A March 23rd headline in the tech zine ZDNet caused a buzz on the blogosphere. It reads, “Facebook: Legal Action against Employers Asking for Your Password.” The article explained, “The social networking giant is considering using the law to protect its 845 million users.” The two legal routes being considered are: (a) getting politicians to pass a law barring employers from this practice and/or (b) suing employers who are asking you for your Facebook credentials.
At issue are those employers who demand an applicant’s Facebook password as a condition of employment. The password offers the employers at least two advantages. They can check for “dissolute” behavior, such as drunkenness, which is often documented in posted photos; and they can prevent employees from posting negative comments about the workplace or punish those who do.
On the demand for a password, I fall on what seems to be the majority side of opinion; I think it is a presumptuous request and an unethical breach of privacy. I am in the minority, perhaps, in also believing that such a demand is within the right of employers to make. As long as an offended applicant can walk out the door, no law is required.
Even on its surface, Facebook’s threat of legal action is bizarre, regarding both the threat to pass a law and to sue “erring” employers. A private company rarely announces its intention to pressure politicians into creating laws to its advantage; that smacks too openly of crony capitalism.
The possibility of a lawsuit — NOT!
The most likely grounds for a lawsuit would be breach of contract. Sharing a password violates Facebook’s “Statement of Rights and Responsibilities,” which states,
By using or accessing Facebook, you agree to this Statement.… You will not share your password, (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account.… You will not solicit login information or access an account belonging to someone else.
The party most clearly in breach of the agreement would be the Facebook user, however, and not the employer. Understandably, Facebook has little interest in suing users, on whose goodwill it depends. But a solicitation breach would only apply to employers who use or who access Facebook. In short, simply demanding a Facebook password does not constitute a breach. Even if the employer subsequently accesses Facebook — perhaps by having the applicant call up the page — it would be difficult to sue on the basis of an agreement to which the employer did not explicitly consent and of which he may not have had knowledge.
Perhaps Facebook could sue employers for tortious interference. This is the common-law tort or harm caused when one party (the employer) damages the business relationships of another (Facebook) by inducing a third party (the applicant) to breach a contract. There is a difficulty here as well. Each employer would have to be sued separately. The harm in these individual suits might well be seen as negligible, especially since Facebook receives no money from users and has a record of curing breaches by merely canceling the account.
No wonder a follow-up headline in ZDNet on the same day read, “Facebook: No Plans to Sue Employers Asking for Your Password.” The article further clarified, Facebook “currently has no plans to sue such employers” (emphasis added).
Two additional follow-up headlines in ZDNet may cast light on why Facebook is not favoring lawsuits.
- “Senator Vows to Stop Employers Asking for Your Facebook Password”
- “US senators: Investigate Employers Asking for Facebook Passwords”
A direct appeal to the political process may turn out to be a more effective business strategy for Facebook.
Facebook, passwords, and the law
As with lawsuits, the law on requiring passwords for employment is a gray area. According to the Associated Press, “The Department of Justice regards it as a federal crime to enter a social networking site in violation of the terms of service, but during recent congressional testimony, the agency said such violations would not be prosecuted.”
Democratic senators Richard Blumenthal and Charles Schumer have asked the Department of Justice and the Equal Employment Opportunity Commission to clarify whether it is currently illegal for employers to ask job applicants to provide their Facebook passwords. Clearly, they are searching for a law on which to hang this matter.
Two laws are in the spotlight: the Stored Communications Act, which addresses disclosure of “stored wire and electronic communications and transactional records” held by internet service providers; and the Computer Fraud and Abuse Act, which is meant to reduce the hacking of computer systems and address federal computer offenses. At a bare minimum, the senators claim that employers’ requests probably violate anti-discrimination laws, because the Facebook password could provide access to such information as religious and ethnic affiliations.
But, just in case the employer request is legal, the news site AllFacebook reports, “Blumenthal is already working on a bill that would prohibit employers and prospective employers from requesting access to Facebook accounts. And closer to Facebook’s turf, California State Senator Leland Yee, introduced similar legislation on Friday.”
It took less than a week for Facebook’s demands to echo in state and federal legislatures.
But how widespread is the employment practice that causes these senators to “snap to” in a hurry? An MSNBC headline advises, “Govt. Agencies, Colleges Demand Applicants’ Facebook Passwords.” The only agency mentioned was the Maryland Department of Public Safety and Correctional Services; indeed this department is cited in numerous articles decrying employer privacy violation.
A Yahoo! News report mentions a North Carolina police department that asked for social network information.
An Associated Press item mentions the City of Bozeman, Montana, and the sheriff’s departments of Spotsylvania County, Virginia, and of McLean County, Illinois. The only private company mentioned is Sears, which gives an applicant “the option of logging into the Sears job site through Facebook by allowing a third-party application to draw information from the profile, such as friend lists.”
CNet writer Charles Cooper asks,
So are we on the cusp of a descent into decidedly bad online practices on the part of corporations? [Maryland State Senator Ronald N.] Young did not have stats on hand to support such a notion. Neither did Blumenthal’s office. Ditto for the offices of La Shawn Ford, the state representative pushing an Illinois bill to prevent employers from forcing job applicants to give up their social-network passwords.
In fact, Cooper’s investigations uncovered a dearth of statistics and names of erring companies, especially non-governmental ones. He warns, “Anecdotal evidence isn’t proof of widespread behavior, but reports that some companies want job applicants to turn over Facebook passwords are going to spark a political grab-fest.”
The furor over employers who demand passwords of applicants may well be a tempest in a teapot. The media coverage paints a disreputable request as a human-rights violation, and a widespread one to boot. But even without statistics or other hard data, Facebook seems to pack the political clout to get laws passed. Certainly, legislatures have the political will to extend their control over any and every aspect of the Internet. Expect more legislation in the name of protecting your online privacy. Expect it to actually benefit big businesses and big government.