by David Cohen
Facebook is mounting a strong resistance against the trend of employers and others forcing users of the social networks to surrender their passwords, and the company has found in ally in U.S. Senator Richard Blumenthal, a Connecticut Democrat.
Blumenthal told Politico he is working on a bill that would prohibit employers and prospective employers from requesting access to Facebook accounts, comparing the process with polygraph tests, calling it an “unreasonable invasion of privacy,” and saying:
I am very deeply troubled by the practices that seem to be spreading voraciously around the country. The coercive element of the request really makes it less than voluntary.
The senator told Politico the bill would be ready “in the very near future,” adding that companies have “a lot of ways to find out information” about potential hires, and that his bill would not prevent potential employers from seeking out other online information about applicants that is publicly available.
Facebook Chief Privacy Officer Erin Egan also issued a strongly worded statement condemning the attack on passwords:
In recent months, we’ve seen a distressing increase in reports of employers or others seeking to gain inappropriate access to people’s Facebook profiles or private information.
This practice undermines the privacy expectations and the security of both the user and the user’s friends. It also potentially exposes the employer who seeks this access to unanticipated legal liability.
The most alarming of these practices is the reported incidences of employers asking prospective or actual employees to reveal their passwords.
If you are a Facebook user, you should never have to share your password, let anyone access your account, or do anything that might jeopardize the security of your account or violate the privacy of your friends. We have worked really hard at Facebook to give you the tools to control who sees your information.
As a user, you shouldn’t be forced to share your private information and communications just to get a job. And as the friend of a user, you shouldn’t have to worry that your private information or communications will be revealed to someone you don’t know and didn’t intend to share with just because that user is looking for a job. That’s why we’ve made it a violation of Facebook’s Statement of Rights and Responsibilities to share or solicit a Facebook password.
We don’t think employers should be asking prospective employees to provide their passwords because we don’t think it’s the right thing to do. But it also may cause problems for the employers that they are not anticipating.
For example, if an employer sees on Facebook that someone is a member of a protected group (e.g., over a certain age, etc.), that employer may open themselves up to claims of discrimination if they don’t hire that person.
Employers also may not have the proper policies and training for reviewers to handle private information. If they don’t — and actually, even if they do — the employer may assume liability for the protection of the information they have seen or for knowing what responsibilities may arise based on different types of information (e.g., if the information suggests the commission of a crime).
Facebook takes your privacy seriously. We’ll take action to protect the privacy and security of our users, whether by engaging policymakers or, where appropriate, by initiating legal action, including by shutting down applications that abuse their privileges.
While we will continue to do our part, it is important that everyone on Facebook understands that they have a right to keep their password to themselves, and we will do our best to protect that right.