The news that the US Food and Drug Administration (FDA) conducted a vast, covert operation that tracked and collected the computer communications of five scientific employees has been further fleshed out in a letter from US Senator Charles Grassley to the FDA Commissioner, Margaret Hamburg. It says that the FDA’s top legal official approved the operation in writing.
The letter came three days after the agency’s assistant commissioner for legislation, Jeanne Ireland, detailed and defended the agency’s actions in this seven-page letter from the FDA to Grassley on 13 July.
Beginning in 2010, the secret operation captured thousands of e-mails and related documents sent from the scientists to members of US Congress, congressional staff, lawyers and others. The agency captured, among other things, every keystroke on the scientists’ government-issued computers, and screenshots taken at five-second intervals. The scientists — four of whom were fired or not rehired by the agency when their temporary positions came up for renewal — were concerned with the agency’s approval of medical devices that they thought were unsafe.
The agency collected more than 80,000 pages of documents as it tracked the scientists, who worked in the FDA’s Center for Devices and Radiological Health (CDRH). These were inadvertently posted on a public website by an FDA contractor, Quality Associates, located in Fulton, Maryland. The cache — which has since been removed from the website — was first reported in this New York Times article on 14 July.
A small sampling of the trove that the Times unearthed is available here.
Yesterday, Grassley, an Iowa Republican who has made a specialty of tracking transparency and whistle-blowing issues at the FDA, wrote to Hamburg, in part:
“According to information provided to my office, spying on these employees was explicitly authorized, in writing, by the General Counsel’s Office. Please provide the name of the official at FDA who asked the General Counsel’s Office to look into this matter and please provide the memo drafted by the General Counsel immediately.”
It is not clear whether Grassley referred to the General Counsel of the Department of Health and Human Services, of which the FDA’s chief lawyer is a part, or to that lawyer, called the FDA’s Chief Counsel. She is Elizabeth Dickinson.
Grassley writes to Hamburg: “Interfering with a Congressional inquiry is against the law [and] denying or interfering with employees’ rights to furnish information to Congress is also against the law.”
The senator told Hamburg that is he is referring the matter to government’s Office of Special Counsel, an independent agency charged with investigating whistle-blower allegations and retaliation against whistle-blowers. He is also asking for investigations by the Inspector General of the FDA’s parent agency, the Department of Health and Human Services, and by the Department of Justice.
Grassley suggests in the letter to Hamburg that the FDA may have violated laws protecting whistle-blowers as well as a statute called the Stored Communications Act, which deals with the privacy of stored Internet communications. The latter imposes criminal penalties on anyone who “intentionally accesses without authorization a facility through which an electronic communication service is provided or… intentionally exceeds an authorization to access that facility.”
Grassley also accuses the FDA of “stonewalling and secrecy” for taking six months to provide an “incomplete and misleading” response to a letter he sent Hamburg in January, when the affected scientists filed suit against the FDA.
Hamburg’s response lays out many details of the operation, as well as the names of the scientists involved, and the circumstances under which the surveillance was started. It opens by calling the operation a probe of “the illegal and unauthorized release of confidential information,” and reads, in part, as follows:
“The impetus for the monitoring was not any communication to Congress. Rather, the impetus for monitoring was the March 2010 Times article and the receipt of the GE Healthcare letter just prior to the initiation of monitoring, which indicated that the preceding pattern of similar unauthorized disclosure of confidential information from other pending medical device applications and submissions was continuing unabated.”
Hamburg also writes that the monitoring had “two principal purposes: 1) To identify the source of the unauthorized disclosures, if possible, and 2) to identify any further such unauthorized disclosures so as to better enable FDA to facilitate their cessation.”
The agency has said that it cannot comment to reporters on specifics of the matter because it is in litigation. But today, Hamburg sent this statement to FDA employees. It reads, in part:
“I want to stress that the FDA’s ability to fulfill our mission of protecting and promoting public health necessarily relies upon our ability to protect confidential information. Protecting such information in our possession allows us to work with industry and other stakeholders to ensure the quality of FDA-regulated products and the integrity of FDA-decision-making.
“In 2010, the agency initiated monitoring limited to the government-owned computers of five CDRH employees. The impetus for the monitoring was a March 2010 New York Times article and a letter from GE Healthcare that indicated a pattern of unauthorized disclosures of confidential information related to pending medical device applications and submissions over the course of more than a year.
“The intent of the monitoring was to determine whether confidential commercial information had been inappropriately released and to stop any further unauthorized disclosures, since any such disclosures are a violation of the law.
“Although the FDA, as with other federal agencies, has the discretion to conduct appropriate monitoring of government computers, we do so only in very limited circumstances. We do not take lightly the decision to monitor government computers.”
Correction: This blog has been corrected from an earlier version, which said that FDA’s July 13 letter to Grassley was signed by Commissioner Margaret Hamburg.
UPDATE: July 18 2012, 1 pm
This July 16 letter from US Senator Charles Grassley to Quality Associates, the FDA contractor that inadvertently posted the thousands of pages of the scientists’ communications, notes that the National Institutes of Health (NIH) also had confidential data stored, and potentially put in the public eye, by the company.
Grassley writes to the company that “as of Friday, July 13, 2012, thousands of pages of NIH grant information, including internal emails and documents were easily accessible online through Quality Associates’ File Transfer Protocol site.” His letter notes that the biomedical agency has a $30 million contract with Quality Associates.
Today, NIH put out the following statement:
“NIH has received confirmation from Quality Associates Inc. that NIH confidential government information was not leaked or shared. NIH will continue to monitor the matter and is committed to protecting confidential information.”