No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights

Whistleblowers in the Intelligence Community

by R. Scott Oswald
April 10, 2014
in Uncategorized
Whistleblowers in the Intelligence Community

with contributing author Tom Harrington

The actions of Edward Snowden have sparked a vigorous debate over the information-collecting measures of the U.S. intelligence and security communities. What has not been discussed at much length are the implications for the would-be whistleblowers within the intelligence and security communities.

Whistleblower laws exist in order to provide protections (and in some cases, rewards) for those who bring illegal or dangerous activity to the attention of authorities in a position to put a stop to it. Some have argued that this construction of the term “whistleblower” would not apply to Edward Snowden, since the information he disclosed was not necessarily evidence of illegal activity, but rather activity that he felt the public may find objectionable. However, suppose Snowden believed that the actions of the NSA were outside the scope of their authority, or that the methods they used to collect information were violative of the National Industrial Security Program Operating Manual (NISPOM). To whom could he have made such a disclosure, and would he be protected from retaliation for doing so?

This article looks at the legal and regulatory scheme for whistleblowers in the intelligence community as compared to that for other federal employees and contractors and seeks to understand what protections, if any, Snowden could have obtained by making his disclosures in a less bombastic fashion.

Government Employee and Contractor Whistleblower Protections Generally

There are broad whistleblower protections for federal employees under laws like the Whistleblower Protection Act as amended by the Whistleblower Protection Enhancement Act of 2012. This law makes it illegal for a government employer to retaliate against an employee who discloses a violation of a law, rule or regulation, as well as a substantial danger to public safety. The 2012 enhancements allow these protections to apply even to those employees who make these disclosures in the regular course of their duties.

For some time, these protections did not apply to the massive universe of federal government contractors. Thus contractors could be subject to retaliation for reporting these violations, and their protections were substantially weaker than those provided for federal employees who reported the same things. In 2010, however, Congress included in the National Defense Authorization Act (NDAA) language that essentially applied the same whistleblower protections of the WPEA to government contractors.

The Intelligence Community Carve Out in the WPEA

Snowden could have reported his concerns internally as a reasonably perceived violation of law, or perhaps even a public safety issue, except for a loophole in the protections that leaves intelligence employees virtually unprotected from retaliation for reporting violations of laws, rules or regulations.

The WPEA carves out the security and intelligence fields, making the law’s protections inapplicable to certain intelligence employees. Section 105 of the WPEA (5 U.S.C. § 2302) excludes the following from coverage:

(ii)(I) the Federal Bureau of Investigation, the Central Intelligence Agency, the Defense Intelligence Agency, the National Geospatial–Intelligence Agency, the National Security Agency, the Office of the Director of National Intelligence and the National Reconnaissance Office; and

(II) as determined by the President, any Executive agency or unit thereof the principal function of which is the conduct of foreign intelligence or counterintelligence activities, provided that the determination be made prior to a personnel action”.

Notably, the law requires the President to determine which other agencies are excluded from protections. This determination must be specific, which prevents this carve out from overly broad application. The Federal Circuit confirmed this approach in Czarkowski v. Merit Sys. Prot. Bd., 390 F.3d 1347, 1350-51 (Fed. Cir. 2004), deciding that in order for an intelligence office within the Department of the Navy to be excluded from WPEA protection, the President must make a specific determination that such is the case. This may apply to many employees of smaller intelligence offices within the federal government not specifically named in Section 105 above.

The Intelligence Community Whistleblower Protection Act

Perhaps because it is not covered by the WPEA or the NDAA, the intelligence community has its own whistleblower protection statute. The law provides procedures for members of this community to make disclosures about perceived violations, but critically does not forbid retaliation against a reporting employee for using these procedures.

The law, generally codified at 50 U.S.C. § 3517, provides for would-be whistleblowers to make disclosures to the Inspector General involving classified information. The law also allows would-be intelligence whistleblowers to make reports to Congressional intelligence committees. This latter procedure may be more likely to protect a whistleblower from retaliation, as the fear of facing the ire of Congress could be a strong motivator for an agency decision maker. Nevertheless, that protection is informal and a poor substitute for a formalized set of retaliation protections.

Presidential Policy Directive 19

Unfortunately, Snowden still would not have had access to whistleblower protections under the WPEA or NDAA regime, either as an employee for the CIA or a contractor for the NSA, since both are named exclusions in WPEA Section 105. Or rather, that was the case until Barack Obama issued Presidential Policy Directive (PPD) 19 in October 2012.

The subject of PPD 19 is “Protecting Whistleblowers with Access to Classified Information,” and the key anti-retaliation provision reads:

“Any officer or employee of a Covered Agency who has authority to take, direct others to take, recommend or approve any Personnel Action, shall not, with respect to such authority, take or fail to take, or threaten to take or fail to take, a Personnel Action with respect to any employee serving in an Intelligence Community Element as a reprisal for a Protected Disclosure.”

The directive then goes on to order agencies to establish procedures to implement this policy. To the extent an employee then exhausts that internal procedure, the employee can bring the retaliation allegation to an external review panel.

This is the process that, had it been in existence at the time, Snowden could have used to obtain protections during his time with the CIA, where he worked until he resigned in 2009. He would then have had protections from retaliation. Indeed, Snowden himself has indicated that he did attempt to report computer vulnerability issues during his time in the CIA, with the result being a reprimand in his file.

The critical question in considering a Snowden counterfactual in which he uses internal channels to report his concerns and receives whistleblower protections is whether PPD 19’s retaliation protections apply to intelligence contractors. The directive itself is silent as to this issue, since it does not define the term employee. While Barack Obama has indicated that he believes other avenues were available to Snowden, Snowden himself has articulated that he does not believe he would have been protected from retaliation.

As of the date of this writing, this question has not been litigated specifically as to PPD 19. The closest analogous decision appears to be the case of Lawson v. FMR LLC, 12-3, 2014 WL 813701 (U.S. Mar. 4, 2014). In Lawson, the Supreme Court decided that the whistleblower retaliation protections in the Sarbanes-Oxley Act of 2002 apply not only to publicly traded companies registered with the SEC, but also to contractors and subcontractors of those companies. Although focused on another whistleblower statute entirely, the Supreme Court’s analysis in Lawson is largely applicable to intelligence community whistleblowers working for contractors. Consider, for example, the Supreme Court’s analysis of whistleblower protections that do not apply to contractors:

“There would be a huge hole . . . : Contractors’ employees would be disarmed; they would be vulnerable to retaliation by their employers for blowing the whistle on a scheme to defraud the public company’s investors, even a scheme engineered entirely by the contractor. . . . Legions of accountants and lawyers would be denied [the statute’s] protections.”

This rationale is equally applicable to whistleblower protections for intelligence community contractors. As with many government functions, the intelligence community relies heavily on the use of contractors to achieve its goals. To exclude contractors from these protections does severe harm to the goals of the policy. The results of harming the policy in this way could not be clearer in the example of Edward Snowden.

Conclusion

A review of the protections available to whistleblowers in the national security and intelligence fields reveals that while these individuals do not always have the benefit of the protections that other government employees and contractors enjoy, they are not without recourse if they observe a violation of law, rule or regulation. Perhaps more importantly, the trend in recent years has been to afford more protections to security and intelligence whistleblowers. This favorable change in course came largely before Edward Snowden’s now infamous disclosures. Because of these changes, there exists at least a reasonable argument that Snowden could have acted in a constructive way within the bounds of the law while obtaining protection from retaliation.

Snowden’s perceptions and actions demonstrate the importance of at least clarifying the state of whistleblower protection law as to security and intelligence professionals, especially contracted employees. A more optimal response would be to both clarify and strengthen retaliation protections for security professionals. This would ensure that a future Edward Snowden—a frustrated professional who believes the agency has gone beyond the bounds of the law—can make his or her disclosures in a way that does not compromise state secrets or otherwise lead to international strife.

___

About the Authors

R. Scott Oswald is Managing Principal, The Employment Law Group® law firm. He is an employment law attorney, author, and media contributor. Rated among the best lawyers in the field of employment law by Best Lawyers, Oswald speaks at conferences and bar workshops detailing current trends and best practices around the United States.

 

 

Tom Harrington headshot 4-8-14Tom Harrington is a Principal at The Employment Law Group® law firm.  He earned his J.D. degree at the George Mason University School of Law in 2007, where he was a Senior Staff Member of the Federal Circuit Bar Journal and a Writing Fellow. He joined The Employment Law Group® law firm in 2004 as a legal assistant. Prior to joining The Employment Law Group® law firm, Mr. Harrington worked as an analyst for The NASDAQ Stock Market. He received his Bachelor of Arts degree in English Literature from the University of California at Los Angeles. Mr. Harrington is admitted to practice law before the Virginia, District of Columbia, and Maryland bars.

 

 


Previous Post

The Battle of Shiloh, Corruption in Ukraine and Things to Come

Next Post

The Clock is Ticking: Companies Still Rushing to Complete SEC Conflict Minerals Filing, says PwC Survey

R. Scott Oswald

R. Scott Oswald

R. Scott OswaldR. Scott Oswald is Managing Principal, The Employment Law Group® law firm. He is an employment law attorney, author, and media contributor. Rated among the best lawyers in the field of employment law by Best Lawyers, Oswald speaks at conferences and bar workshops detailing current trends and best practices around the United States.

Related Posts

dod pentagon

CMMC 2.0 Creates New Compliance Calculus for Defense Contractors

by Shrav Mehta
July 3, 2025

Simplified framework still poses significant challenges for smaller defense industrial base participants

Integreon Launch

Integreon Launches AI-Enabled Legal & Regulatory Compliance Services

by Corporate Compliance Insights
July 2, 2025

Integreon has launched AI-enabled legal and regulatory compliance services powered by ContractPodAi's Leah intelligence platform to automate compliance processes and...

SpeakUp Launch

SpeakUp Launches AI Phone Agent and Disclosure Management Platform

by Corporate Compliance Insights
July 2, 2025

SpeakUp has launched two new solutions — an AI-powered disclosure and approval management platform called SpeakUp Paths and an AI...

Riskonnect Launch

Riskonnect Launches AI Governance Solution for Risk Management

by Corporate Compliance Insights
July 2, 2025

Riskonnect has launched an AI governance solution integrated within its risk management platform to help organizations manage AI-related risks and...

Next Post
The Clock is Ticking: Companies Still Rushing to Complete SEC Conflict Minerals Filing, says PwC Survey

The Clock is Ticking: Companies Still Rushing to Complete SEC Conflict Minerals Filing, says PwC Survey

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights