Controversy Erupts Over Employer Requests For Facebook Passwords
Over the past week or so, attention has been drawn to what is apparently a new phenomenon in the employment world, employers who ask prospective employees for access to their Facebook or other online accounts as part of the job application process:
When Justin Bassett interviewed for a job, he was stunned when the interviewer asked for something more than his experience and references: his Facebook username and password.
The New York statistician had finished answering a few character questions when the interviewer turned to peruse his Facebook page. Because she couldn’t see his private profile, she asked him for his login information.
Bassett refused and withdrew his application. But other job candidates are confronting the same question, and some can’t afford to say “no.”
“It’s akin to requiring someone’s house keys,” said Orin Kerr, a George Washington University law professor who calls it “an egregious privacy violation.”
Companies that don’t ask for passwords to vet applicants have taken other steps — such as asking applicants to “friend” human-resource managers.
This seems to be the latest development in a trend that has expanded gradually as the Internet itself and social networking in particular have become a more common part of every day life. To put it simply, we now live in a world where anything you say or do online is going to be discovered by anyone willing to type your name into a Google Search Box, or look you up on Facebook or Twitter. For this reason, many people choose to remain at least semi-anonymous online, or at least to keep their social networking profiles open only to people they know and have approved for access. It’s an understandable decision, of course. For some people its a professional necessity that’s either required by their employer (I am personally aware of several people in professional or sensitive, non-government positions who keep their online persona’s anonymous for this reason). For others, it’s a matter of personal safety given the all-too-common existence of online stalkers who have brought their behavior into the real world.
The question becomes whether prospective employers can, or should be able to, require job applicants to break that anonymity and reveal their online personas. For one thing, I think it depends on what kind of job we’re talking about. If, for example, it’s a position involving access to sensitive information, or a position of trust, then requiring that an applicant reveal this side of themselves isn’t unnecessarily unreasonable. In that regard, one is led to wonder the extent to which information like this is routinely required to be revealed as part of an application for a government security clearance. If you’re applying for a position as a janitor, though, the argument on behalf of the employer being able to make such a request strikes me as being far weaker.
Not surprisingly, these reports have led at least two Senators to call for Federal agencies to investigate the practice, and Facebook itself is chiming to say that the practice violates its own Terms of Service:
Facebook follows the news just like you do. And it’s been paying attention to the weird and worrying new trend that employers have asked prospective employees for their Facebook passwords during the hiring process.
“We don’t think employers should be asking prospective employees to provide their passwords because we don’t think it’s right the thing to do,” Erin Egan, Facebook’s Chief Privacy Officer, explains. “But it also may cause problems for the employers that they are not anticipating. For example, if an employer sees on Facebook that someone is a member of a protected group (e.g. over a certain age, etc.) that employer may open themselves up to claims of discrimination if they don’t hire that person.”
But! It’s not just that sharing or soliciting passwords is now a violation of Facebook’s terms of service. There’s more. “We’ll take action to protect the privacy and security of our users,” Egan notes, “whether by engaging policymakers or, where appropriate, by initiating legal action, including by shutting down applications that abuse their privileges.”
In other words: It looks like Facebook is considering suing the parties who ask for its users’ passwords.
I’m not at all sure what legal basis would have for suing a third party for requesting a password from a user and, in fact, under the very language of the Terms of Service, the person who would be in violation in this situation would be the prospective employee who shared the password, not the person they shared the password with. In fact, the only legal action that Facebook would be able to take in such a situation would be to terminate or suspend the user’s Facebook account. What legal basis they would have for proceeding against the employer is unclear, and what the damages would be absent some statute that prohibits the action. No such law appears to exist anywhere in the country at the moment.
I’m not sure, though, that new laws are the answer here. In the end, employers have a right to screen the people they hire as they see fit and to refuse to hire them if there’s something in their background that they believe would not be in the employer’s best interest, or which potentially makes the employee untrustworthy. Barring employers from using this particular method to discover more about their prospective employees is just going to mean they’ll find other ways to do it because, like it or not, what you do online will impact your job prospects:
One in five technology firms has rejected a job applicant because of his or her social media profile, according to a Eurocom Worldwide Survey.
The annual study had previously found that almost 40 percent of respondents checked out potential employee’s profiles on social media sites, but this is the first year that companies had confirmed that they had rejected applicants based on their digital presence.
“The 21st century human is learning that every action leaves an indelible digital trail. In the years ahead many of us will be challenged by what we are making public in various social forums today,” said Mads Christensen, network director at Eurocom Worldwide.
“The face the one in five applicants disqualify themselves from an interview because of content in the social media sphere is a warning to job seekers and a true indicator of the digital reality we now live in.”
Or, as Jazz Shaw puts it:
Personally, I think this falls back on an old rule of thumb in the internet age. If you need to work for a living or do anything outside of your online life, you simply can’t take anonymity for granted. Don’t put anything out on the web unless you’d be comfortable having your family, your enemies and – yes – even your employer or prospective boss seeing it. Because odds are, sooner or later, they will.
UPDATE (James Joyner): I addressed this issue over a year ago, taking the opposite position, in a post titled “Want A Job? Give Us Your Facebook Password.”
While I think the prospective employee has a lower expectation of privacy when applying for a government job, especially a particularly sensitive one like military, intelligence, and law enforcement positions, there are limits. And, I’m sorry, “If you don’t like it, don’t apply to work there” has some limits, too.
Should employers Google the names of prospective employees and perhaps check out their public Facebook and Twitter profiles? For many white collar jobs, I think that’s reasonable. But accessing private information seems out of bounds. Indeed, if they can demand to look at the inside of yourFacebook account, why not your Gmail account?
Additionally, as noted in the ensuing discussion, employers may inadvertently run afoul of existing employment law with this practice. It’s illegal for employers to ask prospective employees about their marital status, whether they have children, or any number of other issues. Yet, that information will often be immediately available on one’s Facebook page.