Case Raises Questions over Email Privacy

A first-of-its-kind lawsuit claims two federal agencies violated employee rights and retaliated against them for whistle blowing by monitoring out-of-network email content. While such monitoring by private-sector employers seems to be protected by federal law, the case will almost assuredly prompt similar lawsuits.

This story comes from HRE Online:

Can a government agency target its email monitoring to investigate suspected whistleblowers? And can that agency monitor and seize private emails — even those in password-protected Gmail or Yahoo! accounts — just because they were viewed on government-issued computers or networks?


These and other questions are being raised in a first-of-its-kind case stemming from the U.S. Food and Drug Administration’s monitoring of six employees after it was discovered they had taken their concerns about perceived agency missteps to congressional authorities.


FDA officials “were aware” that the plaintiffs were among a group of FDA scientists who told the House Energy and Commerce Committee in November 2008 that senior managers within the FDA’s Center for Devices and Radiological Health “ordered, intimidated and coerced [them] to modify their scientific reviews, conclusions and recommendations in violation of the law,” according to Hardy vs. U.S. Department of Health and Human Services, and U.S. Food and Drug Administration, filed on Jan. 25 in U.S. District Court for the District of Columbia.


On Jan. 7, 2009, about two months after taking their concerns to Congress, the scientists wrote to John Podesta of the Obama transition team, saying that computer-aided-detection devices to be used with breast mammograms were neither safe nor effective, but were approved by the FDA anyway, “in a flawed process that ignored the science,” the complaint states.


The suit describes secret email-monitoring and search-and-seizure operations that were “in retaliation for their protected speech [and including] the interception of private communications sent to congressional representatives … created on government-issued computers” and sent through government networks.


The plaintiffs argue their disclosures are protected because they related to “corruption within the FDA device-view process; managerial misconduct; dangers to public health, welfare and safety; and retaliation against whistleblowers,” the suit states.


As federal employees, they have a right to privacy under the First Amendment, which “the U.S. Supreme Court has specifically said protects whistleblowers,” says Stephen M. Kohn, partner with Kohn, John & Colapinto in Washington, who is representing the plaintiffs.


Kohn says the FDA also violated his clients’ rights under the Fourth Amendment, by conducting an illegal search and seizure of their private email communications in areas where they had a reasonable expectation of privacy; the Fifth Amendment, by taking and converting private emails without due process or just compensation; and the Lloyd-LeFollette Act, by interfering with their right to petition Congress with retaliatory conduct.


“We’re not saying that routine system monitoring is illegal,” Kohn says. “It’s the targeting of a protected class that is illegal.”


FDA spokesperson Erica Jefferson says her agency’s “targeted monitoring of the email content of these individuals was [only] initiated … when it was brought to our attention by a company that confidential and proprietary information had been leaked to the public.”


The FDA, she says, “believed that someone in the FDA may have been the source of that leak and efforts were made to identify the source internally. FDA’s monitoring was designed to determine whether confidential information had been inappropriately released. It is not general agency practice to monitor … employees’ computers beyond the monitoring necessary for compliance with the Federal Information Security Management Act.”


The defendants have until March 26 to officially answer the complaint.


The question is whether the FDA’s monitoring went beyond the standard monitoring procedure and protocol for all employees. Kohn says it did.


It is a question that may also play a role in private-sector discrimination or retaliation cases involving whistleblowers.


“If employees were to believe that to report misconduct, they would be subjected to many years’ worth of email monitoring,” says Kohn, ” … well, clearly that would have a chilling effect on their right to free speech.”


Nancy Flynn, executive director of The e-Policy Institute in Columbus, Ohio, says the allegations should be a reminder to all employers that they need to make sure employees understand their employer-owned computers are subject to monitoring.


She says that “federal law gives all employers the right to monitor all computer activity — any and all content that is transmitted, created, stored, viewed, uploaded, downloaded, on the company network or off the company network.”


“There’s a misconception by employees that opening up a password-protected account gives them the right to privacy” on a company-provided computer, says Flynn, whose latest book, The Social Media Handbook, is due out in March.


“Do some employers monitor because they’re nosy and they want to make the case against someone? Sure,” she says. “But that’s not the majority of reasons for monitoring. Employer monitoring is set up for the purposes of protection, business interests, compliance and legal content coming into and out of their systems.


“Bear in mind,” she adds, “employers have an obligation to turn over any unlawful — or suspected unlawful — or, in light of the Patriot Act, terrorist — content or activities. Some might retaliate, but that’s not the norm.”


It’s especially not the norm in the private sector, says Ron Chapman, a Dallas-based shareholder with Ogletree, Deakins.


“In the private world,” he says, “companies have way too much to do to be worrying about who is whistleblowing or not. They spend too much money and effort to stay within compliance” to make snooping after whistleblowers worth the energy and expense.


Chapman does agree that the FDA case is unique and “cutting-edge,” and it’s the first he’s aware of in which email monitoring has been considered retaliatory for whistleblowing.


“I suspect this story will encourage others to file similar suits,” he says. “How far they’ll go, though, remains to be seen.”