We sense intuitively that employers asking for our Facebook passwords is wrong. The law, currently, isn't sure what to do.
Last week, Representative Ed Perlmutter, Democrat from Colorado, proposed an amendment to H.R. 3309, the Federal Communications Commission Process Reform Act of 2012, in reaction to news of employers, prospective and otherwise, demanding the passwords of employees' social media accounts. The amendment, colorfully shorthanded "MIND YOUR OWN BUSINESS ON PASSWORDS," would have prohibited employers from demanding workers' social networking usernames and passwords -- and would have allowed the FCC to intervene on behalf of employees and their privacy.
It would have codified, in other words, the notion that one's social media identity is an extension of one's broader identity, with the privacy protections (such as they are) that come along with the analogy.
A day after it was proposed, the amendment was voted down -- almost entirely along party lines -- thus closing one door to social media privacy legislation, at least on the national level. (There are similar social media privacy laws -- full bills, rather than amendments -- currently being proposed in the legislatures of Illinois, Maryland, and Michigan.)
But that's not the end of the story. In fact, it's just the beginning. It may well turn out that the concerns associated with demands for social media passwords -- and, along with them, demands for email passwords, and, generally, demands that would seem to violate employee privacy -- will first be legislated not, actually, through legislation, but through the courts.
Take the case of R.S., a 12-year-old Minnesota girl who is suing her school district after it punished her for comments she made on Facebook. (The ACLU, arguing on her behalf, claims that the punishments were a violation not only of her First Amendment rights, but also of her Fourth Amendment guarantee against unreasonable search and seizure.) Or take Kimberly Hester, a teacher's aide in Michigan, who is currently engaged in a legal battle with the school district that suspended her after she posted a questionable picture of a coworker to her Facebook page. (The picture? An image of "a co-worker's pants around her ankles and a pair of shoes, with the caption 'Thinking of you.'") A parent -- a Facebook friend of Hester's -- saw the photo and complained; the school reacted; its administration proceeded to ask Hester (three times) for access to her Facebook account. Each time, Hester refused, later explaining, "I would not, still to this day, let them in my Facebook. And I don't think it's okay for an employer to ask you."
Many of us would agree with Hester. What makes her story so fascinating, though, is that the law, as it currently stands, does not. Beyond social media sites' own terms of service -- and Facebook has threatened its own action against employers who ask for employees' passwords -- there's nothing on the books that stipulates, in specific terms, which privacy claims we hold on behalf of our online selves. Facebook is fast; the legal system is slow. If Hester's battle goes anywhere beyond a simple settlement (and here's hoping!), its arguments will have to rely on precedent.
Which makes you wonder: What would be the precedents for a case like this? What, actually, is the analog version of an authority figure asking, casually but insistently, to know your Facebook password? Most of us, I think, find the practice of password-snooping intuitively wrong. But: Why? If there's been a violation, what, actually, has been violated? Is one's Facebook profile akin to one's person, monolithic and portable? Or is it more akin to one's home -- a separate social space within which one has a reasonable expectation of privacy? Or is it both at the same time? Or neither?