Employer Facebook Password Requests Suspended

Hugh Pickens writes "The Washington Post reports that Maryland's Department of Public Safety and Correctional Services has suspended a roughly year-old practice of asking prospective employees to voluntarily divulge their user names and passwords to social media Web sites such as Facebook. In a statement, the department said requests for user names and passwords had been voluntary, and had not been taken into account when evaluating job applicants. Nonetheless, 'in light of these concerns raised by the ACLU and because this is a newly emerging area in the law, the department has suspended the process of asking for social media information for 45 days to review the procedure and to make sure it is being used consistently and appropriately.'" We covered this story back when the ACLU took the case.

Sure!

[The MAZZTer]

I'll give them my password! But I was taught to change my password if I accidentally show it to someone, so I guess I should go change it now, too!

Re:

[ganjadude]

no one will ever get my password see? ***** Thats all that happens when you type your password in give it a try?

Re:

[An Anonymous Coward]

hunter2

Re:

[MozeeToby]

That's because it's your password, all I see is stars. See: hunter2 hunter2 hunterfucking2

Re:

[lostmongoose]

Except Chuck Norris jokes were never funny. They were that other thing...what was it, again...ah...stupid, that's it.

Re:

[lennier1]

Good thing we still have Bruce Schneier jokes. ;)

Why need the password

[kthreadd]

The information is out there publicly anyway.

Re:

[SirGeek]

Not if the person has their account set to private (only their friends can see stuff).

Re:Why need the password

[Surt]

Only friends and advertisers that facebook sell you to. Remember, at facebook, your information is the product.

Re:

[Surt]

Yes, in fact, they do sell your information to advertisers.

Re:

[Surt]

I didn't say any of that. Try a little reading comprehension.

Re:

[sakdoctor]

That's true. Might as well make it wikifacebook, edit your friends wall, upload embarrassing photo, revert status.
Would this really be any less secure or private than facebook?

Flashlight under a rock

[Compaqt]

Lesson: governments and corps never give up power unless forced to.

If they had their way, each citizen would be assigned a "minder" in addition to electronic ankle bracelets and GPS.

Re:Flashlight under a rock

[betterunixthanunix]

You say "they" as if the people who run the government are an entirely different species than everyone else. In the USA, "they" derive their power from the consent (albeit a rather apathetic consent) of the people "they" govern.

It is unfortunate, but a lot of the worst abuses of the rights and freedoms that Americans are supposed to have are widely supported by the people themselves. Try telling someone that the War on Drugs may not be constitutional, or that too many people are in jail, or that prison sentences are too long, or that the police have too much power, or that there are just too many laws, and see the sort of reaction that you will get; with the exception of my libertarian friends (I am not a libertarian), I am almost exclusively met with expressions shock when I make any such statements. The concept of a society in which our freedoms are not curtailed further with each passing year seems to make people uncomfortable; that is why the government gets away with it.

Re:

[Runaway1956]

War on drugs? Done - many, many times. To many people in jail, most of them for the wrong reasons? Done. Prison sentences to long? Disagree with you - I believe serious offenders are slapped on the wrist to many times because the prisons are overburdened with petty offenders and drug offenders. Police to much power? Done, over and over again. To many laws? MOST CERTAINLY!!! We are basically in agreement - therefore, I know that you are a dangerous whacko. We should both report to the nearest re

Re:Flashlight under a rock

[icebraining]

"The best argument against democracy is a five minute conversation with the average voter."

Re:Flashlight under a rock

[Surt]

"Democracy is the worst possible political system. Except for all the others."

Re:

[gorzek]

Yup. Representative government isn't about being the "best," it's about legitimacy. It ensures that people get the government they want, for better or for worse, rather than having it rammed down their throats with no consent. In the end, a democracy is only as good as its voters make it. Voters being idiots isn't a fault of democracy but of the system that produced such voters.

Re:

[A. Situs]

"Democracy replaces the corruption of a few with the incompetence of the many." -- I don't remember who said it.

Re:

[Kjella]

In Winston Churchill's defense he also said:

"It has been said that democracy is the worst form of government except all the others that have been tried." -- Winston Churchill

It's not very hard to find flaws with democracy. The trouble is finding something that has less flaws. Most people act in their own interest, and if not then in the interest of their friends, family or some other group they belong to - I don't necessarily mean organized groups but that pot smokers have an obvious self-interest in legali

Re:

[penguin_dance]

Not sure what country you're from, but the US is not a democracy--it is a representative republic.

Democracy is four wolves and a sheep voting on what to have for dinner.

Re:Flashlight under a rock

[Chris Burke]

The U.S. is a Representative Democracy -- a type of democracy -- and a Republic -- a nation whose leader is not a hereditary monarch. These are two orthogonal properties of nations.

We are not a Direct Democracy, which is what people saying "the U.S. isn't a Democracy" usually mean. But we are assuredly a Democracy. And the same comments, issued by Winston Churchill (who was in part describing his own country, which is a Representative Democracy as well), apply.

A Representative Democracy is four wolves and a sheep voting on who is going to decide what's for dinner. :)

Re:

[chuckymonkey]

Unless the sheep happens to be a minority that we persecuted 100 years ago, or has a shit ton of money to lobby the shepherd for "special protection".

Re:

[SilentStaid]

You say "they" as if the people who run the government are an entirely different species than everyone else. In the USA, "they" derive their power from the consent (albeit a rather apathetic consent) of the people "they" govern.

I apologize in advance for being that guy that invokes Godwin's Law [wikipedia.org], but I think that the same result of governance-through-apathy could be shown to be a major part of most [wikipedia.org] antagonists [wikipedia.org] of human rights. [wikipedia.org]

I just wanted to point this out in the defense of other Americans like the OP, to show that it's nothing the Americans have done differently or worse - in fact I might argue that it's human nature. It doesn't detract from your point at all, I completely agree with you - but it's unrealistic at this poi

Re:

[spikedvodka]

Apathy Party! Just remember, No Vote is a Vote for us!

Re:

[penguin_dance]

Well and I'm sure they just don't want to be embarrassed by all the glowing reviews of what a great place the correctional facilities/DMV is to work!

The only problem with your argument is your or anyone's drug use DOES affect me. If you go out and get stoned (or drunk) and run over my kid, that affects me. And there's no way I want to see you running around naked and crazy after you drop some PCP! ;-)

But I agree that people do give up their freedoms. For instance, letting the police seize large sums of mone

Re:

[MrMarket]

The sad thing is this was not some big brother conspiracy. This policy was inspired by pure laziness -- a cheap way to do a background check. Instead of doing the work to interview, friends, colleagues, and employers to ensure the applicant has no gang affiliations, they used FB as a pre-screener for applicants.

Re:

[Archangel Michael]

Lesson:Never give government more power than it barely needs to function. Stop voting with (D) or (R) who use Government to usurp the power of the people for their own greedy desires.

A better policy....

[TheCarp]

Here is how I would implement a policy like that. I would ask, all applicants for their facebook username and password up front.

Then, everyone who gave it to me, would get a polite letter informing them that they did not get the job because they so easily violated the TOS of facebook, with whom they had a standing agreement before they applied with us. Thus, there is no way that we could trust them with access credentials on our system.

You failed the test, you are the weakest link, goodbye.

Re:

[GrumpySteen]

Oh how I wish I had a mod point to give to this post. That is a perfect response.

Re:A better policy....

[jeffmeden]

You would be co-conspirators. Don't forget to punish yourself!

Facebook Statement of Rights and Responsibilities:
3.5:You will not solicit login information or access an account belonging to someone else.
3.12:You will not facilitate or encourage any violations of this Statement.

Re:

[praxis]

Where did TheCarp state that he had agreed to those terms?

Re:A better policy....

[Ambiguous Coward]

Those clauses only apply if you are a facebook user. Anyone who is not a facebook user is more than welcome to solicit all the login information they want. Just make sure your hiring board are all non-facebookers. Heck, make sure your entire company is non-facebookers. If the response to the facebook login info request is anything but "the requested information does not exist" then the potential hire is a no-go. It's a self-reinforcing process!

Re:

[cob666]

You would be co-conspirators. Don't forget to punish yourself!

Facebook Statement of Rights and Responsibilities: 3.5:You will not solicit login information or access an account belonging to someone else. 3.12:You will not facilitate or encourage any violations of this Statement.

That's absurd, if the boss never agreed to the Facebook TOS then he has in no way shape or form violated that agreement.

Re:

[Surt]

How did the boss get the job without turning over his facebook username and password?

Re:

[TheSpoom]

It's a very, very weak contract. The employer in this case has not explicitly agreed to anything. It's very likely a court would find it non-binding if you didn't actually have a Facebook account since there would be next to no consideration on Facebook's part.

Re:A better policy....

[sexconker]

Here is how I would implement a policy like that. I would ask, all applicants for their facebook username and password up front.

Then, everyone who gave it to me, would get a polite letter informing them that they did not get the job because they so easily violated the TOS of facebook, with whom they had a standing agreement before they applied with us. Thus, there is no way that we could trust them with access credentials on our system.

You failed the test, you are the weakest link, goodbye.

And anyone who passed the test, by refusing to divulge such information, should immediately turn down any job offer you give them.
No one with a brain would work for a company that dicks them around with "tests" like that.
They get enough of those mind games from their girlfriends.

Re:

[Korin43]

They get enough of those mind games from their girlfriends.

Sorry, as a Slashdotter, I have no experience with that. Could you repeat your post in the form of a car analogy?

Re:A better policy....

[Tanktalus]

You know how when there's a problem with your car, any part of it, that engine light comes on? And then you can't figure out what the hell is really wrong, because all you got is the engine light? And then you start second guessing every little noise or bump, in your rush to get it to a garage to get it resolved, only to find out three hours later and $500, that a screw was loose?

That's a mind game.

Re:

[pak9rabid]

You know how when there's a problem with your car, any part of it, that engine light comes on? And then you can't figure out what the hell is really wrong, because all you got is the engine light? And then you start second guessing every little noise or bump, in your rush to get it to a garage to get it resolved, only to find out three hours later and $500, that a screw was loose?

No, because I know how to diagnose a check engine light ;). Do yourself a favor and pick up one of these [google.com], and you won't have that problem anymore. Or, if you have a smartphone, you can usually get a cheap OBD-II bluetooth adapter to read this stuff on your phone directly. It takes a lot of the guess work out of trying to figure out whats wrong.

Re:

[Korin43]

I always just go to Autozone. They have the fancy computers and will tell you why the light is on for free.

Re:

[thsths]

> No one with a brain would work for a company that dicks them around with "tests" like that.

I used to think this myself. But a lot of companies do it, and some of them quite purposefully. My response would be to get quite hostile in the interview, but that may not be the clever thing to do.

Instead you should ask yourself what would do to the company over the long run. The effect may be less than you think (a lot of people are very desperate to get a job!). Anyway, you should make a rational decision

Re:

[Sir_Sri]

You also know too little about computer security to be trusted with important information our organization stores on a computer.

Re:

[UninformedCoward]

"Aha ha ha. Oh, gosh that's funny. That's really funny. Do you write your own material? Do you? Because that is so fresh. You are the weakest link goodbye. You know, I've never heard anyone make that joke before. Mmm. You're the first. I've never heard anyone reference, reference that outside the program before. Because that's what she says on the show right? Isn't it? You are the weakest link goodbye. And yet, you have taken that and used it out of context, to insult me in this everyday situation. God what

Re:

[LMacG]

Wow, flamebait mod for a Stewie quote. Mod isn't a Family Guy fan, I guess.

Re:

[natehoy]

So the people who understand security will refuse to fill out the application and leave in disgust at their perception that you are a clueless idiot who knows nothing about security, and the people who fill out the applications and apply are all proving to you that they are clueless idiots who know nothing about security (or they fill out false credentials proving that they are liars).

You'll never get any applicants you want to hire, unless someone writes PISS OFF in both the username and password fields, a

Re:

[TheCarp]

Yah but you are missing one important fact.... if I am hiring, they would have to deal with me, so having a normal attitude and personal temperament is actually not really a plus. Overall, I think the guy who writes "piss off" or "decline" in there, and insists on coming in to tell me why its a bad idea and why they wont work for me because of it.... well shit, that guy is the perfect fit, I might offer him the job on the spot.

Oh, it was Voluntary!

[JohnMurtari]

I just love to hear that disclosure was voluntary when you were interviewing for a job! Sure, it's voluntary, don't tell us and you don't get the job. I'm not sure about private companies making that "voluntary" request -- but certainly not a government agency.

Re:

[Cthefuture]

Yeah it's "voluntary" like wearing 37 pieces of flair.

Re:

[Voulnet]

Hahaha! You don't want to be doing the bare minimum now, would ya?

Re:Oh, it was Voluntary!

[betterunixthanunix]

It is voluntary in that it will not count against you; however, the information contained within another person's account may be considered positively for them, and thus they will be more competitive. Welcome to the standard deception of the people who invent these policies; notice that instead of saying, "OK, bad policy, we are rescinding it," they said, "OK, we'll stop to make sure that the information is only being used appropriately!" Everything about their response is meant to divert attention away from the fact that the policy itself is a problem.

Re:

[QuantumRiff]

I think giving your employer your passwords is a brilliant idea..

Well you see your honor, I am not the only one that could have done that.. I had to surrender my account information to my employer, the state, in order to be employed. Any state employee could have accessed that information.

Re:

[jd2112]

It's like how taxes are voluntary: You have the option of going to jail instead.

Re:

[ls671]

> that will be disclosed under torture or immediate threat of death

You are a potential traitor to our great country. Therefore, you constitute a high risk threat and you should be terminated immediately.

-Chuck Norris.

Here's what I'd say

[Konster]

Here's what I'd say:

User name: Fuck
Password: You

Re:

[sakdoctor]

Or simply that you don't have any of those types of account?

Re:

[EricWright]

Most people refuse to believe that I don't have a FB account ... LinkedIn is the only "social" media account I have, and that is for business purposes only.

Re:

[CohibaVancouver]

Here's what I'd say

The thing is, it's very easy for educated Slashdotters with lots of job options to formulate a response like this. Very different story if you've been unemployed for a long while, benefits are running out and you've got mouths at home to feed - In that scenario it's pretty tough to flip off a prospective employer with whom you've gotten as far as an interview...

Bullshit statement (do they think we're stupid?)

[Manip]

Wait, so "requests had been voluntary, and had not been taken into account when evaluating job applicants." If that statement is true then asking for the information serves absolutely no purpose at all. Seriously, was their only purpose to invade their employees privacy and put them in a potentially conflicting situation?!

If their statement is true then this raises even more serious questions about what this information was used for. If it was a lie then we need to ask why they feel they need to lie about this program (hint: it is illegal either way).

Re:Bullshit statement (do they think we're stupid?

[royallthefourth]

do they think we're stupid?

They don't think you are stupid. They think the people they're hiring are stupid and have a passion for yielding/wielding command as part of a hierarchy with no regard to the consequences of their actions.

Considering they're hiring prison guards, that's a fair assumption.

Re:

[uncanny]

Yeah, because half of the guards at the place i worked were either IN the military, or retired military. Quite a few were going to college part time, myself included. Even though i hated the job, the only reason i stayed as long as i did were my co-workers. If you think all prison guards are just power hungry police-squad drop-outs you show your ignorance very well.
But hey, lets just let all those child molesters, murderers, thieves etc, out and see how safe you feel.

Re:

[jahudabudy]

But hey, lets just let all those child molesters, murderers, thieves etc, out and see how safe you feel.

You mean drug users, right? Cause the number of arrests for drug abuse has risen dramatically, while all other crime has dropped (in some cases just as dramatically) in the last 15-20 years. http://bjs.ojp.usdoj.gov/index.cfm?ty=kftp&tid=3 [usdoj.gov]

Re:

[uncanny]

I meant what I said and "do you mean" is a rude statement. The place I worked at mostly incarcerated sex offenders, so yeah, I felt good about keeping them in there.

Re:

[Mr. Slippery]

They're hiring people to guard society's most violent people (murders, rapists, child molesters, etc). You don't want 'nice friendly chaps' doing that kind of work.

They're hiring people to guard people who have either fucked up, either big time, like murder, or small time, like shoplifting. Either way, most of those people are going to get out eventually, and whether or not they fuck up again depends partly on how they are treated during their time in prison. Do they learn job skills that expand their econ

Re:

[betterunixthanunix]

Oh, it is standard deception. No, they will not take into consideration whether or not you disclosed your username and password, but they will allow the information that such access would grant them to count for you in the interview. You were not rejected for failing to provide the username and password; you were rejected because someone you are competing with for the job did and they saw positive things in his profile.

Re:

[Anonymous Coward]

Lets face it, They say it has no bearing on the process but we all know it is BS.

Heck, 20 years ago I worked for Pinkerton. The hiring process had a list of "Optional" questions. Things like

What church do you attend?
Do you believe in the second coming of Christ?
Are you gay?
Are you the type of person to drop the hanky?
etc, etc

They make sure to state that it did not effect the hiring process, however, those that did not answer the questions were let go within 30 days of being hired. For me, I was asked to wor

Re:

[Surt]

http://www.ehow.com/how_4532062_play-drop-hanky.html [ehow.com]

Re:

[ls671]

Thanks for the link, very instructive !

Previous posters that mentioned having something dirtier in mind while trying to figure out what the expression means probably imagined dropping something like this :

http://en.wikipedia.org/wiki/Mr._Hankey,_the_Christmas_Poo [wikipedia.org]

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[dcollins]

The point is, they think we're too weak to do anything about it.

Re:

[david_thornley]

If they can't show the information wasn't used when provided, they've opened themselves up to serious legal liability.

Facebook profiles have entries for birthdays (and hence age) and religion, just to consider two potentially protected categories off the top of my head (age is only protected if it's 40-65). Facebook accounts are encouraged to have photos, which will normally show race.

This means that, if you applied for a job there that you were qualified for, provided your username and password as re

Yeah, right

[emt377]

They could have my user names and logins, but not my passwords or any other credentials. Just asking would pretty much make at least me turn around and walk out, likely rather annoyed at having wasted my time on such losers. Why don't they ask for my address book and business card files while at it? Can I have theirs?

Appropriately?

[Even on Slashdot FOE]

I am reasonably certain that what would be done in this case is to check everything you have ever done on Facebook. Also, all of those people should expect their security questions to have been changed just in case the passwords are changed someday.

Also, keeping the people working on this from fraping random people must be really hard, but they do it, right? Right?

I didn't think so either.

I wish I could tell you

[ThatsNotPudding]

Andy Dufresne unfriended the Sisters and they let him be, but I can't.

that sounds familiar

[v1]

the department said requests for user names and passwords had been voluntary, and had not been taken into account when evaluating job applicants. Nonetheless, 'in light of these concerns raised by the ACLU and because this is a newly emerging area in the law, the department has suspended the process of asking for social media information for 45 days to review the procedure and to make sure it is being used consistently and appropriately.'"

"We're only asking about your religious preference because y'know, we're just *curious*. It has NOTHING to do with whether or not were going to hire you, really. So that's OK, right?"

Why expose yourself?

[kheldan]

Things like this are all the more reason to never use your real name on social networking sites, ever .

Re:

[Itesh]

"Things like this are all the more reason to never use social networking sites, ever."
Fixed that for you ;)

Re:

[Locke2005]

But... what about all the hot chicks from high school that are trying to get in touch with me now?

No, I don't have a Facebook page... which is exactly what anyone should answer when asked for their Facebook info.

Re:

[yurtinus]

Why? Because somebody might find something I do objectionable? I'm all for privacy in those parts of my life that I *choose* to keep private, but I'm not going to encourage a society where everybody keeps a squeaky clean image in public all while hiding anything that could offend somebody. I'm not a deliberately abrasive person, but I'm also not going to let fear of what somebody else might think of me dictate how I present myself.

Employer - Employee in title

[sugarmotor]

"Employer Facebook Password Requests Suspended" should be "Employee Facebook Password Requests Suspended", no?

S

Re:

[Attila Dimedici]

Actually, it should be "Government Agency Job Applicant Facebook Password Requests Suspended." Although that is a little long for a headline, it would have stopped posters on /. talking about this case as if it had something to do with corporations invading their employees privacy (not to say that they don't). The thought process behind this sort of idiocy is completely different when it involves government agencies than when it involves companies. It is not that companies don't do just as stupid of things,

Re:

[ModernGeek]

So it wasn't the employees asking for their employers facebook credentials? This changes everything!

Total Bullshit

[dcollins]

Total bullshit from top to bottom. That's all I've got to say.

How voluntary can this really be?

[wealthychef]

Here I am, in an interview, trying to impress you with my willingness to be a team player, and you ask me for my username and password. There is definitely pressure there to comply. If it's not being taken into account when evaluating employees, why is it asked? That just reeks of falsehood.

A little love for the ACLU?

[Anonymous Coward]

Anybody (American) who cares about these kinds of issues should send a thank you in the form of a few dollars to the ACLU. When the government tries pulling this kind of bullshit, they're the ones who have your back.

Re:

[ErikZ]

If the ACLU supported the Second Amendment, I'd be a big fan.

While you're at it

[Khopesh]

While you're at it, we'll need a key to your home. At your discretion, we'd also like a full copy of your personal diary for our records.

Okay, great. Now strip for the camera and bend over. This will only take a minute or two.

Soviet tactics

[Teun]

Is it that the Soviet Empire has been forgotten by the masses without education?

Because in The Day this type of behaviour was according to US politicians only expected from communist dictatorships.

This type of behaviour includes the ban on Unionisation in Wisconsin, 30 years ago US diplomats, politicians and the free press would have had a field day blasting such policies.
Would Barack Obama today be the same man he was during his presidential campaign he'd be drawing blood among the officials responsible for those infractions against general human rights.
Or just imagine how Ronald Reagan would have responded...

The bottom line is: the USofA does not have any useful privacy legislation.

Re:

[pnuema]

Incorrect. Wages only. And what about those unions friendly to Walker? Police and fire? Exempt. This is about punishing political opponents, and if you can't see that, you're an idiot.

The voters of WI got what they asked for. Sounds like you're a teabagger, and should be happy about this. You guys won. Go ahead, be happy. But don't lie. You know what this is really about.

Fizzle

[wiedzmin]

I don't have a Facebook account. No, really, I don't. Now what? I don't get hired? Sounds like a lawsuit to me.

They ought not to be allowed to ask at all.

[jenningsthecat]

Entirely aside from the direct attack on privacy that asking for social networking login info represents, this policy is an insidious way of 'un-levelling' the playing field in favour of ass-kissing suck-ups who would sell their souls for job advancement. Those who co-operate are likely to get preferential treatment come review time, while those who protect their privacy, (and by extension ours as well), are likely to be discriminated against in subtle or not-so-subtle ways. Such prying into individuals' pe

Re:

[penguin_dance]

"In a statement, the department said requests for user names and passwords had been voluntary, and had not been taken into account when evaluating job applicants."

cough*bullshit*cough

A 45-day review is not a win...it's a stalling tactic! Making sure it more consistently asked in the interview or other process across the board is NOT acceptable.

Ah, bureaucracy.

[Killer Eye]

What the hell...45 days to "review" a "procedure"? Pure bureaucracy. We need just one reasonable person to spend 10 seconds using a Sharpie to cross out this step in the "procedure" so life can go on.

hell no

[shentino]

Private passwords?

Hello?

No, you do not share your username and password with your boss, and your boss has no ****ing business even asking for it in the first place!

This sort of invasion of one's privacy is completely unacceptable. And any boss that asks for this stuff, let alone makes it a condition of employment, is either an oppressive snoop looking to play brain cop, totally clueless about technology and/or personal boundaries, or both.

This is the sort of information we hold a deathgrip on unless a warr

Facebook ... Security ...

[Kittenman]

Same old same old ....

Re:

[Surt]

Thinking is for the ruling class, peasant. Do what you're told.

Re:

[Bengie]

I thought using someone else's account was "terrorism".

Also, even if you handed over your user/pass, if you said you didn't want them logging on and they did, wouldn't that be a criminal hacking charge?

Someone recently got 5 years of prison for using the user/pass for his wife's email account that she had on a post-it next to the computer.

Re:

[Locke2005]

Yeah, I do that every time I get pulled over by the police... "Sure, officer... let me see YOUR license and registration first!"

I'll be getting out of jail next month...

Re:

[space_jake]

TFA says to scan their facebook accounts for gang affiliation.

Re:

[mla_anderson]

Snippits from the TOS: Safety: 5. You will not solicit login information or access an account belonging to someone else. ... Registration and Account Security: 8. You will not share your password, (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account.