

Your Facebook password should be none of your boss' business - twentysix
http://www.aclu.org/blog/technology-and-liberty/your-facebook-password-should-be-none-your-boss-business

======
mirsadm
This is a great "I don't want to work here" filter. If I was asked for my
password during an interview I would probably leave. I can easily afford to do
that because there is such a demand for software engineers (and I'm not even
looking!). Unfortunately for others who aren't in the same position I think it
is absolutely disgraceful for some stranger to go through your personal stuff
just to get a job.

~~~
seancoughlin
Yeah, the unequal bargaining power between the company and the candidate is a
real problem. Even if the company makes providing the access information
optional, there's still a kind of invasive coercion happening.

That said, companies have been requiring that applicants submit credit reports
for a long time, so the idea that there's a bright line between what's
"private" and what's "public" when it comes to employment isn't quite right.

~~~
mirsadm
I once worked for a company that did a lot of military contracts. They would
ask some of us to get security clearance to be able to work certain projects
(and enter the 'secret room'). It was still optional and I never felt it
pushed on me even though it would have had career benefits. I opted out
because the requirements and paperwork were nuts and part of the deal was that
the government would potentially track whenever you left/entered the country
and a whole bunch of other things.

I thought this was a really nice way of letting your employees have a choice
even though in this particular case they probably could have forced everybody
to do it. Now you have companies which do not really need to have this
personal information asking employees for it. Here's the thing though. If my
employees had lots of nasty things to say about my company then my reaction
wouldn't be to stop them by monitoring everything they do. Wouldn't you want
to try and fix the problem?

------
mdkess
If I ever had someone demand this, I would update my account to show my sexual
orientation as homosexual, my religion to Islam, and my political views to
whatever the opposite of my boss's were. Then if they ever tried to lay me
off, or not give me a raise, I would point out that the only useful
information they possibly could have gotten from demanding my Facebook account
were these protected statuses.

~~~
ahi
Of the three listed, the only one that is actually protected in the United
States is religion. In the vast majority of the United States you can be fired
for being gay or a republican. If you work for a labor organization in the
United States, you _have_ to be fired for certain political views and
organisational memberships (the left-wing variety).

~~~
mdkess
On a federal level yes, but many states (including New York and California)
have protection against sexual orientation. I'm surprised to learn that
political affiliation is not protected.

~~~
wisty
Colorado is possibly the best, protecting "any lawful activity".

------
jiggy2011
I wonder what the implications would be if facebook introduced a feature that
allowed a potential employer to "buy" temporary access to a potential
employees facebook data?

For example you apply for a job somewhere and the next time you log into
facebook you get a message that reads something like.

"InitTech PLC has requested read only access to your account for 48 hours,
please be aware that compliance with this is a condition of employment with
InitTech PLC Allow/Deny"

~~~
personlurking
Not to highjack the topic but I also read the IRS uses social media profiles
to see if you are living above your means.

Something slightly similar to your "temporary access" theory happens if you
owe the IRS even a small amount of money. They enter your bank account to
seize cash and the bank charges you $100 for the inspection/invasion.

As for the topic at hand, I don't see why one cannot simply say they have no
Facebook account. Since FB began, there have been more years of myself having
no account than there have been of having one (meaning I'm a serial "account-
deleter").

~~~
jiggy2011
You could say you had no account , but if they later found that out to be a
lie it could be used to dismiss you as you lied during your application.

~~~
homonculus
What if you created an account after being hired, or had plausible deniability
to that effect? Would you be obligated to inform your employer whenever you
manage other social media accounts?

The implications of this are terrifying. I'm glad that organizations like the
ACLU are on this, because if corporations can set a precedent for this sort of
privacy invasion, we're screwed to the nth degree.

~~~
jiggy2011
It depends what their purpose is in doing this.

If it is simply a screen to avoid applicants who would be massively unsuitable
, membership of extreme political parties or heavily into drugs etc then
perhaps not.

Otherwise you might need a form from HR for each social network you join.

The way I imagine this will play out in practice is that you will get
companies who are "social reference agencies" or similar.

They will have special privileges with facebook etc and will be hired by other
companies to screen applicant based on a number of factors and will produce a
report for the client company that probably wouldn't contain any specific data
etc but simply screen for any "red flags".

------
MRonney
Is there a list somewhere of the companies that do this? If i knew a company
required it's applicants to do this, i would be much less likely to shop
there.

------
imgabe
My idea of an appropriate response to this:

Interviewer: Ok then, we'll just need your facebook login information and
we'll be all set.

Applicant: Sure thing, but first I'll need a key to your house.

Interviewer: What? Why?

Applicant: I'd like to go in when you're not there and rummage through your
stuff, to make sure you're the kind of person I want to work for.

------
dreamling
I think the whole topic is silly.

If your potential employer asked you for passwords to your bank accounts,
stock managers or asked you to hand over your journals, why would you comply?

I know the job market is still tough out there for people, but why would you
want to work for a company that won't trust you based on your face to face
interview, the documents you submit, your references and a due diligence web
search?

Were people compelled to give out their AOL passwords for jobs in the 90's?

~~~
ap22213
I agree, the topic _is_ silly, because most US workers are 'at-will' and can
be fired at any time, for any reason. Many people don't know this or don't
believe this. Unless you re under specific contract, or live in a few states
with employment rights, your boss may fire you just because they didn't like
how you type on the keyboard.

Recently, I was watching an episode of Mad Men with a friend, and one of the
characters abruptly fired one of their employees. My fried was aghast and was
glad that 'that behavior couldn't happen today.' Well - it can and does happen
today.

Last year I worked for a start-up owned by a friend. Before coming on-board, I
had agreed verbally on an equity sharing deal. I didn't put anything in
writing because I trusted the guy; I knew him for years. The red flag was that
he kept waiting for a certain 'favorable legislation to be enacted' before
splitting up the corporation. Well, when business started picking up, I
reminded him emphatically about the equity, and then I was abruptly fired.
Naively, I was shocked that it could happen like that. But, every attorney I
called said I was out of luck.

Anyway, the point is that employers can probably ask you to do anything they
want, that isn't explicitly denied by law. So, it makes sense that they may
fire you for not sharing passwords.

~~~
goostavos
How serious is this Facebook business? I personally do not have one, in this
day, is this an actual barrier to getting a job? _Not_ being part of a social
website?

Either way, employers asking for a password to anything feels insanely slimy.

~~~
ssmall
I've got a feeling its a few marginal cases of completely terrible employers
who are doing it and it makes a good news story.

------
nekojima
Facebook is such a small part of my online activities that its almost
inconsequential. But I would still object to the request as inappropriate on
the grounds of personal security (which I prefer to cite over privacy).

I'd be much more concerned if they asked for my userids & passwords for email
accounts, Skype, MSN, IRC, domain names and 'Hacker News' (especially if they
just went by the name & not the content)!!

------
nextparadigms
Facebook should try and do something about this, because it's in their best
interest. If this keeps going, people will either simply quit Facebook, or
start making mock-accounts to show to the employees.

~~~
elithrar
> Facebook should try and do something about this, because it's in their best
> interest. If this keeps going, people will either simply quit Facebook, or
> start making mock-accounts to show to the employees.

What can Facebook do? At best, they can lobby the Government and/or employment
regulators in an attempt to bring this practice to light and make requesting
passwords and access to private accounts illegal. It's a very indirect method
and may not change things now, tomorrow or even next month.

------
lucb1e
I would set up a fake Facebook account if I were very desperately in need for
a job. Or just say I don't have one, which is true at the moment. Otherwise,
No and Goodbye.

Sharing my password, any of them, is simply totally unacceptable. No way. I'm
not giving them the key to my front door either am I? Or my ID card with my
boss' face on it so that he can impersonate me, because that's also what this
is (though that probably won't happen, so they key example is better, but that
doesn't make this less true).

------
lukejduncan
Is this really becoming common? I agree that it's absolutely wrong, but, every
headline I've seen gives the impression this is becoming a common practice.
I've never heard of it actually happening anywhere but the few cases cited in
the articles.

~~~
lambersley
I've never asked a candidate for their password, that to me is ludicrous. I do
however (~90% of time) 'google' the person by "name" and location. I
understand that a candidate's personal life can be very different from their
professional life, but the two are connected by a single thread called 'self'.
I really could care less about political affiliations, religious beliefs,
sexual orientation and the like. However, drunken photos posted Monday at
17:45 or status like "called in sick today, off to the beach" could be
insightful in the kind of person I'm considering to hire.

Employers should not request access to candidates' social media outlets, just
as they do not request to spend a weekend with me to observe my habits.
Candidates, on the other hand, need to ensure their online presence is
something they are proud of (and happy to defend) if seen by friends, parents,
clerics and potential employers, IMHO.

~~~
jiggy2011
_Candidates, on the other hand, need to ensure their online presence is
something they are proud of (and happy to defend) if seen by friends, parents,
clerics and potential employers, IMHO._

The problem is that this is difficult, especially for younger people.

I've had various online aliases over the years, most of which have been
abandoned because they no longer reflect me at all.

Let's say you were 16-18 and naive and got roped into some extreme political
or religious cult group (this didn't happen to me btw). You might post all
kinds of things and at the time you would probably be totally convinced that
these were things you would be happy to share forever.

Basically, we need to tell kids "don't post anything online under your real
name unless you would be happy to tattoo it onto your forehead"

~~~
ianferrel
> Basically, we need to tell kids "don't post anything online under your real
> name unless you would be happy to tattoo it onto your forehead"

And even that's probably not enough. Look at all the people who regret tatoos
they've gotten. We're simply not very good at predicting how our lives or
perspectives may change over time.

------
pasbesoin
As I saw commented elsewhere, giving up your password / access to another
person appears to be a pretty clear violation of Facebook's TOS (terms of
service). So, my first response might be to ask whether they are soliciting me
to breach a legal contract that I've entered. (I'll leave my thoughts on the
actual legality or interpretation and reasonableness of claimed legality on
the part of the service provider, here Facebook, as a separate question for
another time.) At a minimum, this might be enough to ensure e.g. that the
unemployment agency decides in my favor with respect to unemployment
insurance, if things happen to go that way.

I also recall another comment where someone pointed out that their friends on
Facebook have an expectation of privacy in their own communications and that
s/he will not compromise (betray) that expectation. That seems to me to be a
pretty clear ethical argument. As a reasonable person, I would have a hard
time challenging the ethics of such a response.

Finally, personally, I agree with other comments here, that the access and
information is none of their business.

What perhaps some (not all) in the preponderance of relatively privileged
professions represented on HN may not fully realize, is that for many people
in the workforce there is effectively little or no choice. Jobs -- especially
with decent pay and benefits -- are hard to come by, and many do not have the
financial means to risk an episode or continuance of unemployment.

For the sake of those people, as well as ourselves, we need to band together
in opposition to this behavior. Even for ourselves, if the practice becomes
commonplace, that sets a precedent that may subsequently box us in.

~~~
jchrisa
I'm not a lawyer, but my guess is that if you could get a request like this in
writing, the right lawyer would be able to get you a hefty settlement under
existing law. Just guessing, but I'd be surprised if it's legal to ask
prospective employees to engage in unlawful activities as a condition of
employment. As mentioned before, sharing your Facebook password is illegal.

~~~
grecy
I'm certain that anyone asking to snoop through your Facbook knows they are
doing something "wrong" - maybe they don't understand the full implications,
but I'm sure none of them would be stupid enough to put the request in
writing.

~~~
sounds
Anticipate the next time the boss "reminds" you to give him your password, and
have your phone recording when it happens.

In many US states, it is legal to record a conversation if one of the parties
is aware (i.e. if you are recording a conversation in which you are a
participant).

I'm uncomfortable with doing this in normal circumstances, since it's a pretty
manipulative way of getting a recording of someone. But if you're getting
abusive requests from your employer and (I agree) you're not likely to get it
in writing, this seems like the appropriate response.

------
mathiasben
Is there anything in facebook's terms of service that would permit their users
to share login info with third parties?

~~~
jchrisa
Agree. It might be a crime to comply with this request. Given that it can be a
crime ("hacking") to break TOS. Catch-22

Update: 2 of the comments on the ACLU article say this also. I'm surprised
this line of reasoning isn't more prominent on the issue.

~~~
_mayo
Would it be considered "hacking" if you where "willingly" providing your
password to them?

~~~
dangrossman
Accessing a computer system without authorization is a crime. Facebook is the
only entity that can dictate the terms of lawful access to Facebook systems.
If Facebook's terms dictate that you cannot access their systems using another
person's credentials, then doing so is unauthorized and unlawful. I don't know
how well that would hold up to the various appeals processes, IANAL, but there
seems to be some case law supporting it for now.

~~~
_mayo
gotcha, I didn't think about that.

------
hydian
A company asking for this potentially opens themselves up to a huge amount of
legal liability since a typical Facebook profile can contain an enormous
amount of data that they are not allowed to ask during the interview process.

------
Zikes
Isn't this illegal during the interview process since Facebook reveals
practically every protected status?

~~~
wisty
IANAL, but I don't think it's illegal per say. It's just illegal for the
company to consider protected things
([http://en.wikipedia.org/wiki/Employment_discrimination_law_i...](http://en.wikipedia.org/wiki/Employment_discrimination_law_in_the_United_States)).

However, if it's a civil matter (i.e. you sue), then you just need "balance of
evidence", not "proof beyond reasonable doubt". You'll try to prove that it
was a factor, and they'll try to prove that it wasn't. You might argue that at
this stage you're be neck and neck with the other candidates (having passed
the previous filters), and it's just going to come down to a "gut feeling"
from the hiring manager - so they will almost certainly be swayed by anything
which they might dislike on your Facebook page. I've a feeling it would be a
horrible case to try to defend against.

There's valid reasons for demanding Facebook login details, but if I were an
employer I'd use a trusted third party to look for me, and only report things
which have been cleared by a legal team. When the Australian government does
security vetting, this is how it works - security personal do all the vetting,
keep everything private except the "security clearance passed / failed", and
can get thrown in prison if they let the wrong information out.

~~~
Drbble
Aside: "per se". It's Latin.

------
RandallBrown
If someone asked me for my facebook password I would ask for theirs. If they
think it's important to see my personal information, they should be fine with
me seeing theirs.

~~~
reinhardt
If I had a facebook and someone asked me for my password I would laugh in
their face, as if they had delivered the most deadpan of punchlines.

------
mhartl
This issue isn't an _ought_ , it's an _is_. Every job is a negotiation, and if
your negotiating position and skills are good enough then you won't have to
comply with your boss's request for your Facebook passoword. Otherwise, you
will.

------
toddnessa
It definitely crosses the line to ask or require your employees to access
their private information. In cases such as this, employees are being treated
more like company property than as free individuals. That's not cool.

------
mrpollo
Instead I would advice them to buy me a beer or two I bet they will get to
know more of me than by watching all of those imgurl links I cross post from
reddit.

------
MRonney
I worked at a social media marketing agency for a few months, when I went out
of town I gave my manager my login information because my clients would
sometimes direct message me instead of email (annoying). A few weeks after
returning, some of my new messages would already appear open, and Facebook
asked me if I logged into my account from a PC ( NEVER!!) at a different
location than normal ( near my managers house). I was upset and went to her
boss, they said she was just doing her job and that she had every right to
check up on company communication.

~~~
brown9-2
You gave them access to your account, and were surprised they used it?

~~~
tedunangst
I think the expectation was that the company would stop checking the account
after his return, but failing to change your password was a big mistake.

------
rbarooah
How is this different from asking for your Gmail password?

------
jostmey
If I had a boss who ever asked me for my facebook password, I would first
change my password to a string of about 100 random numbers and letters. Here
is an example:

sd0w34hd8yjddghaJHj323HDa6GassGa79AsSFlk889FfSDFGd8AS78

Then, I would print this password out on a sheet of paper and give it my boss.

~~~
eru
No, you wouldn't.

Because either you stand up against that company policy and show some spine,
or if you are more worried about your job than your dignity, you wouldn't dare
dream of ticking your boss off.

Unless you don't really want the job, and only want to give your potential-
future boss access to some juicy information, so that you can sue him easier
later on for discrimination against you; and want to have some fun in that
process.

~~~
jostmey
If my boss could not accept my personality traits, then that company is not
the right fit for me and I for it.

~~~
eru
Yes, that's what I meant. And if you don't want to work for them, why give
them the password in the first case?

------
sneak
The argument can be made (at least in our industry) that someone who uses
Facebook isn't someone you'd want to hire, anyway.

~~~
jcurbo
I don't follow - are you saying you would not want to hire a software engineer
that uses Facebook?

