Maryland legislators just passed an unprecedented digital labor law in Senate Bill 433. The bill would prevent employers from asking for passwords to websites such as Facebook and Twitter. While other states like California and Illinois are exploring similar legislation, Maryland appears likely to be the first to move. However despite its popularity, this legislation may not be necessary after all.
The bill has strong support from the legislature, passing unanimously in the Senate (44-0) and overwhelmingly in the House (128-10). If signed by Gov. Martin O’Malley, SB 433 would specifically prohibit Maryland employers from:
- Requesting or requiring that an employee or applicant disclose any user name, password, or other means for accessing a personal account or service through specified electronic communications devices.;
- Taking, or threatening to take, specified disciplinary actions for an employee’s refusal to disclose specified password and related information; and
- Downloading specified information or data.
Civil liberties advocates have praised SB 433 for it’s expansive scope and hope future provisions will include college students and athletes. Further, the bill will likely save the state a significant amount of money in legal fees and settlement costs. But was this legislation necessary?
On Friday March 23 Facebook’s Chief Privacy Officer Erin Egan issued a warning that Facebook may take action against employers who demand passwords, either through engaging or taking legal action. Egan explains that these demands violate Section 4, Part 8 of Facebook's Statement of Rights and Responsibilities, which reads:
You will not share your password, (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account.
By requesting a job applicant’s Facebook password, an employer is demanding the applicant violate Facebook’s terms of service, for which he or she could be civilly liable (and at minimum risk having his or her account terminated.) Beyond Facebook, any website concerned about this issue can incorporate similar language in their terms of service.
Having this type of language in the terms of service makes sense for websites. At first glance, one might assume this story only impacts a handful of job applicants in Maryland. In reality, Facebook has a vested interest in protecting its reputation and the goodwill of its hundreds of millions of users around the world. Social media is built on a foundation of trust whereby users voluntarily submit personal information—in a trusted environment—in exchange for similar information from other users. If one user’s account is compromised through coercion, then the foundation of trust will crumble.
Ironically, Kevin Rector of The Baltimore Sun reports SB 433 was inspired by the Maryland state Department of Public Safety and Correctional Services, who asked a job applicant to turn over his Facebook password during the application process. The department said the policy had been a factor in the denial of employment of seven out of 2,689 applicants over the course of a year. The department specifically sought use or presence of verified gang signs in applicant accounts, which would prove detrimental in a correctional environment.
After the American Civil Liberties Union (ACLU) filed a complaint, the department made participation voluntary, however this did not meet the ACLU’s concerns. This led the legislature to take action. Rather than the legislature, Gov. O’Malley might have instead addressed this issue since the state is the employer that was responsible for violating Facebook’s terms of service.
Federal policymakers are also seeking to get involved. U.S. Senators Richard Blumenthal and Charles Schumer recently called on the U.S. Equal Employment Opportunity Commission (EEOC) and the U.S. Department of Justice (DOJ) to launch a federal investigation into this issue. Their press release cites several federal laws and Supreme Court rulings, such as the Stored Communication Act, Computer Fraud and Abuse Act, Pietrylo v. Hillstone Restaurant Group, and Konop v. Hawaiin Airlines, Inc.
There are two market forces already at work solving this problem. First, applicants who view this requirement as onerous won’t apply to work at the businesses that impose it, and those businesses will suffer in the marketplace due to their lower competitiveness in attracting labor. Second and more importantly, Facebook and other websites ultimately have a strong incentive to take legal action to protect their users. Users will patronize websites that meet their needs, including privacy protection, and they will avoid websites that don’t.