GovLoop - Social Network for Government

Should your agency be able to monitor your personal emails?

The Food and Drug Administration recently admitted that it monitored the personal emails of some of its employees.  The Washington Post reports that the agency said it was concerned that employees were leaking confidential information out to the general public.

About two years ago, some FDA employees said they had worries about unsafe medical equipment and took their concerns to Congress.  Last month, the Post broke the story that the FDA had, in fact, monitored Gmail communications between this group of doctors, who had concerns about medical devices that were not safe or effective.

The agency said it started looking at employee's emails in 2010, but the Post says it has evidence the surveillance started as early as January of 2009.

House Oversight and Government Reform Committee Chairman Darrell Issa (R-Calif.) sent a letter to the FDA on Thursday, saying such behavior is against the law.

The FDA has a warning that pops up when a user logs on stipulating that there is no expectation of privacy regarding any data that passes through -- or is stored on -- its system. 

In his letter, the Congressman charges that the FDA was in the wrong because retaliation against whistleblowers is illegal.

What do you think? Should your agency be able to look at your personal email if you log on at work? Or is this stepping over the line?

Tags: communications, human resources, privacy, tech

Views: 462

Reply to This

Replies to This Discussion

Permalink Reply by Linda Martin on February 10, 2012 at 4:13pm

I believe it is stepping over the line.  That is the purpose of it being called PERSONAL email.  If they have a right to go into your personal email then they will try to have a right to go into your personal bank account, cellphone records, etc...

Permalink Reply by Brian Gryth on February 14, 2012 at 3:18pm

Linda,

I don't know what the FDA agreement actually says, but if the FDA user agreement stipulates that the user has no expectation of privacy and that all data the passes through the FDA system is subject to inspection or monitoring.  Well, then the FDA has the right to access personal bank account, cellphone records, and any other records  if you access them on FDA systems.

Permalink Reply by Kenyatta Hawkins on February 12, 2012 at 10:55pm

I’m on the fence with this one. While I don’t particularly agree that you should check your personal email at work, I don’t believe that agencies should have the authority to look at employee’s personal email either. If companies/agencies are worried about their employees leaking information (or even lack of productivity), then they should take other cautions. I, personally, work at Verizon Wireless and they restrict certain websites for that specific purpose. We are unable to access outside email accounts, most social media sites like Facebook or Twitter, employment search engines (like Monster or CareerBuilder), and the like. Initially I thought these restraints were a bit extreme, but knowing that I could access these features through my phone or tablet if necessary is reassuring.   

Permalink Reply by Brian Gryth on February 14, 2012 at 3:00pm

One question.  Why does Verizon allow you to bring your phone or tablet to work?  You could just as easily leak information using those tools.

Permalink Reply by David Dejewski on February 13, 2012 at 8:18am
Perspective from a former Defense Department CIO: monitoring of all traffic coming into and out of DoD facilities has been going on for more than a decade. If you do it - no matter what "it" is - on a government network, it's fair game. There's a banner posted to that effect on the computer screen of very DoD employee when they log in. All empoloyees consent to monitoring. Few facilities have the manpower to watch everything real time, but Internet activity does get filtered and recorded for up to a year in some cases (maybe more in some special areas).
If you give the command some reason to suspect an issue (eg set off an alarm on the intrusion detection system by sending/receiving a classified code word or visiting a child pornography site), security folks will likely be going through all traffic generated by you for months. Intrusion detection systems don't distinguish between what traffic is official and what is personal. They just watch all traffic as it flows in and out of the network.
Like it or not, that's reality. My advice is if you want to send/recieve personal email, do it from home or start with the assumption that it is being monitored and recorded.
Permalink Reply by David Dejewski on February 13, 2012 at 8:43am
It seems to me that a system designed to protect people and state secrets was abused in the FDA case mentioned above. While I do not condone this kind of abuse, I do understand how it could very easily happen. More than one time and at risk to my career, I have personally refused to allow access to this information flow because I had concerns it would be used to mount witch hunts.
Integrity is critically important. With access comes responsibility. My concern is that FDA leadership and employees allowed themselves to be tempted into spying on their own people - extending beyond safety / security into politics. It looks to me like they used their security system to hide wrong doing and manipulate the information environment. This is really ugly stuff.
Permalink Reply by Ebony Scurry, PHR, GCDF-I on February 13, 2012 at 2:08pm

I agree with you here David.

Even though federal employees consent to monitoring, it should not translate into that monitoring being without strings of expectations for civility and need attached.

I have a sense that people are becoming increasingly sensitive to their personal information and will only tolerate so much without due reason. I will be watching this FDA case closely; I anticipate that the outcome will eventually impact most other federal agencies.

~ Ebony

Permalink Reply by Dannielle Blumenthal on February 13, 2012 at 9:05am
This is not a comment on the FDA situation but a general observation. If you use a work computer, especially when you work for the government, and they tell you explicitly and clearly and repeatedly that nothing you do on that computer system is private, you can't expect privacy. Use your own computer for personal stuff, or be aware that using a work computer means that your communication is not private. All opinions my own as always.
Permalink Reply by Robert Bacal on February 13, 2012 at 11:54am

Dannielle, the "rule" has always been as you explained. It's really dead simple, and, IMHO, a non-issue. Keep official business that uses employer resources separate from personal. Use a different account that you only access away from work, and if you have to, use your company/cloud account for official business.

Permalink Reply by Brian Gryth on February 14, 2012 at 3:09pm

Is it really that simple?  What about an agency that allows remote access, but the employee has to use personal equipment?  What about personal cellphones used for official purposes? 

I am not sure we can make blanket ascertains that personal and work are separate anymore.

I do agree that if the employee has to click on a user agreement that states nothing is private then he or she is warning.

Permalink Reply by Robert Bacal on February 15, 2012 at 1:11pm

I understand things have gotten grey in terms of using personal equipment for business. I have considerable problems with the notion that an employer can require an employee to use their own technology for work purposes, but that's a side issue.

I think that personal equipment is personal equipment. It should not be monitored, just because an agency is unable to, or unwilling to provide the essential tools for work. It reminds me of using a personal vehicle for work, which is not uncommon.

I can see an agency that provides a vehicle for work to check that vehicle for pretty much whatever it wants...proper care, evidence of drug use, whatever. However, if an employee uses THEIR own vehicle, it should be hands off.

Employers pay for the right to monitor and examine. Private property is still private property, and if it has mixed use, it still belongs to the employee. I know there are still grey areas that might crop up, but perhaps this is the best one can do.

Or are there flaws I'm missing?

Permalink Reply by Peter Sperry on February 13, 2012 at 9:41am

The spillover question is "Can/should government agencies monitor teleworkers personal use of their own computer equipment at home?" If an agency allows telework, will they also insist on being able to install monitoring software on the employees personal equipment in order to ensure compliance with government regulations during work hours? If they do not, will the agency them be at least partially liable for any inappropriate web browsing or messaging during official time? Probably not legally but an interesting question to answer when something goes wrong and the press comes looking for a scapegoat. If the agency does monitor, will the employee have any expectation of privacy during non official time and how will they know if the agency is monitoring them during evening and weekend hours?

RSS

Special Offer

Sign Up For NextGen by 5/31 and Get A 3 Week Training Course for Free!

Guides

GovLoop State of Government Communications Report

Tools & Resources

GovLoop Salary Calculator

View All

© 2012   Created by GovLoop.

Badges  |  Report an Issue  |  Terms of Service

About GovLoop

GovLoop is the "Knowledge Network for Government" - the premier social network connecting over 50,000 federal, state, and local government innovators.

A great resource to connect with peers, share best practices, and find career-building opportunities.

Communities

Resources

Badges Help Privacy Terms of Service