Hundreds of cities, dozens of departments in every one of them. Fifty state government, hundreds of departments in each. Thousands of semi-independent departments in the federal government.
You have to figure that just statistically, one of them is going to do something stupid in hiring every once in awhile.
I think there is. The point isn't that Montana is bad or anything like that. The point is that social networking puts us in a weird light.
All of a sudden, we have this dossier we share with our friends (similar to the memories of going to a party or whatnot) that is now a dossier that companies want to see. Not only that, but there's an interesting legal issue here: are companies allowed to inspect your private property?
Can a company looking to hire someone say, "we'd like to hire you, but first you need to give us the keys to your house so we can rummage around and see if there's anything we don't like in there."? That's a huge invasion of privacy. Likewise, our social networking profiles often have privacy controls for similar reasons - and sets them up to be sued very easily.
For example, (generally speaking) a company isn't allowed to discriminate on religious grounds when hiring. If an HR person asks about it and doesn't hire you, you've got decent grounds to sue. By asking for my social networking password, they can get access to that information without asking for it. Likewise, there's all sorts of stuff on our profiles that you can't ask about during an interview without running afoul of the law.
The broader point is that there's a potential loss of privacy and employment rights here that's very serious. If someone decides not to hire me because of my sexual orientation that they learned from getting my social networking password, that's highly illegal. And this is a way of getting those questions answered that aren't allowed to be asked without it seeming like you're asking them.
Social networks are for "friends". People we want to share certain data with easily. This data is often things we don't want potential employers to see or use in judging us - not because it paints us in a bad light like red solo cups might, but because my sexual orientation, political affiliation, group affiliations, religion, relationship status, etc. are all not things that employers should have the right to use when determining whether I am a good employee.
How about if the naming and shaming takes place at Reddit, Digg or any number of other online communities where that sort of thing is not only acceptable but encouraged? I, for one, would prefer not to see posts here whose sole purpose is to point out the fact that someone working for a local government in Montana made a mistake.
Besides, while this kind of practice may be particularly loathsome to us it doesn't seem to be bothering the people filling out the applications. The article says no candidate has withdrawn from consideration over the policy. Further, when presented with an alternative method to check out profiles without usernames and passwords they said they'd look into it. It seems like a simple mistake made by someone who doesn't necessarily have the most acute awareness of how social networking sites work.
Not sure who's dumber -- the person working for the City that decides this is actually a good idea, or the person applying for the job who actually gives them their user name and password on the job application.
If you're the kind of person applying for a municipal job in Bozeman, MT, it's probably very smart to comply with this request. Which is why cities shouldn't be making it.
From the article: "No one has ever removed his or her name from consideration for a job due to the request, Sullivan added."
This reminds me of the Milgram Experiment, in that very few will refuse authorities orders on even severe matters (in the experiment it was potentially killing someone), so why are people going to refuse it on something seen to be as trivial as a facebook password. However, this is a breach of one of the fundamental human rights, the privacy of thought which in the US has been extended, in some cases, to entire laptops at border crossings.
I miss Bozeman, MT, but this is one of the reasons I'll never be returning. I guarantee that most of the population there doesn't see why this would be a big deal. Drunk driving is a forgivable offense, actin' up on the internet is not.
Really? I spend a summer working in Glacier Park, and I have a friend who lives out there, but I just can't understand what aspect of "actin' up on the internet" would be intolerable. Are they just trying to figure out if you're some type of sexual freak or pervert, or what?
The /. comments on this were rather good too. Points made:
1. Most sites have a terms of service that says you will not give you login information out to anyone else, or allow anyone else to login to your account. So by requesting this information the City is asking potential applications to violate a contract. Especially since they specifically mentioned Facebook and this is in the Facebook ToS.
2. There are a lot of things that are illegal for employers to ask for (sexual preference, groups that you belong to, ethnicity, etc) and most of these things are present in someone's Facebook profile. So by requiring access to Facebook, you are requiring them to hand over access to information that it is illegal to require...
3. Lots of people use the same password for multiple accounts. Their Facebook password could be their online banking password. That puts an employer at a HUGE liability if one of the employees breaks into this information to do some identity theft. Even if some 3rd party gains access through another method, you could be investigated as the possible leak and/or theif.
4. By requiring users to provide this information (i.e. passwords to personal accounts) you're only going to end up with employees that will easily give out secure information. The vulnerability of your workplace to social engineering attacks will go WAY up because anyone that would be smart enough to question whether there really is a 'Bob from IT' that 'needs their password' are people that wouldn't fill in their information into the application.
5. Employers that do this open themselves up to possible lawsuits from people for requiring information that no one will ever truthfully fill out and then using it as some sort of 'we can fire you at any time because we know that you lied on your application' carrot over someone's head.
Edit:
Also, I could give my Facebook login to this employer. Deface my Facebook account, then claim that the company/ did it b/c the company had access to that information.
Tagentially related: I have actually been planning on putting some clarifying information on any future resumes that I send out indicating where my website is, where you can find some "jerf" postings, and which are not me. I don't even use Facebook and the last thing I need is to lose some job because some guy with my same name is out there making ethnic slurs or something on a Facebook page.
I'm actually surprised that we haven't seen a news story about that, perhaps because if it happens you'll never know that's why you didn't get the job. As more people come on the Internet, the odds of your name or handle being truly unique go down. The google results for "jerf" have gone from all me, all the time in 1999, to a random hodgepodge of results, mostly courtesy of user accounts on high-page-rank services I don't use that aren't me, oh, and oi for that Urban Dictionary result. (That one was news to me. I could have gone without knowing that one, even though I'm sure it's another of UB's crappy "some guy somewhere used this word once and I'm going to put it on UB" results.) And my real name's results have long since been cluttered by "not me", some of which are even close enough to me to be confusing to a potential employer due to technology interests.
I wonder if anyone is pointing out to them that the privacy violation goes beyond the privacy of just the job applicant.
Friends and business associates of the job applicant also have privacy expectations around content they intend to be viewable only by trusted individuals.
"You know, I can understand that concern. One thing that's important for folks to understand about what we look for is none of the things that the federal constitution lists as protected things, we don't use those. We're not putting out this broad brush stroke of trying to find out all kinds of information about the person that we're not able to use or shouldn't use in the hiring process," Sullivan said.
That's what I mean - by that quote you can see they still don't get it. He's talking about "the person" (his words). There is more than one person getting their private information reviewed. And the article says "The requirement raises questions concerning applicants' privacy rights." So the reporter doesn't get it either. It's not just affecting the applicant.
That quote is in reply to:
"Another concern the applicant raised was that by providing the City with a Facebook user name and password the City not only has access to the applicant's page but also to the pages belonging to all of the applicant's Facebook "friends.""
I think they get it just fine, they just don't care.
That's a nice thought, and I have had similar ones, but my instinct is that you have the ability to effect more change as a motivated free programmer than a single lawyer ever could. I don't think there is any possibility of one person, no matter how competent, changing the system from the inside, subject to the system's rules.
The tools of change are technological, not legal. Instead of trying to change the law, render it obsolete and utterly unenforcable, and "win" by fait accompli.
I feel a similar way about file sharing. I personally believe very strongly that the ability to send arbitrary files to arbitrary recipients unmolested is a right akin to free speech. But there is no point trying to "beat the system". The solution is to invent technology which renders the law an unenforcable joke.
It's a great time to be a programmer. The tools and opportunity to change the future course of events are right in front of us, to a degree far in excess of what your average non-billionaire voter (or lawyer) could ever enjoy.
We don't need more individual lawsuits. We need plausible deniability implemented in social networks, at a stroke rendering unreliable the whole practise of evaluating someone by their online activities. Sounds like a challenge to me!
I like your enthusiasm for having tech solve societal problems. And I can see your point but, as an incurable optimist, I still have to believe that one person can make a difference. (Yeah, yeah cue the orchestra with inspirational music.) Plus, it's not like the ACLU is one person.
But why not attack the problem from multiple points? Attack with both a legal and technological response.
New business opportunity.
1, Apply listing "Gay Jewish Disabled Veterans - Bin Laden for president" as the web site
2, Get rejected
3, Sue
4, Profit....
Why is the password necessary? That's what I don't get. I totally understand why a government agency would want to be able to see public information, but this implies that they want to see what isn't public as well.
You have to figure that just statistically, one of them is going to do something stupid in hiring every once in awhile.
Is there are broader point to be made here?