A.E.Brain: Facebook Security

From the Huffington Post :

WASHINGTON -- House Republicans blocked a measure Tuesday night that would have let the Federal Communications Commission prevent employers from forcing workers to reveal their Facebook passwords.

One problem if they do attempt to do this: they're likely breaking existing Federal Law, and certainly violating the Facebook Terms of Service.

From those Facebook Terms of Service:

3. Safety
3.5 You will not solicit login information or access an account belonging to someone else.

4. Registration and Account Security
4.8 You will not share your password, (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account.
4.9 You will not transfer your account (including any page or application you administer) to anyone without first getting our written permission.

From MSNBC:

Frederic Wolens, a Facebook spokesman, wouldn't comment on the Maryland legislative proposals, but he said many of these school and employer policies appear to violate the site's terms.

"Under our terms, only the holder of the email address and password is considered the Facebook account owner. We also prohibit anyone from soliciting the login information or accessing an account belonging to someone else," he said in a statement to msnbc.com.

Employees should tell employers that they are not permitted by FB TOS to comply, and that to even ask is a violation of the TOS which will be reported to FB. Continued use of FB by an employer after making such a request, whether reported or not, may leave the employer open to civil and criminal penalties for unauthorised access of a protected computer, should there be any interstate or foreign communication on their page. Advise them to take legal advice on this.

It is permissible for an employer to ask that the account be handed over to them; but this requires written permission by FB.

http://www.facebook.com/legal/terms
Computer Fraud and Abuse Act (18 U.S.C. § 1030 et seq.)

The CFAA defines a “protected computer” under 18 U.S.C. § 1030(e)(2) to mean a computer:
...
which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States;

Criminal offenses under the Act
...
Intentionally accessing a computer without authorization to obtain:
Information from any protected computer if the conduct involves an interstate or foreign communication

4 comments:

BillieFriday, March 30, 2012 1:52:00 am
The solution, IMHO, to this is simple, deny having a FB account.

True, you can be fired for lying on a job application but there's always the Whistle Blower Internet to "out" the employers who do that.

I'm retired so it makes little difference to me.
Jaye SchmusSaturday, March 31, 2012 11:28:00 am
If an employer of mine (potential or otherwise) asked for my Facebook login info, I'd tell them to stuff themselves.
JosephSunday, April 01, 2012 11:57:00 am
It sounds like the proposed law is unnecessary.
AnonymousFriday, April 06, 2012 9:58:00 am
Please go bake a muffin ffs.

Anonymous commenters - please add a signature (doesn't have to be your real name) on each post of yours. Anne O'Namus, Norm D. Ploom, Angry from Kent, Demosthenes, or even your real initials, it doesn't matter.

Commenters are expected to be polite to each other, but the same standard doesn't apply to comments regarding me.

Australian commenters are very very strongly advised to publish anonymously. Sydney alone has more defamation actions than the entire USA and UK. Nearly double that of the UK in fact.

As Google does not reliably inform me that a comment has been posted, and I have no control over first publication, I assert that all comments are innocently disseminated under the NSW DEFAMATION ACT 2005 - SECT 32 and similar acts.

A.E.Brain

Pages

Wednesday 28 March 2012

Facebook Security

4 comments: