Is it a felony when companies ask for Facebook passwords? My letter to the FBI…

Network SecurityIt has recently come to my attention that you thought it would be really clever to ask prospective employees for their Facebook passwords so that you could peek under the hood and see all the goodies about them that they don’t care to make public. I’m not entirely sure what it is you hoped to gain by this malicious little bit of snoopery, but I can assure you that, were our roles reversed, I would certainly not hire the likes of someone like you who thinks this is a good idea.

First, let’s visit the patently obvious. You seek to hire individuals that, for whatever reason, are willing to give their private, sensitive information to someone they barely know. Is that seriously the kind of security risk you intend to hire? If so, you’re a moron.

Second, let’s take a look at the slightly less obvious, Facebook’s Statement of Rights and Responsibilities. You might remember this document. It’s the one you blithely ignored when you decided it would be a great fucking idea to compromise the security of people’s accounts for your own nefarious purposes. Here’s a few choice bits you should read more closely, or even at all, for that matter.

3. Safety

5. You will not solicit login information or access an account belonging to someone else.

10. You will not use Facebook to do anything unlawful, misleading, malicious, or discriminatory.

12. You will not facilitate or encourage any violation of this statement.

4. Registration and Account Security

8. You will not share your password, (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account.

Wow. You missed some pretty serious shit there.

So, basically, when you ask a prospective employee for his/her password, you signal your intent to knowingly hire individuals who readily agree to breach contractual agreements. Oh, yeah, that’s just fucking brilliant, Einstein.

Now here’s the doozy. I just sent the following message to the Federal Bureau of Investigation’s Internet Crime Complaint Center. I’m quite sure I’ll get a response eventually. When I do, I will update this post for your edification. See, it turns out that, pending the response I receive, you may or may not actually be committing a motherfucking felony, perhaps even more than one. If you’ve been doing this for a while to many people, you might just have been racking up a list of charges longer than your arm.


Here’s what I sent to the FBI:

Dear Sir or Madam,

I am currently writing an article about the recent trend among some employers of asking for Facebook passwords. On reviewing Facebooks’s Statement of Rights and Responsibilities, I discovered the following:

1. Facebook expressly forbids solicitation of login information and the access of accounts belonging to someone else;

2. Facebook expressly forbids use of its website to do anything unlawful, misleading, malicious, or discriminatory;

3. Facebook expressly forbids facilitation or encouragement of any violations of the above referenced statement; and

4. Facebook expressly forbids sharing one’s password and letting anyone else access one’s account.

Given that, if an employer asks for one’s password, if that password is given to the employer, and then said employer uses that password to access one’s account, aside from the civil implications between the user, the employer, and Facebook, would this not also constitute an unauthorized access of a network?

If so, would asking for a password thus be something akin to enticing someone into conspiracy to gain unauthorized access to a network?

If one gives up his/her password under these circumstances, would one thus be a conspirator?

Would such action actually be against federal law, perhaps constituting a felony?

If an employer solicits one’s password in order to gain unauthorized access to Facebook’s services, should one report this incident to IC3?

Thank you very much for your time and consideration. I, and my readers, will very much appreciate any clarity you can provide on these questions.

Best regards,

So, there you have it. Any time now we’ll all have a fairly solid idea, not just of what an invasive prick you are, not just how big an idiot you are, but just how huge a liability you are to your employers (assuming you don’t cut your own checks).

Oh, and a word to your bosses, you might want to worry about this. If it turns out the activity described above is criminal and you were aware of it, well, I’d hate to be you. In any case, you might want to consult with legal right about now. Sooner would probably be better. See, I’m just some wee nobody blogger. Maybe the next person who raises the alarm will actually be someone with the clout to see you awarded with a number, a pretty mugshot, and a new girlfriend named Otis.

So, here’s my proposition. Knock it the fuck off.


Image credit: Graphic by shokunin at Open Clipart Library. Public domain.