Lawsuit raises questions about email privacy at work
FDA whistleblowers say agency violated their rights by extensively monitoring personal communications
Computerworld - A recent lawsuit filed against the U.S. Food and Drug Administration is drawing attention to the question of whether employees have a reasonable expectation of privacy when using personal email accounts on workplace computers.
The lawsuit was filed last week by six whistleblowers at the FDA who allege that their private emails were extensively monitored after they began complaining to lawmakers about serious irregularities in the agency's medical device review process.
In the complaint filed in U.S. District Court for the District of Columbia, the six alleged that the FDA installed spyware on their workplace computers to monitor and intercept their communications.
The complaint acknowledges that the intercepted correspondence was created, transmitted, received and viewed on government-issued computers and government-owned networks. But it noted that the email was private, password protected, and sent using third-party, non-governmental email services such as Yahoo and Gmail.
The intercepted communications also included email sent from private email accounts on private equipment by family members, friends and associates, but viewed on FDA-issued computers.
According to the complaint, the employees had "explicit permission" to use their government-issued computers for personal purposes. Nonetheless, the FDA secretly searched and seized private electronic communications when the plaintiffs "had a reasonable expectation of privacy" the complaint noted.
Documents related to the case, published by the National Whistleblowers Center show numerous instances of the FDA intercepting what appear to be confidential attorney-client communications.
Also captured were email messages between the whistleblowers and a former staff member for the House Committee on Energy and Commerce and a former chief investigator for the Senate Finance Committee. One FDA intercept shows a screen shot of dogs belonging to one of the whistleblowers while another captures an exchange in which one whistleblower exhorts another to "hang in there"
The intercepted email accounts contained "extremely private and intimate correspondence with family ... friends and loved ones," the complaint noted. Many of the accounts were used for personal finances, banking and other personal purposes. "Defendants intercepted emails that are considered private by all traditional standards."
The secret searches and seizures lasted for two years, the complaint alleged. In total the FDA is alleged to have monitored private email conversations of nine scientists and physicians.
Data from their intercepted communications was collected and stored in an internal filing system called FDA9.
The lawsuit alleges that FDA used the data to retaliate against the whistleblowers.
The plaintiffs charge the agency with violating their First Amendment rights to free speech and association, their Fourth Amendment's rights against unreasonable search and seizure and their Fifth Amendment's right to due process.
The FDA did respond to a request for comment on the lawsuit.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts