This is a great "I don't want to work here" filter. If I was asked for my password during an interview I would probably leave. I can easily afford to do that because there is such a demand for software engineers (and I'm not even looking!). Unfortunately for others who aren't in the same position I think it is absolutely disgraceful for some stranger to go through your personal stuff just to get a job.
I once walked out of an interview because they told me about their mandatory drug testing policy, and I don't ever take any illegal recreational drugs. I just found the culture of distrust created by the statement "we need to inspect your bodily fluids" to be toxic. I'm fortunate that I had the luxury to do that.
Similarly, I never post anything on Facebook (or the Internet at large) that I wouldn't feel comfortable seeing on the front page of the newspaper. But the moment anyone asks for any account password, I'm done talking to them.
Yeah, the unequal bargaining power between the company and the candidate is a real problem. Even if the company makes providing the access information optional, there's still a kind of invasive coercion happening.
That said, companies have been requiring that applicants submit credit reports for a long time, so the idea that there's a bright line between what's "private" and what's "public" when it comes to employment isn't quite right.
I once worked for a company that did a lot of military contracts. They would ask some of us to get security clearance to be able to work certain projects (and enter the 'secret room'). It was still optional and I never felt it pushed on me even though it would have had career benefits. I opted out because the requirements and paperwork were nuts and part of the deal was that the government would potentially track whenever you left/entered the country and a whole bunch of other things.
I thought this was a really nice way of letting your employees have a choice even though in this particular case they probably could have forced everybody to do it. Now you have companies which do not really need to have this personal information asking employees for it. Here's the thing though. If my employees had lots of nasty things to say about my company then my reaction wouldn't be to stop them by monitoring everything they do. Wouldn't you want to try and fix the problem?
I agree with you. The thing I'm debating is what is the appropriate further action you should take before you leave.
I once left an interview because the NDA they wanted me to sign gave them rights to all of my work for the next 6 months, and the right to audit me at any day or time by searching my house!
I told the HR person I wasn't willing to sign that, and why, that it would prevent me working anywhere if I didn't get that particular job, and she reacted as if I was being a prima donna.
If the HR person thought that you were being a prima donna for not wanting to sign that NDA, then you're just doubly lucky that you didn't wind up working there.
Yes some companies do seem to have a vastly inflated sense of their own importance. Id be tempted to say the HR person "just who the fuck do you think you are" and does the CEO dress up and run round the woods with airsoift guns pretending he's in the SAS / DEvGuru.
If I ever had someone demand this, I would update my account to show my sexual orientation as homosexual, my religion to Islam, and my political views to whatever the opposite of my boss's were. Then if they ever tried to lay me off, or not give me a raise, I would point out that the only useful information they possibly could have gotten from demanding my Facebook account were these protected statuses.
Of the three listed, the only one that is actually protected in the United States is religion. In the vast majority of the United States you can be fired for being gay or a republican. If you work for a labor organization in the United States, you have to be fired for certain political views and organisational memberships (the left-wing variety).
On a federal level yes, but many states (including New York and California) have protection against sexual orientation. I'm surprised to learn that political affiliation is not protected.
I think you've just hit on the legal remedy for this bullshit.
It is illegal for an interviewer to ask about your religion, your race, your age, your political views, your sexual orientation, etc. All of those things are part of the typical facebook profile so asking to even look at someone else's facebook profile for purposes of an interview is a clear violation of the law.
I wonder what the implications would be if facebook introduced a feature that allowed a potential employer to "buy" temporary access to a potential employees facebook data?
For example you apply for a job somewhere and the next time you log into facebook you get a message that reads something like.
"InitTech PLC has requested read only access to your account for 48 hours, please be aware that compliance with this is a condition of employment with InitTech PLC Allow/Deny"
Not to highjack the topic but I also read the IRS uses social media profiles to see if you are living above your means.
Something slightly similar to your "temporary access" theory happens if you owe the IRS even a small amount of money. They enter your bank account to seize cash and the bank charges you $100 for the inspection/invasion.
As for the topic at hand, I don't see why one cannot simply say they have no Facebook account. Since FB began, there have been more years of myself having no account than there have been of having one (meaning I'm a serial "account-deleter").
What if you created an account after being hired, or had plausible deniability to that effect? Would you be obligated to inform your employer whenever you manage other social media accounts?
The implications of this are terrifying. I'm glad that organizations like the ACLU are on this, because if corporations can set a precedent for this sort of privacy invasion, we're screwed to the nth degree.
If it is simply a screen to avoid applicants who would be massively unsuitable , membership of extreme political parties or heavily into drugs etc then perhaps not.
Otherwise you might need a form from HR for each social network you join.
The way I imagine this will play out in practice is that you will get companies who are "social reference agencies" or similar.
They will have special privileges with facebook etc and will be hired by other companies to screen applicant based on a number of factors and will produce a report for the client company that probably wouldn't contain any specific data etc but simply screen for any "red flags".
I would hope the US has similar privacy laws to Canada where a company that is solely responsible and has access to your personal data is required by law to use that data only in the ways you have explicitly permitted. If the company wishes to provide your data to a 3rd party or use it in some other means than what you agreed to they're liable for lawsuit and punishment.
I mean, sure, facebook could just update privacy agreement and have everyone agree to it then go this way but at that point I could demand my data to be removed/locked under law to prevent any one from using it in this manner.
What I assumed was that it would still ask permission from the user before sharing the data, but it might be the case that you are disqualified from a job opportunity if you do not share.
Why not? This already exists in the financial world. Banks, credit companies, etc. already self-report to the credit bureaus. An employer, or potential employer, is free to pull that information on you with consent.
Is there a list somewhere of the companies that do this? If i knew a company required it's applicants to do this, i would be much less likely to shop there.
If your potential employer asked you for passwords to your bank accounts, stock managers or asked you to hand over your journals, why would you comply?
I know the job market is still tough out there for people, but why would you want to work for a company that won't trust you based on your face to face interview, the documents you submit, your references and a due diligence web search?
Were people compelled to give out their AOL passwords for jobs in the 90's?
I agree, the topic _is_ silly, because most US workers are 'at-will' and can be fired at any time, for any reason. Many people don't know this or don't believe this. Unless you
re under specific contract, or live in a few states with employment rights, your boss may fire you just because they didn't like how you type on the keyboard.
Recently, I was watching an episode of Mad Men with a friend, and one of the characters abruptly fired one of their employees. My fried was aghast and was glad that 'that behavior couldn't happen today.' Well - it can and does happen today.
Last year I worked for a start-up owned by a friend. Before coming on-board, I had agreed verbally on an equity sharing deal. I didn't put anything in writing because I trusted the guy; I knew him for years. The red flag was that he kept waiting for a certain 'favorable legislation to be enacted' before splitting up the corporation. Well, when business started picking up, I reminded him emphatically about the equity, and then I was abruptly fired. Naively, I was shocked that it could happen like that. But, every attorney I called said I was out of luck.
Anyway, the point is that employers can probably ask you to do anything they want, that isn't explicitly denied by law. So, it makes sense that they may fire you for not sharing passwords.
How serious is this Facebook business? I personally do not have one, in this day, is this an actual barrier to getting a job? Not being part of a social website?
Either way, employers asking for a password to anything feels insanely slimy.
Employers don't have to ask you for a password to your bank account because they can just go to a credit bureau and get all the financial information they need.
Facebook is such a small part of my online activities that its almost inconsequential. But I would still object to the request as inappropriate on the grounds of personal security (which I prefer to cite over privacy).
I'd be much more concerned if they asked for my userids & passwords for email accounts, Skype, MSN, IRC, domain names and 'Hacker News' (especially if they just went by the name & not the content)!!
Facebook should try and do something about this, because it's in their best interest. If this keeps going, people will either simply quit Facebook, or start making mock-accounts to show to the employees.
> Facebook should try and do something about this, because it's in their best interest. If this keeps going, people will either simply quit Facebook, or start making mock-accounts to show to the employees.
What can Facebook do? At best, they can lobby the Government and/or employment regulators in an attempt to bring this practice to light and make requesting passwords and access to private accounts illegal. It's a very indirect method and may not change things now, tomorrow or even next month.
I would set up a fake Facebook account if I were very desperately in need for a job. Or just say I don't have one, which is true at the moment. Otherwise, No and Goodbye.
Sharing my password, any of them, is simply totally unacceptable. No way. I'm not giving them the key to my front door either am I? Or my ID card with my boss' face on it so that he can impersonate me, because that's also what this is (though that probably won't happen, so they key example is better, but that doesn't make this less true).
Is this really becoming common? I agree that it's absolutely wrong, but, every headline I've seen gives the impression this is becoming a common practice. I've never heard of it actually happening anywhere but the few cases cited in the articles.
The job market is still pretty weak, and many sectors have not recovered at all. So, unfortunately, employers still hold all the bargaining chips. For a lot of job seekers, it may be pretty hard to tell a potential employer to go fuck itself if it makes this sort of request. A lot of people aren't in the position to be picky about employment right now. Especially young people, who are just starting out in the job market.
To me, that's what's most troubling about this: employers have the ability to strike now, while the iron is hot. If enough big employers can establish this as a standard practice, then pretty soon it becomes procedural. (Like the background check, the drug test, and other procedures that BigCo routinely uses in hiring practices).
In a perfect world, sure, you'd love to be able to walk away from a job offer and say "Well, I wouldn't want to work for any company that subjects me to this...so sayonara, suckers!" But a) vanishingly few people are in a position to do that, and b) there's a real danger that this practice becomes so widespread as to be unavoidable.
While I do think the current situation is being blown out of proportion, I think the potential danger is very real.
Along those lines, one trend I've noticed quite a bit lately is not using one's full, real name as one's Facebook handle.
For instance, someone named John Smith might rename his FB profile "Johnny S." This tactic allows our hypothetical Mr. Smith to dodge search engine results for his full name. It wouldn't protect him from having to hand over his password, but at least it keeps all those photos of his brandishing red Solo cups out of employers' SERPs. (Also, with the right privacy settings in place, it keeps him from being searchable on Facebook by someone who's not a friend).
If the password-handover procedure actually does become standard, then yes, I'd imagine we'd see the rise of dummy profiles and other countermeasures.
Assuming a person couldn't be found via search results they could easily claim they don't have any Facebook account at all, dodging the need for a dummy profile altogether.
A dummy profile might still be required, because of stupid policies. Like you now often have to give a dummy phone number even if you don't have a real one, because it's a required field in forms.
I've never asked a candidate for their password, that to me is ludicrous. I do however (~90% of time) 'google' the person by "name" and location. I understand that a candidate's personal life can be very different from their professional life, but the two are connected by a single thread called 'self'. I really could care less about political affiliations, religious beliefs, sexual orientation and the like. However, drunken photos posted Monday at 17:45 or status like "called in sick today, off to the beach" could be insightful in the kind of person I'm considering to hire.
Employers should not request access to candidates' social media outlets, just as they do not request to spend a weekend with me to observe my habits. Candidates, on the other hand, need to ensure their online presence is something they are proud of (and happy to defend) if seen by friends, parents, clerics and potential employers, IMHO.
Candidates, on the other hand, need to ensure their online presence is something they are proud of (and happy to defend) if seen by friends, parents, clerics and potential employers, IMHO.
The problem is that this is difficult, especially for younger people.
I've had various online aliases over the years, most of which have been abandoned because they no longer reflect me at all.
Let's say you were 16-18 and naive and got roped into some extreme political or religious cult group (this didn't happen to me btw). You might post all kinds of things and at the time you would probably be totally convinced that these were things you would be happy to share forever.
Basically, we need to tell kids "don't post anything online under your real name unless you would be happy to tattoo it onto your forehead"
> Basically, we need to tell kids "don't post anything online under your real name unless you would be happy to tattoo it onto your forehead"
And even that's probably not enough. Look at all the people who regret tatoos they've gotten. We're simply not very good at predicting how our lives or perspectives may change over time.
I understand that employers, just like employees, need every advantage they can get. But some events in my own past (namely, getting stalked) have led me to think that gathering details about someone on the Internet without their knowledge is in some ways even creepier than openly asking them for their Facebook password. Do you tell candidates that you're going to google them? If yes, do you give them a chance to ask you not to do that?
No, I very much doubt it is at all common, most employers wouldn't have the balls to do this.
However it does show this sort of thing is attractive from an employers point of view.
You would only really need this to become procedure at one large company (say wallmart) to set a precedent that others will follow.
As I saw commented elsewhere, giving up your password / access to another person appears to be a pretty clear violation of Facebook's TOS (terms of service). So, my first response might be to ask whether they are soliciting me to breach a legal contract that I've entered. (I'll leave my thoughts on the actual legality or interpretation and reasonableness of claimed legality on the part of the service provider, here Facebook, as a separate question for another time.) At a minimum, this might be enough to ensure e.g. that the unemployment agency decides in my favor with respect to unemployment insurance, if things happen to go that way.
I also recall another comment where someone pointed out that their friends on Facebook have an expectation of privacy in their own communications and that s/he will not compromise (betray) that expectation. That seems to me to be a pretty clear ethical argument. As a reasonable person, I would have a hard time challenging the ethics of such a response.
Finally, personally, I agree with other comments here, that the access and information is none of their business.
What perhaps some (not all) in the preponderance of relatively privileged professions represented on HN may not fully realize, is that for many people in the workforce there is effectively little or no choice. Jobs -- especially with decent pay and benefits -- are hard to come by, and many do not have the financial means to risk an episode or continuance of unemployment.
For the sake of those people, as well as ourselves, we need to band together in opposition to this behavior. Even for ourselves, if the practice becomes commonplace, that sets a precedent that may subsequently box us in.
I'm not a lawyer, but my guess is that if you could get a request like this in writing, the right lawyer would be able to get you a hefty settlement under existing law. Just guessing, but I'd be surprised if it's legal to ask prospective employees to engage in unlawful activities as a condition of employment. As mentioned before, sharing your Facebook password is illegal.
I'm certain that anyone asking to snoop through your Facbook knows they are doing something "wrong" - maybe they don't understand the full implications, but I'm sure none of them would be stupid enough to put the request in writing.
Anticipate the next time the boss "reminds" you to give him your password, and have your phone recording when it happens.
In many US states, it is legal to record a conversation if one of the parties is aware (i.e. if you are recording a conversation in which you are a participant).
I'm uncomfortable with doing this in normal circumstances, since it's a pretty manipulative way of getting a recording of someone. But if you're getting abusive requests from your employer and (I agree) you're not likely to get it in writing, this seems like the appropriate response.
There was a thread here on HN some time ago, where someone argued that it's illegal anyway, because of some misguided law that makes it a federal crime to violate an internet company's TOS. I can't find that thread right now, though.
That would be the Computer Fraud and Abuse Act[0,1]. The relevant bit is "Whoever ... intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains ... information from any protected computer ... shall be punished as provided in subsection (c) of this section." A "protected computer", by the way, is any computer "which is used in or affecting interstate or foreign commerce or communication."
That's not relevant, though, because US v. Lori Drew[2] decided that a user can't be prosecuted under the CFAA for breaking a ToS agreement. (BTW, IANAL.)
Which the prosecution used against Lori Drew, and ultimately failed. The hysteria about it being illegal to violate TOS was a feature of the original verdict against her, which was set aside on acquittal. It's a (now) non-story.
Accessing a computer system without authorization is a crime. Facebook is the only entity that can dictate the terms of lawful access to Facebook systems. If Facebook's terms dictate that you cannot access their systems using another person's credentials, then doing so is unauthorized and unlawful. I don't know how well that would hold up to the various appeals processes, IANAL, but there seems to be some case law supporting it for now.
A company asking for this potentially opens themselves up to a huge amount of legal liability since a typical Facebook profile can contain an enormous amount of data that they are not allowed to ask during the interview process.
However, if it's a civil matter (i.e. you sue), then you just need "balance of evidence", not "proof beyond reasonable doubt". You'll try to prove that it was a factor, and they'll try to prove that it wasn't. You might argue that at this stage you're be neck and neck with the other candidates (having passed the previous filters), and it's just going to come down to a "gut feeling" from the hiring manager - so they will almost certainly be swayed by anything which they might dislike on your Facebook page. I've a feeling it would be a horrible case to try to defend against.
There's valid reasons for demanding Facebook login details, but if I were an employer I'd use a trusted third party to look for me, and only report things which have been cleared by a legal team. When the Australian government does security vetting, this is how it works - security personal do all the vetting, keep everything private except the "security clearance passed / failed", and can get thrown in prison if they let the wrong information out.
I'd imagine it's probably not illegal, since that's not the only information on your profile. Just like they can't ask you your race or marital status, but when you come in for the interview they can certainly see the color of your skin and if you're wearing a wedding band.
It should be illegal though- I'm not sure when it ever became acceptable to ask for someone's login credentials.
Should it be illegal though, if the applicants have to agree to do it in the first place? That's the piece of this that seems to get lost - the applicants are, for whatever hard-to-fathom reason, consenting.
It's shady, and seems short-sighted, but no one is disclosing information against their will here.
Should it be illegal to ask interviewees to sleep with you in order to be considered for the job? After all you're not forcing them, and some people might be desperate enough for a job to consent.
You can already sue for such harassment/discrimination. I just don't see why we need a special law regarding Facebook here if the underlying discrimination possible is already illegal.
I'm not a lawyer, but it seems that this practice is so wide-spread that there's enough grey area for hiring managers to get away with it, so the current laws aren't enough. Internet social networking is such a new and world-changing concept that I believe new laws are necessary to specifically address these issues.
But the underlying information - your social interactions and personal communications - are not new. An employer could ask for your email history, banking information, etc. Should that be illegal as well? What about background checks, credit history check, etc?
My only point is that I don't see why there needs to be a special exemption for social networking data, if the predatory behavior is already illegal b
I agree with you that it's silly to think of special laws being created specifically for facebook and the like. The problem with laws in all areas right now is that the internet and everything that came with it is so far "out there" that there's no way that lawmakers 50 years ago could imagine its impact. That's lead to now, where some laws are wholly inadequate to deal with real issues that we face.
In hiring laws, it's the applicants that are getting screwed by the lack of these laws, because their choices are to either acquiesce to the hiring manager's demands or lose the job. While it's easy for some people to say "I'd just walk out," a single mother who needs to feed her kids probably wouldn't be so quick to do so.
In the end, it's a matter of the job market. If the market were flush with openings, hiring managers would have to be on their best behavior for fear of losing a promising candidate. Right now though, that's unfortunately not the case, so it's up to regulation to give people some basic rights. In my opinion.
Asking for you to provide such information, or asking for your permission to request such information from third parties (as is done with employment or credit references, for instance) seems fine. What seems to cross a line here is asking for sufficient authority from you to permit them to pose AS YOU to a third party in order to access that information.
It's like if, in order to perform a credit check on you, they asked for your SSN, mother's maiden name, etc., and then applied for a couple of credit cards on your behalf to see if you get accepted.
There are ways to perform credit checks without committing identity theft. I would think there must be ways to obtain 'social references' without identity theft either.
As far as I can tell, the practice is not wide spread at all. Hypothetical talk about it is wide spread.
This article cites the exact same incident that every article I've read cites. Maybe when at least a single new incident is reported since the last time this made headlines we can talk about it being wide spread.
I suppose that's a matter of anecdotal evidence on both of our ends. I have friends who have applied for jobs and had more than once been asked for this information- either to login to facebook in front of them, or provide login info. While maybe it's 3 or 4 times that I've heard of it personally, my impression is that it's probably wide-spread just looking at those statistics.
It should be illegal because the balance of power is in favour of the employer most of the time. Same as questions about whether you plan to have children, if it was optional to ask then those who don't would choose to answer and those who do would not, puttong them at a disadvantage.
It's not hard to fathom at all. For as much as the average person complains about work, people really want jobs.
There's a severe power imbalance. If you don't take the job, in most cases there are seven other qualified applications who will take it instead. Odds are that one of them will fork over their login info. And even though few people truly want to disclose it, once it becomes a de-facto standard, people will have little choice. The power imbalance is the crucial problem, and companies shouldn't be allowed to dictate unreasonable terms to employees or potential employees just because that imbalance allows them to obtain consent in most cases.
In Canada, there are two provisions of law that are common in many "manager 101" training courses that I can recall:
The Employment Equity Act is aimed at protecting women, visible minorities, people with disabilities and Aboriginals.
"5. Every employer shall implement employment equity by
(a) identifying and eliminating employment barriers against persons in designated groups that result from the employer’s employment systems, policies and practices that are not authorized by law" (1)
The Canadian Human Rights Act is aimed at preventing discrimination "practices based on race, national or ethnic origin,
colour, religion, age, sex, sexual orientation,marital status, family status, disability orconviction for an offence for which a pardon
has been granted."
"7. It is a discriminatory practice, directly or indirectly,
(b) in the course of employment, to differentiate adversely in relation to an employee,on a prohibited ground of discrimination." (2)
I'm no lawyer but I would tread lightly on "differentiating" by any of these statuses.
I am not a lawyer, but having worked in a corporate setting for years this is something that's drilled into us constantly.
Edit: A bit of searching leads me to the Civil Rights Act of 1964 (https://en.wikipedia.org/wiki/Civil_Rights_Act_of_1964). I'm not sure if the wording specifically prohibits asking about protected statuses, but any legal decisions about that would probably have their roots in that Act.
It seems that if you were not hired after the company viewed this private information, it would be very hard for the employer to avoid claims of discrimination based on what they could have seen.
I don't see how your marriage status, parental status or sexual preferences could otherwise be disclosed during a regular job screen process.
However, the employer doesn't have to "confirm membership" of any status in order to open themselves up to credible legal action. All they need to do is give the impression that they were given some information about protected status, and their "no hire" decision becomes easily suspect.
It would be hard in a litigation setting for the employer, after viewing someone's Facebook data, to be able to cite and document exactly which pieces of information influenced their decision, and which pieces of (discriminatory) information did not influence their decision.
This isn't something that a smart employer would want to open themselves up to. It seems like the actual cases cited have all been rather limited in scope (checking prison guards for gang affiliation).
If someone asked me for my facebook password I would ask for theirs. If they think it's important to see my personal information, they should be fine with me seeing theirs.
This issue isn't an ought, it's an is. Every job is a negotiation, and if your negotiating position and skills are good enough then you won't have to comply with your boss's request for your Facebook passoword. Otherwise, you will.
It definitely crosses the line to ask or require your employees to access their private information. In cases such as this, employees are being treated more like company property than as free individuals. That's not cool.
Instead I would advice them to buy me a beer or two I bet they will get to know more of me than by watching all of those imgurl links I cross post from reddit.
I worked at a social media marketing agency for a few months, when I went out of town I gave my manager my login information because my clients would sometimes direct message me instead of email (annoying). A few weeks after returning, some of my new messages would already appear open, and Facebook asked me if I logged into my account from a PC ( NEVER!!) at a different location than normal ( near my managers house). I was upset and went to her boss, they said she was just doing her job and that she had every right to check up on company communication.
I'd wonder what kind of IT person doesn't have an account with facebook
I don't understand neither sneak's position nor yours, really. What exactly is odd about not wanting to feed the privacy black hole that is Facebook? I have nothing against those who do, but frankly I'll avoid it if I can.
If I had a boss who ever asked me for my facebook password, I would first change my password to a string of about 100 random numbers and letters. Here is an example:
Because either you stand up against that company policy and show some spine, or if you are more worried about your job than your dignity, you wouldn't dare dream of ticking your boss off.
Unless you don't really want the job, and only want to give your potential-future boss access to some juicy information, so that you can sue him easier later on for discrimination against you; and want to have some fun in that process.
