"You will not share your password, ...let anyone else access your account, or do anything else that might jeopardize the security of your account," says Facebook's Terms of Service.
Aside from discouraging account-sharing (i.e., requiring anyone who wants to poke around (pun unintended) on Facebook to register), one purpose of this boilerplate is to minimize Facebook's legal liability in case you do something ill advised (such as taking nude pictures of yourself with your unsecured smartphone, and then losing said smartphone while it is still logged in to your Facebook account). Regardless, a contract is a contract. Give someone else full access to your Facebook account, and you may technically be in breach.
Nonetheless, schools, employers, and even government agencies are compelling people to give up their Facebook passwords so as to rifle through their accounts. (Creepy, no?)
The issue attracted media attention in March, when an adolescent girl and her mother filed suit against her public school district. According to the complaint, middle school officials allegedly punished the girl repeatedly for complaining on her privacy-enabled Facebook account about an adult hall monitor being "mean" to her.
Adding insult to injury, school officials and a law enforcement officer allegedly required the girl to reveal her Facebook password -- under threat of punishment -- after a parent complained that the girl had talked about sex outside of class with the parent's son on Facebook. Allegedly, the school officials then thoroughly searched through, commented on, and took notes on the girl's Facebook content -- including her private communications -- while the girl sat there and sobbed. (There is no indication in the complaint that the son, who allegedly initiated the cybersexual discussion, was subjected to the same search.)
The case is reminiscent of an incident in Concord, New Hampshire, that I wrote about for Internet Evolution nearly a year ago. There, a public middle school suspended a 13-year-old girl after she posted on her Facebook wall a wish that only her math teacher had died in the September 11 attacks. The case attracted a flurry of media attention. According to the girl's mother, the school has since conceded that its actions were unconstitutional; she reports that the local high school's civics class now teaches the incident "as an example of what a school system can not do."
Some colleges and employers also request Facebook login information as part of their application processes. This practice has raised several privacy concerns -- not least of which being that full, unfettered access to an applicant's social media profile data may reveal protected information that the organization is not allowed to ask or use in making a decision (e.g., age, ethnicity, religion, et cetera). Sadly, few are in a position to refuse such password requests in today's job market.
This is not a recent trend. As Alan Reiter wrote for Internet Evolution nearly three years ago, the City of Bozeman, Montana, asked for job applicant's social network passwords as early as 2009. (The city reportedly discontinued the practice in 2011.)
Also in 2009, the Florida Board of Bar Examiners (the august group that decides who gets to be a lawyer in the State of Florida) promulgated a rule that certain applicants may be required to reveal their social network passwords and allow the Examiners to search through their accounts.
Coincidentally, it may be just a matter of time before the lawyers put this practice to bed. At least two states are considering legislation banning employers from requesting online passwords. A similar bill is also soon to come before the US Senate. Additionally, a lawsuit could potentially crop up down the line, given the right circumstances (although Facebook, for its part, apparently has no immediate desire to sue the interferers).
True, every sizeable organization needs to establish a good social media policy -- particularly one that prevents employees from embarrassing or creating liability for the organization, or otherwise interfering with the organization's goals. (I've discussed some examples previously here.) One can go too far, though -- as a matter of law, and as a matter of good will.
— Joe Stanganelli is a writer, attorney, and communications consultant. He is also principal and founding attorney of Beacon Hill Law in Boston. Follow him on Twitter at @JoeStanganelli.