Banning Forced Disclosure of Social Network Passwords and the Polygraph Precedent
posted by Peter Swire
The Maryland General Assembly has just become the first state legislature to vote to ban employers’ from requiring employees to reveal their Facebook or other social network passwords. Other states are considering similar bills, and Senators Schumer and Blumenthal are pushing the idea in Congress.
As often happens in privacy debates, there are concerns from industry that well-intentioned laws will have dire consequences — Really Dangerous People might get into positions of trust, so we need to permit employers to force their employees to open up their Facebook accounts to their bosses.
Also, as often happens in privacy debates, people breathlessly debate the issue as though it is completely new and unprecedented.
We do have a precedent, however. In 1988, Congress enacted the Employee Polygraph Protection Act (EPPA). The EPPA says that employers don’t get to know everything an employee is thinking. Polygraphs are flat-out banned in almost all employment settings. The law was signed by President Reagan, after Secretary of State George Shultz threatened to resign rather than take one.
The idea behind the EPPA and the new Maryland bill are similar — employees have a private realm where they can think and be a person, outside of the surveillance of the employer. Imagine a polygraph if your boss asked what you really thought about him/her. Imagine your social networking activities if your boss got to read your private messages and impromptu thoughts.
For private sector employers, the EPPA has quite narrow exceptions, such as for counter-intelligence, armored car personnel, and employees who are suspected of causing economic loss. That list of exceptions can be a useful baseline to consider for social network passwords.
In summary — longstanding and bipartisan support to block this sort of intrusion into employees’ private lives. The social networks themselves support this ban on having employers require the passwords. I think we should, too.
April 11, 2012 at 1:14 pm Tags: Facebook, Maryland, passwords, polygraph Posted in: Administrative Law, Cyber Civil Rights, Cyberlaw, Privacy, Privacy (Consumer Privacy), Social Network Websites Print This Post