Should Congress Move To Ban Employers From Demanding Employees’ Facebook Passwords?

    May 26, 2012
    Josh Wolford

If your future employer or current boss asks you for your Facebook password, it might soon be against the law. That’s because there is new national legislation against the practice of employers demanding access to employees’ personal accounts.

A group of Democrats in both the House of Representatives and the Senate have introduced similar legislation, and it’s flying under the name “Password Protection Act of 2012.” What it hopes to do is to “enhance current law to assure that compelling of coercing employees into providing access to their own private systems and data…is prohibited.”

Have you ever been asked by an employer (or future employer) to hand over your social media passwords? Did you do it? Or did you feel like it crossed the line? Let us know in the comments.

In the Senate, the legislation was introduced by Richard Blumenthal (D-CT). Soon after multiple outlets ran stories on this “rising trend” within some Human Resource departments, Blumenthal was one of the first U.S. legislators to speak out against the practice. Back in March, he said that he was “deeply troubled by the practices that seem to be spreading voraciously around the country,” and went on to call the password demands an “unreasonable invasion of privacy.” With those remarks, he also informed us that he was in the process of drafting a bill that would be ready soon.

A few days later, Blumenthal teamed up with Senator Chuck Schumer (D-NY) to deliver a request to the Department of Justice. They asked that both the DOJ and the U.S. Equal Employment Opportunity Commission “launch a federal investigation into a disturbing new trend.” Schumer has not left this cause either, as he is a co-sponsor of the new Password Protection Act.

Just days after that letter hit the Attorney General, a motion called “Mind Your Own Business on Passwords” failed in Congress. It would have made the employee password issue one monitored by the Federal Communication Commission. They would have had the right to declare the practice illegal.

So now these members of Congress are back with their own bills. Blumenthal’s Senate bill reads like this in the “prohibited activity” section:

acting as an employer, knowingly and intentionally –
(A) for the purposes of employing, promoting, or terminating employment, compels or coerces any person to authorize access, such as by providing a password or similar information through which a computer may be accessed, to a protected computer that is not the employer’s protected computer, and thereby obtains information from such protected computer; or
(B) discharges, disciplines, discriminates against in any manner, or threatens to take any such action against, any person – (i) for failing to authorize access described in subparagraph (A) to a protected computer that is not the employer’s protected computer; or
(ii) who has filed any complaint or instituted or caused to be instituted any proceeding under or related to this paragraph, or has testified or is about to testify in any such proceeding;

Along with Blumenthal and Schumer, Senators Ron Wyden (D-OR), Jeanne Shaheen (D-NH), and Amy Klobuchar (D-MN) also sponsored the bill.

In the House, the companion legislation is being introduced by Martin Heinrich (D-NM) and Ed Perlmutter (D-CO). The crux of that bill is the same. Here’s some summary points from the House version of the Password Protection Act of 2012:

  • No Compelled or Coerced Disclosure. The Password Protection Act prohibits an employer from forcing prospective or current employees to provide access to their own private systems as a condition of employment. Examples of prohibited actions include forcing employees to—
  1. Hand over their private passwords to personal Facebook or Gmail accounts.
  2. Log into a password-protected account so that the employer may browse the account’s contents.
  • No Retaliation.  The Password Protection Act prohibits employers from discriminating or retaliating against a prospective or current employee because of a refusal to provide access to a password-protected account.
  • Narrow Remedy. The Password Protection Act only prohibits adverse employment-related actions as a consequence of an employee’s failure to provide access to their own private accounts. It preserves the rights of employers to—
  1. Permit social networking within the office on a voluntary basis.
  2. Set their own policies for employer-operated computer systems and accounts.
  3. Hold employees accountable for stealing data from their employers.
  • Enforcement. Employers that violate the Password Protection Act may face financial penalties only.

“Employers should have no more right to online passwords than they would to a person’s lending history at the library or a diary in their home,” said Senator Shaheen. “As Facebook and other websites become an increasingly important part of the daily lives of millions of people, we must be vigilant in protecting online privacy. This legislation provides an important safeguard for all Americans.”

“People have an expectation of privacy when using social media like Facebook and Twitter,” said Representative Perlmutter. “They have an expectation that their right to free speech and religion will be respected when they use social media outlets. No American should have to provide their confidential personal passwords as a condition of employment. Both users of social media and those who correspond share the expectation of privacy in their personal communications. Employers essentially can act as impostors and assume the identity of an employee and continually access, monitor and even manipulate an employee ‘s personal social activities and opinions. That’s simply a step too far.”

The ACLU praises the bill for its wider scope. By focusing on computer access (as opposed to simply access to one social network like Facebook), the bill is “flexible” and is able to “evolve to cover any new service.”

But the praise is not absolute. The ACLU laments that the Password Protection Act doesn’t provide the same type of protection for students – a group that was originally wrapped up in employer-password-gate. They say that the recently-introduced SNOPA privacy bill (that also tackles the Facebook password request issue) does a better job to protect students. The ACLU is also less-than-thrilled with some of the exceptions:

The legislation also includes unnecessary exceptions. One exception allows states to exempt government employees or employees who work with children under age 13. Another allows the executive branch to exempt whole classes of workers if they come into contact with classified information, including soldiers. These sections authorize sweeping and unnecessary fishing expeditions. There are already a broad range of tools for investigating misconduct. Further, internet activities constantly create many new types of records, and these can already be used against employees in investigations. Just because you work for the government or with children, you shouldn’t forfeit the right to a private life online.

It’s obvious why an employer would want access to a prospective employee’s social media account. That’s where all the good stuff resides. If you want to make sure you’re not hiring a certain type of person – someone who disses their former employer publicly or someone who could embarrass the company with certain lifestyle choices – Facebook might be a great way to screen candidates. But there’s a line and we have to draw it. Not only is it a gargantuan invasion of privacy to be forced into giving up access to private data, but it could end up harming employers in the long run. I’m sure employers don’t want to find themselves in a situation where they are being sued for discrimination, based on something they found via a Facebook search.

While the Password Protection Act isn’t perfect, it’s on the right track. State legislatures are also moving on the issue, as the California State Assembly just unanimously approved a similar bill. Now, along with SNOPA, we have two new bills attempting to protect employees’ rights on the national level.

Do you think that there should be a national ban on this practice? Should Congress step in and outlaw it outright? Let us know in the comments.


Josh Wolford
Josh Wolford is a writer for WebProNews. He likes beer, Japanese food, and movies that make him feel weird afterward. Mostly beer. Follow him on Twitter: @joshgwolf Instagram: @joshgwolf Google+: Joshua Wolford StumbleUpon: joshgwolf