Passwords requested for social network sites

dlofnep

Tell them to get stuffed - What you do in your private life has nothing to do with work. Tell them that when they start paying you for living your own life, then you'll think about it - until then, piss off.

BaconZombie

I know this is still a "Grey Issues" in Ireland but is 100% illegal in Germany & France due to the way they interpret EU privacy laws.

But technically a reverse proxy they can terminate the SSL {encrypted} connection then log/monitor/modify it in plain-text, re-encrypted it and send it onto the End-Server {Facebook.com}.

And if it's a Company system with the ROOT Cert of the proxy installed you would not even get a popup Cert mismatch so it would look like perfectly secure to the end-user.

As stated above you need to first do the follow:

#Contact HR and request a copy of their "Data Privacy Policy" { Make sure you ask for the copy that was in effect during the time range of the posting to facebook, best to ask for all revisions}

#Contact IT and request a copy of their "Acceptable Usage Policy" { Make sure you ask for the copy that was in effect during the time range of the posting to facebook, best to ask for all revisions}

#Contact the Data Protection Agency.

#Also is this an Irish company and if not are you paid out of a different country since they can effect what laws apply to you and them.

#Ask for all request to be given on company headed paper that is signed and dated by the requester.

EDIT:

Also remember just because something is in a policy and they say you signed it does not mean they are legally allowed to ask for or have that info.
There are a lot of rights you can not legally sign away.

Solair wrote: »

All they could look at is whatever traffic passed over their network to Facebook, assuming they could capture / access it.

The most likely data they would have is either:

1) Nothing
or
2) A record of the fact that someone logged into Facebook at a given time. Facebook's passwords are transmitted using HTTPS (encrypted), so they'd be inaccessible anyway.

HellFireClub

I'm seeing a lot of legal talk on the thead, and I'm going to come at the problem from a different angle....

OP, do you really want to be working in a place where this kind of hopelessly counterproductive paranoia is what a manager is focussing on???

If your particular manager or the management team are spending their time attending to these kind of "problems", who is looking after the actual running of the business???

If I was you, I'd take this as a sign that you are working in the wrong employment. Recession or not, a company with these kind of managerial priorities, where hours of the day are committed to trying to scare and torment staff in this manner, is going nowhere in my opinion.

bbam

dlofnep wrote: »

Tell them to get stuffed - What you do in your private life has nothing to do with work. Tell them that when they start paying you for living your own life, then you'll think about it - until then, piss off.

But if the activity on Facebook happened on company equipment on company time then it is very much their business and they have a right if not a responsibility to investigate into it...

If nothing else the manager could easily claim that he was being bullied by this activity which is happening during company time on company equipment...this would really put pressure on the employer to act.

I wouldn't agree with the passwords being requested and I think some of the previous advice from others on how to respond is appropriate...

My only addition is that if pressure is applied to you for your password you are entitled to see the grounds for this request... they would need some hard evidence that you/your account has been directly involved in the inappropriate activity.

I've seen a similar case where ALL employees accessing a particular site were given verbal warnings..

Max Power1

Solair wrote: »

From what I know of Facebook (and I am open to correction) only the passwords are transmitted using HTTPS. The normal web pages are displayed unencrypted. So, it is probably open to interception without much difficulty.

You can opt to use https or http connection in the account settings.

doolox

.....whats to stop the company using the facebook account to enter libellous remarks in order to set you up for a fall????

Under no circumstances give anyone your password to such systems.

Also never give a password to email etc to anyone in or out of your company, you are responsible for all content on your accounts.

Irish_Elect_Eng

john178 wrote: »

Where I work some of the employees have been discussing the job on Facebook – many of the workers are "friends" with each. Recently two members were found to have said something negative about one of the managers. Now this has turned into a major situation and the manager is talking about dismissal if staff are found defaming the company.

In a effort to clear this up we have all been asked for our Facebook passwords. Although I'm not directly involved I don't want to give up my password. Is there some kind of law that protects my privacy in this situation?

While I appreciate the conversation with respect to privacy etc...

There has been little consideration of the victim in this story, a manager is simply an employee on a higher pay grade and is deserving of the normal consideration of privacy, a safe work environment and no bullying...etc...

The OP posted "Recently two members were found to have said something negative about one of the managers "....So taking it as a fact that they were guilty of bad-mouthing a fellow employee....and that at leas one co-worker was responsible and honest enough to report the abuse to the manager

And "...some of the employees have been discussing the job on ...dismissal if staff are found defaming the company..." .....and taking it that the staff were bad-mouthing the company as well, not unreasonable to assume if they were wiling to bad-mouth a co-worker....

So a worker, that finds out that people that he pays to work are badmouthing him and his company..... I can understand how he makes a mistake and asks for their passwords....and I can also see how he will view the people that correctly deny his access to see if they were joining in...

I fully support peoples right to privacy, but I equally support peoples right not to be bad-mouthed in cyber-space by people to cowardly to tell them how they feel to their face...


Every story has two sides, I am just trying to reflect another possible reality... Managers are people too :-)

Owen

I can't find it now, but this exact issue cropped up on slashdot.org a while back, but it was discussed to death with a few hundred comments. It basically wound up advising the OP to tell the company to STFU.

Owen

Ah, turns out I found an article relating to it. An America company requested Facebook passwords for employees, and the ACLU took up the case in the States. About a year later, the company reversed its decision to ask for the passwords :

http://yro.slashdot.org/story/11/02/23/1813242/Employer-Facebook-Password-Requests-Suspended

And the original story :
http://yro.slashdot.org/story/11/02/19/1746256/Employer-Demands-Facebook-Login-From-Job-Applicants

Spacedog

what company do you work for?

name and shame!

Owen

Sounds like my old workplace.

Eoin

Spacedog wrote: »

what company do you work for?

name and shame!

No thanks. We are only getting one side of the story, this isn't a place for witch hunts.

Pembily

Spacedog wrote: »

what company do you work for?

name and shame!

That really wouldn't be the best idea as we only have one side of the story!

I agree with others saying don't give the passwords you have no obligation, defo check out the Data Protection but I also agree with (Irish_Elect_Eng) this manager has been bullied (and yes that is what that is) and while inappropriately he / she is trying to sort out the matter. It is a very grey area and the best practice is to NEVER EVER, EVER mention your work place or anything work related (God I am bored during your working day) on Facebook / Twitter / Boards. BAD, BAD, BAD idea!

godspal

People horrible things about their bosses all the time... Bullied... that's ridiculous.

Saying you boss is a dick over coffee is no different than saying you boss is a dick in cyberspace. However, it was very unprofessional for people to post it on facebook. And it absurd to ask for their password, and log-in details.

@Irish_Elect_Eng:

I equally support peoples right not to be bad-mouthed in cyber-space by people to cowardly to tell them how they feel to their face

I want you to go up to a person in your workplace that you have told other people you don't because of A, B or C, and explain to them in detail why you don't like them, or by your logic you're a coward.

bbam

godspal wrote: »

Saying you boss is a dick over coffee is no different than saying you boss is a dick in cyberspace.

Well, there may be a group of 6 or 8 people over coffee where you share your

On the internet the number of people you are broadcasting to is much greater, potentially thousands could view what is posted and unless removed/censored it will be there for people to go and see for some time...

There is also the double whammy of being disciplined for inappropriate behavior towards another employee AND abuse of the company systems, any good manager would topple both onto you and increase the potential outcome of a disciplinary procedure.

It's also not for anyone to pass judgment on what another person feels is bullying, it's a personal thing... joking to one person is bullying to another.

godspal

@bbam
The original poster said nothing about them using the computers at work for Facebook.

And yes bullying is really only bullying if the person who is suffering the abuse deems it so.

But unfortunately if you are a manager you are going to have to make decisions that some people don't like, and if you can't handle some negative comments from your employees then you shouldn't be a manger.

gline

lol @ asking for facebook passwords.

Does your company even have a HR department? Because if they did the manager would not have asked for those passwords, it has nothing to do with work what-so-ever. You sure the company arent just looking for ways of getting rid of people? I couldnt imagine any professional asking their employee for a password to a personal account on any website...its nuts

I really wouldnt worry about this, there is no way they can force you and if they do, judging from previous comments you can take them to court.

If your cheeky and they dont know your username, give them a fake password but tell them they cant have your username

This is a bit of a warning though, dont use any social site to talk about your job or workplace

Craigels

is the company penneys by any chance ?

Craigels

Bump!

Mrs OBumble

Enough of the bumping.

The employer isn't going to be named here, boards doesn't need the legal hassle of that.

The OP's had plenty of good advice, which is what the thread was for. So I'm closing the thread. Anyone who's got a good reason to open it again is welcome to PM me.