Can employers demand access to your Facebook account?
Posted on 21 February 2011.
Most people consider their Facebook profile and its contents private and sacrosanct, but sometimes companies don't agree with this assessment.

The latest instance of this discrepancy between opinions hit the news when a copy of a letter sent by the American Civil Liberties Union to Marylandís Public Safety and Correctional Services Secretary Gary Maynard was made public.

The letter was sent by the Union on behalf of one Robert Collins, a Corrections Officer that was asked to hand over the login credentials of his social media accounts when he was undergoing recertification, and concerns this instance in particular and this specific Division of Correction's blanket requirement in general.

For those who might not know, everyone who is applying for a job with the Division of Correction and those who already work for it but are undergoing certification are required to fork over said login credentials, and the ACLU argues that "the DOC policy constitutes a frightening and illegal invasion of privacy for DOC applicants and employees -- as well those who communicate with them electronically via social media."

"Login information gives the DOC access to communications that are intended to be private, such as personal e-mail messages and wall postings viewable only by those selected individuals who have been granted access," states the letter. "For social media users who maintain private accounts, the DOC demand for login information is equivalent to demands that they produce all of their private correspondence and photographs for review, or permit the government to listen in on their personal telephone calls, as a condition of employment."

The ACLU maintains that the DOC policy is illegal under the federal Stored Communications Act and are a major instance of invasion of privacy, and they ask for its immediate repeal. The letter was sent almost a month ago, and they have still to hear from Secretary Maynard.

And while the majority of people are likely to sympathize with the request and find the DOC's requirement appalling, it may be a good idea to consider these accounts public from the get-go and to think long and hard about posting potentially sensitive information. The law may or may not occasionally be on your side, but you yourself should always be.


Chrome extension thwarts user profiling based on typing behavior

Infosec consultant Paul Moore came up with a working solution to thwart a type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Jul 29th