Lawmakers and Facebook Act Against Employers Demanding Access to Facebook Profiles

According to the Associated Press, “it has become common for managers to review publically available Facebook profiles, Twitter accounts and other sites to learn more about job candidates.” Companies that don’t ask for passwords ask applicants “to friend human resource managers or to log into [Facebook] on a company computer during an interview. Once employed, some workers have been required to sign non-disparagement agreements to ban them from talking negatively about an employer on social media.”

While stories about companies, colleges, and government agencies asking job applicants for access to their Facebook profiles have grown in recent months, the issue gained public attention when Bob Sullivan, of MSNBC’s The RedTape Chronicles blog, posted an article titled, “Govt. agencies, colleges demand applicants’ Facebook passwords.” According to Sullivan, the Maryland Department of Corrections has been asking job applicants to log into their Facebook accounts and allow the interviewer to look over their shoulder as they clicked through their profile. This is nothing new. In the past, applicants have been asked to provide the department with their username and password. While these Facebook reviews are voluntary, most applicants agreed to them assuming they were necessary for doing well in their interview.

However horrifying the FBI’s development of social media monitoring applications may appear, a story that I’ve written about previously, monitoring applications already exist and are in use. Colleges, for example, have been taking advantage of social media monitoring companies, particularly to monitor college athletes. Sullivan noted this in his article, writing about instances where colleges require their athletes to friend “a coach or compliance officer… and [provide] access to their ‘friends only’ posts.”

On Friday, Erin Egan, Facebook’s Chief Privacy Officer, issued a statement regarding this problem,

“As a user, you shouldn’t be forced to share your private information and communications just to get a job. And as the friend of a user, you shouldn’t have to worry that your private information or communications will be revealed to someone you don’t know and didn’t intend to share with just because that user is looking for a job. That’s why we’ve made it a violation of Facebook’s Statement of Rights and Responsibilities to share or solicit a Facebook password.”

This approach, one that both Facebook and some lawmakers are taking, focuses less on the issue of privacy and more on liability. Egan provides an example as a warning about overstepping, “if an employer sees on Facebook that someone is a member of a protected group (e.g. over a certain age, etc.), that employer may open themselves up to claims of discrimination if they don’t hire that person.”

Sullivan added to Egan’s point, writing that employers might not have proper policies and training to protect their company in handling applicant’s private information. “The employer may assume liability for the protection of the information they have seen or for knowing what responsibilities may arise based on different types of information (e.g. if the information suggests the commission of a crime).”

Hints about potential liability have already been raised. One of the most recent warnings was raised when a jury awarded $4 million on March 14 of this year to two separate families affected by the 2007 shooting at Virginia Tech after the school was found negligent due to their inability to warn students. Bradley Shear, a D.C.-based lawyer who practices cyber and social media law, suggested that the monetary damage could have been much higher if the school employed the use of a social media monitoring company.

“Now that two $4 million dollar jury verdicts have been returned against an academic institution for a delay in properly warning its students about a killer being on the loose on campus, imagine if a school follows the above advice by Varsity Monitor [@tombuchheim It is still best practice for the athletic dept to continue to monitor social media for brand and athlete protection & edu] and a tragedy occurs that social media monitoring should have warned against but did not? Instead of multiple $4 million dollar jury verdicts would it be multiple $25 million or $50 million or $100 million dollar negligent social media monitoring jury verdicts?”

While little legislation has been put forward to protect students against monitoring, legislators in several states including Connecticut, California, Washington, Illinois and Maryland have begun the process of introducing bills that would prohibit companies from asking employees or potential employees for Facebook passwords.

“Employers can’t ask in the course of an interview your sexual orientation, your age, and yet social media accounts may have that information,” a California state senator said.

//

Social Media Monitoring Programs: a very real reality

FBI attempts to determine the feasibility of building a social media monitoring application

Over the past few years, there has been a massive global public outcry about how online users are tracked and their information collected. Both Facebook and Google have been criticized heavily for their lack of transparency on the issue and for what sometimes seems their disingenuous interest in improving their policies. Curiously, this popular anger so far seems to extend only to corporations. Concerns or fears about government tracking are less vocalized, which is not to say that they do not exist, simply that they are less a part of the popular narrative.

These concerns and complaints border on hypocrisy. We willingly give up our information to these companies through signing up for profiles, posting our photos, and sharing on friend’s walls. While we say we expect them to maintain our privacy, but all the while we know they plan to use the information to ‘improve’ our online experience.

This issue—actually a complex set of issues including questions about what is public? What is private? How can privacy be enforced?—is not one that can be solved solely between online users and individual companies. Companies are not in power, governments are. When the conversation is about governments where the power structure is decidedly in their favor, governments like the Peoples Republic of China, the issue seems easier to understand and discuss and solutions seem more achievable because there is less of a grey area. However, the issue is not as simple for the U.S. government, which does not exercise the amount of force and control over information that China is able to exert, despite making some dubious and controversial decisions that affect privacy, like the Patriot Act. The Federal Bureau of Investigation (FBI), however, appears to have adopted the view that what we publish online, particularly on social media sites, is public and open.

In mid-January 2012, the Federal Bureau of Investigation released a document that outlined the possibility of developing an application that would monitor all data published online, most specifically social media outlets, to benefit the FBI’s Strategic Information and Operations Center (SIOC). According to the FBI, the government does not currently have any current social media or news media collection processes or services used by SIOC. While the FBI does not yet have the capability the pursuit by the intelligence field of this type of information collecting is nothing new. In 2006, New Scientist published an article, describing how the Pentagon’s National Security Agency funded research about “mass harvesting of the information people post about themselves on social networks.” (Free full version of the article here)

The possibilities for building a massive database about the public, given the scale of this method of information gathering, are astounding. The FBI’s hopes for their proposed application’s capabilities, which New Scientist aptly summarized as their “wish list,” are equally astounding. They hope that the application would be able to search, vet, alert, select, map, and spot reports, tabs, Twitter and other social network monitoring along with analytical capabilities. Mashable.com published a summarization of the proposed application’s capabilities, stating that it would:

• Provide an automated search and scrape capability of both social networking sites and open source news sites for breaking events, crisis, and threats that meet the search parameters/keywords defined by FBI SIOC.

• Ability for user to create, define, and select parameters/key word requirements. Automated search of national news, local news, and social media networks. Examples include but are not limited to Fox News. CNN, MSNBC, Twitter, Facebook, etc.

• Provide instant notifications of breaking events, incidents, and emerging threats that have been vetted and meet the deÔ¨Åned search parameters.

• Ability to immediately access geospatial maps with coding in addition to providing critical infrastructural layers. Preferred maps include but are not limited to Google Maps, Google 3D maps, ESRI, and Yahoo Maps.

• Ability to instantly search and monitor key words and strings in all “publicly available” tweets across the Twitter Site and any other “publicly available” social networking sites/forums (i.e. Facebook, MySpace, etc.)

While the FBIs proposed new application seems alarming, it is important to remember that one of the FBI’s roles, in particular the role of the SIOC, is to search, vet, alert, select, map etc.

Whether or not we as citizens trust the US government with our privacy, this level of access to information and ability to track it as well as use it is unprecedented and, quite possibly, a breech of our privacy. Whether or not this is the case, the most important question ultimately is:

How private is our information when we are willing to share it with multiple corporations and, if not everyone on the Internet, then everyone in our friend networks?

When a user posts a status or a tweet, is that information public or private? Is your online presence on Facebook like a room in your home, where you assume absolute privacy with those you have allowed in, or like a booth in a restaurant where you merely hope for it? Or is it equivalent to the open street where anyone might listen in? This is the core of the issue.

While we expect the information and opinions we publish to stay private, we also expect that information to be available for those whom we want to see it. Oddly, we make those decisions without realizing that since the information we are sharing is no longer in our heads, it is by definition no longer private. We insist we want privacy, yet we publish our thoughts and share our information in open source, publicly available forums, which, no matter how strenuous their stated intent, have limited privacy options and maintain a visual and digital record of all the information they collect. Given these facts, the decision to share personal information online while simultaneously voicing concerns about privacy seems bizarre and illogical.