WASHINGTON The top Republican on the Senate Judiciary Committee urged U.S. law enforcement officials to investigate whether the Food and Drug Administration violated the law in its secret monitoring of staff emails.
Senator Chuck Grassley of Iowa said the FDA retaliated against its employees who blew the whistle about unsafe medical devices, and specifically monitored their emails to Congress. He also asked the FDA to explain who at the agency first asked for the email monitoring.
Six current and former FDA scientists and doctors filed a lawsuit in January charging the agency tried to repress warnings about potential corruption in device reviews by retaliating against them for passing information to Congress and the media.
Over the weekend, the scandal grew when the New York Times revealed documents detailing the wide scale of the surveillance operation. The documents, which were inadvertently posted online by an FDA contractor, showed the FDA secretly captured thousands of emails the scientists sent privately to lawmakers, their aides, journalists and President Barack Obama.
The report further stoked anger from lawmakers who were already concerned about the surveillance.
After reviewing the documents, Grassley said he was referring the case to the Department of Justice, among others, to investigate whether the FDA violated the law on whistleblower protections, and a separate law about the privacy of emails.
"Continued stonewalling and secrecy about the spying on these employees' protected disclosures is unacceptable," Grassley said in a letter to FDA Commissioner Margaret Hamburg sent on Monday.
Grassley also asked the FDA to finally explain which official first requested the agency to monitor the private emails of five employees, which began in 2010. The monitoring was authorized by the FDA's General Counsel, Grassley said.
Grassley first asked the FDA about this matter in January, but in a response sent on Friday, the FDA said it was still gathering the information.
The FDA said on Monday it monitored emails only to ensure its staff were not sharing "trade secret" information about specific device companies, which is forbidden by law, and that it never stopped the whistleblowers from contacting lawmakers, journalists or government auditors.
"The only individuals whose email was being monitored were (five) FDA employees," said Erica Jefferson, FDA spokeswoman. "We did not impede or interfere in any way with any employees' communication to members of Congress."
In a letter to Grassley sent on Friday, the FDA also said it is reviewing whether its secret monitoring of staff emails adequately protected whistleblowers.
"FDA is currently reviewing and evaluating its policies and practices to ensure that they are consistent with the law and Congress's intent to provide a secure channel for protected disclosures," Jeanne Ireland, the FDA's assistant commissioner for legislation, said in a letter.
The Office of Special Counsel (OSC), an independent agency that protects federal whistleblowers, in February broadened an investigation into whether the FDA violated the law by keeping track of employee emails to Congress and the OSC. Such emails are supposed to remain confidential.
The OSC and the Office of Management and Budget also sent memos to all government agencies in June, warning them about the legal restrictions on monitoring employees' emails. The memos suggest other agencies beyond the FDA may face similar issues in monitoring whistleblowers.
Grassley also questioned how an FDA contractor, Quality Associates Inc, was able to post thousands of pages of FDA's internal email monitoring, including confidential company information, on a file transfer site that was available to the public until late last week.
Quality Associates, which archives and manages documents, also has contracts with the National Institutes of Health, the Internal Revenue Service and the Department of Homeland Security, among others.
The online documents also included internal emails and documents for NIH grants, Grassley said.
The FDA said it is also investigating what happened with the data breach at Quality Associates.
The company, based in Fulton, Md., was not immediately available for comment after the close of business on Monday.