The FDA has until Feb. 17 to respond.
The Washington Post reported last Monday that FDA scientists and doctors sued the agency for reviewing personal emails that contained plans to report peers to Congress who passed devices thought to be unsafe.
The suit demonstrates how cyber security policies intended to keep us safe, in effect, could be doing just the opposite under certain circumstances. In this case, intercepted emails focused on the coercion of FDA experts to change device reviews – to pass devices they had determined unsafe or ineffective – and plans by agency employees to report them.
Questionable devices, including the one for computer-assisted mammograms at issue, might remain on the market unquestioned if concerned government watchdogs fear pressing the send key on their Gmail accounts.
The FDA’s side of the story is that employees have no “reasonable expectation of privacy” on government computers because a warning message flashes when they power up their computers that says so. Even though the email account with Gmail or Yahoo is personal, the device is public domain.
The agency might be correct to dash claims to Fourth Amendment protections. It might also be correct to say employees have no free speech protections. A 2005 Supreme Court case clarified that the First Amendment only protects public officials when they are communicating as citizens, and Paul Hardy and Joanne Royce (among others) emailed as FDA employees.
President George W.Bush and President BarackObama after him supported review of all electronic communications in and out of federal agencies using a technology called Einstein. What once only tracked who talked to whom to comb for patterns posing a cyber security threat, now tracks what people discuss. Enter Hardy and Royce’s situation.
The issue of rights over personal email on company computers is not restricted to the federal government. The New York Times reported in 2008 that a finance company monitored one of its former employee’s Yahoo exchanges with his lawyer over his termination, when he left his account open on a company computer.
The 2008 case invoked the issue of attorney-client privileges. Now the government whistleblower-Congress relationship is in the mix of evolving laws controlling e-mail privacy.