Slashdot Mirror
New Illinois Law Protecting Social Media Rights In the Workplace
sl4shd0rk writes "Illinois (USA) Governor Pat Quinn signed a new law this week protecting employees' privacy rights concerning social media. Bill 3782 makes it illegal for an employer to request an employee's or job candidate's social network login credentials, in order to gain access to their account or profile. 'Members of the workforce should not be punished for information their employers don't legally have the right to have,' Governor Quinn said. 'As use of social media continues to expand, this new law will protect workers and their right to personal privacy.'"
Illinois did something that makes sense? WTF?
Read the full text of the law here
At least they cited the bill number. I hate it when news outlets don't tell you the bill and have to go searching for it.
We don't live in Shouldland.
Some sensibility in lawmaking. That's refreshing.
There's nothing like $HOME
It wouldn't be against the proposed law to ask employees to make all that information public, would it? Law might be too specific.
This doesn't make sense at all. They can't ask for credentials? So they will ask to be "friended" or "circled" just to get an interview. Sucks for me, since I don't have a Facebook account and will be excluded as if I am hiding something...
Actually, it doesn't make sense.
If an employer wants my Facebook Password, it is really simple, "NO". I don't need a law to protect me.
And in fact, should anyone ever ask for my password, I'd start passing that info on to the social networking sites as a warning to others. We don't need government creating idiotic laws that will last well beyond the technology's life span.
If everyone acted the same way, with the same level of outrage, the problem would go away on its own. We don't need government to fix stupidity, we just need an educated public.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
...said the Anonymous Coward on the internet.
What are these jobs that make you surrender your personal login credentials? Is this really happening? How would this ever be considered acceptable practice?
I would argue that their right to personal privacy is given up when they decide to broadcast information on a public international communications network.
Social networks is the worlds largest experiment in removing the safety labels on devices.
my 2c.
If the information were publicly broadcast, I wouldn't need to ask you for your credentials in order to access it, would I? Unless I'm much mistaken, the bill doesn't protect you from being axed for those public pictures of you sucking a skull bong(which can be accessed without login, or with an arbitrary set of credentials), it just prevents me from demanding your access credentials.
Always funny with a post and it's sig contradict each other.
Fugue for Aaron Swartz
So you are ok with them asking for your email password? After all, you give up privacy when you send all those bits across the internet right?
Fugue for Aaron Swartz
There is arguably a difference between 'doesn't make sense' and 'will be relatively easy to evade'.
Most worker protection legislation suffers from the basic problem that there are just so many innocent-sounding reasons to get rid of someone for reasons wholly unrelated to any legally protected trait.
Whistleblowers, assorted wage/salary/time-worked accounting shenanigans, occupational hazards, harassment, and virtually anything else all fall into that category.
Trouble is, unless you've got a bold plan to achieve an enormous restructuring of the economy (at least to the point where the labor market is a seller's market, perhaps even to the point where most people aren't 'employees'(and no, the 'oh, he's an "independent contractor" because those are cheaper than employees, he just resembles an employee in all other ways'/permatemp doesn't count)), the condition of employees in your economy will be one of the greatest determinants of the welfare(and even the day-to-day freedom) of most of the population.
That makes ignoring the problem a bit... unpalatable.
It's not really that, I don't think. Since now you are a terrorist if you do not have a Facebook account, I believe it is in the interest of National Security to allow employers access to job applicants' Facebook accounts, just to make sure those accounts are real and legitimate, and not just shell accounts created to avoid looking like a terrorist.
Great, now I have to look up the definition of electronic mail. Is it going to be things which talk rfc822? Or it is going to be things which transmit messages between different users? (I just checked Facebook and it has some kind of messaging thing in it; would be hilarious if Facebook didn't qualify.)
I bet most sites which use logins, could be made to become social networking. Even banks, if you get creative.
I hate laws like this, which are so needlessly specific to handle ephemeral trends. Why didn't they just make it illegal to impersonate other people? Who profited by lobbying against that?
"Believe me!" -- Donald Trump
And what about in a state like where I live, NC? Employeer "I want your facebook information" me "no" Employeer "ok you are fired" me "doh!" a lot of states are right to work states where they can fire you for nothing if they so chose to. Even if not they can find something to fire you for in no right to work states.
When you cant win, ad hominem.
a number of folks have thier profiles locked down to the point where all you can see is that they have a profile (without friending them)
so unless FB decides to rejigger the settings and "accidentally" set everything to World Visible there can be a lot of stuff you have on FB that folks can't see.
Any person using FTFY or editing my postings agrees to a US$50.00 charge
Politicians protecting themselves from investigation. The legislators likely doesn't want the state to ever ask for their facebook credentials.
They can create this law, but they won't create a law to prevent your employer from asking for your bank and investment accounts (SEC regulation). The Federal government will usurp this law under the guise of terrorism prevention.
We don't need government to fix stupidity, we just need an educated public.
There's this thing called a legislature. People elect other people to go and make laws in the legislature. It makes it easier for people to get things done so they don't have to organize a concerted show of outrage towards companies. Instead they argue the merits of such a law and the elected persons make it so.
Nothing like saying the most corrupt state in the country is uneducated. They know which side the bread is buttered on...
"Don't meddle in the affairs of a patent dragon, for thou art tasty and good with ketchup." ~ohcrapitssteve
If I asked somebody for their Facebook password in a job interview, and they gave it to me, that would tell me that they don't have enough clue to be worth hiring :-)
Asking for their Facebook user name is different - There are jobs for which it may make sense to see what somebody's public profile looks like (as opposed to what they're showing their friends.) There are HR people who there who would also want to look at who their friends are, which is getting into creepy, of course. And there are jobs that want to see your Klout score, for which xkcd has already covered the topic..
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
If in an interview I am ever asked to friend a potential employer or give out my login credentials, I will politely say, "Thank you very much for your time and consideration but I am no longer interested in employment with your company." On one hand, I like the idea of making this illegal. On the other, I think it would be stronger to let market forces end this practice. If enough people simply stand up and walk out when asked to cough up their facebook information, the practice would stop immediately because the company would be unable to hire anyone. If the work force were more united and less divided, market forces could dictate more workplace friendly policies. However, because Americans live in such abject fear, most are likely to just aquiesce so we need a law to provide a security blanket for the fearful.
It's one thing to ask for somebody's Facebook user name, so you can see if they're posting embarrassing pictures of themselves and friending inappropriate people, and so you can look at their Mom's Facebook page to see if you can find her maiden name.
It's something entirely different to ask for their password, so you can post embarrassing pictures of them on their Facebook account, friend inappropriate people, and write stuff on their Mom's Facebook page wall.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
If you are out of work, really need a job, and an employer is making an unreasonable (but still legal) demand, you are in a rather unequal bargaining position. It's all well and good to stick up for yourself if you have the luxury of turning down a new job or aborting a promising interview, but not everyone is in that position. The law levels the playing field by prohibiting employers from even asking for something they have no business getting.
>> Illinois did something that makes sense?
The legislature is like the monkeys with the typewriters...
Standing up for your rights when an employer asks you to do something legal, but unreasonable is all well and good if you are actually in a position to refuse. But if you are out of work, and really need the money, refusing an offer or aborting an interview because of crap like this is quite a bit harder.
This practice is, arguably, already illegal under the US Computer Fraud and Abuse Act.
http://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act
It all depends on whether your employer would be considered "authorized" to access the computer just because you coughed up your credentials.
If giving your credentials to other people is against the TOS of the site, one might argue that your employer is not authorized and, furthermore, that you might be guilty of "Knowingly and with the intent to defraud, trafficking in a password or similar information through which a computer may be accessed without authorization."
this signature has been removed due to a DMCA takedown notice
Emphasis on the part that I felt was entirely overdue.
HB 3782 prevents employers from screening potential job candidates or reprimanding current employees based on information from their social network accounts that would otherwise be private.
ie. They can't just friend you or your friends in order to glean info off of your account and then fire you for it. I would imagine that if you have the info set to openly public it might be in the gray area.
Now if we could get them to remove the stipulation in affirmative action laws that allow them to decide what they think you are (race/gender/etc) and document it after you choose to opt out of offering them the information. (I've had several issues with this in the past few years)
Asking for their Facebook user name is one thing - a company might want to see the public profile the person presents, and a creepy HR department might want to see who their friends are. But any HR department that wants your password is exposing the company to legal liability for misuse of the information, and really has some 'splainin to do about why they want it the ability to forge the job candidate's information.
I do computer security - anybody dumb enough to give us their password is too dumb to hire, unless it's a fake honeypot account, in which case if we're dumb enough to risk logging in then we deserve whatever happens to us. HR may think that the link showing they've made Godfather really goes to the real Mafia Wars, but it's a job offer they can't refuse.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I don't need a law to protect me
If the company can refuse to hire you because you refused to provide a password, even if they are violating the Facebook TOS, and if there is no legal recourse against that company for how they are behaving then yes, you need the law to clarify its position (which is more what this is).
Worse still is if governments have ruled through various agencies that they *can* ask for your passwords legally - which they probably cannot, and this clarifies that they aren't allowed to do that. Keep in mind that laws will be written to say blandly generally things like 'the police force should use all due diligence to ensure only reputable people are hired', so then some civil servants in an agency will try and interpret 'due diligence' and 'reputable' every year, and s/he doesn't want to get fired for not doing enough diligence.
The law isn't in this to protect the data on your facebook account, which is what you're talking about being able to protect yourself. It's about first protecting you from discrimination for refusing to do something stupid (and potentially illegal), and secondly it's protecting the government (and companies) from being on the losing side of a lawsuit for doing something they shouldn't have been doing.
Governments frequently grapple with the question of what employees are to do if they're given instructions they don't think are lawful or within the terms of their contract. This isn't just 'don't torture people because the vice president said it was ok', it's things protecting employees who demand gloves and sweaters when they work in freezers, or when laws are very very complicated, or overlapping or the like, and who trumps who and so on. You as a prospective employee need to be protected from being punished just because you're following contracts you signed, which was that you wouldn't give up your facebook password when you agreed to facebooks TOS.
If everyone acted the same way, with the same level of outrage, the problem would go away on its own.
No. It could very well go the other direction. If the bureaucracy makes a rule, and no one successfully challenges it (and remember, they might actually be authorized to demand your password if the law granting them authority was unintentionally over reaching) then you need to make new laws. Otherwise demanding your social networking passwords could easily become routinely allowed.
You can't authorize somebody to access Facebook's servers unless you work for Facebook. Access is granted in the T&C for users when they sign up, but it explicitly forbids giving others your login details.
Simple solution: Facebook should set up a "panic password" which you can hand over, the first time this is used it locks the account down, records the IP etc and flashes up a big page informing the "hacker" that they have broken laws X,Y and Z, that the authorities and the original user have been informed, and that Facebook will assist the user in pressing for prosecution and compensation.
Please consider this account deleted, I just can't be bothered with the spam anymore.
Like the Chicago Cubs say, "you can't lose 'em all." Actually, I've found Illinois politicians actually listen to their constituents (some are better than others, of course) and the constituent doesn't have to be a campaign contributor, or even in the same party (which party's primary you vote in is a matter of public record in Illinois).
As to Illinois doing something that makes sense, do farms make sense? Most of the state is famland. Does subatomic particle physics make sense? Before the LHC, Illinois had the world's biggest atom smasher. Oh, and Lincoln, Reagan, Obama, and Seven of Nine are all from Illinois. Of course, Reagan didn't make much sense, but he had Alzheimer's.
Now, Quinn signing a bill that makes sense, or getting anything at all right, now THAT'S weird! The saddest thing is, he's the best governor we've had so far this century (the previous two are in prison).
Free Martian Whores!
And what about in a state like where I live, NC? Employeer "I want your facebook information" me "no" Employeer "ok you are fired" me "doh!" a lot of states are right to work states where they can fire you for nothing if they so chose to. Even if not they can find something to fire you for in no right to work states. Sounds like you were fired for cause, and an unjustified cause at that. I'd hire a lawyer. They can't fire you for refusing to break the Facebook's Terms of Service.
If you are not allowed to question your government then the government has answered your question.
If an employer wants my Facebook Password, it is really simple, "NO". I don't need a law to protect me.
What if you need the job? And what if the employer next door wants your password too?
Which is why no jobs ever drug test, right?
I say no now, but I know if I ever end up hungry I too will take a wizzquiz.
Actually, it doesn't make sense.
If an employer wants my Facebook Password, it is really simple, "NO". I don't need a law to protect me.
Prior to this law, you could be fired for giving that answer in Illinois.
No the worst from a tyranny is when you don't have the freedom to even do that.
If you think Illinois is corrupt, you should check Oklahoma and Texas.
The problem is, no one has any balls today. People have been brainwashed into believing that "there should be a law". Hence - we have a myriad of nonsense laws to "protect" us. Strange how all those laws designed to "protect" us can be used to hammer us senseless when we come to the attention of law enforcement officials.
Yes, I'm all for an educated public. Unfortunately, the departments of education around the country are largely responsible for the brainwashed condition of the masses.
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
Neither Oklahoma nor Texas has recently had a governor arrested, prosecuted, and found guilty of felony misdemeanors. That's not to say that those states don't have corruption problems, but we can make a damned convincing argument that Illinois might be the most corrupt state.
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
You forget that Facebook is not the product. It's users are the product.
A panic password does little to nothing for Facebook and only creates more work for them.
In this case, we would need a law to force Facebook and others to do this.
We don't live in Shouldland.
YOU might not. Recognize that not everyone has the same position you do, and there are people who are very desperate for a job.
But I forgot, that infringes on your ideals of "Fuck them, I've got mine."
It really does depend on what those charges are. In the case you're talking about, they were corruption charges. But there are a number of felony misdemeanors, or any felonies for that matter, which wouldn't really show corruption. A governor getting arrested for a DUI, for example, would probably show that said governor is an idiot, but not necessarily that they are corrupt. If anything, I'd almost say that their conviction on that charge might prove the opposite.
"we just need an educated public" - Why not just ask for a utopia?
There will always be a sucker willing to give up their FB info, who is "good enough" to fill a position that you want.
I don't know if the wording of this bill addresses it either, but your TOS point would arguably be defeated just by asking the employee/candidate to login themselves.
My webcomic
Going on Twitter or Facebook and marketing "I was fired for not giving my Facebook Password" would create enough backlash that the company would lose in the end
Unlikely. That doesn't mean that the person shouldn't spam every news outlet and social media site with the info, I just don't think it would have the effect you believe it would.
And why would you want to work for such a company in the first place?
I'm going to assume he enjoys paying rent and eating food. Not everyone has the perfect job mobility you apparently do, and some people really do have to tough out very shitty jobs for a while. This is just a measure to cut down on the abuse and make those jobs a little less shitty.
Whatever he's smoking, it's making him very optimistic. I would love to be so blissfully happy.
I hope that thought gives you comfort while you're starving in a gutter.
1). Where does an unemployed person find the money for a lawyer?
2). In just about every "Right to Work" state there is, the employer does not actually have to state the reason why they are firing you. Leaving the burden completely on you to prove that the fired you because of not handing over the FB password. And likely they will have something else stored away for just such an occasion, like a violation of the "Network Acceptable Use Policy" (He browsed Slashdot at work!).
No, not even close.
So when I bank online, I shouldn't have a right to privacy for others to see my bank info?
The company I work for has inserted themselves as at Trusted Root Certification Authority in Internet Explorer. They can easily do this since they deploy IE to the desktop.
Now, when you go to Facebook, LinkedIn, Twitter, etc. they do a Man-In-The-Middle attack and present their Cert as authenticating the site.
So it you were to look at the secure certificate for Faceboook, you'd see:
The certificate is issued to Facebook.com
But The certificate is issued by internalServer.myEmployer.com
Between you and the site they're decrypting the data and re-encrypting using their own certificate before they present it to you. Then the reverse takes place when you send data. This trick captures logins and passwords as well as any other "secure" browsing over SSL. The lock symbol appears, so most users wouldn't bother to look closely at the certificate since it's "valid".
Does anyone else know of other companies doing this?
No, the problem is that employees have very little bargaining power compared to employers today, and that many of them still like to eat.
I hope the idea that you still "have balls" would provide you comfort when you're unable to find a job.
Then you could sue, because even in "right to work" states, there are laws protecting workers.
There are not yet laws protecting workers from their employers requiring their login for social media. That is why they are proposing this law in Illinois. To create those protections. Which, from your previous posts, you seem to indicate you are opposed to (or think is unnecessary?). I am a little confused about what your position actually is.
Not everything on a Facebook profile is public.
If you are one of the uber controlling assholes who would dare not hire someone because they won't let you do something illegal, I hope your business goes bankrupt and brings you down with it, leaving you to live under an overpass.
"1). Where does an unemployed person find the money for a lawyer?"
There are plenty who will do it for a cut if it looks likely to win. Firing someone for refusing to violate the law? Multi-millions right there.
Great Intellect...
No. If they can access the information legally without my password, then they are welcome to it because it is public information. But, if they need my password to get the information, then it isn't really public information so they should not have access to it.
If it's already public and accessible, then why are they asking for my password?
There's more stuff on a FB account that might not be public. Direct messages, for one.
You can sue anyone, anywhere (in the US), for anything. Whether you will win (or whether the judge will throw your case out) is a different question. My opinion would be that you should be able to sue FB if they set everything to be world visible. But, I am sure that is a topic that could be debated at length.
I still like the idea of explicitly telling employers, "NO! You can't do this!"
Again, you have to be able to actually prove it. That's not going to be easy.
Actually, Illinois is not the most corrupt per capita. Recent surveys have put North Dakota or Louisiana at the top.
You just argued that you gave up the right to personal privacy, which means the ability to search. You can't have it both ways.
Fugue for Aaron Swartz
Hmmmm.... you can choose between:
A) Impending foreclosure, unemployment, hunger, and bankruptcy.
B) Making sure you keep to a strange term in a unilateral contract that you are being asked to violate under duress.
Gee... such a tough decision.
There are times to draw a line in the sand, and turning down much-needed employment in order to enforce Facebook's ToS isn't one of them.
Given the stories of "fake users", bots and the like currently doing the rounds, you'd think it would make sense for them to at least make an attempt at linking accounts to their owners. There's little point advertising the latest cosmetics to the 56 year old male boss of an 18 year old female...
Please consider this account deleted, I just can't be bothered with the spam anymore.
If the lawyer will take the case for a cut of the proceeds, what do you have to lose? Time? What's it worth to you when you are unemployed?
I know several people that make a decent living just off of suing somebody or 4 or 5 years. Sad but true. If you get fired for not turning over a FB password, that is a legitimate lawsuit, IMHO.
If you are not allowed to question your government then the government has answered your question.
Yeah. Illinois is corrupt. Look up "Corruption" in a dictionary and the entire entry is in the shape of the state of Illinois.
Note: The federal government didn't "stamp out organized crime" in the 20's and 30's. Organized crime simply stepped into local government because they could get away with more and it was more lucrative.
Chas - The one, the only.
THANK GOD!!!
how is broadcasting publicly inherently linked to loss of privacy? it's possible to do it without losing privacy.. if you meant 'should' instead of 'is', then I disagree. in such a society, there'd be no privacy unless you hole up in a closet for life.
companies like yours are the other half of the orwellian statist leftarded mentality. without you, they couldn't take our rights away with each passing bill.
Illinois here. I have not had *a* governor arrested recently.
I believe I'm up to 6.
http://www.time.com/time/nation/article/0,8599,1865681,00.html
Try to keep up, haters!
And unless there is a law to protect you, that NO will send your resume into the round file every single time. Eventually, as you stand in the rain digging ditches for minimum wage, you will break.
OTOH, if it is illegal for them to even ask, you won't face that problem.
No, I'm not ok with such an employer. But I'm even LESS ok with losing my house, car, etc.
I'd probably bail as soon as possible, but in the meantime the proverbial beggars can't be choosers.
If the lawyer will take the case for a cut of the proceeds, what do you have to lose?
That's a pretty big IF. And the fact that you have to prove said wrongdoing makes it less likely that IF will happen.
Bullshit. There are absolutely no rights being eroded in this bill. Go back to FoxNews.com and rant about the government some more.
In that case, I made the choice to log into FB at work. In this case, I'm not having any real choice in the matter, especially if I'm on unemployment.
Yes, it would... If you had a huge loyal social media following. If you just have twenty friends on Twitter, Facebook, or Google+ then those 20 friends will get outraged. Some of them might pass it on and some of those people might feel mildly upset about it. Perhaps one or two of them will pass it on, but it would peter out quickly. Yes, social media can amplify your audience. Your friends, by sharing your post, can get you a larger audience for your thoughts. It can't, however, get you a huge audience of people banging down your employer's door demanding that they reverse their policy unless 1) you have a huge audience to begin with, 2) you are close friends with someone who has a huge audience, or 3) you happen to get lucky and your post goes viral. Don't count on 3 happening every time... or at all. It may happen, but it is far more likely that it won't.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
This is exactly *why* companies have been asking for passwords. First, they just checked people's Twitter/Facebook pages. Then, they realized that people can hide things. They can protect their account on Twitter or only show items on Facebook to "friends" so they began requiring employees to follow them so that they (the companies) could see more. Now, knowing that people can still hide things from The Company, they are demanding your password. This way, they can log into your account and make sure you aren't posting anything that the company frowns upon... even if it is done on your own time.
Them asking for your e-mail password is the perfect analogy. They want your password to gain access to things you've written that they don't have any other way of accessing. It's completely wrong of them to ask and it's against the TOS of most sites to share your password, but there may be no legal recourse for someone who wasn't hired (or was fired) simply because they didn't give up their passwords.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
it violates the social media sites terms of service, so you can't share the password. simple.
...
I see he's a democrat. I can't picture a republican passing a law which would limit the ability of companies to spy on their employees. It's too bad. I used to think the republican party was the party of small government and less government intrusion. Seems that's changed since it got hijacked.