Proposed WA Bill Would Allow Employers To Request Facebook Passwords
from the no-more-private-life dept
The issue of employers reviewing and seeking to access the social media accounts of their applicants and employees is now several years old. To be honest, I'm more than a bit surprised the conversation persists, since it seems such an easy one to resolve, but I'll get to that in a bit. Still there are some companies who do ask for social media login info. While there's been some discussion about laws to forbid this practice, some in Washington state are trying to go in the other direction. Taking a bill that was constructed specifically to safeguard the passwords of applicants and employees, a proposed amendment would instead codify into law a company's right to request those passwords for the purposes of an "investigation." Via reader akp:The amendment says that an employer conducting an investigation may require or demand access to a personal account if an employee or prospective employee has allegations of work-place misconduct or giving away an employer’s proprietary information. The amendment would require an investigation to ensure compliance with applicable laws or regulatory requirements.
Under the amendment, employees would be present when their social network profiles are searched and whatever information found is kept confidential, unless it is relevant to a criminal investigation.One could easily be fooled into seeing this as reasonable compromise when it is in fact nothing of the sort. Let's be clear on what social media is and is not. A Facebook account can include aspects that are both public and private. The very nature of the site's privacy controls prove that to be the case. If I choose to share thoughts, messages, or anything else exclusively with my friends, which Facebook indeed allows me to do, what should it matter if those friends are sitting next to me on my couch or seated on their own couches reading my words on a website? It shouldn't, yet this amendment would open up those thoughts and communiques to corporate fishing expeditions. Worse, it would open up the responses of any of my comrades to those same investigations. Were I to use company equipment for any of this, that can and should be reviewed by my employer, but a line is crossed when a password is given. No longer is the company investigating what their employer has done on the company machine, they're investigating the account. That's completely different.
Moreover, the clamor over company secrets and financial information being disseminated via social media seems to me to be manufactured outrage. How many victims of this sort of thing have there been compared to the massive breaches in that same information occurring due to poorly insulated networks? I would think corporate America should want to get its own house in order before strolling through mine. That the bill includes broad language allowing for investigations over "work-related misconduct" makes it all the more worrisome, as the EFF rightly notes.
This amendment "says they have a right to enter your digital home," [Dave] Maass said. "It's astounding that they would try to codify this and that all employers could do this… the national trend is to move away from this. It's shocking that the amendment is going in the right opposite direction."Part of that trend includes the CFAA, which potentially makes logging into other people's social media accounts, or giving out your password to anyone, a crime. Under those auspices, would every company that asked for the passwords in these investigations be party to criminal conduct? I would think those details would be ironed out in some way, but when you have to massage the bill to get around privacy of citizens, rather than protecting their privacy, you know you've got a bad bill.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: employment, passwords, social media, washington
Reader Comments
Subscribe: RSS
View by: Time | Thread
Employment at will
[ link to this | view in chronology ]
Re: Employment at will
[ link to this | view in chronology ]
Re: Re: Employment at will
[ link to this | view in chronology ]
Re: Re: Employment at will
So now I have to decide between unemployment, and removing the line "127.0.0.1 facebook.com" from my hosts file? Honestly, unemployment sounds better... Not really sustainable though, I suppose.
[ link to this | view in chronology ]
Re: Re: Employment at will
"Dear Prospective Employer,
I'm not going to give you my Facebook password and here is why you still want to hire me.
When people interact with me and message me in social media, there is an implicit trust to keep their information confidential.
Similarly, when employees leave your company, certainly there is information you expect them to keep confidential.
If I were willing to give you this information, that would tell you that I am willing to betray the trust of others in my attempts to get a new job. The fact that I am willing to risk this job opportunity here shows that I can be trusted whereas the other candidates who comply are likely to violate your trust in the future if properly incentivized.
That is why you want to hire me."
Unfortunately, this sort of policy specifically selects for employees that, if pressed, will betray these companies in the future.
[ link to this | view in chronology ]
Re: Employment at will
[ link to this | view in chronology ]
Re: Employment at will
I wonder if I have a multi-factor authentication system put in place if I'd be able to dodge such requirement. With the password you can access the account but only to the multi-factor confirmation.
Also, suppose you use LastPass. I have the most wacky passwords ranging from 10 to 20 characters and I can't possibly memorize all of them. Would I be able to get away with saying "I don't know the password to that account"? Would they manage to oblige me to grant them access to a service that may have passwords for far more services than some simple personal communications account?
Just a few questions that came to mind.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
The Peoples Democratic Republic of California
The Peoples Democratic Republic of New York
The Peoples Democratic Republic of Massachusetts
And Now.. Introducting the latest "Socialist workers paradise"
The Peoples Democratic Republic of Washington
George Washington has GOT to be turning over in his grave...
[ link to this | view in chronology ]
Re: Re:
Are you claiming that similar legislation has passed in Calf, NY & Mass?
How, exactly, is this socialist? Sounds more like a law found in a dictatorship.
[ link to this | view in chronology ]
On socialism vs. social media
You get that the United States is supposed to be a people's republic, yes? And that some services in our economy are socialized, yes?
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
Yeah - like Calf, NY & Mass, totally
[ link to this | view in chronology ]
So applying for a job will land you a felony charge. Great.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Terms of Service Violation?
If, and I quote "the amendment would require an investigation to ensure compliance with applicable laws or regulatory requirements." Then I assume that includes abiding by the terms of the service between the prospective employee and his social networking service provider, meaning the prospective employee would be obligated to refuse to provide access to his accounts in order to honor the terms of that contract.
Why a state government would considering passing laws that encourage violating terms of service seems like it should be a discussion of its own.
[ link to this | view in chronology ]
Re: Terms of Service Violation?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
The Bill of Rights used to actually mean something, now it is apparently just guidelines so to speak.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
This is true generally speaking, but many parts of it apply only to the government. The ones that say "Congress shall make no law..." for example. A business (Techdirt for example) is free to censor your speech, while the government is not.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
> citizen from being violated or exploited
> by government or any other entity, including
> business.
No, it most certainly is not. The Constitution is a limitation on government action. It has no bearing or application on conduct between private parties.
> Your rights are NOT temporarily suspended
> upon entering a place of business
This is true, but not for the reason you believe. Your rights vis a vis the *government* are not suspended upon entering a place of business, but you never *had* any rights vis a vis the business itself.
Try walking into a Walmart and starting chanting and protesting, then claim they're violating your right to free speech and assembly when they ask you to leave. See how far that gets you.
You have no 1st Amendment rights on Walmart property with regard to Walmart. The government itself on its own volition can't come in and shut you down, but Walmart can. The same is true of the 4th Amendment. You have no right to be free of warrantless searches of your person and belongings when inside Walmart. Indeed, it's legally impossible for a private business like Walmart to even *get* a search warrant. Only the government can do that.
> If you willfully concede/suspend your
> Constitutional rights to a business
You have no constitutional rights with regard to a private business on private property. Period.
I weep for the future of this country if this is the level of ignorance regarding the fundamental laws of our nation that is being churned out by the public schools these days.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
I'm not sure exactly what you're saying here, but I think I disagree. You don't give up your 4th amendment rights just by walking into Walmart. And Walmart doesn't have the right to search you just because you entered. They could tell you that in order to shop there you must submit to a search, but if you refuse all they can do is tell you to leave and then call the police if you don't. They might be able to bodily remove you from the premises, I assume so since I guess that's what bouncers do. But they certainly could not forcibly search you against your will. Unless I'm very wrong which would make me very sad.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
> just by walking into Walmart.
That's true, but since the 4th Amendment only applies to actions by the government, unless the government is searching you in Walmart, there's no violation of that right.
> And Walmart doesn't have the right to search
> you just because you entered.
They most certainly can. If they set up metal detectors and security guards at the doorways and post signs saying "Searches required for entry", they have every right to search you. Your remedy, if you don't like it, is to go shop somewhere else.
Private concert venues and theme parks do this all the time. It's perfectly legal and you have no 4th Amendment right to make them get a warrant before searching you.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re:
That's what I said. They don't have the right to search you because you entered the building, but they can search you if you consent to it.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
Be glad he knows what the constitution is. My sister-in-law teaches social studies and told me that since social studies hadn't been tested (no child left behind purposes I think), the elementary schools just hadn't taught it. At all. She said some of her middle school students didn't know who George Washington was.
[ link to this | view in chronology ]
Re: Re: Re:
> upon the government, not necessarily business?
You can leave the 'necessarily' out. The 4th Amendment restricts government action, period. It doesn't apply at all to conduct between private parties.
[ link to this | view in chronology ]
Mr. Applegate: Sure, no problem. I will be happy to give them to you just as soon as you give me the administration passwords to all your servers and software.
Company: We can't do that, it would violate our security policies!
Mr. Applegate: Exactly, are we done here?
Needless to say, I will NEVER work for a company who asks for my private information. I refuse to give my entire SS# until hired too.
[ link to this | view in chronology ]
Let them ask, and let their pool of decent applicants shrivel up accordingly. Of course, they might become liable for tortious interference with contract by inducing a Terms of Service violation.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
You say unregulated like its a bad thing. Corporations love regulation. Its what keeps competitors out of the market.
[ link to this | view in chronology ]
Re: Re:
I wouldn't consider any position that requires any kind of social media (I'm that antisocial -.-), let alone demand my credentials for it.
[ link to this | view in chronology ]
Bet you're wishin' that we would go awaaaaaaaaay!
Torture should be moderate, and effusion of blood be scrupulously avoided inquisitorial torture remained conspicuously immoderate and bloody, but necessary I'm sure.
Whenever power is to be gained with contingency, it will always be arranged. When a power is to be exercised in moderation, the standard of what is moderate will fade from comprehension.
I've been reading old texts.
I keep saying this: We're entering an age of boxes with false bottoms. Soon we will all require clean Facebook accounts to show our bosses and then real ones we access through the instruments of anonymity.
It will be the era of plausible deniability.
[ link to this | view in chronology ]
Re: Bet you're wishin' that we would go awaaaaaaaaay!
It's already happening.
My friend is a teacher in high school. She has 2 accounts. One she uses to get in touch with her alumni and the school (employers and her colleagues). Even though it's allowed at work I do not access my account there. And my personal e-mail is protected behind 2 additional layers so even if they do know my password AND my google authenticator sequence there's still the 3rd one (one-time use passwords ftw! your regular password is protected behind the one-time feature).
I'd rather delete everything than hand over info to people outside law enforcement. Even law enforcement would need a warrant. Not because I have anything to hide but because I value due process.
[ link to this | view in chronology ]
"The bill’s sponsor, Democrat Sen. Steve Hobbs of Lake Stevens, said Tuesday that he had not read the amendment, but he was aware of concerns from high-tech industries."
Why do these "representatives" sponsor bills that they have not read? Seriously - wtf. That is a big part of his job duties. Another big part of his duty as a representative is representing the desires of his constituents, but apparently he does not feel inclined to do that either.
[ link to this | view in chronology ]
Re:
"Through the corporate-funded American Legislative Exchange Council, global corporations and state politicians vote behind closed doors to try to rewrite state laws that govern your rights. These so-called "model bills" reach into almost every area of American life and often directly benefit huge corporations."
That's from the ALECexposed.org website. It's pretty easy to see that corporations would love to be able to get their hands on their employees' and potential employees' personal and private info.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
The bill amendment was introduced at the
House Labor Committee at the request of
business groups.
The article doesn't get more specific than that, but then these guys don't legally have to expose themselves to public scrutiny, it can all be done on the sly.
I do have to correct my previous misconception: Democratic Senator Steve Hobbs was the bill's sponsor, NOT the amendment-to-the-bill's sponsor. Someone else, unnamed, sneaked an amendment into his bill to reverse the original intent of the bill. His bill was to strengthen privacy and citizen's rights, the amendment flipped it around so that corporations could get the password.
But my main point remains: some unnamed business groups donated cash to someone's re-election coffers--which they are allowed to do per the Supreme Court's Citizens United v. Federal Election ruling--and the amendment granting them powered that they wanted was slipped into the bill by a politician who did not legally have to put his or her name on it.
Did you know our representatives are allowed to insert amendments into bills completely anonymously if they so choose? I'm embarrassed to admit I learned this last week on The Daily Show.
From the very end of the linked article:
Cole said the amendment has broad language,
such as 'work-related misconduct.' “It’s up to
the employer to define what that constitutes,” he said.
So... basically, corporations would be gifted with kind of power most people would associate with the judicial branch of our government.
[ link to this | view in chronology ]
But the Inquisition's here and it's here to stay!
I've said this before and I will again:
Gaaaaaaaaaah!
Who would be so stupid (or so blatantly corrupt) that they'd try to pass something so abusive. Did Microsoft offer someone a dump-truck of money? Is it Microsoft? Who's headquartered in Washington that has social ownership of employees as policy?
[ link to this | view in chronology ]
Re: But the Inquisition's here and it's here to stay!
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
They're all too busy playing golf and eating steak.
[ link to this | view in chronology ]
Re:
They're all too busy playing golf and eating steak.
[ link to this | view in chronology ]
Re:
While I'm sure many politicians don't read things they are sponsoring at all, that's not what he just said here.
[ link to this | view in chronology ]
Re: Re:
Per the linked article, "Business groups" (who do not have to identify themselves), wrote the amendment to reverse the intent of the bill, and a politician (who also did not have to identify him or herself), inserted the amendment into the bill. Without the interference of those unnamed business groups, the amendment would not have been attached to the bill, and those business groups undoubtedly wrote every word.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
@#$##@ lawmakers
Unfortunately this is typical of the state. Pass laws to benefit corporate and political interests under the guise of protecting the citizens.
Time to move to another state.
[ link to this | view in chronology ]
Re: @#$##@ lawmakers
Time to move to another country.
FTFY
[ link to this | view in chronology ]
Re: Re: @#$##@ lawmakers
[ link to this | view in chronology ]
It'd better be a test
[ link to this | view in chronology ]
Re: It'd better be a test
It seems a big violation of the 4th if you ask me (no warrant needed, really?) but then again the US Govt doesn't hold the Constitution as something that should be followed these days.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Personal Account?
Btw, does "Personal Account" here only refer to social network account or have included email accounts already?
[ link to this | view in chronology ]
One with my name that I might use once every year so I can say I'm not into Facebook.
Then my real with my gamer alias that has been maxed for ages lol. I blame the gifting system for having 4,970 people that I've never met on my list.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
But making a law saying that your employer should have your password?? This is a law that violates facebook's own TOS. As well as the security of the end-user. Where the fuck is Facebook pushing back at this shit?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Worker's rights
Sometimes they do. Sometimes they don't. Late nineties were a good time for workers' rights.
The far-right regime of the Bush administration killed all that, and then the recession's made it difficult for us to return to our feet.
[ link to this | view in chronology ]
Re: Worker's rights
Did you mean: fascist?
[ link to this | view in chronology ]
Re: Re: Worker's rights
We are heading in that direction at this point. For a while it's been looking like academics are the new Jewry but with new screening technology, they can just cull out disgruntled poor people.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Is there really a point, even from the employers' perspective?
The most troubling thing, however, is that if you weed out all the applicants who refuse to give out passwords and violate terms of service, YOU'RE ONLY HIRING PEOPLE WHO ARE HAPPY TO SHARE PASSWORDS AND VIOLATE CONTRACTS - even before they are hired. At this point, the potential employer is basically an unknown person to the applicant. To me, that sounds like the dumbest move ever, but hey, that's just me :)
[ link to this | view in chronology ]
the account credentials gets lost and weird posts appear on your facebook page. say an old flame gains access to the computer you used to show how high your morals are...and she posts some pretty ugly information.
who is responsible? you were only trying to get a job to feed your family...but that old flame just cost you a family.
[ link to this | view in chronology ]
Refusal
> an investigation may require or demand access
> to a personal account if an employee or
> prospective employee has allegations of
> work-place misconduct or giving away an
> employer’s proprietary information.
Once again, a news story fails to answer what I consider to be a basic question. What if you refuse? It's all well and good to say a company has a 'right' to 'demand' your password, but if you refuse to give it, what can they do? Fire you? Well, that's likely to happen anyway. Let's face it, if you've reached the point where your employer is investigating you for corporate espionage and demanding your social media passwords, your future with that company ain't all that bright in the first place. So just tell them to shove it and walk out the door.
[ link to this | view in chronology ]
How many more articles are going to continue to spread this rumor?
Judge Wu decided that using 18 U.S.C. § 1030(a)(2)(C) against someone violating a 'terms of service' agreement would make the law overly broad. 259 F.R.D. 449
[ link to this | view in chronology ]
Re:
Judge Wu decided
Unless Judge Wu is a Supreme Court justice I haven't heard of, it sounds like it could still be an issue.
[ link to this | view in chronology ]
Re:
Judge Wu decided that using 18 U.S.C. § 1030(a)(2)(C) against someone violating a 'terms of service' agreement would make the law overly broad. 259 F.R.D. 449
Um. Judge Wu is a district court judge. He's not even an appellate judge which would set precedent for that circuit. That ruling has no real precedence. Other courts have ruled otherwise, and the DOJ continues to present this theory of the CFAA.
So, the original statement is accurate.
[ link to this | view in chronology ]
Not on
[ link to this | view in chronology ]
Bad reporting, TechDirt
By the way, it's SB-5211. And if you live in Washington State you should contact your representative and tell them how you feel about it.
[ link to this | view in chronology ]