According to KBZK’s afternoon update, Bozeman city attorney Greg Sullivan said he had met with the city’s human resources department and that “the matter is being discussed.” Reporter Dan Boyle’s report goes on to say:
Officials said they are looking into the legality of the requirement. They also said they are looking into Facebook’s policies.
City Manager Chris Kukulski said the city stands by its background check policy. He told KBZK that “it’s important for judging the character of future police, firemen and other employees.”
Kukulski told the Bozeman Daily Chronicle that “the city checks the sites in order to ensure that employees who might be handling taxpayer money, working with children in recreation programs or entering residents’ homes as an emergency services worker are reputable and honest.”
Assistant City Manager Chuck Winn told CBSNews.com, “Before we offer people employment in a public trust position we have a responsibility to do a thorough background check... This is just a component of a thorough background check.”
Winn went on to tell CBS:
“Shame on us if there was information out there available about a person who applied for a job who was a child molester or had some sort of information out there on the Internet that kind of showed those propensities and we didn’t look for it, we didn’t ask, and we hired that person,” Winn said. “In many ways we would have let the public down.“
Winn told CBS that applicants are not required to supply their usernames and passwords, but that there would be repercussions if applicants or employees lied or were deceitful during the hiring process.
Winn said a police officer logs in to check on the social networking sites of people applying for public safety jobs, police and fire. For other jobs, the city’s human resources department logs in.
Winn told the Chronicle that “it’s not about taste or anything” and that “in at least one instance, an applicant’s social-networking site figured into disqualifying the person for a job.” Police Chief Mark Lachapelle told the Chronicle that information from the site (Facebook, I presume) was one component that contributed to the decision. He declined to discuss the case more specifically, citing privacy concerns.
From the CBS article:
Bozeman’s Winn said the city does not want to be the “taste police” and is focused on looking for evidence of illegal activity. “They can log in themselves,” he said. “If not, they can show us what’s on their face page. ‘Yes, I have a face page but I don’t want to show it to you.’ That’s a fine answer. We’ll use other resources out there to do a through background check. We owe it to the public.“
The Associated Press also spoke to Bozeman City Commissioner Jeff Rupp, who said that he was “unaware local officials had implemented the policy, and expects the city commission will be talking about it. But Rupp said it is not as bad as it sounds, since applicants are not scored negatively for refusing to answer the question.”
Rupp told the AP: “I can tell you I would not provide it in an application I submit. [...] I have been told repeatedly it is not scored, and the application is not discarded if not provided.”
The AP also spoke to state Rep. Brady Wiseman (D-Bozeman):
Rep. Brady Wiseman, a Bozeman Democrat, led the state’s fight against the Patriot Act when the Legislature issued a harsh critique of the federal act, arguing it trampled civil liberties and put the government into a position of snooping on citizens.
Wiseman said Bozeman now is going too far.
“Asking for passwords is over the line,” Wiseman said. “I think that this notion opens up a whole new line of debate on privacy.”
CBS also got a comment from an attorney for the Electronic Frontier Foundation:
“I think its indefensibly invasive and likely illegal as a violation of the First Amendment rights of job applicants,” said Kevin Bankston, an EFF attorney. “Essentially they’re conditioning your application for employment on your waiving your First Amendment rights ... and risking the security of your information by requiring you to share your password with them... Where does it stop? How about a photocopy of your diary?“
The Bozeman Daily Chronicle’s story had these comments from the executive director of the Montana ACLU, Scott Crichton:
I would guess that they’re on some shaky legal ground with this and we would certainly welcome (the opportunity) to look at something specific from somebody who’s impacted. [...] It’s like saying, ‘Let me look through your e-mails.’ [...] The city certainly has access to publicly accessible information, but it gets pretty questionable when they start asking for password-protected things that are created to create privacy for communications between your friends and family,” he said. “That seems to be going too far.
The AP spoke to someone else at the ACLU, Amy Cannata:
“I liken it to them saying they want to look at your love letters and your family photos,” said Amy Cannata, with the American Civil Liberties Union of Montana. “I think this policy certainly crosses the privacy line.”[...]
Cannata, with the ACLU, said her organization has not found another government body that asks for such information. And even though the ACLU has not done a full legal analysis, she said the Bozeman policy doesn’t pass the smell test.
“It’s one thing, and I think totally reasonable, if someone has a public profile to go check it out,” Cannata said.
But private groups and profile could reveal information employers could not legally base hiring decisions on, such as a person’s religion, she added.
“Are they going to go in and look at those things?” Cannata said. “And even if they don’t intend to look at those things, it’s still there for them to see.”
Boyle’s story also said that the city has heard from reporters from National Public Radio, Fox News, CBS and ABC. E-mails were reportedly coming into the city’s accounts at a rate of one each minute from around the world. Web sites like Read-Write Web, Slashdot, CNET, InternetNews.com, The Inquisitr, Ars Technica, Boing Boing, PC Authority, PerezHilton.com and Computer World picked up the story, and the British newspaper The Guardian named Bozeman its privacy villain of the week.
Facebook’s response was posted to an article by Cade Metz in The Register. From Metz’s article:
Facebook is not pleased with the Bozeman situation and plans to contact the City. “This is a violation of Facebook’s Statement of Rights and Responsibilities, which received feedback from users and was ultimately approved in a site-wide vote,” the company tells us. “Our policies prohibit those who use the service from soliciting login information or accessing an account that belongs to someone else. In addition to violating Facebook’s policies, we think this practice violates personal privacy, and we plan to reach out to the City of Bozeman to discuss it with them.”
Timmer concludes his write-up with a good point:
It’s probably safer to ascribe this sort of behavior to cluelessness rather than malice. But the cluelessness is apparently a two-way street, as Sullivan indicated that nobody has objected to the city’s request for login credentials.
Lisa Hoover at Computer World:
It’s not about having anything to hide — because I don’t. It’s about a fundamental right to privacy and the expectation that what I do behind the walls of a passworded site is between me and a Web server. I fully grasp that any time you do something online, you run the risk it will become public information even you think it won’t happen. I’ll be darned, though, if I would willingly turn over the keys to my Internet existence to a random person when there isn’t even the guarantee of a job in return.
A writer at DaniWeb points out that judges have, in some cases, ruled that violating a Web site’s terms of service is an illegal act.
In addition to the privacy aspects—which would enable city employees to post items under the applicant’s name, and make or delete friends—some social networking sites consider passing on passwords to be a violation of their terms of service, which some judges have ruled is a criminal act.
Steven Hodson at The Inquisitr writes:
I can totally understand the City’s desire to protect the integrity of its employees but this kind of invasion is no different than them asking for the keys to your home and coming in whenever they feel like it. Sure it’s plausible to defend this requirement for any public social media accounts – but then they wouldn’t need the passwords – however when it comes to any accounts that we have made private they have no business asking for this information, let alone making it a requirement for a job.