We knew that political posturing over the privacy brouhaha involving employer requests for access to Facebook accounts was only just getting started.
Today U.S. Sens. Richard Blumenthal (D-Conn.) and Charles Schumer (D-N.Y.) called on two federal agencies -- the Department of Justice and the Equal Employment Opportunity Commission -- to investigate what they call a "new disturbing trend" of prospective employers demanding job applicants to turn over user names and passwords for their social networks.
"I am alarmed and outraged by rapidly and widely spreading employer practices seeking access to Facebook passwords or confidential information on other social networks," said Blumenthal, in a statement announcing the request.
"Employers have no right to ask job applicants for their house keys or to read their diaries -- why should they be able to ask them for their Facebook passwords and gain unwarranted access to a trove of private information about what we like, what messages we send to people, or who we are friends with?" added Schumer.
Just Friday, in response to complaints from employees, Facebook published a post expressing its opposition to the practice, which it said undermines both the security and the privacy of the user and the user's friends. Erin Egan, the company's chief privacy officer for policy, offered that employers who demand password information for prospective employees might just end up getting sued.
And earlier in the week Blumenthal said he was going draft legislation banning employers from requesting access to Facebook accounts as a term of employment. Legislators in Maryland and Illinois are also pushing state laws to enact prohibitions against a practice they say is not isolated. Recent reports about the issue from MSNBC and the American Civil Liberties Union have also stirred up debate.
Below are copies of the letters the congressmen sent to the federal agencies:
Dear Attorney General Holder,
We write concerning reports in the media that some employers are requiring job applicants to provide their usernames and passwords to social networking sites like Facebook as part of the hiring process.
We urge the DOJ to investigate whether this practice violates the Stored Communication Act or the Computer Fraud and Abuse Act. The SCA prohibits intentional access to electronic information without authorization or intentionally exceeding that authorization, 18 U.S.C. § 2701, and the CFAA prohibits intentional access to a computer without authorization to obtain information, 18 U.S.C. § 1030(a)(2)(C). Requiring applicants to provide login credentials to secure social media websites and then using those credentials to access private information stored on those sites may be unduly coercive and therefore constitute unauthorized access under both SCA and the CFAA.
Two courts have found that when supervisors request employee login credentials, and access otherwise private information with those credentials, that those supervisors may be subject to civil liability under the SCA. See Pietrylo v. Hillstone Restaurant Group, 2009 WL 3128420 (D.N.J. 2009); Konop v. Hawaiian Airlines, Inc., 302 F.3d 868 (9th Cir. 2002). Although these cases involved current employees, the courts' reasoning does not clearly distinguish between employees and applicants. Given Facebook terms of service and the civil case law, we strongly urge the Department to investigate and issue a legal opinion as to whether requesting and using prospective employees' social network passwords violates current federal law.
Dear EEOC Chair Berrien,
We write concerning reports in the media that some employers are requiring job applicants to provide their usernames and passwords to social networking sites like Facebook as part of the hiring process. By requiring applicants to provide login credentials to social networking and email sites, employers will have access to private, protected information that may be impermissible to consider when making hiring decisions. We are concerned that this information may be used to unlawfully discriminate against otherwise qualified applicants.
Facebook and other social networks allow users to control what information they expose to the public, but potential employers using login credentials can bypass these privacy protections. This allows employers to access private information, including personal communications, religious views, national origin, family history, gender, marital status, and age. If employers asked for some of this information directly, it would violate federal anti-discrimination law. We are concerned that collecting this sensitive information under the guise of a background check may simply be a pretext for discrimination.
We strongly urge the Commission to investigate and issue a legal opinion as to whether requesting and using prospective employees' social network passwords violate current federal law.