Background Check for the Digital Age
March 6, 2012 4:54 PM   Subscribe

Employers and colleges are now asking applicants for their Facebook logins and passwords in an attempt to get around privacy settings.
posted by reenum (173 comments total) 38 users marked this as a favorite

 
My password is "HAHAHAHAHAHFUCKYOU"
posted by chimaera at 4:57 PM on March 6, 2012 [109 favorites]


The image below is a snapshot of an application from North Carolina for a clerical position at a police department. One of the required pieces of information is a disclosure of any social networking accounts, along with the username and password to access them.

Not okay.
posted by maxim0512 at 4:57 PM on March 6, 2012 [37 favorites]


Stunned. Read this earlier today- fucked up beyond belief.
posted by PuppyCat at 4:58 PM on March 6, 2012


Seriously, though, if I were ever put in a position where I did actually want to get whatever someone was offering with the proviso that I coughed up a password, they'll just get my fake account anyway.
posted by chimaera at 4:58 PM on March 6, 2012 [9 favorites]


It makes total sense in law enforcement, actually.
posted by KokuRyu at 4:59 PM on March 6, 2012 [1 favorite]


So glad I deleted my facebook account. And I barely have anything on my g+ account.
posted by empath at 4:59 PM on March 6, 2012 [5 favorites]


Guess that "US out of my uterus" pic on my Google+ account might throw a few folks off...
posted by PuppyCat at 5:01 PM on March 6, 2012 [1 favorite]


Also, if I were interviewing someone and they agreed to let me read their facebook, I would think they were so timid and weird that I wouldn't hire them.
posted by empath at 5:01 PM on March 6, 2012 [62 favorites]


If you agree to provide this information for them, you're a significantly large part of the problem.

Demand your right to privacy, or you'll lose it.
posted by secondhand pho at 5:02 PM on March 6, 2012 [47 favorites]


The fuck?
posted by timshel at 5:02 PM on March 6, 2012 [3 favorites]


So glad I deleted my facebook account.

I just have an utterly anodyne persona on it. Privacy settings are set up so I don't have a wall and when I'm tagged in photos it requires my approval before it's valid. No personal contact information beyond phone and email.
posted by jaduncan at 5:02 PM on March 6, 2012 [1 favorite]


There's a lot of time I wonder about the the liberal education that I missed out on in college by getting a professional degree... but things like this make me so very thankful I have the option to tell these people to go pound sand.
posted by indubitable at 5:02 PM on March 6, 2012 [1 favorite]


Like, seriously, unless I was literally starving, I would tell someone who asked me this to fuck off and walk right out of the interview.
posted by empath at 5:03 PM on March 6, 2012 [27 favorites]


Great. Now I have to set up a fake account and post a bunch of wholesome, mundane activities and interests, and yet still use it enough to demonstrate to employers that I'm "good with social media."
posted by ShutterBun at 5:04 PM on March 6, 2012 [11 favorites]


"I treat confidential information, such as passwords, with utmost discretion. I am sure you are only asking to ensure that I would decline such a request for company passwords or other sensitive information, so I will appropriately decline your request and thereby demonstrate my commitment to keeping confidential information protected."
posted by Eyebrows McGee at 5:04 PM on March 6, 2012 [430 favorites]


It would be tempting to allow this as a candidate. If you've been looking for a long time and/or you're a grad. I've been in that desperate to get a job, I would do anything. It's sad that the job outlook is so bad that employers think they can get away with these kinds of dirty games.
posted by hot_monster at 5:04 PM on March 6, 2012


Oh, man, I am screwed. The only thing I use Facebook for is keeping a running tally of office supplies I've sto^H^H^H borrowed.
posted by griphus at 5:05 PM on March 6, 2012 [7 favorites]


You know, the privacy implications are annoying, but computer security-wise, Facebook already supports OAuth such that you could grant an employer a read only key to your account.
posted by pwnguin at 5:06 PM on March 6, 2012 [3 favorites]


I would think they were so timid and weird that I wouldn't hire them.

You aren't thinking like a capitalist. You should be thinking they are so desperate for food, housing and healthcare for their family they'll do everything you want for almost nothing.
posted by DU at 5:06 PM on March 6, 2012 [11 favorites]


You know, the privacy implications are annoying, but computer security-wise, Facebook already supports OAuth such that you could grant an employer a read only key to your account.

I don't think the fear is that your interviewer is going post fake statuses.
posted by adamdschneider at 5:08 PM on March 6, 2012 [27 favorites]


Is it not a breach of Facebook's user agreement to give out your password? So are these employers asking applicants to break the law to get a job?

What a sign of the times.
posted by weezy at 5:09 PM on March 6, 2012 [5 favorites]


I would hope this is only to screen out candidates who would be potential fishing or social engineering attack vectors.
posted by gilrain at 5:10 PM on March 6, 2012 [5 favorites]


"N/A" is your friend.
posted by Sys Rq at 5:11 PM on March 6, 2012 [8 favorites]


Is it not a breach of Facebook's user agreement to give out your password? So are these employers asking applicants to break the law to get a job?

I don't know the answer to the question posed, but "Facebook's user agreement" is not the same is as "the law".
posted by vidur at 5:11 PM on March 6, 2012 [20 favorites]


This is totally unsurprising. People crave power and when other people have been out of work for months, if not years, then they're more willing to be lorded over.
posted by Brandon Blatcher at 5:11 PM on March 6, 2012 [3 favorites]


Seriously, though, if I were ever put in a position where I did actually want to get whatever someone was offering with the proviso that I coughed up a password, they'll just get my fake account anyway.

One of my friend who is in a certain type of professional school has such a dummy account, which is genius. It looks so much like the real thing, but all the friends and details and activity is fake. I think she put quite a bit of time into it.
posted by melissam at 5:15 PM on March 6, 2012 [2 favorites]


I don't think the fear is that your interviewer is going post fake statuses.

Oh, it's going to be after I start doing this to applicants.
posted by michaelh at 5:16 PM on March 6, 2012 [18 favorites]


Student-athletes in colleges around the country also are finding out they can no longer maintain privacy in Facebook communications because schools are requiring them to "friend" a coach or compliance officer, giving that person access to their “friends-only” posts.

So, they don't realize you can hide posts from specific friends? Like how absolutely everyone already does to their own mother?

I sense a business opportunity for students to teach the athletes how to troll for gifts from alumni without the coach finding out about it.
posted by Cool Papa Bell at 5:20 PM on March 6, 2012 [5 favorites]


vidur, actually it is. Asking someone to breach a contract as a provision to employment is, in fact, against the law.
posted by nonreflectiveobject at 5:20 PM on March 6, 2012 [40 favorites]


Those employers and colleges might want to ask the city of Bozeman, Montana how that worked for them.
posted by bakerina at 5:21 PM on March 6, 2012 [4 favorites]


If this were to become a well-established practice, so too would fake job applications that ask a soon-to-be-hacked for his account passwords.
posted by compartment at 5:22 PM on March 6, 2012 [11 favorites]


I don't think the fear is that your interviewer is going post fake statuses.

Oh, it's going to be after I start doing this to applicants.


Who do you think is typing this right now?

Also: What's a MetaFilter? And who's an Ufez?
posted by Ufez Jones at 5:23 PM on March 6, 2012 [5 favorites]


Man. Orwell couldn't foresee that we would submit to giving our employers urine samples at random intervals and that's now a matter of course. He sure didn't foresee this.
posted by cmoj at 5:25 PM on March 6, 2012 [5 favorites]


Wouldn't it be more secure and less obvious to just to have applicants sign on via Facebook connect when they apply online?
posted by humanfont at 5:26 PM on March 6, 2012 [3 favorites]


Asking someone to breach a contract as a provision to employment is, in fact, against the law.

It's called tortious interference.

The classic example of this tort occurs when one party induces another party to breach a contract with a third party, in circumstances where the first party has no privilege to act as it does and acts with knowledge of the existence of the contract. Such conduct is termed tortious inducement of breach of contract.
posted by Cool Papa Bell at 5:28 PM on March 6, 2012 [40 favorites]


I don't know the answer to the question posed, but "Facebook's user agreement" is not the same is as "the law".

It's not. The person giving the password out has committed a breach of the T&Cs only. I would argue however that anyone who then accesses the account commits a breach under the Computer Fraud and Abuse Act (18 U.S.C. § 1030)

The Act makes accessing a protected computer without authorisation illegal, defining a protected computer as one

(e)(2) "which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States;"

This is true of the Facebook servers, as they sell application credit worldwide. The FB servers are thus protected.

It is then a crime to access them for (amongst other things)

(2) "intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains—"[...]
(C) "information from any protected computer;"

This password has been given for the purposes of extracting the information relating to the candidate from the FB servers.

The question thus becomes if Facebook can have been said to have authorised the access. This is where the T&Cs come in.

The FB T&Cs are clear that

(4)(8)"You will not share your password, (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account."
(4)(9)"You will not transfer your account (including any page or application you administer) to anyone without first getting our written permission."

It is thus clear that the new access cannot be said to be authorised as I was not allowed to reveal the password or transfer the account without permission.

Access without written permission from FB is therefore a breach of 18 U.S.C. § 1030.

I am not a US lawyer, and I am not your lawyer.
posted by jaduncan at 5:28 PM on March 6, 2012 [64 favorites]


Blood sample at the door. Every day.
posted by seanmpuckett at 5:28 PM on March 6, 2012 [2 favorites]


From bakerina's link:
According to a press release issued Friday: "The extent of our request for a candidate's password, user name, or other internet information appears to have exceeded that which is acceptable to our community. We appreciate the concern many citizens have expressed regarding this practice and apologize for the negative impact this issue is having on the City of Bozeman."
"Apparently we won't be allowed to get away with this shit, so we'll pretend like we're happy about the feedback we're getting telling us that we are reprehensible scumbags."
posted by Greg_Ace at 5:29 PM on March 6, 2012 [27 favorites]


I'm with michaelh here, ask this question, if they give you their password, then tell em' they failed the interview via facebook. If they storm out, yell after em' that they answer the question correctly.
posted by jeffburdges at 5:30 PM on March 6, 2012 [2 favorites]


I can see the next version of the clean-urine-for-drug-tests business model being providing clean-but-plausibly-active-looking Facebook profiles for employment interviews. Fill in a form giving details (what political/religious views it should espouse, where it should be between gregariously easy-going and Stepfordesquely clean, &c.), put in your credit card number and, presto, an army of third-world data-centre employees will assemble a profile you can show to any authority figure. For a monthly fee, they'll even run your parallel life in the background for you, keeping the illusion up, posting anodyne comments about TV shows and sports matches, attending church mixers, liking big, uncontroversial brands and even giving you your desired level of a simulated social life with a bevy of convincing yet utterly unimpeachable sockpuppets.
posted by acb at 5:30 PM on March 6, 2012 [38 favorites]


Blood sample at the door. Every day.

It can't happen here.
posted by Blazecock Pileon at 5:31 PM on March 6, 2012 [4 favorites]


It can't happen here.

It probably does in one or two companies already. So many employers, so much potential for manipulative evil.
posted by Slackermagee at 5:32 PM on March 6, 2012


This is most likely the last gasp before older people (either retire or) realize that there is dirt about nearly everybody online somewhere in the U.S. I would rather hire somebody who is especially good at hiding her or her dirt than somebody who is naive enough to let me look at it.
posted by Joey Michaels at 5:34 PM on March 6, 2012 [5 favorites]


You can pry my passwords out of my cold dead hands!
posted by bquarters at 5:35 PM on March 6, 2012 [3 favorites]


Some big company needs to get sued and lose in a high profile case over this bullshit. If you so much as ask if an applicant is a US citizen or if they have children, you are opening yourself up to a lawsuit. The fact that employers routinely go digging for that kind of information online is bad enough, outright asking for direct access is so brazenly over the line that I'm surprised anyone at all familiar with employment law would try to do it.
posted by burnmp3s at 5:36 PM on March 6, 2012 [31 favorites]


also require keys to your house ... you know, so they can tell if you're a good candidate or not.
posted by cupcake1337 at 5:36 PM on March 6, 2012 [4 favorites]


acb, thanks for reminding me of Scroogled, where the DHS uses what ads google shows you to profile you at the border and a Google employee creates a project to whitewash your Google history.
posted by dragoon at 5:37 PM on March 6, 2012 [2 favorites]


I'd favor the felony prosecution under jaduncan's Computer Fraud and Abuse Act (18 U.S.C. § 1030) theory over "lawsuits" myself, burnmp3s, they'll stop asking if an H.R. director lands in prison.
posted by jeffburdges at 5:39 PM on March 6, 2012 [3 favorites]


Sorry but I'm laughing over here, reading what people are writing, that this is against the law, goes against our principles, how you're going to take a strong stand, tell them it's none of their business, etc and etc. Have you flown in the past two years, have you flown since the scum that run this show are groping you, pawing through your dirty socks and underpants in your luggage, and taking naked photos of you?
posted by dancestoblue at 5:41 PM on March 6, 2012 [23 favorites]


Wouldn't one answer to this ridiculous situation to be to have a dummy FB page? I've shot quite a few senior photos and I know that lately kids have started to change their FB names and locking down privacy when applying to college. Some have alternate FB pages. All that I've been in touch with seem to have gotten into schools.
posted by blaneyphoto at 5:47 PM on March 6, 2012


Those employers and colleges might want to ask the city of Bozeman, Montana how that worked for them.

Here's our thread about it.
posted by ODiV at 5:50 PM on March 6, 2012 [1 favorite]


Ahem:

Someone knocked on the door ... Two men stood on the welcome mat. They wore gray suits, striped ties, black brogues. They had short sideburns. They carried matching briefcases. When they removed their hats, they revealed identical chestnut hair, neatly parted in the center.

"We're from the Ford Sociological Department," the tall one said. "Is Mr. Stephanides at home?"

"Mr. Stephanides, let me tell you why we're here."

"Management has foreseen," the short one seamlessly continued, "that five dollars a day in the hands of some men might work a tremendous handicap along the paths of rectitude and right living and might make of them a menace to society in general."

"So it was established by Mr. Ford" - the taller one again took over - "that no man is to receive the money who cannot use it advisedly and conservatively."

"Also" - the short one again - "that where a man seems to qualify under the plan and later develops weaknesses, that it is within the province of the company to take away his share of the profits until such time as he can rehabilitate himself. May we come in?"

Once across the threshold, they separated. The tall one took out a pad from his briefcase. "I'm going to ask you a few questions, if you don't mind. Do you drink Mr. Stephanides?" ...

Meanwhile, the short one had entered the kitchen. He was lifting lids off pots, opening the oven door, peering into the garbage can. Desdemona started to object, but Lina checked her with a glance...

"How often do you bathe, Mr. Stephanides?" the tall one asked. "Every day, sir."
"How often do you brush your teeth?"
"Every day, sir."
"What do you use?"
"Baking soda."

Now the short one was climbing the stairs. He invaded my grandparents' bedroom and inspected the linens. He stepped into the bathroom and examined the toilet seat.

"From now on, use this," the tall one said. "it's a dentifrice. Here's a new toothbrush."
Disconcerted, my grandfather took the items. "We come from Bursa," he explained. "It's a big city."
"Brush along the gum lines. Up on the bottoms and down on the tops. Two minutes morning and night. Let's see. Give it a try."
"We are civilized people."
"Do I understand you to be refusing hygiene instruction?"

... The short one now reappeared from upstairs. He flipped open his pad and began: "Item one. Garbage in kitchen has no lid. Item two. Housefly on kitchen table. Item three. Too much garlic in food. Causes indigestion."

posted by The Whelk at 5:50 PM on March 6, 2012 [23 favorites]


Ha, no, here is our thread about it.
posted by ODiV at 5:51 PM on March 6, 2012 [1 favorite]


"Access without written permission from FB is therefore a breach of 18 U.S.C. § 1030."

There is some precedent for CFAA ruled not applicable to a violation of a website's terms of use. I don't know if there is a ruling where violating a site's TOS has been considered unauthorized access.

(United States vs. Lori Drew)
posted by sawdustbear at 5:51 PM on March 6, 2012 [2 favorites]


Yep. Those who aren't part of Zuckerberg's plan for world domination will soon be declared non-persons. People laughed when I predicted the inevitable next step in this unrelenting process here recently.

No matter how much I try to explain to my friends why I ask them to communicate with me in person, via phone, or email, and NOT through freaking Facebook, they mock me as a Luddite. Personally I think I've been ahead of the curve on this.
posted by PareidoliaticBoy at 5:52 PM on March 6, 2012 [16 favorites]


along the lines of "ridiculous things employers ask you do to in an intevriew" i once interviewed for an english teaching job in south korea, where before the interview started i had to sign a paper agreeing, among other things, that i would agree to work mandatory, unpaid overtime when asked.

i walked out.
posted by cupcake1337 at 5:53 PM on March 6, 2012 [6 favorites]


Refuse.
posted by His thoughts were red thoughts at 5:54 PM on March 6, 2012


D'oh. Of course the Bozeman foofaraw has already been covered on the blue. *smites forehead for lousy due diligence* Thanks, ODiV.
posted by bakerina at 5:54 PM on March 6, 2012


I'd favor the felony prosecution under jaduncan's Computer Fraud and Abuse Act (18 U.S.C. § 1030) theory over "lawsuits" myself, burnmp3s, they'll stop asking if an H.R. director lands in prison.

Under that reading of the law, giving your password to your spouse would be illegal. I'm against those overly broad hacker laws in general, even if I don't like the person they are being used against (I felt the same way about the Lori Drew case mentioned above). Going to jail for violating a TOS agreement does not make sense, whereas the employment laws that protect people from being discriminated against by potential employers are completely valid and were designed for exactly this kind of situation where an employer is trying to find out things they shouldn't know about a candidate.
posted by burnmp3s at 5:56 PM on March 6, 2012 [2 favorites]


I took a job at a small university a few years back. The IT guys said to get my computer set up for their network I had to hand it over, along with the admin password. This is apparently standard practice for them with all incoming students and they expected faculty to go along.

I told them under no circumstances will anyone ever get an admin password for my personal computer*, and that they could either tell me the configuration values and let me set it up myself, or go to hell. The guy seemed surprised but let me configure things. Which meant, essentially, plugging it into the wall and letting it get assigned an address via DHCP. Really. They wanted the admin password and a week to process it just for that.

You stand up for your privacy rights, or you don't have any privacy.

*OK, OK so I did make a new admin account just for the Genius Bar guys when my motherboard went out, but that's not the same thing - my data was still encrypted.
posted by caution live frogs at 5:56 PM on March 6, 2012 [16 favorites]


Incidentially, I suspect this would be a breach of Australian law. Section 14 of the Privacy Act 1988 (Cth) provides that
1. Personal information shall not be collected by a collector for inclusion in a record or in a generally available publication unless:

a) the information is collected for a purpose that is a lawful purpose directly related to a function or activity of the collector; and

(b) the collection of the information is necessary for or directly related to that purpose.
I find it hard to imagine that someone's social networking accounts and content posted on them could be reasonably be argued to be necessary for employment purposes. But I don't think the Australian Privacy Commissioner has been called on to decide any cases of this phenomenon yet. I suspect that it is only a matter of time.
posted by His thoughts were red thoughts at 6:00 PM on March 6, 2012


"I can see the next version of the clean-urine-for-drug-tests ..."

The Terminator Gold of social networking accounts - love it.
posted by PuppyCat at 6:00 PM on March 6, 2012


Just the thing to motivate my endless job search.

Yay.

*cries*
posted by Space Kitty at 6:00 PM on March 6, 2012 [5 favorites]


Sorry but I'm laughing over here, reading what people are writing, that this is against the law, goes against our principles, how you're going to take a strong stand, tell them it's none of their business, etc and etc. Have you flown in the past two years, have you flown since the scum that run this show are groping you, pawing through your dirty socks and underpants in your luggage, and taking naked photos of you?

Yup.

To quote from Cracked: "That's what makes increasingly annoying and/or invasive social networking practices so much harder to swallow. We want all of the below to stop and, barring that, at least not get any worse. But if they don't, what are we going to do? Ditch our computers and go live in the woods?"

Sure, a few of you are going to be able to get away with saying no here and there, but in general, we're all fucked. And better have fake social networking profiles.

I saw some remarks along the lines of "But what if I don't have Facebook?" and I suspect the answer to that one is "we don't believe you" and/or "get Facebook immediately." Argh.
posted by jenfullmoon at 6:03 PM on March 6, 2012 [5 favorites]


acb: "...For a monthly fee, they'll even run your parallel life in the background for you, keeping the illusion up, posting anodyne comments about TV shows and sports matches, attending church mixers, liking big, uncontroversial brands and even giving you your desired level of a simulated social life with a bevy of convincing yet utterly unimpeachable sockpuppets."

Where's PKD when you need him?
posted by symbioid at 6:03 PM on March 6, 2012 [8 favorites]


Also, FYI for anyone looking for a job, you can deactivate your Facebook account without losing all your data.

After you get through the interview, you can reactivate and restore everything.
posted by His thoughts were red thoughts at 6:04 PM on March 6, 2012 [13 favorites]


United States vs. Lori Drew

Interesting. A distinguishing point here is that Drew created a fake account rather than accessing the details in the existing account of another (there's an added issue of potential unauthorised disclosure of the private personal information of friends by FB to the person logged in, as well as the access).

Set against this, the 'password to spouse' policy issue point is well made, burnmp3s.

I'd really like to hear from a US lawyer about this. Anyone around?
posted by jaduncan at 6:04 PM on March 6, 2012


If you so much as ask if an applicant is a US citizen... you are opening yourself up to a lawsuit.

lol no. See: every US defense contractor or, for that matter, any company that has to handle ITAR data.
posted by indubitable at 6:07 PM on March 6, 2012 [1 favorite]


caution live frogs: I took a job at a small university a few years back. The IT guys said to get my computer set up for their network I had to hand it over, along with the admin password.

Hehe, I worked IT at a small university, and we did this too. Why would campus IT let an unsecured, personal computer on the network? If a professor didn't want to be subject to our IT policies, that was fine... they could use their personal computer on the public network. No, they don't get access to their department's file shares and other network resources with a complete wildcard of a computer.
posted by gilrain at 6:11 PM on March 6, 2012 [4 favorites]


PareidoliaticBoy: "No matter how much I try to explain to my friends why I ask them to communicate with me in person, via phone, or email, and NOT through freaking Facebook, ..."

I have a page there, or a wall, whatever it is, so that anyone wants to use FB to find me they can. On the page or wall I've put my email address, said I have walls and friends in real life and don't need or want them on FB, you wanna get in touch with me, shoot me an email.

It's like they can't read. Or they just won't. And they put in the requests for friends. wtf? Comical. I'm mostly not interested in what some mope from seventh grade or an old job is doing now and I for sure don't want to see pictures of their cat...
posted by dancestoblue at 6:13 PM on March 6, 2012 [1 favorite]


Are we talking about NYPD on facebook being racist?

I do not think that requiring someone to submit their username and password for a job application is acceptable.
posted by sciencegeek at 6:14 PM on March 6, 2012 [1 favorite]


Fascinating stuff about TOS violations and the laws concerning such violations. All of it is educational for me. But I really don't think that breaching a social networking website's TOS ought to be considered illegal in itself[1] and processed in a court of law. The punishment, if any, ought to be meted out by the website concerned and should involve nothing more than suspension/deletion of account. I'm not a lawyer, so I may be missing plenty of technicalities.

[1] The situation changes if the breach of TOS also concerns breach of some real-world laws. So, exchanging CP though Facebook violates the TOS, but it also breaks actual laws with real-world consequences.
posted by vidur at 6:15 PM on March 6, 2012


lol no. See: every US defense contractor or, for that matter, any company that has to handle ITAR data.

Obviously there are some cases where it's actually required for the job, but there's a reason why most job applications ask "Are you currently authorized to work in the United States?" rather than "Are you a US citizen?" Same with asking people how old they are, if they have any disabilities, what race they are, what religion they practice, etc. There are many protected classes that it's illegal to discriminate against in most hiring situations, and asking someone for access to their Facebook account will let you know a lot of information that you are absolutely not allowed to let affect hiring decisions.
posted by burnmp3s at 6:17 PM on March 6, 2012 [4 favorites]


vidur, the consequence for what you're talking about would be that there are no enforceable contracts. I am not a lawyer, but a TOS is a contract, and breach thereof is handled by the applicable state contract law (in the US, of course). Anyone using Facebook has entered into a legal contract with Facebook for the use of their services. If you breach those terms, you've breached a contract, and they can sue you.
posted by nonreflectiveobject at 6:21 PM on March 6, 2012 [1 favorite]


"It's not a far leap from reading people's Facebook posts to reading their email."

If you're giving out your login information, it's not a leap at all. Many people use Facebook messaging as email. In fact, Facebook has an entirely separate iPhone app for it. Among the younger people I know, it's my understanding that they use Facebook messaging in the same way that previous generations used AIM or Gchat.

No, employers cannot have access to my email account. Just like they cannot come to my house and rifle through my desk drawers. But then, I'm thankful that I am in a position where I can make those stands (if necessary). I am sympathetic to people who are in more difficult circumstances, with fewer options.
posted by cribcage at 6:26 PM on March 6, 2012 [2 favorites]


First they came for the people with facebook accounts, I said nothing because I didn't have a facebook account.

Then they came for the people with twitter accounts, I said nothing because I didn't have a twitter account.

But when they came for the people with MetaFilter accounts...
posted by MoonOrb at 6:26 PM on March 6, 2012 [20 favorites]


My problem with this, and with urine testing as well, is the notion that your employer has the right to control what you do in your off time. Sure, if a bus driver shows up to work stoned then fire his/her ass, but if they want to smoke a joint *after* work what business is that of their employer?
They get you for 8 hours a day...the rest of your life is supposed to be your own.
posted by rocket88 at 6:28 PM on March 6, 2012 [22 favorites]


I took a job at a small university a few years back. The IT guys said to get my computer set up for their network I had to hand it over, along with the admin password. This is apparently standard practice for them with all incoming students and they expected faculty to go along.

I told them under no circumstances will anyone ever get an admin password for my personal computer*, and that they could either tell me the configuration values and let me set it up myself, or go to hell. The guy seemed surprised but let me configure things. Which meant, essentially, plugging it into the wall and letting it get assigned an address via DHCP. Really. They wanted the admin password and a week to process it just for that.

You stand up for your privacy rights, or you don't have any privacy.

*OK, OK so I did make a new admin account just for the Genius Bar guys when my motherboard went out, but that's not the same thing - my data was still encrypted.


I work at the IT department of a Law School.

I don't give a shit about your data, law student. I really don't.

I understand this is a violation of privacy, and I have no business looking at your information. But I honestly don't care about whatever porn you watch, or whatever shitty pictures you have of you and your friends. Nor am I judging you on your stupid music collection. I just don't care. I'd rather play desktop dungeons and do my homework. Nor am I digging for your financial documents. If you trust me with your admin password, you trust me NOT to put a keylogger on it after I, the experienced person, tell you that it's 'safe', which I could then probably use to get your credit card information. And if you trust me with that, you should probably trust me with your tax returns that I don't give a shit about.

Well, if you REALLY cared about it, transfer the files somewhere else, and then hand it to us. Or, wipe your shitty, virus ridden dell by yourself.

Oh, don't know how to do that?

Let me help you.
posted by justalisteningman at 6:30 PM on March 6, 2012 [5 favorites]


This is stupid and probably somehow illegal but, y'know, just don't use Facebook.
posted by dickasso at 6:35 PM on March 6, 2012 [1 favorite]


vidur, the consequence for what you're talking about would be that there are no enforceable contracts. I am not a lawyer, but a TOS is a contract, and breach thereof is handled by the applicable state contract law (in the US, of course). Anyone using Facebook has entered into a legal contract with Facebook for the use of their services. If you breach those terms, you've breached a contract, and they can sue you.

The way I thought this should work is:

1. I violate TOS, may be (but not "the law")
2. Company terminates my account
3. I'm unhappy about the termination and sue the company
4. The justice system works out whether I was in breach of contract or not

Not like this:

1. I violate TOS, may be (but not "the law")
2. Company sues me for breaching TOS
3. The justice system works out whether I was in breach of contract or not

If the TOS are such that they permit the second scenario, then it's just messed up.

I know MeFi has plenty of legal experts, so I'm hoping someone will chime in.

PS: I deleted my FB account a while ago, but the issue is surely wider than just one website.
posted by vidur at 6:36 PM on March 6, 2012 [1 favorite]


well it's nice to have a counterexample to the old saying "never hurts to ask".
posted by condour75 at 6:36 PM on March 6, 2012 [1 favorite]


I would hope this is only to screen out candidates who would be potential fishing or social engineering attack vectors.

This would actually be clever, but I think we all know this isn't actually the case. What I wonder about is how this actually did come up. Who suggested it, and what kind of discussion ensued. I wonder if anyone gave the slightest hint of concern during the discussion.
posted by odinsdream at 6:40 PM on March 6, 2012


Well, if you REALLY cared about it, transfer the files somewhere else, and then hand it to us. Or, wipe your shitty, virus ridden dell by yourself.

I was at law school (well, Cambridge Department of Law for a BA). I ran Linux. I had no viruses. They gave me the configuration details for everything with instructions for XP, Vista, Windows 7, OSX and Ubuntu.

I'm not sure that's too much to ask for.

If you trust me with your admin password, you trust me NOT to put a keylogger on it after I, the experienced person, tell you that it's 'safe', which I could then probably use to get your credit card information

I wouldn't. Aside from anything else, we gave legal advice under supervision of lawyers and some of the information was legally privileged.
posted by jaduncan at 6:40 PM on March 6, 2012 [3 favorites]


(Well, LLB).
posted by jaduncan at 6:40 PM on March 6, 2012


We live in the science fiction future. Hot damn.
posted by cashman at 6:43 PM on March 6, 2012 [1 favorite]


This kind of thing is why I think it's so gross that in every thread about this topic someone usually pipes up about how they don't trust applicants without a visible web presence. Why should I, a spreadsheets and reports kind of person, have to be on the internet to be considered a valid employee? No one needs to know at work that I like baroque music and take pictures of decrepit buildings. The fact they just want to know it is creepy - the fact they are bold enough to expect it is horrifying.
posted by winna at 6:44 PM on March 6, 2012 [44 favorites]


1. I violate TOS, may be (but not "the law")
2. Company sues me for breaching TOS
3. The justice system works out whether I was in breach of contract or not

If the TOS are such that they permit the second scenario, then it's just messed up.


Counter-example: you log in and close down the server with a (maybe unintentional) DoS attack or other action of some kind that is not illegal but is specifically disallowed in the T&Cs. The company wants to be able to sue you for the millions they just lost in revenue through the resulting downtime period.

Why would you want only one party to be able to sue for breach of contract?
posted by jaduncan at 6:45 PM on March 6, 2012


I can see the next version of the clean-urine-for-drug-tests business model being providing clean-but-plausibly-active-looking Facebook profiles for employment interviews.

You're spot on with this assessment.

This actually goes back to several conversations we've had in the past. In this one I mention methods for determining fake profiles via social network analysis algorithms.

It's inevitable that there will soon be an entire economy of fake social networking profile generation and curation. But that's only going to lead to an arms race, as fake profile creators fight companies applying machine learning techniques to detect fake identities. Another economy on top of the fake profile one will develop similar to the anti-virus marketplace.

Essentially people are going to make billions trying to pass millions of Turing tests.

The future is both scary and completely awesome.

Also, this is another reason mandatory national digital identity programs and anti-pseudonym policies are bad.
posted by formless at 6:50 PM on March 6, 2012 [7 favorites]


Maryland Department of Public Safety and Correctional Services got in trouble for doing this last year. A guard was up for recertification and his boss asked for his FB password. Then said guard had to sit and watch while his boss walked through not only his page, but the pages of his friends and family.

After the ACLU got involved, the department changed their policy. The department still asks for your password, but applicants can opt out. Still a dumb policy that takes advantage of the power differential between employers and employees.
posted by postel's law at 6:52 PM on March 6, 2012 [3 favorites]


vidur, we're of course talking about US law here, but violating a contract (such as TOS or T&C) is violating the law that makes contracts legally binding (in the US, it differs by state, but is mostly codified in the Uniform Commercial Code). Otherwise, contracts would be unenforceable. Which would make them gentlemen's agreements. Which doesn't mean much, unfortunately. Again, I'm not a lawyer.
posted by nonreflectiveobject at 6:53 PM on March 6, 2012


Sorry but I'm laughing over here, reading what people are writing, that this is against the law, goes against our principles, how you're going to take a strong stand, tell them it's none of their business, etc and etc. Have you flown in the past two years, have you flown since the scum that run this show are groping you, pawing through your dirty socks and underpants in your luggage, and taking naked photos of you?

Nope and for this reason.
posted by Skorgu at 6:57 PM on March 6, 2012 [6 favorites]


jaduncan, nonreflectiveobject (and others), thanks for explaining. I've not been able to articulate my discomfort in accurate terms. I still don't like the idea of the (however theoretical) possibility of being sued for sharing my password with someone. But if that kind of possibility is essential for a functional commercial system, then I guess I'll have to live with it.
posted by vidur at 6:58 PM on March 6, 2012


If you look at this policy and your response is, "Don't use Facebook!" then respectfully, I think you're missing the point. Facebook is just a variable in this equation.
posted by cribcage at 6:59 PM on March 6, 2012 [18 favorites]


The line must be drawn HERE. Here and no further.
posted by some loser at 7:05 PM on March 6, 2012


tl:dr thread

Why would you want to work for an organization that asked for this information?? moot point.
posted by HuronBob at 7:17 PM on March 6, 2012 [1 favorite]


If you look at this policy and your response is, "Don't use Facebook!" then respectfully, I think you're missing the point. Facebook is just a variable in this equation.
Well, if the point is that those in authority are always looking for ways to subjugate us further then fine - but, "duh".

If the point is that it's not just Facebook but potentially other popular websites too - then I'm still just going to say "avoid the problem by not putting anything you wouldn't share with the world on the damn internet" which has been the case since forever and continues to be so.
posted by dickasso at 7:19 PM on March 6, 2012 [4 favorites]


Why would you want to work for an organization that asked for this information?? moot point.

Because rent and food cost money, we're in a crappy economic environment, and any port in a storm.
posted by His thoughts were red thoughts at 7:23 PM on March 6, 2012 [8 favorites]


Why would you want to work for an organization that asked for this information?? moot point.

Plus, what happens if this becomes standard industry or business practice? Because that is a risk if this kind of thing is permitted to stand unchallenged.
posted by His thoughts were red thoughts at 7:24 PM on March 6, 2012 [6 favorites]


The internet is only very slightly different from the inside of a library or private home, the way it is used today. An employer demanding a seat at my dinner table to listen to what I say to my friends is exactly the same kind of insane as an employer demanding my Facebook password so they can see what I say to my friends.

I am provisionally sort of OK with a "give us your username" policy (the Obama transition team had this exact question on it) - I'm happy to let my employer see the vast nothingness that is my Facebook public profile. Especially if they confine the question to usernames which are traceable back to me through other sources (this is the part of my comment where I don't share the list of all the websites I have usernames at.) I don't really expect my employer not to have my street address, for instance, or my publicly listed telephone number.

But the rest of it? No, thanks; that's not the society I prefer to live in. It feels very much like a "writing to your senator and the ACLU and the local newspaper" kind of thing to me.

(I haven't flown in almost eight years, and I curse the TSA, and Congress, each and every time I think about flying and choose not to buy a ticket. I keep meaning to send a form letter to my congressman and the presidents of the airlines when that happens; I'm very lazy and never remember till it's too late.)
posted by SMPA at 7:27 PM on March 6, 2012 [10 favorites]


Metafilter: Both scary and completely awesome.
posted by sneebler at 7:34 PM on March 6, 2012 [1 favorite]


I'm still just going to say "avoid the problem by not putting anything you wouldn't share with the world on the damn internet" which has been the case since forever and continues to be so.

I kind of enjoy the convenience of online banking, online applications for my US visa, online hotel bookings, email notification of my credit card statements, etc. Is that included in your 'don't put anything online'? If so, then you're advocating we get rid of the internet, for most modern functionality. If not, why not? Should we also avoid putting financial details in writing and using the post? Or do you think email accounts are 'special' and this would never happen to them?
posted by jacalata at 8:05 PM on March 6, 2012 [3 favorites]


Anyone using Facebook has entered into a legal contract with Facebook for the use of their services. If you breach those terms, you've breached a contract, and they can sue you.

For what damages? Facebook is providing a free service to its users. If we're talking about its customers -- advertisers -- then that's a different story.
posted by stopgap at 8:09 PM on March 6, 2012


Heh. As always, the poor will bear the brunt of shitty workplace practices.

In any sort of tight labor market, you really think they're gonna ask for Facebook logins? Pffftt. Nobody with a sought-after skill set will be asked for this.

But get ready to bend over, recent grads and future Wal Mart employees. Big Brother wants to poke you.
posted by Afroblanco at 8:11 PM on March 6, 2012 [4 favorites]


Is that included in your 'don't put anything online'?

That kind of statement is widely held to mean 'don't publish anything online'.

Why? Because you can't control proliferation, you can't track proliferation, and it will effectively last forever. That photo of you doing a keg stand at a high school party maybe something you want to share on Facebook now, but what about in ten years?
posted by His thoughts were red thoughts at 8:12 PM on March 6, 2012 [1 favorite]


They can already run a credit check on you, which is much more convenient and useful than trying to log into your several multi-factor-authenticated bank accounts and trawl through the transactions manually.

Facebook is definitely not like your home. Facebook would be like your home if your landlord made money by selling information about everything his tenants did to other companies ostensibly for the purpose of targeted advertising and quietly changed the terms and conditions of your contract every few months, instead of collecting rent.

(Facebook is not like a library because there are no books, there is just talking.)

If other people are using Facebook like private space, that just means they're doing it wrong. You don't have to.
posted by dickasso at 8:34 PM on March 6, 2012


"I don't use Facebook any more, but I frequently post as Anonymous on /b."

The next day I'd still be unemployed but at least the SOB who wanted my Facebook password probably would be too.
posted by Blue Meanie at 8:35 PM on March 6, 2012 [7 favorites]


I wonder if there will be some type of "whuffie" score in the future that people can be socially rated on.

Oh and it will be a network protocol also.
posted by roboton666 at 8:39 PM on March 6, 2012


I have a page there, or a wall, whatever it is, so that anyone wants to use FB to find me they can
posted by dancestoblue
.

I did the same thing, unwillingly, but only by grasping that an outright refusal to participate in this gathering landslide of ceaseless and unrelenting personal blathering would likely soon result in an inability to receive packages from, or travel, in the U.S.

Having moved from Audio/Video retail management to corporate, government, and education systems-design and installations a few years ago, it was made abundantly clear to me that an online presence was de rigueur if one wanted to be taken at all seriously in those work environments, as they rapidly evolved from analog to digital.

Given that I sure as shit was not gonna let anyone see what idiocy I've deposited here, I fired up the Facebook engine, grudgingly put in some minimal data, and then was swamped with messages from old friends who wanted to publicly discuss getting caught naked in the UBC pool at 3 am, or how we got around closed Fire Service Road gates in our illicit bike-trail building days. Naturally, this isn't the public-facing résumé any thinking person would have willingly concocted.

Do not get me started on the level of personal investigation that was involved in getting security clearances for the staff in my company to access the venues for the 2010 Winter Olympics we provided much of the staging and video support for. I believe we spent more staff time on doing the paperwork and background checks for the staff to access venues we'd been working in for decades than we spent billable hours setting up and striking.

Once a consumer falls outside existing market-profiles and brand-demographics that the Corporations are imposing on daily society, most outliers will be deemed economically inefficient. Their suspicious lack of concern for increasing share-holder's value will be widely viewed as unpatriotic.

This message will self-destruct in 30 seconds.
posted by PareidoliaticBoy at 8:42 PM on March 6, 2012 [7 favorites]


"Judging from your resume and impressive interviews around the department, we think you're the perfect fit for this position. There's just one more thing: We need to just check your Facebook account, no big deal. Can we have your Facebook login and password, please?"

"Uh, no."

"Just what we wanted to hear. Welcome to the IT Security team."



I suppose this is not what happens.
posted by Spatch at 8:57 PM on March 6, 2012 [8 favorites]


PareidoliaticBoy: "I have a page there, or a wall, whatever it is, so that anyone wants to use FB to find me they can
posted by dancestoblue
.

Given that I sure as shit was not gonna let anyone see what idiocy I've deposited here, I fired up the Facebook engine, grudgingly put in some minimal data, and then was swamped with messages from old friends who wanted to publicly discuss getting caught naked in the UBC pool at 3 am, or how we got around closed Fire Service Road gates in our illicit bike-trail building days. Naturally, this isn't the public-facing résumé any thinking person would have willingly concocted.
"

Yeah, but no one can put out any public msgs on your page unless you *friend* them, right? They can send you (me) pers msgs but I've only ever gotten a couple of those, but many people have tried to *friend* me, I just ignore it, I don't deny the request but rather just don't respond, just let it set there.

If it's someone I really care about, I shoot them an email and ask them did they not read what I'd written "out there" and tell them, again, that I'm an email and telephone kind of guy, you wanna get in touch with me that's how.

I just don't like any of this jive. I've seen people -- supposed grown-ups -- all caught up in how many contacts they have out there, and who has cut them or added them or whatever; it's comical, but these people are really in it deep, and cannot see themselves.

If I was in a band or was a painter or writer then yeah, I'd have a presence, have to, but even that would not be under my name but under a nick of some kind, as I'd not want any bleed from people who are not in my life today.
posted by dancestoblue at 9:05 PM on March 6, 2012


Why would you want to work for an organization that asked for this information?? moot point.
To pay the rent?

If I were running facebook, I'd ban anyone caught demanding passwords.
posted by delmoi at 9:19 PM on March 6, 2012


Just make the applicants install a company Facebook app. Even better monitoring than the login creds.
posted by benzenedream at 9:21 PM on March 6, 2012 [1 favorite]


"I'll give you mine if you give me yours."
posted by Napoleonic Terrier at 9:29 PM on March 6, 2012 [1 favorite]


As you say though, dancestoblue, people won't read, but will dismiss any concern about this creeping invasiveness as a stodgily outdated attitude.

Mind you, it's not as though every security check during those games was entirely without value, as my colleague pictured here will attest .
posted by PareidoliaticBoy at 9:32 PM on March 6, 2012 [1 favorite]


I'm still just going to say "avoid the problem by not putting anything you wouldn't share with the world on the damn internet" which has been the case since forever and continues to be so.

So...no email?
posted by desuetude at 9:44 PM on March 6, 2012 [1 favorite]


I took a job at a small university a few years back. The IT guys said to get my computer set up for their network I had to hand it over, along with the admin password. This is apparently standard practice for them with all incoming students and they expected faculty to go along.

I told them under no circumstances will anyone ever get an admin password for my personal computer*, and that they could either tell me the configuration values and let me set it up myself, or go to hell. The guy seemed surprised but let me configure things. Which meant, essentially, plugging it into the wall and letting it get assigned an address via DHCP. Really. They wanted the admin password and a week to process it just for that.


I do IT support at a university also and this is the standard practice. We are, however, required to sign privacy statements saying we won't share what we find on your personal computer though. No faculty or staff has ever given us problems about requiring passwords though, mainly because we're able to fix stuff faster and better than Geek Squad or their teenage child.
posted by astapasta24 at 9:52 PM on March 6, 2012 [1 favorite]


Just make the applicants install a company Facebook app. Even better monitoring than the login creds.

This is the really smart way to do it.
posted by odinsdream at 9:55 PM on March 6, 2012


Mind you, it's not as though every security check during those games was entirely without value, as my colleague pictured here will attest .

I don't really get what you're trying to say here, but that picture is awesome.
posted by His thoughts were red thoughts at 10:00 PM on March 6, 2012 [2 favorites]


They can send you (me) pers msgs but I've only ever gotten a couple of those, but many people have tried to *friend* me, I just ignore it, I don't deny the request but rather just don't respond, just let it set there.

IIRC, it used to be that if you didn't actively decline a friend request and just ignored it, those people could continue to see your updates on their timeline. This may have changed, but you should probably look into this before letting those requests sit there, assuming that they can't "follow" you twitter-like.
posted by vidur at 10:13 PM on March 6, 2012


So...no email?
I think the best rule of thumb with email is not to write anything that you wouldn't write on a postcard. In other words, nothing sensitive or confidential.
posted by dickasso at 10:13 PM on March 6, 2012 [1 favorite]


This makes me glad I don't have a Facewall or whatever it is.
posted by univac at 10:15 PM on March 6, 2012


About ten years ago, I wrote a guide to selecting background checking and drug screening services. In the course of my research, two things became abundantly clear:

1) non-U.S. HR policies tend to view drug and alcohol dependency as illness, not criminal behavior; and

2) it is more advisable for corporations to address performance issues post-hire than to risk discrimination suits resulting from excluding applicants based on derogatory information collected during a background check.

The Federal Fair Credit Reporting Act delineates the limits employers have in using credit report information in making hiring decisions. Maybe Mark Zuckerberg can do his community a solid and enact a "Facebook Fair Profile Examination" policy governing how employers can look at the profiles of potential hires. I mean, sure, he doesn't have the same powers as congress to enforce it, but considering the size of his nation and the scope of his authority, why would he limit himself like that anyway?
posted by Graygorey at 10:40 PM on March 6, 2012 [2 favorites]


A lot of employers already pay companies that do nothing but scour social media for applicants' predilections and peccadilloes. This seems like a convenient way to eliminate the middleman.
posted by blucevalo at 10:56 PM on March 6, 2012


why would he limit himself like that anyway?

Because Facebook's value is based on providing data to corporations. I don't know much about the guy, but I do know that his decision-tree is focused on establishing his "brand".

The billions in stock investitures about to shower the insiders in the upcoming IPO are based on the ongoing value of the data-mine bonanza they serendipitously struck. A business-model and revenue-stream generated through profitable leverage of this data isn't about to be abandoned because of the concerns of consumers who don't match their "optimal-customer" algorithms.
posted by PareidoliaticBoy at 11:08 PM on March 6, 2012 [1 favorite]


PareidoliaticBoy: please re-read the following for irony (if it helps, use Simpson's Comic Book Guy voice):

Maybe Mark Zuckerberg can do his community a solid and enact a "Facebook Fair Profile Examination" policy governing how employers can look at the profiles of potential hires. I mean, sure, he doesn't have the same powers as congress to enforce it, but considering the size of his nation and the scope of his authority, why would he limit himself like that anyway?
posted by Graygorey at 11:49 PM on March 6, 2012


I'd love to respond to a request like this with a, "I'd be happy to help, but you are aware that logging into someone else's account like that is a felony? That you could go to federal prison? You haven't done that with any other employees, have you?"
posted by straight at 11:52 PM on March 6, 2012 [13 favorites]



I'm concerned that the employers are too dumb to figure out a way around social network privacy settings on their own. Perhaps The Great Stagnation is really due to the The Great Dumb Nation.
posted by srboisvert at 12:54 AM on March 7, 2012


Maybe it's time to consider a donation to EFF.
posted by SteveInMaine at 3:07 AM on March 7, 2012 [7 favorites]


Have you flown in the past two years, have you flown since the scum that run this show are groping you, pawing through your dirty socks and underpants in your luggage, and taking naked photos of you?

I've flown twice in the past two years. No one "groped" me, no one "pawed through my underwear", no one "took naked photos of me." I do not deny that there are occasions when this happens, but not quite so often as to be a 100% statistical likelihood.

And anyway, there's a difference between a person who has no control over the rest of my life after we part ways giving me a patdown, and an employer, who has control over my income, regularly perusing my personal journal to see if they see something they find questionable.
posted by EmpressCallipygos at 4:28 AM on March 7, 2012 [6 favorites]


if you have a problem with this you're spoiled and shut up because something about poor people also suffering? shit, i may not have thought this through
posted by This, of course, alludes to you at 4:51 AM on March 7, 2012 [1 favorite]


no one "pawed through my underwear"

Did you lock your luggage?

no one "took naked photos of me."

Metal detectors only, then? No backscatter?

No one "groped" me

No handheld medical detectors? It doesn't need to be done with a hand to count for groping.
posted by LogicalDash at 5:20 AM on March 7, 2012


There's a solution to this. You'll be seeing it in MeFi projects in the next couple of months.
posted by clarknova at 5:26 AM on March 7, 2012 [8 favorites]


I had a Facebook account for a month and deleted it. I just deleted my G+ account. My only Twitter account is a parrot.

Am I fucked up or what?
posted by Splunge at 5:40 AM on March 7, 2012


Very simple, poison pill solution: Boldly proclaim your religion (or lack thereof!), your race, your sexual preference, your age, and anything else that employers aren't supposed to know. Then if an employer invades your Facebook privacy, they're poisoned. No job? How dare they discriminate against you for being atheist/Buddhist/Rastafarian, and over 50!

That's all I got. I would not give my password. But I am expert at the cutting off of my own nose. Just ask my face!
posted by Goofyy at 5:44 AM on March 7, 2012 [12 favorites]


Logicaldash, I find it interesting that you've picked apart the whole TSA-in-the-airport situation, but failed to address my second point:

"And anyway, there's a difference between a person who has no control over the rest of my life after we part ways giving me a patdown, and an employer, who has control over my income, regularly perusing my personal journal to see if they see something they find questionable."

I understand you find the TSA security theater at the airport aggregious -- many of the rest of us do -- but it's kind of an apples-and-oranges thing, I think.
posted by EmpressCallipygos at 6:07 AM on March 7, 2012 [1 favorite]


Absolutely stupid. You give them your password. Your facebook profile outs you as gay, transgendered, disabled, or old. You get fired for some unrelated reason. They get a lawsuit that they have to defend or settle. I'm sure it was all worth it.
posted by Saucy Intruder at 7:23 AM on March 7, 2012 [3 favorites]


*No handheld medical detectors? It doesn't need to be done with a hand to count for groping.*

Yeah, I'm not wearing anything tight to fly ever again after passing through the Montreal airport in a form fitting dress and having the young man wielding the wand run it from breast to hip along the curve of my waist, close so that the thin knit dress, the one that draws the most attention of any outfit I've ever worn, yet covers no less than any western modesty standard calls for, was pressed against my skin. Most of the time it's been a sensible middle aged woman, maybe pawing my carry on (and missing the juice box I forgot as well) and poking me a couple of times in the vicinity of my armpit through to haunch, but the only other time I've felt such an intimate slither down that part of my body as that time in the airport is the consensual caress of a lover. And the dress is thin, a visual inspection could have told you that the only thing I could conceal in that region would have to be flat and paper-like, not even a thick wire.

What can you do? Take his name and badge, make a stink? Nothing he did was outside of what he is permitted to do- I can say this made me uncomfortable, but there's always the voice of doubt- the whole damn thing makes me uncomfortable, especially the sock footed or barefoot walk through the regular metal gates and the clear coerced consent of the folk looking with trepidation at the back scatter machine. Who cares if it was lascivious or not, it's an unnecessary demonstration of power to let strange people touch me that way even if his intent was pure and I have a dirty mind.

It's the same power that causes my family to roll their eyes when my aunt and uncle fly. Add an extra hour, both ways, for the guaranteed check over, the confirmation that her children are really hers (they're brown, the last name isn't the same!), the double checking over her husband as if he was a high risk of some evil- marry a Pakistani-Canadian, expect stupid questions and suspicion every single time you take the kids down to see Grandpa and Grandma in Florida. And that's obscene, forget some random young man who might just as easily have been yelled at by his boss for not checking everyone properly.
posted by Phalene at 7:52 AM on March 7, 2012 [6 favorites]


That's because I agreed with your second point, Empress.
posted by LogicalDash at 9:56 AM on March 7, 2012


When I read things like this, I invariably want this to happen to me just so I can tell someone off for how stupid they're being. No company I am likely to interview at would actually do this, though.
posted by tylerkaraszewski at 10:11 AM on March 7, 2012


caution live frogs: I took a job at a small university a few years back. The IT guys said to get my computer set up for their network I had to hand it over, along with the admin password.

Hehe, I worked IT at a small university, and we did this too. Why would campus IT let an unsecured, personal computer on the network? If a professor didn't want to be subject to our IT policies, that was fine... they could use their personal computer on the public network. No, they don't get access to their department's file shares and other network resources with a complete wildcard of a computer.


Maybe it's a difference of scale, but UC Davis certainly does not do this. All I need to get onto the university network is to be a student with a password, and all that's needed to get onto my various department networks are passwords. In the residence halls you get sent information for accessing that network- no one ever asks for people to hand over computers, and students are warned not to give out their passwords to anyone, ever.
posted by oneirodynia at 10:27 AM on March 7, 2012 [1 favorite]


Can ya'll take the TSA derail to the TSA thread? kthx
posted by Big_B at 11:02 AM on March 7, 2012 [3 favorites]


So I jokingly posited in the Lulzsec thread that hackers should create an AI/script system for creating a false ID so the feds can't track when you are or aren't on line (since you'll appear to be online via this script) even when you're somewhere else (see that thread for the specifics of what I meant).

But -- is this going to be a necessary thing? Not just a front, not just a false existence that one personally updates now and then, but will we end up having semi-autonomous agents pretending to be the public face of our "selves" and the man (or woman) behind the curtain, the wizards will have to go underground in a subnetwork?

There's a reason I'm glad LJ exists. :)

But for real, I was only kidding about making a virtual presence, but it seems like in order to maintain privacy, we'll need to create a Persona AI System.
posted by symbioid at 11:03 AM on March 7, 2012 [1 favorite]


astapasta24: "I do IT support at a university also and this is the standard practice."

I do IT infra work at a university and we keep trying to get the IT support monkeys to stop this. Asking users for their passwords is not cool. If you want admin access, make sure the laptop has an admin account, or that it's tied into an AD that you have credentials to.
posted by pwnguin at 11:11 AM on March 7, 2012 [6 favorites]


My policy has always been not to post anything on a public Internet site that I wouldn't feel completely comfortable if my parents, my boss, and my 3rd grade teacher read. It works for me.

That being said, however...I think these requests are completely unreasonable. What's next? Should I let a potential employer tap my phone lines? Should I consent to my potential employer doing a complete search of my house and car, with or without a search warrant? How about I let a representative from the employer stay at my house for a day, so they can take note of everyone I talk to, everything I watch or listen to, and everything I do?
posted by SisterHavana at 11:22 AM on March 7, 2012


So...no email?
I think the best rule of thumb with email is not to write anything that you wouldn't write on a postcard. In other words, nothing sensitive or confidential.


I don't think this quite works as an analogy. There are federal laws concerning handling of postal mail. Postcards could be incidentally read by postal workers who have little chance of actually knowing you personally, but your employer or any other person has little opportunity to deliberately snoop through your mail. They can't interfere with delivery, and pawing through your mailbox would be trespassing.
posted by desuetude at 11:06 PM on March 7, 2012


No, postcards are pretty much an ideal analogy for email. By design, email is transmitted and stored in plaintext through relay servers. Anyone with access to a relay server (like your ISP) can store and read your emails and any unencrypted attachments with very little trouble. Other parties can read emails by doing deep packet inspection, though with email there's a sort of security there by virtue of a very low signal-to-noise ratio. See the Wikipedia articles on email and email privacy.
posted by stopgap at 5:47 AM on March 8, 2012 [1 favorite]


Also, when I say your ISP has access to your emails, that's if you're using an ISP-provided address, which used to be much more common. Now that most people use SSL/TLS to connect to webmail providers, that is less of a concern these days. So between two Gmail accounts, for example, the email never leaves Google's servers and it is encrypted for final delivery at each end. But the relay servers are still an issue if you send an email between providers.

Finally, note that for your work emails, it is very likely that your employer is storing and can trivially read any email you send or receive.
posted by stopgap at 6:14 AM on March 8, 2012


My point was that i'ts not a great analogy because postal mail, even postcards, are subject to greater privacy protection than any electronic communication.

People feel like postcards aren't very private because "anyone" can read the message, but it would be pretty tough for someone to deliberately read postcards belonging to a particular person, whether those postcards are enroute, in that person's physical mailbox, or gathering dust in a drawer in their dining room. Unlike email.
posted by desuetude at 7:08 AM on March 8, 2012


Sorry, I saw that after I posted my comments. I still think it's a good idea to treat email like a postcard, but your point is well taken.
posted by stopgap at 7:10 AM on March 8, 2012


This is stupid and probably somehow illegal but, y'know, just don't use Facebook.

Nobody ever believes me when I say I don't have a Facebook account. They assume I'm lying and hiding a creepy profile.
posted by Tarumba at 7:05 AM on March 12, 2012 [2 favorites]


y'know, just don't use Facebook.

But people do use Facebook. You can say they shouldn't. But they do, and they're going to keep doing it. That is the real world we live in. Suggesting an alternate universe where everyone stops using Facebook is not helpful.
posted by John Cohen at 11:30 PM on March 21, 2012 [1 favorite]


"I treat confidential information, such as passwords, with utmost discretion. I am sure you are only asking to ensure that I would decline such a request for company passwords or other sensitive information, so I will appropriately decline your request and thereby demonstrate my commitment to keeping confidential information protected."
posted by Eyebrows McGee at 5:04 PM on March 6


Even if you possibly meant this ironically, this is a very good point. I was given a talk on data security by an earnest guy in an official capacity, and I'm pretty sure that his mind would have boggled at someone being ready to give his FB username and password upon demand when applying for a job. This was just the sort of thing which, in his eyes, was most likely to disqualify anyone from handling confidential data.
posted by Skeptic at 2:34 AM on March 22, 2012 [1 favorite]


I didn't shoot your privacy, Citizen. I shot through your privacy.
posted by flabdablet at 3:26 AM on March 22, 2012


This is why I am so glad I work for myself. I just don't think I could stomach a co-worker or supervisor going through my online accounts to evaluate me. If I ever go for a job at a company, I think I will probably would walk out of the interview if it comes down to revealing my online activities.

Even though there is nothing there to be worried about, it is still like all that stuff that guy says in that Dont Talk to Police video. Even when being honest, it can be twisted by just about anyone and have dire consequences.
posted by lampshade at 4:10 AM on March 22, 2012 [1 favorite]


I posted this in the Metatalk thread as well:

I find jaduncan's invocation of the Computer Fraud and Abuse Act really troubling. The CFAA was specifically designed to prosecute serious hacking and intrusion behavior, but because it was written in the 80's by a bunch of non-technical congressional aides, it allows for incredible overreach in prosecuting things like violating TOS, and prosecuting people for things like deleting personal information off a work computer, deleting work emails, and asking current employees to give a former employee info from a database.

It's a law that's badly in need of reform, and shouldn't be used as a legal bludgeon against an admittedly ugly work policy.

Ok. I'm done now.
posted by to sir with millipedes at 5:48 AM on March 22, 2012 [2 favorites]


IF they give us ugly laws the least we can do is use those ugly laws across the board so they have at least some marginal amount of good
posted by edgeways at 6:08 AM on March 22, 2012


I think I'm just a little surprised that the whole "protected classes" thing hasn't come up more in this thread - I have plenty of privacy restrictions on my FB page but if someone were to have the password they would definitely know my age and religion as well as some indication of race. Are the HR people who are doing this really not realizing what they're opening themselves up for or am I missing something?
posted by brilliantine at 7:03 AM on March 22, 2012 [2 favorites]


I'm fortunate because I share a name with a relatively famous actress who has become immensely famous in the past year due to a certain popular show that airs on PBS, and because of that, even if anyone wanted to find me on FB, they wouldn't be able to.

I've googled the hell out of myself, and the only way I even show up on a third page of results is if you happen to know my employer and maybe where I went to college, and what pops up is a super old fencing tournament score and my work e-mail address on my employer's website.

And that is it.

So, I recommend that everyone share a name with someone famous and then it will be impossible to find you anyway.

(And for this reason, I'm perfectly fine telling people I don't even have an FB account for them to peruse.)
posted by zizzle at 7:07 AM on March 22, 2012 [2 favorites]


Same with asking people how old they are, if they have any disabilities, what race they are, what religion they practice, etc. There are many protected classes that it's illegal to discriminate against in most hiring situations, and asking someone for access to their Facebook account will let you know a lot of information that you are absolutely not allowed to let affect hiring decisions.

Yes. Expect to see some lawsuits where someone asserts that everything looked rosy in the job application process until the password was turned over and then the interviewer saw that they were, say, a member of a cancer survivor support group or something.

Also, many people in this thread have righteously indicated that they would never do this for a job, and belittled anyone cowardly enough to do it. I think these people really fail to understand hunger.
posted by caddis at 7:21 AM on March 22, 2012 [1 favorite]


Besides being generally reprehensible, this is pretty poorly thought-out from the employer's point of view. First, because of the liability issues already pointed out in this thread.

I do security audits of environments that often hire low-wage unskilled workers: call centers, printshops, warehouses, agile web dev shops... A standard question since the beginning of time is "do you do background checks on your employees".

However, if you don't follow up that question with "What kind of check?" (Local or 50-state, for example) and "What items on a background check are cause for termination/no-hire?" and "Do you repeat the checks on a periodic basis?" - you haven't really learned anything.

So here's the thing. For this to be a successful practice at an employer, you would need to have, very clearly documented, what information or behavior on a facebook profile would be considered actionable. I doubt the employers have those policies defined in any meaningful way. So now you're relying on some recruitment or HR manager's "smell test" of what's OK.
posted by These Premises Are Alarmed at 8:52 AM on March 22, 2012 [1 favorite]


As much as I can see that this is beyond the pale, I can't help but think that users have created this situation for themselves by posting so much damn stuff on Facebook in the first place. If perhaps they exercised a little *gasp* restraint, and didn't use their account as a mental sewer, employees wouldn't be round it like a honeypot.
posted by Juso No Thankyou at 9:05 AM on March 22, 2012


Juso No Thankyou: " I can't help but think that users have created this situation for themselves by posting so much damn stuff on Facebook in the first place. If perhaps they exercised a little *gasp* restraint, and didn't use their account as a mental sewer, employees wouldn't be round it like a honeypot."

You're missing the point. Employers shouldn't be (and in many cases aren't) allowed to use that kind of information, even if it's publicly available.
posted by schmod at 9:22 AM on March 22, 2012


IF they give us ugly laws the least we can do is use those ugly laws across the board so they have at least some marginal amount of good

Sure, that's the least we can do. I prefer to try and do more than the least, like ask lawmakers to consider reforms to the law, or better yet, vote in new lawmakers to make chances to these regressive laws.
posted by to sir with millipedes at 9:51 AM on March 22, 2012


wait...did someone just make the argument 'she shouldn't have posted pictures of herself wearing such a short skirt'?
posted by jacalata at 9:55 AM on March 22, 2012 [2 favorites]


If perhaps they exercised a little *gasp* restraint...

But this assumes the very point that's so controversial: that prospective employers have any business looking at this information in the first place and that they get to decide whether people are exercising enough "restraint" in their private lives.
posted by John Cohen at 10:15 AM on March 22, 2012


I ain't gonna blog on Maggie's content farm no more.
posted by Eideteker at 10:21 AM on March 22, 2012 [2 favorites]


In my line of work (nannying), you can regularly expect to be spied upon without your knowledge, in real time, via hidden cameras. So... yeah, I can totally see parents hopping on this bandwagon w/r/t childcare providers. (I won't work for families with cameras and I wouldn't work for a family that demanded my FB login - too much pressure. Though I do just expect that my employers follow my internet activity and so far, they haven't been shocked and have probably actually been really underwhelmed.)

The number of background checks I have to go through for work make sense to me - of course my employers want to know that it's safe for me to have the keys to their house and spend all day with their children. I still draw the line at someone having *access* to my accounts. There's absolutely a limit to what I'm willing to disclose. (Even though I already submit to credit checks, driving checks, criminal background checks, drug tests, and I have my fingerprints on file with the police. There's still a limit. A really hazy one, but a limit nonetheless.)
posted by sonika at 11:05 AM on March 22, 2012


My local sheriff's office is requiring employee candidates to friend the office on Facebook and they are using that as part of the background check process.
posted by COD at 11:28 AM on March 22, 2012


Obviously the best solution here is not to express yourself to any other human being through any means, ever. I mean, once you start expressing yourself instead of being totally schizoid what do you expect to happen? Come on people!
posted by fuq at 11:41 AM on March 22, 2012


Juso No Thankyou: " I can't help but think that users have created this situation for themselves by posting so much damn stuff on Facebook in the first place. If perhaps they exercised a little *gasp* restraint, and didn't use their account as a mental sewer, employees wouldn't be round it like a honeypot."

You're missing the point. Employers shouldn't be (and in many cases aren't) allowed to use that kind of information, even if it's publicly available.


If I've taken the time to make sure that my security on the website is as tight as I can make it, have I still "created the situation for myself"? There's nothing objectionable on my page but I still don't want it completely out there.
posted by brilliantine at 1:40 PM on March 22, 2012


I don't have access to Facebook at work, but the company has issued a statement. Apologies for the Gawker link. Mods, feel free to edit.

Money quote:
As a user, you shouldn't be forced to share your private information and communications just to get a job. And as the friend of a user, you shouldn't have to worry that your private information or communications will be revealed to someone you don't know and didn't intend to share with just because that user is looking for a job.
posted by emelenjr at 10:24 AM on March 23, 2012 [1 favorite]


I would say the money quote is ""We’ll take action to protect the privacy and security of our users, whether by engaging policymakers or, where appropriate, by initiating legal action, including by shutting down applications that abuse their privileges.""
posted by Megafly at 12:05 AM on March 24, 2012


House Republicans vote down stopping employers asking for Facebook passwords

Facebook had made noises about lobbying for privacy legislation, but doesn't plan on pursuing any legal action against employers who ask for passwords.
posted by jeffburdges at 9:31 AM on March 29, 2012


« Older Yet another reason to live in Australia. Spider be...  |  Donald Duck wants you to pay y... Newer »


This thread has been archived and is closed to new comments