals with whom the user may have been corresponding.” While the F.D.A. memo described the Congressional officials and other “actors” as collaborating in the scientists’ effort to attract negative publicity, the F.D.A. said that those outside the agency were never targets of the surveillance operation, but were suspected of receiving confidential information.

While federal agencies have broad discretion to monitor their employees’ computer use, the F.D.A. program may have crossed legal lines by grabbing and analyzing confidential information that is specifically protected under the law, including attorney-client communications, whistle-blower complaints to Congress and workplace grievances filed with the government.

Other administration officials were so concerned to learn of the F.D.A. operation that the White House Office of Management and Budget sent a governmentwide memo last month emphasizing that while the internal monitoring of employee communications was allowed, it could not be used under the law to intimidate whistle-blowers. Any monitoring must be done in ways that “do not interfere with or chill employees’ use of appropriate channels to disclose wrongdoing,” the memo said.

Although some senior F.D.A. officials appear to have been made aware of aspects of the surveillance, which went on for months, the documents do not make clear who at the agency authorized the program or whether it is still in operation.

But Stephen Kohn, a lawyer who represents six scientists who are suing the agency, said he planned to go to federal court this month seeking an injunction to stop any surveillance that may be continuing against the two medical researchers among the group who are still employed there.

The scientists who have been let go say in a lawsuit that their treatment was retaliation for reporting their claims of mismanagement and safety abuses in the F.D.A.’s medical reviews.

Members of Congress from both parties were irate to learn that correspondence between the scientists and their own staff had been gathered and analyzed.

Representative Chris Van Hollen, a Maryland Democrat who has examined the agency’s medical review procedures, was listed as No. 14 on the surveillance operation’s list of targets — an “ancillary actor” in the efforts to put out negative information on the agency. (An aide to Mr. Van Hollen was No. 13.)

Mr. Van Hollen said on Friday after learning of his status on the list that “it is absolutely unacceptable for the F.D.A. to be spying on employees who reach out to members of Congress to expose abuses or wrongdoing in government agencies.”

Senator Charles E. Grassley, an Iowa Republican whose former staff member’s e-mails were cataloged in the surveillance database, said that “the F.D.A. is discouraging whistle-blowers.” He added that agency officials “have absolutely no business reading the private e-mails of their employees. They think they can be the Gestapo and do anything they want.”

While national security agencies have become more aggressive in monitoring employee communications, such tactics are unusual at domestic agencies that do not handle classified information.

Much of the material the F.D.A. was eager to protect centered on trade secrets submitted by drug and medical device manufacturers seeking approval for products. Particular issues were raised by a March 2010 article in The New York Times that examined the safety concerns about imaging devices and quoted two agency scientists who would come under surveillance, Dr. Robert C. Smith and Dr. Julian Nicholas.

Agency officials saw Dr. Smith as the ringleader, or “point man” as one memo from the agency put it, for the complaining scientists, and the surveillance documents included hundreds of e-mails that he wrote on ways to make their concerns heard. (Dr. Smith and the other scientists would not comment for this article because of their pending litigation.)

Lawyers for GE Healthcare charged that the 2010 article in The Times — written by Gardiner Harris, who would be placed first on the surveillance program’s list of “media outlet actors” — included proprietary information about their imaging devices that may have been improperly leaked by F.D.A. employees.

F.D.A. officials went to the inspector general at the Department of Health and Human Services to seek a criminal investigation into the possible leak, but they were turned down. The inspector general found that there was no evidence of a crime, noting that “matters of public safety” can legally be released to the news media.

Undeterred, agency officials began the electronic monitoring operation on their own.

The software used to track the F.D.A. scientists, sold by SpectorSoft of Vero Beach, Fla., costs as little as $99.95 for individual use, or $2,875 to place the program on 25 computers. It is marketed mainly to employers to monitor their workers and to parents to keep tabs on their children’s computer activities.

“Monitor everything they do,” says SpectorSoft’s Web site. “Catch them red-handed by receiving instant alerts when keywords or phrases are typed or are contained in an e-mail, chat, instant message or Web site.”

The F.D.A. program did all of that and more, as its operators analyzed the results from their early e-mail interceptions and used them to search for new “actors,” develop new keywords to search and map out future areas of concern.

The intercepted e-mails revealed, for instance, that a few of the scientists under surveillance were drafting a complaint in 2010 that they planned to take to the Office of Special Counsel. A short time later, before the complaint was filed, Dr. Smith and another complaining scientist were let go and a third was suspended.

In another case, the intercepted e-mails indicated that Paul T. Hardy, another of the dissident employees, had reapplied for an F.D.A. job “and is being considered for a position.” (He did not get it.)

F.D.A. officials were eager to track future media stories too. When they learned from Mr. Hardy’s e-mails that he was considering talking to PBS’s “Frontline” for a documentary, they ordered a search for anything else on the same topic.

While the surveillance was intended to protect trade secrets for companies like G.E., it may have done just the opposite. The data posted publicly by the F.D.A. contractor — and taken down late Friday after inquiries by The Times — includes hundreds of confidential documents on the design of imaging devices and other detailed, proprietary information.

The posting of the documents was discovered inadvertently by one of the researchers whose e-mails were monitored. The researcher did Google searches for scientists involved in the case to check for negative publicity that might hinder chances of finding work. Within a few minutes, the researcher stumbled upon the database.

“I couldn’t believe what I was seeing,” said the researcher, who did not want to be identified because of pending job applications. “I thought: ‘Oh my God, everything is out there. It’s all about us.’ It was just outrageous.”

Andy Lehren contributed reporting.

FDA lawyers authorized spying on agency’s employees

FDA lawyers authorized spying on agency’s employees, senator says

By Ellen Nakashima and Lisa Rein, Published: July 16

Congressional investigators said Monday that the chief counsel’s office at the Food and Drug Administration authorized wide-ranging surveillance of a group of the agency’s scientists, the first indication that the effort was sanctioned at the highest levels.

In a letter to the FDA, Sen. Charles E. Grassley (R-Iowa) said that his staff had learned that the spying was “explicitly authorized, in writing” by the agency’s top legal office.

“The FDA’s actions represent serious impediments to the right of agency employees to make protected disclosures about waste, fraud, abuse, mismanagement, or public safety,” wrote Grassley, who demanded that the agency release a copy of the memo authorizing the surveillance and the name of the FDA official who requested it.

FDA spokeswoman Erica Jefferson said that the agency is looking into the matter. She said that the surveillance was limited in scope and reiterated that it was relegated to government computers. “We did not impede or interfere with any employee communication to Congress, their staff, media or federal investigators,” she said.

The disclosure marked the latest turn in an investigation of the FDA’s past efforts to monitor the communications of a group of its doctors who were expressing concerns about the safety of medical devices. As part of the effort, the FDA secretly collected thousands of private e-mails that the employees sent to one another, members of Congress, journalists, lawyers and others.

The FDA acknowledged Friday that targeted surveillance of five employees began in mid-2010, but it said that was not ongoing today, according to a letter sent to Grassley by Jeanne Ireland, the agency’s assistant commissioner for litigation. The FDA said Monday that the computer surveillance was limited to five employees. But an internal document shows that the agency targeted at least seven employees beginning in 2010.

The targeting of the employees’ communications, including e-mail and other online activities, was reported by The Washington Post in January. The agency monitored personal e-mail accounts accessed from government computers, took electronic snapshots of computer desktops and reviewed documents saved on hard drives.

The New York Times reported over the weekend that the scope of the surveillance was wider than first suspected, with the agency creating a database of 80,000 pages of computer documents collected from the scientists’ communications.

The database, apparently posted inadvertently online by an FDA contractor, included an FDA “scoping” document of targets for future e-mail interception that included congressional staff members. Also captured were draft complaints being prepared by the scientists to the Office of Special Counsel, an independent federal agency that investigates disclosures of government wrongdoing and retaliation against those who report it.

The OSC is investigating the FDA’s monitoring of its employees.

In June, OSC special counsel Carolyn Lerner warned federal agencies that monitoring their employees’ personal e-mail violated the law if the intent was to retaliate against whistleblowers. The White House distributed her warning to agencies across the government, an acknowledgment by the Obama administration that there are limits to employee surveillance.

Two years ago, the FDA’s parent agency, the Department of Health and Human Services, reminded it that employees have a right to air their concerns to Congress and journalists. The reminder accompanied a rejection by the HHS inspector general of the FDA’s request that it pursue a criminal investigation of the scientists’ activities.

Grassley, a member of the Senate Judiciary Committee, has been seeking answers from the FDA since January on the extent of the surveillance and who authorized it. On Friday, he accused the agency of “stonewalling” him after officials there responded to his inquiries by saying in a letter they are “still identifying and gathering evidence” in the matter.

“It is simply not credible that FDA went to such great lengths over the course of two years to monitor employees’ personal e-mail accounts, then spent six months crafting a reply to my questions about it, and yet still cannot identify who authorized the spying,” he said.

FDA computers post a warning to users, visible when they log on, that they should have “no reasonable expectation of privacy” in any data passing through or stored on the system, and that the government may intercept any such data at any time for any lawful government purpose.

Internal documents obtained under the Freedom of Information Act by the scientists, some of whom have been fired, show that the FDA was concerned that they had improperly disclosed con­fidential business information about several medical devices used to screen patients for colon cancer and breast cancer.

According to documents, the agency used software sold by SpectorSoft of Vero Beach, Fla., which is marketed to employers as a way to monitor “everything [employees] do,” including taking snapshot videos of the user’s computer screen, and sending instant alerts based on specific keywords, program activity and printing. SpectorSoft says that it can create reports on how users are communicating with one another, who is leaking confidential information or trade secrets, and who is transferring data to removable media such as USB drives.

The scientists who were targeted in the FDA’s effort have filed suit against the agency for violating their privacy and right to free speech.

“Given the public health and safety nature of the concerns raised by these doctors and scientists, any authorization by the chief counsel would be startling, disturbing and should result in a swift investigation,” said Stephen M. Kohn, an attorney for the scientists.

The extent of similar surveillance by other government agencies is unclear.

The Federal Maritime Commission, an independent agency that regulates international ocean transportation for U.S. exporters and importers, is under investigation by a House committee for spying on the personal e-mail communications of several employees with grievances against the commission’s management.

The commission apparently also used SpectorSoft software, said Rep. Darrell Issa (R-Calif.), chairman of the House Committee on Oversight and Government Reform, who opened an investigation of the agency in May.