[House Hearing, 113 Congress]
[From the U.S. Government Publishing Office]
LIMITLESS SURVEILLANCE AT THE FDA: PROTECTING THE RIGHTS OF FEDERAL
WHISTLEBLOWERS
=======================================================================
HEARING
before the
COMMITTEE ON OVERSIGHT
AND GOVERNMENT REFORM
HOUSE OF REPRESENTATIVES
ONE HUNDRED THIRTEENTH CONGRESS
SECOND SESSION
__________
FEBRUARY 26, 2014
__________
Serial No. 113-88
__________
Printed for the use of the Committee on Oversight and Government Reform
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Available via the World Wide Web: http://www.fdsys.gov
http://www.house.gov/reform
_____
U.S. GOVERNMENT PRINTING OFFICE
87-176 PDF WASHINGTON : 2014
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC
area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, Washington, DC
20402-0001
COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM
DARRELL E. ISSA, California, Chairman
JOHN L. MICA, Florida ELIJAH E. CUMMINGS, Maryland,
MICHAEL R. TURNER, Ohio Ranking Minority Member
JOHN J. DUNCAN, JR., Tennessee CAROLYN B. MALONEY, New York
PATRICK T. McHENRY, North Carolina ELEANOR HOLMES NORTON, District of
JIM JORDAN, Ohio Columbia
JASON CHAFFETZ, Utah JOHN F. TIERNEY, Massachusetts
TIM WALBERG, Michigan WM. LACY CLAY, Missouri
JAMES LANKFORD, Oklahoma STEPHEN F. LYNCH, Massachusetts
JUSTIN AMASH, Michigan JIM COOPER, Tennessee
PAUL A. GOSAR, Arizona GERALD E. CONNOLLY, Virginia
PATRICK MEEHAN, Pennsylvania JACKIE SPEIER, California
SCOTT DesJARLAIS, Tennessee MATTHEW A. CARTWRIGHT,
TREY GOWDY, South Carolina Pennsylvania
BLAKE FARENTHOLD, Texas TAMMY DUCKWORTH, Illinois
DOC HASTINGS, Washington ROBIN L. KELLY, Illinois
CYNTHIA M. LUMMIS, Wyoming DANNY K. DAVIS, Illinois
ROB WOODALL, Georgia PETER WELCH, Vermont
THOMAS MASSIE, Kentucky TONY CARDENAS, California
DOUG COLLINS, Georgia STEVEN A. HORSFORD, Nevada
MARK MEADOWS, North Carolina MICHELLE LUJAN GRISHAM, New Mexico
KERRY L. BENTIVOLIO, Michigan Vacancy
RON DeSANTIS, Florida
Lawrence J. Brady, Staff Director
John D. Cuaderes, Deputy Staff Director
Stephen Castor, General Counsel
Linda A. Good, Chief Clerk
David Rapallo, Minority Staff Director
C O N T E N T S
----------
Page
Hearing held on February 26, 2014................................ 1
WITNESSES
The Hon. Charles E. Grassley, A U.S. Senator from the State of
Iowa
Oral Statement............................................... 9
Written Statement............................................ 13
Mr. Walter Harris, Chief Operating Officer and Acting Chief
Information Officer, U.S. Food and Drug Administration,
Accompanied by Jeffrey Shuren, M.D., Director, Center for
Devices and Radiological Health, U.S. Food and Drug
Administration, and Ruth McKee, Associate Director for
Management, Center for Devices and Radiologic Health, U.S. Food
and Drug Administration
Oral Statement............................................... 21
Written Statement............................................ 24
Ms. Angela Canterbury, Director of Public Safety, Project on
Government Oversight
APPENDIX
HHS Office of IG Report, Submitted by Rep.Issa................... 88
Joint Staff Report, Submitted by Rep. Issa....................... 119
Letter to Rep. Cummings from Rep. Issa, Submitted by Rep. Issa... 271
LIMITLESS SURVEILLANCE AT THE FDA: PROTECTING THE RIGHTS OF FEDERAL
WHISTLEBLOWERS
----------
Wednesday, February 26, 2014
House of Representatives,
Committee on Oversight and Government Reform,
Washington, D.C.
The committee met, pursuant to call, at 10:00 a.m., in Room
2154, Rayburn House Office Building, Hon. Darrell E. Issa
[chairman of the committee] presiding.
Present: Representatives Issa, Mica, Turner, Duncan,
Jordan, Walberg, Lankford, Amash, Farenthold, Woodall, Massie,
Collins, Meadows, Bentivolio, Cummings, Maloney, Lynch,
Connolly, Speier, Kelly, and Lujan Grisham.
Staff Present: Alexia Armstrong, Legislative Assistant;
Molly Boyl, Deputy General Counsel and Parliamentarian;
Lawrence J. Brady, Staff Director; Ashley H. Callen, Deputy
Chief Counsel for Investigations; Sharon Casey, Senior
Assistant Clerk; John Cuaderes, Deputy Staff Director; Lamar
Echols, Counsel; Adam P. Fromm, Director of Member Services and
Committee Operations; Linda Good, Chief Clerk; Caroline Ingram,
Professional Staff Member; Mark D. Marin, Deputy Staff Director
for Oversight; Ashok M. Pinto, Chief Counsel, Investigations;
Krista Boyd, Minority Deputy Director of Legislation/Counsel;
Aryele Bradford, Minority Press Secretary; Jennifer Hoffman,
Minority Communications Director; Elisa LaNier, Minority
Director of Operations; Una Lee, Minority Counsel; Juan
McCullum, Minority Clerk; and Dave Rapallo, Minority Staff
Director.
Chairman Issa. The committee will come to order.
The Oversight Committee's mission statement is that we
exist to secure two fundamental principles: First, Americans
have a right to know that the money Washington takes from them
is well spent; and, second, Americans deserve an efficient,
effective government that works for them.
Our duty on the Oversight and Government Reform Committee
is to protect these rights. Our solemn responsibility is to
hold government accountable to taxpayers, because taxpayers
have a right to know what they get from their government.
It is our job to work tirelessly in partnership with
citizen watchdogs and whistleblowers to deliver the facts to
the American people and bring genuine reform to the Federal
bureaucracy.
Before I deliver my opening statement, because we have
Senator Grassley here, I am going to ask unanimous consent that
the IG report released last night entitled Department of Health
and Human Services IG Report, ``Review of the Food and Drug
Administration's Computer Monitoring of Certain Employees in
Its Center for Devices and Radiological Health'' be placed in
the record. Without objection, so ordered.
Additionally, I ask that the joint staff report entitled
``Limitless Surveillance at the FDA: Protecting the Rights of
Federal Whistleblowers,'' be placed in the record.
Mr. Cummings. Mr. Chairman?
Chairman Issa. Yes.
Mr. Cummings. I have no objections, but I just want to make
sure it is clear that that is the staff report of the
Republicans. Is that right?
Chairman Issa. It is a joint report of the House and Senate
Republicans.
Mr. Cummings. House and Senate. So the Senate Democrats
were not involved. In this report, the Senate Democrats----
Chairman Issa. This report is a result of an investigation
in which all your Democrats' staff were in there, but we did
not ask for or provide a long comment period to your people.
You are entitled to place a minority staff report at your
convenience. You have the same information.
Mr. Cummings. We will definitely do that. I just wanted to
make it clear on the record.
Chairman Issa. Absolutely.
Without objection, so ordered. They are both in the record.
And I will place my entire opening statement in the record
and be brief.
Today's hearing is about a questionable practice at the
FDA, one that has been under investigation for over 2 years--or
almost 2 years, July of 2012, by the Inspector General, one
that we do not consider to be political in any way, shape, or
form, or partisan in any way, shape, or form.
We consider it to be questionable, if not despicable, that
whistleblowers, a known whistleblower and others, appear to
have been targeted for an investigation proactively monitoring,
effectively a wiretap on their computers, in order to see if
they could get the dirt on employees so that they could take
action.
The FDA justified this based on a leak to the New York
Times. However, to the best of our investigation, rather than
working retrospectively to see if they could discover who had
in the past leaked, they began a practice of monitoring
computers, one that captured all information, forwarded all
information, including, at a minimum, correspondence as
whistleblowers with three members of Congress's staff, Senator
Grassley's, our staff, and Chris Van Hollen of Maryland.
It does not matter whether it is one or all. It does not
matter whether it is a Republican or a Democrat. This committee
believes in whistleblowers, encourages whistleblowers, and
particularly believes that communications with members of
Congress, the other branch, Article 1, are, in fact, off limits
to that kind of monitoring.
It appears as though no protections were placed on that,
but, rather, this was an attempt at ``gotcha.'' There may have
been good reason to be concerned. An investigation into leaks
may have been very justified. In this case, we are not
questioning whether or not an investigation should have
occurred, but, rather, the tactics and the lack of protection
there.
Today we are holding this hearing, and we are pleased to
welcome Senator Grassley, whose investigation really kicked
this off and whose staff has worked hand in hand, along with
the Democratic members of this committee's staff, on hearing
all of the witnesses.
I might note, during the period of July 2012, when this
began, until now, whistleblowers involved in this have been
reticent to go on the record. They have wanted to deliver with
as few people hearing what they have to say as possible and
then let the facts speak for themselves.
In the purest sense, that is what whistleblowers should do.
In the purest sense, we should have an independent
investigation that discovers the facts with limited testimonial
by the whistleblowers. Their concern when they are reporting,
essentially, whistleblower retaliation is certainly
understandable.
Neither the IG nor the minority on this committee has had
an opportunity to speak to those whistleblowers. I will
continue to encourage them to speak to both the IG and minority
staff, but it is their decision.
A whistleblower may come to one member of Congress, any one
member of Congress, in my opinion, and that member of Congress
should proceed on his constitutional or her constitutional
responsibility and protect the whistleblower to the greatest
extent possible. This committee will also always support that
protection.
The misconduct that we are looking at is not just
overreach. It mirrors a famous book and movie ripped from the
pages of George Orwell's ``1984.'' Constant monitoring of your
screens. The only thing that was missing, of course, was a
camera looking both ways.
I am here to say that the Federal employees know that every
communication they do on government property, on government
time, or using government assets, or doing government business
is subject to the Federal Government looking at it. There is no
expectation of privacy.
But that is not to say that targeting is appropriate. It is
not to say that these five scientists' and doctors' concerns
are not reasonable. They are.
If there is a reason on behalf of the government to look at
the use of government assets, government communication, of
course, we expect the Executive Branch to do that.
However, if there is going to be use of products such as
Spector 360, a product that captured every 5 seconds the
screens of the computers being used and the keystrokes, then,
quite frankly, it has to be done for all at every moment and
then there have to be rules on how it can be used.
I am not suggesting that. Just the opposite. The Federal
workforce is a highly trusted force, and trust is what we
depend on. At times, it is clear that that trust is broken and,
when it is, there are appropriate remedies.
But until that trust is broken, we depend on a skilled and
motivated workforce that believes, as they should, that they
are not working for Big Brother, that, in fact, they are
trusted in their roles and not being unreasonably spied on or
targeted for disciplinary action.
For that reason, we are holding this hearing today not as
just an indictment of the FDA, which I think Senator Grassley
will speak to, but as a recognition that all Federal employees
need to be protected from an unreasonable activity, which, at
least in this chairman's opinion, is part of what went on at
the FDA in targeting these five whistleblowers.
Again, I will put the rest of my opening statement in the
record.
And I yield to the ranking member.
Mr. Cummings. Thank you very much, Mr. Chairman.
Today we examine two distinct, but related, issues. First,
we will review allegations that the FDA employees leaked trade
secret and other confidential business information from
companies seeking FDA approval of medical device applications.
We will also review allegations by these employees that
they were whistleblowers concerned about the safety of these
medical devices and that the FDA retaliated against them by
monitoring their computers.
Whistleblowers play a critical role in rooting out waste,
fraud, and abuse at Federal agencies and making our government
more effective and efficient. They sometimes risk their
careers. They sometimes risk their reputations to challenge the
abuse of power.
Our committee must take every allegation very seriously
with regard to retaliation. I have said it before and I will
say it again. We must at every point protect our
whistleblowers. I am committed to that, and we are all
committed to that.
Unfortunately, the majority has taken a traditionally
bipartisan issue, something that all committee members should
be investigating together, and turned it into another partisan
spectacle for which our committee has become well known.
One of the most basic steps that our committee should have
taken was to interview the FDA employees who had concerns. I
remind all of us that everybody on this side of the aisle and
everybody on that side of the aisle represents 700,000 people
each, every one of us, the 435 members of our Congress.
As the foundation for a responsible investigation, we
should have met with them, asked them questions, learned about
their concerns, and given them an opportunity to address
evidence that may contradict their accounts.
Instead, despite multiple requests from the Democratic side
over the past year, the chairman declined to hold interviews
with these employees, although he and Senator Grassley
apparently have been communicating with them directly.
These employees were never called in for standard committee
interviews. And I heard what the chairman said. But at the same
time, as I have said, we need to have an opportunity, just as
Senator Grassley has, to talk to these folks, just as the
chairman has.
As a result, most committee members have no opportunity to
talk to these employees and will not have the benefit of their
input as we proceed. Again, we are talking about effectiveness
and efficiency. We are talking about transparency with regard
to the members of the committee.
The chairman also chose to issue a highly partisan
Republican staff report this morning. Just to be clear, this is
not an official committee report. It did not follow committee
rules for an official committee report. It was not vetted for
accuracy by the committee.
Also unfortunate was the timing of today's hearing. Over
the past month, the Inspector General was finishing his own
investigation and was poised to issue his report on this issue.
Rather than wait a week or two so the committee could hear
directly from the IG, the committee rushed to hold today's
hearing, apparently trying to beat the IG to the press.
As a matter of fact, the press got the report before we
did, their report. It is interesting that we have a situation
where the IG was able to complete his report, and he provided
it to the committee last night.
Now, let us look at what the IG found, first, ``The FDA''--
this is the IG--``had reasonable concern that confidential
information, including possibly trade secrets and/or CCI, had
been disclosed by agency employees without authorization.''
Companies that submitted applications had asked the FDA to
investigate which employees leaked their trade secret and
confidential commercial information in violation of the law.
The IG found, ``The FDA had provided notice to its
scientists and all other users of the network through a network
log-on banner that there was no right to privacy on the FDA
computer network and that all data on the network was subject
to interception by the FDA.''
The committee's investigation has identified no evidence
that the FDA monitored employees to retaliate against them. The
agency had a reasonable basis for initiating the monitoring,
since the disclosure of proprietary information is prohibited
by law and subject to criminal penalties.
The IG also found that, regardless of whether the computer
monitoring was allowable under the law, the FDA did not have
sufficient safeguards to ensure that monitoring would avoid
collecting communications with Congress, the Office of Special
Counsel, or the IG.
As I close, despite the reasonableness of the FDA's
concerns and its explicit warnings that employee computers
could be monitored, the IG found that, ``The FDA'' ``should
have assessed beforehand and--with the assistance of legal
counsel, whether potentially intrusive EnCase and Spector
monitoring would be the most appropriate investigative tools
and how to ensure that the use of these tools would be
consistent with constitutional and statutory limitations on
government searches.''
The FDA has now implemented new policies that require
written authorization from the chief operating officer to
initiate monitoring and a legal review of the proposed
monitoring by the chief counsel, including a determination that
proposed monitoring is consistent with the Whistleblower
Protection Act.
Protecting the rights of whistleblowers is an issue we
should all be working on together, and our committee has done
so in the past. In 2012, this committee passed the
Whistleblower Protection Enhancement Act, which was signed into
law on November 27, 2012.
This is strong evidence that, when the committee operates
on a bipartisan basis, we can accomplish very important and
even groundbreaking accomplishments. I hope we can return to
that type of bipartisanship in the future. I look forward to
hearing from the witnesses.
Mr. Chairman, I thank you for your indulgence.
Chairman Issa. Of course.
I now ask unanimous consent the letter dated February 25th
by me to the ranking member be placed in the record. Without
objection, so ordered.
Mr. Cummings, I might note that the IG report which came
out at 4:30 last night was preceded by the staff report being
given to your staff, which contained substantially all of the
same information as the IG report, and we noticed on January
14th the FDA of our plan to have today's hearing.
At that time, we had no expectation that the IG was going
to conclude. And, in fact, in a Herculean way, the
administration managed to respond to the IG's comments in two
days, and the IG managed to get it out last night. We are proud
of the fact that that report would not have been in our hands
today had we not been scheduling this hearing.
Mr. Cummings. Well, Mr. Chairman, would the gentleman
yield?
Chairman Issa. Of course.
Mr. Cummings. I think the IG and the administration
wanted--the administration wanted to get that report out
because it felt that it would be significant with regard to any
hearing that we might hold.
And so, therefore, those who might have commented from the
administration reserved comment so that they could get the
report out because we know that all of us have tremendous
confidence in the IG.
And I guess, going back to efficiency and effectiveness,
that, if we have an IG report, an independent agency that has
looked at these things very carefully, it would be nice to have
that report before the hearing. To me, that is effectiveness
and efficiency.
Chairman Issa. And the good news is we do have it.
I might note, by the way, that I never spoke to any
whistleblower. We can certainly ask Senator Grassley. I never
spoke to them directly.
Mr. Cummings. Did your staff?
Chairman Issa. As you have said so many times, Mr.
Cummings, the book ``The Speed of Trust'' is about trust being
earned.
The whistleblowers were unwilling to meet with members of
your staff because they did not trust that this would not turn
into retaliation. That is through their attorneys. And they are
represented by counsel, what we have been told.
So my staff encouraged them and has in no way dissuaded
them from talking to your staff, and I openly this morning
encourage them once again to come and meet with them.
But, quite frankly, since this hearing is about
inappropriate--now determined by the IG to be inappropriate
targeting of whistleblowers using questionable tactics, you can
understand why the whistleblowers, who, to my knowledge--I do
not know, but they may or may not be some of the people
targeted here--are reluctant to be prosecuted, persecuted, and
triggered again by an agency that they do not personally
believe in.
They do not trust their agency, and they do not trust those
who would report back to their agency. That is not my fault.
That is not your fault. But that is the reality that the
whistleblowers have.
Mr. Cummings. Could we not have brought them in for
interviews?
Chairman Issa. Yes. I could haul in whistleblowers and
expose them to the----
Mr. Cummings. We haul in people all the time.
Chairman Issa. I could expose them to the administration
knowing about them and then retaliating against them. I could
do that.
But I will protect whistleblowers' right to give us
information. Without their testimony, we have independently--
and the IG has independently reached the conclusions which we
will see today. So I think the record speaks for itself.
Whistleblowers made Senator Grassley and his staff aware of
a problem, but independent investigation by the IG and by this
committee--bipartisan investigation--have led us to the
conclusions we will hear today.
And, by the way, the hearing is not about the leak of
information. It is about the unreasonable retaliation. I might
caution you that we did not investigate the specifics of the
leak of this material. It is certainly a knowledgeable fact.
But our investigation began in the retaliation, not in that----
Mr. Cummings. Just one more inquiry.
Chairman Issa. Of course.
Mr. Cummings. I know Senator Grassley is----
Chairman Issa. He has been patient, and his time is
limited.
Mr. Cummings. Thank you.
This is a question. You know, life is short. And so you
just said that you did not look at the allegations made by the
whistleblowers. Is that what you are trying to say?
Chairman Issa. No. The whistleblowers made allegations that
led to an investigation. Senator Grassley, I am sure, will
cover this. The investigation independently determined what
they had said.
We are not relying on their allegations. They are not fact
witnesses for purposes of the IG, Senator Grassley's staff, or
my staff.
The result of both the pieces of paper, the package you
have, are the results of independent--the IG and your staff and
my staff and Senator Grassley's staff--interviews. We did not
need the whistleblowers except to be aware of a problem.
The investigation is complete and does not need further
testimony. In other words, there was no reason to expose the
whistleblowers to the possibility of retaliation because their
allegations have been confirmed independently.
You believe it, and I believe it, and the IG believes it,
that this retaliation that was done against these five people
was, in fact, done.
Mr. Cummings. If the gentleman will yield.
Chairman Issa. Of course.
Mr. Cummings. The only thing I am getting to is that--and
Senator Grassley, I am sure, will address this--if there is
equipment being used in hospitals that is defective, that
people are getting diseases from, I mean, that's--I mean, we
got two issues here. I want to make sure that we deal with
that.
Because we can get so caught up in the political stuff that
we forget the people who are the victims of some of this, one
of which--and I don't know whether it was from equipment, but I
just had a constituent to die after giving birth to twins from
disease that was contracted in the hospital this week.
So I am trying to figure out will we--are we going--I mean,
we got two parts here. We got the whistleblowers. And I think
the reason why the whistleblowers bring information to us is so
that we can do some reform--remember, that's a part of our
title--and try to make sure that the constituents that we serve
are safe.
So you are saying that we will not get to that piece of it?
Chairman Issa. No. Not at all. I am saying that the
investigation was as to the retaliation.
Dr. Smith, who was a qualified whistleblower, had deep
concerns about the FDA's process and validity of medical
devices they certified, and he made allegations that the FDA
was not doing their job properly. That's the initial
whistleblower activity, which was not disputed.
The leak, justified in the FDA general counsel's mind,
which makes me question whether or not these reforms are any
good when the general counsel was receiving the information,
made them believe that they could monitor five employees
prospectively on everything, including their communications
with Congressman Van Hollen, Senator Grassley, and my staff.
That is what we are researching today.
I am not qualified, quite frankly, to look at the
allegations of medical device effectiveness, and I don't
believe his initial claim came to our committee on the
invalidity of the medical devices.
But Dr. Smith, who is not a witness here today and is not
part of it, was a qualified whistleblower. He had complaints,
and he was making them.
The investigation was not--supposedly not about his
whistleblowing, but he became the target when they said that
there had been a leak, which apparently there had.
And I am perfectly happy to have people drift off onto the
question of the leak in the New York Times. But what we do know
is, although leaks to the New York Times occur all the time, we
have whistleblower retaliation in the unreasonable, if you
will, activities, in the opinion of the IG and in the opinion
of this committee staff report.
And that's what the primary reason for the hearing is, is
we do not want to have a chilling effect on potential
whistleblowers.
But, more importantly, you and I know that we have to and
we had better trust our Federal employees and not be spying on
them 24/7, even though we have a right to look at the material
on which they work, if necessary.
Mr. Cummings. As I close, let me just say this. You talk
about ``The Speed of Trust.'' And I don't want anybody watching
this or hearing this to be left with the impression that folks
on this side of the aisle, including our staffs, in some kind
of way are not protective of whistleblowers. I don't want that
getting out into the universe because it's simply not true. I
would never say that.
Chairman Issa. And, Mr. Cummings, I am not asserting that
you are not trustworthy. What I am asserting----
Mr. Cummings. And my staff.
Chairman Issa. --is that the whistleblowers were unwilling
to.
And I have been corrected on one thing. In 2009, under
Chairman Towns, Dr. Smith provided thousands of pages to this
committee in support of his whistleblower allegation. So that
is really the beginning of Dr. Smith's activity, as far as this
committee goes.
And he was a qualified whistleblower, having come to
Chairman Towns and this committee with his concerns--and I
think other committees--with his concerns about the FDA's
activity.
And, again, even though I also serve on Energy and
Commerce, I am not claiming that I can understand the details
of his allegations.
And I would like, to the greatest extent possible, to
caution all Members to primarily look at the question of
whether the activities at the FDA, pursuant to their trying to
find a leak, crossed a line and interrupted and would have a
chilling effect on whistleblowers, which I think is what our
committee's primary jurisdiction is.
Mr. Cummings. And, Mr. Chairman, which is my primary
concern, also.
Chairman Issa. Okay. Senator Grassley, you have been
incredibly patient. You have heard more testimony than you
planned to. And, with that, such time as you may consume.
WITNESS STATEMENTS
STATEMENT OF THE HON. CHARLES E. GRASSLEY, A UNITED STATES
SENATOR FROM THE STATE OF IOWA
Senator Grassley. Before I read, I would like to say a
couple things.
Chairman Issa. Our mics on this side don't amplify as well.
They need to be much closer. They are House mics.
Senator Grassley. Two things I would like to say before I
read, one, generally about whistleblowing. In 33 years, under
both Republicans and Democrats, I found the problem the same,
whatever bureaucracy you are talking about. Whistleblowers are
about as welcome in a bureaucracy as skunks at a picnic. There
is a great deal of peer pressure to go along to get along.
And then, specifically in regard to the FDA, just so
everybody knows, we have a Democrat President, but going back
to 2003, when I first got involved with whether or not the
scientific process was being respected within the FDA and
respected scientists coming forward--first was Vioxx and then
several things since then--we have found problems with the
respect of scientists and the respect of the scientific process
within that agency, regardless of who was President.
Thank you, Chairman Issa, for calling this important
hearing and for the great work that you and your staff have
done. Together, we have conducted a detailed investigation into
the FDA aggressive surveillance of whistleblowers.
A group of FDA scientists expressed concern about the
safety of certain devices under review by the agency. They
expressed their concern to the President's transition team and
to Congress. They also contacted the Office of Special Counsel,
which is an agency, as you know, created by Congress to receive
whistleblower complaints and protect whistleblowers from
retaliation.
The FDA knew that contacts between whistleblowers and the
Office of Special Counsel are confidential and protected by
law. However, the FDA was intently spying on whistleblowers.
There was no effort to avoid snooping on legally protected
communications.
This surveillance was much more intense than routinely
monitoring of government employees on government computers. It
was far more invasive than what would be necessary to detect
inappropriate use of computer systems.
The agency captured a picture of whatever was on the screen
every 5 seconds, as you have said, and recorded every keystroke
typed. Again, the FDA did not monitor every FDA employee this
aggressively, just the whistleblowers.
When we were--first spoke to the FDA in January 2012, they
tried to dodge the issue. When I started asking questions, FDA
officials seemed to suffer from a sudden case of collective
amnesia.
It took the FDA more than 6 months to answer my letter
asking about its surveillance of its own employees. When I
finally received a response, it didn't even answer the simplest
of questions, such as who authorized the targeted operation.
Worse than that, it was misleading in its denials about
intentionally intercepting communications with Congress.
When I asked them why they couldn't just answer some simple
questions, they told my staff that the response was under
review by, ``the appropriate authorities in the
administration.'' The FDA's non-answers and doublespeak would
have fit right into some George Orwell novel.
The work our staffs have done together uncovered answers to
many of those initial questions. Today we will hear from some
of the FDA employees involved in the surveillance.
There can be legitimate reasons to monitor the use of
government computers by government employees; however, as our
joint report shows, FDA officials gave little, if any, thought
to the legal limits that might restrict their power to monitor
their employees.
No one at the FDA made any attempt to limit the collection
of legally protected communications with attorneys, with the
Office of Special Counsel, or with Congress. The FDA trampled
on the privacy of its employees and their right to make legally
protected disclosures of waste, fraud, and abuse.
These whistleblowers thought the FDA was caving to pressure
from the companies that were applying for FDA approval. I don't
know whether they were right. But they have a legal right to
express those concerns.
After expressing their safety concerns, two whistleblowers
were fired, two more were forced to leave FDA, and five of them
were subjected to an intense spying campaign.
At the beginning of FDA Commissioner Hamburg's term, she
said that whistleblowers exposed critical issues within the
FDA. She vowed to create a culture that values whistleblowers.
By the way, that is a promise I have had from several
people predecessor to her coming to my office, wanting
confirmation, making those same promises.
In fact, in 2009, Commissioner Hamburg said ``I think
whistleblowers serve an important role.''
I wanted to believe Commissioner Hamburg when she testified
before the Senate during her confirmation. I wanted to believe
her when she said she would protect whistleblowers at the FDA.
However, in this case, the FDA was certainly not a
whistleblower-friendly place to work, and I have spoken about
how that's been the case since at least my involvement since
2003.
The FDA managers believed that the whistleblowers were
leaking confidential information improperly, but the managers
who--claimed that there were many other problems with the job
performance of the targeted employees.
Performance issues, of course, should be handled by
directly supervising and managing employees. Instead, the FDA
asked the HHS Office of Inspector General to investigate
whether the employers had violated the law.
The Inspector General declined on multiple occasions, but
FDA managers kept asking for a criminal inquiry. Rather than
simply managing its employees, the FDA then started spying on
them.
The managers kept looking for information that would
convince the Inspector General to seek criminal prosecution. It
was sort of management by investigation. And, of course, that's
no way to run an agency.
According to the OIG, and later the Department of Justice,
the FDA had no evidence of any criminal wrongdoing by the
whistleblowers. None whatsoever was ever found.
The FDA spent months using intrusive realtime surveillance
of their employees' computers looking for evidence of a crime.
That time and effort would have been better spent supervising
and managing the employees directly and making sure the
employees were doing their job and not bothered from doing
their job.
The FDA claimed that their employees had no expectation of
privacy on their FDA computers. However, when interviewed by
congressional investigators, none of the FDA officials were
willing to accept full responsibility for authorizing the
surveillance. Apparently, no one was properly supervising this
invasive surveillance program.
The monitoring software used was so comprehensive it took
countless hours just to review all the material. It was a
detailed record of everything each of the scientists did all
day, every day, for months. Hundreds of thousands of screen
images had to be reviewed by FDA contractors, all at taxpayers'
expense.
So what kind of legal guidance was provided to these
contractors about what they could capture? None. We would not
have known the full extent of the spying today if the FDA had
not accidentally released 80,000 pages of fruits of its spying
on the Internet.
Talk about adding insult to injury. After collecting all of
this information, in an effort to supposedly prevent leaks, the
same agency ends up posting all of those documents online for
the world to see.
In these internal documents that FDA never wanted the
public to see, it referred to the whistleblowers as
``collaborators.'' So you understand what I mean when I say
whistleblowers are about as welcome in an agency as a skunk at
a picnic.
FDA referred to our staffers as ``ancillary actors.'' And
they happened to refer to newspaper reporters as ``media outlet
actors.''
Let me tell you, you wouldn't be doing any congressional
investigation--well, you might do a little bit, because we
could obviously ferret out some--but we wouldn't be doing 90
percent of what we do on protecting whistleblowers and
congressional oversight if it wasn't enterprising newspaper or
media people or whistleblowers coming forth with some things
that they find wrong that we don't even know where the
skeletons are buried in the bureaucracy of this big government
of ours. But, anyway, so they are collaborators, they are
ancillary actors, or they are media outlet actors.
The FDA claimed it was a mistake made by the company it
hired to convert surveillance records for legal review. And, of
course, that wasn't true. The FDA incorrectly filled out a
purchase order for the work. The FDA did not mark the documents
as confidential or sensitive. It didn't even fill out the form
until after the work had been done.
Our inquiry uncovered no record that the private
contractors were told that the documents were sensitive. So,
the FDA failed to classify these documents as sensitive and
then tried to blame the small business company that it hired to
convert the documents. This is the scene that comes up time and
time again in this entire story that you are looking into
today.
The FDA has failed to accept responsibility for its actions
or impose accountability. This is from an agency that
purportedly wants to foster a culture where whistleblowers are
valued, based upon Director Hamburg's testimony to our
committee.
The FDA's actions are, of course, disappointing, not just
disappointing because of the history that we are now--of this
history, but over a long period of time. And it was supposed to
change when this commissioner was appointed.
But it would be even worse if that agency fails to learn
from its mistakes. And since 2003, I--and maybe people before
me would say the same thing--would say that they have been
looking for learning from the mistakes of the past. It doesn't
seem to happen.
And most of these are just simple respect for the
scientific process because, if you leave the politics out of it
and let scientists do it, the scientific process of one
scientist checking on another scientist's work will prove
itself, or that scientist isn't going to be worth anything.
These policies need to ensure that any monitoring is
limited to achieving only the legitimate purpose. Watching on
employees every minute leads to a culture of intimidation and
fear, which not just the FDA, but bureaucracies generally, want
whistleblowers to know about so that they don't tell what they
know is wrong. And, of course, that's no way to encourage
whistleblowers or it's no way to show that you value their
concerns.
I thank you very much.
Chairman Issa. Thank you.
[Prepared Statement of Senator Grassley follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman Issa. And if you would take a few questions from
the ranking member, I would appreciate it.
Senator Grassley. Yes.
Chairman Issa. Mr. Cummings.
Mr. Cummings. Thank you very much, Senator Grassley. And I
really do thank you for being here today. Thank you for your
patience.
I have the utmost respect for you and your legacy as a
champion of whistleblowers and whistleblower protections, and I
really--on behalf of the American people, I thank you.
Senator Grassley. Thank you.
Mr. Cummings. As I said earlier, this has not traditionally
been a partisan topic, I don't think. You and Senator Akaka
both sponsored the Whistleblower Protection Enhancement Act,
and Chairman Issa and I sponsored the House version of that
bill. I assume you agree that we accomplish much more when we
are working together.
Would you agree with that?
Senator Grassley. I have found----
Mr. Cummings. I heard what you said about the skunk and all
that.
Senator Grassley. Well, listen. I think your question is
trying to put me between you two people, and I don't relish
being there.
But I have found in the United States Senate--I don't want
to talk about the House of Representatives--I have found in the
United States Senate that not a whole lot gets done if it's not
done in a bipartisan way.
But that's because our two institutions are different. We
function under a 60-vote rule that requires, when you have 55
of one party, 45 of the other, you have got to do something in
a bipartisan way.
And I have also found, as a member of the minority, that it
makes a real difference who is chairman of the committee. When
I was working with Senator Baucus on the Finance Committee and
he was in the majority, I didn't get much response from any
administration without the help of the chairman.
Mr. Cummings. Have you had an opportunity to talk to the
whistleblowers?
Senator Grassley. We have only talked to their attorneys.
Mr. Cummings. I see.
Chairman Issa and I had a good discussion this morning
prior to the hearing. And one of the things that he raised--and
I agreed--it seems like this--and I want the witnesses to hear
this--it seems to me that the issue comes down to this: When--
first of all, there was a situation which screamed out for
somebody to look into it. In other words, New York Times
writing articles with trade secrets, it seems like the agency
had a duty to at least look into it.
Would you agree with that?
Senator Grassley. Would you please ask your question again.
Mr. Cummings. In other words, the way this whole thing
started, apparently, are some stories in the New York Times
with trade secrets in the New York Times that weren't supposed
to be there.
Senator Grassley. Okay.
Mr. Cummings. And so I think it started off legitimately
saying, ``Okay. We have got a problem here because this
information is not supposed to be in the New York Times.''
So would you agree that, at least starting, they had
something that they needed to look into? Now, I am not saying
they did it right. I am just asking you----
Senator Grassley. Okay. I am not sure that I can answer
your question.
Mr. Cummings. Okay.
Senator Grassley. But let me see if I can speak to it and
give you some satisfaction.
I think it gets down to a point of whether or not the
information was accurate or not that these whistleblowers were
talking about. We have not looked into the accuracy of that
information. We have only looked into it from the standpoint
that some people say there is some problems.
And that's where you get back to the point that I have made
a couple times, not about the skunk, but about the scientific
process, that we want an environment within the FDA where the
scientific process works its way out and is not interfered by
people that aren't scientists or involved in that process.
And I will only go back to one other instance a long time
ago. But we have found that--in one instance years ago, we
found email from industry that said, ``Well, if you have got a
problem with our product, talk to us.''
Well, the point is that the FDA should not consider a
manufacturer or a company across the table from them. The only
people that should be across the table from the FDA scientists
or regulators are the John Q. Public.
Mr. Cummings. Okay. And so, in this case, a group of FDA
employees alleged that certain medical devices may have safety
problems.
Now, if their allegations are correct, that is obviously a
huge problem for everyone who relies on these types of medical
devices when they become ill or get in an accident.
On the other hand, if these allegations are not correct,
these FDA employees could be doing damage. They could be
keeping safe medical devices off the market and out of the
hands of doctors who use them to help people.
And I think that you would agree that we--if devices should
be on the market to save people's lives and make them better,
they ought to be there. Would you agree with that?
Senator Grassley. Well, the answer to that is ``yes.'' But
how do you--how is that decision made? It's not going to be
made by us in Congress.
Mr. Cummings. I got that.
Senator Grassley. It's going to be made by the scientific
approach in the FDA.
Mr. Cummings. Just one more question, Mr. Chairman.
Let me just get to this--the key question that the chairman
and I were discussing this morning.
It seems to me that, if they had done this--the
investigative folk had done this in a retrospective way as
opposed to a prospective way, we probably would not have the
issues--as many issues as we have today. Do you think?
Senator Grassley. Well, yes. But I have to surmise--because
I can't answer your question. But I have to surmise the reason
it worked out the way it worked out is people weren't getting
the proper respect within the agency for their opinion.
Mr. Cummings. I see.
Senator Grassley. And their opinion could be wrong. But the
scientific process is going to prove whether or not they were
right or wrong.
Mr. Cummings. Well, again, I want to thank you for being
here. I really appreciate it.
Senator Grassley. Thank you.
Mr. Cummings. And I look forward to working with you.
Senator Grassley. Please do.
Mr. Cummings. We need to get together and meet sometime.
Senator Grassley. I will take you to eat in the Members'
dining room, and I will pay for it, if you want to take me up
on that.
Mr. Cummings. All righty. Thank you.
Chairman Issa. Senator Grassley, we know how hard it was
for you to say that.
Senator Grassley. And it hurt. But since I said it, I will
have to do it.
Mr. Cummings. I will hold you to it, too.
Chairman Issa. Thank you. We are going to take just a quick
recess to set up the table. Thank you, Senator.
[Recess.]
Chairman Issa. We now welcome our second panel.
Dr. Jeffrey Shuren is the Director of the Center for
Devices and Radiological Health at the FDA. Ms. Ruth McKee is
the Associate Director for Management and the Executive Officer
of the Center for Devices and Radiological Health. Mr. Walter
Harris is Chief Operating Officer and Acting Chief Information
Officer for the FDA and, presumably, the person that would
approve such an activity in the future under the rules. And Ms.
Angela Canterbury is the Director of Public Policy for the
Project on Government Oversight, or POGO.
And we welcome all of you.
Pursuant to the committee's rules for any non-Senators or
House Members, would you please rise and take the oath. And
please raise your right hands.
Do you solemnly swear or affirm the testimony you are about
to give will be the truth, the whole truth, and nothing but the
truth?
Please be seated.
Let the record reflect that all witnesses answered in the
affirmative.
In order to allow time for questions, I would ask that you
be as close to 5 minutes as possible in your opening
statements. Your entire written opening statement will be
placed in the record.
And, Dr. Shuren, I understand you do not have an opening
statement. Is that correct?
Dr. Shuren. That is correct.
Chairman Issa. Okay. In that case, we go to Ms. McKee.
Ms. McKee. I don't have one either. Mr. Harris is speaking.
Chairman Issa. Okay.
Mr. Harris?
STATEMENT OF WALTER HARRIS
Mr. Harris. Good morning, Chairman.
Chairman Issa, Ranking Member Cummings, and members of the
committee, I am Walter Harris, the Deputy Commissioner of
Operations, Chief Operating Officer, and Acting Chief
Information Officer at FDA.
With me is Dr. Jeff Shuren, the Director of FDA's Center
for Devices and Radiological Health, and Ruth McKee, CDRH
Associate Director for Management.
I am pleased to be here today to discuss issues related to
the monitoring of FDA's personnel's use of the agency's IT
systems. Safeguarding the confidential information that
regulated entities share with FDA is critical to our ability to
carry out FDA's public health mission.
FDA routinely receives and reviews trade secrets and
confidential commercial information from medical product
sponsors. This information is central to FDA's determination of
a medical product's safety and efficacy. Without the ability to
fully access and secure this proprietary information, FDA
cannot accomplish its public health mission.
FDA employees secure the controls throughout our IT
enterprise, including the monitoring of FDA personnel's use of
government-owned equipment. This and other IT controls supports
protections of intellectual property entrusted to FDA from
theft or sabotage.
Unauthorized disclosures of information not only violates
Federal law and regulations and undermines the integrity of FDA
programs, they also can result in civil suits against FDA.
So it's critically important that FDA protects against
unauthorized disclosure of such information by agency personnel
and for the FDA to appropriately investigate any suspected
incidents of unauthorized disclosure.
FDA personnel are regularly advised that they have no
reasonable expectation of privacy when using FDA computer
networks and that any use of agency IT resources, including
email, may be monitored. This notice is provided by a variety
of means, including a warning banner that an employee must
acknowledge every time he or she logs on to the FDA network,
which clearly states that, by logging onto the system, the user
consents to having no reasonable expectation of privacy
regarding any communications or data in transit or stored on
that system.
All FDA users are also made aware of HHS policy that any
use of HHS email may not be secure, it is not private, it is
not anonymous, it may be subject to disclosure, and that
employees do not have the right to, nor expectation, of privacy
at any time while using HHS IT resources.
Although FDA has clear legal responsibility and authority
to monitor personnel use of agency IT resources, we must carry
out such monitoring in a way that recognizes employees'
interests and legal protections.
In 2010, FDA suspected that five CDRH employees were using
FDA IT systems to send trade secrets or confidential commercial
information outside of FDA, in possible violation of FDA
regulations and criminal laws.
To investigate the suspected leaks, FDA employed computer-
monitoring software on those employees' government-issued FDA
computers, the computer surveillance that is currently the
subject of ongoing litigation.
In 2012, the HHS Office of Inspector General, or OIG, was
asked to assess whether that monitoring was appropriate and to
provide recommendations on how FDA should investigate
allegations of improper dissemination of confidential
information.
Yesterday the OIG issued its report. Significantly, the OIG
found that the CDRH had reasonable concerns that confidential
information had been disclosed by the monitored employees
without authorization.
The OIG also found that FDA had provided notice through the
network log-in banner to those employees that the use of their
FDA computers would be monitored.
The OIG found no evidence that FDA obtained or used
passwords of any employees' private email accounts, and the OIG
found that there were no evidence suggesting that FDA
monitoring was designed to capture communications with any
particular person, group, including Congress.
Yet, we understand that we must have adequate procedures in
place when conducting such monitoring. Indeed, since 2012, we
have been reviewing and evaluating our policies for monitoring
the use of government-owned computers to ensure they are
consistent with the law and with Congress's intent to provide a
secure channel for protected disclosures.
In September 2012, Commissioner Hamburg directed FDA
leadership to adopt policies for requests to monitor FDA
computers to make sure that any monitoring is justified,
narrowly tailored and duly authorized, that data derived from
monitoring is appropriately stored and controlled, and that
monitoring is used for appropriate purposes and takes place for
no longer than necessary.
Last September, we issued our interim computer-monitoring
policy. This policy provides standards when employee computer
monitoring takes place.
It established a special committee to review monitoring
requests. It requires that monitoring requests be narrowly
tailored in time, scope, and degree. It requires that all
requests identify the least invasive approach.
It also requires considerations of alternative methods to
address the potential risk, provide documentation standards,
and states that no computer monitoring may target
communications with law enforcement, the Office of Special
Counsel, members of Congress, union officials, or private
attorneys.
Notably, yesterday's OIG report acknowledges that our
September 2013 interim computer-monitoring policy addresses all
of the OIG's recommendations.
In order for FDA to effectively carry out its public health
mission, we must be vigilant to protect against the misuse or
unauthorized disclosure of confidential information that is
regularly entrusted to the agency.
We believe that the policies and procedures we have in
place appropriately and effectively balance the individual
interests of employees with FDA's critical needs to safeguard
the security and integrity of data and IT systems that the
agency is entrusted to manage.
Thank you for your commitment to FDA's mission and for the
opportunity to testify today about the monitoring of FDA
employees' use of agency IT resources and FDA's
responsibilities to secure medical product sponsors'
confidential information.
I am pleased to answer any questions.
Chairman Issa. Thank you.
[Prepared statement of Mr. Harris follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman Issa. Ms. Canterbury?
STATEMENT OF ANGELA CANTERBURY
Ms. Canterbury. Thank you.
And good day, Chairman Issa, Ranking Member Cummings,
members of the committee.
The FDA spied on whistleblowers, which set off a firestorm
that led us to this hearing today. But the public story of
whistleblowers began in 2008, when FDA physicians and
scientists warned Congress, and shortly thereafter the
President, that the process for approving medical devices was
broken, allowing potentially ineffective and unsafe products to
be marketed. And as Senator Grassley noted, there has long been
problems with bureaucrats at the FDA respecting the scientific
process.
The report released today by Chairman Issa and Senator
Grassley and the HHS IG report document how FDA surveillance of
whistleblowers was reckless and heedless of legal limits and
whistleblower protections. Certainly security concerns and
available technology will outstrip constitutional rights and
whistleblower protections unless Congress works to balance
those goals.
To be frank, we question why FDA should be in the
surveillance business in the first place. The FDA's mission is
to ensure our food and drugs and devices are safe.
Any suspicion of unlawful disclosures of information or
criminal misconduct should be investigated by law enforcement.
Federal agencies cannot be allowed to police themselves. That
is why we have IGs, the OSC, the FBI, and Congress.
Ms. Canterbury. Even with just cause and proper controls,
it will be difficult, if not impossible, to protect
whistleblowers if agencies are allowed to gather electronic
evidence without limits or oversight. And to what end? The
Issa-Grassley report shows the leaks of confidential
information to the press were not confirmed by this pervasive,
invasive electronic surveillance. And so, as with the NSA
domestic surveillance, the risks to our rights may be greater
than the ability of surveillance to protect against risks to
security, much less claims of harm to trade secrets or harm to
profits.
No doubt the FDA is in a tough spot: attempting to put into
place a process that is more proscribed for surveillance
critics, but also placating the lawyers for drug and device
companies that demand that information be kept confidential.
Needless to say, the FDA does not have it right yet. Rather
than protect whistleblowers from unwarranted FDA surveillance,
its interim policy protects the FDA from whistleblowers. It
shields it from accountability. Nothing in the FDA's interim
policy would prevent FDA managers from using information
collected by the surveillance as retaliation for
whistleblowing. Thus, this policy does little to lift the
chilling effect that fosters wrongdoing. How can the FDA ensure
the public's health and safety if the scientists and physicians
are too afraid to come over when deadly mistakes are made?
And far too many mistakes are made. Inadequately tested
metal-on-metal hip replacements cause crippling disability.
Defective cardiac defibrillators, unclean syringes containing
deadly bacteria, old-fashioned pediatric feeding tubes cause
fatalities because they lack the well-known, inexpensive
safeguard. And these are just the medical devices that the FDA
allowed on the market, not to mention the food and drug
approval disasters.
And if the FDA isn't doing its job and lives are at risk,
we have to ask why. The FDA whistleblowers warned us that
corners were being cut and scientists were being overruled by
the bureaucrats.
We need whistleblowers. However, it is worth noting that
throughout Mr. Harris' testimony there was no acknowledgment of
the public interest in protecting whistleblowers, only of
employee protections, yet it is well known that whistleblowers
save lives and taxpayer dollars and are among the best partners
in crime fighting. Congress protected public whistleblowing so
that waste, fraud, and abuse, and threats to public health and
safety would be known.
As Senator Grassley said, you couldn't do the majority of
the oversight this body does without whistleblowers and without
the media, but the FDA policies do nothing to encourage or
safeguard public whistleblowing, which is protected so long as
the disclosure of information is not prohibited under law. They
claim to exclude from surveillance in their interim policy the
targeting of disclosures to Congress, the OSC, and others, but
this is not enough. A legal review at the front end will not
prevent legal public whistleblowing collected through spying
from falling into the hands of those in a position to
retaliate.
Clearly, the FDA and other agencies will not get this right
on their own. Congress and the President must mandate a
government-wide policy to prevent future surveillance abuses.
Of course, interfering with communications to Congress and
retaliating for whistleblowing is already against the law, and
there are some protections for the identities of whistleblowers
in other laws, but Congress should consider specifically
protecting the identity of a whistleblower in any surveillance
that is done by an agency.
Today, we don't nearly know enough about the scope of
surveillance across the government. I encourage you to order a
report, a study looking at this issue. I encourage you to
conduct oversight over other concerns with national security
and insider threat programs that might threaten whistleblowers.
But importantly, we must not forget what brought us here today,
which is the FDA whistleblowers. They were concerned about the
device approval process they believed might put lives at risk.
FDA officials should not be held accountable for
approving--they should be held accountable for approving
ineffective and unsafe products, and flawed devices must be
taken off the market. There must be more transparency and less
deference to the demands for confidentiality by drug and device
companies. Seriously, I wonder how much time and taxpayer
dollars is spent protecting so-called confidential commercial
information.
Finally, please do all you can to ensure that FDA managers
are held accountable for any violations of the rights of the
scientists and physicians who sought to make medical devices
more safe and more effective. Thank you.
Chairman Issa. Thank you.
[Prepared statement of Ms. Canterbury follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Chairman Issa. Mr. Harris, a couple of questions. First of
all, I mentioned you'd be the person that would review a
request to spy on an employee in the future, you would be the
first point of contact. Is that correct?
Mr. Harris. Yes, sir.
Chairman Issa. Okay. And your degree is in business
administration?
Mr. Harris. Can you repeat the question?
Chairman Issa. You have an MBA?
Mr. Harris. Yes, sir, I do.
Chairman Issa. You're not a lawyer?
Mr. Harris. I'm not.
Chairman Issa. And the person that you, once you decided to
do it, that you'd go to, would be the same person, the general
counsel, who approved the spying in the past. Is that correct?
Mr. Harris. Well, I want to give the committee accurate
information, so most of what we speak about today predates my
tenure at FDA.
Chairman Issa. No, no, I understand. I'm just looking at
the process.
Mr. Harris. Right.
Chairman Issa. The process in place, the so-called
protection that the agency has put forward is you'd still go to
the same general counsel. The first lawyer, if you will, would
be the lawyer who thought this was just fine before, which is
the general counsel, and second of all, before that, you'd go
to the chief operating officer, who is, by definition, probably
not an attorney.
Mr. Harris. That's right.
Chairman Issa. Okay. I just want to understand the system
because I don't approve of it.
Mr. Harris. I'll give you the process. So we have a process
that requires a request to be formally written.
Chairman Issa. No, no. I apologize. But I only have 3
minutes and 55 seconds, and to be honest, the process sucks. So
now let's move on.
Ms. Canterbury, you said it very well. They had suspected a
criminal activity. Is that correct?
Ms. Canterbury. They suspected that confidential
information----
Chairman Issa. Right. So alleging----
Ms. Canterbury. --was disclosed.
Chairman Issa. Right. So alleging the criminal activity,
they did not go to the IG, they did not go to the criminal
investigation units of which there are a multitude within--HHS
has their own, obviously the FBI.
Let me ask a question, Mr. Harris. Your opening statement,
you used some very carefully toned words, and I picked up on
just a couple of them as another nonlawyer with a business
degree. You said that you didn't target or use a term like that
of Members of Congress, but you didn't protect, in other
words--not you--but the general counsel received all of the
information without any attempt to screen out, you know, Mr.
Van Hollen or my committees or Senator Grassley's committees or
for that matter, lawyers, doctors, there was no protection in
place.
Mr. Harris. Again, Mr. Chairman, that predates my time at
FDA.
Chairman Issa. Right. But I just want to make sure that's
correct, that there was no protection put in place. So the idea
that you didn't target doesn't really matter. You didn't
protect the likelihood of five known whistleblowers, and
especially Dr. Smith, a known whistleblower, the likelihood is
he's still talking to Members of Congress, he's still--he
didn't change his opinion that the FDA had problems. So by
definition, the FDA knowingly intercepted correspondence with
Members of Congress because there was a reasonable expectation
that he was having correspondence with Members of Congress.
Let me just ask a couple of quick questions. To your
knowledge, you weren't there at the time, there were five
people targeted. Was there anybody else at the FDA that had
access to the information that was linked to The New York
Times? Anyone else?
Mr. Harris. Again, that predates my time at FDA.
Chairman Issa. Well, why don't we make the assumption that
there were just a load of them, that these five people were by
all reasonable account not the only ones that had the ability
to have gotten this information.
Since you received none, the real question is, did the FDA
and does the FDA have not the ability to be narrow, but the
ability to be broad? If you have a leak and 4,000 people could
have leaked it, the only way to do it properly would be to make
the assumption that you had to equally monitor 4,000, unless
you had a specific, credible reason to believe that one person
had done it. Isn't that right? You're the approving officer. I
need to understand how you would do it.
Mr. Harris. In the current process, we would ask for a
written request. That request would then be reviewed by a
committee before we make any actions happen. From the
committee, it goes to a legal review, and we get----
Chairman Issa. You're the final approval. Would you have
targeted just these five known whistleblowers or would you have
had to target more people who had accessed that information?
Mr. Harris. It depends on the scenario.
Chairman Issa. Okay. So you're not binding yourself to any
kind of protection for the Federal workforce from being
targeted.
Mr. Harris. Just the opposite, Chairman. We clearly state
in all documents these days, since our new policy has been
implemented, that we consider interactions with the Hill, legal
counsel, OMB, et cetera, as protected activities. When our
staff has any interaction with that type of information, they
know to----
Chairman Issa. Oh, your staff.
Mr. Harris. Any staff.
Chairman Issa. Oh, no, no. But the whole point is, who gets
to see this information under your current policy first?
Mr. Harris. Under the current policy, the information comes
immediately back to me. I then bring the appropriate folks to
the table. We talk through our next steps. It goes no further.
Chairman Issa. Okay. So you're looking at correspondence
that they had with me and you're going to protect me.
Mr. Harris. No. No. What I'm doing is actually when they
walk up on that type of information, they cease----
Chairman Issa. Who is they?
Mr. Harris. Those who are actually----
Chairman Issa. Who are they?
Mr. Harris. Those staff members who are part of the
process.
Chairman Issa. Okay. I just want to understand. You've got
staff members looking at correspondence with Members of
Congress.
Mr. Harris. No, sir.
Chairman Issa. Well, you just said that.
Mr. Harris. That was not my statement. My statement was,
when we are going through the monitoring process, should my
staff who is actually administering the monitoring process find
information of that type is considered protective activity.
Chairman Issa. But they see it in order to consider it.
Mr. Harris. They do stop--well, you know, during the
monitoring process they may walk up on that, but they stop all
processes today. I can't tell you what happened 2 or 3 years
ago, but I can tell you what happens today.
Chairman Issa. Okay. Well, let me just close by saying do
you know the name ``Paul Hardy''?
Mr. Harris. I do.
Chairman Issa. Do you know what happens if you Google his
name?
Mr. Harris. No, sir. What happens?
Chairman Issa. Well, he Googled his name because he was
concerned and apparently looking for a job, feeling that his
was insecure.
Mr. Harris. Oh, I'm sorry. I thought you said Paul Harvey.
Chairman Issa. No, Hardy.
Mr. Harris. No, I don't know Paul Hardy.
Chairman Issa. Well, he was one of the targets, and the
Internet was filled and Google-able with all those screen shots
basically, because your agency took no precautions on that
confidential information, his correspondence with Congress, if
it was there, his correspondence with his doctor, his lawyer,
his priest, anybody. And it simply became an Internet
phenomenon that you could Google and get it because it was put
out on an open site because the FDA did not take the
precautions, did not fill out the forms properly, and did not
protect that information which it had captured clandestinely.
Isn't that true?
Mr. Harris. Well, that may have been the case a few years
ago.
Chairman Issa. No, no, no, wait a second. You're a witness,
you're under oath.
Mr. Harris. I am, sir.
Chairman Issa. You say may have been the case. Are you here
today and you don't know if it was the case?
Mr. Harris. I was not there 2 years ago, so I would not
have----
Chairman Issa. Do any of you know if it was the case or if
I'm just coming up with something that's Internet lore?
Ms. Canterbury. Respectfully, sir, I believe that Dr.
Shuren was in charge of CDRH at the time.
Chairman Issa. Are you familiar with the--and I'm just on
the same thing, I've got to give time to the ranking member--
but are you familiar with the release of that information, the
fact that it wasn't protected, and it became essentially
Internet public?
Dr. Shuren. Yes, I know information was made public. I
don't know the full extent of it. I wasn't involved in dealing
with the contractor or any handling of that material. But I am
aware that information was posted on the Internet.
Chairman Issa. Okay. And I'll give you equal time, but if I
had your indulgence for one more quick question.
There has been an alluding to the confidential information
The New York Times got. Just for the record, it wasn't patent
information. It wasn't a deep, dark secret on how you make a
product. It was the fact the product was in question as to
whether it was safe and effective. Isn't that correct, Doctor?
Dr. Shuren. It was whether or not the product was under
review, and that has been considered confidential. Companies
many times do not want competitors to know that they're working
on a product and that it's under review by the agency.
Chairman Issa. Okay. I just want to understand. The level
of trade secret is a product, The New York Times reported, was
under review and may not have been safe.
Dr. Shuren. It was just simply that the product was under
review would be confidential commercial information.
Chairman Issa. Okay. But it's something that--I want
everyone to understand that the term ``confidential'' is not
the term the public thinks is all that confidential. Most
people look at these products, clinical trials, the process of
approval, and then the question of whether they're being re-
reviewed, most people probably listening and watching today
believe the public has a right to know that information and may
not agree with the FDA's view that that is private or
confidential or somehow a secret from the American people as to
whether a product that may or may not yet be on the market is
safe and effective.
Ms. Canterbury, if you wanted to respond quickly.
Ms. Canterbury. I couldn't agree more. I think that at the
base of all of these questions is, why is this information
considered confidential in the first place, and is that serving
the public health and safety? I think that there needs to be a
question answered about why the FDA did not choose to first
verify whether or not it was legitimately considered to be
confidential in the first place and investigate that matter
instead of investigating a so-called leak of confidential
information.
Chairman Issa. Thank you.
Mr. Cummings.
Dr. Shuren. If I may. I was going to respond to your
question.
Chairman Issa. Of course.
Dr. Shuren. But our employees know that that information is
confidential, and that has been for longstanding time. Keeping
that information confidential is critically important. It can
undermine ongoing review of medical device applications. In
fact, I believe in that particular case it, in fact, did that.
It undermines our medical device program, keeping that
confidential information confidential. Companies, that
information we need for making decisions about products, and
companies rely on the fact that we protect that information. We
don't protect it, the companies don't bring innovative
technologies to the U.S., our patients lose. Public health gets
hurt when that happens. That's why those protections are in
place in the first place. That's why Congress put the
protections in place. And it hurts American businesses----
Chairman Issa. Doctor, I appreciate what you're saying.
They bring innovative products here because of profit. But
let's understand one thing. Do these companies sign a gag
order, are they prohibited from disclosing that you're looking
at it?
Dr. Shuren. No, they may disclose it. That is their
decision to make. It's their information.
Chairman Issa. Okay. Thank you. It's a one-way gag order.
Please, Mr. Cummings.
Mr. Cummings. Thank you very much, Mr. Chairman.
I want to pick up where the chairman left off. Dr. Shuren,
prior to the initiation of the monitoring, the agency believed
that the FDA employees were involved in unauthorized
disclosures of confidential information and trade secrets as a
result of the monitoring. What did the agency find?
Dr. Shuren. So the agency did find, as I understand that,
there was unauthorized disclosures to members of the public,
and that is, from our perspective, in violation of HHS
personnel policy and probably a violation of the law.
Mr. Cummings. So the agency found clear evidence that Dr.
Smith and the other FDA employees whose computers were
monitored were involved in unauthorized disclosures of
confidential agency information. And as I understand it, that's
a violation of the law and can be subject to criminal
penalties. Is that correct?
Dr. Shuren. Depending upon the kind of information that's
released. But, yes, this can be violative of the law.
Mr. Cummings. Now, when I listen to Ms. Canterbury--and I'm
going to come back to you in a moment, Ms. Canterbury--you
know, one of things that she said was perhaps the FBI and other
agencies should be handling these kinds of issues. And I'm
trying to figure out how would even--and you can address this
in a minute--I mean, you all have laws that we passed that
you're trying to adhere to. And so, I guess there's almost a--
there is a duty to at least look into it. Is that right?
Dr. Shuren. There is an obligation to look into it.
Mr. Cummings. And if you don't look into it, then you're in
trouble. Is that right?
Dr. Shuren. That's correct.
Mr. Cummings. And as I understand it, with regard to The
New York Times, there were people who were--companies that were
complaining that, look, you know, we gave you information, we
expected it not to be--not to read about it in The Times.
That's the last place we expected it to be. We thought it was
confidential. And now this is where we see it. Is that fair to
say?
Dr. Shuren. That is correct. Actually, the company involved
sent a complaint and actually pointed out that we were in
violation of Federal law. They asked for an internal
investigation. Five days after receipt of that letter is when
monitoring was started. It was also in the setting of a pattern
of unauthorized disclosures that had occurred starting over a
year before.
Mr. Cummings. Now, I don't know whether you--you need to
hear this question, too, Mr. Harris--I don't know whether you
heard me a little bit earlier, but it seems that there is a
major issue here with regard to whether this investigation
should have been just retrospective or retrospective and
prospective. And I'm just wondering what's your view on that.
Dr. Shuren. So the honest answer is, I don't know. I'm not
an IT expert. And when the issue was raised what we asked for,
what I asked my executive officer for was options to try to
identify the source of the leak and to address further
unauthorized disclosures. Our information technology people
decided on what the appropriate solution would be. So I do not
have the expertise.
Mr. Cummings. So you just passed it on, look, you said we
got a--obviously The New York Times has got information that
they're not supposed to have, I just want you to help me figure
out how this information is getting out there. Is that one of
the things you wanted to know?
Dr. Shuren. Yes, what the source of the leak was, what the
options were for doing it. And they proceeded to authorize----
Mr. Cummings. And what was your plan after you got this
information? I mean, what happened?
Dr. Shuren. So what happened with the information, we put a
process in place; also tried to protect privacy. First the IT
people collected information they thought met very narrow
search terms. That information was then put on secure iron
keys, one of two. It was passed to my executive officer. It was
then conveyed to a subject matter expert to look at, was there
confidential information in here? And then if there are issues
of concern, there was something I called the management team.
There was a group set up, which was the assistant commissioner
for management, it was lawyers from HHS and employment law, and
it was people from our labor employee relations, a group
already established actually as in part as a protection for
these complainants. And that information then went up to these
individuals and others to try to decide what, if there is an
issue here, what are the appropriate steps to take, which could
be administrative or could be referred on for other action.
Mr. Cummings. And do you know which specific medical
devices these individuals were concerned about?
Dr. Shuren. I know of some that were reported out in the
press and some that went on a referral up to the OIG. And I say
that because I wasn't a subject matter expert, and I'm not the
person who makes the personnel decision, so I was not reviewing
the emails. We were trying to limit the people who would look
at any information coming out in order to respect privacy of
the individuals.
Mr. Cummings. Now, have these employee safety concerns been
borne out? So you don't know that either? In your assessment,
were their concerns valid?
Dr. Shuren. Well, for the products--and I am aware of the
concerns that they were raising on a variety of products, and I
don't think that their concerns were valid. I'll raise the case
in question here of The New York Times article of CT
colonography, which was to be used to screen asymptomatic
patients for cancer. And there was a lot of good evidence on
the table, several clinical studies, a big one that was funded
by the Federal Government. And just last year, we held a joint
meeting of two advisory committees at the FDA, experts in
radiology and gastroenterology, 20 people in all, and they
unanimously felt that CT colonography should remain an option
for the screening of asymptomatic patients.
Mr. Cummings. Well, it's interesting that the employees
raised concerns regarding integrity of the device review
process, and they called it corrupted and distorted. Did you
know that?
Dr. Shuren. Yes.
Mr. Cummings. And when you first took over the center, did
you evaluate these concerns regarding the review process?
Dr. Shuren. I did look into the concerns from my own
standpoint of the complainants. The Office of the Inspector
General was also investigating whether or not managers were
retaliating against these complainants. And I will tell you the
OIG found that there was no retaliation, there was no
prohibitive personnel practices. The complainants raised
concerns about that investigation, they reopened it, and then
they subsequently concluded again there had been no
retaliation.
I will tell you I also took steps along the way for trying
to assure that these complainants were actually protected and
to make sure that if there really were problems and if I
thought there were problems, I would have done something about
it.
Mr. Cummings. And so you're telling us today under sworn
testimony that you are concerned about whistleblowers and would
do everything in your power to protect them?
Dr. Shuren. Yes, I would. One example of something that I
did do soon after I got there, I was hearing concerns from
them, I was looking into the managers, I did not see problems.
But I said to them, look, you're complaining about the managers
all the way up your chain of command to the office director.
Here is what I will do. I have two offices involved in
premarket review. I will offer to move the entire Radiological
Devices Branch out of the one office and move it to a new
office with new managers.
I didn't have evidence that I had bad managers. The OIG was
continuing its investigation. But I said, in light of that, if
the OIG finds problems, we will pursue that. But I am willing
to do this. I am willing to disrupt my organization because of
your concerns. And I did that. They wanted the move. I made the
move. And within a few weeks of the move, the exact same
complaints were now being levied against a brand new group of
managers.
Mr. Cummings. Ms. Canterbury, you heard Mr. Harris, and he
talked about the IG report. I guess that was what he was
saying, the recommendations have now----
Mr. Harris. Yes, sir.
Mr. Cummings. You are telling us, Mr. Harris, that all of
those recommendations are now in place?
Mr. Harris. Yes, they are.
Mr. Cummings. And when did they go in place?
Mr. Harris. September of last year.
Mr. Cummings. September of last year. So with regard to the
recommendations, you all didn't know about them in September,
did you?
Mr. Harris. No.
Mr. Cummings. We just got the report last night.
Mr. Harris. Correct.
Mr. Cummings. So, how did, I mean, how did that come about,
just out of curiosity?
Mr. Harris. Again, it goes back to I documented a couple of
notes in Ms. Canterbury's statements about making sure we
protect all employees and their rights. She's right on the
money. So our process does that.
I got a little bit concerned with the chairman's comment
that the process may suck. So the reason we're here is because
they were not commonly understood across the agency. So what we
put in place today are commonly understood processes where a
request comes in, it's formally documented, it then goes before
a committee, and then goes for a legal review and approval.
Even beyond that, if we approve a process for monitoring to
begin, there are regular checkpoints along the way to make sure
we know what's going on there.
So we weren't aware of the IG's report, but, you know, we
could have taken this in a Keystone Kop approach and then find
ourselves here on a regular basis. We decided to look at a more
methodical approach to this, and knowing that there are many
scenarios out there that we have consider when putting any
policy like this in play. What I want to have us do is have the
folks who operate within the administrative process, when it
comes to monitoring, understand the processes first, then we
permeate the organization so they can understand what
procedures we go through.
Mr. Cummings. Ms. Canterbury, just in my last question. You
have your concerns. You heard Mr. Shuren say that he's very
concerned. It sounds like Mr. Harris is very concerned and
taken steps to address the issue. Do you believe that it's been
adequately addressed?
Ms. Canterbury. Thank you, sir. I believe that they are
taking steps. I don't believe it's been adequately addressed. I
would very much like to hear how he intends to protect the
public whistleblowing once he receives, as COO, what has been
collected. And there is no legal review of the collected
information guaranteed under the interim rules, and I would
like to hear from him on that.
I also think it's curious that Dr. Shuren said that he
sought to protect those particular whistleblowers who were
targeted for surveillance. If that's his idea of protection, I
find that very curious.
I also want to point out that it doesn't matter if the
whistleblowers' concerns bear out to be valid, whether those
devices are unsafe or effective. As you know, sir, it is a
reasonable belief that is protected under law for
whistleblowing.
And I also wanted to just point out another curious thing
that Dr. Shuren said, which was the surveillance began 5 days
after the receipt of a letter from GE Healthcare. In fact, the
letter is dated April 16th. They received the letter on April
21st, and the surveillance began on April 22nd, according to
documents that we have through FOIA and through the IG report
and through the staff committee report. So I have never in my
life, sir, seen the Federal Government move that fast. I find
it highly suspect that the letter arrived and then they made
the decision after the arrival of the letter to do this
surveillance.
Mr. Cummings. Well, Ms. Canterbury, my time has run out.
This is what this is all about, trying to make sure that the
Federal Government is doing the right thing. But I want to keep
in mind what Mr. Shuren did say. He's saying he's got a set of
laws that we passed, and he's trying to adhere to the laws that
we passed, and so there are certain things that they had to do.
The question is, did they do it right? I don't think so. But it
sounds like they're going in the right direction.
Unfortunately, I've run out of time. I wish Mr. Harris
could answer your question, but I've run out of time, and I'll
yield back.
Mr. Farenthold. [Presiding] Thank you very much, Mr.
Cummings.
We'll now recognize the gentleman from Michigan for 5
minutes.
Mr. Walberg. Thank you, Mr. Chairman, and thanks to the
witnesses for being here today.
Dr. Shuren, I'll give you a chance to respond to the
timeline that Ms. Canterbury addressed here. It appears the
differences in the dates of beginning the investigation,
sending the letters, respond to that, if you would, please.
Dr. Shuren. Yes. No, in terms of when we received it, it
was close, and my only point was, it was still within 5 days of
getting the receipt of that letter the monitoring started.
Mainly to say that this was not disconnected in time, that this
was related to this complaint that came in, as well as a series
of unauthorized complaints. That was my only point to make.
Mr. Walberg. Ms. Canterbury, let me ask you some questions,
and then you might respond to that with greater detail as well.
Is there any situation where monitoring employee communications
with Congress or OSC can be justified?
Ms. Canterbury. No.
Mr. Walberg. It's a simple answer. Then is the problem of
monitoring protected employee communications widespread across
the Federal agencies?
Ms. Canterbury. I don't know----
Mr. Walberg. Federal agencies.
Ms. Canterbury. Yeah, I don't know the answer to that, and
I don't know that anyone does. I think that it would be very
good for this committee to order a study, a comprehensive
independent study, perhaps at GAO, perhaps in consultation with
the MSPB to determine the extent to which agencies are using
surveillance programs on their employees.
Mr. Walberg. So this could be widespread?
Ms. Canterbury. It very well could be, and there could be
widespread abuses.
Mr. Walberg. What protections can agencies put in place to
minimize the monitoring of protected communications such as
with Congress or OSC?
Ms. Canterbury. Well, firstly, I think that we need to
question whether or not there is a legitimate reason for
agencies to use surveillance on questions of criminal behavior
or leaks of potentially unlawfully disclosed information. I
think that, again, law enforcement should be conducting those
investigations, and if there is a few legitimate, very narrow
reasons to monitor employees in this way, can it be done in a
way that is in balance with the rights, the constitutional
rights, with whistleblower protections, and if not, perhaps
good, old-fashioned management is in order.
Mr. Walberg. Well, should management, in speaking of that,
management be responsed to make sure that the law enforcement
agencies are aware of their concerns, potential concerns? Is
that what you would suggest?
Ms. Canterbury. Yes, there would be a referral to a law
enforcement agency.
Mr. Walberg. To quickly step away, refer it to a law
enforcement agency.
Ms. Canterbury. Yes.
Mr. Walberg. Mr. Harris, tell me about training that's
being implemented since you've arrived, the directions that are
going to management relative to leaks, relative to
whistleblowers, how you deal with them, relative to responding
to what we just discussed here about referring to an
appropriate agency to deal with the law and not outside of the
law.
Mr. Harris. So can you give me your first question again?
Mr. Walberg. First question is, what are you doing? What
training having you implemented?
Mr. Harris. Got it.
Mr. Walberg. Secondly, what administrative steps have you
made to make sure that the department, the agency stays out of
it as much as possible, to make sure that whistleblowers
understand that they're part of the agency but they're
protected by the law and that there are appropriate agencies
that will be brought in to make sure the law is followed?
Mr. Harris. Yes. There is standard training that occurs at
FDA. There is when an employee comes on board an orientation,
they get understanding about IT security awareness programs and
trainings. There is annual training for NO FEAR, which does
address the whistleblower issues. We have regular training that
goes on in the information technology groups.
And so we have lots of required training every year for all
of FDA to understand how security awareness works. We often, as
I said earlier, the banner flashes up and makes them aware of
their right to a reasonable lack of privacy. It comes up on all
devices we give them.
As it relates to the management process we put in place,
clearly, as I stated earlier, I would like to address Ms.
Canterbury, if I could. I think this would kind of tie it all
together.
Mr. Walberg. Tie it together.
Mr. Harris. We consider the whistleblowers as our staff.
They should not be treated any different as it relates to
protection. We give everyone protection in our staff. So we
don't consider them outsiders. We consider them as part of our
staff.
The way we want to try to approach the issue is the
committee we put together is not just myself and a couple of
attorneys. There is an HR director there to determine whether
we infringed on employee rights. There is IT professionals
there to give Mr. Shuren in the future better information and
guidance. There's a legal team. And then there is myself. When
we do find that we've stepped into an area where we have
communication occurring between Congress or anybody else,
again, they stop everything they're doing, nothing continues,
monitoring stops, my office is notified.
Mr. Walberg. Are you notified immediately then?
Mr. Harris. Immediately.
Mr. Walberg. When they come across something, it all stops.
Mr. Harris. Immediately.
Mr. Walberg. No more eyes are seeing it.
Mr. Harris. Nothing else happens after that. And this is
why the committee is such a small group. We then bring legal
into the conversation, and if it's appropriate to send it out
to another law enforcement agency, we do that.
Mr. Walberg. Well, I appreciate the answer, but I would
suggest that last statement would be the approach to take more
rapidly, to the outside agency.
Mr. Chairman, thank you.
Mr. Farenthold. Thank you very much.
We'll now recognize my distinguished ranking member from
the Subcommittee on Postal, Census, and the Workforce, the
gentleman from Massachusetts, Mr. Lynch.
Mr. Lynch. Thank you, Mr. Chairman.
I want to thank all the witnesses for your willingness to
testify and to help the committee with its work.
I do want to say that from an Oversight and Government
Reform perspective, from this committee, our goal is to create
and maintain an environment where whistleblowers can come
forward. As has been said by Ms. Canterbury and the chairman
and the ranking member, and Mr. Grassley earlier, our
bureaucracies and these agencies and the work that they do has
become so complex, whether it's financial derivatives or
whether it's the FDA, some of us, it's just so complex that
unless we have someone on the ground in place that comes
forward, our chances of finding out about wrongdoing or
misconduct is negligible.
So we really need to make sure that we have an environment
there where people feel comfortable that if they have a
reasonable belief that the laws are being broken, or that the
public is being harmed, that they can come forward.
So there's a couple of instances. Usually the FDA flies
below the radar screen. But this instance really gets me, and
it's the second time recently that the FDA has just caused me
to shake my head and ask what the heck is going on over there.
You know, this instance it looks like there's a very robust
framework in place to protect manufacturers' trade secrets. And
in this case I'm not so sure anybody has ever pointed to
specifically trade secrets that have been protected, but by
God, we went after these employees because we thought there
might be a chance that they might disclose something.
So I think it was a very, very strong response in
protecting the manufacturers. I think it was very, very weak in
terms of protecting the employees. And, you know, I have to
acknowledge, Mr. Harris, this predates your involvement here,
so I'm not criticizing you.
So I see the FDA overriding their scientists in this case.
And the last time that the FDA, their conduct came to the
attention of this committee, was the approval of Zohydro, okay.
Now, I know this doesn't involvement medical devices, but in
that case the FDA overrode, again, their own scientific panel.
Their scientists voted 11-2 that approving Zohydro, which
didn't have any protections against abuse, quite similar to the
early iterations of Oxycontin, so 13 scientists, 11-2, they
said to the bureaucrats, do not approve Zohydro. And the FDA
turned right around, right around, with an opioid epidemic in
this country from coast to coast. This is one of the most
serious threats to our communities, and the FDA goes ahead and
puts a gun to the head of the American people by approving
Zohydro. So we got this problem.
You know, personally I spend a lot of my time dealing with
the effects of substance abuse in my communities. I've got
three cities, major cities, and I've got 22 towns, and no one
is immune. Good families, families that are struggling. It's
just unbelievable. It just blows my mind that the FDA would
approve Zohydro.
And so I need to put you on notice. I need to put you on
notice. You have shaken my faith in the FDA because of that
decision and what's going on here today. And I just want to put
you on notice that, you know, I used to give people the benefit
of the doubt, but I've seen such bad decisions coming out of
that agency that we've got a problem, which is I've got a
problem, you've got a problem. So, you know, we got to start
straighten up and fly right and start doing things that are in
the best interest of the American people.
And, you know, I appreciate that your mission and your goal
is to do the right thing. I just think we've strayed. Sometimes
the bureaucracy can do that. We just need to get back on the
same page here in protecting the American people.
I've exhausted my time, Mr. Chairman. I thank you for the
indulgence, and I'll yield back.
Mr. Harris. We will be happy to have someone provide
follow-up to you on that, on this issue.
Mr. Lynch. That would be great. Thank you, Mr. Harris.
Dr. Shuren. And, sir, we would also be happy to talk to
more details on what really was happening with these
unauthorized disclosures and the impact, because, in fact, what
it was doing is it was stifling other scientists. It's not that
these complainants were necessarily just willy-nilly overrode.
There were other scientists in the agency who disagreed with
their opinion, and those people's opinion was actually being
disenfranchised. People were feeling harassed, retaliated
against. Other scientists were feeling retaliated against by
the complainants, and they were complaining that the
unauthorized disclosures was having a chilling effect on the
internal discussion within the FDA and that people were afraid
to put their opinions in writing because it would be disclosed
to the press.
It's the same thing that Senator Grassley talked about. We
want to have open discussion within the FDA. We think it is so
important. But it goes on both ends.
Mr. Lynch. Sure.
Dr. Shuren. And we were seeing that that actually was being
adversely affected, and that adversely affects public health.
We cannot make well-informed decisions when that happens. And
that was a misuse of those disclosures, and that's unfortunate,
and they were used to influence public meetings, and they were
used to influence advisory committee meetings.
Mr. Lynch. Well, I'll be happy to have that information
offline, Dr. Shuren, and again, I thank you for your testimony.
Mr. Farenthold. Thank you very much. I am going to now
recognize myself for 5 minutes for a couple of questions.
First off, I want to say that whistleblowers are the
lifeblood of this committee. It's dedicated government
employees who see something going wrong in their agency that
have no recourse other than to bring it to the attention of
Congress, which is the right way to do it. It's not the right
thing to do the way Mr. Snowden did it and take it to another
country. And we work hard and we've passed legislation to make
it safe for whistleblowers, and this committee, and I think
Ranking Member Cummings will agree with me, will bend over
backwards to protect a legitimate whistleblower.
In fact, the committee Web site, Oversight.House.gov, has a
place you can go online to become a whistleblower. And I guess
there might be a lesson in this for potential whistleblowers.
Maybe the initial contact needs to be made from your home
computer or a computer at the library or from a Starbucks. But
you shouldn't be afraid to use your government computer to
report government problems.
And, Mr. Harris, I know a lot of this happened before you
got there, but you are the acting chief information officer, so
I want to take a step back and maybe look at what should have
been done. I mean, I understand that our computer, our rule
mentality, in the private sector, you've got a lot more
flexibility than you do in the public sector. The Constitution
doesn't apply you due process in your private sector job. In
many private sectors there are no whistleblower statutes other
than potentially to the government. So as a manager you've got
a lot more options in the private sector.
But in the public sector, going in and installing snooping
software seems rather draconian. I would think good practice is
to have something on your network that captures all incoming
and outgoing mail, and then you have the ability to search that
after the fact if you've got a leak. I've used EnCase before.
That's a forensic software that lets you go copy somebody's
computer. But, you know, nowadays with all compliance issues in
various industries, there are appliances that you can put on
your network that catches all the mail and saves it. And you
ought to be able to search that for emails to The New York
Times and have an exclusion saying if it's mail.house.gov don't
show me that. I mean, it seems like it's that simple. Didn't
you all hire a contractor back there? Couldn't you have told
the contractor when pulling the EnCase stuff and it says
mail.house.gov, I don't want to see it?
Mr. Harris. Yeah, I think you're on the right track. I
think one thing we should note is that monitoring is actually
rare. And I think what sews this together is when you think
about the reasons we do monitor at times. I can give you a
couple of instances. I mean, we have had cases of child
pornography. In my mind, we should immediately act on that and
we should immediately start to look for the issues there
because the child's life is in the balance here. And then there
are other instances where insider training does become an issue
to protect trade secrets.
But, you know, everyone is correct. The need to protect
those who whistleblow is important. So this new process that we
have in place does that. It has, again on the committee, a
legal individual, someone from IT, someone from HR to consider
the entire range of issues that we may face before we even
initiate our monitoring process.
Mr. Farenthold. And it's just hard to judge what the
culture of that is. You know, if within your agency there is a
culture of gossip, you know, does it slip out? You've got to
deal with the human elements of that as well, and I do think
there needs to be a technological solution to that.
Let me go to Ms. Canterbury and get her thoughts on what
the appropriate way to do this is.
Ms. Canterbury. So first I would like to ask why on Earth
the FDA would conduct surveillance if they had suspected child
pornography or insider training occurring, why would they not
go to the FBI? That just makes no sense to me. So I'm
struggling with under what circumstances----
Mr. Farenthold. I've run a computer consulting company.
I've done this for private sector. You know, you've got an
employee you think is--let's take child pornography out of it--
and is just surfing porn and that's against your policy. They
haven't broken the law, but they've broken your policy. So, I
mean, obviously there are cases where you need to do that
Ms. Canterbury. Sure. And so in that case, my question
would be on the back end of the review committee, I think, is a
substantial structural reform, but it's only reviewing, to my
knowledge, according to your interim policy, on the front end.
So what would be an improvement would be to do a similar review
on the back end, because there is no way you can use enough
search terms to protect public whistleblowing. So if an
employee is blowing the whistle with nonlegally protected
information to The New York Times or to the Project on
Government Oversight, that also cannot be swept up or they've
been in violation of the Whistleblower Protection Act.
Mr. Farenthold. And I'm going to agree with you that in
many cases retrospective is the way to go.
I'm about out of time, but I will give Mr. Harris an
opportunity to respond before we go to the gentlelady from
California.
Mr. Harris. Well, let me be clear. We by no stretch of the
imagination are coming here today to tell you that our process
is 100 percent perfect. The idea behind this is to have a
methodical approach to this. And by the way, the FBI comes to
us sometimes for referrals to do some of the work that we do.
And so it is by no way perfect, but the only way the agency can
move forward is to start something now and then we can perfect
it to a point to where we can then spread it to the rest of the
agency and then we all understand what our policies, rules of
engagement are around monitoring.
Mr. Farenthold. All right. Thank you very much. I
appreciate your indulgence.
We'll now recognize the gentlelady from California.
Ms. Speier. Mr. Chairman, thank you, and thank you to all
of our witnesses.
You know, we are really very good here at calling agencies
onto the carpet and beating them up and then talking to the
companies in our district and hearing their complaints about
the process being too slow, and the result is, is that so much
innovation is going abroad because our process doesn't work.
We can't have it both ways. If we want the FDA to be more
streamlined so more of this research and development of
clinical trials happens here in the United States, you know,
we've got to embrace that. If we don't, then we should just
tell all of our constituents that if they want the new medical
device that can save their lives, you're going to have to go to
France or Germany to get it.
Having said that, I want to send some kudos to Dr. Shuren,
because we do beat you guys up from time to time. I am sitting
on an airplane 2 weeks ago coming back from going home, and the
gentleman sitting next to me is a VC who specializes in medical
devices, and he had nothing but praise to offer about your good
work, Dr. Shuren. So I wanted you to have that at the outset.
Now, let's go to my questions. It appears that there were
search terms that were developed within the administration that
were superimposed on the computers of these scientists. What
were those search terms? The inspector general report isn't
very specific about them.
Ms. McKee. The search terms were ``K'' followed by a string
of letters----
Ms. Speier. Right.
Ms. McKee. --which indicates an identification for a 510(k)
submission, the word ``colonography'' based on the release in
the article in The New York Times. And then there were also
names identified of individuals where managers had voiced
concerns in the management team that Dr. Shuren talked about
that were performing ghost writing
Ms. Speier. Okay. So the first two make some sense to me.
The others appear to be the beginnings of a witch hunt, and
that troubles me. I think that Ms. Canterbury's concern is one
that we all have in that if we want to be clear about not
having reprisals it's better to have a hands-off investigation
or review taking place so that it's not within the department.
Go to the Justice Department, whether it's child pornography or
leaks of trade secrets. And it's not your core competency
anyway. So I guess the real overriding question that I have is,
why not just punt these all to Justice for them to undertake
the review?
Dr. Shuren.
Dr. Shuren. Yes. So a challenge we faced back then is in
the past we had our Office of Internal Affairs. That is the
group who did investigations within the FDA. And due to
concerns raised by Senator Grassley, and I understand those
concerns, in early 2010, the policy changed. The Commissioner
said in the future the Office of Internal Affairs cannot do
investigations of allegations of criminal conduct for employees
who made allegations against the agency. It would go to the
Office of the Inspector General. But they were not doing
investigations unless they had adequate evidence to do it.
And that has caught us in a bind. And in fact when just the
GE letter was sent to them, they came back and said, at this
time, based on the information provided, they are not taking
any action, the referral lacks any evidence of criminal
conduct. But after, from the monitoring, there was evidence of
unauthorized disclosures. In fact, the OIG did open a formal
investigation and did look into it. And at that point they
decided we're not going to prosecute, but they also came back
and didn't say that this wasn't wrong. In fact they said, we
understand you have sufficient evidence to support
administrative actions, and they closed the case at that point.
In other words, this could be a problem, you are welcome to
pursue it now with administrative action. And that's what
happened.
Ms. Speier. All right. I have very little time left, but
I'm concerned about the allegations by the scientists that
thought that these devices were potentially unsafe or exposed
people to radiation. Where are we in terms of evaluating that?
Dr. Shuren. Yeah. So for CT colonography and their concerns
about exposure radiation, it shouldn't be on the market, as I
mentioned, there is a lot of evidence to support it. We think
it is safe and effective. And last year there was a meeting of
joint advisory committees, so two advisory committees with
experts in radiology and gastroenterology, 20 people, and they
unanimously felt that CT colonography should be an option for
doctors and patients for screening asymptomatic individuals for
colon cancer. Unanimous.
Time and time again there were issues that were brought to
advisory committees, outside experts, who did not agree with
the complainants. In one case, I actually set up for an issue
to be brought to the advisory committee, and I let the
complainants give their own individual perspective. Actually
had two perspectives. We never do that. We have the center
provide a unit, one perspective, and here I said there is
difference of opinion, I want to put sunshine on it, didn't
hide from it, put sunshine on it and get feedback, and the
advisory committee didn't agree with the complainants.
And scientists within the agency, there were many
scientists who didn't agree. And many of our managers, they are
scientists. These people are also experts. And they disagree,
and that's okay. People can disagree. They should disagree if
they feel that way, and we have a process if they disagree, how
they can appeal that.
Unfortunately, never took advantage of that process, which
actually brings it all the way up to my office, can even bring
it up to the Commissioner's office, and it has to be in writing
and they have to justify their rationale, and never took
advantage. Instead, it was put information that by law is
prohibited to be disclosured by any FDA employee, whistleblower
or not, and put that out in the public venue. And that does
adversely affect public health, it adversely affected
discussion within the agency, and it adversely affected the
very issue of open dialogue, which they were complaining about.
In fact, in one investigation, independent investigation, it
was found that it was one of the complainants who was creating
the hostile work environment.
Ms. Speier. I thank you. My time has expired.
Mr. Bentivolio. [Presiding.] Thank you.
At this point I'll recognize myself. I would like to thank
each of our panelists for being here today.
Mr. Cummings. Yeah, I just want to close.
Mr. Bentivolio. Okay. Well, I'm going to ask a few
questions.
Mr. Cummings. Oh, okay. Sure.
Mr. Bentivolio. Briefly.
But, Doctor, you've answered a few of my questions. But
after listening to testimony and the questions that were asked,
I seem to have all my questions answered. But there seems to be
an underlying problem that you just addressed, is that, you
know, when you have a whistleblower there is procedures to
follow to make your points, to make your complaint heard,
correct? And you've just explained that procedure. But there
is, according to your testimony, if I understood this
correctly, they didn't follow all the procedures and went over
and above and then contacted Congress or blew the whistle, so
to speak.
Dr. Shuren. No. They are welcome to contact Congress. The
issue was they disclosed confidential information that is
prohibited by law from disclosure to members of the public,
including the press.
It was never about Congress. None of this had anything to
do about Congress. They had been complaining to Congress for 18
months before this started.
When I first started at the Center was in September 2009.
Before I could even speak to any of my staff and hold an all-
hands, my first two days, I spent a lot of it on Capitol Hill,
at the request of congressional staff, to talk about them and
their complaints. They were complaining all the time, which is
fine. No one objected. And I kept hearing they were constantly
complaining.
If anyone was going to retaliate, they would have done that
well before. This was in response to unauthorized disclosures.
And the OIG even concluded that there was reasonable concern
for doing the monitoring.
Now, people will have issues about how that was done, but
that is a different issue. This was nothing to do with
retaliation. There was no targeting of Congress. The OIG
concluded that was well. There was no targeted of protected
disclosures by whistleblowers. None of that.
Mr. Bentivolio. Thank you, Doctor.
Ms. Canterbury.
Ms. Canterbury. So, the Inspector General did not confirm
that there were disclosures of unauthorized information.
The staff report, the Issa-Grassley report, explicitly says
that they did not find evidence of unauthorized disclosures in
their surveillance of the employees, of the whistleblowers.
And I wanted to go back to one other thing that Dr. Shuren
said about the IG refusing to conduct an investigation for lack
of evidence.
The IG declined on May 18th in 2010 to investigate for lack
of evidence of criminal activity, but also pointed out to the
agency at that time that 5, U.S.C., section 1213, identifies
that disclosures such as the ones alleged, when they relate to
matters of public safety, may be made to the media and
Congress--to the media and Congress--as long as the material
released is not specifically prohibited by law or protected by
executive order and classification.
So that is what they got back, was their first
determination, their first warning, not to violate
whistleblower protections.
When they went back to the IG and asked for a review, the
IG looked at whether or not these unauthorized disclosures were
in violation of the law, consulted with the Department of
Justice, and, in fact, found that no further action would be
taken.
DOJ declined to prosecute. The OIG declined to investigate
it further. There was no evidence of prohibitions of law.
What the IG said in the letter was not that there was
sufficient information to take administrative action, but,
instead, it said your office indicated it had developed
sufficient evidence to address the misconduct through
administrative process.
So the message from the IG was not that we think you have
sufficient evidence, but you say you do; so, go ahead and take
care of it administratively.
Dr. Shuren. Yes. But the OIG in the first place was
actually making clear you can have certain disclosures to the
media unless it is prohibited by law. That was the whole point.
The kinds of disclosures that were occurring, and the ones
we were concerned about----
Mr. Bentivolio. Doctor, I think what really concerns me is
that, when an employee, a scientist, raises a red flag on some
medical equipment or medical product and they bring it to the
attention of the people in charge of the agency and, yet, for
some reason, their issues aren't addressed to their
satisfaction, they have to go outside of the agency to get
redress.
I think--to me, you know, after listening to all this
testimony, it seems to be a cultural problem within a lot of
government agencies, not just the FDA. So I think that is the
thing we really need to focus on.
Why can't an employee, a scientist, probably one of the
smartest people in that agency, have some concerns and those
concerns be addressed in-house and taken care of? And, yet,
even if you have to put in some overtime.
Dr. Shuren. I would agree with you. And actually----
Mr. Bentivolio. But, apparently, those aren't there. You
have not created a culture--or the FDA has not created a
culture where those things can be addressed and the public can
be satisfied. And I think I am out of time.
And now Mr. Cummings.
Mr. Cummings. Thank you.
Thank you very much, Mr. Chairman.
Looking at the report of the IG, Mr. Harris and Mr. Shuren,
it says--and it is on page 20 of the report--it says, ``Given
this, FDA's interim policy addresses our five recommendations
outlined above. HHS should determine whether all other
individuals OpDiv policies meet our recommendations above. HHS
also should regularly review and, as necessary, update its
Department-wide monitoring policies to ensure they are
compatible with new and emerging technologies and
methodologies. Information technology is continually changing,
and a static monitoring policy could fail to address key
implementation issues as capabilities evolve.''
And I just want to make sure--it sounds like the IG is
satisfied for the moment. But as he says, the technology is
continuously changing. And as you know, you can have technology
today that is outdated today.
And so the question becomes, you know--I want to--what I am
going to do, Mr. Chairman, with Chairman Issa, is try to follow
up with the IG to make sure that he is satisfied that
everything that can be done at this moment, consistent with his
recommendations, has been done.
And, number two, I am just curious as to how you plan to
keep up with the technology and make the changes that are
necessary so that we are not outdated.
Mr. Harris. Thank you, sir.
Clearly, as we stated earlier, we don't consider this
process as anywhere near completed. Instead of static, it has
to be fluid. We have to keep up with the emerging technologies.
I mean, there is a smart kid somewhere who is able to come up
with an idea of how to breach our system. So we have to always
be out in front of the process.
But going back to the earlier statement that we know that
we need to have a set of clearly understood processes across
FDA that requires us to have, again, approval before anything
starts, I think the IG is also stating that we started out
pretty good, but we still have much more work do. We recognize
that. The agency recognizes it. So we are in no way saying that
we are done here. We have a lot of work to do.
Mr. Cummings. I know the chairman was about to end the
hearing; so, I will just finish my closing right here. I know.
I saw him. That is why I said ``was about to.''
I just want to thank all of you for being here.
And I want to reiterate the comments of Congresswoman
Speier and, also, Lynch. It is so important that government
operates correctly because, when government does not operate
correctly, there are consequences.
I go to the same bank every Friday. For the last five
months, I have been following my teller, whose son's wife was
having--well, his girlfriend was having twins. And so, you
know, everybody's excited and everything.
And then about a week ago I went in and I said, ``Well''--
you know, she was so excited that these twins were going to be
born. And they knew it was two boys.
I was excited for her, and I would ask about them every
time I walked in the bank. And then she said, ``They have been
born'' and then she said, ``I have got good news and bad
news.'' She said, ``The boys are fine. The mother's in a
coma.'' Apparently, there was some complications. Developed
MRSA in the hospital. And then, when I came back last Friday,
she said she died.
Whether this was with regard to a device, I don't know. I
am not saying it is. But now we have got two boys a week old
who will go for the rest of their life without their mother.
Those are the consequences.
I think a lot of times we here in government forget that
there are people that are affected by our decisions, but they
are. And so I think--first of all, I don't think, to be frank
with you, that a whistleblower has a right to remain silent if
they see something wrong. That is why we want to protect them.
We want to get it right.
I am asking you all, when you go back to your shops, to
reiterate that. We are going to continue to follow this. I know
the chairman will and our committee will. But this is so very,
very, very important.
And I heard you, Ms. Canterbury, and, basically, what you
were saying was, ``Look, we don't trust that this is going to
work out. It is not all complete'' and all that.
Well, it has got to work out. It has to work out because
the American people deserve absolutely nothing less. That is
why they pay our servants--our Federal servants, employees, to
do these jobs.
And going back to something Chairman Issa said, it is also
about trust. So the more we do it right, like you said, Mr.
Shuren, when you were talking about dismissing everybody or
however--you know, when you said you were trying to make sure
that the whistleblowers were protected, those are the kinds of
things we have to continue to do because the public needs to
feel that trust, and we have got to make sure that we take care
of them.
So I want to thank you very much.
I am out of time, Ms. Canterbury, but that is up to the
chairman.
Ms. Canterbury. I just want to say that I have full trust
that, if you and the chairman work together, that you will get
the job done right.
Mr. Cummings. Thank you very much. And we will. Thank you.
Mr. Bentivolio. At this time I would like to recognize the
gentleman from Florida, Mr. Mica.
Mr. Mica. Well, thank you, Mr. Chairman, and ranking
member.
I came in a little bit late. I will try to ask a couple of
questions, hopefully, that haven't been asked.
I was going to turn my first question to Mr. Harris. Mr.
Harris, in September, I guess, of last year, you were acting
CIO and you released an interim policy staff manual and guide
for employees' computer monitoring.
You have both the role, I guess, of--is it COO and, also,
CIO?
Mr. Harris. Yes, sir.
Mr. Mica. Okay. Now, in that capacity and in developing
that manual, under the interim policies, what are your
responsibilities as both the COO and, also, as the chief
information officer?
Mr. Harris. As the COO, it is my responsibility to make
sure that the process is fluid and that it is commonly
understood by all.
As the chief information officer, it is to make sure that
we give good guidance to program officers and centers across
FDA when they have a request to look at issues that may occur
within their centers.
And so there is two separate hats there. One is of
processes. I mean, this is not about power. This is really
about well-matured processes that the entire agency can
understand what we are doing from A to Z.
And from an IT perspective--Dr. Shuren spoke of it
earlier--the question was asked whether we could have taken a
different approach.
I think, as an IT professional, I would have said that we
need to look at the entire scenario so we can determine the
most appropriate approach.
Mr. Mica. Well, do you think, again, with you in the
position of being both COO and CIO, there is a potential
conflict?
Some of your responsibilities are for the approval of the
monitoring, the execution of the monitoring, and the direction,
but, also, the review of the monitoring.
Do you see that as something that actually should be kept
separated? I don't know how you are able to achieve your sort
of--I would see it as in competing roles. What is your opinion?
Mr. Harris. Well, the review committee that we have as part
of our steps does have legal review included in it. So when it
comes to--as a formal request, there is a committee, again,
that has an HR person on it, has an IT person, a legal person
on it. And then it comes back to me.
So they have an opportunity to look at it without me even
being present. But I think the most important part of this is
the legal review takes place and then, before anything starts--
--
Mr. Mica. So you are saying on top of this there is another
review that would ensure, again, some objective review?
Mr. Harris. Yes.
Mr. Mica. Ms. Canterbury is answering--or shaking her head
``no.'' Did you want to respond?
Ms. Canterbury. I understand from the interim policy that
there is a legal review on whether or not to conduct the
surveillance.
But once the information is collected, it is Mr. Harris who
maintains that and determines who gets to use that information
and how it is used.
And so my recommendation is that the COO shouldn't be
involved. As you suggest, sir, I think it may be a conflict of
interest.
He should not have a part in all decision-making and then
control what--the information that is collected at the back
end.
Certainly, at the back end, there has to be a legal review
to make sure----
Mr. Mica. So you don't think that even though what he cited
and considers as another step is not really doing the job
because, again, just the nature of the conflict of his having
both of those responsibilities--I mean, I don't want to put
words in your mouth. Is that correct?
Ms. Canterbury. Right. My concern is with, after the
information is collected, what happens to it.
Mr. Mica. Right.
Ms. Canterbury. Are there protected disclosures swept up in
what is collected? And only Mr. Harris would get to decide
that, according to the interim policy.
Mr. Harris. I think, again, we stated earlier that the
policy is nowhere near complete. We made a conscientious choice
to have an interim policy so that we can get this right, and
this has to be done right over time.
There are many scenarios that apply here that don't have a
single answer to it.
The other piece of it is that we want the agency to begin
to move forward and, one, again, protect the whistleblowers,
and, two, make sure that our processes are commonly understood
from end to end. And then, at the end of the day, before
anything begins, anything begins, we have to have an approval.
And so I don't know what happened, again, 2 or 3 years ago,
but I know now that we have a much more well-oiled process.
It is interim. It is not perfect. We have to build it as we
go because, as Mr. Cummings said earlier, the landscape changes
with IT on a regular basis. We have to be fluid with it if we
are going to stay on top of things.
Mr. Mica. Also, again, in protections and making certain
that important responsibilities are fulfilled. I think Ms.
Canterbury did allude to, again, some conflict that exists just
by the nature of the current way this is conducted.
Mr. Harris. That is right. It comes out of my hands and
goes, as we talked about, to the legal review. We call it a
legal tank team. When something has occurred that needs to have
a set of fresh eyes on it, it comes out of my hands and goes
into the hands of a legal team, who looks at it, and we call
them a tank team. They then decide the best recourse of action
from there.
So I think it would probably be better if we could at some
point in time have some conversations about what we are doing
because, I think, again, from where we were 2 or 3 years ago,
night and day.
Mr. Mica. Well, again, we wouldn't be holding this hearing
if it all worked right. But that is why we are here.
Let me turn--a final question just to Ms. McKee. You are
involved in, again, some of the monitoring. Is that correct?
Ms. McKee. That is correct.
Mr. Mica. Yeah.
And did anyone ever tell you that it was inappropriate to
look at disclosures to OSC or members of Congress or attorneys?
Did they tell you that?
Ms. McKee. The focus of the monitoring wasn't on any of
those disclosures. While they may have been captured broadly,
it was not something that we looked at.
Mr. Mica. Okay. And did you think that it was fair game,
because they were doing it on an FDA computer, that they could
again look at that information and make the disclosures?
Ms. McKee. I am sorry. I don't understand your question.
They could look at it?
Mr. Mica. Again, you thought it was fair game because they
were using an FDA computer in the process.
Ms. McKee. The software that was used captures everything,
is my understanding. There was not a way to wall off different
communications--types of communications.
Mr. Mica. Well, again, you--but you thought it was
appropriate use of computers and information?
Ms. McKee. I am not getting your question. I am sorry.
Mr. Mica. Again, you said to the committee that you were
involved in this process.
Ms. McKee. That is correct.
Mr. Mica. And you, in fact, had said that it was
inappropriate to look at disclosures--or you said there was not
a problem with looking at disclosures to either OSC or members
of Congress or attorneys, is what I--some of the information I
have been provided. That is not correct?
Ms. McKee. I don't believe that is correct, sir. It may
have been a mistake, misspoke during an interview.
Mr. Mica. Well, again, I am looking at information that was
provided from your transcribed interview. And, furthermore,
when questioned about this, I am informed that you thought it
was fair game because they were doing it on an FDA computer.
And I think you responded--at least in those interviews, you
thought it was a fair game because, again, they were using FDA
computers.
Ms. McKee. If I recall--I am trying to put your question
into context with the question I was asked--I believe
monitoring FDA employees' computers is fair game.
Mr. Mica. Is fair game under the rules. And you still
believe that.
Ms. McKee. I believe there are times when it is
appropriate, yes, to monitor FDA employees' computers.
Mr. Mica. Okay. And about--what about disclosure of that
information? What is your feeling about what has taken place
and how that has worked?
There have been disclosures from the monitoring that are
inappropriate. And, obviously, the monitoring, again, monitors
people's inappropriate activity. That is part of the purpose of
the monitoring. Correct?
Ms. McKee. That is correct.
Mr. Mica. Okay. And what is your opinion as to how this has
worked and functioned? You said it is fair game, which they are
doing. They are conducting this monitoring. And, obviously, we
have had problems with it not working. What is your opinion?
What is the flaw? Where do we need to go?
Ms. McKee. I certainly believe the processes that the
agency has put in place in the last six months would have
helped in the situation----
Mr. Mica. If it had been in place.
Ms. McKee. If it had been in place in 2010, it certainly
would have helped.
Mr. Mica. Okay. Thank you.
Yield back.
Mr. Bentivolio. Thank you.
At this time I would like to thank all of our witnesses for
taking time from their busy schedules to appear before us
today.
The committee stands adjourned. Thank you very much.
[Whereupon, at 12:27 p.m., the committee was adjourned.]
APPENDIX
----------
Material Submitted for the Hearing Record
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
�