Bad Watchdog Season 2 launches June 20.

Holding the Government Accountable

POGO's Angela Canterbury testifies on “Limitless Surveillance at the FDA: Protecting the Rights of Federal Whistleblowers”

Testimony by Angela Canterbury, Director of Public Policy,

Project On Government Oversight,

before the House Oversight and Government Reform Committee regarding

“Limitless Surveillance at the FDA:

Protecting the Rights of Federal Whistleblowers”

February 26, 2014

Chairman Issa, Ranking Member Cummings, and Members of the Committee, thank you for your oversight of protections for whistleblowers and for inviting me to testify today.

I am the Director of Public Policy at the Project On Government Oversight (POGO). Founded in 1981, POGO is a nonpartisan independent watchdog that champions good government reforms. POGO’s investigations into corruption, misconduct, and conflicts of interest achieve a more effective, accountable, open, and ethical federal government. Thus, POGO has a keen interest in protecting whistleblowers who assist in uncovering and deterring government waste, fraud, abuse, mismanagement, and threats to public health and safety.

Today I also am speaking as a member of the steering committee of the Make It Safe Coalition, a nonpartisan, trans-ideological network of organizations dedicated to strengthening protections for public and private sector whistleblowers. More than 400 groups have endorsed our efforts to strengthen whistleblower legislation, on behalf of millions of Americans.[1] Our coalition is deeply concerned with how surveillance of government and federal contractor employees threatens civil service rights, whistleblower protections, and taxpayer accountability.

The Food and Drug Administration (FDA) spied on whistleblowers—resulting in this hearing after significant media attention, statements and letters from concerned members of Congress, reports by my organization, lawsuits, and investigations by the Office of Special Counsel, the Health and Human Services (HHS) Inspector General, as well as the staff report for Chairman Issa and Senator Grassley, anticipated to be released in conjunction with this hearing.

The FDA Whistleblowers

The history of contention between FDA whistleblowers and the agency has been well documented. Thus, I will not delve into every detail, but instead will summarize and then highlight some of the more important facts. FDA physicians and scientists made whistleblower disclosures of their reasonable belief that the process for approving medical devices was broken, allowing potentially ineffective and unsafe products to be marketed. At a minimum, this resulted in reprisal for whistleblowing, allegations of leaks of confidential information, and inappropriate surveillance of FDA whistleblowers by the FDA—basically, a federal maelstrom of misconduct.

On October 14, 2008, a group of eight FDA physicians and scientists wrote to Representative John Dingell, then-Chairman of the House Committee on Energy and Commerce,[2] as reported by The New York Times about five weeks later. [3] In the letter, the whistleblowers described serious wrongdoing by mid-level and senior FDA officials involved in approving medical devices before they are marketed through the 510(k) program. Specifically, the whistleblowers stated that managers in the FDA’s Center for Devices and Radiological Health (CDRH) had “failed to follow the laws, rules, regulations, and Agency Guidance to ensure the safety and effectiveness of medical devices and consequently, they have corrupted the scientific review of medical devices. This misconduct reaches the highest levels of CDRH management including the Center Director and Director of the Office of Device Evaluation.”

The whistleblowers also asserted that “to avoid accountability, these managers at CDRH have ordered, intimidated and coerced FDA experts to modify their scientific reviews, conclusions and recommendations in violation of the law [and] . . . to make safety and effectiveness determinations that are not in accordance with scientific regulatory requirements, to use unsound evaluation methods, and accept clinical and technical data that is not scientifically valid nor obtained in accordance with legal requirements, such as obtaining proper informed consent from human subjects.”

The FDA whistleblowers also stated that when physicians and scientists objected to these practices by CDRH managers, the managers engaged in reprisals. The whistleblowers stated that they had then contacted top FDA officials, including FDA Commissioner Andrew von Eschenbach, but following this there was little or no change in the practices of CDRH managers. The writers concluded their letter to Representative Dingell: “As the Branch of government responsible for oversight of the FDA, we urgently seek your intervention and help.”

Energy and Commerce Chairman Dingell and Subcommittee on Oversight and Investigations Chairman Bart Stupak subsequently wrote to FDA Commissioner von Eschenbach on November 17, 2008, summarizing the statements of the FDA employees and reviewing some of the federal laws on retaliation against whistleblowers.[4]

On January 7, 2009, the FDA whistleblowers wrote to John Podesta, head of the Obama presidential transition team, raising these concerns and listing medical devices that the FDA had approved for marketing over the whistleblowers’ objection that there was a lack of sufficient evidence of efficacy or safety—an objection that they had expressed to the managers.[5] For example, the scientists had objected to the FDA approval process for computer-aided detection devices (CAD) used in breast and colon cancer detection because the scientists considered them not to be safe or effective. The FDA whistleblowers wrote a similar letter to President Obama on April 2, 2009.[6]

On January 15, 2009, Senator Grassley sent a letter to FDA Commissioner von Eschenbach echoing the concerns of the whistleblowers and emphasizing the right of the whistleblowers to communicate with Congress without interference.[7]

In February 2009, POGO issued a report authored by Dr. Ned Feder that additionally exposed misconduct and flaws in the medical device approval process.[8] Based on internal FDA documents obtained by POGO, The FDA’s Deadly Gamble with the Safety of Medical Devices shows that senior FDA officials in CDRH decided not to enforce a regulation—the Good Laboratory regulation or GLP—that helps protect patients from unsafe devices. The officials did this over the protests of CDRH scientists. Our report describes this and other serious problems in the FDA.

There was considerable coverage of the whistleblowing in print and broadcast media.[9] Some reports referred to the group of FDA scientists and physicians as the FDA whistleblowers or as the “FDA Nine.”[10] On March 13, 2009, FDA employees received an email from FDA Acting Commissioner Frank Torti informing them that “FDA must comply with its obligations to keep certain information in its possession confidential. . . .Violation of these provisions can result in disciplinary sanctions and/or individual criminal liability.”[11] Senator Grassley shot back with letter to Torti stating, “If the memo sent last week was intended to have a chilling effect on FDA employees who want to speak up about problems, then that memo is contrary to the President's call for open and transparent government, and the Acting Commissioner needs to set the record straight.”[12]

FDA Surveillance of the Whistleblowers

It isn’t clear exactly when it began, but the FDA admits that it conducted a secret surveillance program to monitor the whistleblowers’ emails and other computer-generated documents.[13]

The FDA claims the surveillance was in response to the unauthorized disclosure of confidential commercial information to journalists in 2009 and 2010. The targets were the individuals known to have blown the whistle in letters to Congress, President Obama, and the President’s Transition Team.

On April 21, 2010, the FDA received a request from the legal counsel for GE Healthcare, Inc. that the FDA investigate how information GE Healthcare considered a trade secret had appeared in a Times article on March 28, 2010.[14] The article included statements by two of the FDA whistleblowers.

Incredibly, the CDRH managers claim that it was in response to that letter that they began to use spyware on April 22, 2010, to conduct surveillance on one of the scientists quoted in the article[15]—which was only one day after the letter was received.[16] Instead of going to the HHS IG prior to beginning the investigation, as required by HHS procedures,[17] CDRH managers requested that the Office of Internal Affairs (OIA) investigate “unauthorized disclosure of information.”[18] The OIA rightly referred the matter to HHS IG in order to “remove any potential allegations of impartiality.”

HHS IG declined to investigate on May 18, 2010 in a letter stating:

Additionally, 5 U.S.C. § 1213, identifies that disclosures, such as the ones alleged, when they relate to matters of public safety may be made to the media and Congress as long as the material released is not specifically prohibited by law and protected by Executive Order or National Security Classification.[19]

Perhaps the CDRH managers improperly took matters into their hands because the HHS IG had declined a request by the FDA Commissioner’s Office to investigate an earlier alleged unauthorized disclosures related to the FDA whistleblowers’ whistleblowing in late 2008 and early 2009.[20] On March 26, 2009, then-FDA Assistant Commissioner William McConagha made a referral to HHS OIG after having received a letter of complaint from the attorney of device maker iCAD.

In any case, the CDRH managers spent the coming months spying on the FDA whistleblowers. Once they thought they had collected evidence of criminal violations, CDRH Director Dr. Jeffry Shuren, requested an HHS IG investigation.

Again, HHS IG declined to investigate the alleged unauthorized disclosures by the whistleblowers, but first consulted with the Department of Justice to determine if there was evidence of a criminal violation. DOJ declined to prosecute, and HHS IG closed the case with a November 15, 2010, declination letter to the Director of CDRH, which states:

Your office indicated it had developed sufficient evidence to address the misconduct through administrative process, and as such, no further action will be taken by the OIG.[21]

But instead of taking disciplinary action through an administrative process, CDRH managers continued their unauthorized spying on the whistleblowers.

This initially narrow surveillance quickly expanded into what The New York Times called, “a much broader campaign to counter outside critics of the agency’s medical review process.” [22] A program called Spector 360 was used to take screenshots “every five seconds, all e-mails sent or received on the laptops, all data stored on or printed from the computers, all keystrokes performed, and data stored on personal thumb drives attached to the computers.” Documents were cataloged in 66 huge directories reportedly containing more than 80,000 pages of computer documents culled from what must have been millions of data viewed by contractors hired by the CDRH managers to conduct the surveillance.

Swept up in the dragnet were whistleblower disclosures to congressional staff, the Office of Special Counsel, and my organization, the Project On Government Oversight.

On January 15, 2012, the FDA Whistleblowers filed a lawsuit claiming violations of their rights under the First, Fourth, and Fifth Amendments.[23]

Interestingly, none of this may have come to light if the documents captured in the surveillance had not been reportedly posted online by an FDA contractor.[24] The Washington Post reported that among the trove of FDA documents found to have been posted online, there were “Copies of the e-mails show that, starting in January 2009, the FDA intercepted communications with congressional staffers and draft versions of whistleblower complaints complete with editing notes in the margins.”[25]

The revelations of the surveillance set off a firestorm that led to this hearing today.[26] Naturally, Senator Grassley was incensed by the surveillance of the whistleblowers, having already warned the FDA to uphold legal protections for the whistleblowers.[27] On January 31, 2012, Senator Grassley sent the FDA Commissioner yet another strongly-worded letter pointing out that interfering with communications to Congress is a violation of the law.[28] He told The New York Times that agency officials “have absolutely no business reading the private e-mails of their employees. They think they can be the Gestapo and do anything they want.”[29]

Representative Chris Van Hollen said, “It is absolutely unacceptable for the FDA to be spying on employees who reach out to members of Congress to expose abuses or wrongdoing in government agencies.”[30] Investigations were begun or expanded by Senator Grassley, Chairman Issa, the HHS IG, and the OSC.

In two memos circulated together on June 20, 2012, the President’s Office of Management and Budget (OMB) and the OSC directed all agencies to “evaluate their monitoring policies and practices, and take appropriate steps to ensure that those policies and practices do not interfere with or chill employees’ use of appropriate channels to disclose wrongdoing.”[31] However, the FDA has not yet done so.

Unanswered Questions

It is not yet known whether the FDA whistleblowers will get the justice they seek or whether FDA managers will be held accountable for retaliation. The whistleblowers’ lawsuit is still pending, as is the OSC’s investigation into retaliation. Though the HHS IG did not investigate the alleged leaks of confidential information, the IG twice reviewed the claims of retaliation by the whistleblowers and did not substantiate retaliation.[32] However, POGO has long been concerned that the two reviews were conducted improperly.[33] The first HHS IG investigation focused on criminal wrongdoing, instead of non-criminal retaliation for whistleblowing. And, from our January 2011 letter to FDA Commission Margaret Hamburg regarding the second investigation:

The Office of Investigations did not conduct a new investigation, but instead initiated a “Special Inquiry.” According to the Investigative Memorandum of October 2010, the findings of the Special Inquiry were based on the “case file and all reports and evidence contained therein”—in other words, the findings of the recent Special Inquiry in September 2010 were based exclusively or almost exclusively on documentation gathered during the 2009 investigation. But the 2009 investigation was looking for the wrong things: criminal violations rather than administrative wrongdoing (i.e. alleged violations of FDA regulations and whistleblower retaliation).

Also still in question is whether the FDA medical device approval process has improved at all. Have the concerns raised in the first place by the FDA whistleblowers about ineffective and dangerous devices been adequately addressed?

In August of 2010, CDRH responded to the substance of whistleblowing by issuing an action plan and requesting an independent review of the troubled 510(k) program. [34] CDRH asked the Institute of Medicine (IOM) to conduct this review, and IOM determined the 510(k) program should be scrapped and replaced with an integrated premarket and post-market regulatory framework.[35] The IOM report states:

510(k) clearance is not a determination that the cleared device is safe or effective. The committee concludes that the 510(k) process lacks the legal basis to be a reliable premarket screen of the safety and effectiveness of moderate-risk devices and, furthermore, that it cannot be transformed into one.

The CDRH ignored this recommendation and continued the program.

In the 510(k) process, the whistleblowers objected to management overruling the scientists’ and physicians’ recommendations that the FDA should not approve a particular device for marketing. The FDA has regulations, including 21 CFR 10.70, describing clearly what must happen when there are “significant controversies or differences of opinion” over decisions.[36] However, managers violated these regulations, and the result was the marketing of devices that are unsafe or ineffective. POGO has repeatedly asked for more oversight to ensure that efficacy and public health and safety are the priorities in medical device approvals.[37]

The HHS IG has initiated investigations into FDA’s internal controls and quality review for 510(K) device approval process and CDRH’s policies for resolving scientific disputes.[38]

Undeniable: The FDA’s Improper Employee Surveillance

What is evident is that the FDA acted improperly in its surveillance of FDA whistleblowers. There is wide agreement that at a minimum the FDA improperly conducted employee surveillance and jeopardized whistleblower and privacy protections.

In addition, the FDA’s employee surveillance does not appear to have been effective as an investigative tool for the stated purpose. But employee surveillance is a handy tool for those seeking to chill whistleblowing and retaliate against whistleblowers. As with the NSA domestic surveillance, the risks to the rights of those under surveillance seem to outweigh the enhancements to security.

What’s at Stake?

Lives are at stake. The FDA’s problems can be deadly. There have been far too many ineffective and unsafe medical devices approved by the broken agency:

  • Inadequately tested metal-on-metal hip replacements caused a crippling, hard-to-treat disability.[39]
  • Defective cardiac defibrillators worked well when first implanted, but later some of them suddenly failed.[40]
  • Unclean syringes containing deadly bacteria caused serious and sometimes fatal infections.[41]
  • Old-fashioned pediatric feeding tubes caused fatalities because they lacked a well‑known, inexpensive safeguard that precludes accidental infusion of puréed baby food directly into the baby’s bloodstream.[42]

And this is just medical devices. The FDA has also failed to contain deadly food contamination outbreaks[43] and have allowed dangerous drugs[44] on the market. The FDA isn’t doing its job and lives are at risk; and we have to ask: Why?[45]

Whistleblowers are the guardians of the public trust and safety. Without proper controls at FDA and throughout the government, employee surveillance is a serious threat to whistleblower protections. The resulting chilling effect will significantly reduce accountability—thus keeping waste, fraud, abuse, and threats to public health and safety in the shadows. Whistleblowers also are among the best partners in crime-fighting. It is a well-known fact that whistleblowers have saved countless lives and billions of taxpayer dollars.

A survey conducted in 2012 by the Association of Certified Fraud Examiners found that nearly half of occupational fraud cases were uncovered by a tip or complaint from an employee, customer, vendor, or other source.[46] In the case of fraud perpetrated by owners and executives, more than half were uncovered by tips from whistleblowers. A 2011 academic study confirmed that whistleblowers play a bigger role than external auditors, government regulators, self-regulatory organizations, or the media in detecting fraud.[47]

But perhaps the best illustration of how whistleblowers can save taxpayer dollars is the more than $38 billion recovered since 1987 through the hugely successful False Claims Act (FCA), championed by Senator Grassley.[48]

The FCA prohibits a person or entity from fraudulently or dishonestly obtaining or using government funds. The law not only acts as a deterrent, but also incentivizes whistleblowing through the financial awards and strong protections against retaliation.[49] Federal Circuit Court Judge Kenneth Keller Hall said that the FCA provisions supplement the government’s “regular troops” since it “let loose a posse of ad hoc deputies to uncover and prosecute frauds against the government."[50]

But unfortunately, the cost-benefit analysis for most whistleblowing is so often all cost to the whistleblower and all benefit to society. Professor Richard E. Moberly in his testimony before Congress aptly stated:

Furthermore, almost all the benefits of a whistleblower’s disclosure go to people other than the whistleblower: society as a whole benefits from increased safety, better health, and more efficient law enforcement. However, most of the costs fall on the whistleblower. There is an enormous public gain if whistleblowers can be encouraged to come forward by reducing the costs they must endure. An obvious, but important, part of reducing whistleblowers’ costs involves protecting them from retaliation after they disclose misconduct.[51]

Whistleblowing works for the public, but not without strong protections for the whistleblower. Recognizing this, Congress has repeatedly strengthened the rights and procedures available to whistleblowers. In 2012, Chairman Issa and Ranking Member Cummings—along with Representative Van Hollen, then-Representative Platts, and their Senate colleagues—championed the latest enhancements to federal employee protections with the enactment of the Whistleblower Protection Enhancement Act.[52] While these reforms go a long way to improve the prospects for whistleblowing on government wrongdoing, employee surveillance, left unaddressed, seriously undermines these and other statutory protections for whistleblowers that Congress intended.

An Opportunity for Reform

This committee’s attention to the unacceptable actions of the managers at FDA will hopefully serve as a catalyst for government-wide reforms. Certainly security concerns and available technology will outstrip the protection of civil liberties, whistleblower protections, and other constitutional rights unless there is a concerted effort to consider all of these goals together. We can and should move towards a better policy and to ensure more accountability now. But if left to their own devices, the agencies cannot be expected to get this right.

The FDA and other agencies should not be in the surveillance or law enforcement business. Federal agencies cannot be allowed to police themselves—that is why we have IGs, the OSC, DoJ, and Congress.

Investigations of unauthorized, illegal disclosures of information and other criminal misconduct must be conducted by law enforcement investigators—such as the FBI or the Inspectors General—not bureaucrats. While we acknowledge there may be a very limited need for agencies to gather evidence of wrongdoing by employees when there is reasonable suspicion of non-criminal misconduct, the electronic surveillance is ripe for abuse—as demonstrated by the FDA. Even with just cause and proper controls, it will be difficult, if not impossible to ensure constitutional rights are not violated.

To what end? As with the NSA domestic surveillance, the risks to our rights may be greater than the ability of the surveillance to protect against risks to security.

On September 12, 2012, FDA Commissioner Hamburg issued a memorandum directing the Chief Information Officer (CIO) and Chief Counsel to “promptly develop a written procedure” for employee surveillance that includes some safeguards (Hamburg Memo).[53] Presumably, that written procedure is embodied in the interim policies and procedures established last September by the FDA in its Staff Manual Guide (Interim Policy).[54] No doubt the FDA is in a tough spot, attempting to put into place a process that is more proscribed for surveillance critics, but also placating the lawyers for drug and device companies that demand that information be kept confidential.

Needless to say, the FDA doesn’t have it right yet.

Nothing in this policy would prevent the FDA Commissioner or Chief Operating Officer from using information collected by the surveillance as retaliation for whistleblowing or providing it to others who might. The policy does little to lift the chilling effect at FDA that fosters waste, fraud, abuse, and threats to public health and safety. How can the FDA ensure the public’s health and safety if scientists and physicians are too afraid to come forward when deadly mistakes are made?

Instead, the interim policy would allow the FDA managers to control a vast and far-reaching surveillance program without any oversight from an independent outside entity. Rather than protect whistleblowers from unwarranted FDA surveillance, this policy protects the FDA from whistleblowers and shields it from accountability.

Simply stating that the FDA will follow existing laws to protect whistleblowers is not enough—the procedures do not build in strong, substantive safeguards. The Interim Policy does attempt to protect some sensitive communications by prohibiting the targeting of communications with law enforcement, the OSC, members of Congress or their staff, employee union officials, or private attorneys. However, it does not include a similar prohibition on other protected disclosures—most notably, public whistleblowing, which is protected as long as the disclosure of the information is not prohibited under law.

Congress protected public whistleblowing because we live in a democracy that relies on an informed public and freedom of the press. In numerous instances, threats to public health and safety, waste, fraud, and abuse and other wrongdoing would never have come to light or been addressed without public whistleblowing.[55]

The FDA has not ensured employees, contractors, and grantees can exercise all of their legal rights without fear of retaliation. Thus, any final policy must prohibit specifically monitoring communications with anyone that may include a protected disclosure. According to the Whistleblower Protection Act, these communications would include a reasonable belief that the disclosure evidences “any violation of any law, rule, or regulation; or gross mismanagement, a gross waste of funds, an abuse of authority, or a substantial and specific danger to public health or safety.'[56]

In practice, it may be difficult, if not impossible, to prevent the inadvertent capture of protected disclosures while monitoring employee communications. Therefore, any final policy must mandate a legal review and express authorization before any potentially protected communication that is collected is shared. Notification of potential legal pitfalls to recipients of collected information, as called for in the Hamburg Memo, is woefully insufficient.[57]

The FDA must do more to ensure all agency personnel and federal fund recipients are better trained in whistleblower protections. Under the WPA, it is the responsibility of the head of each agency, in consultation with the Office of Special Counsel, to ensure that agency employees are informed of the rights and remedies available to them under the Whistleblower Protection Act.[58] The OSC, has a certification program which allows agencies to demonstrate that they have fulfilled this legal obligation. Last year, only three agencies sought and received certification—and, remarkably, the FDA was not one of them.[59] Clearly, certification should not be voluntary.

Last December, in its second National Action Plan for the Open Government Partnership, the Obama Administration committed to taking steps over the next two years with the stated goal of strengthening and expanding protections for federal whistleblowers.[60] These commitments include mandating participation in the Office of Special Counsel’s Whistleblower Certification Program. However, Congress should ensure that agency compliance with the WPA notification requirement and certification will continue into the future by putting the requirement into statute.

Federal contractors and grantees also are required to notify their employees of the whistleblower protections available to them.[61] There should be a mechanism to certify this compliance as well. Perhaps this could be part of the contracting or grant-making process, or the Whistleblower Ombudsmen in the Offices of Inspectors General could play a role. The Inspectors General have responsibilities to conduct investigations of claims of retaliation by contractor and grantee employees, as well as by national security and intelligence community workers.[62] Agencies are currently certifying compliance with Presidential Policy Directive 19, which protects national security and intelligence community whistleblowers. These certifications should be made public, but so far only the Department of Defense has done so.

Additionally, a memo and staff manual guide will not alone ensure that privacy, whistleblower, and civil service rights are protected in employee surveillance. The policies and procedures for safeguarding employee rights whenever investigations or surveillance is conducted should include penalties for violations and should have the force of law. Therefore, a permanent regulation for all of HSS—not just the FDA—would be most appropriate.

However, there ought to be a government-wide approach. The Department of Justice has the appropriate legal expertise for developing such policy, in consultation with the OSC and MSPB. Moreover, the FDA is only attempting to write a policy ad hoc because of all the unwanted attention it’s receiving. But what is to prevent other agencies from spying on employees without regard to the legal rights of these employees? Congress and/or the President must mandate a government-wide policy to protect whistleblower and other constitutional rights and prevent future abuses.

Of course, interfering with communications to Congress[63] and retaliating for whistleblowing[64] is against the law. Although the law does protect the identity of whistleblowers in other ways—the OSC and IG are prohibited from disclosing the identity of whistleblowers except in certain circumstances[65]—there is little to prevent other agencies from identifying whistleblowers by collecting communications. Congress should consider amending the WPA and contractor protections to specifically prohibit an agency from using collected communications to identify a whistleblower.

Today, we don’t know nearly enough about the scope of employee surveillance across the government. We hope that this committee will order a comprehensive study of how agencies are currently conducting surveillance of employees while protecting their rights. Far more needs to be known about current practices, legal protections, effectiveness, and cost. A government-wide study by the Government Accountability Office (GAO) and/or the Merit Systems Protection Board (MSPB) would provide the executive branch and Congress with a more complete picture and recommendations for best-practice policies.[66]

Naturally, there also must be a different approach with the ever-growing intelligence and national security workforce. More and more of the federal workforce is labeled as national security sensitive—and there is a jaw-dropping lack of oversight. The number of people cleared for access to classified information reached a record high in 2012, soaring to more than 4.9 million.[67] Add to that untold numbers of civil servants and contractors without access to classified information, but in positions labeled as national security sensitive.[68] In order to prevent leaks of classified information, it is critical that there are truly safe channels for legal disclosures.

We have long been concerned about the potential for abuse of whistleblowers as a result of Insider Threat programs mandated by the President and Congress.[69] The program pits employees against one another,[70] creating an atmosphere of suspicion and intimidation likely to silence would-be whistleblowers. Intended to protect national security, implementation of the Insider Threat Program at agencies that have little to do with national security issues suggests a serious overreach. Blurring the line between spies and whistleblowers can only harm national security. An investigation by McClatchy last year discovered that agencies were using the Insider Threat Program as grounds to pursue unauthorized disclosures of unclassified information—information that whistleblowers can legally disclose to anyone under current law.[71]

We hope this committee will also conduct rigorous oversight of whistleblower protections for the national security and intelligence community workforce.

Importantly, we must not lose sight of what brought us here today. Scientists at the FDA were concerned about a device approval process that they believed might put lives at risk. We urge you to ensure that the critical work being done by the CDRH puts the public’s health and safety first. Bureaucrats at FDA should not be allowed to overrule the findings of expert scientists and physicians, except under extraordinary circumstances. There are no criminal penalties for FDA officials who allow unsafe devices to be approved. FDA officials should be held accountable for approving ineffective or unsafe products, and flawed devices must be taken off the market. There must be far more transparency and less deference to the demands for confidentiality by the drug and device companies.

Finally, please do all you can to ensure the FDA whistleblowers get the justice that they deserve and that FDA managers are held accountable for any violations of the rights of the scientists and physicians who sought to make medical devices safer and more effective.

Thank you for the opportunity to testify before you today. POGO and the Make It Safe Coalition pledge to continue to work with you to fulfill the promise of a government that is truly open and accountable to the American people.

I look forward to your questions.

[1] Open letter from Project On Government Oversight et al., to President Barack Obama and Members of the 111th Congress, regarding strong and comprehensive whistleblower rights, September 23, 2011. (Downloaded November 15, 2013)

[2] Letter from FDA Whistleblowers to Representative John Dingell, regarding misconduct by FDA managers at the Center for Devices and Radiological Heath, October 14, 2008. (Downloaded February 24, 2014)

[3] Gardiner Harris, “F.D.A. Scientists Accuse Agency Officials of Misconduct,” The New York Times, November 17, 2008. (Downloaded February 24, 2014)

[4] Letter from Representative John Dingell, Chairman of the Committee on Energy and Commerce and Representative Bart Stupak, Chairman of the Subcommittee on Oversight and Investigations, to the Honorable Andrew von Eschenbach, Commissioner of the U.S. Food and Drug Administration, regarding the FDA whistleblowers and federal whistleblower laws, November 17, 2008. (Downloaded February 24, 2014)

[5] Letter from FDA Whistleblowers to John Podesta, Presidential Transition Team, regarding concerns and objections about FDA approved medical devices, January 7, 2009. (Downloaded February 24, 2014)

[6] Letter from FDA Whistleblowers to President Barack Obama, regarding their concerns about FDA misconduct, April 2, 2009. (Downloaded February 24, 2014)

[7] Letter from Senator Charles Grassley, Ranking Member Committee on Finance, to Honorable Andrew von Eschenbach, Commissioner of the U.S. Food and Drug Administration, regarding FDA whistleblowers and the right to communicate with Congress, January 15, 2009. (Downloaded February 25, 2014)

[8] Project On Government Oversight, The FDA's Deadly Gamble with the Safety of Medical Devices, February 18, 2009.

[9] “FDA scientists allege mismanagement at agency,” January 9, 2009. Video clip. Accessed February 24, 2014. (Downloaded February 24, 2014); Ricardo Alonso-Zaldivar, “FDA scientists complain to Obama of ‘corruption,’” The Associated Press, January 8, 2009. (Downloaded February 24, 2014); Alicia Mundy and Jared A. Favole, “FDA Scientists Ask Obama to Restructure Drug Agency,” The Wall Street Journal, January 8, 2009. (Downloaded February 24, 2014); Gardiner Harris, “In F.D.A. Files, Claims of Rush to Approve Devices,” The New York Times, January 12, 2009. (Downloaded February 24, 2014)

[10] Some of the whistleblowers were federal employees, and others were contractors. And the number of whistleblowers has changed over time—now there are only five seeking justice in court.

[11] Frank Torti, Acting Commissioner of Food and Drugs, e-mail message to FDA employees, “Re: Protecting Confidential Information,” March 13, 2009. (Downloaded February 25, 2014)

[12] Senator Chuck Grassley of Iowa, “Grassley works to protect FDA whistleblowers,” March 24, 2009. (Downloaded February 25, 2014)

[13] Letter from Jeanne Ireland, Assistant Commissioner for Legislation at the Food and Drug Administration, to Senator Charles Grassley, Ranking Member of the Committee on the Judiciary, regarding information about the FDA’s use of computer monitoring, July 13, 2012. (Downloaded February 24, 2014) (Hereinafter Letter from Jeanne Ireland, Assistant Commissioner for Legislation at the Food and Drug Administration)

[14] Gardiner Harris “Scientists Say F.D.A. Ignored Radiation Warnings,” The New York Times, March 28, 2010. (Downloaded February 24, 2014)

[15] Letter from Jeanne Ireland, Assistant Commissioner for Legislation at the Food and Drug Administration, p. 3.

[16] Kimberly Holden, Assistant Commissioner for Management at the Food and Drug Administration, e-mail message to Horace Coleman and Mark McCormack, “FW: Advice/Investigation,” April 23, 2010. (Downloaded February 25, 2014)

[17] The HHS manual states in part:

“A. In order to provide objective uniform procedures for the handling of allegations of wrongdoing covered by this chapter, it shall be the responsibility of the Office of Inspector General (OIG) to investigate allegations of wrongdoing reported to the OIG or to refer such allegations to the appropriate operating division (OPDIV), the appropriate staff division (STAFFDIV), to Assistant Secretary for Administration and Management (ASAM), to another law enforcement agency, or to another appropriate authority.

B. Every employee, supervisor, and management official shall report any allegations of criminal offenses he/she receives, immediately to the OIG, unless it is clear to him/her that the allegation is frivolous and has no basis in fact." . . .

D. Any employee who has authority to take, direct others to take, recommend, or approve any personnel action, shall not, with respect to such authority, take or threaten to take any action against any employee as a reprisal for making a complaint or disclosing information to a supervisor, management official, or the OIG.” Department of Health and Human Services, “General Administration Manual Chapter 5-10: Procedures for Reporting Misconduct and Criminal Offenses,” December 26, 2006. (Downloaded February 25, 2014)

[18] Mark McCormack, Office of Internal Affairs at the Food and Drug Administration, “Case Initiation and Fact Sheet,” May 14, 2010. (Downloaded February 25, 2014)

[19] Letter from Scott Vantrease, Assistant Special Agent in Charge, Special Investigations Branch of the Food and Drug Administration Office of the Inspector General, to Mark McCormack, Special Agent in Charge, regarding the decision not to investigate allegations of leaks, May 18, 2010. (Downloaded February 24, 2014)

[20] Letter from William McConagha, Assistant Commissioner for Integrity and Accountability, Department of Health and Human Services, to Scott Vantrease, Director of the Special Investigations Unit at the Department of Health and Human Services Office of Inspector General, regarding referring allegations of misconduct for a formal investigation, March 26, 2009.

[21] Letter from Scott Vantrease, Assistant Special Agent in Charge, Special Investigations Branch of the Food and Drug Administration Office of the Inspector General, to Jeffrey Shuren, Director of the Center for Devices and Radiological Health, regarding alleged misconduct by the FDA whistleblowers, November 15, 2010. (Downloaded February 24, 2014)

[22] Eric Lichtblau and Scott Shane, “Vast F.D.A. Effort Tracked E-Mails of Its Scientists,” The New York Times, July 14, 2012. (Downloaded February 24, 2014) (Hereinafter “Vast F.D.A. Effort Tracked E-Mails of Its Scientists”)

[23] Hardy v. Shuren, No. 1:11-cv-01739 (D. D.C. filed Sept. 28, 2011) [Second Amended Complaint filed July 17, 2012] (Downloaded February 25, 2014)

[24] “Vast F.D.A. Effort Tracked E-Mails of Its Scientists”

[25] Ellen Nakashima and Lisa Rein, “FDA staffers sue agency over surveillance of personal e-mail,” The Washington Post, January 29, 2012. (Downloaded February 24, 2014)

[26] Ellen Nakashima and Lisa Rein, “FDA lawyers authorized spying on agency’s employees, senator says,” The Washington Post, July 16, 2012. (Downloaded March 4, 2013) (Hereinafter “FDA lawyers authorized spying on agency’s employees, senator says”)

[27] “FDA lawyers authorized spying on agency’s employees, senator says”

[28] Letter from Senator Charles Grassley, Ranking Member of the Committee on the Judiciary, to the Honorable Margaret Hamburg, Commissioner of the Food and Drug Administration, regarding the agency’s treatment of whistleblowers, January 31, 2012.

[29] “Vast F.D.A. Effort Tracked E-Mails of Its Scientists,”

[30] Jason Lange, Andy Sullivan and Anna Yukhananov, “FDA surveillance operation draws criticism from lawmakers,” July 15, 2012. (Downloaded February 24, 2014)

[31] Memorandum from Steven VanRoekel, Federal Chief Information Officer and Boris Bershteyn, General Counsel, to the Chief Information Officers and General Counsels, regarding Office of Special Counsel Memo on Agency Monitoring Policies and Confidential Whistleblower Disclosures, June 20, 2012. (Downloaded March 4, 2013)

[32] Investigative Memorandum from Elton Malone, Special Agent in Charge, Special Investigations Branch, Department of Health and Human Services Office of Inspector General, to Unknown FDA Employees, regarding closing the investigation, October 14, 2010. (Hereinafter Investigative Memorandum from Elton Malone); Investigative Memorandum from Elton Malone, Special Agent in Charge, Special Investigations Branch, Department of Health and Human Services Office of Inspector General, to Unknown FDA Employees, regarding closing the investigation, February 4, 2010. Letter from Timothy Menke, Deputy Inspector General for Investigations Department of Health and Human Services Office of Inspector General, to Joshua Sharfstein, Principal Deputy Commissioner Department of Health and Human Services, regarding the status of the OIG investigation, February 23, 2010.

[33] Letter from Project On Government Oversight, to the Honorable Kathleen Sebelius, Secretary of the U.S. Department of Health and Human Services, regarding the FDA’s negligent oversight of unsafe medical devices, January 12, 2011. (Hereinafter Letter regarding the FDA’s negligent oversight of unsafe medical devices)

[34] Steve Strong, “The Ever-Changing Regulatory Environment,” Minnetronix (Downloaded February 24, 2014)

[35] Institute of Medicine of the National Academies, Medical Devices and the Public’s Health: The FDA 510(k) Clearance Process at 35 Years, July 29, 2011. (Downloaded February 24, 2014)

[36] 21 CFR 10.70, “Documentation of significant decisions in administrative file,” (Downloaded February 25, 2014)

[37] Letter from Project On Government Oversight, to Gerry Roy, Deputy Inspector General for Investigations, Office of Investigations at the Department of Health and Human Services, regarding FDA’s CDRH’s low standard of medical devices approval, September 28, 2010. Letter regarding the FDA’s negligent oversight of unsafe medical devices; Project On Government Oversight, “Obama Administration Should Re-Open Investigation of FDA Wrongdoing After Inspector General Office Rejected Whistleblower Complaints,” January 13, 2011.

[38] Investigative Memorandum from Elton Malone

[39] Gregory Curfman and Rita Redberg, “Medical Devices—Balancing Regulation and Innovation,” New England Journal of Medicine, Vol. 365, September 15, 2011, pp. 975-977. (Downloaded February 25, 2014)

[40] William H. Maisel, “Semper Fidelis—Consumer Protection for Patients with Implanted Medical Devices,” New England Journal of Medicine, Vol. 358, March 6, 2008, pp. 985-987. (Downloaded February 25, 2014)

[41] Christina Jewett, “Could FDA Have Prevented Syringe Deaths?” ProPublica, February 26, 2009. (Downloaded February 25, 2014)

[42] Gardiner Harris, “U.S. Inaction Lets Look-Alike Tubes Kill Patients,” The New York Times, August 20, 2010. (Downloaded February 25, 2014) The fatalities can be prevented completely by a requirement that the feeding tube have a connector incompatible with connectors for intravenous fluids; See also: Associated Press, “Is the FDA a broken agency?” March 3, 2009, (Downloaded February 25, 2014) (Hereinafter “Is the FDA a broken agency?”); POGO summarized the story of some of these disasters: Ned Feder, “Powerful Leader Takes Command of a Battered FDA: Irresistible Force Meets Immovable Object,” May 19, 2009. (Hereinafter “Powerful Leader Takes Command of a Battered FDA: Irresistible Force Meets Immovable Object”); Letter from Danielle Brian and Ned Feder, Project On Government Oversight, to Kathleen Sebelius, Secretary, U.S. Department of Health and Human Services, regarding reinvestigating FDA’s negligent oversight of unsafe medical devices, January12, 2011. (Hereinafter Letter from Danielle Brian and Ned Feder, Project On Government Oversight, to Kathleen Sebelius)

[43] Salmonella-infected peanut butter: Centers for Disease Control and Prevention, “Multistate Outbreak of Salmonella Bredeney Infections Linked to Peanut Butter Manufactured By Sunland, Inc. (Final Update),” November 30, 2012. (Downloaded February 25, 2014); Listeria-infected cantaloupes: Centers for Disease Control and Prevention, “Investigation Update: Multistate Outbreak of Listeriosis Linked to Whole Cantaloupes from Jensen Farms, Colorado,” October 25, 2011. (Downloaded February 25, 2014)

[44] Fungus-contaminated steroid mixture: Centers for Disease Control and Prevention, “Multistate Outbreak of Fungal Meningitis and Other Infections,” October 23, 2013. (Downloaded February 25, 2014); Heparin: Gardiner Harris, “U.S. Identifies Tainted Heparin in 11 Countries,” The New York Times, April 22, 2008. (Downloaded February 25, 2014)

[45] “Is the FDA a broken agency?”; “Powerful Leader Takes Command of a Battered FDA: Irresistible Force Meets Immovable Object”; Letter from Danielle Brian and Ned Feder, Project On Government Oversight, to Kathleen Sebelius.

[46] Association of Certified Fraud Examiners, Report to the Nations on Occupational Fraud & Abuse: 2012 Global Fraud Study, 2012, pp. 14-19. (Downloaded February 20, 2014)

[47] Alexander Dyck, Adair Morse, and Luigi Zingales, “Who Blows the Whistle on Corporate Fraud?” (Downloaded May 10, 2011)

[48] Department of Justice, Office of Public Affairs, “Fraud Statistics – Overview: October 1, 1987 - September 30, 2013,” December 23, 2013. (Downloaded February 20, 2014)

[49] 31 U.S.C. § 3730, “Civil actions for false claims.” (Downloaded February 25, 2014)

[50] United States ex rel. Milam v. Univ. of Tex. M.D. Anderson Cancer Ctr., 961 F.2d 46, 49 (4th Cir. 1992), paragraph 17. (Downloaded February 20, 2014)

[51] Testimony of Richard E. Moberly, Professor, before the Committee on Education and Labor, Subcommittee on Workforce Protections, One Hundred Tenth Congress, on “Private Sector Whistleblowers: Are There Sufficient Legal Protections?” May 15, 2007, p. 35. (Downloaded December 1, 2011)

[52] Project On Government Oversight et al., “After a Campaign Waged Over More Than a Decade, the Whistleblower Protection Enhancement Act Becomes Law,” December 3, 2012.

[53] Memorandum from Margaret Hamburg, Commissioner of the Food and Drug Administration, to Walter Harris, Chief Operating Officer, Eric Perakslis, Chief Information Officer, and Elizabeth Dickinson, Chief Counsel of the Food and Drug Administration, regarding developing a written procedure for employee surveillance, September 24, 2012. (Hereinafter Memorandum from Margaret Hamburg)

[54] Walter Harris, Deputy Commissioner for Operations, Chief Operating Officer at the Department of Health and Human Services, “Monitoring of Use of HHS/FDA IT Resources,” September 26, 2013.

[55] David Shuster, “Whistle-blowers who made their mark,” NBC News, June 2, 2005. (Downloaded February 24, 2014)

[56] 5 U.S.C. §2302, “Merit system principles,” (Downloaded February 25, 2014)

[57] Memorandum from Margaret Hamburg

[58] 5 U.S.C. §2302(c), “In administering the provisions of this chapter,” (Downloaded February 25, 2014)

[59] U.S. Office of Special Counsel, “Agencies That Have Completed the 2302(C) Certification Program,” September 20, 2013. (Downloaded February 24, 2014)

[60] The U.S. White House, The Open Government Partnership Second Open Government National Action Plan for the United States of America, December 5, 2013. (Downloaded February 24, 2014)

[61]10 USC § 2409, “Contractor employees: protection from reprisal for disclosure of certain information,” (Downloaded February 25, 2014) (Hereinafter10 USC § 2409) ; 41 U.S. Code § 4712, “Pilot program for enhancement of contractor protection from reprisal for disclosure of certain information,” (Downloaded February 25, 2014) (Hereinafter 41 U.S. Code § 4712)

[62] President Barack Obama, “Presidential Policy Directive/PPD-19: Protecting Whistleblowers with Access to Classified Information,” October 10, 2012.

[63] 18 USC § 1505, “Obstruction of proceedings before departments, agencies, and committees,” (Downloaded February 25, 2014); 5 USC § 7211, “Employees’ right to petition Congress,” (Downloaded February 25, 2014)

[64] 5 USC § Section 2302, “Prohibited personnel practices,” (Downloaded February 25, 2014); 10 USC § 2409; 41 USC § 4712.

[65] 5 USC § 1213(h), “Provisions relating to disclosures of violations of law, gross mismanagement, and certain other matters,” (Downloaded February 25, 2014); 5 USC App. Section 7(b), “Protects employees who file complaints or provide information to the Inspector General,” (Downloaded February 25, 2014)

[66] While GAO might be more effective at auditing current agency surveillance practices, given the technical components, the MSPB may be well-suited to use that information to develop recommendations on protecting the merit system. The mission of the MSPB is to “Protect the Merit System Principles and promote an effective Federal workforce free of Prohibited Personnel Practices.” “U.S. Merit Systems Protection Board,” (Downloaded February 24, 2014)

[67] Office of the Director of National Intelligence, 2012 Report on Security Clearance Determinations, January 2013, p. 3. (Downloaded November 14, 2013)

[68] We only know from the government’s brief in Conyers that there are at least half a million workers in positions labeled as national security sensitive at the Department of Defense (DoD) alone: Kaplan v. Conyers, Initial Brief for Director, Office of Personnel Management, November 23, 2011, p. 4, n. 7. (Downloaded November 14, 2013) (Hereinafter Kaplan v. Conyers Initial Brief for OPM Director)

[69] The White House, “Executive Order 13587 -- Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information,” October 7, 2011 (Downloaded February 24, 2014)

[70] Defense Security Service, Counterintelligence Directorate, “INSIDER THREATS: Combating the ENEMY within your organization,” (Downloaded February 24, 2014)

[71] Marisa Taylor and Jonathan Landay, “Obama’s crackdown views leaks as aiding enemies of U.S.,” McClatchyDC, June 20, 2013. (Downloaded February 24, 2014)