Prosecutors in the Lori Drew case contended that violating a web site’s terms of service could be a federal felony. This contention was rejected by the court, but it was seriously advocated by the prosecution and, if I recall correctly, the US Justice Department.
Just as a point of reference, I was just talking about this issue with a friend who is a career counselor. She has helped thousands of people go through the job search process. And she says that she hasn’t heard of anyone who actually had to reveal any Facebook passwords. So it’s really not a common thing.
The only cases specifically mentioned in the news stories seem to be certain police agencies.
That said, I’m glad that Facebook and Congress are both coming out against the practice.
This sounds bogus. In my company, telling another person your password is a firable offense. I can’t imagine HR would ever ask someone to divulge a password for anything.
If I were asked to divulge a password in an interview, that would be the end of the interview. I would not work a company that asked this. This means they are scumbags.
A college friend of mine was working there when, in his early 20s, he had emergency brain surgery because of some kind of defective blood vessel, which burst and basically left him functioning like someone who’d had a stroke. (Poor guy was the picture of health otherwise - did hundred-mile bike rides for fun, and it was REALLY out of the blue.) He said he had to do a lot of explaining about his bizarre hairstyle while the hair grew back over the chunk of skull they’d had to remove for the emergency brain surgery. Between that, and the slurred speech…
Unless Multimegacorp has a Facebook account of their own, right? And then wouldn’t the HR person be acting as an authorized agent of Multimegacorp, and thus the company (as a corporate person, of course) be violating the TOS?
Ideally, such requests should be considered an attempt at illegal hacking (via social engineering), and punished as such under the computer-crime laws.
You don’t have to sign any contract to be subject to the laws that say you’re not allowed to gain, or attempt to gain, unauthorized access to computer files. (It’s still unauthorized if you ask for a password from someone who isn’t supposed to give it to you; otherwise, hackers who used the social-engineering approach instead of directly applying cybernetic black arts would get off scot-free).
Sounds like this might give you an opening for leverage. Given that there’s a good chance that the prospective employer will have their own facebook presence. Reporting the actions could get their account suspended and ultimately deleted.
Admitted, they shouldn’t be asking in the first place. And legislation directly prohibiting it is probably the best solution. But the low level aggravation might convince some companies to abandon the procedure in the interim.
This is interesting.
I don’t think I agree, but I might not be seeing it.
Most social engineering techniques I know of involve fraud. That is, you pretend to have authorized access and convince someone to give you credentials. Merely gaining valid credentials does not mean you have permission to use the system. So a social engineering hacker that got valid credentials could not claim his access was authorized.
But if you are told that you have access, then I think your access is authorized.
If my company, which has a computer network but no defined policies or rules of behavior, gives me a user name and password to access the company intranet, and I give those credentials to my friend and tell him he can use them to take a computer-based training class hosted by my company…is his access unauthorized?
But now let’s say that my friend knows my company has a policy forbidding the sharing of user names and passwords. Does his access become unauthorized?
Finally, do the laws you mention apply when a company’s TOS are violated? I know prosecutors tried that argument in the Lori Drew case, but the court rejected it. What examples were you thinking of?
Yup. If the company has a Facebook account, they are violating Facebook TOS by doing this, I feel sure.
Wait a minute. Isn’t it against Federal law to open other people’s mail, unless it’s your job to do so, e.g. a secretary or administrative assistant?
Yes it’s illegal, but that’s not covered under the Bill of Rights. It’s under 18 U.S.C. § 1703 : US Code - Section 1703: Delay or destruction of mail or newspapers.
Bricker:
In your opinion, can an applicant be compelled by an employer to revealed protected class information (age, sex, race, religion) that is on his Facebook page?
Unfortunately I would think people who are out of work and getting poorer by the hour would be more motivated to make some money than protect their privacy.
I’m against the idea of sharing your login, but who owns your Facebook login information, you or Facebook? It’s your e-mail address, it’s a password you made up. Who owns your Facebook data, your list of friends, etc? It seems that it would be your information to share if you choose, regardless of what format it’s in. And in spite of the Facebook TOS I don’t see any way Facebook could know it’s not you logging in, unless they see a large number of logins from the same HR terminal at Acme Corporation.
I’m not sure what you mean by “compelled.” Can the prospective employer ask to see his Facebook page, and refuse to hire the applicant if he refuses, even though the Facebook page contains information pertaining to the applicant’s age, sex, race, and/or religion?
I think so, yes. But it would seem to be a foolish move for the same reason that asking those questions is foolish: that because basing hiring decisions on those factors is illegal, the best interview practice is to never ask such questions. Indeed, they’re often reported as “illegal interview questions,” but so far as I can determine, there is no law forbidding the questions themselves; the law forbids basing hiring on the answers and allows a presumption that if you ask the question, you want to know the answer and consider it relevant.
The Facebook thing isn’t as clear-cut, though, because presumably you want to check out other things in Facebook, and are getting the protected class information by accident.
By analogy, as an employer you cannot based a hiring decision on the applicant’s family situation. So you shouldn’t ask if a female applicant has children. But you can ask about a gap in employment, even if the result is that the applicant answers that she took the time off when her children were born.
rachelellogram’s got it. Yes, it’s against federal law, but no, the Fourth Amendment isn’t involved.
So the prospective employer can’t base a hiring decision on the applicant’s age, but they could ask to make a copy of the applicant’s driver’s license, ostensibly to confirm their identity, and gain their date of birth as collateral information?
No. Ford Motor company did the ame thing in the 20s and 30s, and Electronic Data Systems as founded by Ross Perot did, too. I worked for EDS during the GM years, and had to put up with it. I also walked out on them because of it.
FWIW, Ross worked for IBM when he started EDS, and IBM was the inspiration for EDS’ in loco parentis policies.
A company requiring your Facebook password in an interview is certainly one that doesn’t respect you, would you want to find that out the hard way a few years later from any number of scenarios?
teacher fired in Michigan for not turning over password.