The Password Protection Act of 2012: Latest Attempt To Protect Facebook Users

By David Cohen 

The latest attempt to push through legislation aimed at protecting the passwords of Facebook users came in the form of The Password Protection Act of 2012, which was introduced in the Senate by Sens. Richard Blumenthal (D-Conn.), Chuck Schumer (D-N.Y.), Ron Wyden (D-Ore.), Jeanne Shaheen (D-N.H.), and Amy Klobuchar (D-Minn.), with an identical companion bill brought to the House of Representatives by Reps. Martin Heinrich (D-N.M.) and Ed Perlmutter (D-Colo.).

A Facebook user protection amendment submitted by Perlmutter did not pass the House in March. That same month, Blumenthal and Schumer asked the U.S. Department of Justice and the Equal Employment Opportunity Commission to investigate whether U.S. law already prohibits employers to force job applicants to surrender their Facebook passwords.

A .PDF uploaded by Heinrich described The Password Protection Act of 2012 as follows:

The Password Protection Act would make it illegal for an employer to compel or coerce access to any online information stored anywhere on the Internet if that information is secured against general public access by the user.

This is accomplished by prohibiting employers from compelling or coercing access to, and subsequently retrieving information from, the online servers where private user information is stored. (These servers are referred to as “protected computers” in the legislation.) This broad approach mirrors the approach of the existing federal anti-hacking statutes and has several key benefits:

  • Builds on existing law: The Password Protection Act’s focus on where information is stored, rather than how it is accessed, reflects the approach of the Computer Fraud and Abuse Act, the federal government’s primary anti-hacking tool. This tool has been used for years by federal prosecutors and private individuals and companies to protect the integrity of internet systems against hackers, including protecting online email accounts and Facebook accounts against the stealing of passwords.
  • Technology-neutral: By focusing on the servers where information is ultimately stored, the Password Protection Act avoids the tricky business of identifying and defining particular types of Internet services (e.g., social networking websites, email accounts, networked gaming services, cloud computing services, online storage lockers, etc.).
  • Designed to adapt to new Internet innovations: The Internet is constantly changing and evolving, challenging our ability to create privacy protections that can grow alongside the Internet itself. Fortunately, every innovative website, social networking, storage, or communication technology is still ultimately supported by physical computer servers. By focusing on where a person’s private information is stored, instead of how it is accessed, the Password Protection Act ensures that personal, private online information will be protected the eyes of prying employers even as new online technologies emerge.
  • Protects employer systems, not employer actions: The Password Protection Act preserves the rights of employers to control access to their own hardware, as well as any Internet software operated on behalf of the employer for work purposes (e.g., third-party sales data software or websites that facilitate collaborative work online). However, the Password Protection Act does not allow employers to access private employee data under any circumstances, even if the employer uses its own computers to access that data.

Blumenthal said in a statement:

Employers seeking access to passwords or confidential information on social networks, e-mail accounts, or other protected Internet services is an unreasonable and intolerable invasion of privacy. With few exceptions, employers do not have the need or the right to demand access to applicants’ private, password-protected information.

Heinrich added in a statement of his own:

Employers demanding Facebook passwords or confidential information on other social networks is an egregious privacy violation and should be against the law. Personal information like race, religion, age, and sexual orientation is often accessible on social networking profiles, and by having access to this information, employers could discriminate against an applicant who would otherwise be qualified for a job.

Readers: Do you think The Password Protection Act of 2012 stands a chance of becoming law, or will it suffer the fate of previous attempts to protect the passwords of Facebook users?

Image courtesy of Shutterstock.