Cybersecurity Whistleblower Protections for Employees of Federal Contractors and Grantees

For information security professionals, identifying cybersecurity vulnerabilities is often part of the job.  That is no less the case when the job involves a contract or grant with the U.S. government.

Information security and data privacy requirements have become a priority at federal agencies.  These requirements extend to federal contractors because of their access to government data.  Often, cybersecurity professionals are the first to identify non-compliance with these requirements.  As high-profile data breaches have become more common, those who report violations of cybersecurity and data privacy requirements often experience retaliation and seek legal protection.

Reporting non-compliance or misconduct in the workplace can be necessary, but it can also be daunting.  It is important for cybersecurity whistleblowers to know their legal rights when disclosing such concerns to management or a federal agency.

In many cases, federal law protects cybersecurity whistleblowers who work for federal contractors or grantees.  This post provides an overview of those protections.

What cybersecurity requirements apply to federal contractors?

Federal contractors are subject to data privacy and information security requirements.

The Federal Information Security Management Act (“FISMA”) creates information security requirements for federal agencies to minimize risk to the U.S. government’s data.  FISMA also applies these requirements to state agencies administering federal programs and private business contracting with the federal government.  Federal acquisition regulations codify the cybersecurity and data privacy requirements applicable to federal contractors.  E.g., 48 C.F.R. §§ 252.204-7008, 7012 (providing for cybersecurity standards in contracts with the U.S. Department of Defense); 48 C.F.R. § 52.204-21 (outlining basic procedures for contractors to safeguard information processed, stored, or transmitted under a federal contract).  

Pursuant to the FISMA Implementation Project, the National Institute of Standards and Technology (“NIST”) produces security standards and guidelines to ensure compliance with FISMA.  Key principles of FISMA compliance include a systemic approach to the data that results in baseline controls, a risk assessment procedure to refine controls, and implementation of controls.  A security plan must document the controls.  Those managing the information must also assess the controls’ effectiveness.  NIST also focuses its standards on determining enterprise risk, information system authorization, and ongoing monitoring of security controls.

Essential standards established by NIST include FIPS 199, FIPS 200, and the NIST 800 series.  Core FISMA requirements include:

  • Federal contractors must keep an inventory of all of an organization’s information systems.
  • Contractors must identify the integration between information systems and other systems in the network.
  • Contractors must categorize information and information systems according to risk. This prioritizes security for the most sensitive information and systems.  See “Standards for Security Categorization of Federal Information and Information Systems” FIPS 199.
  • Contractors must have a current information security plan that covers controls, cybersecurity policies, and planned improvements.
  • Contractors must consider an organization’s particular needs and systems and then identify, implement, and document adequate information security controls. See NIST SP 800-53 (identifying suggested cybersecurity controls).
  • Contractors must assess information security risks. See NIST SP 800-30 (recommending that an organization assess risks at the organizational level, the business process level, and the information system level).
  • Contractors must conduct annual reviews to ensure that information security risks are minimal.

In addition to generally-applicable standards, individual contracts may create other cybersecurity or data privacy requirements for a government contractor.  Such requirements are prevalent when the contractor provides information security products or services for the government.

What protections exist for cybersecurity whistleblowers who work for federal contractors?

Federal law contains whistleblower protection provisions that may prohibit employers from retaliating against whistleblowers who report cybersecurity or data privacy concerns.  See Defense Contractor Whistleblower Protection Act, 10 U.S.C. § 2409; False Claims Act, 31 U.S.C. § 3730(h); NDAA Whistleblower Protection Law, 41 U.S.C. § 4712.  These laws protect a broad range of conduct.

Protected conduct under these laws includes:

  • Efforts to stop false claims to the government;
  • Lawful acts in furtherance of an action alleging false claims to the government; and
  • Disclosures of gross mismanagement, gross waste, abuse of authority, or a violation of law, rule, or regulation related to a federal contract or grant. Id.

These provisions have wide coverage.  They protect any employee of any private sector employer that is a contractor or grantee of the federal government.  In some cases, even the employer’s contractors and agents are protected.

An employer’s non-compliance with information security requirements could breach the employer’s contractual obligations to the federal government and violate federal law and regulation.  Thus, whistleblowers who report cybersecurity or data privacy concerns related to a federal contract or grant may be protected from employment retaliation.

What is the burden to establish unlawful retaliation for reporting cybersecurity concerns?

Exact requirements vary, but an employee typically establishes unlawful retaliation by proving that (1) the employee engaged in conduct that is protected by statute, and (2) the protected conduct to some degree caused a negative employment action.  See, e.g., 10 U.S.C. § 2409(c)(6) (incorporating burden of proof from 5 U.S.C. § 1221(e)); 41 U.S.C. § 4712(c)(6) (same); 31 U.S.C. § 3730(h)(1).  

Under some of the applicable protections, an employee need prove only that the protected conduct played any role whatsoever in the employer’s decision to take the challenged employment action.  See 10 U.S.C. § 2409; 41 U.S.C. § 4712.

What damages or remedies can a cybersecurity whistleblower recover for retaliation?

The relief available depends on which laws apply to the particular case.  Remedies may include an amount equal to double an employee’s lost wages, as well as reinstatement or front pay.  In some cases, a whistleblower may also recover uncapped compensatory damages for harms like emotional distress and reputational damage.  Additionally, a prevailing plaintiff can recover reasonable attorneys’ fees and costs.

Recently, a jury awarded a defense contractor whistleblower $1 million in compensatory damages.  The whistleblower proved that the employer more than likely retaliated by demoting him after he reported issues with tests related to a federal contract, according to the jury.  Specifically, the whistleblower alleged he reported and opposed management’s directive to misrepresent the completion status of testing procedures.

In a recent case under the False Claims Act, a whistleblower received more than $2.5 million for retaliation she suffered after internally reporting off-label promotion for a drug outside its FDA-approved use.  The False Claims Act protects employees from retaliation who blow the whistle on fraud against the government, including those who blow the whistle internally to a government contractor or grantee.

Do any court cases address whether cybersecurity whistleblowers are protected?

Yes.  Judges and juries have applied these laws to protect cybersecurity whistleblowers.

For example, in United States ex rel. Glenn v. Cisco Systems, Inc., defendant Cisco Systems settled for $8.6 million in what is likely the first successful cybersecurity case brought under the False Claims Act.  The plaintiff/relator James Glenn worked for Cisco and internally reported serious cybersecurity deficiencies in a video surveillance system, soon after which he was fired.  Cisco had sold the surveillance systems to various federal government entities, including the Department of Homeland Security, FEMA, the Secret Service, NASA, and all branches of the military.  After monitoring Cisco’s public pronouncements regarding the system and confirming the company had not solved the problems or reported vulnerabilities to customers, Glenn contacted the FBI.  Multiple states joined in the complaint and brought claims under state laws.

While the case did not proceed to litigation, Glenn received nearly $2 million of the settlement, and the federal government’s attention to the issue proves that cybersecurity and data privacy are of utmost importance.

Surely, as more of our lives and businesses move online, the government will place increased importance on contractors and grantees following data security and privacy requirements and disclosing known vulnerabilities.  Cybersecurity whistleblowers working for government contractors play an important part in revealing these vulnerabilities and keeping the federal government secure.  Still, these whistleblowers may experience retaliation after blowing the whistle internally at their place of work.

How can employees enforce these protections from retaliation?

Employees generally have the right to bring claims of unlawful retaliation for cybersecurity or data privacy whistleblowing in federal court.  However, some claims limit that right to whistleblowers who first exhaust all their administrative remedies.  For example, in some cases whistleblowers will first need to pursue relief from the Office of Inspector General of the relevant federal agency.  Additionally, cybersecurity whistleblower claims are subject to strict deadlines.  See, e.g., 31 U.S. Code § 3730; 10 U.S.C. § 2409; 41 U.S.C. § 4712.


© 2020 Zuckerman Law

SEC Investigating Cyberattacks Used to Find Secret Company Mergers

SEC Investigating Cyberattacks and Insider Trading

According to Reuters, the Securities and Exchange Commission (SEC) is investigating hacks of email accounts of associates and executives that reveal information on potential mergers. The hackers use a technique known as phishing where they craft emails that trick recipients into logging into malicious websites to steal their email logins. These hacks pose a threat because fraudsters can easily use the information to engage in insider trading.

The group, known as FIN4, allegedly targeted a list of 60 companies in biotechnology, medical instruments, hospital equipment, and drugs. Fireeye reported these cyberattacks in February 2014 and found that they were performed to “obtain an edge on the stock trading.” This will continue to be a problem as more businesses move over to cloud computing, which could lead to a significant increase in data breaches.

The SEC’s Office of Compliance Inspections and Examinations released a report on observations relating to cybersecurity and best practices by financial market participants. The observations are offered as guidelines for firms considering how to improve their cybersecurity preparedness and response procedures. The intent is to highlight specific examples of cybersecurity and operational resiliency practices and controls that firms are taking to safeguard against threats, and how they respond in the event of a breach. The SEC “encourages organizations to review their practices, policies, and procedures with respect to cybersecurity and operational resiliency.” Cybersecurity and Resiliency Observations report.

New Technology & Whistleblower Tips Root Out Insider Trading

The SEC relies on technological developments to accomplish its enforcement goals, including identifying and pursuing insider trading cases. In FY 2018, the SEC implemented a Consolidated Audit Trail, intended to enhance, centralize, and update the regulatory data infrastructure available to market regulators. Once fully implemented, the Consolidated Audit Trail will give regulators quicker access to all trade and order data, facilitating the detection of illegal trading practices, such as insider trading.

In addition to technology, the SEC has increasingly relied on whistleblower tips to identify and halt insider trading. Whistleblowers have been instrumental to expose fraud and expose insider trading secrets.

SEC Rewards Whistleblowers for Exposing Insider Trading 

Under the SEC Whistleblower Program, whistleblower are eligible to receive a reward if their original information about insider trading leads to a successful enforcement action with total monetary sanctions of more than $1 million. A whistleblower may receive an award of between 10 to 30 percent of the total monetary sanctions collected. If represented by counsel, a whistleblower may submit a tip anonymously to the SEC.


© 2020 Zuckerman Law

For more on SEC Insider Trading enforcement, see the National Law Review Criminal Law and Business Crimes section.

Who Must Protect the Ukraine-Trump Whistleblower?

As the impeachment proceedings heat-up, and calls for the Ukraine whistleblower to be identified increase, there remains a fundamental question:  Who has the legal responsibility to protect this whistleblower?  The answer will surprise you!

There are very few laws mandating what the President, as part of his required and mandatory job duties, must perform.   Guaranteeing that employees who make protected disclosures under the  Intelligence Community Whistleblower Protection Act (“ICWPA”) are fully protected is one of them.  The Ukraine whistleblower is a a federal employee covered under the ICWPA.  He or she made a protected disclosure under the ICWPA.  Thus, it is up to President Trump to fully and completely protect this individual.  Here’s why:  The ICWPA directs that [t]he President shall provide for the enforcement of the [Act].” It is as clear and simple as that.  The President “shall” “enforce” the whistleblower law that makes it illegal to retaliate against intelligence community whistleblowers.

Every intelligence community whistleblower, whether they be a Democrat, Republican or Independent, is entitled to the same protection from the President.  In the case of the Ukraine whistleblower, the law does not permit the political implications of the whistleblower’s disclosure to have any impact on the mandatory duty of President Trump to fully “enforce” that whistleblower’s right to be free from any retaliation.  The President is required to put his biases or self-interest aside and defend the right of intelligence community whistleblowers to report abuses of authority.  This includes wherever those abuses are committed, including the Oval Office. Under the ICWPA the buck stops with President Trump, impeached or not.

Unlike other whistleblower laws which give the federal courts or independent agencies, like the Merit Systems Protection Board or the Department of Labor, the authority to protect whistleblowers, the ICWPA places that solemn duty directly on the shoulders of the President.  It is the unique legal responsibility of the President.  The President must ensure that the identity of the intelligence community whistleblowers who file  complaints with the Inspector General pursuant to the Inspector General Act, are fully protected.  It is the President who must ensure that every person within the executive branch of government protect the job security of ICWPA whistleblowers.  It is the obligation of the President to punish those who fail to do so.

The ICWPA anti-retaliation law is not limited simply to preventing whistleblowers from being fired.  The law defines the types of “adverse action” the President must shield whistleblowers from, including  “any change in working conditions.”   In the case of the Ukrainian “quid pro quo” whistleblower, the catastrophic impact on the whistleblower’s ability to perform his or her job duties that would be triggered by violating his right to confidentiality is obvious.  This would include undermining his or her ability to work oversees, be promoted to a covert agent (if not one already), or effectively interact with employees in the White House.

Furthermore, breaching the confidentiality of whistleblowers is well established as an “adverse action” under whistleblower law.  Federal courts and administrative agencies as divergent as the SEC and Department of Labor have ruled that revealing the name of a whistleblower is an adverse action.  Anyone with experience working with whistleblowers knows that once their identity is revealed, their working conditions will never be the same, and they will have a target on their back for the rest of their careers.

The procedures applicable to the Ukraine whistleblower actually informed the whistleblower, in writing, that he or she could file a confidential complaint to the Inspector General.   The actual form submitted guaranteed this right.  Once the complaint was filed and accepted by the Inspector General, the whistleblower protections afforded under the ICWPA kicked in.  As a matter of law, it became President Trump’s obligation to “enforce” the ICWPA and ensure that the Ukraine whistleblower suffer no retaliation. It became the President’s non-discretionary duty to ensure the whistleblower suffered no harm.   This may be hard to believe, but the law is the law.

Given the highly public attacks on the whistleblower emanating from the White House it is now incumbent upon President Trump to instruct all employees within the federal government to comply with the ICWPA.  He must take steps to have his Congressional supporters, “stand down” and stop their continued drum beat to “out” the whistleblower.  Regardless of where you stand on impeachment, the President must enforce the requirements of the ICWPA and protect the whistleblower.

When Donald Trump signed onto the job of President, protecting intelligence community whistleblowers became one of his few mandatory job duties.  Like other employees who work for the taxpayers, he many not like all of his required jobs.  Like other employees he may find some parts of his job difficult or distasteful.  But he has no discretion in this matter.  It is a requirement.  He must ensure that the whistleblower is not retaliated against, that the whistleblower’s identity remains confidential, and that the whistleblower can continue in his or her career, free from stigma.    He must hold those who retaliate accountable.  That is part of the job he wanted.  That is the job he must perform.


Copyright Kohn, Kohn & Colapinto, LLP 2019. All Rights Reserved.

Qui Tam Defendants’ Presentations to Government During Investigation Unprotected from Discovery in Other Lawsuits, Federal District Court Ruled

In a recent decision, a federal district court judge ruled that a defendant’s presentations to the Department of Justice, made during the course of the Department’s investigation of a pending False Claims Act qui tam lawsuit, are not protected from discovery by the whistleblower who brought that lawsuit. The case is the United States and State of California ex rel. Higgins v. Boston Scientific Corp., 11-cv-2453 (D. Minn. Aug. 28, 2019), and was decided by Judge Joan Ericksen.

The relator (the term for the whistleblower in a False Claims Act lawsuit), Higgins, alleged that Boston Scientific made certain false certifications relating to the company’s defibrillators, thereby causing physicians to submit false claims for payment relating to the use of those devices. As is usual in qui tam cases, after filing the lawsuit, the Department of Justice opened an investigation and requested documents (known as a “civil investigative demand” under the False Claims Act) to Boston Scientific. The company turned over documents to the Department, but then also created and made “presentations” to the government. While the court’s decision does not describe those “presentations,” presumably they were slideshows or other materials, put together by Boston Scientific’s lawyers, to try to convince the Department of Justice to shut down the investigation or to decline intervention in the lawsuit.

Unscrupulous companies have found many different ways to take advantage of vital government programs. The False Claims Act is an essential weapon in the fight against government programs fraud since it was first enacted during the Civil War to combat war profiteering. The system often depends on whistleblowers telling their story with the help of an experienced False Claims Act attorney.

These private citizens bring qui tam (whistleblower) lawsuits under the False Claims Act (“FCA”), which allows them to act on behalf of the U.S. government in exposing government programs fraud committed by companies serving the federal government. Under the FCA, relators (fraud whistleblowers) receive a portion of the money that has been recovered by the government, known as the relator’s share.

After the government declined intervention in the case, Higgins decided to pursue the case on his own (which a relator is permitted to do), and he served a document request on Boston Scientific demanding production of any such presentations. Boston Scientific did not want to turn over the materials and therefore raised four separate legal objections. It was those objections that Judge Ericksen addressed in her opinion.

First, Boston Scientific objected to turning over the presentations because they were akin to “settlement negotiations” with the government, and thus not “relevant” to relator’s lawsuit. The court, however, ruled that although settlement negotiations might not be admissible at trial, they were still subject to discovery by Higgins because “they were related to his claims about the medical devices at issue.”

Second, Boston Scientific objected because “public policy” required protection of the presentations, arguing that “the government will not be able to settle False Claims Act cases if a defendant’s presentations to the government could later be revealed to relators.” Judge Erickson, however, found nothing in the False Claims Act that supported this position. While the government might not be able to turn over such presentations under certain circumstances, nothing in the statute prevented Boston Scientific from turning them over to relator.

Third, Boston Scientific claimed an “expectation of confidentiality” in the presentations, citing a 1977 decision by the Eight Circuit Court of Appeals. Judge Erickson rejected that contention, finding that the earlier Circuit Court decision related to attorney-client privilege, but not to the work product doctrine. Because the materials that Boston Scientific had provided to the Department of Justice were not covered by attorney-client privilege, the company’s only argument was “work product,” and that argument was not sufficient to support its claimed “expectation of confidentiality.”

Finally, Boston Scientific argued that the work product doctrine itself protected the presentations from disclosure. Judge Erickson easily disposed of that argument, noting that work product protection “is waived by intentional disclosure to an adversary,” and that the government was indeed Boston Scientific’s “adversary,” even though the Department of Justice later declined to intervene in the case.

The court’s decision was correct. Although Boston Scientific’s attorneys came up with several creative arguments in an attempt to protect the “presentations” from discovery, none of them had any merit. Although a defendant in a False Claims Act case is free to communicate with the Department of Justice, the defendant cannot assume that those communications will remain secret, particularly from the relator who has brought the very lawsuit under investigation by the Department. The relator is entitled to know about those communications, especially if they are relevant to the merits of the relator’s case (which they almost always will be). Accordingly, Judge Erickson reached the correct result and established useful precedent on this recurring issue.


© 2019 by Tycko & Zavareei LLP

For more on qui tam cases, see the National Law Review Litigation / Trial Practice page.

U.S. State Department Contractor to Resolve Allegations of Improper Vetting with $5 Million Settlement

On September 14, 2017, Pacific Architects & Engineers Incorporated (PAE) settled a whistleblower lawsuit alleging the company did not follow proper vetting procedures for its personnel that performed and billed work to the U.S. State Department. The $5 million settlement resolves allegations without any determination of liability of contract violations.

PAE is a company originally incorporated in California in 1955. The company first served the rebuilding of Japan after WWII and has since grown to participate in projects and government contracts globally. In 2007, already a contractor with the U.S. State Department, PAE was assigned the task of training U.S. personnel in Afghanistan and conducting extensive background checks and documentation for those in high-risk positions. Reporting the names, nationalities and background information on contract employees in these positions was a requirement of the contract for work between PAE and the U.S. government.

After its investigation, the U.S. Justice Department alleged that “PAE was aware of these contractual requirements but did not comply with them for extended periods.”

Robert Palombo, the former PAE manager, filed this whistleblower lawsuit against his employer alleging that this was the case and that PAE continued billing for work done under the contract.

PAE, however, contends that “The invoices specifically identified the names of employees for whom the lawsuit alleges that requisite notice was not made. The employees whose background investigations were allegedly inadequate were not involved in any security incidents or injuries. The services called for under the contract were provided in full.”

Without admitting fault or liability, PAE has decided to settle these allegations of improper vetting by paying the U.S. government $5 million, $875,000 of which whistleblower Robert Palumbo is entitled to receive.

This post was written by Tycko & Zavareei Whistleblower Practice Group of Tycko & Zavareei LLP © 2017

For more legal analysis go to The National Law Review

Comey’s Testimony Underscores Need for Strong Whistleblower Protections

For me, the most telling moment of former FBI Director Jim Comey’s June 8th testimony occurred early in the hearing, when Mr. Comey choked up as he recalled the White House’s publicly stating that the President had fired him because the “FBI was in disarray.”

This emotional display seemed out of character for Mr. Comey. While U.S. Attorney for the Southern District of New York, he successfully prosecuted organized crime. As Deputy Attorney General during the George W. Bush Administration, Mr. Comey refused to sign an extension of the warrantless domestic spying program and defied the White House Counsel and Chief of Staff. Mr. Comey can fairly be described as a “tough guy.” So how did he go from leading the most powerful law-enforcement agency worldwide to being labeled a “leaking liar”?

To an experienced whistleblower advocate, Mr. Comey’s predicament is not surprising. Mr. Comey’s experience, unfortunately, is like those of many whistleblowers I have represented over more than a decade. President Trump promised to bring a business approach to government—and his retaliation against Mr. Comey is straight out of the corporate defense playbook. Corporations typically take the following steps of escalating retaliation to silence whistleblowers:

Intimidate and Silence the Whistleblower

In his June 8th testimony, Mr. Comey described in detail how the President had asked him to drop the investigation of Michael Flynn and had conditioned Mr. Comey’s job on “loyalty” to him. Senator Rubio expressed skepticism about Mr. Comey’s feeling intimidated by the President and blamed Mr. Comey for not pushing back. But that type of Monday-morning quarterbacking ignored the power dynamics of the conversation. Mr. Comey wanted to keep his job and was understandably reluctant to accuse the President of obstructing an investigation.

Whistleblowers often confront this intimidation tactic in the workplace. A supervisor or senior company official tells the whistleblower to “let it go,” “mind your own business,” or learn to be a “team player.” And in some cases, the whistleblower is told to shut up if he or she wants to remain employed. Threats of retaliation, whether express or implicit, are powerful tools to silence a whistleblower. When a company officer or senior manager orders a subordinate to do something unlawful or to cover up unlawful conduct, holding firm to one’s ethical values is not an easy avenue to follow. As Mr. Comey learned, refusing to carry out an unlawful order may be career suicide, at least in the short term.

Retaliate Swiftly and Severely Against the Whistleblower

Initially, the bizarre method of firing Mr. Comey seemed surprising for a President who perfected the art of firing on his reality show, The Apprentice. Mr. Comey was not given an opportunity to resign; he was not even notified that he had been fired. But now that we know about the President’s real motive for firing Mr. Comey, it’s clear that his tack was deliberate.

Mr. Comey learned of his firing while addressing FBI agents at a Los Angeles field office when the announcement flashed across a television screen. The White House had announced Mr. Comey’s firing without notifying Mr. Comey himself. President Trump sent a loud and clear message to Mr. Comey and to every senior government official about the consequence of disloyalty.

In the corporate workplace, whistleblower-employees are similarly humiliated as a warning to their colleagues. A whistleblower may be escorted out of the office with security guards while other employees are present, pulled out of a meeting and fired on the spot in front of colleagues, or simply fired via text message. When a corporation fires a whistleblower in this humiliating fashion, it ensures that all other employees know the consequence of whistleblowing.

Badmouth the Whistleblower and Their Work History

Firing Mr. Comey in a humiliating and offensive manner served only as phase one. President Trump then defamed Mr. Comey and asserted that he fired him because of chaos within the FBI, as well as the alleged loss of confidence in Mr. Comey among FBI agents.

These statements stand in stark contrast to the President’s repeated, public praise of Mr. Comey before Mr. Comey refused to comply with the President’s “hope” that Mr. Comey drop the investigation of Flynn. Indeed, if President Trump believed that Mr. Comey’s leadership caused chaos within the FBI, then why did the President invite Mr. Comey to continue to serve as FBI Director?

This patent distortion of Mr. Comey’s performance record is an all-too-common experience of whistleblowers. Prior to blowing the whistle, they receive strong performance evaluations and bonuses; they are valued members of the team. But once they blow the whistle and refuse to drop their concerns, they are suddenly deemed incompetent and unqualified for their position. And when a company realizes that it lacks any existing basis to fire the whistleblower, it creates one by subjecting the whistleblower to heightened scrutiny and setting the whistleblower up to fail. For example, a company might place the whistleblower on a performance-improvement plan that contains impossible objectives, and then fire the whistleblower for not meeting those unattainable goals.

This tactic may backfire and enable a whistleblower to ultimately prevail at trial, but the damage to the whistleblower’s reputation is permanent. Prospective employers are reluctant to hire someone who previously fired for poor performance and are especially reluctant to hire a whistleblower. Many whistleblowers never find comparable employment and must accept lower-level positions, earning a fraction of what they did before their wrongful termination.

Attack the Whistleblower’s Credibility

Apparently, President Trump has no evidence to rebut Mr. Comey’s vivid account of the President’s alleged attempts to obstruct justice. So President Trump called him a “liar.”

Desperate to defend themselves at all costs, corporations frequently employ this tactic—labeling the whistleblower a disgruntled former employee who will say anything to win his or her case. So far, this is not working well for President Trump, whose accusation merely serves to shine a spotlight on his own questionable credibility.

Attacking a whistleblower’s credibility is an effective and pernicious tactic in many whistleblower cases. Once expelled from a company, a whistleblower is marginalized and alienated from former coworkers. The key witnesses continue to work at the company and, fearing retaliation, are reluctant to corroborate the whistleblower’s testimony. Though whistleblowers may still prevail (for example, by using documentary evidence), the attack on a whistleblower’s credibility is odious because the company fired the whistleblower precisely for having integrity.

Create a Post-Hoc Justification for Firing the Whistleblower

Prior to firing Mr. Comey, President Trump papered the file with a post-hoc justification for the firing. After the President decided to fire Mr. Comey, Deputy Attorney General Rod Rosenstein was tasked with drafting a memorandum to the Attorney General outlining concerns about Mr. Comey’s performance. Most of those concerns focus on Mr. Comey’s statements about the investigation of former Secretary of State Hillary Clinton’s use of a private email server. Surely President Trump knew of those public statements when he repeatedly asked Mr. Comey to remain as FBI Director (as long as he could pledge “loyalty” and drop the Flynn investigation).

In this case, the White House’s initial reliance on the Rosenstein memo as the basis for the decision to fire Mr. Comey backfired because President Trump told NBC anchor Lester Holt that he had decided to fire Mr. Comey regardless of the memo. In many whistleblower-retaliation cases, however, these types of pretextual memos may be persuasive. Some judges even rely on such memos, which mask the real reason for a firing or other adverse action, to grant the company summary judgment and deny the whistleblower a jury trial.

On the other hand, creating a post-hoc justification for a retaliatory adverse action sometimes misfires by providing strong evidence of pretext and spurring a jury to award punitive damages. For instance, a former in-house counsel at Bio-Rad Laboratories recently secured more than $11 million in damages at trial in a Sarbanes-Oxley whistleblower-retaliation case. The jury awarded $5 million in punitive damages because Bio-Rad had backdated a negative performance evaluation of the whistleblower that the company drafted after it fired him.

Focus on the Whistleblower’s Alleged Misconduct

To distract attention from what may be obstruction of justice, President Trump and his attorney have focused on Mr. Comey’s leak to the press and have alleged that the leak was unlawful. This accusation seems frivolous because Mr. Comey did not leak classified information, grand jury material, or other sensitive information. Instead, he revealed that President Trump had conditioned his continued service as FBI Director on his agreeing to drop the investigation of Flynn. As a private citizen, Mr. Comey has a constitutional right to blow the whistle to the media about this matter of public concern. Mr. Comey did not reveal to the media information from FBI investigative files or classified information. Yet President Trump and his allies compare Mr. Comey to leakers who illegally disclosed classified information. This is an appalling accusation against the former head of a law-enforcement agency.

But this is another standard corporate defense tactic in whistleblower cases. To divert attention from the wrongdoing that the whistleblower exposed, the company uses its substantial resources to dig up dirt on the whistleblower. The company or its outside counsel examines the whistleblower’s timesheets and expense reports with a fine-tooth comb to find any discrepancy, reviews every email to find some inappropriate communication, and places all of the whistleblower’s work under a microscope to find any shortcoming.

Sue the Whistleblower and Initiate a Retaliatory Investigation

Firing Comey, concocting a pretextual basis for the firing, and branding him a leaking liar apparently was not sufficient retaliation.  So shortly after his testimony, President Trump’s personal attorney announced his intention to sue Mr. Comey and/or file a complaint with the Department of Justice Office of Inspector General (OIG).  I am skeptical that a civil action against Mr. Comey or an OIG complaint poses any real legal threat to Mr. Comey.  To the contrary, such a complaint would likely pose a greater risk for President Trump, including potential counterclaims and the risk of being deposed or questioned under oath by the OIG.

The misuse of legal process against corporate whistleblowers, however, is an especially powerful form of retaliation in that it can dissuade a whistleblower from pursuing their claims.  When I defend against this form of abuse of process, I am always struck at the seemingly endless resources that the company will spend to prosecute claims lacking any merit or value.  Fortunately, these claims can go awry by spawning additional retaliation claims under the whistleblower protection laws.  And a jury can punish the employer for subjecting the whistleblower to abuse of process.

Why Whistleblowers Deserve Strong Legal Protection

In light of Mr. Comey’s distinguished record, he will likely bounce back and rebuild his career. But most corporate whistleblowers never fully recover. Too often they find their careers and reputations destroyed. Even when whistleblowers obtain monetary relief at trial, they are usually blacklisted from comparable positions, especially if they work in a small industry.

Mr. Comey’s experience as a whistleblower is a stark reminder of what can happen to any employee who is pressured by a powerful superior to engage in unlawful conduct or to cover up wrongdoing. When intimidation tactics succeed, the public suffers. The company could be covering up threats to public health or safety, environmental contamination, financial fraud, defective products, or any other conceivable harmful wrongdoing.

Courageous whistleblowers who put their jobs on the line deserve strong protection. As Congress embarks on a mission to gut “job killing” agencies, let us hope it will spare the very limited resources that are spent enforcing whistleblower-protection laws. Without such a large backlog of whistleblower cases, OSHA could have, for example, addressed the complaints of Wells Fargo whistleblowers years ago, potentially curbing or halting the bank’s defrauding of its customers. And Congress should consider filling the gaps in existing whistleblower laws. If Mr. Comey “lacked the presence of mind” to explicitly reject the President’s improper demand for him to drop the Flynn investigation, then surely most employees would also be reluctant to refuse an order to commit an unethical or unlawful act.

After Mr. Comey’s testimony, Speaker Ryan pointed out that “[t]he President’s new at this. He’s new to government.” Mr. Comey’s testimony should be a lesson for the President about how to treat whistleblowers. To make America great again, the President should abandon the Rambo litigation tactics that apparently served him well in New York real-estate disputes, and instead view whistleblowers as allies, not as enemies. As Tom Devine of the Government Accountability Project and I argue in an article in the Emory Corporate Governance and Accountability ReviewDraining the Swamp Requires Robust Whistleblower Protections and Incentives.

This post was written by Jason Zuckerman of Zuckerman Law.

Judge Gorsuch’s Opinion in Whistleblower Case Reveals the Dishonesty of his Alleged Strict Textualism

Neil Gorsuch Supreme CourtIf Judge Neil Gorsuch is confirmed, he will play a critical role in construing laws that protect worker health and safety, including laws protecting whistleblowers who suffer retaliation for opposing illegal or unsafe conduct that jeopardizes public health and safety. According to the Bureau of Labor Standards, 4836 workers were killed on the job in 2015—on average, that’s more than 93 a week, or more than 13 deaths every day. As the Occupational Safety and Health Administration (“OSHA”) is already severely understaffed and will soon be further weakened by a political appointee charged with gutting it, the last thing workers need is an activist judge who has expressed disdain for worker-protection laws. But that is exactly what we can expect from Judge Gorsuch.

In a recent dissent in TransAm Trucking, Inc. v. Administrative Review Board, 833 F.3d 1206 (10th Cir. 2016), Judge Gorsuch demonstrated that he will construe worker-protection laws as narrowly as possible and that he deems worker “health and safety” as “ephemeral and generic” statutory goals.  His opinion also reveals that his alleged values-neutral approach to statutory construction is intellectually dishonest.  The majority decision affirming the whistleblower’s win at the Department of Labor was based on the plain meaning of the statute, well-established precedent construing the statutory term at issue, and the purpose of the statute.  Judge Gorsuch’s dissent, however, was arguably activist in that it rewrites the statute.  In other words, Judge Gorsuch does not check his policy preferences or values at the courthouse door and render value-neutral decisions based on the dictionary definitions of statutory terms.  Instead, as this opinion demonstrates, his alleged strict textualism appears to be a cloak for his policy preferences, including his apparent disdain for worker protection laws.

Background of TransAm Trucking Whistleblower-Retaliation Case

Alphonse Maddin worked as a truck driver for TransAm Trucking, Inc. (“TransAm”). He was driving a tractor-trailer down an Illinois freeway on a subzero night in 2009, when he noticed that his truck was nearly out of gas. He pulled over because he could not find a fuel station, and ten minutes later, the trailer’s brakes locked up due to the frigid temperatures. Mr. Maddin was unable to resume driving the tractor-trailer and reported the truck’s unsafe condition to a TransAm dispatcher. The dispatcher told Mr. Maddin that a repairperson would be sent to fix the brakes.

Mr. Maddin dozed off briefly and awoke to find that his torso was numb and he could not feel his feet. He told the dispatcher about his physical condition and asked when the repairperson would arrive. “[H]ang in there,” the dispatcher responded.

Half an hour later, Mr. Maddin called his supervisor, Larry Cluck, and told Mr. Cluck that his feet were going numb and that he was having difficulty breathing. Mr. Cluck told Mr. Maddin not to leave the trailer and gave him two options: drag the trailer with inoperable brakes, or stay put until the repairperson arrives. Mr. Maddin knew that dragging the trailer is illegal and concluded that he might not live much longer if he were to wait for a repairperson. So, Mr. Maddin unhitched the trailer and drove off.

Fifteen minutes after Mr. Maddin left—i.e., more than three hours after he first notified TransAm that he was stranded in subzero temperatures—the repairperson arrived. Mr. Maddin drove the truck back to meet the repairperson, who then fixed the trailer’s brakes. Less than a week later, TransAm terminated Mr. Maddin’s employment for abandoning the trailer.

Mr. Maddin filed a complaint with OSHA, alleging that TransAm violated the whistleblower provisions of the Surface Transportation Assistance Act (“STAA”) by firing him. OSHA dismissed the claim, but a Department of Labor (“DOL”) administrative-law judge (“ALJ”) later ruled, after a hearing, that TransAm violated the STAA. TransAm appealed, and the DOL Administrative Review Board (“ARB”) affirmed.

Mr. Maddin’s STAA Whistleblower-Retaliation Claim

The relevant STAA provision prohibits an employer from firing an employee who “refuses to operate a vehicle because . . . the employee has a reasonable apprehension of serious injury to the employee or the public because of the vehicle’s hazardous safety or security condition.” TransAm Trucking, 833 F.3d at 1211 (alteration in original) (quoting 49 U.S.C. § 31105(a)(1)(B)(ii)). An employee’s apprehension is “reasonable” if a reasonable person in the same circumstances “would conclude that the hazardous safety or security condition establishes a real danger of accident, injury, or serious impairment to health.” Id. (quoting § 31105(a)(2)). To prevail under this provision, an employee must demonstrate that he or she “sought from the employer, and [was] unable to obtain, correction of the hazardous safety or security condition.” Id. (alteration in original) (quoting § 31105(a)(2)).

The ALJ found, and the ARB affirmed, that Mr. Maddin had engaged in protected conduct when he unhitched the trailer and “refused to operate the truck under the conditions set by Mr. [C]luck.” Id. (alteration in original). TransAm argued, on appeal, that this finding was in error because Mr. Maddin had not “refused to operate” the truck but rather in fact “operated” the truck when he drove off without the trailer.

The Tenth Circuit engaged in a Chevron analysis to determine whether to defer to the ARB’s interpretation of the STAA. Because the statute does not define “operate,” the Tenth Circuit found that Congress had not “directly spoken to the precise question at issue.” Id. (quoting Chevron, U.S.A., Inc. v. Nat. Res. Def. Council, Inc., 467 U.S. 837, 842 (1984)). Therefore, the Tenth Circuit turned to the question whether the ARB’s interpretation was “based on a permissible construction of the statute.” Id. (quoting Chevron, 467 U.S. at 843).

TransAm argued, in effect, that “operate” was synonymous with “drive.” The ARB, on the other hand, interpreted “operate” to encompass driving as well as “other uses of a vehicle when it is within the control of the employee.” Id.

The Tenth Circuit looked to the purpose of the STAA whistleblower provisions—to “encourage employee reporting of noncompliance with safety regulations governing commercial motor vehicles.” Id. at 1212 (quoting Brock v. Roadway Express, Inc., 481 U.S. 252, 258 (1987)). The court found that the ARB’s interpretation of “operate,” and not TransAm’s, furthered that purpose because it “prohibit[ed] an employer from discharging an insubordinate employee whose insubordination was motivated by the employee’s reasonable apprehension of serious injury to himself or members of the public.” Id.

Therefore, the Tenth Circuit deferred to the ARB’s interpretation of “operate” and affirmed the ARB’s finding that Mr. Maddin’s unhitching the trailer and driving away in the truck, against his supervisor’s instructions, constituted a “refusal to operate” and so was protected conduct under the STAA. Id. at 1213. The court explained that “although Maddin actually drove the truck after unhitching it, he refused to operate his tractor-trailer in the manner instructed by his employer.” Id.

The Tenth Circuit found, moreover, that Mr. Maddin’s protected activity was a contributing factor in his firing. Id. Having found that the ARB’s findings—that Mr. Maddin engaged in STAA-protected conduct and was fired for doing so—were supported by substantial evidence, the Tenth Circuit denied TransAm’s petition for review.

Judge Gorsuch’s Dissent

Judge Gorsuch took issue with the ARB’s, and the majority’s, interpretation of “refusal to operate”:

The trucker in this case wasn’t fired for refusing to operate his vehicle. Indeed, his employer gave him the very option the statute says it must: once he voiced safety concerns, TransAm expressly—and by everyone’s admission—permitted him to sit and remain where he was and wait for help. The trucker was fired only after he declined the statutorily protected option (refuse to operate) and chose instead to operate his vehicle in a manner he thought wise but his employer did not. And there’s simply no law anyone has pointed us to giving employees the right to operate their vehicles in ways their employers forbid.

Id. at 1215–16 (Gorsuch, J., dissenting). Judge Gorsuch said the majority should not have even engaged in a Chevron analysis because the STAA is “perfectly plain.”

Relying on the Oxford English Dictionary, Judge Gorsuch found that “refuse” means “[t]o decline positively, to express or show a determination not to do something”; and “operate” means “[t]o cause or actuate the working of; to work (a machine, etc.).” Id. at 1216 (Gorsuch, J., dissenting) (alterations in original) (quoting The Oxford English Dictionary 495, 848 (2d ed. 1989)). Putting those two definitions together, Judge Gorsuch concluded that, under the STAA, “employees who voice safety concerns about their vehicles may decline to cause those vehicles to work without fear of reprisal” but may not “cause those vehicles to work in ways they happen to wish but an employer forbids.” Id. (Gorsuch, J., dissenting).

To illustrate the alleged absurdity of the majority’s contrary interpretation, Judge Gorsuch used an analogy: “Imagine a boss telling an employee he may either ‘operate’ an office computer as directed or ‘refuse to operate’ that computer. What serious employee would take that as license to use an office computer not for work but to compose the great American novel? Good luck.” Id. at 1217 (Gorsuch, J., dissenting).

Judge Gorsuch then criticized the majority for its reliance on the STAA’s purpose of protecting public health and safety. In a statement revealing his policy preferences, Judge Gorsuch said that, particularly where a statute’s purpose is as “ephemeral and generic” as “health and safety,” the majority should stick strictly to the text of the statute. Id. (Gorsuch, J., dissenting).

Judge Gorsuch’s Dissent Reveals the Intellectual Dishonesty of his Alleged Strict Textualism

Read in isolation, Judge Gorsuch’s dissent sounds plausible. He takes a strict textualist approach to statutory interpretation and so rejects any consideration of legislative intent. But a closer examination reveals that his alleged use of textualism is really a cloak for his policy preferences.

Here, Judge Gorsuch purportedly relies on the Oxford English Dictionary to support his conclusion that “operate” means, by definition, “[t]o cause or actuate the working of; to work (a machine, etc.).” And the rest of his analysis follows naturally. But the same textualist approach was also relied upon by the majority to reach a contrary conclusion, one that is consistent with the purpose of the statute:

The dissent believes Congress’s intent can be easily determined by simply choosing a favorite dictionary definition of the word and applying that to quickly conclude the statute is not ambiguous at all. . . .

. . . We, too, have found a dictionary definition of the word “operate” and discovered it means to “control the functioning of.” This definition clearly encompasses activities other than driving. . . . The only logical explanation [for the dissent’s interpretation] is that the dissent has concluded Congress used the word “operate” in the statute when it really meant “drive.” We are more comfortable limiting our review to the language Congress actually used. 

Id. at 1212 n.4 (emphasis added) (quoting Operate, Oxford Dictionaries Pro, http://www.oxforddictionaries.com/us/definition/american_english/operate).

Judge Gorsuch artfully concealed the discretion inherent in his analysis, and in doing so maintained the facade of being bound by the text of the STAA. Here, he used his discretion to conclude that an employee’s firing did not violate the STAA—even though that employee spent more than three hours in subzero temperatures, without heat, after notifying his employer that his trailer’s brakes had frozen—because the employee’s actions did not meet Judge Gorsuch’s cherry-picked definition of refusal to “operate.”

Instead of taking statutory text out of context, Judge Gorsuch could have relied upon well-established STAA precedent holding that an employee who moves a disabled trailer from the middle of a busy roadway to the shoulder of the road, after being told by his employer to remain in the roadway, has refused to operate his vehicle for purposes of the STAA whistleblower law. He could also consider the purpose of the statute the majority relies upon: “to promote the safe operation of commercial motor vehicles,” “to minimize dangers to the health of operators of commercial motor vehicles,” and “to ensure increased compliance with traffic laws and with . . . commercial motor vehicle safety and health regulations and standards.” 49 U.S.C. § 31131(a).

Judge Gorsuch’s dissent fails to address the fact that Mr. Maddin’s supervisor gave him another option other than waiting in the truck without heat—dragging a 41,000-pound trailer with inoperable brakes, which is prohibited by Department of Transportation regulations. Mr. Maddin refused to carry out that instruction, and therefore he is protected under the STAA. And Judge Gorsuch’s dissent does not address the ARB’s finding that Mr. Maddin engaged in STAA-protected conduct by reporting the faulty condition of the trailer (i.e., the frozen brakes).

Judge Gorsuch will likely testify at his confirmation hearing that he is a values-neutral umpire who interprets statutes according to their plain meaning. Here, the umpire had two choices in a case decided under substantial-evidence review—a standard of review that is highly deferential to the agency. Option One was to rely on the majority’s equally compelling dictionary definition that favored the worker, the purpose of the STAA whistleblower law, well-established case precedent construing the STAA, and common sense. Option Two was to rely upon an out-of-context dictionary definition to reverse the agency, while omitting key facts from the record and ignoring case precedent and the purpose of the statute. Is it a mere coincidence that Option Two favored the employer and left the worker out in the cold? It strains credulity to claim that the author of this dissent is merely calling balls and strikes.

Judge Gorsuch’s Derision of Worker-Protection Laws

Perhaps more revealing than Judge Gorsuch’s selective use of the dictionary, however, are his characterization of “health and safety” as “ephemeral and generic” statutory goals, as well as the wording and tone of his dissent. Judge Gorsuch refuses to consider the purpose of the STAA whistleblower-protection law because “[a]fter all, what under the sun, at least at some level of generality, doesn’t relate to ‘health and safety’?” TransAm Trucking, 833 F.3d at 1217 (Gorsuch, J., dissenting). If Judge Gorsuch were construing the Religious Freedom Restoration Act, however, he would very likely consider and apply the purpose of the statute.  But according to Judge Gorsuch, the remedial goals of worker-protection laws should be ignored when construing those laws.

Note that in his dissent, Judge Gorsuch does not once refer to Mr. Maddin by name. Instead, he refers to Mr. Maddin repeatedly as a “trucker” and once as an “employee.” TransAm, on the other hand, is identified by name several times throughout the dissent. Moreover, Judge Gorsuch states that Mr. Maddin was stranded in “cold weather” and omits the fact that Mr. Madden was stuck in a truck, without heat, in subzero weather, and feared losing his feet, dying, and never seeing his family again. Minimizing Mr. Maddin’s precarious predicament enabled Judge Gorsuch to analogize Mr. Maddin’s conduct to that of an office worker who misused a work computer to “compose the great American novel.” Id. (Gorsuch, J., dissenting). But presumably, the officer worker’s appendages are not going numb in this irrelevant analogy. Given Judge Gorsuch’s dehumanization of Mr. Maddin, it is no surprise that he admits in his dissent that he deems “health and safety” to be “ephemeral and generic” statutory goals.

According to the National Highway Traffic Safety Administration, there were approximately 3500 fatal crashes involving large trucks from 2011–2014. There is nothing “ephemeral” about laws regulating the safe operation of tractor-trailers or a whistleblower-protection law that enables truck drivers to refuse to drive unsafe vehicles. As Judge Gorsuch sat comfortably in his chambers, penning his dissent, did it occur to him that human lives are at stake when TransAm orders a driver to drag a 41,000-pound trailer with frozen brakes? Did this “pro-life” jurist consider that Mr. Maddin was having difficulty breathing and his appendages were going numb when he pleaded with his supervisor for permission to drive the truck, without the trailer, to a nearby gas station? Apparently, all those considerations, along with the purpose of the statute, are irrelevant where a cherry-picked dictionary definition enables Judge Gorsuch to construe a remedial law narrowly enough for the employer to prevail. If Judge Gorsuch is really acting as a values-neutral umpire, why does he deride the purpose of the STAA whistleblower-protection law as “ephemeral” and “generic”?

Many American workers often face the daunting choice of engaging in unsafe practices on the job or instead losing their jobs for opposing such practices. Federal enforcement of worker-safety and worker-protection laws is already feeble due to Congress’s deliberately starving OSHA of resources. And with a new Administration committed to gutting worker-safety laws and enforcement thereof, we can expect that the current unacceptable number of workers killed on the job—4836 in 2015—will increase. Judge Gorsuch’s dissent in TransAm Trucking portends that such laws will be further crippled using sham textualism.

Undoubtedly Judge Gorsuch is a talented jurist and dedicated public servant. But the “forgotten man” that President Trump claims to represent would be far better served by a mainstream jurist, such as Judge Merrick Garland, who would be faithful to the statutory language and purpose of worker-protection laws.

Supreme Court Determines that Seal Violation Does Not Mandate Dismissal

Supreme Court qui tam seal violationOn December 6, 2016, the Supreme Court of the United States decided State Farm Fire and Casualty Co. v. United States ex rel. Cori Rigsby and Kerri Rigsby. At issue was whether a qui tam relator’s violation of the seal requirement, 31 U.S.C. § 3730(b)(2), requires a court to dismiss the suit. In a unanimous decision, the Court concluded that violation of the seal does not mandate dismissal, affirming a lower court decision to deny the defendant’s motion to dismiss.

Section 3730(b)(2) requires qui tam complaints to be filed under seal for at least 60 days and provides that they shall not be served on the defendants until the court so orders. The purpose of the seal is to give the government time to investigate. In practice, the government often seeks numerous extensions while it investigates the conduct alleged in the relator’s complaint.

Justice Kennedy, writing for the Court, reasoned that the text of the False Claims Act (FCA) makes no mention of a remedy as harsh as dismissal. The Court also noted that the FCA was intended to protect the government’s interests, whereas mandatory dismissal would run contrary to those interests, as it would put an end to potentially meritorious qui tam suits. Although the Court made no definitive ruling as to what sanction would have been appropriate, it did note that dismissal “remains a possible form of relief,” while “[r]emedial tools like monetary penalties or attorney discipline remain available to punish and deter seal violations even when dismissal is not appropriate.”

We previously wrote about this matter, here.

© 2016 McDermott Will & Emery

Congress Strengthens Whistleblower Protections for Employees of Government Contractors and Grantees

On December 5, 2016, Congress enacted S. 795, which permanently extends legal protections to employees of federal contractors, subcontractors, grantees, and others employed by entities that receive federal funds who report waste, fraud, or abuse involving federal funds. It would also extend these protections to personal services contractors working on both defense and civilian grant programs.

NDAA Whistleblower Protection

Fraud Whistleblower ProtectionsThe National Defense Authorization Act for Fiscal Year 2013 (NDAA) established a four-year pilot program that prohibits employees of a “contractor, subcontractor, or grantee” from being retaliated against for blowing the whistle on:

  • gross mismanagement of a Federal contract or grant;

  • a gross waste of Federal funds;

  • an abuse of authority  relating to a Federal contract or grant; or

  • a substantial and specific danger to public health or safety, or a violation of law, rule, or regulation related to a Federal contract.

To be protected, the disclosure must be made to a Member of Congress or Congressional committee, an Inspector General, the GAO, a federal employee responsible for contract or grant oversight or management at the relevant agency, an authorized official of DOJ or other law enforcement agency, a court or grand jury or a management official or other employee of the contractor or subcontractor who has the responsibility to investigate, discover, or address misconduct.

The burden of proof and causation standard in NDAA whistleblower cases are very favorable to whistleblowers. The complainant prevails merely by demonstrating that the protected disclosure was a contributing factor in the personnel action, which can be met by showing knowledge and temporal proximity. Remedies include reinstatement, back pay, uncapped compensatory damages (emotional distress damages) and attorney fees and costs.

Unlike the four-year program for civilian contracts, the rights of whistleblowers working on Federal defense contracts are not time-limited.  S. 795 makes this critical whistleblower protection for employees working on civilian contracts permanent.

Purpose of NDAA Whistleblower Protection Law

The December 5, 2016 floor statements of Rep. Chaffetz and Rep. Cummings underscore how courageous whistleblowers play a critical role in combatting waste, fraud and abuse and why they must be protected against retaliation:

Mr. CHAFFETZ:  Mr. Speaker, I rise today in support of this bill, S. 795, a bill to enhance whistleblower protection for contractor and grantee employees. It is a bill with good bipartisan support in both Chambers of Congress. I really do applaud and thank, in particular, the gentleman from Maryland (Mr. CUMMINGS), the ranking member on our committee, who has helped champion this and point this out and lead our efforts in the House on this. In the House, the Committee on Oversight and Government Reform considered an identical bill, the Whistleblower Protections for Contractors Act, introduced by Ranking Member CUMMINGS and myself, and the committee reported this legislation by unanimous consent. In the Senate, it has been Senators MCCASKILL and RON JOHNSON who have worked arm in arm on this and are also very supportive of it. Today we bring up the Senate version of this bill to expedite its approval to get this bill to the President’s desk.

As you know, Mr. Speaker, whistleblowers are invaluable to the oversight work of Congress. We rely on people who are on the front lines seeing things as they truly are to provide information and blow the whistle when they see something going awry. They are one of our best sources of information about waste, fraud, and abuse within the Federal Government.

As an institution, we should try to do everything we can to encourage them to come and speak with us, and when they do, to make sure that they have the proper and adequate protections. That is exactly what this bill does, by recognizing that not all whistleblowers are Federal employees. We have robust Federal recognition and whistleblower protection for Federal employees, and we believe that contractors and others should have that as well.

It makes permanent a successful pilot program that extended whistleblower protections to civilian contractor and grantee employees. It also ensures whistleblower protections are extended to subgrantees and personal services contractors for both defense and civilian contractors. It is important because the Federal Government spends half a trillion dollars a year on grants and contracts. Think about that; half a trillion dollars is going out the door. There is always somebody doing something stupid somewhere; so to have this protection for a whistleblower as a contractor, for instance, just seems wise and prudent.

In overseeing how these funds are spent, the best source for rooting out waste is from grantees, subgrantees, contractors, and subcontractors. One loophole this bill closes is that personal services contractors were not protected in the past. These contractors can be just as valuable in identifying the waste and fraud we are committed to preventing in the first place. It only makes sense to offer those personal services contractors the same protections we give other contractors.

With this bill, we are sending a strong message to both whistleblowers and their employers. We are serious about stopping waste, fraud, and abuse, and we are serious about protecting those who bring that information forward. Every dollar of wasted funds comes from the pocket of the same hardworking men and women who elected us to Congress. It is their money. It is not our money. It is not the Federal Government’s money. It is the taxpayers’ money.

As we work to protect these taxpayer dollars, we also have a duty and responsibility to protect these whistleblowers. They are the best allies we have. S. 795 accomplishes that goal. An identical bill was passed out of our committee. I would appreciate the support of our colleagues to further this. Again, I thank Mr. CUMMINGS for his good work and passion on this. Mr. Speaker, I reserve the balance of my time.

Mr. CUMMINGS. Mr. Speaker, I yield myself such time as I may consume. Mr. Speaker, I rise in strong support of S. 795. I introduced the House companion of this legislation, the Whistleblower Protections for Contractors Act. We are taking up the Senate measure today to make sure this bill can be signed by the President before the end of this Congress.

I want to thank Senator MCCASKILL for all of her hard work and Senator JOHNSON for all that he did to make this bill come to this point.

I would also like to give special thanks to Chairman CHAFFETZ for being an original cosponsor and helping bring this bill to the floor. Our committee has always stood hand in hand with regard to protecting whistleblowers, and we have made it abundantly clear that we will do everything in our power to protect them from any type of retaliation or any type of harm.

Whistleblowers are the front line of defense against waste, fraud, and abuse. Employees who work on Federal contracts and grants see firsthand when taxpayer money is being wasted. They risk their careers to challenge abuses of power and mismanagement of government resources. They must be protected against retaliation when they blow the whistle on wrongdoing.

Just the other day, we had a witness come before our committee, and it was clear that she was very, very concerned about retaliation to the point of almost being shaken. You could actually see it. When we see these folks, we realize and we are reminded of the fact that they bring a very important resource to us as the Committee on Oversight and Government Reform, and that is they bring us information, information that allows us to be able to address problems that we wouldn’t even know about if it were not for them.

I thank Chairman CHAFFETZ and our entire committee for taking the attitude of protecting whistleblowers to the greatest extent we possibly can.

This bill would ensure that more employees are protected by giving subgrantees and personal services contractors the same whistleblower protections currently given to contractors, grant recipients, and subcontractors. This bill also would make protections for civilian contractors and grantees permanent. These are protections that contractors and grantees of the Department of Defense already enjoy.

I urge every Member of Congress to stand up for whistleblowers, to stand up for good government, and to pass this legislation. Mr. Speaker, I urge all Members to vote in favor of this very important and meaningful legislation.

ARTICLE BY Jason Zuckerman of Zuckerman Law
© 2016 Zuckerman Law

SEC Whistleblower Awards: Can You Hear Whistles Blow? Valued At More Than $100 Million, You Bet You Can!

Some very loud whistles have been blowing across corporate America since 2011 – whistles valued at $107 million, in fact. The United States Securities and Exchange Commission announced on August 30, 2016, that since its whistleblower program began in 2011, they have awarded more than $107 million total to 33 individuals who voluntarily provided the SEC with original and useful information that led to a successful enforcement action. Whistleblower awards can range from 10 percent to 30 percent of the money collected when the SEC’s monetary sanctions in a matter exceed $1 million.

The SEC encourages employees to report suspected wrongdoing, because they, according to Acting Chief Jane Norberg, “are in unique positions behind-the-scenes to unravel complex or deeply buried wrongdoing.” And, last year alone, employees responded by providing nearly 4,000 tips to the agency. With this kind of incentive from the SEC and other government agencies, as well as a growing number of successes in whistleblower lawsuits, it is more important than ever for companies to get advice on a regular basis. Moreover, companies must be strategic and proactive in their approach to implementing an effective whistleblower protection and anti-retaliation system.

Key elements of an effective whistleblower protection and anti-retaliation system include:

  1. Clear and visible leadership commitment and accountability. This is truly the most important piece of the puzzle. Without sincere support from the top, no internal whistleblower program can succeed.

  2. The creation of a true “speak-up” organizational culture focused on prevention, including encouraging employees to raise all suspicions and issues quickly and insuring the fair resolution of such issues.

  3. Independent, protected resolution systems for employees and third-parties who believe they are experiencing retaliation as a result of raising concerns.

  4. Specific training to educate all employees about their rights and available protections (including both internal and external programs).

  5. Specific training for managers who may receive complaints or information from employees, requiring the manager to be considerate of the employee making the report, to be diligent, and, most importantly, to act on the information with no corporate tolerance of the “just telling me as a friend, not as a manager” excuse.

  6. Internal monitoring and measurement of corporate compliance efforts and the effectiveness of the speak-up and non-retaliation culture, without contributing to the suppression of employee reporting.

  7. Independent auditing to determine if the whistleblower protection and anti-retaliation system is actually working.

Post written by Denise K. Drake of Polsinelli LLP.