Facebook privacy's new test: employers prompt ire over password prying

Michigan is the latest state to pass a bill that prevents employers and schools from requesting login information for social networks. Governor Rick Snyder signed House Bill 5523 on Friday, saying that "potential employees and students should be judged on their skills and abilities, not private online activity." Anyone breaching the new law faces "up to 93 days in jail" as well as a $1,000 fine.

The fight to prevent California employers and universities from demanding your Facebook login as a condition of employment or enrollment officially ended on Thursday, as California governor Jerry Brown announced his signing of Assembly Bill 1844 and Senate Bill 1349. The two laws passed in the state Senate last month.

AB–1844 prevents employers from asking workers for social media usernames or passwords, or logging into social media in their presence. It also protects workers from employer retaliation in the case they fail to comply with these kinds of demands. And university students and employees are gaining new protections as well. SB-1349 provides the same rights to students (either prospective or attending) at the state's public and private postsecondary institutions. The bills mirror similar legislation passed in Maryland, Delaware, and Illinois.

The movement to stop employers from requiring applicants to give up Facebook or other social network passwords in order to conduct background checks is gaining momentum. The California State Assembly recently passed AB 1844, which would "prohibit an employer from requiring an employee or prospective employee to disclose a user name or account password to access social media." It was supported unanimously with a vote of 73 to 0 and now passes to the State Senate

The bill, which was introduced in late February, is one of several nationwide. In April, Maryland became the first state to prohibit the practice. A federal amendment was shot down, but members of Congress are lobbying the Attorney General to look into the practice, and other states have proposed similar legislation. The US Chamber of Commerce has apparently found 129 reported cases nationwide of employers potentially violating social media privacy. This bill wouldn't stop some practices — like asking an applicant to log in and show profiles to the employer or requiring them to friend an employer — but it would give workers a clearer idea of their rights when applying for a job.

Several reports surfaced recently about employers asking job applicants for passwords to Facebook and other social networks — Facebook quickly came out against this practice, and several states started drafting bills to prevent this sort of behavior. Now, Maryland has become the first state to pass a law banning employers from asking for social media passwords. The bill unanomously passed in the Senate last week and by a vote of 128-10 in the House; it now awaits signature by Maryland governor Martin O'Malley. While the Senate and House bills were voted on last week, they needed to be reconciled by the end of yesterday's legislative sessions to move on to await the governor's approval.

While this issue has gotten a lot of publicity recently thanks to an Associated Press report, Maryland's ACLU has been working since 2011 to get attention for Robert Collins, a Division of Corrections officer who was required to give up his Facebook password during a DOC re-certification interview. While Maryland is the first state to pass such legislation, it likely won't be the only one for long — Illinois and California have both introduced similar pieces of legislation, and senators from New York and Connecticut have both asked the US Attorney General to prohibit this practice.

An amendment to the FCC Process Reform Act seeking to bolster the agency's ability to protect workers' Facebook logins from nosy employers was shot down earlier this week. However, Congress's failure to pass the amendment isn't really a setback for online privacy — the Democrat-controlled Senate has expressed little interest in considering the Act, and the Obama administration has voiced its intention to veto it, meaning the amendment was a lost cause anyway. The addition was proposed by Democratic Congressman Ed Perlmutter, who argued that, armed with their employees' logins "employers essentially can act as imposters and assume the identity of an employee and continually access, monitor and even manipulate an employee’s personal social activities and opinions."

While the amendment not getting passed doesn't exactly amount to a setback, the battle to protect workers' online privacy from nosy employers is far from over. Senators have been busy drafting bills to outlaw Facebook login requests, and lobbying the Attorney General to consider if the practice violates existing legislation. Facebook itself has also come out against the practice, calling it "alarming," warning employers that it exposes them to legal risks.

US senators Chuck Schumer (D-NY) and Richard Blumenthal (D-CT) have both requested that Attorney General Eric Holder investigate claims that some employers have started asking job applicants for their Facebook login details. Specifically, the senators want to know if this practice would violate the Stored Communications Act (SCA) or the Computer Fraud and Abuse Act (CFAA) — the SCA gives fourth amendment-type protection to online communications, while the CFAA prevents intentional access to information stored on a computer without authorization. Blumenthal appears particularly concerned about this issue: only a few days ago, he started drafting a bill that would prohibit such requests. Schumer and Blumenthal also said they were drafting letters asking the Department of Justice and the U.S. Equal Employment Opportunity Commission to launch full investigations.

Schumer and Blumenthal aren't the only ones concerned with this potential privacy invasions — Maryland and Illinois are both reportedly considering bills that would prohibit potential employers from asking for Facebook credentials, and senator Leland Yee (D-CA) also plan to introduce a bill to ban this practice. This story is only a few days old, but the government has already been moved to action — we'll see how quickly laws that ban this practice are able to be put into effect.

A couple days after the Associated Press investigated employers asking job seekers for Facebook passwords in order to perform background checks, the social networking company has responded in a blog post. Facebook first and foremost reiterates its motto that "you should never have to share your password." The company also reserves the right to terminate your account if you solicit passwords from others (as stated in its Statement of Rights and Responsibilities), and says that you expose yourself to "legal liability" by doing so. Facebook elaborated:

If the thought of being asked by a prospective employer for your Facebook and Twitter login credentials makes you uneasy, you're not alone. Senator Richard Blumenthal has announced that he's working on a new bill that would prohibit the requests, pointing to the ban on workplace polygraphs as justification for outlawing the practice. The bill would also be structured to take the needs of existing employees into account, although Blumenthal says he's still examining the details.

Speaking to Politico, the senator described the requests as an "unreasonable invasion of privacy for people seeking work," adding that the bill would be ready "in the very near future." The senator is aiming to go beyond proposed legislation in Maryland and Illinois, claiming the practices under scrutiny "go beyond the borders of individual states and call for a national solution." It's worth noting that it's against Facebook's terms of service to give your password to someone else, and while the Department of Justice apparently believes violating these terms is a federal crime, it has said to Congress that it won't prosecute violations