Before the United States House of Representatives
Committee on Oversight and Government Reform
Hearing, “Limitless Surveillance at the FDA: Protecting the Rights of Federal Whistleblowers”
February 26, 2014
Thank you, Chairman Issa, for calling this important hearing and for the great work you and your staff have done.
Together, we have conducted a detailed investigation into the Food and Drug Administration’s (FDA) aggressive surveillance of whistleblowers.
A group of FDA scientists expressed concerns about the safety of certain devices under review by the agency.
They expressed their concerns to the President’s transition team and to Congress.
They also contacted the Office of Special Counsel, which is an agency created by Congress to receive whistleblower complaints and protect whistleblowers from retaliation.
The FDA knew that contacts between whistleblowers and the Office of Special Counsel are confidential and protected by law.
However, the FDA was intently spying on the whistleblowers.
There was no effort to avoid snooping on legally protected communications.
This surveillance was much more intense than the routine monitoring of government employees on government computers.
It was far more invasive than what would be necessary to detect inappropriate use of the computer systems.
The agency captured a picture of whatever was on the screen every five seconds, and recorded every keystroke typed.
Again, the FDA did not monitor every FDA employee this aggressively -- just the whistleblowers.
When we first spoke to the FDA in January 2012, they tried to dodge the issue.
When I started asking questions, FDA officials seemed to suffer from a sudden case of collective amnesia.
It took the FDA more than six months to answer my letter asking about its surveillance of its own employees.
When I finally received the response, it didn’t even answer the simplest of questions, such as who authorized this targeted operation.
Worse than that, it was misleading in its denials about intentionally intercepting communications with Congress.
When I asked them why they couldn’t just answer some simple questions, they told my staff that the response was under review by the “appropriate officials in the Administration.”
The FDA’s non-answers and double-speak would have fit right into a George Orwell novel.
The work our staffs have done together uncovered answers to many of those initial questions.
Today, we will hear from some of the FDA employees involved in the surveillance.
There can be legitimate reasons to monitor the use of government computers by government employees.
However, as our joint report shows, FDA officials gave little, if any, thought to the legal limits that might restrict their power to monitor employees.
No one at the FDA made any attempt to limit the collection of legally protected communications with attorneys, with the Office of Special Counsel, or with Congress.
The FDA trampled on the privacy of its employees and their right to make legally protected disclosures of waste, fraud, or abuse.
These whistleblowers thought the FDA was caving to pressure from the companies that were applying for FDA approval.
I don’t know whether they were right, but they have a legal right to express those concerns.
After expressing their safety concerns, two whistleblowers were fired.
Two more were forced to leave the FDA.
And five of them were subjected to an intense spying campaign.
At the beginning of FDA Commissioner Hamburg’s term, she said that whistleblowers exposed critical issues within the FDA.
She vowed to create a culture that values whistleblowers.
In fact, in 2009, she said, and I quote, “I think whistleblowers serve an important role.”
I wanted to believe Commissioner Hamburg when she testified before the Senate during her confirmation.
I wanted to believe her when she said she would protect whistleblowers at the FDA.
However, in this case, the FDA was certainly not a whistleblower-friendly place to work.
FDA managers believed that the whistleblowers were leaking confidential information improperly.
But the managers also claimed that there were many other problems with the job performance of the targeted employees.
Performance issues should be handled by directly supervising and managing employees.
Instead, the FDA asked the HHS Office of Inspector General to investigate whether the whistleblowers had violated the law.
The Inspector General declined on multiple occasions, but FDA managers kept asking for a criminal inquiry.
Rather than simply managing its employees, the FDA started spying on them.
The managers kept looking for information that would convince the Inspector General to seek a criminal prosecution.
It was a sort of management by investigation.
That’s no way to run an agency.
According to the OIG and later the Department of Justice, the FDA had no evidence of any criminal wrongdoing by the whistleblowers.
None would ever be found.
The FDA spent months using intrusive real-time surveillance of their employees’ computers, looking for evidence of a crime.
That time and effort would have been better spent supervising and managing the employees directly.
FDA claimed that their employees had no expectation of privacy on their FDA computers.
However, when interviewed by congressional investigators, none of the FDA officials were willing to accept full responsibility for authorizing the surveillance.
Apparently, no one was properly supervising this invasive surveillance program.
The monitoring software used was so comprehensive, it took countless hours just to review all of the material.
It was a detailed record of everything each of the scientists did, all day, every day, for months.
Hundreds of thousands of screen images had to be reviewed by FDA contractors, all at taxpayer expense.
So what kind of legal guidance was provided to these contractors about what they could capture?
None.
We would not have known the full extent of the spying today if the FDA had not accidently released 80,000 pages of the fruits of its spying on the Internet.
Talk about adding insult to injury.
After collecting all of this information in an effort to supposedly prevent leaks, the same agency ends up posting all those documents online for the world to see.
In these internal documents that FDA never wanted the public to see, it refers to the whistleblowers as “collaborators.”
FDA refers to congressional staff as “ancillary actors.”
FDA refers to the newspaper reporters as “media outlet actors.”
The FDA claimed it was a mistake made by the company it hired to convert surveillance records for legal review.
That wasn’t true.
The FDA incorrectly filled out a purchase order for the work.
The FDA did not mark the documents as confidential or sensitive, and it didn’t even fill out the form until after the work had been done.
Our inquiry uncovered no record that the private contractor was told that the documents were sensitive.
So, the FDA failed to classify these documents as sensitive and then tried to blame the small business it hired to convert the documents.
This is the theme that comes up time and again in this story.
The FDA has failed to accept responsibility for its actions or impose accountability.
This is from an agency that purportedly wants to foster a culture where whistleblowers are valued.
The FDA’s actions are disappointing.
But, it would be even worse if it fails to learn from its mistakes.
All agencies need to learn from these mistakes.
There need to be more comprehensive, policies on employee computer monitoring across the entire government.
These policies need to ensure that any monitoring is limited to achieve only a legitimate purpose.
Watching an employee’s every move leads to a culture of intimidation and fear.
That’s no way to encourage whistleblowers or value their concerns.
Thank you for inviting me to testify today.