Top Commerce Watchdog Exposed a Whistleblower’s Identity

This summer, in the course of a bipartisan congressional inquiry into allegations of whistleblower retaliation, a high-ranking federal official forwarded to colleagues a letter from two top lawmakers containing the name of the whistleblower who had accused her of reprisal. The lawmakers had sought to keep that whistleblower’s identity confidential by redacting their name in the public version of the letter. But after a staff member forwarded their boss, Commerce Inspector General Peggy Gustafson, an unredacted version of the letter accusing her of reprisal, Gustafson then circulated it to others within her office. Her employees shared this sensitive information even more widely within, and eventually beyond, the agency.

The previously unreported exposure has prompted rebukes from lawmakers in a string of congressional correspondence over the last few months.

This is far from the first time that a confidential whistleblower’s identity has been put at risk, but this violation is particularly serious as it involves Gustafson, the Commerce Department’s top watchdog official, who by law has special obligations to protect whistleblower confidentiality.

“As an Inspector General, you must understand the importance of protecting whistleblower anonymity as well as the fact that purposefully disclosing a whistleblower’s identity can, in some circumstances, constitute a violation of law,” Representatives Frank Lucas (R-OK) and Zoe Lofgren (D-CA), the chair and ranking member of the House Science, Space, and Technology Committee, wrote to Gustafson this June.

Lucas and Lofgren say the disclosures were no accident. “The Committee was disturbed to learn that you intentionally disclosed the identity of the whistleblower whose allegations against you and others this Committee is investigating,” they wrote to Gustafson in another letter.

Whether the circulation of the whistleblower’s identity was intentional or not, Gustafson had already been accused of retaliating against them, which is what initially prompted the House science committee’s probe. The committee’s leaders say it is particularly troubling when an office of inspector general, which is supposed to be a protected channel for employees who disclose wrongdoing, is itself accused of whistleblower retaliation.

“Retaliatory behavior from within offices of inspectors general against their own staff fundamentally undermine the purpose of the OIG and will not be tolerated,” Lucas and Lofgren wrote in a letterco-authored with other committee members earlier this year.

This episode raises questions about how well the Commerce Department’s Office of Inspector General and other federal watchdogs protect the identities of whistleblowers — and whether some within these offices are too cavalier with this responsibility. It isn’t the only time a watchdog has been found to have compromised identifying information. Earlier this year, a federal panel that examines allegations of watchdog misconduct found that the inspector general of the Commodity Futures Trading Commission (CFTC) inappropriately disclosed whistleblower identities.

Unlike the whistleblower at Commerce, however, the CFTC whistleblowers whose identities were disclosed were not making allegations against their agency’s own watchdog.

Congressional letters about the Gustafson affair have been sparse on the details of the accusations against her. Aside from reprisal, an April letter states that she and senior officials have been accused of “gross mismanagement, lack of productivity, and the publication of false or misleading statements to Congress.”

Those accusations are no small matter: Gustafson’s office oversees a number of important agencies and programs within the Commerce Department including the Census Bureau, the National Oceanic and Atmospheric Administration, and the Patent and Trademark Office. More recently, the Department has been tasked by Congress with implementing the nearly $50 billion CHIPS and Science Act of 2022, meant to spur semiconductor manufacturing in the U.S. and seen by many as vital to national security and the future of the U.S. economy. In recent congressional testimony, Gustafson pledged “independent, continuous oversight of the program.”

Gustafson has previously faced congressional scrutiny sparked by allegations of misconduct from internal whistleblowers, as POGO reported in February 2020.

That same month, Gustafson’s office contracted with the National Academy of Public Administration (NAPA) to assess her employees’ views and engagement. According to NAPA’s study, obtained by POGO through the Freedom of Information Act, “the goal … was to understand the underlying conditions and phenomena” behind a federal employee survey reflecting staff “challenges in engagement and morale,” and make recommendations for improvement.

“OIG personnel talked about the role of some senior leaders’ behavior in hurting the effectiveness and productivity of the organization,” according to the NAPA report, which stated in a footnote that some employees specified that “senior leaders” included the inspector general herself. Three Senate committee chairs interviewed several staffers because of concerns related to the survey.

In 2021, an investigation by Senator Roger Wicker (R-MS), then-ranking member of the Senate Commerce Committee, said that the Commerce IG Office, “under the leadership of Inspector General Peggy Gustafson, has failed to identify wide-ranging abuses within the Investigations and Threat Management Service (ITMS).” The abuses within that internal security office revealed in Wicker’s report included disproportionate scrutiny of Asian American employees without an adequate basis. “One former senior Commerce Department official described the indiscriminate targeting of Chinese-Americans as a ‘fine line between extra scrutiny and xenophobia, and one that ITMS regularly crossed,’” according to Wicker’s report.

Gustafson told POGO that Wicker’s criticism was off-base. “Contrary to the ITMS comment by Senator Wicker, under my leadership we produced a hard-hitting report in 2021 on ITMS that summarized our investigations into many allegations and contained multiple findings of wrongdoing,” she said. “Our report was the basis for the Department to undertake an extensive internal review and take multiple actions, including eliminating the entire ITMS office and reviewing all open cases that ITMS was working.”

Certain measures have improved since 2020. For example, Federal Employee Viewpoint Survey scores for Gustafson’s office have gone up considerably, which Gustafson said reflects a variety of improvements made under her watch. She also cited a substantially decreased staff turnover rate as another indicator of her success in leading the office. Gustafson told POGO that the NAPA report “was useful in reflecting the state of the organization shortly after my arrival,” although it was initiated more than three years after she started in her current role.

And yet, congressional offices have continued to express frustration with Gustafson’s oversight of the Commerce Department and with her less than forthcoming responses to congressional requests for information.

The Spread of the Whistleblower’s Identity

In a July 7, 2023 letter sent to the committee by Gustafson and viewed by POGO, the Commerce watchdog offered her explanation of how the whistleblower’s identity was compromised. She said the unredacted letter was sent to a Commerce IG official who forwarded it to Gustafson the following day. Gustafson said she shared the letter with others in the office, but later tried to recall the email, to no avail as one recipient had already opened it and even shared contents. She asked lawyers to instruct staffers not to share, but by that point the whistleblower’s name had already made it outside of her department. The timeline of events as described by Gustafson is summarized below:

June 6: The House committee on science, space, and technology sent an unredacted version of the letter including the whistleblower’s identity to an IG employee, via email. The redactions in the letter make it impossible to identify why the request was initially sent to this official. Regardless, that employee forwarded the email containing the unredacted letter to Gustafson and another staffer.

June 8: “I opened the forwarded email and attachment on June 8, 2023, upon my return from a personal day for a family event,” Gustafson wrote. She then forwarded the committee’s document requests “to the specific OIG employees from whom responsive documents were requested” and to another employee “to begin collecting any responsive documents.”

June 9: Gustafson used Microsoft Outlook to recall the emails she had forwarded. She wrote, “the recall notice generated by Outlook indicated that the message was successfully recalled and deleted from inboxes and that two recipients … had not opened or read the message.” Gustafson instructed IG counsel to advise the third recipient “who had opened the message … on the need to keep the information contained in the document requests confidential and to not share the contents of the June 6 document requests with anyone else.” That third recipient then revealed he had discussed the contents of the email with two other employees. An attorney with the Commerce IG office instructed the third recipient to contact those two employees and “provide them the same advice” about the need to keep the matter confidential. Gustafson wrote that she then instructed an attorney to tell yet another employee about the need to keep the matter under wraps.

June 21 and June 22: Gustafson learned that an employee had used Microsoft Teams to screen-share the unredacted letter containing whistleblower’s name with a senior Commerce IG employee as well as an employee at the Department of Transportation watchdog office. “Both of these conversations occurred before I had seen the letter,” Gustafson wrote, adding that these employees also were later advised about the sensitivity of the matter.

Congressional Frustration

The spread of the whistleblower’s identity isn’t the only reason that Gustafson has raised the ire of House science committee leaders.

Since the committee launched its current probe back in April, the investigation has lagged due to Gustafson’s failure to produce congressionally requested documents in a timely manner. Even her letter explaining the leak arrived more than two weeks after the congressionally mandated June 20 deadline.

The House science committee apparently decided her explanation was too little too late and, on July 28, issued a striking condemnation, demanding future compliance with the ongoing investigation and giving her a new deadline of August 7 to respond to their letter. A spokesperson for the committee told POGO in an email that Gustafson did send information back by that deadline, but “for the most part it was substantially unresponsive.”

Gustafson disagreed with the characterization. “We’ve already provided thousands of pages of documents in a reasonable timeframe,” she told POGO. “I have always been willing to sit down with the members of the committee and explain anything they would like to know.”

Regardless of whether Gustafson fully satisfies the House science committee’s requests for information, the speed at which a whistleblower’s name spread within her office — and outside of it — raises broader questions about how watchdog offices, and Gustafson’s in particular, protect whistleblower identities.