Password Protection Act of 2012: A Good Start Against Employer Snooping

Today Senator Richard Blumenthal (D-CT), Representative Martin Heinrich (D-NM) and a number of cosponsors filed the Password Protection Act of 2012 in the Senate and House to prevent employers from strong-arming employers and job applicants into sharing information from their personal social networking accounts. It’s an important idea and one that we’ve been pushing for more than a year, but the bill itself doesn’t go as far as we think it should.

First the good news—the PPA is sweeping in scope. It doesn’t just apply to just Facebook or social networks, but rather to any situation when an employer coerces an employee into providing access to information held on any computer that isn’t owned or controlled by the employer. For example, even if the employee is looking at a social network on his or her work computer, the employer still couldn’t force that employee to disclose a password, because that would allow the employer to access another computer (that of the social network). This protection would extend to Gmail accounts, photo sharing sites and an employee’s own iPhone or other smart phone.

The PPA is also largely technology-neutral. It is not limited to protecting a particular type of service (like a social network) which could be supplanted in a few years by something else. By focusing on access to a computer, the bill is flexible. That allows it to evolve to cover any new service as long as it’s not housed on any employer’s computer.

Now the bad news. Because the legislation has a number of exceptions and limitations, it doesn’t provide the full level of protection we believe is necessary. The most glaring omission is the lack of coverage for students. This ACLU case in Minnesota highlights how far school administrators will go to force students to divulge social network passwords. Student athletes are so frequently coerced into allowing access to their personal pages that there are at least three different companies marketing this service. Another bill filed last week by Representative Eliot Engel (D-NY), the Social Networking Online Protection Act (SNOPA) does a better job in this regard, covering both employers and students.

The legislation also includes unnecessary exceptions. One exception allows states to exempt government employees or employees who work with children under age 13. Another allows the executive branch to exempt whole classes of workers if they come into contact with classified information, including soldiers. These sections authorize sweeping and unnecessary fishing expeditions. There are already a broad range of tools for investigating misconduct. Further, internet activities constantly create many new types of records, and these can already be used against employees in investigations. Just because you work for the government or with children, you shouldn’t forfeit the right to a private life online.

Finally the legislation doesn’t make clear that states have a role to play. Many states have already begun to act, and we believe that it’s critical that federal legislation be a floor, not a ceiling, for employee protections.

Sen. Blumenthal, Rep. Heinrich, and Rep Engel have all taken important leadership positions on this issue and advanced important protections. We’ll work with them on the other issues we’ve identified. Let’s hope we can achieve a bill that provides robust protections and allows each of us to enjoy Facebook and other services without an employer or school looking over our shoulder.