Sophos Cloud Optix
Last week, Naked Security wrote about employers requesting interview candidates to hand over their Facebook usernames and passwords.
This topic riled a lot of people, including Facebook.
Erin Egan, Facebook’s chief privacy officer, issued a statement on Friday. He writes:
...we’ve seen a distressing increase in reports of employers or others seeking to gain inappropriate access to people’s Facebook profiles or private information. This practice undermines the privacy expectations and the security of both the user and the user’s friends. It also potentially exposes the employer who seeks this access to unanticipated legal liability.
Mr Egan also says Facebook will take action to “protect the privacy and security of [its users], whether by engaging policymakers or, where appropriate, by initiating legal action…”
So, I think we can agree that this is a pretty strong statement. And Facebook isn’t alone. As mentioned last week, The American Civil Liberties Union (ACLU) maintains that people have a right to private lives. And now, US Government officials are also jumped into the debate.
US senators Chuck Schumer of New York and Richard Blumenthal of Connecticut have asked Attorney General Eric Holder to investigate whether federal laws are being violated if an employer requests a Facebook password during a job interview, according to Fox News.
The fact that this discussion is attracting some big players will be welcomed by many of our readers.
A quick and dirty Naked Security poll showed that a whopping 91% of the 3500+ readers who took part say that it should be illegal for companies to request access to your personal Facebook account.
So well done to everyone who stamped their feet in protest. It seems the right people are hearing you loud and clear. Let’s hope that a statement is issued very soon to clear these muddy waters.
Check out our Facebook page, where more than 170,000 people share information on widespread threats.
That is just wrong and undermines our privacy as Americans and employers. How would the employers of companies feel if they had to give others their password and login information out? If they are not willing to do it, they shouldn’t expect us to do so.
Don't worry about your American civil liberties. You already have few left:
http://nakedsecurity.sophos.com/2012/03/26/new-co…
Although I do not agree with the practice, can't say I can blame the employers seeking to take advantage of all the personal information on social networking sites. With the entitlement mentality becoming a world-wide epidemic, there will be a growing number of people seeking to take from others what does not belong to them.
The way things have come though this is about like someone 10 years ago in an interview asking for the keys to someones house so they could poke around and make sure they were not going to hurt the company.
It is one thing to look at what is publicly viewable and entirely different to dig into private accounts.
Here's my one option. Say sure you can have my facebook username and password, when I can have your finance servers root username and password.
I gotta write that one down.
It should be illegal to possess another person's password to any secured system. All access to every secured information system should be uniquely identifyable, so if someone needs access to an information source, give them login credentials of their own and set the access permissions appropriately.
We still have some potential outside partners who want to give our organization one set of credentials for everyone to share to access their system; we don't do business with any company that would even suggest a practice like that. Take security and privacy seriously if you want to do business with us.
Its interesting how Facebook mention legal recourse, yet play fast and loose with data sharing at almost every corner.
I'm far from being a legal expert, but this would surely break several laws if the same were to happen in the UK. Something about the Computer Misuse Act ( the bit about unlawful interception) and the EU privacy laws regarding 'personal space'.
I'm confident this practice will be made illegal. It's already illegal to ask a prospective employee questions about their marital status, religion, sexual orientation, age, ethnicity (to name a few). This information is often readily apparent on one's Facebook profile, and a candidate for a job can't be forced to provide this information to a prospective employer.
personally not surprised, our rights as employee's are…. next to non-existent. if you bother to complain, you will lose out in any way the employer possibly can do. its as if once you work for a company. the employers own your very soul itself. and due to lack of jobs, we usually shut up and accept it :S. it is amazingly important to know your rights as workers, especially today.
If the CEO, CFO and Board Chairthing will give me theirs so I can determine if the people running the company are responsible enough to make it a success I might consider it.
I don't think it's anyones business to know your login info If i was in an interview and was asked for it i would be taken aback. And i wouldn't want a job that asked for that anyhow. But understandably with the lack of jobs i'm sure people would hand it over just to get the needed job. That being said i wonder why people feel the need to put incriminating things on fb in the first place? How about don't put your half naked drunken self all over your fb page then you won't have to worry about what they would be seeing in the first place. Have you privacy high and tell them you don't have a fb account how would they know? This whole idea is just ridiculous.
It's one thing to want to see what is visible to the world or even what you post to friends. To ask for your login password means they can also peruse all the information that others have sent you, private messages. I don't think they should have a right to do that at all; certainly those other people never sent those messages with the idea that some company you are applying to would someday see them. (Regardless of the fact that there may be other ways that people who shouldn't gain access still do.) Also, you cannot control what others who are your FB friends post, but that is now visible to anyone who can log in as you, and possibly held against you.
Did you give your prospective employer permission to ask you for access to your Facebook account? If not, they already have violated your right to privacy, and you have a right to defend yourself. The best defense is to simply deny that you have a Facebook account. They would have gotten exactly what they deserved.
With the new Facebook Timeline, & even with the old Wall, employers can readily see your name,your home town & your current city.Denying that you have a Facebook account would seem pointless with all of the information about you that fits with what you have put on the application.
Why not ask them for a written statement of what they intend to do with the information…in duplicate.That way you have a copy of what amounts to a legal contract in case they try to do something such as change your password to lock you out of your own account or delete your account permanently so that you can't use your current email account to get another account,regardless of whether or not you have "illegal" content posted on Facebook.Posting drunken pictures of yourself on any social networking site is "stupid"but not illegal.
I don't get it. There are several things that an employer cannot legally ask in an interview. Half of these things can be obtained from full access to Facebook. How is this not also illegal?
If you give your FB account details to an employer, the employer could gain access not only to your private information, but potentially also to that of your friends, if they have set their profile information as "visible only to my friends" in their privacy settings.
This might be a useful pretext to politely refuse a request for access to an employer in an interview situation ("I personally have got nothing to hide, and would gladly give you access to my account, but I have to take my acquaintances' privacy into consideration").
Any doubt left that american citizens are slaves? The government strait up says it owns you, your body, your time, your work, your income, your ideas, your right to self defense, and even your right to exist or breath. Why is anybody surprised that the corporations who fostered this attitude with their lobyists Also see you as an economic slave, and merely property to be used as desired?
If this is implemented, Facebook will lose a lot of users! Its an invasion of ones privacy for sure. smdh