Richard Blumenthal (D-CT), who announced last week that he was drafting legislation to prohibit employers from demanding Facebook login information of prospective employees, has now teamed up with Chuck Schumer (D-NY) to asked the Department of Justice to look into the possible illegality of the practice.
According to a release from Blumenthal's office, the two Senators are requesting that the U.S. Equal Employment Opportunity Commission and the DOJ "launch a federal investigation into a new disturbing trend of employers demanding job applicants turn over their user names and passwords for social networking and email websites to gain access to personal information like private photos, email messages, and biographical data that is otherwise deemed private."
In the last few weeks, numerous reports have popped up on the disturbing trend of employers demanding Facebook passwords as part of the interview or pre-hiring process. Apparently, this is happening in both governmental and private organizations, and sometimes even at colleges.
"Employers have no right to ask job applicants for their house keys or to read their diaries – why should they be able to ask them for their Facebook passwords and gain unwarranted access to a trove of private information about what we like, what messages we send to people, or who we are friends with,” said Schumer.
"I am alarmed and outraged by rapidly and widely spreading employer practices seeking access to Facebook passwords or confidential information on other social networks," said Blumenthal, echoing comments he made about the practice last week.
The two hope that a federal investigation will help with any problems that are currently going on across the country, as the EEOC and the DOJ can determine if the practice currently violates federal law. In the meantime, Blumenthal and Schumer are working on their own bill - "new statutory protections to clarify and strengthen the law," says Blumenthal.
Here's the letter that they sent to Attorney General Eric Holder. It comments on previous court cases that limit the employer's access to login information for current employees, and they suggest that this protection could be extended to job applicants:
Dear Attorney General Holder,
We write concerning reports in the media that some employers are requiring job applicants to provide their usernames and passwords to social networking sites like Facebook as part of the hiring process.
We urge the DOJ to investigate whether this practice violates the Stored Communication Act or the Computer Fraud and Abuse Act. The SCA prohibits intentional access to electronic information without authorization or intentionally exceeding that authorization, 18 U.S.C. § 2701, and the CFAA prohibits intentional access to a computer without authorization to obtain information, 18 U.S.C. § 1030(a)(2)(C). Requiring applicants to provide login credentials to secure social media websites and then using those credentials to access private information stored on those sites may be unduly coercive and therefore constitute unauthorized access under both SCA and the CFAA.
Two courts have found that when supervisors request employee login credentials, and access otherwise private information with those credentials, that those supervisors may be subject to civil liability under the SCA. See Pietrylo v. Hillstone Restaurant Group, 2009 WL 3128420 (D.N.J. 2009); Konop v. Hawaiian Airlines, Inc., 302 F.3d 868 (9th Cir. 2002). Although these cases involved current employees, the courts’ reasoning does not clearly distinguish between employees and applicants. Given Facebook terms of service and the civil case law, we strongly urge the Department to investigate and issue a legal opinion as to whether requesting and using prospective employees’ social network passwords violates current federal law.
There's some debate as to whether or not this practice is even a big issue. Is it widespread enough to warrant a federal investigation? Blumenthal and Schumer think so.
For their part, Facebook issued a statement on the topic, saying that Facebook users "should never have to share your password, let anyone access your account, or do anything that might jeopardize the security of your account or violate the privacy of your friends."