Tell The Man to get out of your Face(book)
August 1, 2012 4:21 PM   Subscribe

On one hand i'm glad to hear it. On the other hand, I'm disappointed this has to be legislated. Sheesh.
posted by Mooski at 4:23 PM on August 1, 2012 [7 favorites]

grumblegrumbleJOBCREATORS!!!grumblegrumbleSTIFLING INNOVATION!!!grumblegrumbleGOVERNMENTOFFOURBACKS!!!grumblegrumble
posted by Thorzdad at 4:26 PM on August 1, 2012 [6 favorites]

How do they decide what constitutes a social networking site? For example, could you withhold other types of passwords by calling the service tied to an account a social networking site? Or, conversely, could an employer ask for a password from you by saying the account isn't for a social networking site (even if it really is)?
posted by Blazecock Pileon at 4:31 PM on August 1, 2012

We must stop the government of four backs!!!!
posted by msbrauer at 4:34 PM on August 1, 2012 [18 favorites]

I imagine this has been covered in previous threads, but what happens when you say to the ones that ask that you don't have any social networking passwords? Because that's what I would say, if asked, and the few I do have aren't connected to my real name. Is this only type of thing only a danger to the folks who use their real names online? Do people get fired or disciplined for having a "secret" twitter that they use to have nothing to do with their jobs?
posted by laconic skeuomorph at 4:35 PM on August 1, 2012

At my current job, everyone is Facebook friends with each other, well except for the boss, because everyone hates her and she's a total douche. I thought it was really weird when I found this out, but figured what the hell. In all, it's been great and probably improved the work environment. Plus, everyone's found out about my band and come to see us play because of it.

This has nothing to do with anything I suppose, but I can't imagine the horror of having to choose between employment and the right to privacy.
posted by Slarty Bartfast at 4:37 PM on August 1, 2012 [3 favorites]

MAKE ME A COPY OF YOUR HOUSEKEY AND MAYBE YOU'LL GET A SECOND INTERVIEW
posted by (Arsenio) Hall and (Warren) Oates at 4:38 PM on August 1, 2012 [25 favorites]

Oh, I remember now, someone saying that perhaps some places use this as a trick question, excluding anyone who would willing hand over their passwords to a job application. I bet that's not very common, though.
posted by laconic skeuomorph at 4:39 PM on August 1, 2012

I am feeling all smug right now for being whatever the opposite of an Early Adopter is. Early Shipjumper? Early Abandoner.

Waiting for the rest of you to join me in a Facebook free world.
posted by Catch at 4:42 PM on August 1, 2012 [8 favorites]

Illinois law

Which part of that text covers this? I didn't read the whole thing but searches for "password", "computer", "Internet", "social networking", etc. all come up empty.
posted by burnmp3s at 4:43 PM on August 1, 2012

I'm sorry, the Illinois law link is wrong. I had too many windows open at once.

The correct law is here. I'll flag this in the hopes a mod will change it, thanks!
posted by Eyebrows McGee at 4:47 PM on August 1, 2012

I am feeling all smug right now for being whatever the opposite of an Early Adopter is. Early Shipjumper? Early Abandoner.

Waiting for the rest of you to join me in a Facebook free world.

I dunno. If you're able to keep from obsessively tracking people and what they say about you, Facebook can be pretty damn useful for stuff like organizing meetups or parties, remembering birthdays, and distributing photos.
posted by zombieflanders at 4:49 PM on August 1, 2012 [4 favorites]

Definition of a social network in the Illinois law:

(4) For the purposes of this subsection, "social networking website" means an Internet-based service that allows individuals to:
(A) construct a public or semi-public profile within a bounded system, created by the service;
(B) create a list of other users with whom they share a connection within the system; and
(C) view and navigate their list of connections and those made by others within the system.
"Social networking website" shall not include electronic mail.

posted by Eyebrows McGee at 4:49 PM on August 1, 2012

But I don't want to do any of those things.
posted by elizardbits at 4:50 PM on August 1, 2012 [3 favorites]

That is hilariously encompassing. Good job Illinois.
posted by griphus at 4:50 PM on August 1, 2012

It's odd that they specifically made email exempt from the law. It would be much worse for most people to give their Gmail passwords out than their Facebook passwords.
posted by burnmp3s at 4:53 PM on August 1, 2012 [4 favorites]

"Social networking website" shall not include electronic mail.

So they can still request your Facebook password on the grounds that Facebook contains an e-mail service? And similarly they can request your Gmail password, which they can then use to see your Google+ profile?

How is this legislation helpful, exactly?
posted by beryllium at 4:56 PM on August 1, 2012 [1 favorite]

For example, could you withhold other types of passwords by calling the service tied to an account a social networking site?

What other types of passwords would an employer or potential employer ask for? (I'm not referring to any accounts/passwords created on behalf of the company as part of an employee's job duties.) What "services" are you thinking of?
posted by moxiequz at 4:58 PM on August 1, 2012

I was under the impression that personal e-mail is already protected under wiretapping laws.
posted by zombieflanders at 4:58 PM on August 1, 2012

Definition of a social network in the Illinois law

I never thought of MetaFilter as a social network, but it fits the definition. Huh.
posted by ambrosia at 4:59 PM on August 1, 2012

One big side advantage to legally barring this sort of thing (instead of just relying on employee negotiation or convention to make it unacceptable) is that it removes any expectation or liability from the employer. For instance, if some truck driver talks about driving his truck drunk on facebook, and later has a alcohol-related crash, it prevents lawyers from popping up and saying "You should have been more vigilant! You could have prevented this!' The employer can simply point to the law and escape all liability from not spying on their employees in this fashion.
posted by Mitrovarr at 5:15 PM on August 1, 2012 [1 favorite]

Yes, I have a Facebook page. Give someone the password? No. No, I will not, not for a job or any other reason I can think of. I have a grand total of ywelve fb 'friends', all of whom are members of my widely-scattered family, and I will not violate their privacy or my own by flinging open my fb page to gawd-know-who. And it'd not like any of us are organizing international jewel heists or something on there; we merely use it to share family news (look, one of my nieces just got some chickens! here's their names!) and to keep in touch.

Still, even though there is absolutely nothing illegal or even embarrassing on there, nor am I in Maryland or Illinois, my answer to any prospective employer who asks for any of my passwords (fb, email, etc.) is and will remain No.
posted by easily confused at 5:15 PM on August 1, 2012 [1 favorite]

And similarly they can request your Gmail password, which they can then use to see your Google+ profile?

Social networking is a relatively new phenomenon, so the fact that employers had the balls to do the sort of things that necessitated this sort of legislation isn't terribly surprising. I can not imagine a situation where employers start asking for your email password, though.
posted by griphus at 5:20 PM on August 1, 2012

Waiting for the rest of you to join me in a Facebook free world.

[Waving excitedly to catch from way over on the other side of the cavernously empty and echoey Facebook-free world]

I thought I was the only one left out here!
posted by FelliniBlank at 5:27 PM on August 1, 2012 [3 favorites]

Do they really...?

I mean... people actually...?


They need a law for this?


Look, say I were applying for a security job. I would potentially have to go through all kinds of clearances and background checks (I have been fingerprinted and stuff.)


If you were to ask me for my passwords, and I were to give them to you, that would mean that I OBVIOUSLY SUCK AT MY JOB. And if you were to ask me expecting me to say yes> then you OBVIOUSLY SUCK FULL STOP.
posted by louche mustachio at 5:29 PM on August 1, 2012 [3 favorites]

My employers, my wife, my sons, my daughters, my teachers. I love you all, but my passwords are sacred, and you will never get them, even from my cold, dead hands. And, no, Saul Goodman, you cannot have it either.
posted by Monkey0nCrack at 5:34 PM on August 1, 2012 [1 favorite]

If I could get away with not giving my boss my home address and phone number I would do that too, tbh.

Just because I'm 10 blocks away does not mean you can automatically assign me as the after-hours on-call person to the alarm company, you assholes.
posted by elizardbits at 5:35 PM on August 1, 2012 [9 favorites]

Oh, and if the law required that I hand over any password, for any reason, then that password will be valid for 10...9...8...
posted by Monkey0nCrack at 5:36 PM on August 1, 2012 [3 favorites]

The exemption for email is presumably because they need to be able to ask you for your work email. That is legitimate (f. instance if you just up and quit, they absolutely positively need to get at your emails.) So if you sign up for a SNS with your work email:

A) Really?
B) They can do the password reset thingy and get at it. Although, it's unlikely because you'd probably notice.

Yes technically they could ask for your gmail account and use it to get at your G+, but that will be exceedingly rare, as griphus mentioned. Nobody will stand for it, and I would bet that a halfway-decent lawyer would clean their clock.

actually on re-read I wonder if there aren't already laws, either legislative or through precedent, that block asking about personal email, and this is just a way of not changing anything related to email. Email isn't a SNS, so don't regulate it like it is.
posted by Lemurrhea at 5:40 PM on August 1, 2012

Lemurrhea: "The exemption for email is presumably because they need to be able to ask you for your work email. That is legitimate (f. instance if you just up and quit, they absolutely positively need to get at your emails.) "

If it's an employer owned account, admins can totally reset accounts and snoop inboxes, be it Exchange, Zimbra or Gmail. This does bring up the question of whether admins can be forced to disclose the password, but this law isn't about that rabbit hole.
posted by pwnguin at 5:44 PM on August 1, 2012 [1 favorite]

If it's an employer owned account, admins can totally reset accounts

Does that still hold true for things like Blackberry messenger on a company-provided phone? I'm pretty sure it wouldn't have for my former (small) company.

But yeah, in general you're right - that's what I was trying to get at in my small text.
posted by Lemurrhea at 6:02 PM on August 1, 2012

While yer at it, how about the Mojo & Skid addendum for drug testing?

Whereas:

A potential or current employer can ask you to submit to a drug test, but only if said employer publicly consumes a "significant" amount of supplied urine.

That is, the "if you make me pee in a cup, you better be prepared to drink it up" clause.
posted by clvrmnky at 6:05 PM on August 1, 2012 [3 favorites]

@Lemurrhea: BBM (I love that acronym) goes through a licensed or contracted Blackberry Enterprise Server. Not only can the corporation control the BB and reset everything, they can read your comments in real time.

It is an understatement to say that this is the reason RIM is actually doing as well as it is, at least for their core vertical markets.
posted by clvrmnky at 6:10 PM on August 1, 2012

I am feeling all smug right now for being whatever the opposite of an Early Adopter is. Early Shipjumper? Early Abandoner.

But if we never got on the boat, we can't be early shipjumpers or abandoners. We never boarded the ship.

We are the dock-wavers!

Waving goodbye to the privacy of our beloved family members and friends as they ride the S.S. OcialMedea as she dips below the horizon.
posted by This_Will_Be_Good at 6:13 PM on August 1, 2012 [8 favorites]

louche mustachio: "If you were to ask me for my passwords, and I were to give them to you, that would mean that I OBVIOUSLY SUCK AT MY JOB. And if you were to ask me expecting me to say yes> then you OBVIOUSLY SUCK FULL STOP."

I think we know the real reason you don't want employers to have access to your facebook account.
posted by Riki tiki at 6:24 PM on August 1, 2012 [3 favorites]

I'm friends with most of my employees on Facebook. I would NEVER ask for their passwords.

I really enjoy reading about their thoughts and interests. What they think outside of work has nothing to do with work performance.
posted by Short Attention Sp at 6:25 PM on August 1, 2012

MetaFilter is as close to a social networking site I've joined. Well, maybe LiveJournal, but that's not really one either.

What is an employer going to do when they ask me for my password and I tell them I don't have one for that kind of website? If they deny me employment because they think I'm lying, can I then sue them for unjust something-or-other?

I'm surprised that there isn't just some kind of blanket Something Legal which says that you don't have to give out passwords to anything you have passwords for which is yours outside of work, just like you don't have to give out copies of your house keys or car keys or whatever.
posted by hippybear at 6:32 PM on August 1, 2012

I can't imagine needing a job so badly that I would give up my right to privacy. As soon as the subject was raised I would demand access to my employers personal accounts. If you want my blood or urine you best have a court order. You have me from when I come to work to where I go home. If that isn't enough you don't need me. I'll go on record that I can pass any court ordered test you could devise but having to prove it is bullshit. Unless you are in a position that could endanger others and your performance is satisfactory there is no way I would submit to employer snooping.
posted by pdxpogo at 6:34 PM on August 1, 2012 [1 favorite]

The great thing about this though (besides obviously that now employers can't demand your password) is that I think it's an awesome example of why we need government protections. It's easy to say "you're never getting my password!" and it's hard for me to imagine a situation in which I'd give it to someone. The thing is, there are circumstances where I could absolutely be compelled to give my passwords; if it's really the ONLY way to get a job and I have kids to whom I am responsible and realistically there are no other options then yeah, I'd probably do it. I'd hate it and think it was awful and be profoundly upset, but...well, when it comes right down to it, the needs of my family to eat and have somewhere to live are more important than my need to have a personal Facebook account.

I think this could be a great thing to point out to libertarians and conservatives and similar. It proves that employers (even potential employers!) have the ability to coerce us and that government can protect us from that. WOW! Legislation like this is part of the reason I don't want my government drowned in a bathtub, I want it healthy enough to stand up to companies and tell them they aren't allowed to ask for my password.
posted by Mrs. Pterodactyl at 6:37 PM on August 1, 2012 [12 favorites]

What (inexcusable, obviously) thinking is behind this, from Big Corp's point of view? Because they can?
posted by maxwelton at 6:51 PM on August 1, 2012

I support the law - employers should not get private passwords.

At the same time, you are an idiot if you post something on a social network that is damning.
If you stupid enough to post something that wouold kill your job, you kind of deserve what you get.
posted by Flood at 7:02 PM on August 1, 2012

The problem is that the definition of what's damning or job killing is totally arbitrary.
posted by feloniousmonk at 7:14 PM on August 1, 2012 [7 favorites]

Lemurrhea: "Does that still hold true for things like Blackberry messenger on a company-provided phone? I'm pretty sure it wouldn't have for my former (small) company."

They can, of course, wipe your phone, install software on your phone, remove software from your phone, allow and disallow any software or phone features they like, and a bunch of other stuff. I suppose if they were really shady they could just write a keylogger and install it on your phone remotely and snarf your password that way, or use the same technique to read any BB messages and make your phone send them. I haven't seen a stupidly obvious tool to read PIN messages, but I haven't really looked at the snooping capabilities.

This holds true no matter how large the company is, if you did the enterprise activation thing where you type in an email address and password. If you use the carrier provided BIS service, your company doesn't see anything but your email traffic.

One of my clients has maybe 20 total employees, and they run a BES. Or, I run it for them, in the sense that I make it work and keep it working, not in the sense that I'm any sort of BB expert.
posted by wierdo at 7:21 PM on August 1, 2012

I love living in you, State of Illinois. Sure, you've got some problems, but overall, you're pretty great.
posted by sc114 at 7:30 PM on August 1, 2012 [2 favorites]

What (inexcusable, obviously) thinking is behind this, from Big Corp's point of view? Because they can?

Nah, it's corporate peer pressure combined with procedural bloat. See, once one corporation has asserted the right to take your password, then a lot of other corporations start thinking maybe they're obligated to take your password. After all, what if it turns out you're a pedophile or serial killer? They could get sued for failing to do their due diligence and research you thoughly.

It's idiotic and nonsensical but it makes a certain amount of sense because the managers who conduct these type of interviews generally like to cover their rears to make sure that if something happens, no blame falls on them. And even if the company misses out on some talented employees because interviewees refuse to hand over their passwords, that kind of opportunity cost is impossible to measure and will have no direct consequences for the manager in question. Of course, in the long term, it hurts the company, but who cares? By then, said manager will probably have already switched to a new job elsewhere. I think that companies where the managers have a longer-term stake in the well-being of the company are FAR less likely to do this.
posted by wolfdreams01 at 8:19 PM on August 1, 2012

wooooooooooooooo Illinois
posted by shakespeherian at 8:42 PM on August 1, 2012

It's idiotic and nonsensical but it makes a certain amount of sense because the managers who conduct these type of interviews are the same pointy-haired nuff-nuffs who think email disclaimers are a good idea.
posted by flabdablet at 8:56 PM on August 1, 2012

"What (inexcusable, obviously) thinking is behind this, from Big Corp's point of view? Because they can?"

One piece I saw argued that if you heard an employee was posting to his FB about how "I'm going to blow that place up," you now had no recourse to stop him from doing so. Which rested on the incredibly dubious assumptions that a) you would upon viewing his facebook know how to stop the threats or be able to accurately assess them and b) you couldn't just call the police in the first place to investigate an apparently credible threat!

I think most of it is about security and corporate message control. They're afraid you're talking bad about your employer or, worse, giving up secrets, in a semi-public place that they can't see or police. But I think employers have to learn to accept that; people bitch about their jobs; and with secrets and confidential information, if you can't trust the people who have that information, no security system in the world can fix that.

I saw a situation where an employee was posting inappropriate information about a client to facebook, and had friended several other clients and related providers and community members, so they could see the inappropriate information this employee was posting. To my knowledge, she got the information about the client from direct observation, not from confidential files, but she still should have known better than to post it, and she was posting very vulgarly, calling the client a c*nt and referring to client sites as being full of [some racial slurs referring to crime]. So it was private and on facebook, but she was connected to enough people in the industry (that she probably shouldn't have been for a "personal" account) that it was semi-public, and she was saying things that were just wildly, wildly inappropriate. The employer got the information from a client who printed off the offensive material and gave it to the employer. I don't know if they would have requested her password -- I don't think it occurred to them to ask -- but the problem was posting confidential client information on a social networking site, in a place where other clients and related providers could see it, using hate-speech towards individuals and populations she was supposed to be serving. (I know the employee was reprimanded and placed on leave; I don't know if she was fired or not.)

Anyway, I think that's the kind of thing that executives have worst-case scenario dreams about. People talking really bad about their employers (beyond the usual work-grousing), sharing sensitive information, or antagonizing customers or potential customers. But I think that's a people training problem, and a "have a policy about social media" problem.
posted by Eyebrows McGee at 10:09 PM on August 1, 2012 [1 favorite]

It's idiotic and nonsensical but it makes a certain amount of sense because the managers who conduct these type of interviews are the same pointy-haired nuff-nuffs who think email disclaimers are a good idea.

Well, yes - that's the same kind of smart/stupid thinking that I'm talking about and it comes from a similar mindset. Smart because it generates the illusion that the manager is taking activity to benefit the company, stupid because it in fact hurts the company.
posted by wolfdreams01 at 10:10 PM on August 1, 2012

> Does that still hold true for things like Blackberry messenger on a company-provided phone? I'm pretty sure it wouldn't have for my former (small) company.

Of course it holds true. The device is bought by the company, the email domain belongs to the company; it belongs to your employer, all of it.
posted by desuetude at 10:16 PM on August 1, 2012

I've had requests for my social media identities and passwords from graduate schools. I have a very strong privacy ethic, and don't use FB/Myspace/Livejournal/Tumblr/etc. at all, and Twitter only when I have to live report something professional. At least two schools implied I was lying when I told them I didn't use social media. The school I currently attend didn't ask.
posted by Dreidl at 11:37 PM on August 1, 2012

Dreidl: I've had requests for my social media identities and passwords from graduate schools.

Which schools? It's almost time for me to look into the next stage in my education, and that would be a deal-breaker. Not that I have anything particularly interesting in there, but the attitude that goes along with that is poisonous and I want no part of it.
posted by Mitrovarr at 12:40 AM on August 2, 2012 [1 favorite]

Has nobody suggested creating TWO Facebook accounts? One for whatever you want to do on Facebook, one with a carefully crafted time line and friends to had over to the idiot employer who wants this? I know some companies are so big and therefore stupid with their policies it would be a lot easier to hand over a fake account and have a box ticked than to fight the stupidity.

An unrelated example: I have a telco in my employment history, which gave telephones to employees that might need to be called in an emergency during off hours. Then 3G was invented, and the following two things happened in the same week: 1) here, have this nice 3G phone and be sure to demo it to as much people as you can! Promote us! 2) oh, by the way, if your phone bill exceeds a certain amount we will automatically deduct the difference from your pay slip. And no, we don't have any way for you to check your current status to see how much you have left.

I really tried to point out the stupidity of this, and everybody said I was right, but they couldn't change it. So naturally I handed in my phone. Good luck trying to reach me in an emergency, because I'm not giving you my private cell.

I'm sure some companies are just as stupid with their must-check-your-facebook policy.
posted by DreamerFi at 1:07 AM on August 2, 2012

I am feeling all smug right now for being whatever the opposite of an Early Adopter is. Early Shipjumper? Early Abandoner.

But the Trophy of Neverjoiner is rare and preciousssss...
posted by Pyrogenesis at 1:46 AM on August 2, 2012

The His Dark Media Trilogy. Part I: The Trophy of Neverjoiner
posted by Catch at 1:59 AM on August 2, 2012 [2 favorites]

I never thought of MetaFilter as a social network, but it fits the definition. Huh.

For once, I was ahead of the curve on this angle of the social network! In 200...6? I did a focus group on interest in social networks and their application to particular aspects of daily life. Focus groups entail a lot of questions about your behavior, preferences, why you (think you) do some things and not do others, etc.

Besides not being on facebook, being on boring-facebook (LinkedIn), I explained to them that I had this other site I used as a social network, called MetaFilter. Long discussions ensue about how it can be used as a social network and why.

But wait, there's more! The next time I attended a meet-up, I ran into someone who knew me by name, but I couldn't place at all. I had converted the woman running the focus group into a MeFite!

I wonder if she would be reading this page now...
posted by whatzit at 3:30 AM on August 2, 2012

At my current job, everyone is Facebook friends with each other, well except for the boss, because everyone hates her and she's a total douche.

At every job I've worked at since Facebook rolled out to everyone, friending coworkers leads to a bunch of creepy spying drama when people surf other coworkers' pages and say nasty things about it behind their backs.

Maybe I've just been unlucky, but it's a reason why I'm not on Facebook.
posted by winna at 4:39 AM on August 2, 2012

Waiting for the rest of you to join me in a Facebook free world.

Employers have a new trick - if they can't find you on Facebook or LinkedIn, they won't hire you. Some places won't hire if you don't friend them, first, so they can make sure you have "enough" friends, and then to make sure you don't have any inappropriate content, like pictures of you drinking alcohol, indications of raunchy behavior, or political opinions they don't approve of.

So you have nothing to fear from Facebook as long as you are doing nothing wrong, for largely arbitrary values of "wrong."
posted by Slap*Happy at 5:34 AM on August 2, 2012 [1 favorite]

I think most of it is about security and corporate message control. They're afraid you're talking bad about your employer or, worse, giving up secrets, in a semi-public place that they can't see or police.

That is a reason, but not the largest reason.

- Have indiscreet photos and info? 53% of employers won’t hire you;

- Have drugs/and or alcohol show up in pictures or posts? 44% said they won’t hire you.

- Talking trash on former employers? 35% of employers say they won’t hire you.

So employers are most interested in policing pruriency. They want to make sure you're good little sexless drones, teetotal and pure.

That's really damn creepy, and proof positive that legally barring your employer and prospective employers from your social media accounts is a tremendously good thing.
posted by Slap*Happy at 5:48 AM on August 2, 2012 [6 favorites]

Passwords? Are you serious. WHY do they need the password? If they wanted to view someone's stuff so bad, view it by user name, not a password. What kind of violation of privacy does big business think they can own? Screw them.

This is why I kicked off all of my coworkers and now boss (former teammate) and told them, "look you know my sense of humor and appreciate it. However, our other coworkers who are not friends with me...not so much...so I'm giving you the boot."

1/2 of my updates are about my son and the crazy shit he does as a 3 year old.

The other 1/2 usually have to do with farting so....yea. You want to read my FB THAT much...go right ahead.
posted by stormpooper at 6:07 AM on August 2, 2012

YAY! I live here. Eyebrows, thanks for putting this out there, I'm appalled that we are only the second state to institute this. Also appalled that none of these employer-snooping cases have come before SCOTUS yet.
posted by katya.lysander at 12:14 PM on August 2, 2012

pdxpogo writes "I can't imagine needing a job so badly that I would give up my right to privacy. "

I'd say imagine harder but that would be unfair. It's a lot easier to imagine after you and your kids have been rendered homeless due to a bout of extended unemployment or under employment.
posted by Mitheral at 6:49 PM on August 2, 2012

Here's my question/hypothetical situation -

I use LastPass with quasi-random passwords for everything. I DO NOT KNOW MY FB PASSWORD BY HEART. So, how do we handle this? Do I give them access to my LastPass account or open it in front of them or what?

And, yes, the last employer that asked me to drug test got my consent as morals and ethics are so much nicer when you can afford to live indoors, eat semi-regularly and pay the internet bill to bitch about being asked to violate them.
posted by Samizdata at 10:37 PM on August 2, 2012