More bosses demand access to private Facebook accounts

More organizations are snooping at a level so obviously wrong there's no excuse for even trying it

There is a creepy new (completely illegal) sense of corporate privilege and control poisoning some portion of the real world: Facebook peeping.

According to stories in The Atlantic, MSNBC, San Francisco Chronicle and Time, some employers believe they have the right to demand that job candidates and current employees hand over the username and passwords to their social networking accounts so the employer can snoop through them in an inappropriate, ineffective effort at personal background checks.

The first of these stories appeared Feb. 19, which means I'm incredibly late to even notice them. In my defense, the first mentions I saw described behavior so obviously wrongheaded I assumed they were from The Onion. The Onion is apparently having trouble keeping ahead of the ridiculous behavior of those it satires; this story actually happened.

While it depends on the same contempt for individual rights as privacy outrages perpetrated for profit by Facebook, Google, Twitter and other social-networking sites, Facebook Peeping steps on even more vulnerable toes.

Rather than exploiting the private communications of social networkers for the profit of the social-networking site, Facebook Peepers are employers who force current or prospective employees to hand over usernames and passwords to social-networking sites so employers can snoop through non-work-related posts from employees and their friends.

Usually there's not much need to pay attention to something so obviously stupid that every human with even one neuron still capable of firing will recognize what it is and demand that it stop

I almost skipped the whole issue for just that reason until I realized that this story in the Atlantic, this one on the Huffington Post and this column in Time all earnestly ask the same question for the benefit of a non-geek audience:

Can a prospective employer require that you turn over your Facebook username and password to help with a "background check" on you, or, if they're delicate, require that you log in yourself so they can read over your shoulder to see what kind of dangerous, social networking terrorist you really are?

It's an idiotic question. No, of course they can't. Except, outside the tech world, issues about privacy and ownership, what is work-related Internet use and what is personal is a lot more confused.

According to Time and the San Francisco Chronicle, it's not only companies that try this. Colleges also demand Facebook access either to further vet students applying for admission or, even more outrageously, to let coaches or teachers continually eavesdrop on social-network posts to keep track of which students are behaving in ways that make them worthy of a scholarship.

What prompted this sense of entitlement to other people's privacy?

Normal people (non-geeks), especially managers who pay little attention to social networking except to forbid it on company time as a waste of resources, tend still to look for 'official' answers to questions about whether bosses, cops, federal agents or anyone else can legitimately demand the right to sift through their private email, chat logs, Facebook pages or other digital content, fishing for things to which they can object or lodge an indictment.

I have to admit being surprised that even among those who don't spend any time thinking about whether the same rights that protect Americans in the physical world should apply in the digital would not see an obvious answer to that one.

Is there anyone – seriously, anyone – so insensitive of the rights and personal boundaries of others that they think it's acceptable in any way – let alone legal – to try to force someone to give access to their social networks to a total stranger with whom they are interviewing for a job?

Facebook Peeping: What it is and why it should cause public backlash, not poor performance reviews

The victim of idiots in this case is Robert Collins – who was employed by the Maryland Division of Corrections (MDOC) and going through routine recertification when his interviewer demanded that he hand over his Facebook username and password.

Collins then "had to sit there while the interviewer logged on to his account and read not only his postings, but those of his family and friends too," according to the Maryland ACLU.

Collins complained to the ACLU, which complained in a letter to Public Safety Secretary Gary Maynard, who oversees the MDOC, that the policy was unutterably stupid, offensive, invasive and illegal even for new job candidates.

For existing employees that have already undergone repeated background checks and performance reviews, snooping into private social-networking activity doesn't just indicate a lack of respect for employees, it shows complete contempt for them personally, their legal rights and for the responsibility they exercise every day while performing their jobs.

What is your experience with Facebook Peeping?

My question is how the hell many companies actually try to do this and why do people go along with it? All the recent stories I saw name only the MDOC as an employer demanding the right to access private Facebook accounts. Time implies it's a much more widespread practice, with no references that would make clear it's not an isolated bit of stupidity – the kind that dries up and blows away when exposed to public attention and ridicule.

If the belief that bosses have the right to demand social networking usernames and passwords is limited only to the Maryland Dept. of Corrections, the outbreak of stupidity is isolated and can be counted on to die away.

If it's widespread and employees are too afraid for their jobs to complain publicly, there's a much bigger problem with American companies' sense of entitlement over workers' rights than can be repaired by ridiculing just one government agency. It would require an enormous public tide of ridicule to swamp the effort of any company that tries it and every corporate-hegemony lobbyist who argues employers should have all the rights of feudal lords over those they deign to employ. With no indication of how common the practice is or what organizations assume privacy boundaries shouldn't affect them it is impossible to generate or direct an appropriate volume of ridicule or outrage.

The state didn't respond to the ACLU. It did respond to a story in the Atlantic describing both the idiots and the idiocy.

A PR guy wrote to tell the Atlantic it had created misperceptions about the department; no one was required to turn over passwords. It was just a suggestion.

It was a suggestion made by the investigating officer interviewing an employee during a recertification process the employee had to pass in order to keep his or her job.

That kind of suggestion doesn't even come down the scale far enough to qualify as extortion; it stays right up there in the Unwritten Requirements section of the job description.

Message received; problem resolved (by making it worse)

The MDOC flak told the Atlantic the department no longer even asked for passwords; that everything was now hunky and dory.

Hunky and dory apparently means that you now force people to log in to their own Facebook accounts while you read over their shoulders and direct the cowed and largely helpless employee to navigate to the pages you want to read.

The Maryland Dept. of Corrections corrected an unbelievably stupid policy, in other words, by making the whole process just as invasive and illegal, but making it even more personally degrading to the employees involved.

Privacy advocates quoted in Time said in a jobless job market like this one, few employees have the power or chutzpah to refuse a demand for access even to private social-networks that have nothing to do with the job they're paid to do.

Anyone who works in the prison system but hangs out with felons IRL and on Facebook should have been caught at it by ordinary, court-approved background-checks that don't involve wholesale invasions of privacy.

That's what background investigations are for.

Facebook is far too public to be effective as a secret second life for employees of the prison system who dream secretly of living the thug life and have Facebook friend lists to prove it.

Facebook, Time points out, is not a private place. Facebook does more to exploit and invade the individual privacy of its members than the MDOC could figure out how to manage in a lifetime.

That does not mean the MDOC or any other employer has the right do demand access to your Facebook pages any more than they have the right to send an investigator to tag along while you hang out with the family, go out with friends or have a nice long shower to wash the slime of your bosses' disrespect from your skin at the end of the day.

List of employer privileges is long, but stops at the factory door

There are plenty of perfectly legitimate demands an employer can make in the workplace that are inappropriate, illegal or ridiculous in any other situation: forced overtime, bans or limits on personal email, text or phone calls, limits on break time or sick days, dress codes, scripts that customer-service or help-desk staffers have to follow word for word.

None apply when the employee is off the clock, with the possible exception of bans on alcohol or drugs for pilots, truck drivers and others who would become public hazards if they were to come to work still suffering residual effects of their time off.

None of an employer's privileges include the right to follow employees home and eavesdrop on their family or social life.

Measuring public outrage over erosion of privacy and individual rights by big corporations

It is now possible to measure the use of public ridicule to modify or cancel efforts to curtail the basic rights of individuals and put them at the mercy of corporations or authorities that will abuse those rights for profit, to improve their own operations or just for the hell of it.

Public ridicule applied in the interest of quashing corporate totalitarian tendencies can be measured in units known as the SOPA Sweep -- named for the Stop Online Piracy Act sponsored by Lamar Smith, a corporate-profit-worshipping Texas Republican who believes consumers should be punished for not complying with specious corporate claims and demands that have no force in law.

One SOPA Sweep is equal to the volume of public outrage and ridicule needed to reverse the certain passage of an abusive bill into law, kill it and at least one similar bill (the Senate's Protect IP Act) so decisively as to leave supporters too shocked and wary to make similar efforts during the same legislative session.

SOPA Sweep quantifications are similar to percentages in that the seminal Sweep carries a numerical value of 1.0, in keeping with its status as the gold standard of consumer-protecting surges of public outrage. Reversing legislation to make Facebook peeping legal would, as a rough estimate, equal approximately .35 SOPA Sweeps [.35SS] – Just in case you were wondering.

No matter how much smack an employee might talk in private, what opinions they express at home that they can't discuss in the office, no matter how many long-distance virtual "friendships" they maintain with people of whom the employer disapproves, no employer has the right to monitor or control the behavior of employees in their personal lives.

Personal Facebook accounts – not public accounts created as a way to contact customers or create a public image for the company – are part of an employee's personal life and should be off limits to employers, no matter how entitled they feel to violate the personal boundaries of employees.

Pretend you can and you might as well start a job interview by demanding employees dump out their wallets or purses so you can rifle through them, or give up their house keys so you can go snoop through their bathrooms to see if they use all the right toothpaste or antiperspirant.

'Personal life' means 'personal,' not 'waiting for the approval of management'

That kind of behavior, that contemptuous dismissal of the rights of the individual, that blatant disregard for manners, rights or propriety is the kind of thing for which state prison systems are regularly pilloried when they do things like that to prisoners.

When they or any other organization does it to their employees, there's no way to forgive it, no way to justify even the attitude that would allow it and absolutely no other way but one to answer the question.

Should employers be able to demand access to Facebook or the other social-networking sites used by current or prospective employees?

Sure. Right after the interviewer submits to daily invasive strip searches to confirm they're not carrying secret copies of 'How to Abuse Your Position and Employees For Fun and Profit,' or 'The Robber Baron's Guide to Class Warfare and Worker Intimidation.'

Even better, a regular strip search and careful probing would help company doctors determine how far up a long, dark tunnel the manager's head has been drawn, how much effort it might take to extract, and why the manager chose that particular spot to search for such wonderful ideas about how to treat employees.

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies