Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/23/2012
01:38 PM
Thomas Claburn
Thomas Claburn
Commentary
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Facebook's Privacy Two-Step On Passwords, Employers

Facebook says sharing your password with a potential employer violates its rules. But will Facebook enforce this rule, when it still doesn't confirm user ages?

Is anyone surprised that it has come to this? Employers have started asking prospective employees for their Facebook passwords so they can learn what job applications won't tell them.

Facebook finds it distressing to hear about this and warns that the practice "undermines the privacy expectations and the security of both the user and the user's friends" and "potentially exposes the employer who seeks this access to unanticipated legal liability."

The company is urging Facebook users to resist such requests--easier said than done when refusal could mean a job offer denied--because password sharing represents a security risk and because sharing or soliciting passwords violates the company's Statement of Rights and Responsibilities.

If Facebook actually enforces its rules and takes legal action against nosy employers, it will be something of a shock, considering all people under 13 who have active Facebook accounts are in violation of Facebook rules.

Some 36% of more than 1,000 parents surveyed by Microsoft Research senior researcher Danah Boyd said their children joined Facebook before turning 13. And some 78% of parents think it is acceptable for their child to violate Facebook's rules. I can corroborate that research: My 12-year-old daughter complains she's the only one in her class who isn't on Facebook.

[ Read Job Seekers Asked For Facebook Passwords: Debate Roars. ]

When Facebook users routinely flout Facebook's rules, is it any wonder employers don't take those rules very seriously?

Facebook says it takes privacy very seriously. But it doesn't take privacy seriously enough to really enforce its rules--it would cost a lot to verify users' ages and it would mean fewer users and less ad revenue.

Facebook doesn't take privacy seriously enough not collect data in the first place. It doesn't take privacy seriously enough to protect your data from Facebook: Its business model is predicated on data.

Privacy is when you have your data. When someone else has your data, you no longer have privacy. You've given your privacy away. If Facebook wanted you to have privacy, it wouldn't have taken it in the first place.

To re-purpose the trite tagline from Field of Dreams, if you gather personal data, they will come. It you store it, they will review it, demand it, or steal it.

Sen. Richard Blumenthal (D-Conn.) says he'll introduce a federal bill to make it illegal for employers to demand Facebook passwords from job applicants. He's obviously never applied for a job with the CIA--if you think scouring Facebook accounts is invasive, try having an intelligence agency interview your associates over the years. You can have all the privacy you want, until someone has reason to look behind the veil.

A law would be better than Facebook's widely ignored and sparingly enforced rules. But it would be addressing the symptom--curiosity--rather than the disease--sharing. No law will prevent people from compromising their futures by posting stupid or potentially embarrassing or socially damaging things online. The "post" button, like a diamond, is forever.

What we really need are repeated lessons to say nothing. Designating Facebook information as "private" won't actually guarantee it remains private.

While a handful of employers may have been clumsy enough to publicly declare their intent to pry, many more businesses and individuals are discreetly googling away and finding out all sorts of things about job applicants, prospective tenants, would-be clients and loan-seekers, potential dates and roommates, next-door neighbors, and next-desk colleagues. And they may not share what they've discovered about your sharing. They'll simply, silently deny you.

If you take your privacy very seriously, watch what you say online, because declarations from others about how seriously they take your privacy won't save you.

The Enterprise 2.0 Conference brings together industry thought leaders to explore the latest innovations in enterprise social software, analytics, and big data tools and technologies. Learn how your business can harness these tools to improve internal business processes and create operational efficiencies. It happens in Boston, June 18-21. Register today!

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
CVE-2019-5254
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...