NATIONAL SCIENCE FOUNDATION
OFFICE OF INSPECTOR GENERAL
OFFICE OF INVESTIGATIONS
CLOSEOUT MEMORANDUM
Case Number: A11070051 Page 1 of 1
We received an allegation that a reviewer 1 posted links to 22 confidential NSF proposals,
all from the same panel,2 on a website. Our investigation determined that the reviewer had
another person place the proposals on a personal page within a website, which he believed was
private. The page was not private and the proposals became temporarily available for public view
via search engine. At least one confidential proposal was found via Internet search by a third
party who then emailed its PI.
We sent a report to the agency, recommending actions to protect the federal interest. The
agency determined that the relevant Division Director should send the reviewer a warning letter
and he did.
This memo, the attached Report of Investigation, and the attached warning letter constitute
the case closeout. Accordingly, this case is closed.
NSF OIG Form 2 (11102)
National Scienc:e Foundation • Offic:e of Inspector Genetal
4201 Wilson Boule'\tard~ Suite II-705, Arlington,Virginia 22230
AUGOS"'-~012
To: Cora B. Marrett
Deputy Director
From:
Subject: Breach of Confidentiality Investigation Report All 070051
Attachedis our confidential·u:·LVe!;ttg.attc::>nrepo'rt
reviewer confidentiality against Dr.
the basis of oqr investigation, we CODlcluded
proposals on the Internet.
We recomrilend that NSF ban Dr.- from servilig as a reviewer, advisor~ or
consultant for NSF for a period of 2 years, which we believe· will adequately protect NSPs
interests. The reasons for our recommended actions are described in detail in the report. In
response to om <haft report, D r . - reiterated his previous statements from responses to our
inquiry letter. We reviewed the response and detenninedthat itdid not warrant a revision of the
report
If you have any questions about the •investigation report or our recommended findings
and dispositioD; I would be happy to discuss them with you. My staff point of contact for this
matteris-at70~~
Attachment
cc: Lawrence Rudolph, General Counsel
Kathryn Sullivan, Office of the Director's Liaison to OIG
CONFIDENTIAL CONFIDENTIAL
Executive Summary
Allegation: We received an allegation that a reviewer (the Subject) posted links to 22
NSF proposals, all from the same panel, on a website.
OIG Investigation: Our investigation determined that the Subject provided confidential
proposals to his wife for the purpose of posting the proposals on a private
webspace allocated to him by his company. The webspace was not as private
as the Subject claimed to have thought, and the proposals were available for
public view through an Internet search engine. At least one confidential
proposal was found by a third party via Google search. The third party
subsequently discussed the proposal. with its Pl.
OIG Prohibit the Subject from participating as a reviewer, advisor, or consultant
Recommendation: for NSF for a period of 2 years.
1
CONFIDENTIAL CONFIDENTIAL
[R]espect the confidentiality ofall principal investigators and of
other reviewers. Do not disclose their identities, the relative
assessments or rankings of proposals by a peerreview panel, or
other details about the peer review of proposals. Unauthorized
disclosure of any confidential information could subject your [sic]
to sanctions,
We confirmed that the Subject signed the 12JOP form for the review atiss{1e. w
OIG Investigation
We reviewed the materials the allegation, including the screenshot
through which we verified, as of 2:01PM: 1) the NSF proposals were
discoverable on the Internet via Google searc~ 1 and 2) Google had cached copiesofthe
confidential NSF material. 12 Although the panel ended in May, the Subject failed to promptly
delete the proposals~ which remained on his webspacewhere they were discovered bya third
parcyY
Results ofCommur#cation withthe Subject
We wrote to the Subject14 seeking his response to the allegation and to related questions.
When he failed to respond by the due date, we contacted him via emaiL He explained that he had
lost our correspondence and asked us to forward an electronic eopy of the materials, which we
supplied.
Based on the Subject's cursory, initial response, he did not appear to understand the
gravity oftheallegations. 15 We contacted him by phoneto obtain a more detailed response.
During the call, he told us he had made a mistake; he said he pl.lt the proposals on what he
thought was a secure web site, but i.t was evidently publicly available on the WorldWide Web:
We asked him to consider providing a more detailed written response to our questions; he
agreed.
In his second written response, the Subject explained that he had previously believed that
the server space on which he placed the proposal~ "\vas private and nofdiscoveiable'' 16 and tha(
he did not disclose the URL to anyone else. He
did state, however, that he gave the proposal files
to his wife,so that she could assist him with File Transfer Protocol.(FTP) software to upload the
proposals17 to the server/webspace; He indicated that "she did not read orshare the proposals
within the company's Internet domain. Specifically, they were at:
See also Tabl for one of the screenshots provided tp our office.
See Tab 1.
13
We also determined that the PI ofone of the proposals had been contacted by a third party, who had found the
PI's proposal via Google search; The PI was understandably concerned that the non-public inteUectual property
contained in the proposal was readily available via Internet search, and that someone unaffiliated. with NSF had read
the proposaL
14
SeeTab4.
15
See TabS,
h> Tab (},page 1.
17
The primary use ofFTP software is to enable placing documents onto a web server that. as the name implies,
serves documents ex1:emally to the web.
3
CONFIDENTIAL CONFIDENTIAL
«server". which he believed \Vas something wholly separate (and therefore undiscoverable) from
the website.
Other documents in the Company webspace
While reviewing the Subject's webspace,24 we determined that one ofhis webpages is
protected from public viewing via a privacy mechanism, the website's robots.txt. 25 This appears
to illustrate that the Subject took more care to protect a personal page on his webspace, a space
he believed to be private,26 than he did to protect confidential NSF proposals.27
OIG Assessment
Our investigation revealed that the Subject had 22 confidential NSF proposals posted on
his company's webspace which caused the proposals to be publically available via an Internet ·
search engine. During our investigation, we also determined that the Subject gave access to the
confidential proposals to his wife, contra to NSF rules? 8 Similarly, we note that although the
~1 was held on M a y - ' the proposals were still on the Subject's webspace on June 21,
29
. . . and thus available to the public through an Internet search. These actions constitute
violations ofNSF Policy.
Given the Subject's area of expertise and the use of a privacy mechanism to protect some
of the information on his webspace> we are not convinced of the plausibility of the Subject's
assertions that be believed his webspace was private.
The seriousness of making confidential NSf' proposals available to the Subject's wife and
ultimately the public is exacerbated by the fact that one ofthe Principal Investigators (Pis)
became aware that his/her proposal was accessible online when contacted by a third party to
discuss the proposed research. The PI expressed a great deal of concern about the intellectual
work which was not supposed to have been public.
We conclude that he recklessly gave his wife access to the proposals and caused the
proposals to be uploaded onto a server connected to the Internet which resulted in at least one
confidential proposal to be viewed by an unrelated third party.
Recommendations
The full extent to which NSF Pis were harmed by the Subject's actions cannot be
assessed. We do know that at least one person contacted an NSF PI with questions about the PI's
confidential NSF proposal.
24
The same web space on which he had the NSF proposals placed.
25
A "robots.M", or Robots Exclusion Protocol, is an extremely common tool in the form of a text file. The file's
instructions (to web crawlers) list specific pages that a website's does not want them to index. See Tab 8
for an example, the robots.txt that is utilized by the site at
26
See Tab 6, page L ,
27
See Tab 8.
28
Despite signing a conflict-or-interest form (1230P), a certification which explains NSF's confidentiality rules and
despite viewing banners which stressed the importance of privacy, including the importance of destro:;-ing copies
after conclusion of a panel.
:1.'1 More than a month after the panel concluded.
5
CONFIDENTIAL CONFIDENTIAL
Attachments
1. Screenshot of Website containing proposals.
2. Screenshots from NSF FastLane (From the Demonstration Site)
3. Form 1230P
4. Letter to the Subject
5. Subject's Response 1
6. Subject's Response 2
7. Biographies of the Subject from the Company's website
8. Error message and the Company's Robots.txt
9. The Subject's Response to the Draft ROI
7
NATIONAL SCIENCE FOUNDATION
4201 WILSON BOULEVARD
ARLINGTON, VIRGINIA 22230
December 18, 2012
It has come to my attention that 22 prcJPC>sats reviewed for the National Science
Foundation's inMay2cJI
While this posting may have been
unintentional, I am writing to ensure you are aware ofNSFs policies and requirements for
your services as a panelist. In addition, I want to remind you of your obligation to maintain the
confidentiality of proposals and applicants (in addition to the identities of reviewers and the
review process).
The Foundation receives proposals in confidence and protects the confidentiality of their
contents. Prior to your May 2cJI panel service you certified that you understood NSF policies
and that you would not divulge or use confidential information.
NSF requires specific protections for sensitive information related to the work we perform,
particularly the peer review process and the confidential proposals we receive for review.
Safeguarding proposals and preventing the disclosure of this information is essential to ensure
we retain the scientific community's and the public's trust.
We take the protection of the NSF peer review process very seriously and continue to work to
protect and secure NSF information. If you have any questions, please contact me.
Division Director
Enclosed copy o f - signed 1230P
National Science Foundation
Arlington, VA 22230
Conflict-of-Interests and Confidentiality Statement for NSF Panelists
Includes members of proposal review panels; site visitors; and committee of visitors.
~f~i:.Y~!i~:@)UJ.i.l.~[fifJ~I§i@~Li.it:£'~~~~~~!{~~§1"1i~-ltr~11~~y~~~~~!t?iiiftJ0i~i:SMl~:\
Your designation as an NSF panelist requires that you be aware of potential conflict situations that may arise. Read the examples of potentially
biasing affiliations or relationships listed on the second page or back of this form. As an NSF panelist, you will be asked to review applicant
grant proposals. You might have a conflict with one or more. Should any conflict arise during your term, you must bring the matter to the
attention of the NSF program officer who asked you to serve as a panelist This. official will determine how the matter should be handled and will
tell you what further steps, if any, to take.
t2WN6~oswot~~~n-S((Il!a~~ml~[!lf]~~~l$l~-~m~B!
lf}r"'iJ;"[i;~~~ii~gi\i~~ you access to information not gene available to the public, you must not use that information for your personal
benefit or make it available for the personal benefit of any other individual or organization. This is to be distinguished from the entirely
appropriate general benefit of learning more about the Foundation, learning from other panel members, or becoming better acquainted with the
state of a given discipline.
..
~"":V"~ ~''-'Kt1i"""-t.l"'~~""'-M~'i'.:.·::i.r.u:;.'i!1io;o;~...v...i::~•!l;l:.."'ij"'b~-~·•';;;;:g""jj-"'~"-"'l:~Jiii!:~il·~~~""'""'""''&~~"'"'~illi~""""""'"""'"'";',w,;;;;;-,
~tti~~~~~j~~M--~~~@,_,9.u..~~...'!~JrmJ!~IJ!1.!~1lbJ..!JJ~!~I!t..U.JJr~JLGJi@ 8!81!~9~~!J..P.!~~~!~ -·~~~~.JY-~~~Ji.~~.r~M11-~~~~:~~~~i{~·;&:/f~--"l;:l:;~~-~l-':
..•,"'"'"'".,-.:'··l·;?':i
The Foundation receives proposals in confidence and protects the confidentiality of their contents. For this reason, you must not copy, quote, or
otherwise use or disclose to anyone, including your graduate students or post-doctoral or research associates, any material from any proposal
you are .asked to review. If you believe a colleague can make a substantial contribution to the review, please obtain permission from the NSF
program officer before disclosing either the contents of the proposal or the name of any applicant or principal investigator.
''li'"";;;'-'-""!l:ld···--··tl ll~;~··:t:•""<..::itcr~.>W"D"''-··!ii>'ll!·:;;;.,..;~"~:~smlru'r· .~llil·'·'·-a:~w.J;Jt•"~~~-,..~~.:i·'"'b.j!'lfij'"'""'~~~'""'··---•'""'~'.:<;,<o1!;~w·•e:-£.r.t;,,~,,,
4
jr1~9-,.llJJ~--~Il-:o-~~.---~-!'.J.;~9.J~~~~~¥ @n~..B-~&~~~,J.~llm~~~~~!&§~~~~-j§· -~V~~~~tgl~~~i'Jf~'fo\~~.;§:j..:f~~~Ilf.f~~'-~r-:·
NSF keeps reviews and your identity as a reviewer of specific proposals confidential to the maximum extent possible, except that we routinely
send to principal investigators (PI's) reviews oftheir own proposals without your name, affiliation, or other Identifying Information. Please
resp~rit ttii{pqnfide!liialit)i of ail'priilcipal il1v~tigato.rs <!rid of other reviewers. po not disclriseJheir ideniities; ihe relative assessments or
rarikirigs'of prop·osals by a peer review panel;' or oth.ei' details about the peer review of prop'osals:
Uriailthbrizeil dlscio5ure ofany cilnfidential infOrmation could subject your to sanctions.
above, that
Member's Name
NameofPaneiJIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII(_
NSF Form 1230P (5/08)
File In Panel File All Previous Editions are Obsolete
Peer Review violation
Published by the National Science Foundation, Office of Inspector General on 2013-01-15.
Below is a raw (and likely hideous) rendition of the original report. (PDF)