- Insufficient authorization and guidelines. The monitoring was implemented with insufficient written authorization, no policy in place and no legal guidance given to the contractors conducting the monitoring. As a result, FDA captured communications that are protected by law, including communications with Congress, the media, and watchdog groups like Project on Government Oversight.
- Unlawful capturing of protected communications. Because no formal monitoring policy was in place, FDA managers did not understand the legal limits of employee monitoring. The FDA’s surveillance was not lawful, to the extent that it monitored communications with Congress and the Office of Special Counsel. Federal law protects disclosures to OSC and Congress.
- Lack of explanation for capture of future communications. Instead of looking back at previous communications using available tools, the FDA captured real-time communications of current and future communications. When interviewed, FDA managers and IT professionals failed to explain clearly how the rationale offered to justify the monitoring (investigating a past leak) was consistent with the method used (monitoring current activity).
- New policies do not offer sufficient whistleblower protections. In September 2013, the FDA issued interim policies that require written authorization prior to initiating employee monitoring. However, the policies do not offer sufficient protection for whistleblowers concerned about retaliation from agency officials.
You can read the complete joint report here.
|Staff Report: Limitless Surveillance at the FDA: Protecting the Rights of Federal Whistleblowers