Forgot your password?
typodupeerror
Facebook Social Networks United States News Your Rights Online

Password Protection Act: Bans Bosses Asking For Facebook Passwords 247

Posted by samzenpus
from the get-your-hands-off-my-friends-list dept.
An anonymous reader writes "On the heels of a similar bill introduced last month. A group of Democrats today introduced legislation in both the House and Senate to prevent employers from forcing employers and job applicants into sharing information from their personal social networking accounts. In other words, Maryland may soon not be the only state that has banned employers demanding access to Facebook accounts. The Password Protection Act of 2012 (PPA) would also prevent employers from accessing information on any computer that isn't owned or controlled by an employee, including private e-mail accounts, photo sharing sites, and smartphones."
This discussion has been archived. No new comments can be posted.

Password Protection Act: Bans Bosses Asking For Facebook Passwords

Comments Filter:
  • And now.. (Score:5, Insightful)

    by Severus Snape (2376318) on Wednesday May 09, 2012 @06:53PM (#39948357)
    They'll demand you add them as a friend!
    • Re:And now.. (Score:5, Informative)

      by gstrickler (920733) on Wednesday May 09, 2012 @07:42PM (#39948791)

      That would be covered under

      Prohibits an employer from forcing prospective or current employees to provide access to their own private account as a condition of employment.

      • Re:And now.. (Score:5, Insightful)

        by cayenne8 (626475) on Wednesday May 09, 2012 @10:11PM (#39949757) Homepage Journal
        While I am all for this type of legislature, I have to ask myself, on what authority do the FEDS have to make this law?

        I'm not sure how I see this falling into the interstate commerce clause? I mean, a person works in his state....money paid to him in a state in which he is responsible for state taxes, etc.

        I would think this would have to be done on a state basis, and not a federal one?

        Sorry, but these days...I'm questioning every law the feds are trying to pass, and trying to understand where the constitutional authority is for these mandates/laws.....

        • by C0R1D4N (970153)
          Not that I disagree with you, but this trail was already blazed with OSHA.
        • Re:And now.. (Score:5, Insightful)

          by mysidia (191772) on Wednesday May 09, 2012 @10:33PM (#39949919)

          I'm not sure how I see this falling into the interstate commerce clause? I mean, a person works in his state....money paid to him in a state in which he is responsible for state taxes, etc.

          Internet social networking sites have a multi-state presence; the federal government has long claimed to have the jurisdiction over regulation of telecommunications services, see FCC. In Facebook's case, it's a terms of use violation to share your password.

          They are essentially passing legislation that forbids employers from interfering with citizens' private relationship with certain other companies.

          The legislation is broken though, because it's specific to social networking. This should apply to all sites.

          Including online banking sites, and sites where you pay your utility bills. This is a form of consumer protection and privacy protection for interstate commerce.

          Your private dealings are not your employer's business.

          Your employer has no business seeing who your friends are, who your banks are, what your account balances are, which cable package you subscribe, to, what book you ordered from Barnes and Noble or Amazon, what your viewing history is on Youtube and Netflix, etc.

          And if some of employers are trying to pry anyways and demand passwords to personal accounts their company has no right to, then it certainly is the feds' job to reign in the abuse.

          • by dkf (304284)

            Your employer has no business seeing who your friends are, who your banks are,
            what your account balances are, which cable package you subscribe, to,
            what book you ordered from Barnes and Noble or Amazon,
            what your viewing history is on Youtube and Netflix, etc.

            Your employer usually wants to know what one of your bank accounts is so that they can pay you. (They might not be very keen on this part, but all but the most rabid scum recognize that failing to pay is a good way to encourage employees to seek employment elsewhere and bring lawsuits.)

      • > That would be covered under

        >| Prohibits an employer from forcing prospective or current employees
        >| to provide access to their own private account as a condition of employment.

        Is the "provide access to" broad enough to cover the latest loophole? That's the one where the employer demands that you log in to your account, and he looks over your shoulder while you scroll through your timeline, photo albums, etc.

        • "Provide access to" means requiring the (potential) employee to grant access to the employer, that which they do not already have access. Courts could disagree, but my interpretation, and my defense is that prevents requiring me to accept a friend request, or another other access which is not available to everyone.

    • by Lisias (447563)

      what you will, and then restrict them to see only the safe content.

      It's a bitch, but can be done.

      Easier on Google+, however.

    • by Galestar (1473827)
      So? I'll add them and won't give them access to see anything.
    • Re: (Score:3, Interesting)

      by AngryDeuce (2205124)

      Pretty hard to do considering I don't have a Facebook account. If they want to make having a social media presence a condition of employment, I guess that's just not the job for me...

      I seriously don't understand why people even admit to having one to a prospective employer in the first place. Kids, just say no! Worst case scenario, you don't get a job offer at a place that you probably wouldn't want to work at anyway.

      Let's not pretend, though, that something like this is going to modify employer behavior

  • 10 Amendment (Score:5, Insightful)

    by misfit815 (875442) on Wednesday May 09, 2012 @06:54PM (#39948373)

    How is this the domain of the United States Congress?

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      It's an election year.

    • Re:10 Amendment (Score:4, Interesting)

      by Anonymous Coward on Wednesday May 09, 2012 @07:03PM (#39948451)

      Business practices that seem to want to coerce people to provide information they normally would not do for their job, or to actively violate laws (e.g., federal laws that prohibit, at least in letter, sharing of passwords for online resources) in order to interview for a job, things like that? You know, laws that the Congress passed in the first place?

      Shouldn't take too much lobbying by US Chamber of Commerce, et al, to make sure this bill doesn't even make it out of committee or otherwise dies a quiet procedural death. But, because it's sponsored by (D)'s, even if it did make it to the floors, it's going to be voted down just because.

    • by Oswald (235719)

      I suppose it's the catch-all "necessary and proper" thing. Honestly, you're not going to get anywhere with this argument--that ship has sailed. Congress does whatever it wants except when the executive decides just to ignore them or the courts decide to overturn them. One of the worst drawbacks to judicial review is that by relieving Congress of final responsibility for the constitutionality of laws, it promotes an attitude of "pass it, brag to the folks back home about it, and if the Court overturns it,

    • by Darinbob (1142669)

      Congress has been allowed to do more than merely interstate commerce for 220 years. States have not been semi-autonomous regions for 150 years.

    • Re:10 Amendment (Score:5, Informative)

      by JoshuaZ (1134087) on Wednesday May 09, 2012 @07:15PM (#39948559) Homepage
      Interstate commerce, covered in Article I of the Constitution http://en.wikipedia.org/wiki/Interstate_Commerce_Clause [wikipedia.org]. The websites in question are large sprawling entities like Facebook which have people in all states and have offices in multiple states. Once that's a common setup, regulation is almost certainly Constitutional. And even when websites are all in one state, packets and the like go very far afield. There might be an argument that they can't regulate an in-state employer wanting a password from a completely in-state website, but that case is both unlikely to come up, and even if it did, courts would likely consider that to be a a weak argument.
      • by misfit815 (875442)

        Regulating commerce is not the same as regulating the entire commercial entity. Of course, that's not the road we've been going down for a very long time. It's much easier to consolidate power in Washington where the lobbyists have a one-stop shop. On the other hand, actually respecting the 10th Amendment would require an informed and intelligent electorate, so I guess my point is moot.

    • by Lehk228 (705449)
      interstate commerce, the same way the federal government has laws against computer fraud and abuse
    • Re:10 Amendment (Score:4, Informative)

      by Gimbal (2474818) on Wednesday May 09, 2012 @09:05PM (#39949401)

      There's a commentary on the Constitutional support of right to privacy [umkc.edu] at U Missouri KC (and that, I had not expected, but hey, score one for democratic discourse)

    • by rhook (943951)

      Because pretty much every one in the US who uses Facebook does not live in the same state the servers are located in, and even if they do it is still very possible that the connection crosses state lines before getting back to the server. That means that this is more of an interstate commerce issue. This also isn't a "States Rights" issue, hence the 10th Amendment does not apply.

    • by Shoten (260439)

      Wow...are you that ignorant of law? It's the domain of the federal government the same way that sexual harrassment is, for example. Or racial discrimination in the workplace. Or any number of abusive practices by employers that are prohibited by the federal government. OSHA? Yeah, all that. EEOC? Yep. That too! And so on. Come to think of it...say, isn't there something called the "Department of Labor?" Hmmm...I wonder what THEY regulate...

  • by flaming error (1041742) on Wednesday May 09, 2012 @06:59PM (#39948417) Journal

    If corporations are people, these laws probably exist already.

    Regardless of laws, the audacity of demanding personal passwords as a condition of employment just boggles my mind.

    We're employees hired to do a job and go home. We're not paid to room and board our employer in our underpants.

    • by SeaFox (739806) on Wednesday May 09, 2012 @07:05PM (#39948483)

      That's what happens when you have...

      1. (Relatively) high unemployment.

      2. A government that is pro-business and anti-employee rights for years and years.

      3. Companies more and more feeling what an employee does on their personal time is their business because "it might reflect badly on the company".

    • Nothing stops me from demanding you give me your Facebook password. If you refuse, I can then refuse to provide you with whatever I feel like, such as access to my house, help with things you might need and so on. I can make it a prerequisite that to be my friend in real life, you give me your Facebook password.

      Now of course if I do that, all that will happen is I have no friends. Being that as individuals we are on a relatively equal power footing we can work it out between ourselves.

      What is happening is t

  • Did this actually happen, or is it a modern urban legend that employers were requiring passwords? And if it really happened, aren't there existing privacy laws in place that could have been used to sue these businesses out of existence?

    • Re:Really? (Score:5, Informative)

      by mark-t (151149) <[markt] [at] [lynx.bc.ca]> on Wednesday May 09, 2012 @07:03PM (#39948449) Journal

      Yes, it actually happened [zdnet.com]

      No, it's not. See above

      Unfortunately not yet. But there could be soon.

      • Re:Really? (Score:4, Insightful)

        by PRMan (959735) on Wednesday May 09, 2012 @07:51PM (#39948855)
        Most people's Facebook status includes their Marital Status, Religion, etc., several things that are not allowed to be asked in of a prospective employee. So I would think somebody could have gotten them on that.
        • by mark-t (151149)
          Meeting you in person or even often just knowing your name offers an employer sufficient information to discriminate against you based on your gender. I'm not in favor of employers asking employees for their Facebook info in any way whatsoever, but I think it's straining credibility to presume the request is to actually otherwise unlawful discriminate against a person.
  • So the summary notes there was already a similar bill. What happened to that? What's different/better/more-likely -to-get-passed about this one?
    • Re:why another bill? (Score:4, Informative)

      by Dahamma (304068) on Wednesday May 09, 2012 @07:26PM (#39948649)

      That happens a lot - similar bills are introduced, debated in committee, etc. Some are better than others, and if the process isn't completely broken (not even going there...) the various ideas get consolidated into something that meets everyone's needs and is then introduced to the floor.

      In this case, it seems like a law protecting any of your password-protected/private information (email, photo sharing, online backups, whatever) would be much more powerful than the previous one that focused mostly on your "social networking" accounts...

    • What's different is it was reworded to try and avoid another GOP obstruction-- or at least sneak in under the radar.

  • prevent employers from accessing information on any computer that isn't owned or controlled by an employee...

    So, they are trying to prevent employers from asking for my Facebook/Gmail/etc. password, because it's there in the magical "cloud" and not owned/controlled by me; but it is totally OK for my employer to insist on having a password to my *home* computer, just because it is owned and controlled by me??? Which, by the way, likely has a cookie to authorize accessing my identity "out there"... Or should

    • Re: (Score:3, Interesting)

      by Script_God (803563)
      As an applicant, you are not yet an employee. If they want to demand that I give them that information after I am an employee, and I refuse, I would not be surprised if there can be a wrongful termination lawsuit.
    • by Dahamma (304068) on Wednesday May 09, 2012 @07:24PM (#39948631)

      Yeah, it didn't make sense. After reading the article, it was clearly a typo, and should have said "from accessing information on any computer that isn't owned or controlled by an employer". Ie. employers can still demand you hand over passwords on *their* systems, which seems reasonable enough.

      • by slew (2918)

        Yeah, it didn't make sense. After reading the article, it was clearly a typo, and should have said "from accessing information on any computer that isn't owned or controlled by an employer". Ie. employers can still demand you hand over passwords on *their* systems, which seems reasonable enough.

        Of course that means you might still have a problem if you want to work for a social networking company that you actually use... Of course said company already has your data, but if you are part of the 99% that uses the same password everywhere, you are kinda screwed if you actually hand over your password.

      • Seeing as they screwed up the employee/employer thing farther up as well, that makes sense.
      • by Bengie (1121981)
        IANAL - Last I checked, the DOJ ruled violating the TOS is criminal and goes against Computer Fraud and Abuse Act. An appeals court ruled violating a TOS is not criminal, but several other appeals courts have. It is now going to the supreme court, but it currently stands to be criminal

        Anyway, where I was going with this is handing over your password or asking for another person's password is in violation of Facebook's TOS. It currently stands that asking for your password or asking to even see your FB acc
        • When I was much younger my life's dream was to invent a new crime.

          The 'Computer Fraud and Abuse Act.' makes anything involving computers that a judge thinks should be illegal, illegal. 'Ips Post Facto?' never heard of it.

          I now have to invent a new crime that doesn't involve computers. Best I've got is programming an electric car to make the 'cross now' sound as it drives around. Which sucks as I can't make any money at that and I don't have anything against blind people. Plus it involves computers.

  • Summary Confusion (Score:4, Informative)

    by Githaron (2462596) on Wednesday May 09, 2012 @07:06PM (#39948489)

    The Password Protection Act of 2012 (PPA) would also prevent employers from accessing information on any computer that isn't owned or controlled by an employee, including private e-mail accounts, photo sharing sites, and smartphones.

    I assume the summary meant to say that the act prevents employers from accessing information on any computer that is owned or controlled by an employee.

    • Re:Summary Confusion (Score:4, Interesting)

      by Dahamma (304068) on Wednesday May 09, 2012 @07:28PM (#39948665)

      Actually, from TFA it sounds like they meant to say it prevents employers from accessing personal information on any computer that isn't owned or controlled by an employer. I'm pretty sure the intent is that an employer should still be able to access and demand passwords to servers it owns, even if the employee runs them, etc, and anything else is none of their business.

  • I would have thought the 4th amendment would have covered this, so all I see is grandstanding politicians pretending they care about the people while ignoring their own Constitution.

  • by rueger (210566) * on Wednesday May 09, 2012 @07:24PM (#39948629) Homepage
    Of course the reality is that if you really need that job you have pretty much no option but hand over whatever the boss asks for.

    Sure, in theory you could refuse, and when you get fired (or not hired in the first place) in theory you could drag them into court, but in practice the vast majority of working folks can't afford to lose the job in the first place, and can't afford the lawyers in the second.

    This would be about as effective as most workplace safety laws - sure you can refuse to do dangerous work, but when there are a hundred people lined up who are prepared to climb on a four story roof with no safety harness you'll find yourself unemployed very fast.
    • Re: (Score:3, Insightful)

      by Anonymous Coward

      This is the argument of the coward. Just stay quiet while your rights are violated because its too dangerous to stand up for yourself.

      Tell that to the countless workers that fought for their rights, some of whom paid for it with their lives. Are you saying they should not have bothered?

    • by lgw (121541)

      If it's just one employer being a dick, you really don't need the government to step in. The problem comes when you have "collusion on terms of employment", which happens far too often: every employer in some industry ends up having the same bullshit. And in that case, as long as whatever regulation affects all companies equally, employers are generally OK with it (since their competition is equally affected).

  • Pardon me, but...

    Don't they have something better to do?

    This is like Nero playing the fiddle while Rome burns.

    • Don't they have something better to do?

      You realize that our elected officials in D.C. are capable of dealing with more than one issue at a time? There are probably many 1000's of bill that get written, debated on, tabled and passed every year.

  • This sounds like overbearing government intrusion into the private market to me. Employers should be free to demand whatever they want as a condition of employment, from high-school transcripts to semen samples! If you don't like it, find another place to work!
  • Wait a sec (Score:4, Insightful)

    by SilverJets (131916) on Wednesday May 09, 2012 @09:30PM (#39949557) Homepage

    The Password Protection Act of 2012 (PPA) would also prevent employers from accessing information on any computer that isn't owned or controlled by an employee, including private e-mail accounts, photo sharing sites, and smartphones."

    Shouldn't that be isn't owned or controlled by the employer or company instead? An employee's personal computer (and I'm using personal here to mean one that belongs to the employee) shouldn't be accessed by the employer either.

    • by SeaFox (739806)

      Shouldn't that be isn't owned or controlled by the employer or company instead? An employee's personal computer (and I'm using personal here to mean one that belongs to the employee) shouldn't be accessed by the employer either.

      Haven't you heard? Nobody keeps their stuff on their PCs anymore. They upload it to social networking sites, which they don't own, and don't keep backups. Then they fret about what they're going to do if Facebook ever goes away [slashdot.org] and how they'll get all their stuff back.

  • by Fned (43219) on Wednesday May 09, 2012 @10:00PM (#39949717) Journal

    If you log into my friend's account and you're not my friend, you now have access to information in my profile that I did not give you permission to.

    Facebook's ToS explicitly prohibits doing this.

    Violating a website's ToS in order to gain access to information you don't have permission to access is, I think, some sort of federal crime.

    Any lawyers care to chime in on this one?

    • Technically yes, as it is considered unauthorized access. But unless it caused bodily injury or financial loss, most agencies wouldn't care.

      Same with opening a new account with the name resembling your long lost friend/relative etc. and tried to gain access to your profile by tricking you to accept them as friends. This could remotely consitutes identity theft.

    • by shentino (1139071)

      It's only illegal if you do it, but not if big business or the government does it.

The superior man understands what is right; the inferior man understands what will sell. -- Confucius

Working...