

Montana city asks for social network logins on job application - rcoder
http://www.montanasnewsstation.com/Global/story.asp?S=10551414

======
pyre
The /. comments on this were rather good too. Points made:

1\. Most sites have a terms of service that says you will not give you login
information out to anyone else, or allow anyone else to login to your account.
So by requesting this information the City is asking potential applications to
violate a contract. Especially since they specifically mentioned Facebook and
this _is_ in the Facebook ToS.

2\. There are a lot of things that are illegal for employers to ask for
(sexual preference, groups that you belong to, ethnicity, etc) and most of
these things are present in someone's Facebook profile. So by requiring access
to Facebook, you are requiring them to hand over access to information that it
is illegal to require...

3\. Lots of people use the same password for multiple accounts. Their Facebook
password could be their online banking password. That puts an employer at a
HUGE liability if one of the employees breaks into this information to do some
identity theft. Even if some 3rd party gains access through another method,
you could be investigated as the possible leak and/or theif.

4\. By requiring users to provide this information (i.e. passwords to personal
accounts) you're only going to end up with employees that will easily give out
secure information. The vulnerability of your workplace to social engineering
attacks will go WAY up because anyone that would be smart enough to question
whether there really is a 'Bob from IT' that 'needs their password' are people
that wouldn't fill in their information into the application.

5\. Employers that do this open themselves up to possible lawsuits from people
for requiring information that no one will ever truthfully fill out and then
using it as some sort of 'we can fire you at any time because we know that you
lied on your application' carrot over someone's head.

Edit:

Also, I could give my Facebook login to this employer. Deface my Facebook
account, then claim that the company/ did it b/c the company had access to
that information.

------
tptacek
Hundreds of cities, dozens of departments in every one of them. Fifty state
government, hundreds of departments in each. Thousands of semi-independent
departments in the federal government.

You have to figure that just statistically, one of them is going to do
something stupid in hiring every once in awhile.

Is there are broader point to be made here?

~~~
Dilpil
To answer your quest: no, not really- but it is still important to name and
shame.

~~~
jm4
How about if the naming and shaming takes place at Reddit, Digg or any number
of other online communities where that sort of thing is not only acceptable
but encouraged? I, for one, would prefer not to see posts here whose sole
purpose is to point out the fact that someone working for a local government
in Montana made a mistake.

Besides, while this kind of practice may be particularly loathsome to us it
doesn't seem to be bothering the people filling out the applications. The
article says no candidate has withdrawn from consideration over the policy.
Further, when presented with an alternative method to check out profiles
without usernames and passwords they said they'd look into it. It seems like a
simple mistake made by someone who doesn't necessarily have the most acute
awareness of how social networking sites work.

------
Feynman
Not sure who's dumber -- the person working for the City that decides this is
actually a good idea, or the person applying for the job who actually gives
them their user name and password on the job application.

~~~
tptacek
If you're the kind of person applying for a municipal job in Bozeman, MT, it's
probably very smart to comply with this request. Which is why cities shouldn't
be making it.

~~~
menloparkbum
I miss Bozeman, MT, but this is one of the reasons I'll never be returning. I
guarantee that most of the population there doesn't see why this would be a
big deal. Drunk driving is a forgivable offense, actin' up on the internet is
not.

~~~
euroclydon
Really? I spend a summer working in Glacier Park, and I have a friend who
lives out there, but I just can't understand what aspect of "actin' up on the
internet" would be intolerable. Are they just trying to figure out if you're
some type of sexual freak or pervert, or what?

------
natch
I wonder if anyone is pointing out to them that the privacy violation goes
beyond the privacy of just the job applicant.

Friends and business associates of the job applicant also have privacy
expectations around content they intend to be viewable only by trusted
individuals.

~~~
dablya
FTA:

"You know, I can understand that concern. One thing that's important for folks
to understand about what we look for is none of the things that the federal
constitution lists as protected things, we don't use those. We're not putting
out this broad brush stroke of trying to find out all kinds of information
about the person that we're not able to use or shouldn't use in the hiring
process," Sullivan said.

~~~
natch
That's what I mean - by that quote you can see they still don't get it. He's
talking about "the person" (his words). There is more than one person getting
their private information reviewed. And the article says "The requirement
raises questions concerning applicants' privacy rights." So the reporter
doesn't get it either. It's not just affecting the applicant.

~~~
dablya
That quote is in reply to: "Another concern the applicant raised was that by
providing the City with a Facebook user name and password the City not only
has access to the applicant's page but also to the pages belonging to all of
the applicant's Facebook "friends.""

I think they get it just fine, they just don't care.

------
jerf
Tagentially related: I have actually been planning on putting some clarifying
information on any future resumes that I send out indicating where my website
is, where you can find some "jerf" postings, and which are _not_ me. I don't
even use Facebook and the last thing I need is to lose some job because some
guy with my same name is out there making ethnic slurs or something on a
Facebook page.

I'm actually surprised that we haven't seen a news story about that, perhaps
because if it happens you'll never know that's _why_ you didn't get the job.
As more people come on the Internet, the odds of your name or handle being
truly unique go down. The google results for "jerf" have gone from all me, all
the time in 1999, to a random hodgepodge of results, mostly courtesy of user
accounts on high-page-rank services I don't use that aren't me, oh, and _oi_
for that Urban Dictionary result. (That one was news to me. I could have gone
without knowing that one, even though I'm sure it's another of UB's crappy
"some guy somewhere used this word once and I'm going to put it on UB"
results.) And my real name's results have long since been cluttered by "not
me", some of which are even close enough to me to be confusing to a potential
employer due to technology interests.

------
smhinsey
Why is the password necessary? That's what I don't get. I totally understand
why a government agency would want to be able to see public information, but
this implies that they want to see what isn't public as well.

------
edw519
Sounds like an intelligence test. Anyone who would submit their password is
too dumb to work there.

~~~
eru
Or dumb enough..

