FDA Employees Challenge E-Mail Privacy at Work
Do employers have a right to monitor employees’ e-mails while on the job? This important issue is raised in a lawsuit filed earlier this month against the U.S. Food and Drug Administration. The legal issue is whether employees have a reasonable expectation of privacy when using personal e-mail accounts on workplace computers.
The lawsuit was filed earlier this month by six whistleblowers at the FDA who allege that their private e-mails were extensively monitored after they began complaining to lawmakers about serious irregularities in the agency's medical device review process. In the complaint filed in U.S. District Court for the District of Columbia, the six alleged that the FDA installed spyware on their workplace computers to monitor and intercept their communications.
The complaint acknowledges that the intercepted correspondence was created, transmitted, received, and viewed on government-issued computers and government-owned networks. But it noted that the e-mail was private, password protected, and sent using third-party, non-governmental e-mail services such as Yahoo and Gmail.
The intercepted communications also included e-mail sent from private e-mail accounts on private equipment by family members, friends and associates, but viewed on FDA-issued computers.
According to the complaint, the employees had "explicit permission" to use their government-issued computers for personal purposes. Nonetheless, the FDA secretly searched and seized private electronic communications when the plaintiffs "had a reasonable expectation of privacy" the complaint noted.
Documents related to the case, published by the National Whistleblowers Center, show numerous instances of the FDA intercepting what appear to be confidential attorney-client communications.
Also captured were e-mail messages between the whistleblowers and a former staff member for the House Committee on Energy and Commerce and a former chief investigator for the Senate Finance Committee. One FDA intercept shows a screen shot of dogs belonging to one of the whistleblowers while another captures an exchange in which one whistleblower exhorts another to "hang in there."
The intercepted e-mail accounts contained "extremely private and intimate correspondence with family ... friends and loved ones," the complaint noted. Many of the accounts were used for personal finances, banking and other personal purposes. "Defendants intercepted e-mails that are considered private by all traditional standards."
The secret searches and seizures lasted for two years, the complaint alleged. In total the FDA is alleged to have monitored private e-mail conversations of nine scientists and physicians. The lawsuit alleges that FDA used the data to retaliate against the whistleblowers.
The plaintiffs charge the agency with violating their First Amendment rights to free speech and association, their Fourth Amendment's rights against unreasonable search and seizure, and their Fifth Amendment's right to due process.
Many companies have computer use guidelines clearly specifying what employees can and cannot do with their work computers. They are using tools that use filtering and other technologies to make sure that employees do not accidentally or deliberately transmit sensitive documents or illicit material via their e-mail.
Even so, the issue of whether employers have the legal right to actively monitor password protected, private e-mail accounts, just because their computers are being used, remains largely untested in courts. However, in a 2010 case, City of Ontario, California, et al v. Quon et al, the U.S. Supreme Court ruled that employers can search through text messages, including personal ones, if they have reason to believe that workplace rules or laws are being violated.
That case is slightly different, though, because it involves personal text messages being sent on a workplace pager. The FDA lawsuit refers to messages intercepted from personal, password-protected e-mail accounts.
Miriam Schulman, director of the Markkula Center for Applied Ethics at Santa Clara University said that whistleblowers could have avoided the whole issue by using their own computers, "But just because you do something dumb, doesn't remove your privacy rights," she said.
From an ethical perspective I have always believed that the personal use of company resources in the workplace is acceptable as long as there is no policy against it by the employer. If there is no such policy then moderation and good judgment should guide when it is ethically appropriate to do so. For example, what if a spouse wants to communicate with a child-care provider about the health of a sick child? Is it better to use your own cell phone to communicate because it is not a company resource? Isn’t the issue whether personal communication should be allowed during the work day and not the method of doing it?
I believe this is a situation where the rules may not have as yet caught up with technology and the changing dynamic of a two parent working home. Concessions have to be made albeit in a limited number of situations to provide a supportive workplace environment.
Blog posted by Steven Mintz, aka Ethics Sage, on February 14, 2012