The network doesn't want your boss seeing your profile, either.


Facebook follows the news just like you do. And it's been paying attention to the weird and worrying new trend that employers have asked prospective employees for their Facebook passwords during the hiring process.

Today, Facebook, in the name of "protecting your passwords and privacy," has made it a violation of its Statement of Rights and Responsibilities to "share or solicit a Facebook password."

"We don't think employers should be asking prospective employees to provide their passwords because we don't think it's right the thing to do," Erin Egan, Facebook's Chief Privacy Officer, explains. "But it also may cause problems for the employers that they are not anticipating. For example, if an employer sees on Facebook that someone is a member of a protected group (e.g. over a certain age, etc.) that employer may open themselves up to claims of discrimination if they don't hire that person."

But! It's not just that sharing or soliciting passwords is now a violation of Facebook's terms of service. There's more. "We'll take action to protect the privacy and security of our users," Egan notes, "whether by engaging policymakers or, where appropriate, by initiating legal action, including by shutting down applications that abuse their privileges."

In other words: It looks like Facebook is considering suing the parties who ask for its users' passwords.

The language here also leaves open the possibility of suing users who voluntarily share their passwords with others. "You will not," Facebook says, "share your password, (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account." While, of course, it's hard to imagine any scenario in which Facebook would actually benefit from suing one of its users for a password-share ... the language suggests at least that possibility.

Which, whoa. I can't think of anything that comes close to a precedent for this in terms of Facebook's relationship with its users: suing people on users' behalf! (And maybe even suing users on users' behalf!)

Except, of course, it wouldn't be just on users' behalf; the notional suits would be as much about protecting Facebook as about protecting its legions of account-holders. "If you are a Facebook user," Egan notes, "you should never have to share your password, let anyone access your account, or do anything that might jeopardize the security of your account or violate the privacy of your friends." The key phrase being, actually, violate the privacy of your friends. The policy update is a striking admission of the value of the connections that live and grow on Facebook's platform: A violation of one user's privacy through password access is, implicitly, the violation of the privacy of all of that user's friends and family and coworkers and former coworkers and random acquaintances and elementary school classmates and bowling league teammates and former flames. 

And, sure: It's easy to see today's announcement simply as a convenient PR play on the part of a network that is better known for violations, rather than defenses, of its users' privacy. And that likely has at least something to do with the policy change. It's more interesting, though, to see the update as a reminder of the core and crucial role of the network aspect of Facebook's social network. On Facebook, privacy isn't personal and it isn't private. It is collective. It is shared. And that means that the violation of privacy is shared as well.

We want to hear what you think about this article. Submit a letter to the editor or write to