Proposed WA Bill Would Allow Employers To Request Facebook Passwords
from the no-more-private-life dept
The issue of employers reviewing and seeking to access the social media accounts of their applicants and employees is now several years old. To be honest, I’m more than a bit surprised the conversation persists, since it seems such an easy one to resolve, but I’ll get to that in a bit. Still there are some companies who do ask for social media login info. While there’s been some discussion about laws to forbid this practice, some in Washington state are trying to go in the other direction. Taking a bill that was constructed specifically to safeguard the passwords of applicants and employees, a proposed amendment would instead codify into law a company’s right to request those passwords for the purposes of an “investigation.” Via reader akp:
The amendment says that an employer conducting an investigation may require or demand access to a personal account if an employee or prospective employee has allegations of work-place misconduct or giving away an employer’s proprietary information. The amendment would require an investigation to ensure compliance with applicable laws or regulatory requirements.
Under the amendment, employees would be present when their social network profiles are searched and whatever information found is kept confidential, unless it is relevant to a criminal investigation.
One could easily be fooled into seeing this as reasonable compromise when it is in fact nothing of the sort. Let’s be clear on what social media is and is not. A Facebook account can include aspects that are both public and private. The very nature of the site’s privacy controls prove that to be the case. If I choose to share thoughts, messages, or anything else exclusively with my friends, which Facebook indeed allows me to do, what should it matter if those friends are sitting next to me on my couch or seated on their own couches reading my words on a website? It shouldn’t, yet this amendment would open up those thoughts and communiques to corporate fishing expeditions. Worse, it would open up the responses of any of my comrades to those same investigations. Were I to use company equipment for any of this, that can and should be reviewed by my employer, but a line is crossed when a password is given. No longer is the company investigating what their employer has done on the company machine, they’re investigating the account. That’s completely different.
Moreover, the clamor over company secrets and financial information being disseminated via social media seems to me to be manufactured outrage. How many victims of this sort of thing have there been compared to the massive breaches in that same information occurring due to poorly insulated networks? I would think corporate America should want to get its own house in order before strolling through mine. That the bill includes broad language allowing for investigations over “work-related misconduct” makes it all the more worrisome, as the EFF rightly notes.
This amendment “says they have a right to enter your digital home,” [Dave] Maass said. “It’s astounding that they would try to codify this and that all employers could do this… the national trend is to move away from this. It’s shocking that the amendment is going in the right opposite direction.”
Part of that trend includes the CFAA, which potentially makes logging into other people’s social media accounts, or giving out your password to anyone, a crime. Under those auspices, would every company that asked for the passwords in these investigations be party to criminal conduct? I would think those details would be ironed out in some way, but when you have to massage the bill to get around privacy of citizens, rather than protecting their privacy, you know you’ve got a bad bill.