Password Protection Act of 2012: A Good Start Against Employer Snooping

Today Senator Richard Blumenthal (D-CT), Representative Martin Heinrich (D-NM) and a number of cosponsors filed the Password Protection Act of 2012 in the Senate and House to prevent employers from strong-arming employers and job applicants into sharing information from their personal social networking accounts. It’s an important idea and one that we’ve been pushing for more than a year, but the bill itself doesn’t go as far as we think it should.

First the good news—the PPA is sweeping in scope. It doesn’t just apply to just Facebook or social networks, but rather to any situation when an employer coerces an employee into providing access to information held on any computer that isn’t owned or controlled by the employer. For example, even if the employee is looking at a social network on his or her work computer, the employer still couldn’t force that employee to disclose a password, because that would allow the employer to access another computer (that of the social network). This protection would extend to Gmail accounts, photo sharing sites and an employee’s own iPhone or other smart phone.

The PPA is also largely technology-neutral. It is not limited to protecting a particular type of service (like a social network) which could be supplanted in a few years by something else. By focusing on access to a computer, the bill is flexible. That allows it to evolve to cover any new service as long as it’s not housed on any employer’s computer.

Now the bad news. Because the legislation has a number of exceptions and limitations, it doesn’t provide the full level of protection we believe is necessary. The most glaring omission is the lack of coverage for students. This ACLU case in Minnesota highlights how far school administrators will go to force students to divulge social network passwords. Student athletes are so frequently coerced into allowing access to their personal pages that there are at least three different companies marketing this service. Another bill filed last week by Representative Eliot Engel (D-NY), the Social Networking Online Protection Act (SNOPA) does a better job in this regard, covering both employers and students.

The legislation also includes unnecessary exceptions. One exception allows states to exempt government employees or employees who work with children under age 13. Another allows the executive branch to exempt whole classes of workers if they come into contact with classified information, including soldiers. These sections authorize sweeping and unnecessary fishing expeditions. There are already a broad range of tools for investigating misconduct. Further, internet activities constantly create many new types of records, and these can already be used against employees in investigations. Just because you work for the government or with children, you shouldn’t forfeit the right to a private life online.

Finally the legislation doesn’t make clear that states have a role to play. Many states have already begun to act, and we believe that it’s critical that federal legislation be a floor, not a ceiling, for employee protections.

Sen. Blumenthal, Rep. Heinrich, and Rep Engel have all taken important leadership positions on this issue and advanced important protections. We’ll work with them on the other issues we’ve identified. Let’s hope we can achieve a bill that provides robust protections and allows each of us to enjoy Facebook and other services without an employer or school looking over our shoulder.

Add a comment (3)
Read the Terms of Use

Anonymous

If the employer is willing to pay its employees 24/7. Then get off there backs. Its that simple ..

Tim

Unless the employer wants to pay you 24/7.... They should stay out of your life away from work. The only way that will happen, is when the people stop letting them walk all over them and stand up for one another. When one person loose there freedom yours will follow shortly their after...

Anonymous

On the surface, I would gladly support this legislation but the caveats built in make it unsupportable. The bill contains provisions to exempt those people that work with children and those with the ability to access classified information. I am against anyone being forced to grant any employer or government authority carte blanche access to my personal accounts by providing my password.

In the first place, anyone with access to your password can log into your account and do any action as if they were you to include changing your security and privacy information, all without your approval or knowledge. Additionally, they can load things into your personal account, again without your knowledge or approval, and you would not be able to quickly prove that you DID NOT load those items.

Rather than providing exemptions, the bill should have provisions for properly identified and authorized law enforcement or security officials to access the information in your social network account using some legal mechanism like a search warrant. That would protect the individuals privacy while still allowing law enforcement and security agencies to protect third parties.

Sign Up for Breaking News