On Monday March 26, 2012, Senators Richard Blumenthal (Connecticut) and Chuck Schumer (New York), called for federal agencies to determine whether requiring prospective hires to hand over social networking usernames and passwords violates federal law. Blumenthal and Schumer called on the United States Equal Employment Opportunity Commission (“EEOC”) to investigate whether such practices violate federal anti-discrimination laws and the United States Department of Justice to investigate whether such practices violate the Stored Communication Act (“SCA”) or Computer Fraud and Abuse Act (“CFAA”).
Allowing access to a prospective employee’s social media password could allow the employer to access information the company is prohibited from asking about in the hiring process. Under the Americans with Disabilities Act and Genetic Information Nondiscrimination Act, prospective employers are prohibited from asking about genetic information, age or disability. However, if employers can access a prospective employee’s social media page, they may have access to such information. An employer who then chooses not to hire a member of a protected class or takes other adverse action, may run the risk of allegations that the company violated federal law or state law by refusing to hire a person because of his or her membership in a protected class.
In addition to potentially violating anti-discrimination laws, allowing prospective employers to access a person’s social networking username and password may implicate the SCA or CFAA, according to Blumental and Schumer. “Requiring applicants to provide login credentials to secure social media websites and then using those credentials to access private information stored on those sites may be unduly coercive and therefore constitute unauthorized access under both SCA and the CFAA,” they said in a letter to Attorney General Eric Holder Jr. These two acts, respectively, prevent unlawful access to electronic information without authorization, and unlawful access to a computer without authorization. In Konop v. Hawaiian Airlines Inc, 236 F.3d 1035 (2001), a case cited in their letter, the Ninth Circuit held that the unauthorized access and review of contents of a password protected website can be a violation of the SCA.
Although many commentators agree that it is fairly unusual for employers to ask job applicants for social network usernames and passwords, the issue is one that inspires heated debate. It also appears that the practice may be more prevalent amongst law enforcement agencies and schools. While commentators disagree as to whether the use of such a pre-hiring practice is legal, commentators generally agree that the practice is not likely wise because the information an employer discovers could lead to a claim regarding disparate treatment or discrimination.
Recently, in Michigan, a teacher was fired for failing to handover her password and username after a parent complained of objectionable content on her Facebook page. The story received national media attention, and there has been significant debate over what expectation of privacy an employee should be entitled to. Facebook itself has come out against such practices, issuing a written statement objecting to employers asking applicants or employees for this information. The company has also threatened to sue employers who utilize such practices.
As of now, the current debate on this issue is primarily focused on pre-hire required turnover of passwords for social media accounts. However, in the future, the argument is likely to focus on whether companies can assert an ownership interest in such socila media accounts in whole or part, including the passwords, contacts, and other information contained in the accounts and whether there is truly any differentiation between personal and work accounts.
The question of whether a company can claim ownership in a social media account and the extent to which a company can is just beginning to be addressed by the courts. This past year, in Eagle v. Morgan, a federal court in Philadelphia ruled an employer could claim ownership of a former executive’s LinkedIn Account, where the employer had significant involvement in the creation, maintenance and operation of the account. Similarly, the Northern District of California recently addressed the case of PhoneDog v. Kravitz, which addressed the question of corporate ownership of a Twitter Account. There, PhoneDog, an interactive mobile news and reviews web resource, sued Noah Kravitz, a former employee, who the company claims unlawfully continued using the company Twitter account after he quit. The court found there was sufficient evidence to state a claim for trade secret misappropriation, based on the argument that the Twitter account, the password, and the followers were trade secrets.
Most recently, a Colorado federal court in Christou v. Beatport, LLC, No. 10-cv-02912-RBJ-KMT, 2012 WL 872574 (D. Colo. Mar. 14, 2012), allowed a plaintiff’s trade secret misappropriation claim premised on the theft of MySpace “friends” to proceed. The court found Plaintiff’s efforts and expense in “friending” thousands of potential dance club patrons, and thus having their contact information and permission to contact them, could constitute a protectable trade secret under Colorado law.
Both the legality of pre-hire required turnover of social media passwords and company ownership of social media accounts is likely to be a growing issue in the future, and we will continue to follow it closely.