Wednesday 28 March 2012

Facebook Security

From the Huffington Post :
WASHINGTON -- House Republicans blocked a measure Tuesday night that would have let the Federal Communications Commission prevent employers from forcing workers to reveal their Facebook passwords.


One problem if they do attempt to do this: they're likely breaking existing Federal Law, and certainly violating the Facebook Terms of Service.

From those Facebook Terms of Service:
3. Safety
3.5 You will not solicit login information or access an account belonging to someone else.

4. Registration and Account Security
4.8 You will not share your password, (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account.
4.9 You will not transfer your account (including any page or application you administer) to anyone without first getting our written permission.
From MSNBC:
Frederic Wolens, a Facebook spokesman, wouldn't comment on the Maryland legislative proposals, but he said many of these school and employer policies appear to violate the site's terms.

"Under our terms, only the holder of the email address and password is considered the Facebook account owner. We also prohibit anyone from soliciting the login information or accessing an account belonging to someone else," he said in a statement to msnbc.com.
Employees should tell employers that they are not permitted by FB TOS to comply, and that to even ask is a violation of the TOS which will be reported to FB. Continued use of FB by an employer after making such a request, whether reported or not, may leave the employer open to civil and criminal penalties for unauthorised access of a protected computer, should there be any interstate or foreign communication on their page. Advise them to take legal advice on this.

It is permissible for an employer to ask that the account be handed over to them; but this requires written permission by FB.

http://www.facebook.com/legal/terms
Computer Fraud and Abuse Act (18 U.S.C. § 1030 et seq.)

The CFAA defines a “protected computer” under 18 U.S.C. § 1030(e)(2) to mean a computer:
...
which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States;

Criminal offenses under the Act
...
Intentionally accessing a computer without authorization to obtain:
Information from any protected computer if the conduct involves an interstate or foreign communication

4 comments:

Billie said...

The solution, IMHO, to this is simple, deny having a FB account.

True, you can be fired for lying on a job application but there's always the Whistle Blower Internet to "out" the employers who do that.

I'm retired so it makes little difference to me.

Jaye Schmus said...

If an employer of mine (potential or otherwise) asked for my Facebook login info, I'd tell them to stuff themselves.

Joseph said...

It sounds like the proposed law is unnecessary.

Anonymous said...

Please go bake a muffin ffs.