Nicholas P. TIDES and Matthew Craig Neumann, Plaintiffs–Appellants, v. THE BOEING COMPANY, Defendant–Appellee.
We hold today that by its express terms, the whistleblower provision of the Sarbanes–Oxley Act, 18 U.S.C. § 1514A(a)(1), protects employees of publicly-traded companies who disclose certain types of information only to the three categories of recipients specifically enumerated in the Act—federal regulatory and law enforcement agencies, Congress, and employee supervisors. Leaks to the media are not protected.
In January 2007, plaintiffs Matthew Neumann and Nicholas Tides began working as auditors in Boeing's IT Sarbanes–Oxley (“SOX”) Audit group. Tides worked in St. Louis, and Neumann was based in Seattle. At the time, the IT SOX Audit group was one of two departments housed within Boeing's Corporate Audit organization. It was charged with helping the company comply with SOX's requirement that it annually assess the effectiveness of its internal controls and procedures for financial reporting. See 15 U.S.C. § 7262(a). Auditors in the IT SOX Audit group performed audits and testing on information technology controls.2 The group was staffed with about ten Boeing employees, including Tides and Neumann, and supplemented by approximately seventy contract auditors from the accounting firm PriceWaterhouseCoopers. Deloitte & Touche served as Boeing's external auditor and was responsible for annually attesting to, and reporting on, the company's assessments of its internal controls, as required by SOX. See id. § 7262(b).
Tides and Neumann claim that tensions were high in the IT SOX Audit group upon their arrival in January 2007 because management feared that Deloitte & Touche might declare a “material weakness” in the company's internal controls. They allege that managers pressured IT SOX auditors to rate Boeing's internal controls as “effective” and fostered a generally hostile work environment. Beginning in February 2007, Tides and Neumann began separately expressing concerns about this perceived pressure and several deficiencies in Boeing's auditing practices that they viewed as potential violations of SOX. Their primary concern related to Boeing's use of PriceWaterhouseCoopers contractors in the internal auditing of the company's IT controls. Tides and Neumann repeatedly complained to management about the practice of giving the contractors managerial authority over Boeing employees, as well as the involvement of the contractors in both the design and audit of Boeing's internal controls. They also expressed concerns about the integrity of data stored in the software system Boeing used to record its IT SOX audit results. Both auditors believed that the system permitted unauthorized users to alter the ratings given to the company's internal controls.
At some point in late April 2007, Andrea James, a reporter with the Seattle Post–Intelligencer, left messages on Tides' and Neumann's work phones asking each of them to speak with her about an article she was writing on Boeing's compliance with SOX. Neither Tides nor Neumann immediately responded to her requests, hoping instead to resolve their concerns internally with the help of management and human resources. At the time, both were aware that Boeing had in place a policy that restricted the release of company information to the news media. Boeing's policy, PRO–3439, required employees to refer “[i]nquiries of any kind from the news media” to the communications department and also prohibited the release of company information without prior review by that department.
In late May 2007, James contacted Neumann again, this time showing up uninvited at his home with another Post–Intelligencer reporter. Neumann agreed to speak with them about Boeing's compliance with SOX. He described the pressure he felt to render positive audit results and detailed a recent meeting where he and other IT SOX auditors expressed concerns over the role of PriceWaterhouseCoopers contractors in audits of Boeing's internal controls. James asked Neumann if he knew of any examples of significant deficiencies in Boeing's internal controls going unreported or of any auditors being instructed to change their findings, but he said he didn't know of any specifics. Several days after their meeting, James emailed Neumann an excerpt of a draft of her article. Neumann responded that the excerpt looked good and sent James the text of an email that he and other IT SOX auditors recently received from a manager. The manager's email reminded employees that Boeing policy prohibited the release of information to the media without prior approval from the communications department.
Tides contacted James in July 2007 after receiving what he viewed as a negative and unsubstantiated performance evaluation for the second quarter of the year. He forwarded her a series of work-related emails from his Boeing computer. Most of the emails documented the concerns he previously raised with management and human resources regarding perceived problems with the IT SOX Audit group's auditing practices. Tides also forwarded James several internal Boeing documents, including copies of the company's policies governing contract labor.
On July 17, 2007, the Post–Intelligencer published the article “Computer security faults put Boeing at risk,” co-authored by James. The article reported that “[f]or the past three years, The Boeing Co. has failed, in both internal and external audits, to prove it can properly protect its computer systems against manipulation, theft and fraud.” It detailed, among other things, a threatening company culture perceived by employees involved in SOX compliance, a record of poor internal audit results indicating that many of the company's computer system controls were failing, and an internal allegation that audit results were being manipulated.
At some point prior to the publication of the Post–Intelligencer article, Boeing caught on that several employees were likely releasing company information to the media. As a result, it authorized an investigation that included the monitoring of both Tides' and Neumann's work computers and email accounts. The investigation revealed that the two auditors were communicating with James without permission. Two months after the publication of the Post–Intelligencer article, Tides and Neumann were interviewed separately by HR investigators about their communications with James. Both admitted to speaking with her about Boeing's auditing practices and to providing her with company documents. After the interviews, Boeing suspended Tides and Neumann indefinitely. Their cases were then referred to an Employee Corrective Action Review Board, a committee composed of five voting members and one non-voting ethics advisor to evaluate charges of employee misconduct. After reviewing the applicable Boeing policies and the investigative reports detailing the two auditors' contacts with the media, the Board unanimously voted to terminate Tides and Neumann effective September 28, 2007 and October 1, 2007, respectively. Both were later informed in writing that:
It has been determined that you created an unacceptable liability for the Company. Specifically, you violated PRO–2227, Information Protection, by disclosing Boeing information 3 to non-Boeing persons without following appropriate procedures, obtaining necessary approvals and putting in place appropriate safeguards. In addition, you violated PRO–3439 by not referring inquiries from the news media to Communications, and by releasing information without approval in accordance with the requirements of said PRO. Your actions are aggravated by the fact that the information had an adverse effect on the Company's reputation and its relations with its employees, customers, shareholders, suppliers and other important constituents, causing significant liability. The Company deems your behavior in this incident as unacceptable and in violation of its expectations as defined in PRO–1909.
Following their terminations, Neumann and Tides filed SOX whistleblower complaints with the Occupation Safety and Health Administration4 on December 21, 2007 and December 26, 2007, respectively. After over nine months of delay, the agency issued letters acknowledging Tides and Neumann's right to proceed de novo in federal court.5 Tides and Neumann filed separate complaints in district court, alleging that they were terminated in violation of 18 U.S.C. § 1514A(a)(1) for reporting violations of SOX and other securities laws. Their cases were later consolidated. Boeing moved for summary judgment. On February 9, 2010, the district court granted Boeing's motion. This timely appeal followed. We have jurisdiction to hear this case under 28 U.S.C. § 1291.
II. STANDARD OF REVIEW
We review the district court's grant of summary judgment de novo. Evanston Ins. Co. v. OEA, Inc., 566 F.3d 915, 918 (9th Cir.2009). In doing so, “[w]e must determine, viewing the evidence in the light most favorable to [Tides and Neumann], whether there are any genuine issues of material fact and whether the district court correctly applied the substantive law.” Olsen v. Idaho State Bd. of Med., 363 F.3d 916, 922 (9th Cir.2004). We also review de novo questions of statutory interpretation. Beeman v. TDI Managed Care Servs., Inc., 449 F.3d 1035, 1038 (9th Cir.2006).
SOX's whistleblower provision, 18 U.S.C. § 1514A, protects employees of publicly-traded companies from discrimination in the terms and conditions of their employment when they take certain actions to report conduct that they reasonably believe constitutes certain types of fraud or securities violations. Section 1514A claims are governed by a burden-shifting procedure under which the plaintiff is first required to establish a prima facie case of retaliatory discrimination. See id. § 1514A(b)(2)(A); 49 U.S.C. § 42121(b)(2)(B)(i). To make out a prima facie case, the plaintiff must show that: (1) he engaged in protected activity or conduct; (2) his employer knew or suspected, actively or constructively, that he engaged in the protected activity; (3) he suffered an unfavorable personnel action; and (4) the circumstances were sufficient to raise an inference that the protected activity was a contributing factor in the unfavorable action. Van Asdale v. Int'l Game Tech., 577 F.3d 989, 996 (9th Cir.2009); 29 C.F.R. § 1980.104(b)(1)(i)-(iv). If the plaintiff meets his burden of establishing a prima facie case, then “the employer assumes the burden of demonstrating by clear and convincing evidence that it would have taken the same adverse employment action in the absence of the plaintiff's protected activity.” Van Asdale, 577 F.3d at 996.
The issue in this case comes down to whether the plaintiffs' disclosures to the Post–Intelligencer were protected under § 1514A(a)(1).6 To answer that question, we turn to the statute's language to determine whether it has a plain meaning. See McDonald v. Sun Oil Co., 548 F.3d 774, 780(9th Cir.2008). “The preeminent canon of statutory interpretation requires us to presume that [the] legislature says in a statute what it means and means in a statute what it says there. Thus, our inquiry begins with the statutory text, and ends there as well if the text is unambiguous.” Id. (quoting BedRoc Ltd., LLC v. United States, 541 U.S. 176, 183 (2004) (internal citation and quotation marks omitted)). If the statutory language is ambiguous, however, then we may refer to legislative history to discern congressional intent. United States v. Gallegos, 613 F.3d 1211, 1214 (9th Cir.2010). We may also look to other related statutes because “statutes dealing with similar subjects should be interpreted harmoniously.” United States v. Nader, 542 F.3d 713, 717 (9th Cir.2008) (internal quotation marks omitted).
Section 1514A(a)(1) provides that:
(a) No [publicly-traded company] ․ may discharge, demote, suspend, threaten, harass, or in any other manner discriminate against an employee in the terms and conditions of employment because of any lawful act done by the employee—
(1) to provide information, cause information to be provided, or otherwise assist in an investigation regarding any conduct which the employee reasonably believes constitutes a violation of section 1341 [mail fraud], 1343 [wire fraud], 1344[bank fraud], or 1348 [securities fraud], any rule or regulation of the Securities and Exchange Commission, or any provision of Federal law relating to fraud against shareholders, when the information or assistance is provided to or the investigation is conducted by—
(A) a Federal regulatory or law enforcement agency;
(B) any Member of Congress or any committee of Congress; or
(C) a person with supervisory authority over the employee (or such other person working for the employer who has the authority to investigate, discover, or terminate misconduct).
18 U.S.C. § 1514A(a)(1).
The plaintiffs contend that their disclosures of perceived SOX violations to the Post–Intelligencer were protected under § 1514A(a)(1) because reports to the media may eventually “cause information to be provided” to members of Congress or federal law enforcement or regulatory agencies. We decline to adopt such a boundless interpretation of the statute. The plain language of § 1514A(a)(1) protects employees of public companies from retaliation only when they “provide information, cause information to be provided, or otherwise assist in an investigation” concerning specified types of fraud or securities violations “when the information or assistance is provided to or the investigation is conducted by” one of three individuals or entities: (1) a federal regulatory or law enforcement agency, (2) a member or committee of Congress, or (3) a supervisor or other individual who has the authority to investigate, discover or terminate such misconduct. 18 U.S.C. § 1514A(a)(1). Members of the media are not included. If Congress wanted to protect reports to the media under § 1514A(a)(1), it could have listed the media as one of the entities to which protected reports may be made. Or, it could have protected “any disclosure” of specified information, as it did with the Whistleblower Protection Act, 5 U.S.C. § 2302. But it took neither course, opting instead to limit protected activity to employees who raise certain concerns of fraud or securities violations with those authorized or required to act on the information.
When Congress wants to protect the disclosure of any information to any entity, it knows how to do so. The Whistleblower Protection Act prohibits retaliation against government employees and job applicants for “any disclosure of information” that the employee or applicant reasonably believes constitutes “a violation of any law, rule, or regulation, or ․ gross mismanagement, a gross waste of funds, an abuse of authority, or a substantial and specific danger to public health or safety” as long as “such disclosure is not specifically prohibited by law and if such information is not specifically required by Executive order to be kept secret in the interest of national defense or the conduct of foreign affairs.” 5 U.S.C. § 2302(b)(8) (emphasis added). Relying on this language, courts and administrative bodies have interpreted the Whistleblower Protection Act to protect government employees who expose wrongdoing to members of the press. See, e.g., Horton v. Dep't of Navy, 66 F.3d 279, 282 (Fed.Cir.1995); Costin v. Dep't of Health & Human Servs., 72 M.S.P.R. 525, 536 (M.S.P.B.1996). But the expansive language of that Act stands in stark contrast to the limiting text of § 1514A(a)(1). While the Whistleblower Protection Act protects “any disclosure” without limitation or qualification as to the specific types of entities to which protected whistleblower reports may be made, § 1514A(a)(1) is not so generous. This distinction lends further support to our conclusion that § 1514A(a)(1) does not protect employees of public companies who disclose information regarding fraud or certain securities violations to members of the media. See White v. Lambert, 370 F .3d 1002, 1011 (9th Cir.2004), overruled on other grounds by Hayward v. Marshall, 603 F.3d 546(9th Cir.2010) (en banc) (“[W]hen Congress uses different text in ‘adjacent’ statutes, it intends that the different terms carry a different meaning.”).
Construing § 1514A(a)(1) in the manner urged by the plaintiffs would essentially read the terms “a Federal regulatory agency or law enforcement agency” and “any Member of Congress or any committee of Congress” out of the statute. Such a result is one we must avoid, as “it is not within the judicial province to read out of the statute the requirement of its words.” Quarty v. United States, 170 F.3d 961, 973(9th Cir.1999) (quoting United States v. Felt & Tarrant Mfg. Co., 283 U.S. 269, 273 (1931)). If, as the plaintiffs contend, the disclosure of information to the media is protected on the ground that it may ultimately fall into the hands of a member of Congress or a federal regulator, then virtually any disclosure to any person or entity would qualify as protected whistleblower activity, provided the information pertains to one of the statutorily-defined categories of unlawful conduct set forth in § 1514A(a)(1). We decline to afford such an expansive meaning to the statutory language.
Although we need not resort to the legislative history of § 1514A because the plain meaning of the statute is clear, see United States v. Hall, 617 F.3d 1161, 1167(9th Cir.2010), we can sleep well knowing that it reinforces our conclusion above. Section 1514A was passed in response to “a culture, supported by law, that discourage[d] employees from reporting fraudulent behavior not only to the proper authorities, such as the FBI and the SEC, but even internally.” S.Rep. No. 107–146, at 5 (2002) (emphasis added); see also Day, 555 F.3d at 52. In its report discussing the scope of SOX's protections for whistleblowers, the Senate Judiciary Committee explained that the whistleblower provision was intended to protect “employees of publicly traded companies who report acts of fraud to federal officials with the authority to remedy the wrongdoing or to supervisors or appropriate individuals within their company.” S.Rep. No. 107–146, at 18–19 (emphasis added). The Committee also clarified that SOX's whistleblower provision protects employees of public companies “when they take lawful acts to disclose information or otherwise assist criminal investigators, federal regulators, Congress, their supervisors (or other proper people within a corporation), or parties in a judicial proceeding in detecting and stopping actions which they reasonably believe to be fraudulent.” Id. at 19. Each of these statements makes clear that, in enacting § 1514A(a)(1), Congress intended to protect disclosures only to individuals and entities with the capacity or authority to act effectively on the information provided. Nowhere in the Committee's report is there any indication that Congress intended § 1514A(a)(1) to be interpreted so broadly as to protect employee disclosures to members of the media.
In sum, the plain meaning of the statutory language excludes the expansive interpretation advanced by the plaintiffs. We therefore hold that § 1514A(a)(1) does not protect employees of publicly-held companies from retaliation when they disclose information regarding designated types of fraud or securities violations to members of the media. Though unnecessary to this result, the legislative history gives no reason to doubt that Congress said what it meant to say. Boeing was within its rights under § 1514A(a)(1) to terminate the plaintiffs for violating company policy prohibiting unauthorized disclosures of Boeing information to the media. Because the district court properly granted summary judgment on the ground that the plaintiffs' disclosures to the Post–Intelligencer did not fall within the scope of § 1514A(a)(1)'s protection, we need not address whether the disclosures “definitively and specifically” relate to one of the listed categories of fraud or securities violations, see Van Asdale, 577 F.3d at 996–97, or whether there is any triable issue of fact as to whether Boeing's reason for terminating the plaintiffs was pretextual, see id. at 996.
1. Because Tides and Neumann appeal from an order granting Boeing summary judgment, we set forth the relevant facts in the light most favorable to them. See Chuang v. Univ. of Cal. Davis, Bd. of Tr., 225 F.3d 1115, 1120 n.3 (9th Cir.2000).
2. An information technology (“IT”) control is a policy or procedure implemented by a company to ensure the confidentiality and integrity of its IT functions, such as a procedure requiring the testing and approval of software before installation on a company computer.
3. PRO–2227 defines “Boeing information” as “all non-public information that is owned by Boeing.” Under the policy,”[a]ll Boeing information is presumed to have value and be proprietary, confidential, and/or trade secret information.”
4. The Secretary of Labor has delegated responsibility for receiving and investigating whistleblower complaints to OSHA, an agency within the Department of Labor. See Day v. Staples, 555 F.3d 42, 53 n.4 (1st Cir.2009); 29 C.F.R. § 1980.103(c).
5. If the Secretary of Labor does not issue a final decision within 180 days of the filing of the complaint and there is no showing that such delay is due to the bad faith of the claimant, then the claimant may seek de novo review in district court, which will have jurisdiction over the action regardless of the amount in controversy. 18 U.S.C. § 1514A(b)(1)(B); see also Day, 555 F.3d at 53 n.5.
6. Amicus curiae the National Whistleblowers Center argues that disclosures to the media may also be protected under § 1514A(a)(2). We decline to address this argument. The plaintiffs brought their complaints under § 1514A(a)(1), and the district court did not explicitly address whether their disclosures were protected under § 1514A(a)(2). We generally do not review issues raised only by an amicus curiae. See Russian River Watershed Prot. Comm. v. City of Santa Rosa, 142 F.3d 1136, 1141 n.1 (9th Cir.1998). Nor will we review issues that are not raised in district court, absent special circumstances not present here. See Int'l Union of Bricklayers & Allied Craftsman Local Union No. 20 v. Martin Jaska, Inc., 752 F.2d 1401, 1404 (9th Cir.1985).
SILVERMAN, Circuit Judge: