Are Facebook passwords fair game for employers?
- 04 April, 2012 04:31
The Associated Press in late March reported on the issue of employers asking job applicants for their Facebook passwords, citing new and old incidents. The story apparently hit a sore point because it was all over the press within a day or so and in short order politicians were posturing and reaching for the limelight by introducing legislation to ban the practice and sending letters to enforcement agencies demanding action. Based on the comments since the story broke, it is clear that the specific practice of demanding an applicant's password to a social media site is not common but that there is a common worry that it might become so.
U.S. Sens. Charles Schumer (D-N.Y.) and Richard Blumenthal (D-Conn.) sent letters to U.S. Attorney General Eric Holder and Equal Employment Opportunity Commission Chairwoman Jacqueline Berrien asking that they investigate if any laws had been broken, and U.S. Rep. Patrick McHenry (R-N.C.) said he was drafting legislation banning the practice.
Certainly a lot of fervor -- now for a bit of reflection.
Is the practice common? Likely not. Very few companies have fessed up to doing this and few employees have come forward to say that it happened to them. But, that said, the majority of companies have been looking at information applicants post on social media sites for years. One survey a few years ago found that 60% of companies had rejected an applicant based on something publicly posted on a social media site. So don't think you are off the hook for that incriminating picture taken at the beach house last summer just because you were not asked for your password.
Is asking for an applicant's password legal? Maybe not, as the Schumer/Blumenthal letter points to court cases that might indicate it is illegal.
What messages does such a request send to the applicant? Clearly the first is that the company treats its employees like chattel, not people. The idea that a company would want to root around in an employee's private life should be deeply disturbing to any applicant. I wonder how many of the people asking for passwords would be happy if their own personal life were regularly reviewed by others in the company?
Another message is that the company does not care much about information security. Asking for an applicant's password would violate just about any company's information security policy that's worth being called one. Maybe the right response if asked is, "Is this a test to see if I am willing to follow the company information security policy? I am, so I will not give you my password."
This practice of asking for employee social media passwords appears to be rare, and hopefully will remain so. But the reaction to the AP report clearly indicates that a lot of people have been conditioned to expect the worst when it comes to privacy and dignity in modern society -- and that is sad.
Disclaimer: Harvard's information security policy includes a rule not to share passwords and I have not heard that recruiters violate the policy. So the above set of opinions is my own.
Read more about wide area network in Network World's Wide Area Network section.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- More often, employers asking job seekers for Facebook passwords
- Facebook warns employers not to ask job applicants for log-in credentials
- drop the threat
- 15 worst Internet privacy scandals of all time
- Senator Charles E. Schumer
- Blumenthal, Schumer: Employer Demands For Facebook And Email Passwords As Precondition For Job Interviews May Be A Violation Of Federal Law; Senators Ask Feds To Investigate : Press Releases : United States Senator Richard Blumenthal
- House bill would ban bosses from asking for Facebook passwords - The Hill's Hillicon Valley
- Security Research Center - Network World
- Enterprise Security Policy : Information Security & Privacy
- LAN & WAN Research Center - Network World
- ASIC Optimises and Promotes Network Automation Using HP Software
- Cloud Computing in the Midmarket : Assessing the Options
- Kill Your Data To Protect It From Cybercriminals
- Leading Through Connections – Insights from the Global Chief Executive Officer Study
- Endpoint Security Solutions: VDI Performance Analysis Report
Why change management doesn’t work
Larry Page wants to see your medical records
Dual-Persona Smartphones Not a BYOD Panacea
After two-year hiatus, EFF accepts bitcoin donations again
CIOs struggle to deliver timely mobile business apps: survey
Spear-Phishing Email: Most Favored APT Attack Bait
This research paper presents findings on APT-related spear phishing from February to September 2012. We analysed APT-related spear-phishing emails collected throughout this period to understand and mitigate attacks. The information we gathered not only allowed us to obtain specific details on spear phishing but also on targeted attacks. We found, for instance, that 91% of targeted attacks involve spear-phishing emails, reinforcing the belief that spear phishing is a primary means by which APT attackers infiltrate target networks.
Leading Through Connections – Insights from the Global Chief Executive Officer Study
IBM’s 2012 Global CEO study follows face-to-face discussions with more than 1,700 CEOs and senior public sector leaders from around the globe. The findings examine how CEOs are responding to the complexity of increasingly interconnected organisations, markets, societies and governments. For example, almost one-quarter of CEOs say their organisations operate below par in terms of driving value from data. CEOs have expressed frustration about their inability to capitalise on available information. This is because: “The time available to capture, interpret and act on information is getting shorter and shorter.” CEO, Chemicals and Petroleum, United States Given the need for deeper business insight, the best performing organisations are more adept at converting complex data into insights, and insights into action. Download Entire Report Now.
Mobility Apps: What every developer should know
Learn how others have delivered industry-leading, multi-platform management and security solutions. In this whitepaper, we look how app developers can develop, deploy and manage apps that enterprises can rely on today and into the future. Click to download!