From The New York Times, By ERIC LICHTBLAU and SCOTT SHANE, July 14, 2012: WASHINGTON — A wide-ranging surveillance operation by the Food and Drug Administration against a group of its own scientists used an enemies list of sorts as it secretly captured thousands of e-mails that the disgruntled scientists sent privately to members of Congress, lawyers, labor officials, journalists and even President Obama, previously undisclosed records show.
What began as a narrow investigation into the possible leaking of confidential agency information by five scientists quickly grew in mid-2010 into a much broader campaign to counter outside critics of the agency’s medical review process, according to the cache of more than 80,000 pages of computer documents generated by the surveillance effort.
Moving to quell what one memorandum called the “collaboration” of the F.D.A.’s opponents, the surveillance operation identified 21 agency employees, Congressional officials, outside medical researchers and journalists thought to be working together to put out negative and “defamatory” information about the agency.
F.D.A. officials defended the surveillance operation, saying that the computer monitoring was limited to the five scientists suspected of leaking confidential information about the safety and design of medical devices.
While they acknowledged that the surveillance tracked the communications that the scientists had with Congressional officials, journalists and others, they said it was never intended to impede those communications, but only to determine whether information was being improperly shared.
The agency, using so-called spy software designed to help employers monitor workers, captured screen images from the government laptops of the five scientists as they were being used at work or at home. The software tracked their keystrokes, intercepted their personal e-mails, copied the documents on their personal thumb drives and even followed their messages line by line as they were being drafted, the documents show.
The extraordinary surveillance effort grew out of a bitter dispute lasting years between the scientists and their bosses at the F.D.A. over the scientists’ claims that faulty review procedures at the agency had led to the approval of medical imaging devices for mammograms and colonoscopies that exposed patients to dangerous levels of radiation.
A confidential government review in May by the Office of Special Counsel, which deals with the grievances of government workers, found that the scientists’ medical claims were valid enough to warrant a full investigation into what it termed “a substantial and specific danger to public safety.”
The documents captured in the surveillance effort — including confidential letters to at least a half-dozen Congressional offices and oversight committees, drafts of legal filings and grievances, and personal e-mails — were posted on a public Web site, apparently by mistake, by a private document-handling contractor that works for the F.D.A. The New York Times reviewed the records and their day-by-day, sometimes hour-by-hour accounting of the scientists’ communications.
With the documents from the surveillance cataloged in 66 huge directories, many Congressional staff members regarded as sympathetic to the scientists each got their own files containing all their e-mails to or from the whistle-blowers. Drafts and final copies of letters the scientists sent to Mr. Obama about their safety concerns were also included.
Last year, the scientists found that a few dozen of their e-mails had been intercepted by the agency. They filed a lawsuit over the issue in September, after four of the scientists had been let go, and The Washington Post first disclosed the monitoring in January. But the wide scope of the F.D.A. surveillance operation, its broad range of targets across Washington, and the huge volume of computer information that it generated were not previously known, even to some of the targets.
F.D.A. officials said that in monitoring the communication of the five scientists, their e-mails “were collected without regard to the identity of the individuals with whom the user may have been corresponding.” While the F.D.A. memo described the Congressional officials and other “actors” as collaborating in the scientists’ effort to attract negative publicity, the F.D.A. said that those outside the agency were never targets of the surveillance operation, but were suspected of receiving confidential information.
While federal agencies have broad discretion to monitor their employees’ computer use, the F.D.A. program may have crossed legal lines by grabbing and analyzing confidential information that is specifically protected under the law, including attorney-client communications, whistle-blower complaints to Congress and workplace grievances filed with the government.
Other administration officials were so concerned to learn of the F.D.A. operation that the White House Office of Management and Budget sent a governmentwide memo last month emphasizing that while the internal monitoring of employee communications was allowed, it could not be used under the law to intimidate whistle-blowers. Any monitoring must be done in ways that “do not interfere with or chill employees’ use of appropriate channels to disclose wrongdoing,” the memo said.
Although some senior F.D.A. officials appear to have been made aware of aspects of the surveillance, which went on for months, the documents do not make clear who at the agency authorized the program or whether it is still in operation.
But Stephen Kohn, a lawyer who represents six scientists who are suing the agency, said he planned to go to federal court this month seeking an injunction to stop any surveillance that may be continuing against the two medical researchers among the group who are still employed there.
The scientists who have been let go say in a lawsuit that their treatment was retaliation for reporting their claims of mismanagement and safety abuses in the F.D.A.’s medical reviews.
Members of Congress from both parties were irate to learn that correspondence between the scientists and their own staff had been gathered and analyzed.
Representative Chris Van Hollen, a Maryland Democrat who has examined the agency’s medical review procedures, was listed as No. 14 on the surveillance operation’s list of targets — an “ancillary actor” in the efforts to put out negative information on the agency. (An aide to Mr. Van Hollen was No. 13.)
Mr. Van Hollen said on Friday after learning of his status on the list that “it is absolutely unacceptable for the F.D.A. to be spying on employees who reach out to members of Congress to expose abuses or wrongdoing in government agencies.”
Senator Charles E. Grassley, an Iowa Republican whose former staff member’s e-mails were cataloged in the surveillance database, said that “the F.D.A. is discouraging whistle-blowers.” He added that agency officials “have absolutely no business reading the private e-mails of their employees. They think they can be the Gestapo and do anything they want.”
While national security agencies have become more aggressive in monitoring employee communications, such tactics are unusual at domestic agencies that do not handle classified information.
Much of the material the F.D.A. was eager to protect centered on trade secrets submitted by drug and medical device manufacturers seeking approval for products. Particular issues were raised by a March 2010 article in The New York Times that examined the safety concerns about imaging devices and quoted two agency scientists who would come under surveillance, Dr. Robert C. Smith and Dr. Julian Nicholas.
Agency officials saw Dr. Smith as the ringleader, or “point man” as one memo from the agency put it, for the complaining scientists, and the surveillance documents included hundreds of e-mails that he wrote on ways to make their concerns heard. (Dr. Smith and the other scientists would not comment for this article because of their pending litigation.)
Lawyers for GE Healthcare charged that the 2010 article in The Times — written by Gardiner Harris, who would be placed first on the surveillance program’s list of “media outlet actors” — included proprietary information about their imaging devices that may have been improperly leaked by F.D.A. employees.
F.D.A. officials went to the inspector general at the Department of Health and Human Services to seek a criminal investigation into the possible leak, but they were turned down. The inspector general found that there was no evidence of a crime, noting that “matters of public safety” can legally be released to the news media.
Undeterred, agency officials began the electronic monitoring operation on their own.
The software used to track the F.D.A. scientists, sold by SpectorSoft of Vero Beach, Fla., costs as little as $99.95 for individual use, or $2,875 to place the program on 25 computers. It is marketed mainly to employers to monitor their workers and to parents to keep tabs on their children’s computer activities.
“Monitor everything they do,” says SpectorSoft’s Web site. “Catch them red-handed by receiving instant alerts when keywords or phrases are typed or are contained in an e-mail, chat, instant message or Web site.”
The F.D.A. program did all of that and more, as its operators analyzed the results from their early e-mail interceptions and used them to search for new “actors,” develop new keywords to search and map out future areas of concern.
The intercepted e-mails revealed, for instance, that a few of the scientists under surveillance were drafting a complaint in 2010 that they planned to take to the Office of Special Counsel. A short time later, before the complaint was filed, Dr. Smith and another complaining scientist were let go and a third was suspended.
In another case, the intercepted e-mails indicated that Paul T. Hardy, another of the dissident employees, had reapplied for an F.D.A. job “and is being considered for a position.” (He did not get it.)
F.D.A. officials were eager to track future media stories too. When they learned from Mr. Hardy’s e-mails that he was considering talking to PBS’s “Frontline” for a documentary, they ordered a search for anything else on the same topic.
While the surveillance was intended to protect trade secrets for companies like G.E., it may have done just the opposite. The data posted publicly by the F.D.A. contractor — and taken down late Friday after inquiries by The Times — includes hundreds of confidential documents on the design of imaging devices and other detailed, proprietary information.
The posting of the documents was discovered inadvertently by one of the researchers whose e-mails were monitored. The researcher did Google searches for scientists involved in the case to check for negative publicity that might hinder chances of finding work. Within a few minutes, the researcher stumbled upon the database.
“I couldn’t believe what I was seeing,” said the researcher, who did not want to be identified because of pending job applications. “I thought: ‘Oh my God, everything is out there. It’s all about us.’ It was just outrageous.”
Andy Lehren contributed reporting.
A version of this article appeared in print on July 15, 2012, on page A1 of the New York edition with the headline: Vast F.D.A. Effort Tracked E-Mails Of Its Scientists.