US senators: Investigate employers asking for Facebook passwords

US senators: Investigate employers asking for Facebook passwords

Summary: Two U.S. senators are calling on the U.S. Department of Justice and the U.S. Equal Employment Opportunity Commission to investigate employers asking for Facebook passwords.


Update: Petition: Investigate employers asking for Facebook passwords

New York Senator Charles Schumer (pictured right) and Connecticut Senator Richard Blumenthal, both Democrats, are planning to ask the U.S. Department of Justice (DOJ) to investigate whether employers demanding access to Facebook accounts are violating federal law, the lawmakers said today. Attorney General Eric Holder will thus have to look into whether such employers are violating federal law. The two U.S. senators are also asking the U.S. Equal Employment Opportunity Commission (EEOC) to examine the practice.

More specifically, the duo wants to know if this practice violates the Stored Communications Act or the Computer Fraud and Abuse Act. The former prohibits intentional access to electronic information without authorization and the latter bars intentional access to a computer without authorization to obtain information.

"Employers have no right to ask job applicants for their house keys or to read their diaries – why should they be able to ask them for their Facebook passwords and gain unwarranted access to a trove of private information about what we like, what messages we send to people, or who we are friends with?" Schumer said in a statement. "In an age where more and more of our personal information – and our private social interactions – are online, it is vital that all individuals be allowed to determine for themselves what personal information they want to make public and protect personal information from their would-be employers. This is especially important during the job-seeking process, when all the power is on one side of the fence. Before this disturbing practice becomes widespread, we must have an immediate investigation into whether the practice violates federal law – I'm confident the investigation will show it does. Facebook agrees, and I'm sure most Americans agree, that employers have no business asking for your Facebook password."

"I am alarmed and outraged by rapidly and widely spreading employer practices seeking access to Facebook passwords or confidential information on other social networks," Blumenthal said in a statement. "A ban on these practices is necessary to stop unreasonable and unacceptable invasions of privacy. An investigation by the Department of Justice and Equal Employment Opportunity Commission will help remedy ongoing intrusions and coercive practices, while we draft new statutory protections to clarify and strengthen the law. With few exceptions, employers do not have the need or the right to demand access to applicants' private, password-protected information."

Blumenthal is the senator drafting legislation to stop employers asking for your Facebook password. He believes the law is required to stop what he has previously called an "unreasonable invasion of privacy."

Facebook on Friday stirred up quite the storm when it outlined how it wants to protect its users from employers demanding access to their accounts. The company said it is looking to create new laws as well as take legal action wherever necessary. The company did clarify, however, that it currently has no plans to sue employers.

Here are the letters the two senators sent to the DOJ and EEOC:

Dear Attorney General Holder,

We write concerning reports in the media that some employers are requiring job applicants to provide their usernames and passwords to social networking sites like Facebook as part of the hiring process.

We urge the DOJ to investigate whether this practice violates the Stored Communication Act or the Computer Fraud and Abuse Act. The SCA prohibits intentional access to electronic information without authorization or intentionally exceeding that authorization, 18 U.S.C. § 2701, and the CFAA prohibits intentional access to a computer without authorization to obtain information, 18 U.S.C. § 1030(a)(2)(C). Requiring applicants to provide login credentials to secure social media websites and then using those credentials to access private information stored on those sites may be unduly coercive and therefore constitute unauthorized access under both SCA and the CFAA.

Two courts have found that when supervisors request employee login credentials, and access otherwise private information with those credentials, that those supervisors may be subject to civil liability under the SCA. See Pietrylo v. Hillstone Restaurant Group, 2009 WL 3128420 (D.N.J. 2009); Konop v. Hawaiian Airlines, Inc., 302 F.3d 868 (9th Cir. 2002). Although these cases involved current employees, the courts’ reasoning does not clearly distinguish between employees and applicants. Given Facebook terms of service and the civil case law, we strongly urge the Department to investigate and issue a legal opinion as to whether requesting and using prospective employees’ social network passwords violates current federal law.

Dear EEOC Chair Berrien,

We write concerning reports in the media that some employers are requiring job applicants to provide their usernames and passwords to social networking sites like Facebook as part of the hiring process. By requiring applicants to provide login credentials to social networking and email sites, employers will have access to private, protected information that may be impermissible to consider when making hiring decisions. We are concerned that this information may be used to unlawfully discriminate against otherwise qualified applicants.

Facebook and other social networks allow users to control what information they expose to the public, but potential employers using login credentials can bypass these privacy protections. This allows employers to access private information, including personal communications, religious views, national origin, family history, gender, marital status, and age. If employers asked for some of this information directly, it would violate federal anti-discrimination law. We are concerned that collecting this sensitive information under the guise of a background check may simply be a pretext for discrimination.

We strongly urge the Commission to investigate and issue a legal opinion as to whether requesting and using prospective employees’ social network passwords violate current federal law.

Update: Petition: Investigate employers asking for Facebook passwords

See also:

Topic: Social Enterprise

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • OTOH, if an employee is using a corp PC during work time.

    For Facebook activity then there is an issue. If for corp business then OK. If not then it is theft of services. When there is doubt it can be cleared up by inspection. Let's say an employee is a child molester on corp time. Easy, call feds. Now say that said employee is giving away corp secrets to competitors. Different picture.
  • What dust?

    I heard a guy got killed yesterday when he accidentally stepped between Senator Charles Schumer and a camera.

    Near as I can tell, every specific instance of this happening -- where "specific" means the employer was actually identified -- involved a public agency. So here we have government grandstanders writing to a government agency telling them they should investigate a bunch of government agencies.

    Honk if you hear a broom sweeping under the rug.
    Robert Hahn
  • Not sure what the problem is here.

    The basic scenario in question is as follows, during job interview process, hiring manager/interviewer requests the applicant surrender their Facebook user id and password. If the applicant fails to do so, they lose the job. If they do surrender their password, the company uses this information to see what the applicant has as followers, groups followed or member of, contacts, etc. After the company receives the id and password (or after they actually use it) and Facebook finds out, Facebook sues the company that requested the applicants id and password.

    What is the problem again?

    For the record, I am not a fan of Facebook! They said a few days ago in a news interview that they would sue any company that used surrendering ones Facebook ID and password as a requirement for job application (and this does not even guarantee the applicant will actually receive the job offer after surrendering the password).
    • Nobody wants this

      Facebook does not suffer harm in your scenario. The job applicant might, but not Facebook. Therefore Facebook has no standing to sue the employer.

      Facebook might well have standing to sue the job applicant, because the applicant broke the terms of the Facebook terms of service contract when he or she shared the password with someone else. I doubt they will ever do that. But neither will they ever sue one of the employers... they can't. That's why they have since issued a re-statement to the effect that they have no plans to sue any employers.
      Robert Hahn
      • Of course they do

        "[i]Facebook does not suffer harm in your scenario.[/i]"
        If this practice is ruled "Legal", people will stop signing up to Facebook, therefore they lose profits (ad sales).
        This would also apply to similar sites.
      • lehnerus2000

        Sometimes the law doesn't operate very intuitively. In particular, what you described as obvious harm would be deemed speculative by a judge. Facebook would have to produce witnesses who would testify that they cut their advertising on Facebook because people might not sign up with Facebook, and then some witnesses who would testify that they did not sign up with Facebook because they feared that at some future date a prospective employer might demand their password.

        If you heard more speculation in that last sentence, you're not alone. The judge would hear it, too.

        Bottom line, you can't sue somebody over what might happen if this plus that chain of events occurs.
        Robert Hahn
      • Agreed, sort of

        In the US, the judge and District seem to play a large role in case outcomes.

        Also, the MPAA and RIAA regularly mount court cases, based on speculative loss of profit.
        They even seem to win some.
    • Huh?

      So, you don't mind if they see your conversations between yourself and your boy/girlfriend? You don't think this is a privacy issue?
      If you had a Facebook [or other social network] account strictly for business, then yes. For personal, the no.
      They can ask whatever they want at an interview as long as the questions are already within the law [i.e. I don't think they can ask you if you are gay or a lesbian].
      In Canada, for example, they can't even ask you if you have a wife or kids [at least in some provinces] as it could descriminate those from getting a job.
      Oh and the difference between giving up your social network account info and giving up your work or home password is....?
  • Facebook terms and conditions

    I don't have a Facebook account (why would I want to put all my personal details on the web?). However, can people who do, please answer me a question? In the terms and conditions of using Facebook, I am willing to bet there is a condition that states you are not allowed to disclose your password to anyone else. So are employers not forcing (potential) staff to invalidate the Facebook conditions?
    • Errr....

      First, you are only putting the information you want on the web and *ONLY* if you allow it to be visible. For example, my home Email address isn't use. I don't mention where I live, my birth date, likes or dislikes. Any Facebook "app" that is requesting information that they don't need isn't used by me [such as some new thing from Yahoo].
  • Why Is It Needed? Blocking + FB Use at Work = Disciplinary Action Is Enough

    iIts normal to have policy to deal with such things. If you don't want people on social networks who should be working then ban it and block the site for all except approved users, marcoms for example. People aren't hired to waste time social networking.

    Same is true for email. Do it on our time using our mail and its ours. Use it as you have to for personal difficulties, not for chat. Obviously private log ins are private.

    In short companies should not and do not need to require them. That's an ignorant and badly run company.
    • Ya...

      Because some companies don't know how to block social networks or restrict them to the people who may require them [like marketing]. Their networking group is therefore useless.
  • I Missed The Screening Thing......

    If this is HR doing a sneaky screen that's none of their business either, and probably preferring one employee over another because of their off duty facebook page is probably illegal profiling as well, especially if the Facebook page is private to friends. Bet their CEO wouldn't allow such an intrusion. Its private, I'm sorry. No, No, No.

    If its government employees doing FB just block it and give them some on line processing work to do - the ones intelligent enough not to get >50% of their work wrong, that is , they are slow enough doing their day jobs, how come they have spare time?
  • No one should ask for passwords

    I am sorry but I dont think it is right for any company to ask anyone thier passwords. If you want to see what I am saying on Facebook, fine. Send me a "friend invite" and you can see it. But to hand over my password? No, that is not going to happen.
  • What about Google++ password? password? ....

    Facebook is not the only site that these employers should go after. If they want to be thorough, they should look into all sites where their employees can express their views and private thoughts ... This HR policy was not well thought of and I can't believe a growing number of employers are adopting this practice. I am interested to know who these employers are and I would like to hear their CEOs try and defend publicly their HR hiring policy. Note to self .. stay away from these potential harassers.
    • Why stop there.

      If they really want to pry and "find out what type of person you are" Ask them what web sites do they have in there "favorites list". Ask them who and why they voted for in the last election and the next election. I am sure this falls under the column of "unethical questions to ask in an interview."
  • What an idiot

    [i]"The former [federal statute] prohibits intentional access to electronic information without authorization and the latter bars intentional access to a computer without authorization to obtain information."[/i]

    What an idiot. If the person gives someone his password, then clearly "without authorization" doesn't apply.

    Just political grandstanding.
  • Is this not the United States?

    The first account I read of the request for FB account passwords was a story about the Maryland Department of Corrections requiring this info in order to be hired. They claim it is to check for gang affiliations.

    MDOC HR is being PAID taxpayer dollars to background check prospective employees, they need to get out of their chairs and do their job legally.

    If an employee gave their login information, they violated the Terms and Conditions of having a FB account.
  • Facebook Association with your employer

    I think once you associate yourself with your place of employment on Facebook, your page becomes a representative of your employer and your employer has some right to know how they are being represented. I do NOT condone employment being based on your willingness to provide this information. Employers who do this aren't worth working for in the first place. As an employee, make sure your potential employer is a good fit for you as well as you being a good fit for them.
  • Harp 2.0 has not teeth.

    Harp 2.0 has not teeth.:The sad thing is if you try to help the banks by negotiating a short-sale in a proper way, verses just walking away from the loan house and responsibility, you are penalized more than if just ran away. Why be civilized and try to work with the process?