This has been a very interesting week for employers and Facebook. I have been writing about this story over on Toolbox, here and here if you are interested in reading, but on this site I want to go a little deeper into the idea of asking prospective employees for a username and password to any social site because there is an additional complication, Google Plus. Then there is another issue with all this, federated identity, Single Sign On, using your Facebook and Google credentials to log into other sites.
While I have a question about this out to my friends who work at Google Plus, it is unlikely that I will get an official statement soon as this would be more of a corporate governance policy statement that would have to be made by the company. That means it would have to be official, so this will be a while in showing up in the news.
While it is admirable that Facebook is saying that sharing your password with anyone is a violation of their Terms of Service/Rights and Responsibilities, as well as opening up a kettle of worms that Employers might not be all that comfortable with or know how to handle, the entire social landscape of systems, Twitter, Facebook, G+, and for those who are persisting on dead systems like MySpace, Beebo, Friendster and Orkut also need to think about this one. We use our logins to access many sites, if your employer has the password and user name, they can go anywhere you have set up a federated identity, or make new accounts on questionable sites in your name. That is a lot of power, the power to impersonate a person with valid credentials.
Tell me how this is any different from identity theft at job point. The loaded gun pointed to your head is “just how bad do you want to be hired”, if you really want to be hired you will turn over your entire online life to us.
While the obvious applies here, you should not post anything anywhere that you need to keep private. That is what good old phone calls are for. That is just a good rule of thumb, anything social is like standing on a street corner with a huge sign that says “get it here”. People are going to see it, share it, talk about it, and if it even remotely looks bad for you from an employer perspective you pretty much so have to suck this one up. This is why I highly recommend scrubbing your online profiles when you have done stupid stuff, because we all do stupid things in life along the way.
Of course this argument does not end with Facebook; really this is the visible portion of the iceberg. Twitter I have a personal account and a company account, which one do I want to share? Which one portrays me in the best light; both accounts have questionable content depending on your frame of mind. My idea of normal might not be my employers’ idea of normal.
If I had to turn over my Google Plus account, well that is a federated system giving them access to my private YouTube videos, my e-mail, my Google docs including what my friends have shared with me, and some of it is questionable content. This includes all my Google apps, and everything else that I use on Google and how they all interlink via the federated identity system.
And that is just another point in this conversation, how many of us use our Facebook credentials to log into web sites? I do, on 9Gag and tons of others, including my SmugMug account. I have private galleries on SmugMug that are not for public consumption because I am also a professional photographer and do this at times for some seriously awesome dollars. Do I really want people to get a deep dive into my personal sense of humor if they go visit 9Gag? What about Hootsuite, Klout, Pinterest, and other sites I use with my Facebook login? How much does an employer really want to know about me right now?
Federated identity just adds to the complexity, once they have the username and password, your world is theirs, they can be you. How much do you trust the other person driving the keyboard and working in your name? If you are a control freak this will drive you absolutely insane in three seconds or less.
What about Porn Sites? They also allow Facebook connect.
What about everything that is interconnected through your history files? Really could be bad and really could be interesting, and really could be damaging when we find out exactly what kind of perverts we can all be, while we try to make our public images as fine upstanding pillars of the community. The kettle of worms is now open, and this is where this gets interesting. Federated identity makes for an interesting day, which is why I am personally glad to see Facebook taking a stand on this one.
Waiting to see what Google comes up with as a response. I really want this to go to trial too, we might just need to decide this one in the courts.
Image credit: BigStock
You bring up some good points, but they are all ones I’ve heard discussed again and again in the tech press. Here’s one I’ve not heard discussed: Even if I am okay giving my credentials to a potential employer giving him access to all of my personal information. I don’t have permission to share the personal information of my 500-plus friends. By giving my login information to a potential employer I am also giving him or her access to all of my friends’ data without their permission or even knowledge. I guess I’d have to ask them first. Secondly, if I’m not mistaken, as of January 1, 2012, I believe it is illegal in the state of California for someone other than the user to log in to any online account. In effect the employer would be committing identity theft as soon as they use your credentials to log in to your account.
steve, that is also an awesome point, it will be interesting to see what happens when this goes to court for the first time.