City Requires Job Applicants To Hand Over All Online Usernames And Passwords
from the privacy,-much? dept
Slashdot points us to the incredible story that the city of Bozeman, Montana, as part of its hiring screening process requires applicants to not just list out what social networks and online sites they are “members” of, but to provide full login info, including passwords to all of those sites. What’s even more incredible, is how the city defends it:
“So, we have positions ranging from fire and police, which require people of high integrity for those positions, all the way down to the lifeguards and the folks that work in city hall here. So we do those types of investigations to make sure the people that we hire have the highest moral character and are a good fit for the City,”
Apparently, having “the highest moral character” doesn’t include knowing better than to violate prospective employees’ privacy — and the privacy of people they communicate with via social networks. When the newspaper reporter writing the story asked why the city didn’t just create, say, a page on Facebook and ask applicants to “friend” it in order to see their profile, the city attorney seemed surprised that this was even possible, noting that he would explore that option.
Filed Under: bozeman, job applicants, privacy, social networks
Comments on “City Requires Job Applicants To Hand Over All Online Usernames And Passwords”
So...
If you gave them the wrong password, or changed the password, or their tech typed it in wrong for one reason or another, what exactly happens then?
beyond privacy, there is safety and security to think about. Changing passwords regularly is a common practice for increased security, do they require resubmitting of new passwords?
What if you just didn’t tell them anything and claimed no web presence? I know a few people who still have no E-footprint. Does that make them ineligible for employment?
this just brings up too many questions without even hitting on privacy rights that it’s disgusting.
Re: So...
“this just brings up too many questions…“
What if you forgot to mention a geocities site you had back in the 90s. Could they then fire you for lying on your application because you failed to include it?!
I’ll just say this, the background information I provided to my state’s bar to get my law license was much less invasive than the procedure to become a janitor at the city hall in Bozeman, Montana
I personally would not even provide a list of places I write on the net. What I do on my free time is none of their business. But to ask for such a list along with login and password information… that’s fricken insane! Lunacy. Asininity! (If, asininity is even a real word.)
It is my hope that this policy is derived from the utter ignorance of a single person. And once that person is set straight, some sanity will prevail. Of course hope and five cents will at best get you a nickel.
Re: Re:
What people do on their own free time is, as you say, their own business….to a point.
If you are applying for a position and your personal writings, beliefs and postings indicate a clearly divergent philosophy than required or expected, yes you should notify your prospective employer of your conflict of interest/beliefs.
But for the vast majority of cases, personal should equal private.
Re: Re: Re:
“If you are applying for a position and your personal writings, beliefs and postings indicate a clearly divergent philosophy than required or expected”
Good thing the US Constitution allows for that as long as you’re not doing anything illegal, which is what background checks are for.
Re: Re: Re: Re:
And good thing the US Constitution allows someone to not hire you or fire you if they don’t agree with your personal writings, beliefs and postings.
The first amendment does not apply to businesses, only to relationship between citizens and the government. No business has to tolerate how you behave in your personal life if they believe that it reflects poorly on their business and your commercial relationship to them as long as they do not discriminate and follow labor laws.
Re: Re: Re:2 Re:
1) “The first amendment does not apply to businesses”
yes it does. moving on.
2) ” only to relationship between citizens and the government”
Which is EXACTLY what’s going on here. It’s the CITY OF BOZEMAN that’s requiring this, which is a government.
Re: Re: Re:3 Re:
1) No, sorry, it doesn’t. You cannot say whatever you want on or off the job while on the job and your employer has to accept it. The first amendment applies to your freedom of persecution from the government. Moving on.
Re: Re: Re:4 Re:
Sorry, that wasn’t so clear–if your speech impedes your ability to do your job or *represent your employer (government or not)*, you cannot claim first amendment protection.
Re: Re: Re:5 Re:
Separation of church and state. My personal beliefs hold no bearing to a government job, and as such do NOT have to be revealed. To even /ask/ after someone’s beliefs in an application or interview is ILLEGAL.
Re: Re: Re:6 Re:
But it is not illegal to consider beliefs and utterances that have been aired in a public forum. Don’t get me wrong, they have no standing to ask for usernames and passwords, but anything they can see freely without them is fair game.
Re: Re: private to a point...what point?
What about the newly-graduated teacher who’s job offer was withdrawn after some Bored of Education member found the woman’s Facebook page. It showed her at a party fully clothed with a big smile on her face wearing a party hat with a red cup in her hand. She was 25 at the time of the photo. Nothing illegal or even immoral. Totally a none-of-your-beeswax situation. Yet they essentially fired her because of that page.
I think this bozon of an attorney should be asked to defend the cities discriminatory hiring practices in court, get his ass spanked big time, cost the city lots of money, and ultimately get fired. I wonder who’d hire him after that?
Re: Re: Re: private to a point...what point?
the RIAA?
Michael Vilan wrote:
What about the newly-graduated teacher who’s job offer was withdrawn after some Bored of Education member found the woman’s Facebook page. It showed her at a party fully clothed with a big smile on her face wearing a party hat with a red cup in her hand. She was 25 at the time of the photo. Nothing illegal or even immoral. Totally a none-of-your-beeswax situation. Yet they essentially fired her because of that page.
I think this bozon of an attorney should be asked to defend the cities discriminatory hiring practices in court, get his ass spanked big time, cost the city lots of money, and ultimately get fired. I wonder who’d hire him after that?
Re: Re: Re:2 private to a point...what point?
“Bored of Education”?
Re: Re:
its asininity even if it ISNT a real word
Re: Re:
“””It is my hope that this policy is derived from the utter ignorance of a single person. And once that person is set straight, some sanity will prevail. Of course hope and five cents will at best get you a nickel.”””
Here’s your nickel back.
Terms of service
4.6 from the Terms of service from Facebook.
“6. You will not share your password, let anyone else access your account, or do anything else that might jeopardize the security of your account.”
I am guessing there are many other sites that have something very similar.
So based on some of the more recent rulings, violating the terms of service can land you in jail or with a fine. So now the city won’t hire me because I committed a crime. It looks like the city of Bozeman is not going to have any employees pretty soon. This city attorney is a dumbass and needs to get shitcanned quick
When the newspaper reporter writing the story asked why the city didn’t just create, say, a page on Facebook and ask applicants to “friend” it in order to see their profile, the city attorney seemed surprised that this was even possible, noting that he would explore that option.
It’s sad when the people in charge don’t understand the technology they’re trying to use.
“When … asked why the city didn’t just create, say, a page on Facebook and ask applicants to “friend” it in order to see their profile, the city attorney seemed surprised that this was even possible, noting that he would explore that option.”
This shouldn’t even be required. Again, more examples of two steps forward, one step back, two steps forward, one step back. Until, before we know it, we have no freedom.
Re: Re:
and the reason this shouldn’t be required is because we should have the right to be anonymous.
Re: Re: Anonymity
You waived the right to anonymity when you posted on Facebook or any other blog/social network.
Should they require you post your profile info: no. But I would provide it (mind you not the username password!) so they can see what kind of person I am.
Re: Re: Re: Anonymity
That makes you the problem. If everyone just refused to give the info they will be forced to change there policy. You should get the death penalty.
A point that was missed
While the idea is absolutely, 100% ludicrous (NOT LUDACRIS DAMMIT! thats a rapper) that you would be expected to turn over these passwords, what is even more troubling (and beyond even this absurdity) is that this is on THE APPLICATION BEFORE YOU EVEN GET THE JOB!! Sorry guys, even if, when I took the job, I agreed to hand this stuff over (and I wouldnt, anyway) there is no way whatsoever I am going to do it just to APPLY for a job. If thats your requirement, shove your job and I’ll see you in court.
Re: A point that was missed
“shove your job and I’ll see you in court”
Why sue?? Go find a better job and move on. It’s a state-employed position, which makes it VERY easy to do that.
TOS Violation
One major issue with this (aside from the privacy concerns) is that it’s a violation of Facebook’s terms of use to “share” your password.
And now with that Lori Drew case, we have a federal precedent that violating the TOS of a computer service is a criminal offense, so… basically the city of Bozeman is asking job applicants to commit a federal crime to apply for a job. And since they’re a material party to the violation, the city is on the hook for conspiracy as well.
Re: TOS Violation
This is actually really funny here. I would love to see the reaction from the city when they realized this.
Hmm, isn’t it against the EULA for most sites to give away your ID and password? Could the city be held liable for unauthorized access to an account?
Hiring Applications
Requiring the reported information is no different from what asking for copies of recent letters that were written or received would have been 20 years ago.
The city has gone way overboard.
You're all missing the shocking part:
They have internet access in Bozeman, Montanna?
Re: You're all missing the shocking part:
Must be a new thing, since the lawyer has no idea what it is.
Re: You're all missing the shocking part:
Rude and uncalled for.
Re: Re: You're all missing the shocking part:
This man rose to a position of power in Bozeman Montanna therefore, Bozeman Montanna must be a real sh*#hole
They should be fired...
I would guess that the person who created this policy has no idea what they are talking about. They probably want to look at the site, but instead requested all their login information. Also you would be giving others the ability to make public statements, declarations, and actions using your identity. May facebook users have credit card information, and other potentially abusable information link to their account. Can I get a background, cory and a financial staement of the person who would log in using my name and id? If not then they should be sued immediately afterward (claim that thousands of dollars were charged to your name…) They’ll never know it was really you ;).
This policy maker is totally unaware of what they are regulating. They should be fired.
Re: They should be fired...
Also you would be giving others the ability to make public statements, declarations, and actions using your identity.
This is exactly what I thought of, and i’m surprised more people haven’t mentioned it. This isn’t just an issue about privacy, this is handing over your identity. To apply for a job you’re required to allow anyone who wants to to pose as you anywhere on the Internet? How is this not paralyzingly-frightening?
foresight
lack of foresight here. apparently they don’t realize what will happen if someone is employed and later all these evidence photos are found of past history/etc. Or, I don’t know, making a “work-only” profile?
Not to mention the legal implications of asking for account passwords.
Idiots!
No way would I give them my logins and especially not my passwords.
Are they going to provide me their login info because they are fine upstanding employees of the state/city and have nothing to hide?
I know, they should post it in the “blue book” or whatever the state publishes along with their annual salary. That would be awesome!
@Adam:
In a word or two: BS
You waived the right to anonymity when you posted on Facebook or any other blog/social network.
Should they require you post your profile info: no. But I would provide it (mind you not the username password!) so they can see what kind of person I am.
So Adam, are you completely illiterate, or just a dumb-ass POS? You would provide it but not provide all of it? Then you loose idiot. Besides the idiocy of such a requirement, let’s see how far this can go…
Hell you know maybe the mayor of the town’s video rental record should be made public so that we can see if he/she is of “good moral character”? Why not right? We have a right to know everything right? That’s why there should be bounderies between “private” and “public” life. People don’t have a need or a right to know what isn’t available through legal means. They can ask anything they want on some questionaire, but this is beyond absurd. Also think about it, do you really want people who have no regard for personal privacy as your main law enforcement members?
I can see it now “Fourth amendment, you’ve been reading too many comic books dude. That’s so last century..” IDIOTS!
Re: Re:
Adam might have been wrong, but that doesn’t make you right.
Re: Re:
Loose: v. to release, as from constraint, obligation, or penalty.
Lose: v. to fail to win (a prize, stake, etc.)
/grammar cop
*sigh
Is it really going to take a determination by a Supreme Court or some other drastic action to force governments of any size to respect people’s right to privacy when it comes to the internet?
Re: *sigh
Oh the can-o-worms you reveal by that simple question…
SHOULD it take a Supreme Court decision? F*CK NO!
Is that what this country is coming to? Buzz Lightyear’s famous cry sums up the answer to that….
Please monitor all my private communications with my family,friends, and spouse so I can get your job. Feel free also to read my personal messages to my spouse, and snoop away. The city is asking people not only to break the law, but now allow city-sanctioned harrassment and monitoring of personal lives. This is straight up authoritarianism anti-American BS. Nothing more, nothing less.
Adam might have been wrong, but that doesn’t make you right.
@AC: TROLL, TROLL,TROLL,TROLL….TROLL.
If you’re not going to point out how you think I’m wrong, you’re just as much of an idiot, or the above term.
Adam might have been wrong, but that doesn’t make you right.
@AC: TROLL, TROLL,TROLL,TROLL….TROLL.
If you’re not going to point out how you think I’m wrong, you’re just as much of an idiot, or the above term.
This is what happens when people who don’t know their ass from their elbow (or, in this case, their Facebook from their face) get put in positions of power.
They’re gonna back down on this real quick.
Who would apply for a job in Bozeman with those kind of requirements? I’d rather go homeless than work for assholes like that – and I don’t even use those sites.
This is just plain ridiculous. Individuals have the right to privacy and a personal life. If the city is so concerned about social networking sites and their employees then perhaps they should have someone on staff to investigate these things. It is incredibly easy to find anyone on facebook, myspace, twitter, etc. It might be understandable to have a policy that requires your accounts to be private if you work for the city, but to ask “potential” candidates to hand over their passwords is just wrong.
Every Site I am a member of .... hmmmm....
“Please list any and all, current personal or business websites”
Does this includes Banks, brokerages, e-bay, amazon, utilities?
Yeah I want some under paid city worker with access to a half a dozen bank accounts, my brokerage account, and the ability to one click his way through every item on Amazon, the ability to shut off my electricity, water, cable, and cell phone service.
Sure here is my info ….
username : U.R.An.Idiot
Password : GetAClue
What in the Hell are they thinking?
-This Violates the TOS of most sites
-This Opens the city to civil actions
-This violates computer trespass Laws in pretty much every state
-This Violates The federal computer fraud and abuse statute, 18 U.S.C. 1030
http://fpc.state.gov/documents/organization/103707.pdf
Re: Every Site I am a member of .... hmmmm....
Correction
– -This Violates The federal computer fraud and abuse act
and I inserted the wrong link
http://www.law.cornell.edu/uscode/18/1030.html
Pretty bad lawyer, isn't he?
The Bozeman city attorney seems to be unaware that the city is committing “tortious interference” with contracts by requiring applicants to violate the terms of service of the social networking sites.
I think he should be disbarred for gross incompetence.
The real issue here is what they do with it after the “investigation.” Are they held securely? Are the tracked? Who has access? It is wrong on so many levels I am amazed it ever got into policy.
Should change the name from Bozeman to Bozo-man, to reflect the position that the city attorney has. Let the city council know how you feel.
E-Mail them all as a group at: agenda@bozeman.net
The city will sell all of the personal information of applicants found unworthy in order to offset the legal costs stemming from this requirement.
My question is: When a city commits a criminal act, who does time?
a common misconception
Unless by doing so you are granting access to classified/confidential information, realeasing your own login information of your own volition IS NOT against the law.
To put it another way, is leaving your house key underneath the welcome mat ILLEGAL? NO, of course not! Is it STUPID? Yes!
However, if someone were to come along and gain access to your house by using that key, and steal your belongings…THAT is what’s illegal.
Re: a common misconception
…and TOS violations are grounds for termination of service, not legal action.
Re: Re: a common misconception
Ask that one to Lori Drew.
Re: Re: a common misconception
> and TOS violations are grounds for termination of service, not legal action.
Funny then that Lori Drew was convicted of a federal crime for violating the TOS of MySpace. I’m sure she could have used your brilliant legal advice at the time.
This isn’t new…a friend of mine applied for the police department and they had the same sort of deal. I don’t think this is particularly uncommon.
Illegal
According to the recent Drew court case, if they were to use those login names and passwords in ANY WAY, that would be a violation of the TOS for the website most likely which would make them guilty under the “accessing protected computers without authorisation to obtain information” that Drew was convicted under.
Not to mention, if the TOS says not to share your password or account information, they are asking you to commit a crime to work for them.
WONDERFUL!
And we WONDER why the terrorists call us the Great Satan?!
Re: Illegal
if you provide someone with your login information, you are GIVING THEM AUTHORIZATION TO ACCESS YOUR ACCOUNT.
Re: Re: Illegal
>if you provide someone with your login information, you
>are GIVING THEM AUTHORIZATION TO ACCESS YOUR ACCOUNT.
Unless the TOS specifically says you may not give your password to someone. Then, according to the Drew case, both you AND (in this case) the person accessing the site would be guilty of violating the ToS and therefore guilty of accessing a computer system illegally.
I didn’t say I agreed with it, that was the ruling.
Re: Illegal
“And we WONDER why the terrorists call us the Great Satan?!”
Way to end a relatively good point with stupidity. They call us the Great Satan for the same reason we refer to every armed fighter we don’t agree with as terrorists: because hyperbole is a fantastic motivator.
Nor, by the way, is hyperbole relegated only to the “bad guys”. We do it too. Arguably more often.
TOS violations
TOS violations ARE NOT ILLEGAL!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
They are Terms of SERVICE!!!!!!!
Which means if you violate them, the site can terminate the service they are providing to you. TOS protect the site FROM legal action BY USERS.
That’s it.
They CANNOT DO ANYTHING ELSE.
Re: TOS violations
Except Lori Drew has already been convicted for unauthorized computer access by breaking MySpace’s TOS. A precedent has been set…at least until the appeals kick in.
Re: TOS violations
>TOS violations ARE NOT ILLEGAL!
Sadly, you are wrong. We all believed that as well. If I break the TOS of X site, the X has the right to terminate my usage (ie. account) but it wasn’t thought of as illegal.
But Lori Drews was convicted because she used another name to create an account, which broke the TOS of the site. The court ruled that she was guilty of (basically) computer fraud.
Again, I do not agree with it. I’m telling you the precedent has been set.
Re: Re: TOS violations
The Lori Drew case is all screwy. They went after her on the premise that she had caused a suicide, then added some BS on top; unfortunately it was the BS that stuck and not the suicide. I’d wager it stuck because no one in the jury could stomach letting her off without so much as a slap on the wrist.
The thing is, as long as the TOS doesn’t specify otherwise, “X site” can’t take legal action. That doesn’t mean they won’t try, though; and if you and/or your attorney don’t know how to READ they’ll win.
Re: Re: Re: TOS violations
(oops, hit enter)
So, while I do retract my vehemence, based on your argument and my subsequent education, I do not retract my statements.
I left the city council’s E-Mail address for all to forward their comments to. But it occurred to me that if they require User information to get a job, that these Bozos don’t have a clue about technology, which = no clue about using E-Mail. Sooo here is the snail mail address
Mailing Address: City Commission, P.O. Box 1230, Bozeman, MT 59771-1230
Fax: 582-2344
City Clerk’s Office: 582-2321, 582-2320
Here is the head of human resources. She should be made aware also.
Pattie Berg, SPHR Human Resources Director pberg@bozeman.net
OMG
UNBELIEVABLE!!!
ILLEGAL as well
I think it’s important to also note that should a Bozeman employee utilize this login information to look at say a MySpace or Facebook page that it is illegal under Montana Code. – Unlawful use of a computing resource.
Not only is Bozeman being shortsighted and ignorant about the technology involved, but they may well be asking their own current employees or representatives to BREAK THE LAW of the State of Montana (and probably federal as well, does the DMCA have anything about using another’s login info for the purposes of retreiving information?)
Re: ILLEGAL as well
Citation?
Social engineering test...
It’s gotta be.
If not they will hire exactly the people they deserve.
No business has to tolerate how you behave in your personal life if they believe that it reflects poorly on their business and your commercial relationship to them as long as they do not discriminate and follow labor laws
You’re right, and that’s a completely seperate legal/ethical issue than the one being discussed here.
Kudos for being irrelevant.
So…. all the my XXX site usernames and passwords??? Can I use to or three more sheets of paper…. and just because of them are of some different subcultures and may reflect my personnel religious beliefs you will not hold that against me now will you?
I am surprised they don’t require prospective employees to sign a waiver allowing the city to tap their phone.
Re: Re:
And tap their ass.
Heres a thought...
Reading over the article from the montana news-station website, it occurs to me that there may just be a simpler and just as hot button topic for this little hoohah:
Discrimination.
I would like the state officials to provide me a detailed explanation on the vague terms “of good moral character”.
The City takes privacy rights very seriously, but this request balances those rights with the City’s need to ensure employees will protect the public trust, according to city attorney Greg Sullivan.
Which will never be the same again. You want the public to trust their officials? How can they when the officials can’t trust each other.
Wonder what happened to a simple police/crim-check and previous work references providing enough information to read between the lines?
Incidently, you can have my access codes when you pry them from my cold dead hands 🙂
Blatant violation of privacy. There is no excuse for this.
Wouldn’t your profiles potentially reveal age, sex, race, religion, disability and/or pregnancy. All of which are protected information and CAN NOT be asked about.
What do you expect from Montana? If it doesn’t have antlers they don’t know what to do with it.
OK so to work for us you need to give me your online banking account password+username. Don’t worry you can trust us, our Nigerian secretary is a model of discretion…….
What a crock. This is just the beginning of the end of your freedom of speech. Who decided this ruling? Need I guess what party this person voted for? Socialism – communism will be at your local city real soon. – Wake up America don’t allow this to happen.
RE: “You waived the right to anonymity when you posted on Facebook or any other blog/social network.”
Actually, no. I didn’t. I specifically have modified my privacy settings so only a few can see my social networking profiles. If I’ve got my profile set to the point where you can’t even find my name in a search, much less see any content on my profile, and if even 99% of my friends can’t see everything on my profile, it’s very clear that I have done my best to protect my privacy, the privacy of my friends who choose to post on my site, and the privacy of those I work with/for.
And asking me to hand you my usernames/password is not only a TOS violation, but an utter violation of my privacy. I wouldn’t even consider working for someone who had so little respect for my privacy or so little trust in me as a person.