Slashdot Mirror
This Time, Facebook Is Sharing Its Employees' Data (fastcompany.com)
tedlistens writes from a report via Fast Company: "Facebook routinely shares the sensitive income and employment data of its U.S.-based employees with the Work Number database, owned by Equifax Workforce Solutions," reports Fast Company. "Every week, Facebook provides an electronic data feed of its employees' hourly work and wage information to Equifax Workforce Solutions, formerly known as TALX, a St. Louis-based unit of Equifax, Inc. The Work Number database is managed separately from the Equifax credit bureau database that suffered a breach exposing the data of more than 143 million Americans, but it contains another cache of extensive personal information about Facebook's employees, including their date of birth, social security number, job title, salary, pay raises or decreases, tenure, number of hours worked per week, wages by pay period, healthcare insurance coverage, dental care insurance coverage, and unemployment claim records."
Surprisingly, Facebook is among friends. Every payroll period, Amazon, Microsoft, and Oracle provide an electronic feed of their employees' hourly work and wage information to Equifax. So do Wal-Mart, Twitter, AT&T, Harvard Law School, and the Commonwealth of Pennsylvania. Even Edward Snowden's former employer, the sometimes secretive N.S.A. contractor Booz Allen Hamilton, sends salary and other personal data about its employees to the Equifax Work Number database. It now contains over 296 million employment records for employees at all wage levels, from CEOs to interns. The database helps streamline various processes for employers and even federal government agencies, says Equifax. But databases like the Work Number also come with considerable risks. As consumer journalist Bob Sullivan puts it, Equifax, "with the aid of thousands of human resource departments around the country, has assembled what may be the most powerful and thorough private database of Americans' personal information ever created." On October 8, a month after Equifax announced its giant data breach, security expert Brian Krebs uncovered a gaping hole in the separate Work Number online consumer application portal, which allowed anyone to view a person's salary and employment history "using little more than someone's Social Security number and date of birth -- both data elements that were stolen in the recent breach at Equifax."
Surprisingly, Facebook is among friends. Every payroll period, Amazon, Microsoft, and Oracle provide an electronic feed of their employees' hourly work and wage information to Equifax. So do Wal-Mart, Twitter, AT&T, Harvard Law School, and the Commonwealth of Pennsylvania. Even Edward Snowden's former employer, the sometimes secretive N.S.A. contractor Booz Allen Hamilton, sends salary and other personal data about its employees to the Equifax Work Number database. It now contains over 296 million employment records for employees at all wage levels, from CEOs to interns. The database helps streamline various processes for employers and even federal government agencies, says Equifax. But databases like the Work Number also come with considerable risks. As consumer journalist Bob Sullivan puts it, Equifax, "with the aid of thousands of human resource departments around the country, has assembled what may be the most powerful and thorough private database of Americans' personal information ever created." On October 8, a month after Equifax announced its giant data breach, security expert Brian Krebs uncovered a gaping hole in the separate Work Number online consumer application portal, which allowed anyone to view a person's salary and employment history "using little more than someone's Social Security number and date of birth -- both data elements that were stolen in the recent breach at Equifax."
ALL incomes should be public.
The only reason they are not, is so employers can play employees against each other and prevent them from teaming up and balancing the market.
It's one of the ways in which the supposedly free-market-loving industry does the opposite, and impedes said free market.
You should be able to go: "Hey! Not fair! I should be getting just as much as Joe!"
I'm not sure a national identification number, that could also be subverted, is the answer... perhaps the answer lies in biometric verification or elsewhere, but the present system is broken by the continued carelessness of virtually everyone.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
Yes, I recommend a chip that will contain the information instead and which will be implanted in the head or in the hand.
Palaces, barricades, threats, meet promises
The question has been, "Why are wages not going up in the United States?" The answer has ultimately been, "We don't know."
If companies are using wage data to manage wages, the real market forces can not play out. It doesn't matter what one asks for, downward pressure on wages will always exist. This leaves zero room for real negotiation, and almost zero pressure for companies to have to decide real wages.
--
Pick a salary, any salary. That's cute, here is your salary.
Well, if you take a look at the Constitution of the United States of America, you won't find anything that explicitly forbids a private company from collecting data about you, which can be sold and used by the buyer for whatever purposes they decide.
Now, if a while back in Philadelphia, you would have floated this business model while quaffing some musty ales with John Adams, Benjamin Franklin, Alexander Hamilton, John Jay, Thomas Jefferson, James Madison, and George Washington . . . they would have all been thoroughly disgusted by this concept.
But then again, the Constitution isn't worth the paper that it is printed on these days, so if even if there was something in there against this practice . . . it would be simply ignored.
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
It was time for an alternative a LONG DAMN TIME ago.
But biometric verification is a terrible answer. Your bios can change over time. Any means of verifying them translate to simple data hashes...which can be stolen. Once stolen, you have no means of generating new ones. Complete fail.
The national ID, which is now mandatory basically everywhere, is not any better. They say it is, but it is the same old shit in a new heap.
Anything that actually WOULD be better (public/private keys and so on) are not and will never be an option for us for two compelling reasons:
1) They give too much control to us. That will NEVER stand.
2) They are too hard for most people to manage competently. Stupidity of the masses is why we can't have nice things.
That's the way it is.
Yes, I recommend a chip that will contain the information instead and which will be implanted in the head or in the hand.
I sure hope it's at birth, so, like circumcision, we have no memory of it.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
Well, if you take a look at the Constitution of the United States of America, you won't find anything that explicitly forbids a private company from collecting data about you, which can be sold and used by the buyer for whatever purposes they decide.
Now, if a while back in Philadelphia, you would have floated this business model while quaffing some musty ales with John Adams, Benjamin Franklin, Alexander Hamilton, John Jay, Thomas Jefferson, James Madison, and George Washington . . . they would have all been thoroughly disgusted by this concept.
But then again, the Constitution isn't worth the paper that it is printed on these days, so if even if there was something in there against this practice . . . it would be simply ignored.
Quaffing musty ales, in whose esteemed company, "I'll have a Samuel Adams" would've been utterly misunderstood.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
You're well on the way to Slavery 2.0 :(
So it is a union for employers? Working together, making sure they don't pay their employees more than they have to? :D
"You want how much? No no, that's not what they are paying you!"
I do not think any other western country permits this type of thing.
There are millions of laws on the books. They were all passed after our country was founded. They are not, and never were, part of the constitution.
This is a shitty thing for employers to do, and people have good reason to be pissed off about it. Further, people can retaliate by refusing to work for employers that do this, and lobbying to get legislation on the books to make it illegal.
The constitution is a complete non-issue.
I work at a company that requires verification of employment for big ticket item loans and we use this system. It is every bit as bad as described. Here is how to reset your password in TWN:
Go to the website login page, press reset password, a code is emailed to you to reset said password. I have never seen it ask for security questions, and yes, they do have a 4 digit pin that the users get. Ohh, and 2 factor? Nope!
Also, DOB and SSN is all you need to look up records, however some searches are now requiring the current employers tax ID before the search will work.
One more fun fact, they send a CSV with all your purchases (Searches) each month with the persons name that you searched, last 4 of SSN, and some other PII i cannot remember right now in clear text over email. Fun times
Nah, the automatic update protocol involves them shooting new dart tags into us every time we go outside.
Gotta make sure your security is up to date.
I guess Slashdot nerds have the attention span of a ferret and don't remember the TALX hack from early 2017.
The answer is not having a business that pokes its nose into other people's business.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
It doesn't say anything about murder either.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
This not news -- there are at least two companies that run employment verficiation databses.
You guys should consider an Amendment to add a right to privacy, for what it is worth.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Biometric verification is even worse! The SSA can hand out a new number, they cannot give you new fingerprints or a better face.
So what if they have techs like Equifucks developing such a chip and then any dillhole can crack the transmission protocol and read out personal data from anyone who walks around in a half mile radius?
Employers use this system to wash their hands of the idea of a "reference call." Since most employers (in policy, at least) will only verify dates of employment and previous salary if called for a reference, this system basically publishes this information and has been in existence for years. It's only coming to light now because of the Equifax breach. Employers love it because it gives them the legal check box of not empowering a "rogue manager" to divulge anything about previous employment. (This is why I think we see a lot of jokers bouncing from place to place and screwing things up with no consequences.)
Beyond the info security aspect, the other problem with a system like this is the ability for companies to deny job offers or reduce salaries based on what you previously made. I've actually had situations where HR offered salary X and then pulled back the offer and countered with a lower salary because of what they found in a potential employee's background search. I don't like this because it encourages the exact behavior we see in the tech industry now...get your first job, then jump as quickly as possible from employer to employer to get higher salary increases. Honestly this is fine if you're a drop-in replacement coder cranking out work to spec and have no clue what the business need for it is, but I work for an employer where you really need to know the industry a bit before you're truly useful. Just getting up to speed can take 8 months or so and you're not really capable of understanding the work until about a year. We can't have people cycling in and out on 6-month contracts...some of our best employees have been around for 15 or more years and sticking around is encouraged because training is so expensive. This is in our little group however, and HR is HR no matter what you tell them you need.
I think the best solution to fix wage stagnation would be to tax profits at a rate where it makes more sense to pay people and invest in the business than to just give the money to the shareholders. That, and get rid of systems like this. Along with automated resume scanners, this is just another HR tool to ensure they minimize the cost of hiring someone. (Seriously, I've never seen the back end of Taleo, but every company I've ever applied to with Taleo handling applications seems to auto-reject people at a very high rate. I wonder if they have pre-defined filters like "no one over 40" or "must match 95% of the words in the job description" or "give me the top 5 resumes by match.")
Is there some way that we can charge zuck and the rest of them and send them to the Hague? they knew what they where doing they knew the sort of damage it was likely to cause, can we just put them in a cell with Milosevic or something
What would be wrong with publishing a specific salary, seeing how many candidates bite? If it's too low, then people won't be interested. Raise it a bit, repeat.
Why play the guessing game with new hires and interviewees or base present salaries on past salaries in a database? Place a bid for labor. If no one responds, then raise the bid.
Send a request to the work number to see all the data they have on you. You have this right under the Fair Credit Reporting Act (US). That's what I did.
In my case they said they don't have any records on me. I'm hesitant to beleive that, but I do have a written record of that statement in case it is shown to be false.