City Requires Job Applicants To Hand Over All Online Usernames And Passwords

from the privacy,-much? dept

Slashdot points us to the incredible story that the city of Bozeman, Montana, as part of its hiring screening process requires applicants to not just list out what social networks and online sites they are “members” of, but to provide full login info, including passwords to all of those sites. What’s even more incredible, is how the city defends it:


“So, we have positions ranging from fire and police, which require people of high integrity for those positions, all the way down to the lifeguards and the folks that work in city hall here. So we do those types of investigations to make sure the people that we hire have the highest moral character and are a good fit for the City,”

Apparently, having “the highest moral character” doesn’t include knowing better than to violate prospective employees’ privacy — and the privacy of people they communicate with via social networks. When the newspaper reporter writing the story asked why the city didn’t just create, say, a page on Facebook and ask applicants to “friend” it in order to see their profile, the city attorney seemed surprised that this was even possible, noting that he would explore that option.

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “City Requires Job Applicants To Hand Over All Online Usernames And Passwords”

Subscribe: RSS Leave a comment
84 Comments
Keven Suttonsays:

So...

If you gave them the wrong password, or changed the password, or their tech typed it in wrong for one reason or another, what exactly happens then?

beyond privacy, there is safety and security to think about. Changing passwords regularly is a common practice for increased security, do they require resubmitting of new passwords?

What if you just didn’t tell them anything and claimed no web presence? I know a few people who still have no E-footprint. Does that make them ineligible for employment?

this just brings up too many questions without even hitting on privacy rights that it’s disgusting.

Ima Fishsays:

Re: So...

this just brings up too many questions…

What if you forgot to mention a geocities site you had back in the 90s. Could they then fire you for lying on your application because you failed to include it?!

I’ll just say this, the background information I provided to my state’s bar to get my law license was much less invasive than the procedure to become a janitor at the city hall in Bozeman, Montana

Ima Fishsays:

I personally would not even provide a list of places I write on the net. What I do on my free time is none of their business. But to ask for such a list along with login and password information… that’s fricken insane! Lunacy. Asininity! (If, asininity is even a real word.)

It is my hope that this policy is derived from the utter ignorance of a single person. And once that person is set straight, some sanity will prevail. Of course hope and five cents will at best get you a nickel.

Pixelpusher220says:

Re:

What people do on their own free time is, as you say, their own business….to a point.

If you are applying for a position and your personal writings, beliefs and postings indicate a clearly divergent philosophy than required or expected, yes you should notify your prospective employer of your conflict of interest/beliefs.

But for the vast majority of cases, personal should equal private.

Sneejesays:

Re: Re: Re:

And good thing the US Constitution allows someone to not hire you or fire you if they don’t agree with your personal writings, beliefs and postings.

The first amendment does not apply to businesses, only to relationship between citizens and the government. No business has to tolerate how you behave in your personal life if they believe that it reflects poorly on their business and your commercial relationship to them as long as they do not discriminate and follow labor laws.

Re: private to a point...what point?

What about the newly-graduated teacher who’s job offer was withdrawn after some Bored of Education member found the woman’s Facebook page. It showed her at a party fully clothed with a big smile on her face wearing a party hat with a red cup in her hand. She was 25 at the time of the photo. Nothing illegal or even immoral. Totally a none-of-your-beeswax situation. Yet they essentially fired her because of that page.

I think this bozon of an attorney should be asked to defend the cities discriminatory hiring practices in court, get his ass spanked big time, cost the city lots of money, and ultimately get fired. I wonder who’d hire him after that?

known cowardsays:

Re: Re: private to a point...what point?

the RIAA?

Michael Vilan wrote:

What about the newly-graduated teacher who’s job offer was withdrawn after some Bored of Education member found the woman’s Facebook page. It showed her at a party fully clothed with a big smile on her face wearing a party hat with a red cup in her hand. She was 25 at the time of the photo. Nothing illegal or even immoral. Totally a none-of-your-beeswax situation. Yet they essentially fired her because of that page.

I think this bozon of an attorney should be asked to defend the cities discriminatory hiring practices in court, get his ass spanked big time, cost the city lots of money, and ultimately get fired. I wonder who’d hire him after that?

Justinsays:

Terms of service

4.6 from the Terms of service from Facebook.

“6. You will not share your password, let anyone else access your account, or do anything else that might jeopardize the security of your account.”

I am guessing there are many other sites that have something very similar.

So based on some of the more recent rulings, violating the terms of service can land you in jail or with a fine. So now the city won’t hire me because I committed a crime. It looks like the city of Bozeman is not going to have any employees pretty soon. This city attorney is a dumbass and needs to get shitcanned quick

E-Rockersays:

When the newspaper reporter writing the story asked why the city didn’t just create, say, a page on Facebook and ask applicants to “friend” it in order to see their profile, the city attorney seemed surprised that this was even possible, noting that he would explore that option.

It’s sad when the people in charge don’t understand the technology they’re trying to use.

Anonymoussays:

“When … asked why the city didn’t just create, say, a page on Facebook and ask applicants to “friend” it in order to see their profile, the city attorney seemed surprised that this was even possible, noting that he would explore that option.”

This shouldn’t even be required. Again, more examples of two steps forward, one step back, two steps forward, one step back. Until, before we know it, we have no freedom.

RDsays:

A point that was missed

While the idea is absolutely, 100% ludicrous (NOT LUDACRIS DAMMIT! thats a rapper) that you would be expected to turn over these passwords, what is even more troubling (and beyond even this absurdity) is that this is on THE APPLICATION BEFORE YOU EVEN GET THE JOB!! Sorry guys, even if, when I took the job, I agreed to hand this stuff over (and I wouldnt, anyway) there is no way whatsoever I am going to do it just to APPLY for a job. If thats your requirement, shove your job and I’ll see you in court.

btr1701says:

TOS Violation

One major issue with this (aside from the privacy concerns) is that it?s a violation of Facebook’s terms of use to “share” your password.

And now with that Lori Drew case, we have a federal precedent that violating the TOS of a computer service is a criminal offense, so… basically the city of Bozeman is asking job applicants to commit a federal crime to apply for a job. And since they?re a material party to the violation, the city is on the hook for conspiracy as well.

Pete Ssays:

They should be fired...

I would guess that the person who created this policy has no idea what they are talking about. They probably want to look at the site, but instead requested all their login information. Also you would be giving others the ability to make public statements, declarations, and actions using your identity. May facebook users have credit card information, and other potentially abusable information link to their account. Can I get a background, cory and a financial staement of the person who would log in using my name and id? If not then they should be sued immediately afterward (claim that thousands of dollars were charged to your name…) They’ll never know it was really you ;).

This policy maker is totally unaware of what they are regulating. They should be fired.

Anonymoussays:

Re: They should be fired...

Also you would be giving others the ability to make public statements, declarations, and actions using your identity.

This is exactly what I thought of, and i’m surprised more people haven’t mentioned it. This isn’t just an issue about privacy, this is handing over your identity. To apply for a job you’re required to allow anyone who wants to to pose as you anywhere on the Internet? How is this not paralyzingly-frightening?

sn4tchbuckl3rsays:

Idiots!

No way would I give them my logins and especially not my passwords.
Are they going to provide me their login info because they are fine upstanding employees of the state/city and have nothing to hide?
I know, they should post it in the “blue book” or whatever the state publishes along with their annual salary. That would be awesome!

Anonymous12says:

@Adam:
In a word or two: BS
You waived the right to anonymity when you posted on Facebook or any other blog/social network.

Should they require you post your profile info: no. But I would provide it (mind you not the username password!) so they can see what kind of person I am.

So Adam, are you completely illiterate, or just a dumb-ass POS? You would provide it but not provide all of it? Then you loose idiot. Besides the idiocy of such a requirement, let’s see how far this can go…

Hell you know maybe the mayor of the town’s video rental record should be made public so that we can see if he/she is of “good moral character”? Why not right? We have a right to know everything right? That’s why there should be bounderies between “private” and “public” life. People don’t have a need or a right to know what isn’t available through legal means. They can ask anything they want on some questionaire, but this is beyond absurd. Also think about it, do you really want people who have no regard for personal privacy as your main law enforcement members?
I can see it now “Fourth amendment, you’ve been reading too many comic books dude. That’s so last century..” IDIOTS!

Anonymous12says:

Please monitor all my private communications with my family,friends, and spouse so I can get your job. Feel free also to read my personal messages to my spouse, and snoop away. The city is asking people not only to break the law, but now allow city-sanctioned harrassment and monitoring of personal lives. This is straight up authoritarianism anti-American BS. Nothing more, nothing less.

This is just plain ridiculous. Individuals have the right to privacy and a personal life. If the city is so concerned about social networking sites and their employees then perhaps they should have someone on staff to investigate these things. It is incredibly easy to find anyone on facebook, myspace, twitter, etc. It might be understandable to have a policy that requires your accounts to be private if you work for the city, but to ask “potential” candidates to hand over their passwords is just wrong.

Hephaestussays:

Every Site I am a member of .... hmmmm....

“Please list any and all, current personal or business websites”

Does this includes Banks, brokerages, e-bay, amazon, utilities?

Yeah I want some under paid city worker with access to a half a dozen bank accounts, my brokerage account, and the ability to one click his way through every item on Amazon, the ability to shut off my electricity, water, cable, and cell phone service.

Sure here is my info ….

username : U.R.An.Idiot
Password : GetAClue

What in the Hell are they thinking?

-This Violates the TOS of most sites
-This Opens the city to civil actions
-This violates computer trespass Laws in pretty much every state
-This Violates The federal computer fraud and abuse statute, 18 U.S.C. 1030
http://fpc.state.gov/documents/organization/103707.pdf

DJsays:

a common misconception

Unless by doing so you are granting access to classified/confidential information, realeasing your own login information of your own volition IS NOT against the law.

To put it another way, is leaving your house key underneath the welcome mat ILLEGAL? NO, of course not! Is it STUPID? Yes!
However, if someone were to come along and gain access to your house by using that key, and steal your belongings…THAT is what’s illegal.

JohnRaven,CHT,CSHsays:

Re: Illegal

According to the recent Drew court case, if they were to use those login names and passwords in ANY WAY, that would be a violation of the TOS for the website most likely which would make them guilty under the “accessing protected computers without authorisation to obtain information” that Drew was convicted under.

Not to mention, if the TOS says not to share your password or account information, they are asking you to commit a crime to work for them.

WONDERFUL!

And we WONDER why the terrorists call us the Great Satan?!

JohnRaven,CHT,CSHsays:

Re: Re: Re: Illegal

if you provide someone with your login information, you
are GIVING THEM AUTHORIZATION TO ACCESS YOUR ACCOUNT.

Unless the TOS specifically says you may not give your password to someone. Then, according to the Drew case, both you AND (in this case) the person accessing the site would be guilty of violating the ToS and therefore guilty of accessing a computer system illegally.

I didn’t say I agreed with it, that was the ruling.

Dark Helmetsays:

Re: Re: Illegal

“And we WONDER why the terrorists call us the Great Satan?!”

Way to end a relatively good point with stupidity. They call us the Great Satan for the same reason we refer to every armed fighter we don’t agree with as terrorists: because hyperbole is a fantastic motivator.

Nor, by the way, is hyperbole relegated only to the “bad guys”. We do it too. Arguably more often.

DJsays:

TOS violations

TOS violations ARE NOT ILLEGAL!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

They are Terms of SERVICE!!!!!!!

Which means if you violate them, the site can terminate the service they are providing to you. TOS protect the site FROM legal action BY USERS.

That’s it.

They CANNOT DO ANYTHING ELSE.

JohnRaven,CHT,CSHsays:

Re: TOS violations

TOS violations ARE NOT ILLEGAL!

Sadly, you are wrong. We all believed that as well. If I break the TOS of X site, the X has the right to terminate my usage (ie. account) but it wasn’t thought of as illegal.

But Lori Drews was convicted because she used another name to create an account, which broke the TOS of the site. The court ruled that she was guilty of (basically) computer fraud.

Again, I do not agree with it. I’m telling you the precedent has been set.

DJsays:

Re: Re: TOS violations

The Lori Drew case is all screwy. They went after her on the premise that she had caused a suicide, then added some BS on top; unfortunately it was the BS that stuck and not the suicide. I’d wager it stuck because no one in the jury could stomach letting her off without so much as a slap on the wrist.

The thing is, as long as the TOS doesn’t specify otherwise, “X site” can’t take legal action. That doesn’t mean they won’t try, though; and if you and/or your attorney don’t know how to READ they’ll win.

Anonymoussays:

I left the city council’s E-Mail address for all to forward their comments to. But it occurred to me that if they require User information to get a job, that these Bozos don’t have a clue about technology, which = no clue about using E-Mail. Sooo here is the snail mail address
Mailing Address: City Commission, P.O. Box 1230, Bozeman, MT 59771-1230
Fax: 582-2344
City Clerk’s Office: 582-2321, 582-2320

Durkssays:

ILLEGAL as well

I think it’s important to also note that should a Bozeman employee utilize this login information to look at say a MySpace or Facebook page that it is illegal under Montana Code. – Unlawful use of a computing resource.
Not only is Bozeman being shortsighted and ignorant about the technology involved, but they may well be asking their own current employees or representatives to BREAK THE LAW of the State of Montana (and probably federal as well, does the DMCA have anything about using another’s login info for the purposes of retreiving information?)

Anonymous12says:

No business has to tolerate how you behave in your personal life if they believe that it reflects poorly on their business and your commercial relationship to them as long as they do not discriminate and follow labor laws

You’re right, and that’s a completely seperate legal/ethical issue than the one being discussed here.
Kudos for being irrelevant.

siliconbanditsays:

Heres a thought...

Reading over the article from the montana news-station website, it occurs to me that there may just be a simpler and just as hot button topic for this little hoohah:
Discrimination.

I would like the state officials to provide me a detailed explanation on the vague terms “of good moral character”.

The City takes privacy rights very seriously, but this request balances those rights with the City’s need to ensure employees will protect the public trust, according to city attorney Greg Sullivan.

Which will never be the same again. You want the public to trust their officials? How can they when the officials can’t trust each other.

Wonder what happened to a simple police/crim-check and previous work references providing enough information to read between the lines?

Incidently, you can have my access codes when you pry them from my cold dead hands ­čÖé

Katiesays:

RE: “You waived the right to anonymity when you posted on Facebook or any other blog/social network.”

Actually, no. I didn’t. I specifically have modified my privacy settings so only a few can see my social networking profiles. If I’ve got my profile set to the point where you can’t even find my name in a search, much less see any content on my profile, and if even 99% of my friends can’t see everything on my profile, it’s very clear that I have done my best to protect my privacy, the privacy of my friends who choose to post on my site, and the privacy of those I work with/for.

And asking me to hand you my usernames/password is not only a TOS violation, but an utter violation of my privacy. I wouldn’t even consider working for someone who had so little respect for my privacy or so little trust in me as a person.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop ┬╗

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...
This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it