New York Senator Charles Schumer (pictured right) and Connecticut Senator Richard Blumenthal, both Democrats, are planning to ask the U.S. Department of Justice (DOJ) to investigate whether employers demanding access to Facebook accounts are violating federal law, the lawmakers said today. Attorney General Eric Holder will thus have to look into whether such employers are violating federal law. The two U.S. senators are also asking the U.S. Equal Employment Opportunity Commission (EEOC) to examine the practice.
More specifically, the duo wants to know if this practice violates the Stored Communications Act or the Computer Fraud and Abuse Act. The former prohibits intentional access to electronic information without authorization and the latter bars intentional access to a computer without authorization to obtain information.
"Employers have no right to ask job applicants for their house keys or to read their diaries – why should they be able to ask them for their Facebook passwords and gain unwarranted access to a trove of private information about what we like, what messages we send to people, or who we are friends with?" Schumer said in a statement. "In an age where more and more of our personal information – and our private social interactions – are online, it is vital that all individuals be allowed to determine for themselves what personal information they want to make public and protect personal information from their would-be employers. This is especially important during the job-seeking process, when all the power is on one side of the fence. Before this disturbing practice becomes widespread, we must have an immediate investigation into whether the practice violates federal law – I'm confident the investigation will show it does. Facebook agrees, and I'm sure most Americans agree, that employers have no business asking for your Facebook password."
"I am alarmed and outraged by rapidly and widely spreading employer practices seeking access to Facebook passwords or confidential information on other social networks," Blumenthal said in a statement. "A ban on these practices is necessary to stop unreasonable and unacceptable invasions of privacy. An investigation by the Department of Justice and Equal Employment Opportunity Commission will help remedy ongoing intrusions and coercive practices, while we draft new statutory protections to clarify and strengthen the law. With few exceptions, employers do not have the need or the right to demand access to applicants' private, password-protected information."
Here are the letters the two senators sent to the DOJ and EEOC:
Dear Attorney General Holder,
We write concerning reports in the media that some employers are requiring job applicants to provide their usernames and passwords to social networking sites like Facebook as part of the hiring process.
We urge the DOJ to investigate whether this practice violates the Stored Communication Act or the Computer Fraud and Abuse Act. The SCA prohibits intentional access to electronic information without authorization or intentionally exceeding that authorization, 18 U.S.C. § 2701, and the CFAA prohibits intentional access to a computer without authorization to obtain information, 18 U.S.C. § 1030(a)(2)(C). Requiring applicants to provide login credentials to secure social media websites and then using those credentials to access private information stored on those sites may be unduly coercive and therefore constitute unauthorized access under both SCA and the CFAA.
Two courts have found that when supervisors request employee login credentials, and access otherwise private information with those credentials, that those supervisors may be subject to civil liability under the SCA. See Pietrylo v. Hillstone Restaurant Group, 2009 WL 3128420 (D.N.J. 2009); Konop v. Hawaiian Airlines, Inc., 302 F.3d 868 (9th Cir. 2002). Although these cases involved current employees, the courts’ reasoning does not clearly distinguish between employees and applicants. Given Facebook terms of service and the civil case law, we strongly urge the Department to investigate and issue a legal opinion as to whether requesting and using prospective employees’ social network passwords violates current federal law.
Dear EEOC Chair Berrien,
We write concerning reports in the media that some employers are requiring job applicants to provide their usernames and passwords to social networking sites like Facebook as part of the hiring process. By requiring applicants to provide login credentials to social networking and email sites, employers will have access to private, protected information that may be impermissible to consider when making hiring decisions. We are concerned that this information may be used to unlawfully discriminate against otherwise qualified applicants.
Facebook and other social networks allow users to control what information they expose to the public, but potential employers using login credentials can bypass these privacy protections. This allows employers to access private information, including personal communications, religious views, national origin, family history, gender, marital status, and age. If employers asked for some of this information directly, it would violate federal anti-discrimination law. We are concerned that collecting this sensitive information under the guise of a background check may simply be a pretext for discrimination.
We strongly urge the Commission to investigate and issue a legal opinion as to whether requesting and using prospective employees’ social network passwords violate current federal law.