Monday, 3 August 2009

Privacy on Facebook - demands for Facebook / social networking logins etc

Give me your username and password, NOW!

A few incidents about demands for Facebook etc logins have received some publicity recently.

The city of Bozeman in Montana required anyone applying for a job with them to give Bozeman their logins and passwords for all social networking groups the applicant belonged to, including Facebook, Google, Yahoo,, MySpace. They did at least retreat from this "never ending background check" (as Citizen Media Law put it) after much adverse press.

Houston's Restaurant in New Jersey demanded an employee's MySpace login and password for an invitation-only MySpace group in order to read what employees were saying about them, then fired two - though not without repercussions (Citizen Media Law report).

School teachers got in on the act - a coach, it was claimed, made a high school cheerleader give up her Facebook login and password, whereupon her private Facebook information was shared with other school officials (ars technica report; Citizen Media Law report.)

There's an excellent commentary on the cheerleader story by Dave Birch, who points out that other students when asked for their Facebook details simply deleted their accounts via their cellphones, and notes that the new generation don't regard their Facebook identity in a conventional way. He also comments, and I couldn't agree more, that while many consider Facebook an identity management system, it's not suitable for that as it is. Incidentally, he gave an excellent talk at the e-Identity Management conference in June 2009, which I haven't had a chance to write up yet.

Personally, I consider that forcing or bullying people into disclosing their user / password details in order to access personal accounts is a step too far in the privacy invasion stakes. I await the outcome of the cheerleader's resulting claims against the school with interest.

Privacy on Facebook generally

But of course, it can't hurt to remind people that, even without disclosing their logins, what they say on Facebook and other social networking sites cannot be assumed to be private. (How to change your Facebook privacy settings, from someone who got burned!)

People can get fired or maybe un-hired for what they say on Facebook or Twitter, or even put lives at risk or cause national security issues (whether American or UK). People also might want to be careful about whether their Facebook info gets stuck on "public".

Quite apart from what people say in their Facebook messages, in terms of its privacy practices and defaults, Facebook was recently found to be in breach of Canadian privacy laws (Personal Information Protection and Electronic Documents Act) - BBC report, Canadian Office of Privacy Commissioner’s findings in a complaint against Facebook by the Canadian Internet Policy & Public Interest Clinic; and see this summary of the issues and findings.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.