Pre-hire Workplace Privacy

I just read a blog post about the case of the Maryland Department of Corrections requiring potential employees to turn over their FB username and passwords so the Department could look for possible illegal activity.  The blog didn’t allow comments, so I’m posting my comments on my blog.

The post did make a couple valid points.  The ACLU argument was weak and didn’t really have any justification in the law.  Oh, a quick summary for those too lazy to go read the full post.  As mentioned above the Maryland DOC is pseudo requiring applicants to provide their FB information.  It’s not a definitive requirement for employment, they say, but realistically you’ll probably get passed over if you don’t provide it.  The ACLU made the argument that since applicants did not have a choice, any access made by the department was unauthorized and therefore a violation of the federal Stored Communications Act.

As the post points out, the argument is weak because the applicant can walk away, they have no right to the job and the interaction is entirely voluntary.  The case is distinguishable from the one cited by the ACLU which concerned an existing employment relationship that was in jeopardy if the employee didn’t reveal her username and password. The argument there was the employer did violated the SCA because the threat of losing a job was sufficient to make the employee’s revelation of the username and password unauthorized.  I’m not sure I wholly agree, given the voluntary nature of employment, but there is some principle in employment law (and this may only be state employment) which given employees an expectation of continued employment without due process.

Now this issue has similarly come up recently in my mind when the Florida Board of Bar Examiners considered rules for requiring applicants to the Florida Bar to provide access to their accounts.  Its unclear if that means giving up a username and password, providing authorization to require Facebook to provide the information or just “friending” the Florida Bar with all privacy settings turned off.

Even without regards to the law, the practice seems particularly troublesome in light of a couple of considerations.

1)  Assume for a moment that your Social Media account (I don’t want to pick on Facebook though they are the elephant in the room), is locked down so tight that essentially all you use it for is private messaging friends.  What is the difference between requesting access to those private messages on the social networking site and requesting access to your private email account?
2) If the employer is not prepared to go that route and says it only wants “public information” you’ve posted, how do you distinguish between what’s public and private?  If I only allow 100 friends to read my wall post is that public or private?  10 friends? 1 friend?
3) The FBBE request is seemingly generic.  What if they ask you to list ALL your personal websites?  Are you supposed to give them access to your account?  What if you’ve misstated your height and weight or other information as most people do on dating sites, are they obliged to deny your admission for being less than honest?  Are you supposed to reveal even more, potentially embarrassing, but also irrelevant websites that you’re a member of?
4) Finally what if providing such access is a violation of the site’s Terms of Service?  From Facebook’s ” 4.8 You will not share your password, (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account.” 

I think employers, or state licensing boards, head down an extremely slippery slope if they start accessing for non-public access to our digital lives.  I’m certainly not suggesting their ought to be a law, we already have too many of those.  I am suggesting that as employees, a line needs to be drawn in the sand.