Employers, Government Agencies, and Colleges Are Demanding Applicants’ Facebook Passwords

By Bob Sullivan / msnbc / March 6, 2012

If you think privacy settings on your Facebook and Twitter accounts guarantee future employers or schools can’t see your private posts, guess again.

Employers and colleges find the treasure-trove of personal information hiding behind password-protected accounts and privacy walls just too tempting, and some are demanding full access from job applicants and student athletes.

In Maryland, job seekers applying to the state’s Department of Corrections have been asked during interviews to log into their accounts and let an interviewer watch while the potential employee clicks through wall posts, friends, photos and anything else that might be found behind the privacy wall.

Previously, applicants were asked to surrender their user name and password, but a complaint from the ACLU stopped that practice last year. While submitting to a Facebook review is voluntary, virtually all applicants agree to it out of a desire to score well in the interview, according Maryland ACLU legislative director Melissa Coretz Goemann.

Student-athletes in colleges around the country also are finding out they can no longer maintain privacy in Facebook communications because schools are requiring them to “friend” a coach or compliance officer, giving that person access to their “friends-only” posts. Schools are also turning to social media monitoring companies with names like UDilligence and Varsity Monitor for software packages that automate the task. The programs offer a “reputation scoreboard” to coaches and send “threat level” warnings about individual athletes to compliance officers.

A recent revision in the handbook at the University of North Carolina is typical:

“Each team must identify at least one coach or administrator who is responsible for having access to and regularly monitoring the content of team members’ social networking sites and postings,” it reads. “The athletics department also reserves the right to have other staff members monitor athletes’ posts.”

All this scrutiny is too much for Bradley Shear, a Washington D.C.-lawyer who says both schools and employers are violating the First Amendment with demands for access to otherwise private social media content.

 “I can’t believe some people think it’s OK to do this,” he said. “Maybe it’s OK if you live in a totalitarian regime, but we still have a Constitution to protect us. It’s not a far leap from reading people’s Facebook posts to reading their email. … As a society, where are we going to draw the line?”

 Aside from the free speech concerns, Shear also thinks colleges take on unnecessary liability when they aggressively monitor student posts.

 “What if the University of Virginia had been monitoring accounts in the Yeardley Love case and missed signals that something was going to happen?” he said, referring to a notorious campus murder. “What about the liability the school might have?”

 Shear has gotten the attention of Maryland state legislators, who have proposed two separate bills aimed at banning social media access by schools and potential employers. The ACLU is aggressively supporting the bills.

 “This is an invasion of privacy. People have so much personal information on their pages now. A person can treat it almost like a diary,” said Goemann, the Maryland ACLU legislative director. “And (interviewers and schools) are also invading other people’s privacy. They get access to that individual’s posts and all their friends. There is a lot of private information there.”

 Maryland’s Department of Corrections policy first came to light last year, when corrections officer Robert Collins complained to the ACLU that he was forced to surrender his Facebook user name and password during an interview. The state agency suspended the policy for 45 days, and eventually settled on the “shoulder-surfing” substitute.

 “My fellow officers and I should not have to allow the government to view our personal Facebook posts and those of our friends just to keep our jobs,” Collins said to the ACLU at the time.

 Agency spokesman Rick Binetti confirmed the new policy, but wouldn’t comment on it or the proposed law which may ban it.

It’s easy to see why an agency that hires prison guards would want to sneak a peek at potential employees’ private online lives. Goemann said that prisons are trying to avoid hiring guards with potential gang ties — the agency told the ACLU it had reviewed 2,689 applicants via social media, and denied employment to seven because of items found on their pages.

“All seven of these individuals’ social media applications contained pictures of them showing verified gang signs (signs commonly known to law enforcement which are utilized by gangs),” the Department of Corrections told the ACLU in response to questions it asked about the program. It stressed the voluntary nature of social media inspection, noting that five of the 80 employees hired in the last three hiring cycles didn’t provide access.

For student athletes, though, the access isn’t voluntary. No access, no sports.

 “They’re saying to students if you want to play, you have to friend a coach. That’s very troubling,” said Shear, the D.C. lawyer. “A good analogy for this, in the offline world, would it be acceptable for schools to require athletes to bug their off-campus apartments? Does a school have a right to know who all your friends are?”

There have been many high-profile embarrassing moments born of the toxic combination of student-athletes and Twitter. North Carolina defensive lineman Marvin Austin tweeted about expensive purchases on his account two years ago, then became subject of an NCAA investigation about improper conduct with a player agent. The incident led, in part, to the school’s aforementioned aggressive social media policy.

So it’s not surprising that many schools want to keep a careful eye on what students are posting online.

But avoiding an uncomfortable moment is not a good enough reason to squash free speech, Spear says. Plenty of settled case law in the U.S. sides with students’ rights to express themselves publicly, he said, including numerous cases involving student newspapers. Public displays of protest are also protected: A landmark 1969 Supreme Court decisions known as Tinker vs. the Des Moines School District said school officials couldn’t prevent students from wearing armbands protesting the Vietnam War as long as they weren’t inciting violence.

Colleges have legitimate concerns about the things students post on social media accounts, but they should “deal with that issue the way they deal with everything else. They should educate,” Shear said.

 “Schools are in the business of educating, not spying,” he added. “We don’t hire private investigators to follow students wherever they go. If students say stupid things online, they should educate them … not engage in prior restraint.”

 Goemann also noted that the rush to social media monitoring raises an often overlooked legal concern: It’s against Facebook’s Terms of Service.

 “You will not share your password … let anyone else access your account or do anything else that might jeopardize the security of your account,” the site says in its policies.

 Frederic Wolens, a Facebook spokesman, wouldn’t comment on the Maryland legislative proposals, but he said many of these school and employer policies appear to violate the site’s terms.

“Under our terms, only the holder of the email address and password is considered the Facebook account owner. We also prohibit anyone from soliciting the login information or accessing an account belonging to someone else,” he said in a statement to msnbc.com. Wolens said Facebook has yet to take a position on collegiate social media monitoring.

Social media monitoring on colleges, while spreading quickly among athletic departments, seems to be limited to athletes at the moment. There’s nothing stopping schools from applying the same policies to other students, however. And Shear says he’s heard from college applicants that interviewers have requested Facebook or Twitter login information during in-person screenings.

The practice seems less common among employers, but scattered incidents are gaining attention from state lawmakers. The blog Tecca.com last year showed what it said was an image of an application for a clerical job with a North Carolina police department that included the following question:

 “Do you have any web page accounts such as Facebook, Myspace, etc.? If so, list your username and password.”

 And the state of Illinois has followed Maryland’s lead and is considering similar legislation to ban social media password demands by employers.

But Shear says a patchwork of state laws isn’t good enough when the stakes are this high.

 “We need a federal law dealing with this,” he said. “After 9/11, we have a culture where some people think it’s OK for the government to be this involved in our lives, that it’s OK to turn everything over to the government. But it’s not. We still have privacy rights in this country, and we still have a Constitution.”