At five in the morning on Friday, Pacific Time, Facebook issued a statement under the imprimatur of one Erin Egan, the company's chief privacy officer for policy.
Her post put employers on notice: demand user profile and password information to gain access to people's Facebook profiles or private information and you just might wind up getting socked with a sweet lawsuit.
In recent months, we've seen a distressing increase in reports of employers or others seeking to gain inappropriate access to people's Facebook profiles or private information. This practice undermines the privacy expectations and the security of both the user and the user's friends. It also potentially exposes the employer who seeks this access to unanticipated legal liability.
The most alarming of these practices is the reported incidences of employers asking prospective or actual employees to reveal their passwords. If you are a Facebook user, you should never have to share your password, let anyone access your account, or do anything that might jeopardise the security of your account or violate the privacy of your friends. We have worked really hard at Facebook to give you the tools to control who sees your information.
Lickety-split every tech news outfit worth its spurs was following with their own take, some recounting examples of job seekers forced to decide between their privacy and making a salary.
But was there a story here? Connecticut Senator Richard Blumenthal thinks so. He told Politico that he's going to propose legislation to ban employers from requesting access to Facebook accounts as a term of employment.
At first blush, it's hard to believe that employers have suddenly, en masse, come down with a case of the stupids. Anecdotal reports don't necessarily equate to widespread behaviour.
Yet Blumenthal and legislators in Maryland and Illinois are pushing state laws to enact prohibitions against a practice they say is not isolated. To be sure, there's some anecdotal evidence about some clueless employers. For example, my colleague Declan McCullagh recently pointed to reports about the issue from MSNBC and the American Civil Liberties Union. There's also this piece published recently by the Associated Press, which recounts examples of astoundingly bad form on the part of certain companies where interviewers were demanding that job applicants hand over their Facebook usernames and passwords. From AP's recounting:
Back in 2010, Robert Collins was returning to his job as a security guard at the Maryland Department of Public Safety and Correctional Services after taking a leave following his mother's death. During a reinstatement interview, he was asked for his log-in and password, purportedly so the agency could check for any gang affiliations. He was stunned by the request but complied. "I needed my job to feed my family. I had to," he recalled.
Especially in the current economy, it's the ultimate nightmare scenario: choose principle, or choose your ability to put food on the family table. You can't have both. That's the sort of enraging choice politicians, technologists and free-speech advocates find easy to rally against. Remove this from the Facebook context and it simply looks like an unfair (and counter-productive) hiring practice. Something along the lines of: "Gee, we'd like to offer you this job, but before we do, we need you to fill out a few forms so that we can look at your tax records for the last three years." Or some such absurd quid pro quo. Lawsuit, anybody?
"It should simply be prohibited, and Facebook is also right to threaten legal action," said Marc Rotenberg, president of the Electronic Privacy Information Center. "Invariably, they will get caught up in problems that result from users giving passwords to employers."
Maryland State Senator Ronald N. Young, who has proposed a couple of social-network privacy Bills — one targeted at employers, the other aimed at colleges and universities — told me he thought the problem was "starting to be widespread" and that he's "hearing of more and more cases".
"We've even heard that some universities hired people to friend [student athletes] to follow what they read and write on Facebook," he continued. "It's unconstitutional. It's like me applying for a job, and the employer saying, 'I'd like to tap your phone and listen to all your calls and monitor your mail'."
So are we on the cusp of a descent into decidedly bad online practices on the part of corporations? Young did not have stats on hand to support such a notion. Neither did Blumenthal's office. Ditto for the offices of La Shawn Ford, the state representative pushing an Illinois Bill to prevent employers from forcing job applicants to give up their social-network passwords.
In the end, though, that may not matter so much as the perception of an outrage being committed. The hundreds of millions of people who use social networks around the world can relate to what sounds like an egregious privacy violation, comparable to someone poking around in your house or reading your personal email.
Why people who ought to know better still can't manage to do the right thing is a source of mystery. That leads privacy advocates to look for a fix in Washington. If he had his way, Chris Calabrese, a lobbyist for the ACLU, would have Congress pass legislation prohibiting any employer or school from accessing private social-networking information. What's needed, he says, are clear rules to make sure that we can keep control of our own information.
"One of them should be that a password means stay out — whether you're an employer, a school or the government. And end-runs around password protection, like asking an employee to log in so someone else can take a look, are also unacceptable."
Sounds like a common sense approach. But what else will get thrown into the mix now that the issue has all the makings of a political grab-fest? You don't have to be a hard-core libertarian to wonder about that.