Slashdot Mirror

← Back to Stories (view on slashdot.org)

Password Protection Act: Bans Bosses Asking For Facebook Passwords

Posted by samzenpus on from the get-your-hands-off-my-friends-list dept.

An anonymous reader writes "On the heels of a similar bill introduced last month. A group of Democrats today introduced legislation in both the House and Senate to prevent employers from forcing employers and job applicants into sharing information from their personal social networking accounts. In other words, Maryland may soon not be the only state that has banned employers demanding access to Facebook accounts. The Password Protection Act of 2012 (PPA) would also prevent employers from accessing information on any computer that isn't owned or controlled by an employee, including private e-mail accounts, photo sharing sites, and smartphones."

47 of 247 comments (clear)

  1. And now.. by Severus+Snape · · Score: 5, Insightful

    They'll demand you add them as a friend!

    1. Re:And now.. by gstrickler · · Score: 4, Informative

      That would be covered under

      Prohibits an employer from forcing prospective or current employees to provide access to their own private account as a condition of employment.

      --
      make imaginary.friends COUNT=100 VISIBLE=false
    2. Re:And now.. by AngryDeuce · · Score: 2, Interesting

      Pretty hard to do considering I don't have a Facebook account. If they want to make having a social media presence a condition of employment, I guess that's just not the job for me...

      I seriously don't understand why people even admit to having one to a prospective employer in the first place. Kids, just say no! Worst case scenario, you don't get a job offer at a place that you probably wouldn't want to work at anyway.

      Let's not pretend, though, that something like this is going to modify employer behavior in any way. I know people in HR that have using Facebook as an unofficial reference on potential applicants since not long after it was open to non-edu accounts. Proving this in court, especially in a discrimination case, is a pipe-dream. No lawyer would take the case in the first place.

      Don't get me wrong, I think it's a good thing to have actual regulations on the books if it helps the .000001% of cases that actually get brought to trial. I'm just too realistic to see this as any sort of panacea at all.

    3. Re:And now.. by cayenne8 · · Score: 5, Insightful
      While I am all for this type of legislature, I have to ask myself, on what authority do the FEDS have to make this law?

      I'm not sure how I see this falling into the interstate commerce clause? I mean, a person works in his state....money paid to him in a state in which he is responsible for state taxes, etc.

      I would think this would have to be done on a state basis, and not a federal one?

      Sorry, but these days...I'm questioning every law the feds are trying to pass, and trying to understand where the constitutional authority is for these mandates/laws.....

      --
      Light travels faster than sound. This is why some people appear bright until you hear them speak.........
    4. Re:And now.. by C0R1D4N · · Score: 2

      Not that I disagree with you, but this trail was already blazed with OSHA.

    5. Re:And now.. by mysidia · · Score: 4, Insightful

      I'm not sure how I see this falling into the interstate commerce clause? I mean, a person works in his state....money paid to him in a state in which he is responsible for state taxes, etc.

      Internet social networking sites have a multi-state presence; the federal government has long claimed to have the jurisdiction over regulation of telecommunications services, see FCC. In Facebook's case, it's a terms of use violation to share your password.

      They are essentially passing legislation that forbids employers from interfering with citizens' private relationship with certain other companies.

      The legislation is broken though, because it's specific to social networking. This should apply to all sites.

      Including online banking sites, and sites where you pay your utility bills. This is a form of consumer protection and privacy protection for interstate commerce.

      Your private dealings are not your employer's business.

      Your employer has no business seeing who your friends are, who your banks are, what your account balances are, which cable package you subscribe, to, what book you ordered from Barnes and Noble or Amazon, what your viewing history is on Youtube and Netflix, etc.

      And if some of employers are trying to pry anyways and demand passwords to personal accounts their company has no right to, then it certainly is the feds' job to reign in the abuse.

    6. Re:And now.. by gstrickler · · Score: 2

      Great questions. I've asserted multiple times that we shouldn't need this law, that the "unreasonable search" clause of the 4th Amendment prohibits this. Others have argued (incorrectly I believe) that the 4th Amendment only apples to the government, not to individuals or corporations. So, there is currently some debate. My contention is that while the US Constitution in general limits the power of the federal government, the rights guaranteed to individuals shall not be violated by anyone. Case law supports that interpretation with many people and companies having been found guilty of civil rights violations for infringing on someone's constitutionally guaranteed rights.

      On the other hand, the fact that an employer actually demanded this information, and the fact that some people still believe that the civil rights in the Amendments don't apply to everyone suggests that we do need a law just so there is no question about it.

      --
      make imaginary.friends COUNT=100 VISIBLE=false
  2. 10 Amendment by misfit815 · · Score: 4, Insightful

    How is this the domain of the United States Congress?

    --
    Jesus told him, "I am the way, the truth, and the life. No one can come to the Father except through me. - John 14:6 NLT
    1. Re:10 Amendment by Anonymous Coward · · Score: 3, Insightful

      It's an election year.

    2. Re:10 Amendment by Anonymous Coward · · Score: 4, Interesting

      Business practices that seem to want to coerce people to provide information they normally would not do for their job, or to actively violate laws (e.g., federal laws that prohibit, at least in letter, sharing of passwords for online resources) in order to interview for a job, things like that? You know, laws that the Congress passed in the first place?

      Shouldn't take too much lobbying by US Chamber of Commerce, et al, to make sure this bill doesn't even make it out of committee or otherwise dies a quiet procedural death. But, because it's sponsored by (D)'s, even if it did make it to the floors, it's going to be voted down just because.

    3. Re:10 Amendment by Darinbob · · Score: 2

      Congress has been allowed to do more than merely interstate commerce for 220 years. States have not been semi-autonomous regions for 150 years.

    4. Re:10 Amendment by JoshuaZ · · Score: 4, Informative

      Interstate commerce, covered in Article I of the Constitution http://en.wikipedia.org/wiki/Interstate_Commerce_Clause. The websites in question are large sprawling entities like Facebook which have people in all states and have offices in multiple states. Once that's a common setup, regulation is almost certainly Constitutional. And even when websites are all in one state, packets and the like go very far afield. There might be an argument that they can't regulate an in-state employer wanting a password from a completely in-state website, but that case is both unlikely to come up, and even if it did, courts would likely consider that to be a a weak argument.

    5. Re:10 Amendment by Gimbal · · Score: 4, Informative

      There's a commentary on the Constitutional support of right to privacy at U Missouri KC (and that, I had not expected, but hey, score one for democratic discourse)

  3. If corporations are people by flaming+error · · Score: 4, Insightful

    If corporations are people, these laws probably exist already.

    Regardless of laws, the audacity of demanding personal passwords as a condition of employment just boggles my mind.

    We're employees hired to do a job and go home. We're not paid to room and board our employer in our underpants.

    1. Re:If corporations are people by SeaFox · · Score: 5, Insightful

      That's what happens when you have...

      1. (Relatively) high unemployment.

      2. A government that is pro-business and anti-employee rights for years and years.

      3. Companies more and more feeling what an employee does on their personal time is their business because "it might reflect badly on the company".

    2. Re:If corporations are people by shentino · · Score: 3, Insightful

      And then someone rats them out and they get fired for lying about it.

      Expecting employees to lie is not a viable workaround, and neither is any other ethically questionable action.

    3. Re:If corporations are people by AngryDeuce · · Score: 2

      4. A population too stupid to make a throw-away account to give the employer, that talks about how much the prospective employee likes cute puppies. Post something to it once a week or so, give it some friends.

      Or, you know, just tell them you don't have an account. Even if you do, what are they going to do? Not hire you? Oh noes!!!

      Although, I admit, a throwaway account would be pretty funny if you went completely overboard with it. Plaster it with a metric shit-ton of Christian imagery and talk about how much you love Jesus, church, and capitalism. That's sure to impress most any major employer in the U.S..

    4. Re:If corporations are people by Concerned+Onlooker · · Score: 4, Insightful

      What about when they ask for Slashdot account info? You may not think you're participating in social media, but you are.

      --
      http://www.rootstrikers.org/
    5. Re:If corporations are people by HornWumpus · · Score: 3, Funny

      /. is antisocial media you retarded festering douchbag full of puss.

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
    6. Re:If corporations are people by mysidia · · Score: 3, Informative

      (1) Manage your Facebook password with a password management application, so you can legitimately tell them you "don't know" any Facebook passwords, they were randomly generated and are stored securely in a password manager at home and tied to that web browser.

      (2) Enable Facebook 2-factor authentication with a second cell phone. Don't bring that phone to any job interview.

      Even if you have the correct FB password, you cannot login to FB on a new unknown device without receiving the SMS message, and entering the security code that Facebook sends you via SMS.

    7. Re:If corporations are people by Jiro · · Score: 3, Insightful

      Manage your Facebook password with a password management application, so you can legitimately tell them you "don't know" any Facebook passwords

      "Well, I guess you're not hired then".

      Geeks have this idea that if you just answer a question in a way that is literally accurate but not what the other guy wants, that's the way to win. The real world doesn't work that way except in a very small number of cases, of which this is not one. If the employer asks for your Facebook password, as far as he's concerned, either you provide it or you don't. "Honestly, I rigged up some system where I can log into my Facebook account but truthfully say I don't know the password" counts as not providing it. The fact that the statement "I don't know the password" is truthful makes no difference whatsoever.

    8. Re:If corporations are people by AngryDeuce · · Score: 2

      Lying is stupid and unethical.

      So is any potential employer that would warrant it in the first place by asking for shit they have no right to ask for.

      I mean, employers outright lie to their employees all the time, and a job interview is often a competition in blowing smoke up the ass on both sides. How many people have been told one thing in an interview only to find out that reality is completely different once they're actually employed there? A padded resume versus the bullshit lie that most any given company is 'family oriented' (because we all know how often that is true), telling them you have no social media accounts versus them telling you that they promote based on merit alone (because we all know how often that is true)...I could go on and on...

  4. Re:Really? by mark-t · · Score: 4, Informative

    Yes, it actually happened

    No, it's not. See above

    Unfortunately not yet. But there could be soon.

    --
    File under 'M' for 'Manic ranting'
  5. Summary Confusion by Githaron · · Score: 3, Informative

    The Password Protection Act of 2012 (PPA) would also prevent employers from accessing information on any computer that isn't owned or controlled by an employee, including private e-mail accounts, photo sharing sites, and smartphones.

    I assume the summary meant to say that the act prevents employers from accessing information on any computer that is owned or controlled by an employee.

    1. Re:Summary Confusion by Dahamma · · Score: 3, Interesting

      Actually, from TFA it sounds like they meant to say it prevents employers from accessing personal information on any computer that isn't owned or controlled by an employer. I'm pretty sure the intent is that an employer should still be able to access and demand passwords to servers it owns, even if the employee runs them, etc, and anything else is none of their business.

  6. Re:Is it a typo, or just leaving huge loophole ope by Script_God · · Score: 3, Interesting

    As an applicant, you are not yet an employee. If they want to demand that I give them that information after I am an employee, and I refuse, I would not be surprised if there can be a wrongful termination lawsuit.

  7. Re:They must be... by EdIII · · Score: 2

    They must be.... americans.

    1) Americans is always capitalized.
    2) Congress Critters are not Americans, at least not in spirit or action.
    3) I take that as a compliment. Taking action and creating laws to protect somebody's privacy is always a good thing. Neither governments or corporations should have access to private information that has nothing to do with job, not performed while on the job, or performed on equipment or services not provided for by the corporation.

    Security and background checks for some jobs might require a little more... but how many Americans actually work in jobs that are that regulated and require security clearances? Not that many.

    This is why I am a staunch advocate of giving separate Internet access at work for employees and having a very well spelled out policy that nothing personal is ever performed on corporate equipment, ever. Nothing corporate ever makes it to personal equipment either. Violation can result in punitive actions all the way up to dismissal. When they are on break and in the break room, feel free to use their smartphones or tablets connected up to the public wi-fi and do whatever they want.

    Strict segregation works perfectly fine and is only a problem for the new "hip" techies that have an idealistic vision of bring-your-own-equipment. Which all that really translates to is your company is too fucking cheap to purchase the required hardware and they let their idealism allow all the users to get abused by management that only sees reduced costs. That's my opinion at least, feel free to flame and mod away.

  8. Nice Sentiment by rueger · · Score: 2

    Of course the reality is that if you really need that job you have pretty much no option but hand over whatever the boss asks for.

    Sure, in theory you could refuse, and when you get fired (or not hired in the first place) in theory you could drag them into court, but in practice the vast majority of working folks can't afford to lose the job in the first place, and can't afford the lawyers in the second.

    This would be about as effective as most workplace safety laws - sure you can refuse to do dangerous work, but when there are a hundred people lined up who are prepared to climb on a four story roof with no safety harness you'll find yourself unemployed very fast.

    --
    Three Squirrels
    1. Re:Nice Sentiment by Anonymous Coward · · Score: 3, Insightful

      This is the argument of the coward. Just stay quiet while your rights are violated because its too dangerous to stand up for yourself.

      Tell that to the countless workers that fought for their rights, some of whom paid for it with their lives. Are you saying they should not have bothered?

  9. Re:Is it a typo, or just leaving huge loophole ope by Dahamma · · Score: 3, Interesting

    Yeah, it didn't make sense. After reading the article, it was clearly a typo, and should have said "from accessing information on any computer that isn't owned or controlled by an employer". Ie. employers can still demand you hand over passwords on *their* systems, which seems reasonable enough.

  10. Re:Doesn't matter. by bky1701 · · Score: 4, Insightful

    That's why it is illegal to ask a large number of questions that are not directly relevant to the job; it is an unjustifiable source of potential bias. This law really isn't needed, what we need is a more general one outlining ALL cases to this effect, rather than several laws trying to specific specific things you cannot ask.

    --
    Great Intellect...
  11. Re:why another bill? by Dahamma · · Score: 3, Informative

    That happens a lot - similar bills are introduced, debated in committee, etc. Some are better than others, and if the process isn't completely broken (not even going there...) the various ideas get consolidated into something that meets everyone's needs and is then introduced to the floor.

    In this case, it seems like a law protecting any of your password-protected/private information (email, photo sharing, online backups, whatever) would be much more powerful than the previous one that focused mostly on your "social networking" accounts...

  12. Re:The 4th isn't enough? by KiahZero · · Score: 4, Informative

    No, the Fourth Amendment only covers state action; it doesn't address searches by third parties (unless they are being used as agents of the state).

    --
    I'm a lawyer, but not yours. I wouldn't represent someone who thinks taking legal advice from Slashdot is a good idea.
  13. Re:Game it by Grishnakh · · Score: 3, Interesting

    the constant stream of news about police brutality, unjust situations, erosion of rights, destruction of the economy, etc., etc. has left me hopeless, with only the prospect of gaming the system instead of fighting it.

    Not me. These things have made me start looking for jobs outside the USA.

  14. The 4th isn't enough! by DragonWriter · · Score: 4, Informative

    I would have thought the 4th amendment would have covered this

    You would have thought wrong, since the 4th Amendment imposes no restrictions on private conduct.

  15. Re:Here's an idea by bky1701 · · Score: 5, Insightful

    "Just don't use social media and you won't have to hide from your employer"

    And when you tell them this, they believe you are lying and don't hire you. Or hell, consider that a personality flaw and don't hire you for being anti-social.

    "Or.. Gasp... Be careful and keep it safe for work at all times. "

    Because living in fear is exactly what we should all aspire to, right?

    "One really should not put anything online that you would not want EVERYBODY to be able to read."

    Bit of a difference between, say, posting on a blog, and being pressed into giving someone else a password to your private accounts. Would you be against letting them scan your hard drive for anything they might find objectionable? After all, what's the difference? Your computer is connected to the internet.

    "Everything you put online, pictures, comments, blogs, chats etc. is going to be public information forever, or at least it CAN end up out living you. Remember that every time you are tempted to post."

    Does that apply to spineless pro-corporate shilling on slashdot?


    I kind of see this all as a non-issue. In some ways the loss of privacy is a bad thing... in other ways it is good. We didn't see much motion in the gay rights movement until people started to come out. I think the same is going to start to happen in other parts of society - the petty prejudices aren't going to hold up so well in an age where everyone is more open. Not to say I am for invasions of privacy, but it is going to happen, and it isn't all bad. I also can see being closed off as becoming something itself considered undesirable and I think rightly so.

    --
    Great Intellect...
  16. Re:And you're in by Surt · · Score: 2

    Simple solution: modify your facebook password to match a section of your DNA. Then asking for any of those things would require you to surrender your facebook password.

    --
    "Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
  17. Re:Really? by PRMan · · Score: 3, Insightful

    Most people's Facebook status includes their Marital Status, Religion, etc., several things that are not allowed to be asked in of a prospective employee. So I would think somebody could have gotten them on that.

    --
    Peter predicted that you would "deliberately forget" creation 2000 years ago...
  18. Re:Here's a better idea by The1stImmortal · · Score: 2

    If you're posting evidence of yourself committing a criminal act online then you've got bigger issues than what your employer thinks about it...
    (Note - No judgement here on whether this particular act should be illegal or not, just that it currently is)

  19. Re:Doesn't matter. by Ol+Olsoc · · Score: 2

    Blah blah blah ... prove it. Prove it's me and NOT YOUR LACK OF SKILLS OR OTHER QUALIFICATIONS! prove it Asshole!

    Go back, reread your post. With a little luck, you'll see what your problem is.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  20. Overbearing government intrusion! by truavatar · · Score: 2

    This sounds like overbearing government intrusion into the private market to me. Employers should be free to demand whatever they want as a condition of employment, from high-school transcripts to semen samples! If you don't like it, find another place to work!

  21. Wait a sec by SilverJets · · Score: 3, Insightful

    The Password Protection Act of 2012 (PPA) would also prevent employers from accessing information on any computer that isn't owned or controlled by an employee, including private e-mail accounts, photo sharing sites, and smartphones."

    Shouldn't that be isn't owned or controlled by the employer or company instead? An employee's personal computer (and I'm using personal here to mean one that belongs to the employee) shouldn't be accessed by the employer either.

  22. Technically already a felony? by Fned · · Score: 2

    If you log into my friend's account and you're not my friend, you now have access to information in my profile that I did not give you permission to.

    Facebook's ToS explicitly prohibits doing this.

    Violating a website's ToS in order to gain access to information you don't have permission to access is, I think, some sort of federal crime.

    Any lawyers care to chime in on this one?

    1. Re:Technically already a felony? by ub3r+n3u7r4l1st · · Score: 2

      Technically yes, as it is considered unauthorized access. But unless it caused bodily injury or financial loss, most agencies wouldn't care.

      Same with opening a new account with the name resembling your long lost friend/relative etc. and tried to gain access to your profile by tricking you to accept them as friends. This could remotely consitutes identity theft.

      --
      New Economic Perspectives
  23. Re:Is it a typo, or just leaving huge loophole ope by Bengie · · Score: 2

    IANAL - Last I checked, the DOJ ruled violating the TOS is criminal and goes against Computer Fraud and Abuse Act. An appeals court ruled violating a TOS is not criminal, but several other appeals courts have. It is now going to the supreme court, but it currently stands to be criminal

    Anyway, where I was going with this is handing over your password or asking for another person's password is in violation of Facebook's TOS. It currently stands that asking for your password or asking to even see your FB account is criminal, and I'm pretty sure it is illegal to require a potential employee to participate in something illegal.

    I also thought it was illegal to require an employee or potential employee to violate a legally binding contract, such as a TOS.

  24. Re:Doesn't matter. by mysidia · · Score: 4, Informative

    That's why it is illegal to ask a large number of questions that are not directly relevant to the job

    It's not illegal. It's just inadvisable. If one of your questions exposes membership in a protected class, there is a risk that there may be liability / possibility of a discrimination suit.

    However ill advised, if you want to refuse employment to a janitor who never played Chess or Checkers, can't remember the rules to the game Go, or can't beat the interviewer in a poker game, the employer can do that, as long as they are consistent and require the same of every candidate.

    It just happens that employers are in the business to select employees, and any irrelevent question is a waste of time.

  25. Re:Here's an idea by knorthern+knight · · Score: 2

    > So your solution is don't use social media and you won't have to hide it - even
    > though as I said that will not work because they will rightly assume
    > you're probably lying (it is simply not the common case),

    [...deletia...]

    > The end point of this is that almost everyone now uses social media

    Wrong. Check out http://www.socialbakers.com/facebook-statistics/ Most English-speaking countries are at approx 50% of the population. As of the time of posting...

    * USA 50.72%
    * UK 49.63%
    * Canada 53.39%
    * Australia 51.48%
    * New Zealand 51.40%

    That's number of accounts divided by population. Stuff that isn't supposed to happen, but does...
    * children under 13 with accounts; they merely lie about their age
    * people with multiple accounts. E.g. a squeaky-clean one for their employer, and a "real account" under a different name, and multiple accounts to rig Farmville, etc.
    * There aren't supposed to be a bunch of bot-accounts, but you can go out and buy 1,000 or 5,000 or 10,000 "Likes". What does that tell you?

    Normally, these bogus accounts can hide in the background. But for small countries it really stands out. Note that Monaco has accounts for 124.31% of its population. Don't believe the 900 million crap you hear.

    BTW. I'm not on Facebook.
    Wonder why I don't trust Zuckerberg?
    It's because I'm not a dumb fuck

    http://www.newyorker.com/reporting/2010/09/20/100920fa_fact_vargas?currentPage=all

    --

    I'm not repeating myself
    I'm an X window user; I'm an ex-Windows user