Proposed WA Bill Would Allow Employers To Request Facebook Passwords
from the no-more-private-life dept
The issue of employers reviewing and seeking to access the social media accounts of their applicants and employees is now several years old. To be honest, I’m more than a bit surprised the conversation persists, since it seems such an easy one to resolve, but I’ll get to that in a bit. Still there are some companies who do ask for social media login info. While there’s been some discussion about laws to forbid this practice, some in Washington state are trying to go in the other direction. Taking a bill that was constructed specifically to safeguard the passwords of applicants and employees, a proposed amendment would instead codify into law a company’s right to request those passwords for the purposes of an “investigation.” Via reader akp:
The amendment says that an employer conducting an investigation may require or demand access to a personal account if an employee or prospective employee has allegations of work-place misconduct or giving away an employer’s proprietary information. The amendment would require an investigation to ensure compliance with applicable laws or regulatory requirements.
Under the amendment, employees would be present when their social network profiles are searched and whatever information found is kept confidential, unless it is relevant to a criminal investigation.
One could easily be fooled into seeing this as reasonable compromise when it is in fact nothing of the sort. Let’s be clear on what social media is and is not. A Facebook account can include aspects that are both public and private. The very nature of the site’s privacy controls prove that to be the case. If I choose to share thoughts, messages, or anything else exclusively with my friends, which Facebook indeed allows me to do, what should it matter if those friends are sitting next to me on my couch or seated on their own couches reading my words on a website? It shouldn’t, yet this amendment would open up those thoughts and communiques to corporate fishing expeditions. Worse, it would open up the responses of any of my comrades to those same investigations. Were I to use company equipment for any of this, that can and should be reviewed by my employer, but a line is crossed when a password is given. No longer is the company investigating what their employer has done on the company machine, they’re investigating the account. That’s completely different.
Moreover, the clamor over company secrets and financial information being disseminated via social media seems to me to be manufactured outrage. How many victims of this sort of thing have there been compared to the massive breaches in that same information occurring due to poorly insulated networks? I would think corporate America should want to get its own house in order before strolling through mine. That the bill includes broad language allowing for investigations over “work-related misconduct” makes it all the more worrisome, as the EFF rightly notes.
This amendment “says they have a right to enter your digital home,” [Dave] Maass said. “It’s astounding that they would try to codify this and that all employers could do this… the national trend is to move away from this. It’s shocking that the amendment is going in the right opposite direction.”
Part of that trend includes the CFAA, which potentially makes logging into other people’s social media accounts, or giving out your password to anyone, a crime. Under those auspices, would every company that asked for the passwords in these investigations be party to criminal conduct? I would think those details would be ironed out in some way, but when you have to massage the bill to get around privacy of citizens, rather than protecting their privacy, you know you’ve got a bad bill.
Filed Under: employment, passwords, social media, washington
Comments on “Proposed WA Bill Would Allow Employers To Request Facebook Passwords”
Employment at will
They can’t get your password if you don’t have one
Re: Employment at will
Unfortunately, any company that thinks it has the right to go over people’s private information like that, will probably just assume that you’re lying when you tell them you don’t have a FB account, and act accordingly, most likely with threats of being fired unless you cough up the non-existent password.
Re: Re: Employment at will
There are companies that don’t??
Re: Re: Employment at will
Ugh. I didn’t think there could ever be something stupider than social networking. But there is: mandatory social networking.
So now I have to decide between unemployment, and removing the line “127.0.0.1 facebook.com” from my hosts file? Honestly, unemployment sounds better… Not really sustainable though, I suppose.
Re: Re: Employment at will
Here is what you tell that company:
“Dear Prospective Employer,
I’m not going to give you my Facebook password and here is why you still want to hire me.
When people interact with me and message me in social media, there is an implicit trust to keep their information confidential.
Similarly, when employees leave your company, certainly there is information you expect them to keep confidential.
If I were willing to give you this information, that would tell you that I am willing to betray the trust of others in my attempts to get a new job. The fact that I am willing to risk this job opportunity here shows that I can be trusted whereas the other candidates who comply are likely to violate your trust in the future if properly incentivized.
That is why you want to hire me.”
Unfortunately, this sort of policy specifically selects for employees that, if pressed, will betray these companies in the future.
Re: Employment at will
This is why its best not to have a facebook account.
Re: Employment at will
You do have a personal e-mail no? You do realize the bill does not specify Facebook, don’t you? Right.
I wonder if I have a multi-factor authentication system put in place if I’d be able to dodge such requirement. With the password you can access the account but only to the multi-factor confirmation.
Also, suppose you use LastPass. I have the most wacky passwords ranging from 10 to 20 characters and I can’t possibly memorize all of them. Would I be able to get away with saying “I don’t know the password to that account”? Would they manage to oblige me to grant them access to a service that may have passwords for far more services than some simple personal communications account?
Just a few questions that came to mind.
This is horrible. It’s about the same as searching through my mail. If you want to do it, you should need a warrant, and no employer should ever be demanding access to it.
Expect more idiotic laws from WA. I’m pretty sure they’re convinced we’re all too high to notice now that weed is legal here.
Re: Re:
Lets see now…
The Peoples Democratic Republic of California
The Peoples Democratic Republic of New York
The Peoples Democratic Republic of Massachusetts
And Now.. Introducting the latest “Socialist workers paradise”
The Peoples Democratic Republic of Washington
George Washington has GOT to be turning over in his grave…
Re: Re: Re:
I dont get it …..
Are you claiming that similar legislation has passed in Calf, NY & Mass?
How, exactly, is this socialist? Sounds more like a law found in a dictatorship.
Re: Re: On socialism vs. social media
Yeah, LVDave how is an employer’s ability to demand access to private social media accounts related to the economic practice of socialism? Do you even know what socialism is, or is it just a buzzword for things you don’t like?
You get that the United States is supposed to be a people’s republic, yes? And that some services in our economy are socialized, yes?
Re: Re: Re:
I think you mean fascist or corporatist.
Re: Re: Re:
You people have some funny ideas of what Socialism is
Re: Re: Re: Re:
I’m pretty sure the Socialist thing is more a dig at the fact that most countries with “Socialist” in their full names tend to be in actuality totaltarian crap-holes. Just like most countries called “People’s Democratic Republic of…” than any comment on what actual Socialism is.
Re: Re: Re:2 Re:
True, but we also see vast overuse of the words ‘socialist’ and ‘communist’ by people who really not only don’t have a clue what they mean, but use them for people who in most of the world are centre-left to centre-right. Seriously – even Maggie (bless her little cotton shroud) never thought to mess with the NHS, and nor have the UK Constipation party, who are pulling crap even Saint Maggie wouldn’t have dared do. Even these people would be labelled ‘socialist commies’ by far too many people who watch Faux or read Free Republic/Moonbattery.
Re: Re: Re:3 Re:
Indeed. But let’s save our criticism for people who are truly misusing the term.
Re: Re: Re:2 Re:
“I’m pretty sure the Socialist thing is more a dig at the fact that most countries with “Socialist” in their full names tend to be in actuality totaltarian crap-holes”
Yeah – like Calf, NY & Mass, totally
Wouldn’t the new CISPA make this illegal anyway? It would be a felony to break the ToS of a website and in the ToS of facebook it says don’t share your account details with anyone.
So applying for a job will land you a felony charge. Great.
Re: Re:
Asking for access is also against the ToS
Re: Re:
CFAA is the one that would make it a problem to break ToS. CISPA is the one that says online companies have to save all your info and hand it over to the government upon request.
If my employer wants my facebook passwords then I want my employers facebook passwords too.
Re: Re:
Good luck with that. How many laws can you afford to buy?
Terms of Service Violation?
Allowing someone else access to your account is a violation of the terms of service of pretty much every online service, ever.
If, and I quote “the amendment would require an investigation to ensure compliance with applicable laws or regulatory requirements.” Then I assume that includes abiding by the terms of the service between the prospective employee and his social networking service provider, meaning the prospective employee would be obligated to refuse to provide access to his accounts in order to honor the terms of that contract.
Why a state government would considering passing laws that encourage violating terms of service seems like it should be a discussion of its own.
Re: Terms of Service Violation?
I should add that the first company foolish enough to refuse to hire someone who refuses to violate a contract as a condition of employment… Well… That’ll be an interesting lawsuit.
Wouldn’t this violate the 4th Amendment?
Re: Re:
no
Re: Re: Re:
….. because the Bill of Rights stipulates limits upon the government, not necessarily business?
The Bill of Rights used to actually mean something, now it is apparently just guidelines so to speak.
Re: Re: Re: Re:
The Constitution limits the ability of Congress to pass legislation that violates the rights of citizens, so passing a law stating that the government allows a corporation to violate an individual’s expectation of privacy in a place a reasonable person would expect privacy is an act by Congress that violates the 4th Amendment.
Re: Re: Re:2 Re:
I thought there was more to it than a simple “no”.
Re: Re: Re:2 Re:
Exactly. The Constitution is the supreme law of the land. It’s designed to protect the American citizen from being violated or exploited by government or any other entity, including business. Your rights are NOT temporarily suspended upon entering a place of business; there is no such thing as a Constitution-free zone. If you willfully concede/suspend your Constitutional rights to a business, you may as well be doing the same for government considering the egretious laws they’re trying to pass in order to extract info from businesses without a warrant (CISPA).
Re: Re: Re:3 Re:
It’s designed to protect the American citizen from being violated or exploited by government or any other entity, including business.
This is true generally speaking, but many parts of it apply only to the government. The ones that say “Congress shall make no law…” for example. A business (Techdirt for example) is free to censor your speech, while the government is not.
Re: Re: Re:3 Re:
Re: Re: Re:4 Re:
You have no right to be free of warrantless searches of your person and belongings when inside Walmart.
I’m not sure exactly what you’re saying here, but I think I disagree. You don’t give up your 4th amendment rights just by walking into Walmart. And Walmart doesn’t have the right to search you just because you entered. They could tell you that in order to shop there you must submit to a search, but if you refuse all they can do is tell you to leave and then call the police if you don’t. They might be able to bodily remove you from the premises, I assume so since I guess that’s what bouncers do. But they certainly could not forcibly search you against your will. Unless I’m very wrong which would make me very sad.
Re: Re: Re:5 Re:
Re: Re: Re:6 Re:
If they set up metal detectors and security guards at the doorways and post signs saying “Searches required for entry”, they have every right to search you. Your remedy, if you don’t like it, is to go shop somewhere else.
That’s what I said. They don’t have the right to search you because you entered the building, but they can search you if you consent to it.
Re: Re: Re:4 Re:
I weep for the future of this country if this is the level of ignorance regarding the fundamental laws of our nation that is being churned out by the public schools these days.
Be glad he knows what the constitution is. My sister-in-law teaches social studies and told me that since social studies hadn’t been tested (no child left behind purposes I think), the elementary schools just hadn’t taught it. At all. She said some of her middle school students didn’t know who George Washington was.
Re: Re: Re: Re:
Company: We require your social media passwords, please write them down here.
Mr. Applegate: Sure, no problem. I will be happy to give them to you just as soon as you give me the administration passwords to all your servers and software.
Company: We can’t do that, it would violate our security policies!
Mr. Applegate: Exactly, are we done here?
Needless to say, I will NEVER work for a company who asks for my private information. I refuse to give my entire SS# until hired too.
Eh, companies shouldn’t be asking for Facebook logins, but that doesn’t mean it should be illegal.
Let them ask, and let their pool of decent applicants shrivel up accordingly. Of course, they might become liable for tortious interference with contract by inducing a Terms of Service violation.
Re: Re:
No, don’t even give them the chance to. Some top firms might know how coveted their positions are and use just such an opening to violate the rights of their applicants and employees. Never assume that transgressions will be addressed by the market. That’s one reason why we have so much unregulated corporate power in our society.
Re: Re: Re:
I’d rather have these things regulated poorly by the market than regulated idiotically by the government. We are in this situation exactly because we give so much power to government, who then enact laws against us.
You say unregulated like its a bad thing. Corporations love regulation. Its what keeps competitors out of the market.
Re: Re: Re:
This requirement would instantly make said company positions less coveted imho.
I wouldn’t consider any position that requires any kind of social media (I’m that antisocial -.-), let alone demand my credentials for it.
Bet you're wishin' that we would go awaaaaaaaaay!
The Inquisition was commanded that torture is to be applied but once, yet many, many cases required the continuance of that single session.
Torture should be moderate, and effusion of blood be scrupulously avoided inquisitorial torture remained conspicuously immoderate and bloody, but necessary I’m sure.
Whenever power is to be gained with contingency, it will always be arranged. When a power is to be exercised in moderation, the standard of what is moderate will fade from comprehension.
I’ve been reading old texts.
I keep saying this: We’re entering an age of boxes with false bottoms. Soon we will all require clean Facebook accounts to show our bosses and then real ones we access through the instruments of anonymity.
It will be the era of plausible deniability.
Re: Bet you're wishin' that we would go awaaaaaaaaay!
Soon we will all require clean Facebook accounts to show our bosses and then real ones we access through the instruments of anonymity.
It’s already happening.
My friend is a teacher in high school. She has 2 accounts. One she uses to get in touch with her alumni and the school (employers and her colleagues). Even though it’s allowed at work I do not access my account there. And my personal e-mail is protected behind 2 additional layers so even if they do know my password AND my google authenticator sequence there’s still the 3rd one (one-time use passwords ftw! your regular password is protected behind the one-time feature).
I’d rather delete everything than hand over info to people outside law enforcement. Even law enforcement would need a warrant. Not because I have anything to hide but because I value due process.
fta:
“The bill?s sponsor, Democrat Sen. Steve Hobbs of Lake Stevens, said Tuesday that he had not read the amendment, but he was aware of concerns from high-tech industries.”
Why do these “representatives” sponsor bills that they have not read? Seriously – wtf. That is a big part of his job duties. Another big part of his duty as a representative is representing the desires of his constituents, but apparently he does not feel inclined to do that either.
Re: Re:
A lot of our laws are written by companies like ALEC, so no, the politician who is fronting the bill may well never have actually read it. His corporate masters may have simply presented it to him and said, “Here, go push this law through…”:
“Through the corporate-funded American Legislative Exchange Council, global corporations and state politicians vote behind closed doors to try to rewrite state laws that govern your rights. These so-called “model bills” reach into almost every area of American life and often directly benefit huge corporations.”
That’s from the ALECexposed.org website. It’s pretty easy to see that corporations would love to be able to get their hands on their employees’ and potential employees’ personal and private info.
Re: Re: Re:
With the way things are going, next I imagine they’ll be wanting access to email accounts. It’s only the logical next step from owning your facebook profile.
Re: Re: Re:
I figured it was along those lines. Was it ALEC promoting this, or some other nefarious organization?
Re: Re: Re: Re:
From the linked article:
The bill amendment was introduced at the
House Labor Committee at the request of
business groups.
The article doesn’t get more specific than that, but then these guys don’t legally have to expose themselves to public scrutiny, it can all be done on the sly.
I do have to correct my previous misconception: Democratic Senator Steve Hobbs was the bill’s sponsor, NOT the amendment-to-the-bill’s sponsor. Someone else, unnamed, sneaked an amendment into his bill to reverse the original intent of the bill. His bill was to strengthen privacy and citizen’s rights, the amendment flipped it around so that corporations could get the password.
But my main point remains: some unnamed business groups donated cash to someone’s re-election coffers–which they are allowed to do per the Supreme Court’s Citizens United v. Federal Election ruling–and the amendment granting them powered that they wanted was slipped into the bill by a politician who did not legally have to put his or her name on it.
Did you know our representatives are allowed to insert amendments into bills completely anonymously if they so choose? I’m embarrassed to admit I learned this last week on The Daily Show.
From the very end of the linked article:
Cole said the amendment has broad language,
such as ‘work-related misconduct.’ ?It?s up to
the employer to define what that constitutes,? he said.
So… basically, corporations would be gifted with kind of power most people would associate with the judicial branch of our government.
Re: Re: Re:2 But the Inquisition's here and it's here to stay!
Cole said the amendment has broad language, such as ‘work-related misconduct.’ ?It?s up to the employer to define what that constitutes,? he said.
I’ve said this before and I will again:
Gaaaaaaaaaah!
Who would be so stupid (or so blatantly corrupt) that they’d try to pass something so abusive. Did Microsoft offer someone a dump-truck of money? Is it Microsoft? Who’s headquartered in Washington that has social ownership of employees as policy?
Re: Re: Re:3 But the Inquisition's here and it's here to stay!
Apologies to all regarding my orphaned html tags. I is dum this morning.
Re: Re:
Dude. Seriously. Read what you, yourself, just wrote.
Re: Re: Re:
I imagine you are referring to the fact that this was an amendment to the bill he sponsored. I’m not sure how that changes anything. If you sponsor a bill you have a duty to follow up and read all the crapola others attempt to attach – that is your job. I highly doubt there was insufficient time to do so, there was time enough for it to hit the press.
Re: Re: Re:
You made the same mistake I did: he wrote the bill, not the amendment they sneaked into it. But he really should keep up with what they’re doing to his bill.
Re: Re:
You’re so silly. You think our “representatives” know how to read. How naive and cute you are.
They’re all too busy playing golf and eating steak.
Re: Re:
You’re so silly. You think our “representatives” know how to read. How naive and cute you are.
They’re all too busy playing golf and eating steak.
Re: Re:
So… proposed amendments to bills are usually offered/added by other people.
While I’m sure many politicians don’t read things they are sponsoring at all, that’s not what he just said here.
Re: Re: Re:
I know: I misread it… but I corrected in another post and I stand by my general identification of the staggering problems with the way our laws get written.
Per the linked article, “Business groups” (who do not have to identify themselves), wrote the amendment to reverse the intent of the bill, and a politician (who also did not have to identify him or herself), inserted the amendment into the bill. Without the interference of those unnamed business groups, the amendment would not have been attached to the bill, and those business groups undoubtedly wrote every word.
Re: Re: Re: Re:
It’s a wonder anything gets done in Washington if a single rep can attach a rider. That leads to people just poison-pilling any bill they don’t like.
@#$##@ lawmakers
There are already laws in place for gaining access to private accounts. It’s called a subpoena.
Unfortunately this is typical of the state. Pass laws to benefit corporate and political interests under the guise of protecting the citizens.
Time to move to another state.
Re: @#$##@ lawmakers
Time to move to another state.
Time to move to another country.
FTFY
Re: Re: @#$##@ lawmakers
You may have more rights in the old Soviet Gulag.
It'd better be a test
If I was ever asked for a social media password and my answer of “hell no” wasn’t the correct answer to a test, I’d be perfectly fine not getting hired there. Granted, I’m a network administrator and a company like that would probably blame me for their inevitable security issues.
Re: It'd better be a test
But you see it’s not a company policy it’s the law and the law can be (ab)used at any time. I wonder if you just tell them to fuck off and leave the company, would they still be able to see your account under that law?
It seems a big violation of the 4th if you ask me (no warrant needed, really?) but then again the US Govt doesn’t hold the Constitution as something that should be followed these days.
Fortunately, the amendment has been withdrawn.
Personal Account?
Since may email service provider have allowed FB login, it could mean they can require access to employee’s personal email as well.
Btw, does “Personal Account” here only refer to social network account or have included email accounts already?
This is why I have two Facebook accounts..
One with my name that I might use once every year so I can say I’m not into Facebook.
Then my real with my gamer alias that has been maxed for ages lol. I blame the gifting system for having 4,970 people that I’ve never met on my list.
Re: Re:
I have a similar setup … my name is “David Jones,” but my FB page is for “DV Jones” (V is not my middle initial). Since I, as David Jones do not actually have an FB account, would I need to give them the password of the fictional character that they are not hiring?
I can understand requesting access from facebook to your account in some bizarre orwellian way. (it’s not like we have any reasonable expectation of privacy from anyone at this point)
But making a law saying that your employer should have your password?? This is a law that violates facebook’s own TOS. As well as the security of the end-user. Where the fuck is Facebook pushing back at this shit?
America – where workers’ rights mean squat. Another reason I will never go there.
Re: Worker's rights
America – where workers’ rights mean squat.
Sometimes they do. Sometimes they don’t. Late nineties were a good time for workers’ rights.
The far-right regime of the Bush administration killed all that, and then the recession’s made it difficult for us to return to our feet.
Re: Re: Worker's rights
The far-right regime of the Bush administration
Did you mean: fascist?
Re: Re: Re: Worker's rights
Did you mean: fascist?
We are heading in that direction at this point. For a while it’s been looking like academics are the new Jewry but with new screening technology, they can just cull out disgruntled poor people.
no one of authority in business or in Congress are interested in doing anything other than taking away as much privacy and as many freedoms as possible from ordinary people. it wont be long before there is nothing that an ordinary person can do without having it checked and double checked by either their employer or the government. surely it can only mean that those after the information are themselves misbehaving in pretty bad ways and have a great deal to hide? the best defense is attack. what is going on here makes me think that going through the minds of authority is ‘if we keep them busy trying to keep up with what we tell them they have to do, they wont have time to find out what we’re actually up to’. rather naughty, i think
Is there really a point, even from the employers' perspective?
I have never understood employers’ urge to peep into people’s social media accounts. At least where I live companies are having enough trouble going through all applications considering only professional factors – how many hours does it add to this process to go through people’s mostly irrelevant social network accounts as well? The accounts all the smart ones have edited before a job interview anyway. The accounts the smartest ones won’t have under their real names anyway.
The most troubling thing, however, is that if you weed out all the applicants who refuse to give out passwords and violate terms of service, YOU’RE ONLY HIRING PEOPLE WHO ARE HAPPY TO SHARE PASSWORDS AND VIOLATE CONTRACTS – even before they are hired. At this point, the potential employer is basically an unknown person to the applicant. To me, that sounds like the dumbest move ever, but hey, that’s just me 🙂
this “sounds” like a good idea…until…
the account credentials gets lost and weird posts appear on your facebook page. say an old flame gains access to the computer you used to show how high your morals are…and she posts some pretty ugly information.
who is responsible? you were only trying to get a job to feed your family…but that old flame just cost you a family.
Refusal
> The amendment says that an employer conducting
> an investigation may require or demand access
> to a personal account if an employee or
> prospective employee has allegations of
> work-place misconduct or giving away an
> employer?s proprietary information.
Once again, a news story fails to answer what I consider to be a basic question. What if you refuse? It’s all well and good to say a company has a ‘right’ to ‘demand’ your password, but if you refuse to give it, what can they do? Fire you? Well, that’s likely to happen anyway. Let’s face it, if you’ve reached the point where your employer is investigating you for corporate espionage and demanding your social media passwords, your future with that company ain’t all that bright in the first place. So just tell them to shove it and walk out the door.
the CFAA, which potentially makes logging into other people’s social media accounts, or giving out your password to anyone, a crime
How many more articles are going to continue to spread this rumor?
Judge Wu decided that using 18 U.S.C. ? 1030(a)(2)(C) against someone violating a ‘terms of service’ agreement would make the law overly broad. 259 F.R.D. 449
Re: Re:
How many more articles are going to continue to spread this rumor?
Judge Wu decided
Unless Judge Wu is a Supreme Court justice I haven’t heard of, it sounds like it could still be an issue.
Re: Re:
How many more articles are going to continue to spread this rumor?
Judge Wu decided that using 18 U.S.C. ? 1030(a)(2)(C) against someone violating a ‘terms of service’ agreement would make the law overly broad. 259 F.R.D. 449
Um. Judge Wu is a district court judge. He’s not even an appellate judge which would set precedent for that circuit. That ruling has no real precedence. Other courts have ruled otherwise, and the DOJ continues to present this theory of the CFAA.
So, the original statement is accurate.
Not on
I have to say that the idea of so-called social networking leaves me totally stone cold and I would never indulge. However, the thought of employers being able to legally access accounts sounds abhorrent and should be stamped on heavily. Just what has happened to privacy these days?
Bad reporting, TechDirt
It’s 2013, why doesn’t this “news” article contain a link to the bill (or at least its number)? TechDirt, why not actually do some real reporting, be specific, and empower your readers?
By the way, it’s SB-5211. And if you live in Washington State you should contact your representative and tell them how you feel about it.