Insider Threat Programs Could Chill Whistleblowing, Agency Warns

Agencies throughout the federal government should evaluate whether insider threat programs and electronic monitoring of employee communications are chilling would-be whistleblowers, according to new guidance issued last week by the main agency tasked with protecting federal whistleblowers. The Office of Special Counsel (OSC), which issued the guidance, sent three memos that update the government’s interpretation of whistleblower protection laws.

The first memo covers recent legislation regarding training, evaluations, and new mandatory minimum penalties for engaging in whistleblower retaliation. The second covers the issue of overly broad non-disclosure agreements, and the last focuses on insider threat programs and the monitoring of employee communications.

The guidance comes on the heels of concerns the Project On Government Oversight raised last year that insider threat programs, restrictions on speaking to Congress and the media, and other efforts to contain unauthorized leaks were silencing would-be whistleblowers. These policies sometimes fail to distinguish between unauthorized or illegal leaks and legally protected whistleblower disclosures.

Last August, POGO wrote to the OSC requesting that they investigate the Energy Department for a potential violation of whistleblower protection laws, which bar the use of non-disclosure policies that don’t inform employees of their whistleblower rights. At issue was an Energy Department Insider Threat poster that dramatically declared, “every leak makes us weak.” The poster made no effort to distinguish between leaking and whistleblowing. Without clarification, employees could easily interpret the statement as a condemnation of talking to Congress or making whistleblower disclosures of unclassified information to the media—actions that are protected by law. In addition, POGO requested that the OSC tell the Energy Department to either issue an official clarification or remove the posters, and recommended that OSC update and re-issue its guidance on the subject.

As part of that recommendation, POGO specifically suggested that OSC expand upon previously issued guidance in order to make it clear that employee disclosures to Congress are protected and should not be monitored by insider threat programs. The previous guidance on the subject described how these programs could “interfere with or chill employees from lawfully disclosing wrongdoing” to Inspectors General or OSC. The new guidance in the OSC’s third memo addresses that, stating that overly broad agency monitoring risks discouraging protected whistleblowing, which “is not limited to contact with OSC or IGs” (Inspectors General) but also includes disclosures to “officials outside their chain of command, to Congress, or to the media.”

OSC acknowledges the validity of protecting classified information, and highlights the importance of striking a balance between “safeguarding these types of information and discouraging protected disclosures.” It also notes how reporting whistleblowers to insider threat programs “creates a false impression that they have engaged in misconduct” and suggests to the whistleblower that “they are being tracked by their agencies.” Such problems can reduce whistleblowing and “impede efforts to reduce government waste, fraud, and abuse.”

In November, POGO found another agency appearing to violate whistleblower protection laws. A June 2017 memo from Customs and Border Protection to the U.S. Army Corps of Engineers regarding the border wall project stated that “no employee or contractor should talk to the public or media about the mission.” As we wrote at the time, “whistleblowers are the nation’s first line of defense against waste, fraud, abuse, and illegality within the federal government. Even if inadvertent, deterring whistleblowing in an effort to stymie leaks makes the federal government less effective and less efficient.”

Recent events show that this is an ongoing issue. On Monday, Senator Chuck Grassley (R-IA) sent a letter to the Justice Department about a January 31 memo restricting employees’ contact with Congress. Grassley asked that they revise their policy to comply with the legal requirements that such restrictions explicitly do not apply to whistleblower disclosures.

In OSC’s second memo, they address this issue, stating:

Last, OSC urges agencies to be mindful…when they educate employees about any information security or communication requirements or restrictions.… agencies should not convey information in a way that may have a chilling effect on lawful whistleblowing.

In the first of the three memos, the OSC provides information about minimum punishments for those who have engaged in retaliation, new training requirements, and updated evaluation standards. For example, after the first substantiated case of retaliation, the retaliator’s manager is required to propose at least a three-day suspension. After a second time, the manager is required to propose removal. This guidance reflects the standards set by the Dr. Chris Kirkpatrick Whistleblower Protection Act of 2017, which President Trump signed into law last October.

Whistleblowers play a vital role in exposing corruption and other misconduct in the federal government. These memos are intended to spark greater awareness of whistleblower protections in the federal government and to provide guidance for agencies striving to counter genuine insider security threats without chilling whistleblowers. Unfortunately, overzealous agency efforts to combat leaks could end up discouraging would-be whistleblowers—whose disclosures could save lives and money and prevent government overreach and abuse of power—from speaking out. For their own good, agencies should ensure that this does not happen.