IL Follows Suit: Employers Right To Ask For Social Media Passwords Codified Into Law
from the digital-homes dept
Just a few weeks back we relayed the news that Washington State was seeking to codify into law an employer’s right to ask for the social media passwords of their employees. I continue to be amazed both at why such a law was considered in the first place, as well as why there hasn’t been more backlash against it. That said, I imagine the answer to the latter has something to do with the idea that employees and prospective employees could deny that request, so perhaps some people think that there’s little to no impact overall. This, on its face, is obviously silly. Were there going to be no impact to denying the request, employers would never make it in the first place. You have to imagine that an employee, and to a larger extent an applicant, is going to face enormous pressure to give the key to their personal sites away, whether that pressure is real or imagined.
However, since the bill hasn’t been challenged in the court of public opinion, others are now beginning to follow suit. Such is the case in Illinois, where the state House passed a bill this week, sponsored by Jim Durkin, that gives employers there the same rights. And, of course, it’s all done in the name of protecting the workplace.
The Illinois House passed a bill today that would allow employers to request access to employees’ personal web accounts used for business purposes, like Facebook and other social networking sites. As if people aren’t paranoid enough already. To be clear, the bill does not mandate that employees supply the information, and no one could be fired or penalized for noncompliance. The idea is to allow employers the opportunity to investigate employee misconduct, protect trade secrets, and prevent workplace violence by monitoring online activities. Even without it being mandatory to share your login and password, you could imagine a boss putting a subordinate under some uncomfortable pressure.
A challenge to everyone, if I may. If you were able to somehow catalog and characterize every single instance of employee misconduct, trade secret revealing, and workplace violence, exactly what percentage of them would you guess could have been prevented by proactive investigation of social media? Further, what percentage of such cases are such that the key evidence that would conclude any investigation into them would be only made available with a social media password? These are the kinds of answers with which I would expect proponents of such laws to be beating us over the head, yet you never seem to see any data in the reports. It all essentially comes down to, “We need to give employers the right to ask for social media passwords, because violence, scary internet, and children.”
Do you know why we highlight when stupid criminals spurt their stupid juices all over the internet? Because they’re the vast exception, not the rule. Creating the kind of animosity between employers and employees such as this bill will do is an awful over-reaction to those stories.
Filed Under: illinois, jim durkin, social media, washington state
Comments on “IL Follows Suit: Employers Right To Ask For Social Media Passwords Codified Into Law”
As far as I can see this law is unconstitutional. But wait, the Constitution has no value to the United Police States of America anymore so just carry on.
Still, I do want to see ppl challenging such idiocy on Constitutional grounds.
Re: Re:
Also raises a series of questions:
What if you don’t have social media account?
Is rejecting someone on that basis count as discrimination based on social behavior?
What if you deny having said account?
What constitutes “social media account”? FB? Twitter? Deviantart? FurAffinity? Redtube?…
Re: Re: Re:
As someone who has no social media account, I was wonder these same things. Should I need to seek a new job, do I now also need to make a fake facebook account just so I’m not eliminated for not giving over my password?
Re: Re: Re:
Re: Re: Re: Re:
I would gleefully allow them access and then when i didn’t get the job i would sue the shit out of them for disqualifying me because i am How could they prove that they didn’t gather that info from the social media site and then use it to disqualify me?
At the very least they will settle with me to save money. I’d make a business model out of this and charge $5000-$10000 depending on the size of the company.
Re: Re:
I do want to see ppl challenging such idiocy on Constitutional grounds.
Why the hell not?!
Re: Re: Re:
He said “do want” not “do not want”
Re: Re:
What Constitutional duty does a private employer owe an employee or applicant in this circumstance?
The only idiocy I see is believing there’s a Constitutional basis for a challenge.
Re: Re: Re:
How about the right to privacy? What does someone’s social media profile have to do with their employability anyway?
Re: Re: Re: Re:
While their may be some privacy rights by statute, like HIPA- there are few, if any that protects an employee or applicant from an employer. I know many union agreements address employee privacy issues, but few employers will give up their ability to snoop unilaterally.
I have a relative who is a senior personnel officer at a large company. They use social media ALL the time to evaluate candidates.
Re: Re: Re:2 Re:
And if a candidate is not on a social media site? Are they disadvantaged for making a choice not to be on one? There is a serious issue of equal opportunity here if candidates are evaluated differently.
Re: Re: Re:3 Re:
Not that I am aware of. Social media is used as a tool of opportunity. But I’ve certainly heard of plenty of dopes with pictures of their new bong or their beer pong trophies on full display who won’t be getting a second interview. More for stupidity than the actual conduct.
Re: Re: Re:3 Re:
Re: Re: Re: Re:
Re: Re: Re:2 Re:
You had a right to privacy once, but it seems to have been eliminated because of, terrorism, protect the children, and making the police’s job easier.
Re: Re: Re:
Are you implying that the companies aren’t supposed to follow the Constitution? Heck, even law enforcement need warrants to go to such lengths. Are you mad?
Re: Re: Re: Re:
As much as I hate to say this, he’s at least somewhat correct. For the most part, the Constitution protects you from government intrusion, not other parties (including businesses). There are, however other laws to protect employees.
Re: Re: Re: Re:
Actually, the truth is that companies do not need to follow the Constitution. The Constitution limits government action only, not private action. Laws govern private action.
Law enforcement follows the constitution because law enforcement is government action.
Re: Re: Re:2 Re:
it would seem to me that the constitutional issue is not if companies can force you to give up those logins in return for employment.
its really if a state can pass a law that says they have that right.
as to the legality of companies placing you in a situation where you either give your logins up.. is that something that has really been tested before? i dont think it has but im sure someone will correct me if im not wrong..
Re: Re: Re:3 Re:
I don’t see the constitutional problem there, either, although if that’s the point of the law, then it’s pointless.
My reasoning is this: employers already have the right by default. There is no need for a law saying so. Passing such a law is just reaffirming an existing right, not creating a new one, so there would be no Constitutional issue. Only an issue of the whole thing being a pointless waste of time.
Re: Re: Re:4 Re:
a bit of an apples and oranges thing though isnt it?
my employer can (and does) say you cannot express political viewpoints with customers… but the government cannot say that I cannot express political viewpoints with customers.
what the government CAN do is say that my employer may set limitations which are within reason as to what topics i may or may not discuss during the course of my work related duties.
Re: Re: Re:5 Re:
Re: Re: Re:3 Re:
Re: Re: Re: Re:
Re: Re: Re:
The problem is, and it’s not exactly constitutional, is that we haven’t really left the feudal era in the employment context, where employers are viewed as lords and employees peasants (almost property).
The employee/employer relationship is much closer to the feudal system than it is to consenting adults entering a mutually beneficial business arrangement.
Re: unconstitutional
how is the law unconstitutional?
it seems like a nothing law, the employer had a right to ask for pretty much anything they want. like non smokers, drug testing, etc.
they are, bizarrely, stopped from asking your age.
but, I imagine the 1st amendment protects the employers right to ask for any info they want.
a person always has the right to refuse.
and another employer can market the fact that they support employee privacy and have a hiring advantage..
I don’t see how this law is at all unconstitutional.
if anything, it seems like a ‘nothing law’ which already affirms a right the employer already had.
Re: Re: unconstitutional
No, they’re not. They are prohibited from discriminating because of age and so they shy away from asking to avoid accusations of discrimination, but they can ask.
While you’re right, I don’t see how this is unconstitutional, I do have to pick this nit:
In practice, things like this never work that way. This reasoning has been put forward to justify all kinds of employer abuses and it never actually pans out. Except that employers get to abuse.
Re: Re: Re: unconstitutional
Well. One aspect of this is that social media sites do expose elements of one’s life that touch upon things that are illegal to discriminate over. Not only can you be shunned for your own nuttiness, you can also be shunned for what your family does.
I know of someone suing over that very thing now.
Although this whole idea of “personal work accounts” is problematic as it blurs the line between your personal and your work life. Accounts used for work should always be the property of your employer and there should be no possibility for ambiguity.
If there is any question then the company has failed to manage things properly.
Re: Re: unconstitutional
Well, they aren’t allowed to ask about your medical history, sexual orientation, or religious preferences. All of these things can be discussed under privacy using social media (though I’d suggest you don’t if you really want this to remain private, because it’s rather stupid), so asking for social media login information would seem to be a violation of the fair employment laws.
Re: Re:
“But wait, the Constitution has no value to the United Police States of America anymore …”
HOW DARE YOU! Have you forgotten the sacred Second Amendment?
Re: Response to: Ninja on Apr 30th, 2013 @ 4:24am
How is this unconstitutional? The US constitution applies to the federal government and sometimes to the states.
This is absolutely not right. But it’s not unconstitutional.
Re: Re:
And so began the slow death of social media, as people cancel accounts rather than kneel before the man.
Re: Re:
People will kneel before the man so they can feed their family.
Illinois is one of the leading champions of the removal of rights. Illinois hates theconstitution.
Re: Re:
Oddly, Illinois is one of two states that actually has laws AGAINST Eminant Domain. I don’t understand how this law went through with no outcry. Must be payola on both sides.
Of course, we’re still the only state without concealed carry law.
Re: Re: Re:
Wasn’t your state’s congress suppose to get one passed relatively soon? The way I hear it, after their conceal carry ban was ruled unconstitutional, if they don’t get one passed by this June, many people claim that Illinois will go from one of the most restrictive states concerning guns, to one of the laxest (hyperbole mostly, I assume).
Re: Response to: Anonymous Coward on Apr 30th, 2013 @ 5:32am
Go figure it’s also where Obama calls home. I understand bush have the law enforcement a lot of leeway with the patriot act but under Obama we are losing real personal freedoms.
Serfdom coming to a state near you. You only stand to lose any rights to privacy, but if you have nothing to hide you have nothing to fear.
Re: Re:
“Serfdom coming to a state near you.” Ha! We should be so lucky. A serf is housed and fed and is never unemployed.
what the effin eff, srsly. Next they’ll want the key to our mailboxes.
Re: Re:
s/mailboxes/houses.
1 word – Fascism
This trend is starting to bother me.
With the frequency in which users reuse passwords for multiple accounts, asking for your social media password is like asking for a security breach. Now someone may have the same login credentials as your other accounts, such as email, messaging, dating, gaming, cloud storage, and other sites.
Part of that problem is reusing passwords, but the larger problem is how every website requires a unique set of credentials.
But back on topic, since someone now has access to multiple accounts, you have to go change the password on those other accounts. Exactly the same steps taken if there was a huge data breach. They are the same in my eyes.
I don’t think asking for your password should be illegal, but nor do I think it should be made into law. That only encourages the behavior. It should, however, be illegal to deny someone employment for not giving your password.
Re: Re:
This says it all
Re: Response to: Anonymous Coward on Apr 30th, 2013 @ 5:42am
And precisely how do u prove u were denied employment because you refused to give your password? Only by making it illegal for the question to be asked at all can this kind of pernicious intrusion into the private lives of citizens be prevented.
What next? Bring in your diary so I can read it?
Facebook has achieved what states could not: create a giant database of people and their relationships. A place where people will leave intimate details of their life. All for free. And people accepted it wholeheartedly.
Now, they are paying the price.
There IL employers can ask employees to violate the law
The terms-of-service agreements of many sites stipulate that you cannot share your password. Federal legislation (enacted, proposed, pending, etc.) stipulates that breaking a TOS agreement is a felony. Therefore, under such legislation, any IL employer asking an employee for their password (at any site whose TOS forbids sharing it) is asking their employee to commit a felony.
Re: There IL employers can ask employees to violate the law
as if state politicians are going to worry about a little federal felony
Re: There IL employers can ask employees to violate the law
If that’s the case, the people of IL may as well pirate all the content they can. If their employers can ask them to commit a felony, why worry about a civil offence?
Re: Re: There IL employers can ask employees to violate the law
Because a felony charge seems less severe than downloading an MP3 illegally.
Re: Re: Re: There IL employers can ask employees to violate the law
how sad is it that there is really no way to tell if you are joking or not with this statement?
Re: There IL employers can ask employees to violate the law
http://www.experience.com/alumnus/article?channel_id=Interviews&source_page=additional_articles&article_id=article_1150295002556
Not to mention that Facebook includes the answers to such unaskable questions as:
Race
Nationality
Maiden Name
Age
Disabilities
Religion
Re: Re: There IL employers can ask employees to violate the law
Not to mention that Facebook includes the answers to such unaskable questions as:
Race
Nationality
Maiden Name
Age
Disabilities
Religion
Only if you put them there.
Re: Re: Re: There IL employers can ask employees to violate the law
Or Facebook extrapolates them from other information. They can already determine (to a reasonable degree of reliability.) whether someone is gay based on their friends list. What makes you think they can’t determine that list of stuff?
Re: Re: Re:2 There IL employers can ask employees to violate the law
I guess it’s time to unfriend George Takei then. ‘-)
Re: There IL employers can ask employees to violate the law
Laws are selectively enforced against the little guy. Big employers with lots of resources don’t get subject to the laws the same way as the rest of us.
Re: There IL employers can ask employees to violate the law
Go read the actual bill.
http://www.ilga.gov/legislation/fulltext.asp?DocName=&SessionId=85&GA=98&DocTypeId=HB&DocNum=1047&GAID=12&LegID=71494&SpecSess=&Session=
I don't want your facebook password
As someone who has made several hiring decisions, I don’t want anywhere near a candidate’s facebook account. It’s full of information I can’t ask for: marital status, religion, country of birth, etc. Taking that information, then making a no-hire decision just gives the candidate a great way to claim they were discriminated against. Ain’t nobody got time for that!
I don’t even see how it would be helpful. I don’t care what you did last weekend, I care how you perform at work on Monday. I’ll figure that out soon enough.
Wait, what?
“…request access to employees’ personal web accounts used for business purposes…”
I’m confused. Personal/business, which is it? Can you have two accounts? Personal/Personal and Personal/Business?
Re: Wait, what?
well, you can see facebook for both – personal and business on same account, because one can manage his company’s facebook account on the same personal acc
Police State
Illinois is already a de facto Police State with Chicago as it’s capital. Only the elite have any expectation rights and those are fleeting at best. If you’re satisfied as a serf then Illinois is the place to be. Either stay or flee. There is no middle ground.
The law is a violation of CFAA, which makes it illegal under the constitution
The states seem to forget that this is violation of CFAA, which makes it illegal under the constitution because it’s a state law contradicting a federal law.
Logging into someone else’s account or ‘stealing’ their password like this is illegal under the broadly written CFAA.
Factual errors in the article
Dear Mr. Masnick,
The bill is not yet “codified into law”. As your own source points out, the bill passed the Illinois House, and the Illinois Senate will now consider it. Further, the bill also only refers to social media accounts used for business, and not personal Internet accounts. Finally, the prohibition against retaliation for refusing to disclose passwords only applies to requests or demands for login credentials directed to personal Internet accounts, and not to business social media accounts.
Re: Factual errors in the article
Nobody said it was. The words “codified” and “codify” are modified by “ask” and “seek”, indicating future behavior.
That is not entirely accurate IMHO. The bill’s synopsis includes: “an employer may request or require an employee to disclose any user name, password, or other means for accessing an electronic communications device supplied or paid for in whole or in part by the employer or accounts or services provided by the employer or by virtue of the employee’s employment relationship with the employer or that the employee uses for business purposes”. The key portion is the last seven words. That will be used as justification to get any passwords and account information, on the grounds that they have no idea if an account was used “for business purposes” without first examining the account.
Re: Re: Factual errors in the article
This could make job hunting difficult, being asked for the logon to an account belonging to a current employer when interviewing for a new job.
Re: Re: Factual errors in the article
Did anyone go read the actually read the bill? It says the exact opposite. Of course, if my business has a Facebook account, it is still legal for my boss to check what I’m posting on it. That only makes sense. I’ll post it below so all this ridiculous speculation and gnashing of teeth can end.
Re: Re: Re: Factual errors in the article
That makes the law even more nonsensical then. If a facebook account is being used for business purposes, it is owned by the business, not the employee, so the employee would not be disclosing anything that the company does not already have the rights to (and should already have — if they don’t, then they have much bigger problems than whatever is on the facebook account.)
So, what’s the intent of this law? I’m very confused.
Re: Factual errors in the article
Pssst: just about every Techdirt article has an author attribution in bold blue font.
Re: Re: Factual errors in the article
Thank you for pointing this out. My apologies to Mr. Geigner.
Re: Factual errors in the article
” the bill also only refers to social media accounts used for business, and not personal Internet accounts.”
So, if I’m an accountant who also has a Zazzle print-on-demand business on the side, I have to give my employer (who uses my services as an accountant) access to my FaceBook account?
Actually this could be good for employees!
When abusive employer ask for password for facebook account, and later this account is used for some kind prohibited activity the employee has plausible deniability.
I wonder how much such an employer will like the chance to be
investigated for some kind terror related activities on some of the accounts he obtained passwords for.
Re: Actually this could be good for employees!
Re: Re: Actually this could be good for employees!
Just make sure you log in using a company computer on the company network. 😀
Thank God for the EU human rights
If this was tried here, it would be laughed away.
Re: Thank God for the EU human rights
Give it time. 15 years ago, we’d have said the same thing in the US, you know, Constitution, tradition and all.
I’d advise staying on your toes, not being complacent.
Since politicians work for the people...
I think this is a wonderful idea, and since politicians and civil servants all work for the people, please provide me with your social media login info. I want to make sure you’re not misbehaving.
anyone that backs or agrees with this is a total moron! the only advice, if fighting it is too much trouble, meaning that some people will have to get off their asses and do something, is to make sure that the social media site(s) has a different password to any and everything else done that should be secure. that leads to the problem of when there is a security breach of some description concerning your personal stuff, who is gonna get the blame? the truly amazing things are that people complain about CISPA and other ‘privacy invading laws’ but then are told they have to hand over passwords for their private social media sites. what next? email? monitoring phone calls and txt messages? take it away from the government and law enforcement and then give them to your boss? how fucking stupid is that?
what's the problem
Passwords should be open-sourced and transparent. they are not your intellectual property, and they’d be more effective if everyone could see them. #techdirtlogic
Re: what's the problem
You’re right in one thing: passwords are not intellectual property. The rest is just trolling.
Re: Re: what's the problem
So if a copyrighted content is used as a passphrase it ceases to be intellectual property?
Given unlimited characters I could fit an entire Hollywood movie as a password without fear of being prosecuted as passwords are not intellectual property.
Seems either you got it wrong, or there’s an exploitable loop in the intellectual property system.
Re: Re: Re: what's the problem
Do it, and we’ll find out.
Just one thing: copyright’s purpose (in it’s current form) is to control the publication and distribution of creative content.
Do you really want to distribute your password?
Re: what's the problem
Fail
Time to create a “Business” Social Profile that only has honorable links and postings, only likes Business Supportive sites, and never has anything to do with gaming, drugs, drinking, ect on it.
"used for business"
If I’m using social media in my business, I need to know how to transfer the responsibility for the account to another person. It is much like the accounts used to upload apps to the apple, microsoft, or google app store.
2 Factor Authentication
Juse 2 Factor Authentication on EVERYTHING you can.
who do the politicians work for?
I say (if the law really is that employers can ask) that Illinois politicians must submit their passwords FIRST. Mandatory.
why
Why is there no backlash? Because it is so easy to setup a fake facebook account for your new employer. Sure you can have my facebook password. I have never used it though.
America is falling fast and hard. Within ten years it will have no freedoms left.
I’m in IL and I have zero social media accounts hooked to my name just for this reason. I do not connect with family or friends online.
I’ve been asked for it and I simply said look me up I’m not any site. Which may be a lie lol, but hey there is no way for them to ever know unless I decide to tell them.
It’s bullshit that I have to go to such measures to protect myself because I love social networking.. My Facebook alone has been at the limit for ages now. “5k” I love to meet people all over the world, I love to joke around, I love to argue sometimes, and even talk some shit if I’m in the mood.
It’s my business what I do on my time.
If I want to get on Techdirt while I’m at home and make fun of out_of_the_blue my job does not need to know about it.
Boss – Were you making fun of out_of_the_blue again?
Me- Yeah, but he said dolphins taste great dipped in baby seal sauce.
Boss – They do, you’re fired.
What's good for the goose...
So… wouldn’t we be justified is requesting the Employer for the company’s social media password(s). It comes down to trust if they don’t trust me with theirs… why should I trust them with mine?
Or could I give them a no-longer-valid password…meaning I’ve comlied with their request but since I value security and dutifully changed mypassword the first chance I got.
Would it be acceptable to request their handling procedures of my password to ensure it’s security? I want to know who’s going to eat that scrap of paper I might scrawl it on…
I have an apartment on the east coast that I rent out when I’m not using it and whenever I get an applicant, I stalk them on Facebook/ LinkedIn etc. It’s kept me out of a couple of bad situations (the couple that sounded great on the phone but their FB was full of gangsta parties, tattoos, bitches, blunts and 40’s or the girl who’s profile was entirely full of sexy cosplay costumes which then lead to to her profile on an escort site). I’m amazed at how little thought to privacy people give and how much info is just ‘out there’ by default for anyone with a little knowledge of how to look.
Since the politicians technically work for the taxpayer, does that mean we (the people) can get the passwords of our elected officials and government employees?
There are protections in the law
The bill is at http://www.ilga.gov/legislation/fulltext.asp?DocName=&SessionId=85&GA=98&DocTypeId=HB&DocNum=1047&GAID=12&LegID=71494&SpecSess=&Session=
It’s not as bad as you may think. They can only request information if they gave you the account, or if the account is used for business, or if they have SPECIFIC information that you have something on there about workplace misconduct, or confidential information, or something like that. Under ordinary circumstances, requesting that you give them your Facebook password would be illegal.
The exception for business accounts, however, does go overboard. I think the legislature here figured that if the account is used for business, then it’s both relevant to the employer and the employee wouldn’t be concerned about privacy – how are you going to do much business on a private page? They fail to consider, however, that someone may have a dual-use account. Also, the employer may request the PASSWORD for a business account. This is reasonable for accounts which the business gave to the employee – but totally unreasonable for the employee’s existing business accounts. If I’m working a sideline, perhaps you have the right to inquire about that; but you have NO right to know my passwords for it.
For once, I have to disagree with where this article is going. I have seen a great example of how a politician would legally get away with refusing to give information used on his personal device/account to do government business because he used his personal device/account even though there was a business one set up for him to use and he chose not to use it. If you use your personal email or facebook for work/business related stuff, then your work should have the right to access their information and be able to track it. I think a law requiring access to accounts that have been used for work/business would force people to seperate personal accounts from work accounts. Simply put, if I use my facebook to do business on behalf of a company, they should have access to their own business.
these laws...
these laws are unenforceable due to the nature of social networking sites and programs.
first off, EVERY social network (be it Twitter, Facebook, and MMO’s [yes, MMO’s are a social network in that you interact with other people]) has a clause in their ToS that you cannot nor should not in any circumstances give out your password or account information, and that admins of said network will never ask you for it. This is because of two reasons, 1) It severely undermines network security and the security of the users. and 2) It is against the law in the US for anyone to access another persons account on social networking sites (I believe under the CFAA and by extension Patriot act).