Skip to content
by
  • Products
  • Free Tools
  • Search
  • Free Sophos Home
XG Firewall
Next-Gen Firewall
Intercept X
Next-Gen Endpoint
  • Sophos Cloud Optix
  • Sophos Central
  • Sophos Mobile
  • Intercept X for Server
  • Secure Wi-Fi
  • Phish Threat
  • SafeGuard Encryption
  • Secure Email
  • SG UTM
  • Secure Web Gateway
For Home Users

Sophos Home protects every Mac and PC in your home

Learn More
Free Security Tools
Free Trials
Product Demos
Have you listened to our podcast? Listen now

Illinois Facebook bill stops employers from requesting workers’ passwords

03 Aug 2012 6 Facebook, Law & order, Privacy, Social networks
Facebook reveals friends list even when it's set to private

Post navigation

Previous: Facebook hackers pwn baseball team pages, claim NY Yankees captain is having sex change
Next: Poisoned DOC file used in targeted malware attack against military contractor
by Lisa Vaas

FacebookIllinois on Wednesday joined a number of US states that are fighting to keep prying employers from asking for workers’ passwords on social networking sites such as Facebook.

The law, which protects both current employees and prospective hires, decrees that Illinois employers who ask for login data can be fined $200 and up as of January 1.

The new law (here’s the text, and here’s the Right to Privacy in the Workplace Act that it amends) is known as the Facebook bill.

The bill makes it illegal for employers to ask for login information “or to demand access to it in any manner.”

This will only protect private posts, mind you.

There’s nothing barring employers from asking for workers’ social networking user names, thus leaving them free to check out employees’ public postings, get into a snit, and fire their unprofessional and/or debauched butts.

A recent case in point was when Robert J. Sumien, an emergency medical technician, was fired for posting a comment on Facebook about giving a “boot to the head” to unruly patients.

(Sumien sued, claiming that he misunderstood Facebook’s settings, and thereby didn’t know his employer could read his postings. The court did not sympathize.)

Bear in mind that employers’ interests in workers’ social networking selves is climbing ever skyward.

Facebook login

According to Gartner’s predictions, by 2015, 60 percent of employers are likely to be eavesdropping on our social media selves to make sure our e-blabbing isn’t poking security holes into their outfits.

This growth in employer surveillance has seen a corresponding indignation on the part of workers, has interested the media, and has motivated some lawmakers to push legislation similar to that of Illinois.

To wit: Maryland has a similar law, while Connecticut, New York, California, Washington, Delaware and New Jersey are all considering bans.

Meanwhile, two U.S. senators – Richard Blumenthal of Connecticut and Charles Schumer of New York – have asked the US Department of Justice and the Equal Employment Opportunity Commission to look into whether US law already prohibits employers from demanding Facebook passwords from job applicants.

The senators’ letters of inquiry have been posted online.

The upshot: you can still be as law-spurning, drunken and/or unprofessional as you want on Facebook and other sites, but at least for now, you have a chance to keep that behavior out of employers’ sight – if you work in Illinois or Maryland, that is.

Of course, if you’re one of the estimated 13 million US Facebook users who don’t use and/or are oblivious to the site’s privacy controls, the new law means zilch.

Sophos readers tend to not need any of the following advice, but we all have acquaintances, friends and/or family who do.

So for them:

Here’s Facebook’s privacy page.

And here’s what to tell the privacy-settings challenged:

If you’ve set Facebook privacy to only show your posts to friends, bear in mind that when you comment on other people’s posts, your words are subject to those friends’ privacy settings.

They’re also viewable to their friends.

Be careful!

If you want to stay on top of privacy and security threats on Facebook and other cyber spots, click like on Sophos’s Facebook page.

  • Follow @NakedSecurity on Twitter for the latest computer security news.

  • Follow @NakedSecurity on Instagram for exclusive pics, gifs, vids and LOLs!

Free tools

Sophos Firewall Home Edition

Boost your home network security.

Sophos Scan & Clean

Free second-opinion scanner for PCs.

Sophos Cloud Optix

Monitor 25 cloud assets for free.

Post navigation

Previous: Facebook hackers pwn baseball team pages, claim NY Yankees captain is having sex change
Next: Poisoned DOC file used in targeted malware attack against military contractor

6 comments on “Illinois Facebook bill stops employers from requesting workers’ passwords”

  1. Randy says:
    August 6, 2012 at 4:47 pm

    A $200 fine? That's peanuts to a company that is interested in doing a decent background check and ongoing monitoring of it's employees and potential employees.
    Now jail time for the executive board members? That might have an effect.

    Reply
  2. Internaut says:
    August 6, 2012 at 6:24 pm

    If a prospective employer asks for a password, is that not the same as wanting to record all their phone conversations and texts? Of course, the application form may change from 'what is your password' to 'You do not have to provide your password, but we would like it anyway.' The same as not discriminating – but many do.

    The freedom to express one's self is OK, provided that it is positive in content, and agrees with the authorities. Opinions and privacy – express opinions wisely, and expect no privacy.

    Historically, such types of 'information' and privacy have always found a new conduit. Until then, in order to express one's opinions, or ask the boss's daughter on a date in private will require will require the use of some old fashioned tools – such as, PGP email, avoid social networks – even as a casual reader, use anonymous relays, even if just looking around the Internet, and a course in personal security 101.

    The Internet is being used by corporations and government to exercise control.

    With all the expertise at SOPHOS, I look forward to a series of article on just that – where are we headed and what can we do about it.

    Reply
  3. Jack says:
    August 8, 2012 at 2:54 am

    As a retired police officer, I find it offensive that some police agencies attempt to obtain this information and some require it. I wonder if they think that if you agree to a site not to tell others of your login information, and you violate that, what will you violate of theirs? This sounds counter intuitive, but some police are that way. I feel that we do not need these laws, but need people that hire to not require this type of information as a common right of the person applying. What else will they explore that is private and how stupid are you for doing it in the first place? What will we expect when it comes to our data out on 'clouds'? This will be a major failing of people who no longer own or control their data.

    Reply
  4. Randy says:
    August 8, 2012 at 5:20 pm

    If businesses want our Facebook info then so does the government. Maybe I'll delete my account while I am still legally able to do so.

    Reply
  5. twistedG says:
    August 9, 2012 at 3:54 am

    Seriously? I have a federal government background clearance. Lol if a prospective employer even asked me for such personal information I would politely and respectively tell them to eff off and give a polite finger. I don't believe this story is real but if it is our world has fallen.

    Reply
  6. Jono says:
    October 29, 2015 at 6:25 pm

    Login information and passwords are private for the user only, whether for social media – or a bank account. If this article is true, I am amazed and appalled. American employers need to regain some integrity. That said, Facebook continues to be a source of concern, like a wayward and slightly rabid dog, since privacy settings continue to elude and not be explained. For example, if I post in private Group, and a member of that Group shares to his own timeline, who exactly can then see that post? I find no answer on the internet.

    Reply

What do you think? Cancel reply

Recommended reads

Dec06
by Naked Security writer
1

SIM swapper sent to prison for 2FA cryptocurrency heist of over $20m

Dec29
by Paul Ducklin
9

US passes the Quantum Computing Cybersecurity Preparedness Act – and why not?

Nov22
by Paul Ducklin
0

How to hack an unpatched Exchange server with rogue PowerShell code

  • About Naked Security
  • About Sophos
  • Send us a tip
  • Cookies
  • Privacy
  • Legal
  • Intercept X
  • Intercept X for Server
  • Intercept X for Mobile
  • XG Firewall
  • Sophos Email
  • Sophos Wireless
  • Managed Threat Response
  • Cloud Optix
  • Phish Threat
© 1997 - 2023 Sophos Ltd. All rights reserved. Powered by WordPress VIP