my password? sure! it’s two words. first one starts with “f”.

I want to believe that the latest corporate idiocy–some hiring managers asking for Facebook passwords from prospective hires for the purpose of “background screening” them–is some sort of urban legend. Having worked in the corporate world for quite a while, I have to concede a better-than-even chance that this is actually taking place.

The problem that almost anyone with a brain and twelve seconds to think about that issue (which excludes 75% of all corporate mid-rank managers I’ve ever worked with) has already pointed out is that even if the candidates willingly surrender their Facebook password, the hiring manager leaves the company open to slam-dunk discrimination lawsuits. If you go through a candidate’s Facebook page and read that she is gay, and you don’t hire her–can you prove that you didn’t pass her over because of her sexual orientation? How about a candidate’s religion or marital status?

Obviously, this is a bad idea all around from a legal perspective. But there’s another aspect, one that immediately occurred to this former IT monkey and network administrator before he even considered the discrimination angle:

Do you, as a hiring manager, want to hire people who are willing to surrender the password to their private information at the mere prospect of a paycheck? if they let you snoop around in their lives just because you may hire them, what do you think they’ll do with your confidential corporate information–your trade secrets, your network passwords, your financial information–when they have a more concrete incentive?

Of course, the employee pool these days is made up to a fair degree of people who have been conditioned to walk through metal detectors, wear see-through backpacks, and submit without question to the school resource officer and his friendly Constitutional expert Rover, so I imagine that most job candidates fresh out of college wouldn’t even blink at such a request. But I’m a pessimist when it comes to stuff like that, which has the advantage that a.) you’re right more often than the optimist, and b.) you can only be surprised positively.


22 thoughts on “my password? sure! it’s two words. first one starts with “f”.

  1. changterhune says:

    Is the second word “blueberry?”

    In other news: spot on!

  2. M. Hoehne says:

    Wonderful analysis! I, too, was incredulous that this was even happening. Thanks for your efforts to expose the stupidity.

  3. Sigivald says:

    I want to know how widespread this is.

    I think “not very much at all”; the entire thing reads like a giant reaction to almost nothing.

    (A handful of companies or agencies* doing this would be enough to get a few complaints and then Every Idiot On Facebook spams “zomg save my privacies!!!!” and then it’s in Congress and “it’s a crisis” and we need More Laws To Save Us From It.

    On the other hand, the reactions at least seem to argue against the “none of the kids will think anything of it” thing, so at least that’s a plus.)

    )*I’ve seen it speculated that “most” places doing that are things like Police Departments or goverment jobs, but I have no actual data.

    It wouldn’t surprise me that a PD might think that’s a good idea, though. Government work, at least, isn’t going to get as good a set of HR people as the private sector, in my experience… and cops sadly tend to have the We’re Special attitude already, institutionally.)

  4. […] Marko pointed this out, so did Raganwald. […]

  5. english kanigit says:

    I just went through this in an application to a PD. It was totally voluntary and they even had a form drawn up where the applicant would signoff that he was voluntarily releasing that information (or not) for the purposes of a background investigation. Immediately under the check box for deciding NOT to release the information was a clause reminding the applicant that failure on their part to voluntarily release the information sought would be treated as a request by the applicant to withdraw their application for employment.

    This stuff will bite them in the ass eventually.

    • Kristopher says:

      It has already bit them in the ass.

      Every single person not hired by that PD can now sue them, since one’s facebook page contains all the answers to those 30 questions an HR department cannot ask an applicant without being sued in federal court for discrimination.

      If the applicant refuses to supply the facebook permission, and is not hired, he can also sue for the same reasons.

      Dumb. Astoundingly dumb.

  6. badtux99 says:

    The deal with the police departments, I think, is because of embarrassing headlines over the past couple of years where cops had racist / politically incorrect stuff on their Facebook pages — both before and after being hired — that the department didn’t know about until it blew up into a scandal as part of a court case alleging racial bias on the part of the officer where the stuff got subpoena’ed and trotted out in court to embarrass the department. It reminds me of the NYPD banning all NYPD-logo items other than official issue for their police officers after the police commissioner spotting an off-duty cop, one of his bodyguards, walking around wearing a t-shirt saying “Kill Them All” on the front and “NYPD” on the back.

    Sad to say, the bad apples tend to ruin it for everyone else…

    • Kristopher says:

      They might also have a copy of Mein Kampf on their bookshelf. I ‘spose they should also agree to have their home searched to avoid official embarrassment.

      Demanding facebook data leave one open to possible violations of federal anti-discrimination laws. HR departments allow this are leaving their company or agencies up for serious legal losses.

      • Kristopher says:

        Sorry about the grammar and paste up fails….

        Demanding facebook data leaves one open to be sued for possible violations of federal anti-discrimination laws. HR departments that demand this information are leaving their company or agencies exposed for serious legal losses.

      • badtux99 says:

        Actually, it’s quite common for the background investigator in police hiring decisions to do a home interview. And yes, it’s probably bad form to have a copy of Mein Kampf on the bookshelf or photos of you flashing gang symbols on the fireplace mantel when said investigator shows up at your home to do the interview.

        All in all, demanding Facebook passwords is intrusive, STUPID (only a moron would document that he’s a neo-Nazi or gang banger on his Facebook page if he knows that potential employers are going to be looking at it), and most likely a violation of the laws regarding computer trespass that opens HR personnel to potential criminal charges since HR personnel most explicitly do *not* have Facebook’s permission to trespass upon Facebook’s computers in this way. But the chances of such a requirement leading to a successful pre-employment hiring discrimination lawsuit are somewhere between zero and none for the reasons I mention elsewhere.

        • Kristopher says:

          You might want to leave that one to the lawyers, badtux.

          There is good reason that that list of 30 questions is all over the internet. The only reason the odds are low are because most folks are not aware that they can sue over something as innocuous as “How long have you lived in ?”.

        • Kristopher says:

          … innocuous as “How long have you lived in this town?”.

        • badtux99 says:

          Kristopher, you don’t know what I do for a living (hint: What I say on my own blog about my background is as much fiction as fact, I blog as a penguin, for cryin’ out loud!).

          The 30 questions asking or fishing for prohibited information, if asked as part of the hiring process, create a presumption that you are using prohibited information as part of your hiring process. In an employment discrimination lawsuit all that is necessary is to prove that the questions were asked, and immediately there is evidentiary value — that presumption that if the questions were asked as part of the hiring process, they were used as part of the hiring process, and thus pre-employment discrimination occurred.

          Please note that if the hiring manager discovers prohibited information in some other way, such as your Facebook page or blog, you do *not* have a discrimination lawsuit, because you must prove that the prohibited information was used as part of the hiring process. Good luck with that, all the hiring manager has to say is “I was looking for evidence of gang affiliations or criminal activity, I did not notice any prohibited information” and the burden of proof is on YOU to prove otherwise. I can’t think of any employment law attorney, anywhere, who would take such a case on contingency, because the chances of winning it are pretty darn slim and it’d be way expensive — you’d have to hope that the hiring manager or HR are idiots and actually documented that they noticed the prohibited information and used it, meaning a very costly fishing expedition.

          But of course do note that using someone else’s login and password to log into Facebook is criminal computer trespass under federal law, since Facebook has not authorized you to log into their computer. But that is a different situation altogether.

          -Badtux the Legal Penguin

  7. Drang says:

    “Facebook? What’s that?”

    No? How about “I don’t have a Facebook account”?

  8. libertyman says:

    I can think of no reason why I would have a Facebook account. Clearly I am an idiot (in the true sense) because students here at our little college spend about half their time on Facebook. I must be missing something, but I can’t think of what it might be.

  9. Jake says:

    Of course, there’s also the fact that giving your password to someone else violates Facebook’s Terms of Service (Section 4.8.), which I believe is a legally binding contract.

    Do you, as a hiring manager, want to hire the kind of person who is willing to violate a binding contract at the mere prospect of a paycheck?

    I also wonder how legal the practice is. I suspect that most states – if not the fedgov – have a law somewhere against soliciting someone to violate a contract.

  10. badtux99 says:

    Jake, the other question is, do you, as a hiring manager for a police department, want to hire someone whose Facebook page shows him to be a gang-banger or racist skinhead? If they get whanged by a civil rights lawsuit asserting they should have known that the cop they hired was a racist skinhead because his Facebook page was festooned with Nazi stuff, what are they supposed to do — whine about how they didn’t want to violate a minor civil contract where the sole remedy allowed by law in most jurisdictions is the cancellation of the person’s Facebook account? Hmm, $5M lawsuit judgement because the racist cop you hired framed dozens of black people for drug offenses where the “drugs” turned out to be sheetrock dust when actually tested (true story from Texas), vs. the possibility of Facebook finding out you used the cop’s password and threatening a lawsuit (none of which has actually happened). $5M hole in your budget vs an annoying whine from Facebook. From a PD HR beancounter’s perspective, it’s a no-brainer.

    Of course, it’s a crime called “computer trespass” when you log into someone’s computer without their permission — and the HR department decidedly doesn’t have permission to use their applicants’ password to log into Facebook. So unless you’re a police department HR person (with the implied immunity to arrest that this implies), I wouldn’t suggest doing this. Especially if you’re in a jurisdiction where Facebook has access to police resources. Any employer in the Silicon Valley who logged on using an employee’s password would have to worry about the Sheriff’s Department showing up and arresting HR people for computer trespass, because Facebook is an 800 lb gorilla here. But the law is for us little people to follow, not for the cops. Anybody who reads Radley Balko regularly already knows that (sigh!).

    • Kristopher says:

      Badtux99: And if you don’t hire this skinhead or gangbanger, he can now sue you for the wages he would have lost until retirement, plus interest.

      Look up “30 questions you can’t ask a job applicant”, and then get back to us after you have clued yourself.

      • badtux99 says:

        Remember that the person suing for job discrimination has the burden of proof in job discrimination lawsuits. HR people cannot ask the questions directly of job applicants because that creates a pattern of conduct that can be used as evidence in court. Fishing for the information in other ways is not evidential unless you can somehow prove that HR was fishing for prohibited information, i.e., if HR is stupid enough to document that they’re looking at your Facebook page for evidence of a handicap rather than for gang affiliations.

        All in all, successfully suing a potential employer for not hiring you is *hard*, and quite expensive, because you must prove that either a) you (and other candidates) were directly asked for prohibited information (which creates a presumption in favor of the plaintiff class that prohibited information is going to be used in the course of a hiring decision), or b) subpoena huge amounts of data and hope you can find a “smoking gun”, i.e., that they were stupid enough to actually *document* using prohibited data in hiring decisions. The number of successful lawsuits for pre-hiring employment discrimination is quite small and each of them consumed large amounts of legal resources on the part of the plaintiff lawyers. The number of lawyers willing and *able* to take on pre-hiring employment discrimination lawsuits can probably be counted on your fingers and toes, and virtually none of them will take on an individual pre-hiring employment discrimination lawsuit — only a class action one where it’s easier to produce a sufficient judgement to pay for the enormous expenses involved, where any proceeds you as an individual (as vs the lawyer) get out of it will be minimal at best.

        All in all, I’ve been quite amused by the people yelling “discrimination lawsuit!”, because it’s clear that a lot of people have no idea how *hard* it is to win a pre-employment discrimination lawsuit. Here’s a clue: if lawyers won’t take you on contingency, they don’t think your lawsuit is winnable. Good luck finding someone willing to take you on contingency just because you had to give out your Facebook password as part of the hiring process and you weren’t hired. Remember, any schmuck lawyer can take $10K from you and file a lawsuit in a court of law, but winning the lawsuit is a different story.

        • Kristopher says:

          If your facebook page contains information that does put you in a protected class, then they DID provide proof by demanding said data.

          If facebook contains info they are prohibited from asking ( and it does, right on the front of it ), and their job app asks for it, then they just provided proof of this misconduct.

          Bzzzzt. Try again.

  11. Gerry N. says:

    I was a lucky bastige, I guess. After working at a place for nearly ten years, the HR dept acquired a new manager who intended to put his mark on the Company. He realized that I had acquired lead status in my trade dept, but had never completed an employment application. He sent one to me with a letter telling me it was required or I’d have to be terminated. I went immediately to the Pres. (Owner) of the Company and asked what he thought. He looked the letter and form over carefully then said he thought I needed to finish my coffee and get back to work. We acquired a new HR manager a few days later. I continued working there for another 19 years.

  12. Blackwing1 says:

    “Pessimist” is the name an optimist gives to a realist.

Comments are closed.