Proposed Bill Would Outlaw Facebook Account Access As Employment Requirement

Last night in class, we were discussing privacy issues, which is always a hot topic. Someone raised the very disturbing news that employers have begun to demand access to applicants’ Facebook profiles as a condition of considering them for a position. It seemed beyond the pale, but sure enough, the practice is spreading like wildfire according to a recent report by the AP. It shocks the conscience that employers would demand, not only to see their profile (which may have privacy restrictions for outsiders), but to demand full access to every minute detail. How much private information do you have in your profile? How many embarrassing photos that you have forgotten about might still be lingering? It’s enough to make your blood run cold.

Turns out, that prospect was enough to stir U.S. Senator Richard Blumenthal to action. The Connecticut Democrat is proposing a bill that would outlaw the practice as a violation of federal labor laws. In a statement, he compared the password requests to other banned practices, such as requiring polygraph tests. In response to arguments that providing the password was optional, he said that, “the coercive element of the request really makes it less than voluntary.” It’s not as if there are so many jobs out there that people can afford to pass up an opportunity to stand on their privacy principles, and as the market gets stronger, more people will return to the job search and the pressure to give in will only increase unless someone steps in to put a stop to it.

Some might argue that if you want a job, you shouldn’t put information on the web that might affect your chances of getting hired.  I don’t think it’s that simple. I could have all kinds of things that I wouldn’t want my employer to see in my house, but he doesn’t get to ask for the keys to my house in exchange for a job, nor should he have the right to ask what private organizations or clubs I belong to if they don’t affect my work performance. I’m not an employment lawyer, but that just seems wrong to me. It’s one thing for companies like Google and Facebook to erode people’s privacy, but something very different when it’s your employer.

Interestingly, the AP story briefly mentions that it’s a violation of the Facebook Terms of Service to access another person’s account–even with that person’s permission–and that doing so violates federal anti-hacking laws, but they buried it way down in the story and devote only two lines to it. In case you weren’t aware, the Computer Fraud and Abuse Act makes it illegal to access an online account in a way that violates the Terms of Service contract formed between the user and the service provider. According to the blog of a colleague of mine here in Minnesota,

The U.S. Department of Justice asserts that § 1030(a)(2) of the Computer Fraud and Abuse Act is broad enough to permit the government to charge a person with a crime for violating the CFAA when that person “exceeds authorized access” by violating the access rules of a Web site’s Terms of Service contract or use policies.

Granted, government attorneys say they don’t have time or the resources to go after every TOS violation, but that won’t stop prosecutors if they really want to nail you for something else you did.  The district attorney tried to use the CFAA to throw Lori Drew in jail when none of the regular harassment charges stuck. Even though that conviction was overturned on appeal, other cases have emerged in recent years such that Congress has considered making changes to the law, but it’s really up in the air at the moment (read more about that at Volokh Conspiracy, if you really want to get into the nitty gritty).

So, until this new law passes, if you get asked for your Facebook password at your next job interview, and you’re feeling particularly bold, you could consider gently advising them that they might want to ask their general counsel to look into TOS violations and the CFAA and see if they back down.

UPDATE: Click here for Facebook’s response to this issue. It’s definitely on the side of user privacy and raises other points I hadn’t considered. I think we can safely assume that their lobbyists will be fanning out across the country to get laws in place that stop this practice very soon.

UPDATE 2: It also should be mentioned that any employer who views a Facebook or other SNS profile might come across a number of pieces of information that are considered protected under federal and state anti-discrimination laws.  These include factors like age, sex, race, national origin, religious affiliation, pregnancy, and sexual orientation. As it stands, employers are forbidden from inquiring about this information and also from asking questions that would reveal it indirectly. I’m not a specialist in employment law by any means, but one of my students of mine who works for an employment law firm indicated that, according to the attorneys she works for, merely viewing a person’s Facebook profile during the employment process could be used as prima facie evidence of discrimination in a lawsuit. Because those suits are frequently based on circumstantial, he-said-she-said evidence, the heptupal-whammy of information that is typically front and center in a person’s profile would make it very difficult to defend against. Another student mentioned that her employer, which is a local Fortune 500 company, forbade all hiring personnel from viewing any candidate’s SNS profile to avoid that undesirable scenario.

So, there you have it.  Viewing profiles is a terrible idea if you’re looking for candidates. No matter how helpful it might be to know whether your candidates are drunken slobs on the weekend, the risks of lawsuits and federal prison should outweigh any of those perceived benefits. Stick to interviews like they did in the old days. If you can’t figure out if the candidate is worthy, maybe you shouldn’t be the one doing the hiring…

About Justin Kwong

An attorney in the Twin Cities and adjunct professor at William Mitchell College of Law where I teach a seminar on the law of virtual worlds.
This entry was posted in Legal Developments, Legislation, Litigation, Privacy, Rights and Civil Liberties. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s