Aggregated media coverage of Bozeman privacy fiasco

According to KBZK’s after­noon update, Bozeman city attor­ney Greg Sullivan said he had met with the city’s human resources depart­ment and that “the mat­ter is being dis­cussed.” Reporter Dan Boyle’s report goes on to say:

Officials said they are look­ing into the legal­ity of the require­ment. They also said they are look­ing into Facebook’s policies.

City Manager Chris Kukulski said the city stands by its back­ground check pol­icy. He told KBZK that “it’s impor­tant for judg­ing the char­ac­ter of future police, fire­men and other employees.”

Kukulski told the Bozeman Daily Chronicle that “the city checks the sites in order to ensure that employ­ees who might be han­dling tax­payer money, work­ing with chil­dren in recre­ation pro­grams or enter­ing res­i­dents’ homes as an emer­gency ser­vices worker are rep­utable and honest.”

Assistant City Manager Chuck Winn told, “Before we offer peo­ple employ­ment in a pub­lic trust posi­tion we have a respon­si­bil­ity to do a thor­ough back­ground check... This is just a com­po­nent of a thor­ough back­ground check.”

Winn went on to tell CBS:

“Shame on us if there was infor­ma­tion out there avail­able about a per­son who applied for a job who was a child moles­ter or had some sort of infor­ma­tion out there on the Internet that kind of showed those propen­si­ties and we didn’t look for it, we didn’t ask, and we hired that per­son,” Winn said. “In many ways we would have let the pub­lic down.“

Winn told CBS that appli­cants are not required to sup­ply their user­names and pass­words, but that there would be reper­cus­sions if appli­cants or employ­ees lied or were deceit­ful dur­ing the hir­ing process.

Winn said a police offi­cer logs in to check on the social net­work­ing sites of peo­ple apply­ing for pub­lic safety jobs, police and fire. For other jobs, the city’s human resources depart­ment logs in.

Winn told the Chronicle that “it’s not about taste or any­thing” and that “in at least one instance, an applicant’s social-networking site fig­ured into dis­qual­i­fy­ing the per­son for a job.” Police Chief Mark Lachapelle told the Chronicle that infor­ma­tion from the site (Facebook, I pre­sume) was one com­po­nent that con­tributed to the deci­sion. He declined to dis­cuss the case more specif­i­cally, cit­ing pri­vacy concerns.

From the CBS article:

Bozeman’s Winn said the city does not want to be the “taste police” and is focused on look­ing for evi­dence of ille­gal activ­ity. “They can log in them­selves,” he said. “If not, they can show us what’s on their face page. ‘Yes, I have a face page but I don’t want to show it to you.’ That’s a fine answer. We’ll use other resources out there to do a through back­ground check. We owe it to the public.“

The Associated Press also spoke to Bozeman City Commissioner Jeff Rupp, who said that he was “unaware local offi­cials had imple­mented the pol­icy, and expects the city com­mis­sion will be talk­ing about it. But Rupp said it is not as bad as it sounds, since appli­cants are not scored neg­a­tively for refus­ing to answer the question.”

Rupp told the AP: “I can tell you I would not pro­vide it in an appli­ca­tion I sub­mit. [...] I have been told repeat­edly it is not scored, and the appli­ca­tion is not dis­carded if not provided.”

The AP also spoke to state Rep. Brady Wiseman (D-Bozeman):

Rep. Brady Wiseman, a Bozeman Democrat, led the state’s fight against the Patriot Act when the Legislature issued a harsh cri­tique of the fed­eral act, argu­ing it tram­pled civil lib­er­ties and put the gov­ern­ment into a posi­tion of snoop­ing on citizens.

Wiseman said Bozeman now is going too far.

“Asking for pass­words is over the line,” Wiseman said. “I think that this notion opens up a whole new line of debate on privacy.”

CBS also got a com­ment from an attor­ney for the Electronic Frontier Foundation:

“I think its inde­fen­si­bly inva­sive and likely ille­gal as a vio­la­tion of the First Amendment rights of job appli­cants,” said Kevin Bankston, an EFF attor­ney. “Essentially they’re con­di­tion­ing your appli­ca­tion for employ­ment on your waiv­ing your First Amendment rights ... and risk­ing the secu­rity of your infor­ma­tion by requir­ing you to share your pass­word with them... Where does it stop? How about a pho­to­copy of your diary?“

The Bozeman Daily Chronicle’s story had these com­ments from the exec­u­tive direc­tor of the Montana ACLU, Scott Crichton:

I would guess that they’re on some shaky legal ground with this and we would cer­tainly wel­come (the oppor­tu­nity) to look at some­thing spe­cific from some­body who’s impacted. [...] It’s like say­ing, ‘Let me look through your e-mails.’ [...] The city cer­tainly has access to pub­licly acces­si­ble infor­ma­tion, but it gets pretty ques­tion­able when they start ask­ing for password-protected things that are cre­ated to cre­ate pri­vacy for com­mu­ni­ca­tions between your friends and fam­ily,” he said. “That seems to be going too far.

The AP spoke to some­one else at the ACLU, Amy Cannata:

“I liken it to them say­ing they want to look at your love let­ters and your fam­ily pho­tos,” said Amy Cannata, with the American Civil Liberties Union of Montana. “I think this pol­icy cer­tainly crosses the pri­vacy line.”


Cannata, with the ACLU, said her orga­ni­za­tion has not found another gov­ern­ment body that asks for such infor­ma­tion. And even though the ACLU has not done a full legal analy­sis, she said the Bozeman pol­icy doesn’t pass the smell test.

“It’s one thing, and I think totally rea­son­able, if some­one has a pub­lic pro­file to go check it out,” Cannata said.

But pri­vate groups and pro­file could reveal infor­ma­tion employ­ers could not legally base hir­ing deci­sions on, such as a person’s reli­gion, she added.

“Are they going to go in and look at those things?” Cannata said. “And even if they don’t intend to look at those things, it’s still there for them to see.”

Boyle’s story also said that the city has heard from reporters from National Public Radio, Fox News, CBS and ABC. E-mails were report­edly com­ing into the city’s accounts at a rate of one each minute from around the world. Web sites like Read-Write Web, Slashdot, CNET,, The Inquisitr, Ars Technica, Boing Boing, PC Authority, and Computer World picked up the story, and the British news­pa­per The Guardian named Bozeman its pri­vacy vil­lain of the week.

Facebook’s response was posted to an arti­cle by Cade Metz in The Register. From Metz’s article:

Facebook is not pleased with the Bozeman sit­u­a­tion and plans to con­tact the City. “This is a vio­la­tion of Facebook’s Statement of Rights and Responsibilities, which received feed­back from users and was ulti­mately approved in a site-wide vote,” the com­pany tells us. “Our poli­cies pro­hibit those who use the ser­vice from solic­it­ing login infor­ma­tion or access­ing an account that belongs to some­one else. In addi­tion to vio­lat­ing Facebook’s poli­cies, we think this prac­tice vio­lates per­sonal pri­vacy, and we plan to reach out to the City of Bozeman to dis­cuss it with them.”

Ars Technica writer John Timmer noted that the city’s inva­sion of pri­vacy is ironic, con­sid­er­ing the city’s own com­pre­hen­sive pri­vacy pol­icy on its Web site.

This is espe­cially ironic given that Bozeman’s web­site has an exten­sive pri­vacy pol­icy that indi­cates a sig­nif­i­cant famil­iar­ity with some of the major issues that have cropped up regard­ing the reten­tion and secu­rity of infor­ma­tion entrusted to websites.

Timmer con­cludes his write-up with a good point:

It’s prob­a­bly safer to ascribe this sort of behav­ior to clue­less­ness rather than mal­ice. But the clue­less­ness is appar­ently a two-way street, as Sullivan indi­cated that nobody has objected to the city’s request for login credentials.

Lisa Hoover at Computer World:

It’s not about hav­ing any­thing to hide — because I don’t. It’s about a fun­da­men­tal right to pri­vacy and the expec­ta­tion that what I do behind the walls of a pass­worded site is between me and a Web server. I fully grasp that any time you do some­thing online, you run the risk it will become pub­lic infor­ma­tion even you think it won’t hap­pen. I’ll be darned, though, if I would will­ingly turn over the keys to my Internet exis­tence to a ran­dom per­son when there isn’t even the guar­an­tee of a job in return.

A writer at DaniWeb points out that judges have, in some cases, ruled that vio­lat­ing a Web site’s terms of ser­vice is an ille­gal act.

In addi­tion to the pri­vacy aspects—which would enable city employ­ees to post items under the applicant’s name, and make or delete friends—some social net­work­ing sites con­sider pass­ing on pass­words to be a vio­la­tion of their terms of ser­vice, which some judges have ruled is a crim­i­nal act.

Steven Hodson at The Inquisitr writes:

I can totally under­stand the City’s desire to pro­tect the integrity of its employ­ees but this kind of inva­sion is no dif­fer­ent than them ask­ing for the keys to your home and com­ing in when­ever they feel like it. Sure it’s plau­si­ble to defend this require­ment for any pub­lic social media accounts – but then they wouldn’t need the pass­words – how­ever when it comes to any accounts that we have made pri­vate they have no busi­ness ask­ing for this infor­ma­tion, let alone mak­ing it a require­ment for a job.

I fixed a font dis­play issue in this post on July 6, 2009, and cor­rected for­mat­ted the first block­quote from Dan Boyle’s report.

  • Scott McAndrew

    When I was look­ing into this ear­lier today for a blog post of my own I was almost con­fused at how the City attor­ney seems to find no prob­lem with requir­ing the person’s pass­word. It just seems asi­nine that an attor­ney wouldn’t real­ize that this was clearly going beyond back­ground check due diligence.

  • Scott McAndrew

    The City has responded by dis­con­tin­u­ing the prac­tice until fur­ther notice. They pub­lished a press release and accom­pa­nied it with a video (which it looks like they also streamed live when it hap­pened) on the City’s website.

    Press Release:

  • Bozeman, Montana, sus­pends require­ment that appli­cants hand over social net­work passwords

    [...] sug­gest such unchecked account shar­ing would vio­late the Computer Fraud and Abuse Act. (Thanks to Hypercrit for com­pil­ing so much about this issue in a single [...]

  • E-mails to the city of Bozeman | Hypercrit

    [...] Jason linked to my A Letter to the City Attorney post. He also appro­pri­ated two para­graphs of my Aggregated Media Coverage of the Bozeman Privacy Fiasco post. I sup­pose I don’t feel bad about that, since it was just a col­lected set of publicly [...]

  • Montana ACLU con­grat­u­lates Bozeman for rescind­ing pass­word pol­icy | Hypercrit

    [...] in the days after the story first broke in mid-June. Both of those inter­views are ref­er­enced in my media cov­er­age sum­mary post. Published: August 3, 2009 Filed Under: Ethics, Social Networking Tags: ACLU : Associated Press [...]

  • Guest

    “So, we have posi­tions rang­ing from fire and police, which require peo­ple of high integrity for those posi­tions, all the way down to the life­guards and the folks that work in city hall here. So we do those types of inves­ti­ga­tions to make sure the peo­ple that we hire have the high­est moral char­ac­ter and are a good fit for the City,” Sullivan said.

    Is that so?

    The fol­low­ing is taken from a Bozeman Police Officer’s Facebook page as asserted in a civil suit against the city of Bozeman and other defendants:

    I think there should be a law say­ing police can take peo­ple to jail for being stu­pid. Ask a cop a ques­tion like, “Don’t you have any­thing bet­ter to do?” And you get a free ride in a cop car. If I had some­thing bet­ter to do, I would be off doing that, and not mess­ing with you. Speaking of mess­ing with peo­ple . . . I like mess­ing with peo­ple. Just being in a patrol car look­ing at peo­ple while parked at a red light is fun. Make eye con­tact, squint your eyes like you know what they just did, and watch them squirm and avoid all fur­ther eye con­tact. It makes my day fun. I know that every­one has some­thing to hide. My job is to fig­ure out what it is. I am good at fig­ur­ing out what peo­ple are try­ing to hide. There’s really no such thing as “nor­mal.” I am always amazed at what peo­ple will tell a police offi­cer. I think peo­ple assume we are like priests, and it is all in con­fi­dence. It’s not. We go back to the office and talk about every­thing we saw and heard. Then we laugh at peo­ple. Usually it is all on audio as well so we lis­ten to stu­pid things over and over. If we are lucky, it hap­pened in front of a patrol car with its cam­era on. Then we get to watch it over and over.

  • Michael Becker

    Good point. I wrote about those very para­graphs in a new post: