Imagine being forced to choose between revealing your Facebook profile and password to your boss and missing out on a promotion. Which would you give up?
What if that choice was presented to you during a job interview and you were unemployed? Or perhaps instead of a job, you risked losing a scholarship?
Earlier this month, Illinois became the second state to ban employers from making these and other requests by passing HB 3782, a bipartisan bill that prohibits firms from demanding access to the private social networking profiles of job applicants and employees. It's a huge leap forward for privacy and a great guidepost for businesses, but its limited scope only highlights the need for more comprehensive reform.
It's hard to get a sense of exactly how many organizations engage in the practice. A June 2012 survey of 1,000 “C-Suite” or “high level” executives, corporate counsel and human resources professionals from private companies, conducted by law firm Littler Mendelson found that only 1% of respondents had “asked for social media logins as part of the hiring or onboarding process.” Although the March Associated Press story that brought the issue to national attention mentioned three unrelated instances, officials at the Illinois bill signing ceremony didn't focus on specific constituents that suffered direct harm.
That said, officials in Illinois and Maryland, the first state to pass a social networking profile protection law, were surely aware of one prominent case cited by the ACLU in 2010. That year, Robert Collins, a Maryland corrections officer returning to his job shortly after leaving to handle the death of a family member, was asked in a “recertification interview” to provide his password to his Facebook account (violating Facebook’s Terms of Service) and stand by as an official examined everything from wall posts and messages to photos. Given his precarious financial situation, Collins acquiesced.
The predictable public outcry that resulted from the revelation of this department-wide practice led Maryland to convert its social media screening into a "voluntary program" before eventually changing course to pass the nation’s first password and profile protection law. In their initial defense, Maryland officials noted that in one year, 7 out of 2,689 (or 0.3%) of applicants were rejected based on information gathered through social media screening, and of those “some” had posted pictures of “verified gang signs.”
The inadequacy of Maryland's first response illustrates the need for similar legislation nationwide. Even so-called “voluntary,” invasive profile examinations can potentially reveal information that could be used to unlawfully discriminate among job seekers on the basis of race, religion or sexual orientation, undermining established employment law protections. Worse yet, they make every misspelled private message, backyard barbecue photo, and reality TV preference part of the employment competition-even those deliberately shielded from the public.
In addition, revealing a password to a social network that an employer, or potential employer neither controls nor maintains, compromises the security of one’s account, and also those of any other sites or people linked to it. Thus, information could be exposed that could be used to perpetrate a fraud or invite harassment and lead to legal action against companies.
Although involuntary social profile examinations don’t seem to have taken firm root in the business world, higher education seems to be a different story.
As the New York Times reported in March, among college athletics programs, the practice of "involuntary" social media monitoring seems to be taking off. Unlike screening, involuntary monitoring is continuous and involves a wide range of practices that can include forcing students to "friend" a school official, install a tracking and monitoring app to a social media profile page or even have public or private posts scanned for buzzwords that might alert administrators to illegal or inappropriate behavior.
The options available to schools from companies with names like Udiligence and Centrix Social grant administrators or coaches the ability to permeate the protective bubbles of security that privacy settings on websites like Facebook, Twitter and Foursquare have provided to separate posts meant for family and friends from the wider public. Some services like Varsity Monitor also provide social media education resources to athletes and athletic departments.
Still, “forced” participation in 24/7 online monitoring programs or initiatives raise many of the same issues as profile examinations. The popular rationale cited for monitoring student-athletes to alert the university to behavior that might negatively impact their programs and their students’ futures are every bit as applicable to other students from scholarship recipients to members of fraternal organizations or student government. In addition, little distinguishes a university’s reputational concerns from those of other businesses.
Thus far, Delaware is the only state to come down firmly against the use of such measures in the educational sphere. In July, Delaware's Governor signed into law a bill that prevents schools above the K-12 level from mandating any form of “forced access” to private social media pages either by requesting passwords, forcing students to log in or "friend" administrators, or through the use of tracking software.
It’s important to note that popular, clearly defined spaces for online professional networking do exist. Sites like LinkedIn and Catchafire, allow jobseekers, volunteers, and employees to interact with companies in ways that allow for robust communication and presentation alongside other professionals while allowing organizations some means of assessing job applicants’ ability to conduct themselves online without resorting to coercive tactics.
Password protection and social networking privacy bills have been introduced in Congress and legislatures across the country in varying forms. With stories like Collins’ continuing to pop up across the country, the public would be wise to push legislators or government agencies to more clearly define the legal protections available to students and members of the workforce nationwide. Until that happens, online privacy could end up being just another thing that some folks can’t afford.
Another reason why being forced to install apps to your Facebook page is a problem? The FTC forced Facebook to admit that some “trusted” third party apps steal data they shouldn’t have access to. Also, the Sunlight Foundation’s “Scout” website is a great way to search for bills on social media from all 50 states and Congress.