Would you give your (potential) employer your Facebook password? Unfortunately this is not a hypothetical question for many people. Some companies are asking interviewees to log-in to their Facebook accounts during interviews and/or share their Facebook passwords with (potential) employers. While I understand employers’ desire to conduct background checks and obtain character references (for security-sensitive or high responsibility positions), I believe this is going too far and is a violation of privacy, trust, and has many ethical implications.
1.Invasion of privacy. Viewing someone’s public profile is not the same as asking them to log-in or share their password. To argue that Facebook is public is a failure to acknowledge the intimate aspects of online communication, trust, and sharing. If someone’s profile is accessible without adding them as your friend, then yes, that is more or less considered publicly accessible information. However, Facebook now allows for different degrees of privacy – that is, we can control what we share with whom. Even if I accept a friend request from my superior, I can choose to limit what they see. This should be considered a right, not a privilege. If I invite my colleagues to my house for a party I have every right to close bedroom or closet doors in order to protect my privacy. In the same way, just because I allow someone to be a part of my network does not grant them the right to “go behind closed doors.” Requiring applicants/employees to disclose their entire profile, network, and communication is a breach of privacy.
Additionally, Facebook allows for private one-to-one messaging which is really no different from email. While employers do monitor company emails, employees create private accounts to which their employers are not privy. Facebook messages are private forms of communication. The practice of requiring applicants to disclose their entire Facebook profile, network, and communication is even more disturbing.
2. Breach of trust. Not only are employers invading their applicants’ and employees’ privacy, I would also argue it is a breach of trust for that person’s entire social network. When I post something on my friend’s wall, invite them to a closed event, or send them a private message, I trust that they are not going to inappropriately share that with someone outside of their network. Part of building a relationship is developing intimacy through the practice of forfeiting privacy (I choose to share personal information with you); I trust that you will not inappropriately share that information with others. When employers view private messages between their employees and personal acquaintances they have not only invaded their employee’s privacy, but also breached the trust of the other person. If I log-in to Facebook and see that my friend Sally is available to chat and I send her a message, I trust that it is Sally on the other end. If it is not, then I have shared something with someone whom I never intended to share that information – now my privacy has been invaded as well (and I’m not even an employee of the company). Additionally, sharing passwords and networks before trust has been established (between an employer and employee) is a breach of social conventions. First we trust, then we share.
3. Discriminatory practices. I have made this argument before with regard to social networking sites, but obtaining passwords and logging into applicants’ profiles reiterates and intensifies the potential for discriminatory hiring decisions. It is quite possible that a person’s public Facebook does not reference religion, sexuality, politics, etc. However they may choose to disclose this information within their trusted Facebook network (and even if they don’t, it may be strongly implied within their network). By logging into an applicant’s Facebook account the employer may become privy to information that is otherwise illegal to deliberately obtain during an interview process – such as the fact that the applicant is Muslim, bisexual, or a member of the Tea Party. Employers could use this information to unlawfully discriminate. While some may argue, “well you shouldn’t have put that on your Facebook in the first place”, I would counter a) it is unlawful to ask about and/or use this information to influence decisions during a job interview b) you don’t always know what seemingly innocuous information might be used against you or taken out of context c) you can’t control what those in your network will post. For example, if the majority of your friends are gay or liberal or Muslim then your News Feed will reflect this which leads to assumptions about your identity as well, which could then be used to illegally discriminate against you.
4. Chilling effect on speech. This leads to a consequence or outcome of this practice. Making our entire Facebook profile, communication (private messages), and networks (News Feeds) available to employers will undoubtedly have a chilling effect on communication and speech. Many people use Facebook as a way to connect with communities, express identities, express and learn more about ideological beliefs, and become more civically engaged. However, if all elements of privacy are removed from Facebook then this severely limits communication, expression, and identification. While I certainly think people ought to be more cognizant of what they post on Facebook – it’s not completely private and people do post really dumb things (like bad mouthing their boss or talking about calling into work hungover), they shouldn’t be afraid to post something with which their employer may disagree (e.g. their sexual orientation, religion, or political ideology, etc.). Facebook has become an integral form of communication, community, and identity expression for many people; practices which violate privacy and trust would chill speech and engagement.
5. Security liability. Beyond the consequences, this is a huge breach of personal security as well as a liability to to the employer. I work with youth and there is a lot of talk (from adults) telling youth to never share their password with anyone, ever! What my research team and I have seen (as well as other studies) is that teens share their passwords with close friends or partners as a sign of intimacy and trust (a practice danah boyd argues was normalized by parents). Adults tend to panic about this, often because of anxieties stemming from the cyberbullying narratives circulating the news lately. How can we tell teens it is risky (or even dangerous) to share a password with a friend, then turn around and ask adults to share passwords with employers? This is far more risky, particularly when trust has not even been established.
What happens if that account is hacked or the password is used to log-in to employee’s email, bank account, or protected files? Of course digital literacy 101 would tell us not to use the same password for sensitive sites (e.g. bank accounts) as other sites (e.g. yelp), but then again digital literacy 101 would also tell us to never share our passwords with someone we don’t completely trust (e.g. an (potential) employer). So…yea, there’s a huge security issue and liability for the employers if they not only have access to their employees’ Facebook accounts but also know the passwords.
6. Violation of Terms of Service & Illegal Impersonation. Oh that’s right, it’s not just a security issue it actually violates Facebook’s Terms of Service which prohibits the sharing of passwords. The exact language, “you will not share your password, let anyone else access your account, or do anything else that might jeopardize the security of your account”. The Department of Justice regards it as a federal crime to enter a social networking site in violation of the terms of service (although not generally prosecutable). Additionally, some states such as California have made it a crime to impersonate someone online. While this may not apply in this particular situation, it has implications with regards to logging into someone else’s Facebook.
7. Coercion. As the AP article mentions, requiring someone to log-in to their account during an interview or share a password is not consent, it is coercion. There are certainly people who simply cannot walk away from a job interview because they disagree with this policy. If someone needs a job badly enough, they are going to do what they have to do to get that job, even if they disagree with the practices and “consent” to giving up their privacy. Those who say “well if you don’t have anything to hide then what’s it matter?” are overlooking the principles and consequences behind these actions. Taken out of context, almost anything in your inbox, News Feed, or profile could be construed as negative, misleading, or simply disagreeable to your (potential) employer. While employers justify monitoring company email and use of company computers and networks, asking for passwords or requiring employees to share their private messages, networks, and communication is outside the purview of the company. This is going beyond security clearance, character references, and publicly available background checks. Again, if your profile is public then be careful what you post and anticipate your employer viewing it, however, if privacy limitations are set then (potential) employers should be required to respect them. Requiring applicants or employees to disclose this information is a form of coercion.
Conclusion. Facebook facilitates many forms of communication, community building, information sharing, and identity expression. As our different networks or circles increasingly converge we will continually have to decide what information to share with whom and in what context. Online social networking sites blur many physical and conventional social boundaries. Whether what we share on Facebook should or should not be “public” and accessible to employers is a decision we as a society have to deliberately make. That’s not “just the way it is” and there is nothing inherent about the nature of Facebook which justifies these practices. To a certain degree we must anticipate all future and potential audiences viewing everything we share online. However as a society we can craft policies and create socially agreed upon boundaries which grant privacy and limit access to online spaces. While I’ll be the first to advocate taking precautions about what you’re sharing, practices like this (employers requiring access) is a breach of privacy, fosters fear and anxiety, and has chilling effects on identity and community. As a society we can decide this is unethical and unacceptable.