oversight

Peer Review violation

Published by the National Science Foundation, Office of Inspector General on 2013-01-15.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

                                                  NATIONAL SCIENCE FOUNDATION
                                                   OFFICE OF INSPECTOR GENERAL
                                                     OFFICE OF INVESTIGATIONS

                                            CLOSEOUT MEMORANDUM

 Case Number: A11070051                                                                      Page 1 of 1



                 We received an allegation that a reviewer 1 posted links to 22 confidential NSF proposals,
         all from the same panel,2 on a website. Our investigation determined that the reviewer had
         another person place the proposals on a personal page within a website, which he believed was
         private. The page was not private and the proposals became temporarily available for public view
         via search engine. At least one confidential proposal was found via Internet search by a third
         party who then emailed its PI.

                We sent a report to the agency, recommending actions to protect the federal interest. The
         agency determined that the relevant Division Director should send the reviewer a warning letter
         and he did.

                 This memo, the attached Report of Investigation, and the attached warning letter constitute
         the case closeout. Accordingly, this case is closed.




NSF OIG Form 2 (11102)
                   National Scienc:e Foundation • Offic:e of Inspector Genetal
                  4201 Wilson Boule'\tard~ Suite II-705, Arlington,Virginia 22230
                                                     AUGOS"'-~012


To:              Cora B. Marrett
                 Deputy Director

From:


Subject:         Breach of Confidentiality Investigation Report All 070051


        Attachedis our confidential·u:·LVe!;ttg.attc::>nrepo'rt
reviewer confidentiality against Dr.
the basis of oqr investigation, we CODlcluded
proposals on the Internet.

        We recomrilend that NSF ban Dr.- from servilig as a reviewer, advisor~ or
consultant for NSF for a period of 2 years, which we believe· will adequately protect NSPs
interests. The reasons for our recommended actions are described in detail in the report. In
response to om <haft report, D r . - reiterated his previous statements from responses to our
inquiry letter. We reviewed the response and detenninedthat itdid not warrant a revision of the
report

       If you have any questions about the •investigation report or our recommended findings
and dispositioD; I would be happy to discuss them with you. My staff point of contact for this
matteris-at70~~



Attachment

cc:     Lawrence Rudolph, General Counsel
        Kathryn Sullivan, Office of the Director's Liaison to OIG
CONFIDENTIAL                                                           CONFIDENTIAL


                                     Executive Summary

Allegation:          We received an allegation that a reviewer (the Subject) posted links to 22
                     NSF proposals, all from the same panel, on a website.

OIG Investigation:   Our investigation determined that the Subject provided confidential
                     proposals to his wife for the purpose of posting the proposals on a private
                     webspace allocated to him by his company. The webspace was not as private
                     as the Subject claimed to have thought, and the proposals were available for
                     public view through an Internet search engine. At least one confidential
                     proposal was found by a third party via Google search. The third party
                     subsequently discussed the proposal. with its Pl.

OIG                  Prohibit the Subject from participating as a reviewer, advisor, or consultant
Recommendation:      for NSF for a period of 2 years.




                                                                                                  1
CONFIDENTIAL                                                                          CONFIDENTIAL

                  [R]espect the confidentiality ofall principal investigators and of
                  other reviewers. Do not disclose their identities, the relative
                  assessments or rankings of proposals by a peerreview panel, or
                  other details about the peer review of proposals. Unauthorized
                  disclosure of any confidential information could subject your [sic]
                  to sanctions,

We confirmed that the Subject signed the 12JOP form for the review atiss{1e. w

                                               OIG Investigation

        We reviewed the materials                 the allegation, including the screenshot
through which we verified, as of                2:01PM: 1) the NSF proposals were
discoverable on the Internet via Google searc~ 1 and 2) Google had cached copiesofthe
confidential NSF material. 12 Although the panel ended in May, the Subject failed to promptly
delete the proposals~ which remained on his webspacewhere they were discovered bya third
parcyY

                                     Results ofCommur#cation withthe Subject

        We wrote to the Subject14 seeking his response to the allegation and to related questions.
When he failed to respond by the due date, we contacted him via emaiL He explained that he had
lost our correspondence and asked us to forward an electronic eopy of the materials, which we
supplied.
        Based on the Subject's cursory, initial response, he did not appear to understand the
gravity oftheallegations. 15 We contacted him by phoneto obtain a more detailed response.
During the call, he told us he had made a mistake; he said he pl.lt the proposals on what he
thought was a secure web site, but i.t was evidently publicly available on the WorldWide Web:
We asked him to consider providing a more detailed written response to our questions; he
agreed.
        In his second written response, the Subject explained that he had previously believed that
the server space on which he placed the proposal~ "\vas private and nofdiscoveiable'' 16 and tha(
he did not disclose the URL to anyone else.          He
                                                  did state, however, that he gave the proposal files
to his wife,so that she could assist him with File Transfer Protocol.(FTP) software to upload the
proposals17 to the server/webspace; He indicated that "she did not read orshare the proposals


                                             within the company's Internet domain. Specifically, they were at:
                                              See also Tabl for one of the screenshots provided tp our office.
     See Tab 1.
13
   We also determined that the PI ofone of the proposals had been contacted by a third party, who had found the
PI's proposal via Google search; The PI was understandably concerned that the non-public inteUectual property
contained in the proposal was readily available via Internet search, and that someone unaffiliated. with NSF had read
the proposaL
14
   SeeTab4.
15
   See TabS,
h> Tab (},page 1.
17
  The primary use ofFTP software is to enable placing documents onto a web server that. as the name implies,
serves documents ex1:emally to the web.


                                                                                                                    3
CONFIDENTIAL                                                                             CONFIDENTIAL

«server". which he believed \Vas something wholly separate (and therefore undiscoverable) from
the website.

                                      Other documents in the Company webspace

         While reviewing the Subject's webspace,24 we determined that one ofhis webpages is
protected from public viewing via a privacy mechanism, the website's robots.txt. 25 This appears
to illustrate that the Subject took more care to protect a personal page on his webspace, a space
he believed to be private,26 than he did to protect confidential NSF proposals.27

                                                 OIG Assessment

         Our investigation revealed that the Subject had 22 confidential NSF proposals posted on
his company's webspace which caused the proposals to be publically available via an Internet ·
search engine. During our investigation, we also determined that the Subject gave access to the
confidential proposals to his wife, contra to NSF rules? 8 Similarly, we note that although the
~1 was held on M a y - ' the proposals were still on the Subject's webspace on June 21,
      29
. . . and thus available to the public through an Internet search. These actions constitute
violations ofNSF Policy.
         Given the Subject's area of expertise and the use of a privacy mechanism to protect some
of the information on his webspace> we are not convinced of the plausibility of the Subject's
assertions that be believed his webspace was private.
         The seriousness of making confidential NSf' proposals available to the Subject's wife and
ultimately the public is exacerbated by the fact that one ofthe Principal Investigators (Pis)
became aware that his/her proposal was accessible online when contacted by a third party to
discuss the proposed research. The PI expressed a great deal of concern about the intellectual
work which was not supposed to have been public.
         We conclude that he recklessly gave his wife access to the proposals and caused the
proposals to be uploaded onto a server connected to the Internet which resulted in at least one
confidential proposal to be viewed by an unrelated third party.

                                                Recommendations

       The full extent to which NSF Pis were harmed by the Subject's actions cannot be
assessed. We do know that at least one person contacted an NSF PI with questions about the PI's
confidential NSF proposal.


24
      The same web space on which he had the NSF proposals placed.
25
      A "robots.M", or Robots Exclusion Protocol, is an extremely common tool in the form of a text file. The file's
instructions (to web crawlers) list specific pages that a website's            does not want them to index. See Tab 8
for an example, the robots.txt that is utilized by the site at
26
      See Tab 6, page L                                ,
27
      See Tab 8.
28
      Despite signing a conflict-or-interest form (1230P), a certification which explains NSF's confidentiality rules and
despite viewing banners which stressed the importance of privacy, including the importance of destro:;-ing copies
after conclusion of a panel.
:1.'1 More than a month after the panel concluded.



                                                                                                                        5
CONFIDENTIAL                                                         CONFIDENTIAL


Attachments

  1.   Screenshot of Website containing proposals.
  2.   Screenshots from NSF FastLane (From the Demonstration Site)
  3.   Form 1230P
  4.   Letter to the Subject
  5.   Subject's Response 1
  6.   Subject's Response 2
  7.   Biographies of the Subject from the Company's website
  8.   Error message and the Company's Robots.txt
  9.   The Subject's Response to the Draft ROI




                                                                                    7
                                    NATIONAL SCIENCE FOUNDATION
                                        4201 WILSON BOULEVARD
                                      ARLINGTON, VIRGINIA 22230




December 18, 2012




It has come to my attention that 22 prcJPC>sats    reviewed for the National Science
Foundation's                                                                            inMay2cJI
                                                       While this posting may have been
unintentional, I am writing to ensure       you are aware ofNSFs policies and requirements for
your services as a panelist. In addition, I want to remind you of your obligation to maintain the
confidentiality of proposals and applicants (in addition to the identities of reviewers and the
review process).

The Foundation receives proposals in confidence and protects the confidentiality of their
contents. Prior to your May  2cJI panel service you certified that you understood NSF policies
and that you would not divulge or use confidential information.

NSF requires specific protections for sensitive information related to the work we perform,
particularly the peer review process and the confidential proposals we receive for review.
Safeguarding proposals and preventing the disclosure of this information is essential to ensure
we retain the scientific community's and the public's trust.

We take the protection of the NSF peer review process very seriously and continue to work to
protect and secure NSF information. If you have any questions, please contact me.




                                              Division Director



Enclosed copy o f - signed 1230P
                                                                              National Science Foundation
                                                                                         Arlington, VA 22230

                                                  Conflict-of-Interests and Confidentiality Statement for NSF Panelists
                                                       Includes members of proposal review panels; site visitors; and committee of visitors.

~f~i:.Y~!i~:@)UJ.i.l.~[fifJ~I§i@~Li.it:£'~~~~~~!{~~§1"1i~-ltr~11~~y~~~~~!t?iiiftJ0i~i:SMl~:\
 Your designation as an NSF panelist requires that you be aware of potential conflict situations that may arise. Read the examples of potentially
 biasing affiliations or relationships listed on the second page or back of this form. As an NSF panelist, you will be asked to review applicant
 grant proposals. You might have a conflict with one or more. Should any conflict arise during your term, you must bring the matter to the
 attention of the NSF program officer who asked you to serve as a panelist This. official will determine how the matter should be handled and will
 tell you what further steps, if any, to take.

t2WN6~oswot~~~n-S((Il!a~~ml~[!lf]~~~l$l~-~m~B!
lf}r"'iJ;"[i;~~~ii~gi\i~~ you access to information not gene         available to the public, you must not use that information for your personal
 benefit or make it available for the personal benefit of any other individual or organization. This is to be distinguished from the entirely
 appropriate general benefit of learning more about the Foundation, learning from other panel members, or becoming better acquainted with the
 state of a given discipline.

              ..
~"":V"~ ~''-'Kt1i"""-t.l"'~~""'-M~'i'.:.·::i.r.u:;.'i!1io;o;~...v...i::~•!l;l:.."'ij"'b~-~·•';;;;:g""jj-"'~"-"'l:~Jiii!:~il·~~~""'""'""''&~~"'"'~illi~""""""'"""'"'";',w,;;;;;-,
~tti~~~~~j~~M--~~~@,_,9.u..~~...'!~JrmJ!~IJ!1.!~1lbJ..!JJ~!~I!t..U.JJr~JLGJi@ 8!81!~9~~!J..P.!~~~!~ -·~~~~.JY-~~~Ji.~~.r~M11-~~~~:~~~~i{~·;&:/f~--"l;:l:;~~-~l-':
                                                                                                                                                                                        ..•,"'"'"'".,-.:'··l·;?':i
The Foundation receives proposals in confidence and protects the confidentiality of their contents. For this reason, you must not copy, quote, or
otherwise use or disclose to anyone, including your graduate students or post-doctoral or research associates, any material from any proposal
you are .asked to review. If you believe a colleague can make a substantial contribution to the review, please obtain permission from the NSF
program officer before disclosing either the contents of the proposal or the name of any applicant or principal investigator.

''li'"";;;'-'-""!l:ld···--··tl   ll~;~··:t:•""<..::itcr~.>W"D"''-··!ii>'ll!·:;;;.,..;~"~:~smlru'r· .~llil·'·'·-a:~w.J;Jt•"~~~-,..~~.:i·'"'b.j!'lfij'"'""'~~~'""'··---•'""'~'.:<;,<o1!;~w·•e:-£.r.t;,,~,,,
                                                                                         4

jr1~9-,.llJJ~--~Il-:o-~~.---~-!'.J.;~9.J~~~~~¥ @n~..B-~&~~~,J.~llm~~~~~!&§~~~~-j§· -~V~~~~tgl~~~i'Jf~'fo\~~.;§:j..:f~~~Ilf.f~~'-~r-:·
NSF keeps reviews and your identity as a reviewer of specific proposals confidential to the maximum extent possible, except that we routinely
send to principal investigators (PI's) reviews oftheir own proposals without your name, affiliation, or other Identifying Information. Please
resp~rit ttii{pqnfide!liialit)i of ail'priilcipal il1v~tigato.rs <!rid of other reviewers. po not disclriseJheir ideniities; ihe relative assessments or
rarikirigs'of prop·osals by a peer review panel;' or oth.ei' details about the peer review of prop'osals:

Uriailthbrizeil dlscio5ure ofany cilnfidential infOrmation could subject your to sanctions.




                                                                                             above, that




Member's Name




NameofPaneiJIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII(_




NSF Form 1230P (5/08)
File In Panel File                                                                                                                       All Previous Editions are Obsolete