Wendy Davis at the MediaPost reports that Senators Richard Blumenthal (D-Conn.) and Chuck Schumer (D-N.Y.) have asked the DOJ to investigate whether employers are violating federal wiretap laws or computer fraud law when asking employees for their Facebook and other social media passwords. This on the heels of last week’s hubbub about the
stupid questionable employment practice.
Unfortunately, as ill-advised as this new “investigative” trend is, private employers are probably not violating any laws (I’ll discuss potential issues with public employers later this week). Here are the various laws:
The Electronic Communications Privacy Act (ECPA)
The Electronic Communications Privacy Act (ECPA) was enacted to restrict government access to private electronic communication. So on the most basic level, it does not even apply to private employers.
Computer Fraud and Abuse Act
As for computer fraud law, specifically the Computer Fraud and Abuse Act, protects against unauthorized access of computers belonging to financial institutions, the US government, and other certain computers that are used for the purposes of transacting business in interstate commerce. Here the employees are obviously authorizing the access when their employers ask. And no, “I had no choice when my boss asked” is not really a good argument (at least not in the case of a private employer).
The Stored Communications Act
This one is interesting and is a part of the overall ECPA. It prohibits unauthorized access to an “electronic communication service” or a “remote computing service” such as an email server. Again, however, “authorization” is the key and we are not yet at a point where we can argue that employer who asks for our Facebook password is somehow forcing his way into our stored communications (as much as it sucks, you can always say no and quit your job if your privacy is more important to you).
Still a Bonehead Move by Employers
As I previously noted, just because it isn’t per se illegal to ask your employees for their social media passwords, it is unbelievably stupid to do so. Facebook itself is warning employers of the potential pitfalls:
The company also reminded employers that they might violate anti-discrimination laws if they denied a job to an applicant after learning through Facebook that he or she belonged to a particular religious group, suffered from a medical condition, or otherwise was a member of a protected group.
And as much as I detest frivolous lawsuits (assuming they are frivolous, many are not), employers who expose themselves to this kind of liability just to “investigate” their employees’ private communications deserve to be sued.
Enter your email to get started.