Two Democratic Senators, Richard Blumenthal of Connecticut and Charles Schumer of New York, have asked the U.S. Department of Justice and the Equal Employment Opportunity Commission to investigate whether U.S. law already prohibits employers to force job applicants to surrender their Facebook passwords.
The practice may violate the Stored Communications Act or the Computer Fraud and Abuse Act.
The SCA grants First Amendment-type protections to online communications, while the CFAA prohibits intentional access without authorization to data stored on a computer.
Blumenthal is already working on a bill that would prohibit employers and prospective employers from requesting access to Facebook accounts. And closer to Facebook’s turf, California State Senator Leland Yee, introduced similar legislation on Friday.
Meanwhile, Blumenthal and Schumer’s letters to U.S. Attorney General Eric Holder and Equal Employment Opportunity Chair Jacqueline A. Berrien follow below:
Dear Attorney General Holder,
We write concerning reports in the media that some employers are requiring job applicants to provide their usernames and passwords to social networking sites like Facebook as part of the hiring process.
We urge the DOJ to investigate whether this practice violates the Stored Communication Act or the Computer Fraud and Abuse Act. The SCA prohibits intentional access to electronic information without authorization or intentionally exceeding that authorization, 18 U.S.C. § 2701, and the CFAA prohibits intentional access to a computer without authorization to obtain information, 18 U.S.C. § 1030(a)(2)(C). Requiring applicants to provide login credentials to secure social media websites and then using those credentials to access private information stored on those sites may be unduly coercive and therefore constitute unauthorized access under both SCA and the CFAA.
Two courts have found that when supervisors request employee login credentials, and access otherwise private information with those credentials, that those supervisors may be subject to civil liability under the SCA. See Pietrylo v. Hillstone Restaurant Group, 2009 WL 3128420 (D.N.J. 2009); Konop v. Hawaiian Airlines, Inc., 302 F.3d 868 (9th Cir. 2002). Although these cases involved current employees, the courts’ reasoning does not clearly distinguish between employees and applicants. Given Facebook terms of service and the civil case law, we strongly urge the Department to investigate and issue a legal opinion as to whether requesting and using prospective employees’ social network passwords violates current federal law.
Dear EEOC Chair Berrien,
We write concerning reports in the media that some employers are requiring job applicants to provide their usernames and passwords to social networking sites like Facebook as part of the hiring process. By requiring applicants to provide login credentials to social networking and email sites, employers will have access to private, protected information that may be impermissible to consider when making hiring decisions. We are concerned that this information may be used to unlawfully discriminate against otherwise qualified applicants.
Facebook and other social networks allow users to control what information they expose to the public, but potential employers using login credentials can bypass these privacy protections. This allows employers to access private information, including personal communications, religious views, national origin, family history, gender, marital status, and age. If employers asked for some of this information directly, it would violate federal anti-discrimination law. We are concerned that collecting this sensitive information under the guise of a background check may simply be a pretext for discrimination.
We strongly urge the Commission to investigate and issue a legal opinion as to whether requesting and using prospective employees’ social network passwords violate current federal law.
Readers: Do you think there should be a law prohibiting employers from requesting Facebook passwords?