FLRA Forcing ICE to Go to Court to Protect Computer Security Worldwide

In a case involving computer security at Immigration and Customs Enforcement (ICE), FLRA finds that the Agency’s duty to bargain over curtailing employee access to private email accounts on their work computers trumps the Agency’s statutory obligation to protect the security of information under its control. The Minority Member, in his dissent, said that unlike the majority members, he could not interpret the federal labor statute to, in essence, require an Agency to compromise its computer security to bargain over a minor working condition issue.

I recently reported the Federal Labor Relations Authority’s abysmal showing before the U.S. Circuit Court of Appeals for the DC Circuit on the issue of its ability to interpret statutes other than the one it is charged by Congress to administer. As the Article reports, the court has little tolerance for FLRA’s arrogance in rendering decisions in areas in which it has absolutely no expertise or even rudimentary knowledge as in this case.

Well, they’re at it again.  I thought I should review again the majority members’ bios at flra.gov to see if I had perhaps been unfair in questioning their expertise outside of the jobs they currently hold.  Ms. Pope, the chair, spent her first year out of law school at the Labor department and the last 34 at FLRA. Mr. Dubester has either been a political appointee, a union lawyer or a college teacher according to his bio. I’m not criticizing their service, merely pointing out that having the scope of experience or knowledge to weigh the harm to a government mission by one of their decisions isn’t apparent in their bios. Since there is no evidence involved in most cases before the FLRA, one can only wonder how one judges between the positions offered by a union advocate, engaged to advance union or employee rights exclusively, and the Agency, charged by law and funded with tax dollars to carry out the work of government.  We know, based on prior D.C. Circuit decisions that that court considers FLRA “a minor three-member commission with quite restricted expertise.”  Humility appears not a condition of membership among FLRA’s majority.

Fortunately, in the past, FLRA’s incursions into running other Agencies have not produced direct harm to the mission of that Agency setting aside the cost of defending itself from FLRA’s ideological or short sighted decision making.  This case involves a very different matter.

The case involved a threat assessment made by the Agency concerning computer security.  The employees up to a point in time had been permitted to access personal webmail accounts from their work computers.  The Agency banned this practice (by the way a violation of Agency policy).  An arbitrator found that the Agency had to bargain with the union to agreement with the union before doing so despite the wording of a law (the Federal Information Security Management Act (FISMA)) granting the Agency sole and exclusive discretion to determine its network access policies.

Let’s look at what the majority said (in the body of the decision) in its rebuttal to the minority member’s dissent.

“As for the dissent’s suggestion that FISMA should be read to confer sole and exclusive discretion because it deals with time sensitive information security threats, there is no dispute that Congress considered an agency’s right to safeguard internal security extremely important. Specifically, Congress expressly set forth management’s right to determine the “internal‍[‍‍]‍security practices of the agency” – which undoubtedly includes the right to establish information security practices – as one of the first management rights listed in the Statute. But, by the very act of including this provision in § 7106(a) of the Statute and making it subject to bargaining under § 7106(b), Congress signaled that collective bargaining is wholly compatible with management’s right to determine internal security practices. And while Congress instructed agencies (in FISMA) to protect federal information security, it also expressly included in the Statute an injunction to “safeguard‍[‍] the public interest” and “contribute‍[‍] to the effective conduct of public business” through the institution of collective bargaining. Although attaining both internal security and collective bargaining objectives may require planning and coordination, the laws at issue here (FISMA and the Statute) assign that responsibility in various ways to federal managers and their union counterparts. In fact, Congress – by simultaneously finding both that the Statute “should be interpreted in a manner consistent with the requirement of an effective and efficient [‍g‍]‍overnment” and that “labor organizations and collective bargaining in the civil service are in the public interest” – clearly envisioned that the parties would collaborate to further their shared interest in a secure, safe, effective, and efficient government.  By finding sole and exclusive discretion based on the mere presence of internal security considerations, the dissent would sacrifice the benefits that Congress intended collective bargaining to provide. And by suggesting that the Authority has “no . . . standing” to apply the Statute in cases that implicate other statutes, like FISMA, the dissent ignores the responsibility Congress assigned the Authority to apply the Statute in the legally complex environment of the federal government. There can be no serious debate that the Authority not only can but also must interpret laws other than the Statute in resolving disputes.” (My emphasis)

People ask me why I criticize (and some condemn me for it) the FLRA’s reasoning in cases in this administration.  The above-quoted paragraph and the words I’ve emphasized say it all. Can even a myopic ideologue seriously claim that a law designed to allow limited collective bargaining for Federal employees envisions a government where the “presence of internal security considerations” takes a back seat to whether an employee would be able to access his/her email from their government-owned and paid for computer and thereby possibly compromise the security of the system?   This is another crazy decision.  As Mr. Pizzella, the minority member, says in his dissent,

“ Therefore, unlike my colleagues, I cannot conclude that Congress intended for our Statute to be read so expansively as to impose additional – in this case bargaining – requirements on federal agencies before they can act to secure the integrity of their  federal IT systems, the breach of which, could directly impact “[o]ur nation’s security and economic prosperity.” And, to the extent a federal agency’s discretion to address IT security risks is limited, in any respect, it is limited by the policies and recommendations of recognized experts at OMB and NISTand not by a generic and unrelated statutory construct such as our Statute. Those experts, including those at DHS, established specific responsibilities for federal agencies with which federal agencies are required to comply. The district court in Cobell v. Norton and the D.C. Circuit in Cobell v. Hempthorne identify at least six such responsibilities.“ 

This FLRA’s belief that the union, in this or any case, has a “shared interest in a secure, safe, effective, and efficient government” is, without doubt, the most naïve and silly departure I have ever read or heard from the reality of Federal labor relations.  The unions I have dealt with have done exactly what their membership and perhaps more often, leadership believed was in the best interest first of the institutional union and then the membership.  It is crystal clear to me that neither Ms. Pope nor Mr. Dubester have ever dealt across the table with a Federal union negotiator.  Either that or they’re afflicted with a monumental politically induced case of tunnel vision.

I don’t know whether Homeland Security will go to the D.C. circuit with this case but precedent is definitely on their side.

Now is when I make my disclaimer that I, alone, am responsible for the above.

About the Author

Bob Gilson is a consultant with a specialty in working with and training Federal agencies to resolve employee problems at all levels. A retired agency labor and employee relations director, Bob has authored or co-authored a number of books dealing with Federal issues and also conducts training seminars.