with contributing author Tom Harrington
The actions of Edward Snowden have sparked a vigorous debate over the information-collecting measures of the U.S. intelligence and security communities. What has not been discussed at much length are the implications for the would-be whistleblowers within the intelligence and security communities.
Whistleblower laws exist in order to provide protections (and in some cases, rewards) for those who bring illegal or dangerous activity to the attention of authorities in a position to put a stop to it. Some have argued that this construction of the term “whistleblower” would not apply to Edward Snowden, since the information he disclosed was not necessarily evidence of illegal activity, but rather activity that he felt the public may find objectionable. However, suppose Snowden believed that the actions of the NSA were outside the scope of their authority, or that the methods they used to collect information were violative of the National Industrial Security Program Operating Manual (NISPOM). To whom could he have made such a disclosure, and would he be protected from retaliation for doing so?
This article looks at the legal and regulatory scheme for whistleblowers in the intelligence community as compared to that for other federal employees and contractors and seeks to understand what protections, if any, Snowden could have obtained by making his disclosures in a less bombastic fashion.
Government Employee and Contractor Whistleblower Protections Generally
There are broad whistleblower protections for federal employees under laws like the Whistleblower Protection Act as amended by the Whistleblower Protection Enhancement Act of 2012. This law makes it illegal for a government employer to retaliate against an employee who discloses a violation of a law, rule or regulation, as well as a substantial danger to public safety. The 2012 enhancements allow these protections to apply even to those employees who make these disclosures in the regular course of their duties.
For some time, these protections did not apply to the massive universe of federal government contractors. Thus contractors could be subject to retaliation for reporting these violations, and their protections were substantially weaker than those provided for federal employees who reported the same things. In 2010, however, Congress included in the National Defense Authorization Act (NDAA) language that essentially applied the same whistleblower protections of the WPEA to government contractors.
The Intelligence Community Carve Out in the WPEA
Snowden could have reported his concerns internally as a reasonably perceived violation of law, or perhaps even a public safety issue, except for a loophole in the protections that leaves intelligence employees virtually unprotected from retaliation for reporting violations of laws, rules or regulations.
The WPEA carves out the security and intelligence fields, making the law’s protections inapplicable to certain intelligence employees. Section 105 of the WPEA (5 U.S.C. § 2302) excludes the following from coverage:
(ii)(I) the Federal Bureau of Investigation, the Central Intelligence Agency, the Defense Intelligence Agency, the National Geospatial–Intelligence Agency, the National Security Agency, the Office of the Director of National Intelligence and the National Reconnaissance Office; and
(II) as determined by the President, any Executive agency or unit thereof the principal function of which is the conduct of foreign intelligence or counterintelligence activities, provided that the determination be made prior to a personnel action”.
Notably, the law requires the President to determine which other agencies are excluded from protections. This determination must be specific, which prevents this carve out from overly broad application. The Federal Circuit confirmed this approach in Czarkowski v. Merit Sys. Prot. Bd., 390 F.3d 1347, 1350-51 (Fed. Cir. 2004), deciding that in order for an intelligence office within the Department of the Navy to be excluded from WPEA protection, the President must make a specific determination that such is the case. This may apply to many employees of smaller intelligence offices within the federal government not specifically named in Section 105 above.
The Intelligence Community Whistleblower Protection Act
Perhaps because it is not covered by the WPEA or the NDAA, the intelligence community has its own whistleblower protection statute. The law provides procedures for members of this community to make disclosures about perceived violations, but critically does not forbid retaliation against a reporting employee for using these procedures.
The law, generally codified at 50 U.S.C. § 3517, provides for would-be whistleblowers to make disclosures to the Inspector General involving classified information. The law also allows would-be intelligence whistleblowers to make reports to Congressional intelligence committees. This latter procedure may be more likely to protect a whistleblower from retaliation, as the fear of facing the ire of Congress could be a strong motivator for an agency decision maker. Nevertheless, that protection is informal and a poor substitute for a formalized set of retaliation protections.
Presidential Policy Directive 19
Unfortunately, Snowden still would not have had access to whistleblower protections under the WPEA or NDAA regime, either as an employee for the CIA or a contractor for the NSA, since both are named exclusions in WPEA Section 105. Or rather, that was the case until Barack Obama issued Presidential Policy Directive (PPD) 19 in October 2012.
The subject of PPD 19 is “Protecting Whistleblowers with Access to Classified Information,” and the key anti-retaliation provision reads:
“Any officer or employee of a Covered Agency who has authority to take, direct others to take, recommend or approve any Personnel Action, shall not, with respect to such authority, take or fail to take, or threaten to take or fail to take, a Personnel Action with respect to any employee serving in an Intelligence Community Element as a reprisal for a Protected Disclosure.”
The directive then goes on to order agencies to establish procedures to implement this policy. To the extent an employee then exhausts that internal procedure, the employee can bring the retaliation allegation to an external review panel.
This is the process that, had it been in existence at the time, Snowden could have used to obtain protections during his time with the CIA, where he worked until he resigned in 2009. He would then have had protections from retaliation. Indeed, Snowden himself has indicated that he did attempt to report computer vulnerability issues during his time in the CIA, with the result being a reprimand in his file.
The critical question in considering a Snowden counterfactual in which he uses internal channels to report his concerns and receives whistleblower protections is whether PPD 19’s retaliation protections apply to intelligence contractors. The directive itself is silent as to this issue, since it does not define the term employee. While Barack Obama has indicated that he believes other avenues were available to Snowden, Snowden himself has articulated that he does not believe he would have been protected from retaliation.
As of the date of this writing, this question has not been litigated specifically as to PPD 19. The closest analogous decision appears to be the case of Lawson v. FMR LLC, 12-3, 2014 WL 813701 (U.S. Mar. 4, 2014). In Lawson, the Supreme Court decided that the whistleblower retaliation protections in the Sarbanes-Oxley Act of 2002 apply not only to publicly traded companies registered with the SEC, but also to contractors and subcontractors of those companies. Although focused on another whistleblower statute entirely, the Supreme Court’s analysis in Lawson is largely applicable to intelligence community whistleblowers working for contractors. Consider, for example, the Supreme Court’s analysis of whistleblower protections that do not apply to contractors:
“There would be a huge hole . . . : Contractors’ employees would be disarmed; they would be vulnerable to retaliation by their employers for blowing the whistle on a scheme to defraud the public company’s investors, even a scheme engineered entirely by the contractor. . . . Legions of accountants and lawyers would be denied [the statute’s] protections.”
This rationale is equally applicable to whistleblower protections for intelligence community contractors. As with many government functions, the intelligence community relies heavily on the use of contractors to achieve its goals. To exclude contractors from these protections does severe harm to the goals of the policy. The results of harming the policy in this way could not be clearer in the example of Edward Snowden.
A review of the protections available to whistleblowers in the national security and intelligence fields reveals that while these individuals do not always have the benefit of the protections that other government employees and contractors enjoy, they are not without recourse if they observe a violation of law, rule or regulation. Perhaps more importantly, the trend in recent years has been to afford more protections to security and intelligence whistleblowers. This favorable change in course came largely before Edward Snowden’s now infamous disclosures. Because of these changes, there exists at least a reasonable argument that Snowden could have acted in a constructive way within the bounds of the law while obtaining protection from retaliation.
Snowden’s perceptions and actions demonstrate the importance of at least clarifying the state of whistleblower protection law as to security and intelligence professionals, especially contracted employees. A more optimal response would be to both clarify and strengthen retaliation protections for security professionals. This would ensure that a future Edward Snowden—a frustrated professional who believes the agency has gone beyond the bounds of the law—can make his or her disclosures in a way that does not compromise state secrets or otherwise lead to international strife.
About the Authors
R. Scott Oswald is Managing Principal, The Employment Law Group® law firm. He is an employment law attorney, author, and media contributor. Rated among the best lawyers in the field of employment law by Best Lawyers, Oswald speaks at conferences and bar workshops detailing current trends and best practices around the United States.
Tom Harrington is a Principal at The Employment Law Group® law firm. He earned his J.D. degree at the George Mason University School of Law in 2007, where he was a Senior Staff Member of the Federal Circuit Bar Journal and a Writing Fellow. He joined The Employment Law Group® law firm in 2004 as a legal assistant. Prior to joining The Employment Law Group® law firm, Mr. Harrington worked as an analyst for The NASDAQ Stock Market. He received his Bachelor of Arts degree in English Literature from the University of California at Los Angeles. Mr. Harrington is admitted to practice law before the Virginia, District of Columbia, and Maryland bars.