FDA Spied On Emails To Try To Silence Critics

from the and-it-may-have-just-made-new-critics dept

We've discussed how the government often seems much more focused on silencing leaks of information, rather than recognizing that those leaks are often highlighting serious misconduct. The latest example involves the Food and Drug Administration (FDA), who apparently started trying to find the source of a leak, but in the end started collecting thousands of emails to try to stifle all sorts of criticism of the FDA, as revealed by the NY Times over the weekend.
What began as a narrow investigation into the possible leaking of confidential agency information by five scientists quickly grew in mid-2010 into a much broader campaign to counter outside critics of the agency’s medical review process, according to the cache of more than 80,000 pages of computer documents generated by the surveillance effort.

Moving to quell what one memorandum called the “collaboration” of the F.D.A.’s opponents, the surveillance operation identified 21 agency employees, Congressional officials, outside medical researchers and journalists thought to be working together to put out negative and “defamatory” information about the agency.
The details show that the FDA installed key logger software on the computers of their own scientists, tracked the personal emails they wrote to others, and tracked documents they copied to key drives. Now, you can make a reasonable argument that since these were work laptops, the FDA has every right to track the usage, but it seems pretty clear that the FDA went really far here, and it wasn't just about stopping leaks, but about trying to stifle criticism and whistleblowing.

In fact, much of the evidence suggests that this absolutely was an attempt to blow the whistle on faulty review procedures by the FDA, that resulted in the approval of medical imaging devices that weren't actually safe. And, apparently, the complaints by the whistleblowers were convincing enough that there's now a Congressional investigation into "a substantial and specific danger to public safety" from this activity.

If the FDA were functioning as it was supposed to, it would have seen these complaints as a reason to investigate its own activities. Instead, in the supposed attempt to "stop leaks," the FDA used this info to try to squelch the attempt to have its own practices investigated.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Jul 16th, 2012 @ 7:35am

    Would an entity that's misbehaving really want to point out misconduct? I think not.

    Dat goverment's all about dat corruption dawg

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Jul 16th, 2012 @ 7:36am

    Well geee pirate Mike! Of course you would jerk your knee in the defense of these sleeze bags that would undermine our safety!

    ...

    Damn what am I doing wrong? This trolling thing is hard...

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Jul 16th, 2012 @ 7:37am

    Re:

    Also expect SWAT teams at the techdirt offices

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Jul 16th, 2012 @ 7:47am

    you didn't really think the information would be used in the correct way, for the correct purpose, did you? must be nice to live in the world of everything is as it should be (make believe!)

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    Oblate (profile), Jul 16th, 2012 @ 7:49am

    Just part of their device testing protocol...

    Maybe this was just the testing protocol for a new medical device. The device under test is called the "Cover Your Ass" (CYA) medical device. As it has failed the first round of testing, as evidenced by the continued flow of information regarding FDA wrongdoing, it will have to go back to another round of development. However it seems almost guaranteed that the replacement officials at the FDA will continue to support development of this device.

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    Mesonoxian Eve (profile), Jul 16th, 2012 @ 7:51am

    That's Monsanto for you.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Pixelation, Jul 16th, 2012 @ 8:00am

    We can be sure something will be done about this since Congressional officials were having their privacy invaded and not just private citizens.

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    Ninja (profile), Jul 16th, 2012 @ 8:00am

    I believe they have all the right to monitor company notebook activities. Except that their rights do not encompass personal e-mail accounts. The right way to prevent ppl from using their e-mails in the workplace to send sensitive stuff out of the company controls is to block access to such material.

    They should sue the FDA.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Jul 16th, 2012 @ 8:07am

    Re: Just part of their device testing protocol...

    @ #5

    i think what you mean is that the new CYA device will need to be wiped and testing started again!

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    drew (profile), Jul 16th, 2012 @ 8:12am

    Re:

    I dunno, that had the main key words and was as vacuous as usual. Little bit close to the actual topic in hand though.
    B+

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    pixelpusher220 (profile), Jul 16th, 2012 @ 8:15am

    Re:

    Can someone show me that they monitored anything other than 'employer issued' laptops?

    I read the NYTimes article and I don't see any mention of actually monitoring Congressional Aides, only that they monitored the emails the scientists sent *to* Congress. That's a far far different thing and since these laptops are issued by the gov't, the gov't has every right to monitor anything done with them.

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    hmm (profile), Jul 16th, 2012 @ 8:23am

    well

    why not just have the FDA approve all FDA-criticisms.
    that way they can just 100% refuse all licenses without $100 million dollar bribes

    OMG the heads of the FDA have been taking bribes all the way upto july 2012 to pass completely unsafe drugs that cause spontaneous abortions and aneuryms? and would cream their pants for this kind of power?

    say it aint so!

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    arcan, Jul 16th, 2012 @ 8:31am

    Re: Re:

    will they be showing up in clowncars? because national security?

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Jul 16th, 2012 @ 8:33am

    Re: well

    Too late, I already creamed their pants

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Jul 16th, 2012 @ 8:42am

    The FDA is about as corrupt as they get and everyone knows it. Reading about all their wrongdoings is too disgusting to follow through.

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    pixelpusher220 (profile), Jul 16th, 2012 @ 8:42am

    Re:

    Incorrect, if you use their computer to access your personal account anything you do is fair game. You're using their device to do personal stuff and it's either against policy on that front, or they denote up front that they are allowed to monitor what you do with their device.


    However, if the FDA logged the passwords and then *later* logged in to their email, that is not. But I don't see any mention of that in the NYT article.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous Coward, Jul 16th, 2012 @ 8:43am

    The ink isn't even dry on all their fancy new cybersecurity laws and already they can't wait to abuse them. In fact, they didn't wait.

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    Hephaestus (profile), Jul 16th, 2012 @ 8:45am

    The thing about monitoring is, once it starts it gets out of hand very quickly. You find what people actually think of you, the jokes they tell about you. You find one person sending something that "Might" be a problem to another. You then look at this other person who leads you elsewhere.

    Its why the monitoring of citizens will lead to more monitoring. Because when you know what people actually think of you, you begin thinking there is a conspiracy behind every door.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, Jul 16th, 2012 @ 9:41am

    To be honest, the solution to this problem is not legal (make better laws that forbid such snooping), but providing proper end to end encryption (meaning, store the emails themselves encrypted) so such snooping simply cannot happen again.

    To me it's rather simple: we tried playing nice relying on the relevant authorities to keep their hands of our privacy, they failed, it's time we take away all their control so they simply cannot abuse it.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Jake, Jul 16th, 2012 @ 10:02am

    This, ladies and gentleman, is why there's a "public interest" defence built into the Official Secrets Act here in Britain.

     

    reply to this | link to this | view in thread ]

  21.  
    icon
    Ninja (profile), Jul 16th, 2012 @ 11:31am

    Re: Re:

    Monitor is ok, you can monitor what's done without logging passwords. Every1 has a banking life and most companies I know allow you to check your account from within the company network. So the question is, are they allowed to monitor your banking history and passwords? I don't think so, even if they don't plan to log into your account later.

    Besides, if there's enough sensitive information you have to block all access to the internet because you wouldn't be able to see exactly what's going through an encrypted connection that easily (please correct me if I'm wrong). I don't see how they could see who were the ppl the employees sent their e-mails on external webmails without effectively logging into their accounts.

    All the rest is fair game, including monitoring what files go into what usb sticks and that's something we know it's done regularly within the US Govt from Bradley Manning's case (again correct me if I'm mixing up something but they got to him by checking the files that were transferred to a usb stick with his login).

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Anonymous Coward, Jul 16th, 2012 @ 11:56am

    Re:

    ???

    How do you encrypt your keyboard strokes as they are being recorded by the OS?

    Those people were using compromised computers, maybe that is a lesson to everyone to not trust a work computer ever.

     

    reply to this | link to this | view in thread ]

  23.  
    icon
    gorehound (profile), Jul 16th, 2012 @ 12:38pm

    I really hate our Government !
    What else can I say that has not been said before.

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Anonymous Coward, Jul 16th, 2012 @ 12:53pm

    Re: Re:

    No. The government is either afraid of or dangerous to its people. The government either limits spying on its citizens, employees or not, using its computers or not, or is a danger to its citizens.

    It is for the people to monitor their government, not to be surveiled by it.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Anonymous Coward, Jul 16th, 2012 @ 12:56pm

    Re:

    You know in the UK they will send you to prison if they think something is encrypted and you cannot unecrypt it on demand?

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Anonymous Coward, Jul 16th, 2012 @ 1:03pm

    Re: Re: Re:

    Monitor is ok, you can monitor what's done without logging passwords. Every1 has a banking life and most companies I know allow you to check your account from within the company network. So the question is, are they allowed to monitor your banking history and passwords? I don't think so, even if they don't plan to log into your account later.

    The US government (USG) does have the right to monitor everything done on their computers and network because users may not log into a USG computer unless they agree to monitoring. All properly configured USG computers display a log-in warning banner that states the computer is an official USG computer to conduct USG business. The banner also states that there is no expectation of privacy, all activity is monitored, and by logging in the user consents to monitoring.

    All USG employees and contractors are also required to complete annual FISSA training. A reminder that users consent to monitoring is also in that training. The USG also has an ROB that users must accept before they are allowed to use a USG computer, and guess what the ROB contains? That makes three notices warning of monitoring, one of which appears every time you log in.

    The scientists only have a case if they were using a USG computer that did not have a warning banner, they never took FISSA training, and they did not sign an ROB.

    Besides, if there's enough sensitive information you have to block all access to the internet because you wouldn't be able to see exactly what's going through an encrypted connection that easily (please correct me if I'm wrong).

    All unsolicited SSL connection attempts from the Internet to USG computers are (well, are supposed to be) blocked. Outbound SSL connections are decrypted by the USG using a proxy similar to a man-in-the-middle attack.

    I don't see how they could see who were the ppl the employees sent their e-mails on external webmails without effectively logging into their accounts.

    Yahoo! webmail only encrypts authentication, everything else is sent in clear text which can be obtained through a network packet capture. I beleive GMail encrypts everything. Decryption of GMail is accomplished with a proxy as mentioned above.

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Anonymous Coward, Jul 16th, 2012 @ 2:15pm

    Re: Re:

    Just because they may or may not have the legal "right," should be less important than an agency of the U.S. Government using/abusing it's 'rights' to cover up failures that potentially put unsafe devices in people's bodies.

    I'll take "natural and legal rights" of the citizenry to an accountable government and safe medicine.

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Michael, Jul 16th, 2012 @ 2:51pm

    Down with the US government

    The world will be so much better without you.

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Anonymous Coward, Jul 17th, 2012 @ 10:17am

    Re:

    We have to stop these treasonous leaks... if we do not continue to approve (for a nice fee) all these profitable (though potentially leathal) technologies we would lose 1000000000 jobs and suffer an incomprehensible loss to our economy of 1gigagillion dollars. And don't forget the rampant child porn that would be unleashed on our world.

    I think I make a better troll because I can make up things and raise completely unrelated arguments.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This