Big Brother Wants to “Friend” You on Facebook
H. Kristl Davison, R. H. Hamilton, and Mark N. Bing
University of Mississippi
Author contact information: 231 Holman Hall, School of Business Administration, University of Mississippi, University, MS 38677
About 5 years ago a colleague in the Sociology Department told the following anecdote to one of the authors:
One of my students applied for a job as a summer camp counselor at a Christian camp. She said the interview went well, and it looked like she was going to get the job. Then after a couple of weeks she got a letter from the camp that she was turned down for the job. She said she called them to find out what had happened, at which point they disclosed that they had looked at her Facebook profile and saw pictures of her binge drinking with her friends. This behavior was inconsistent with the kind of values they promoted at the camp, and they decided that she would not be a good fit with the camp.
This anecdote got us thinking. In essence, the camp’s decision was based on a new variety of selection technique, one that we have not really addressed yet as a field. Specifically, the use of the Internet to screen job applicants as a kind of background check was a new approach. Of course, selection experts have been discussing using the Internet for submitting applications and resumés, as well as for selection testing (with its issues of test security, measurement equivalence, etc.), but little or nothing in I-O psychology has been done on the topic of screening job applicants on the basis of what is available on the Internet about them. Some initial work has been done in the measurement of personality from webpages (e.g., Gosling, Ko, Manarelli, & Morris, 2002; Marcus, Machilek, & Schütz, 2006; Vazire & Gosling, 2004), and a number of court cases have appeared in the press on Internet background checks for employment (e.g., Mullins v. Department of Commerce, 2007; Spanierman v. Hughes, 2008; Pietrylo v. Hillstone Restaurant Group, 2009). Practitioner websites and blogs started paying attention to this phenomenon as well (e.g., Fishman & Morris, 2010; Kowske & Southwell, 2006; Rosen, 2010; Juffras, 2010). The Society for Human Resource Management has been keeping track of the use of the Internet for screening candidates since at least 2006 (SHRM, 2008), and the trend has been growing. But 5 years ago in much of the I-O and management academic literature, this intriguing and disturbing new trend was strangely absent.
Over the last several years a number of articles have started to appear in the HR literature on the topic (Davison, Maraist, & Bing, 2011; Davison, Maraist, Hamilton, & Bing, 2012; Kluemper & Rosen, 2009; Kluemper, Rosen, & Mossholder, 2011). However, when we first tried to publish a review piece on this topic, a couple of reviewers criticized it, saying that no one was really using the Internet to screen people! That comment seems especially naive at this point as we now see weekly articles in the popular press on how Internet screening is being used and misused.
More recently, the use of Internet searches has appeared in the popular press in terms of how some employers are requiring candidates to give them access to their Facebook profiles. We find this practice to be disturbing and troubling, to say the least. In the current manuscript we address this latest development, in terms of its potential problems and benefits. First we briefly review what we mean by Internet searches, then discuss a cost/benefit analysis discussed by Davison et al. (2012), which we will use to analyze employers’ requirement that applicants give them access to their Facebook profiles. Finally we address future research in this area.
What Is Internet Screening?
The first question we want to address is exactly what we mean by Internet screening. Although there are various selection techniques that use the Internet, such as accepting applications or resumés or administering traditional selection tests via Internet websites, these are essentially traditional selection approaches simply moved into a new medium. With Internet screening (or e-screening, as Kowske & Southwell, 2006, termed it), the approach has not just been placed in a new medium—the whole of the Internet has become the potential material for job applicant screening. Internet screening could be considered comparable to background checks in a new medium, but in reality they can be much more in-depth and invasive than a traditional background check. Whereas a thorough traditional background check might investigate the applicant’s education, employment, credit, criminal records, and driving records (see Gatewood, Feild, & Barrick, 2011), much more can be learned by searching the Internet about an applicant. And importantly, not all of this information will be job relevant. For example, a search for someone on Facebook could easily reveal information about that person’s marital status, sexual orientation, number of children, political leanings, and hobbies, as well as their friends’ sexual orientation, political leanings, and so on.
Thus, here we consider Internet screening to be a form of background checking that involves searching the Internet (e.g., Google, Facebook, Twitter, etc.) for job relevant as well as irrelevant information about an applicant. It is this latter possibility (i.e., obtaining and then using job-irrelevant information) that is our particular concern.
Risk Levels of Internet Screening
Although there have been a number of other practitioner-oriented articles and blogs on the use of Internet screening, we recently (Davison et al., 2012) published an article that provides recommendations for using Internet screening in organizations. Moreover, we also provide guidelines for conducting a four-level, risk–benefit analysis to determine if the legal risks inherent in Internet screening are worth the benefits from such screening. The levels are as follows:
- Level 1 (least risk): Focus on sites referred to in the candidate’s application materials (e.g., professional organizations) or to LinkedIn or similar professional networking sites.
- Level 2 (mild risk): Examine official blogs from the candidate’s prior employment or websites specifically owned by the candidate (e.g., “www.applicantsname.com”).
Both Level 1 and 2 also rely on information that the candidate has (presumably) posted intentionally and could serve as check on other information provided by the applicant. However, Level 2 may include more job-irrelevant information than Level 1.
- Level 3 (moderate risk): Search social networking websites such as Twitter and Facebook for information posted by the candidate him- or herself.
- Level 4 (highest risk): Search for postings by third parties about the candidate.
Whereas Levels 1 and 2 focus on gathering information about an applicant’s positive qualities, Levels 3 and 4 target the acquisition of negative information about the candidate. In addition, in Levels 3 and 4, the chance of obtaining job-irrelevant information about the candidate has increased substantially, and the legal defensibility of using such information for selection decisions is in question. In fact, the legality of conducting an Internet search may even be questionable because an active search for socially oriented information implies that the information will be used for selection decisions. Moreover, the search itself could be illegal from a privacy perspective (e.g., European law has very stringent regulations with respect to data privacy).
We believe that consideration of these four risk levels can be useful in understanding the implications of a recent development in which some employers are requiring job applicants to reveal their Facebook passwords to interviewers.
Requiring Applicants to Reveal Their Facebook Passwords: Application of the Risk/Benefit Analysis
A recent article on msnbc.com (Sullivan, 2012) indicated that some government employers are starting to demand that applicants give out their usernames and passwords as part of an interview. For example, Maryland’s Department of Corrections asked applicants to log into their Facebook accounts in front of an interviewer so the interviewer could see wall postings, pictures, friends, and other information. An ACLU complaint initially stopped the Department of Corrections’ practice of getting the usernames and passwords (The Atlantic, 2011). The Department of Corrections claimed that this practice is important to ensure that prison guards they hire do not have connections to gangs. Allegedly, submission to such screening is “voluntary” but in an interview, who is really going to tell the interviewer “No”? As a direct response to this Department of Corrections practice, to protect employee privacy, in April 2012 the state of Maryland passed legislation prohibiting the collection of social media passwords of applicants and employees (Breitenbach, 2012).
How should we analyze the risk level of this practice? Clearly, insofar as a social networking site is being accessed, this represents Risk Level 3 or 4. Given that the interviewer will see wall postings, many of which are likely to have been made by the candidate’s friends, this practice would be the highest risk level (not to mention a possible invasion of privacy and a possible violation of state law). In addition, as information obtained about a candidate’s friends is highly unlikely to provide valid, job-relevant information about the candidate him- or herself, searching for and using such information opens up a potential “guilty by association” process. In this case, a friend’s characteristics, opinions, and so on are inaccurately attributed to the job candidate, and thus invalid information could be used for selection decisions. As information about friends is often of a demographic nature, the use of this demographically based invalid information could generate adverse impact against protected classes and thus produce cases of illegal discrimination.
At such a high risk level, we must ask if the benefit is worth it. According to Sullivan’s (2012) msnbc.com article, the Maryland Department of Corrections had reviewed 2,689 applicants using social media and had ultimately turned down seven applicants based on items that were found on the Facebook pages. Seven out of 2,689 is one-fourth of one percent. At this point we might question the utility of such searches given not just the risk of lawsuits but also the sheer cost in time to review these Facebook pages. (The article does not indicate how long it took, but at even 5 minutes per applicant this would result in 224 hours of work, or over 5 person-weeks.)
We should also note that Facebook’s terms of service prohibit such practices (http://www.facebook.com/legal/terms):
8. You will not share your password, (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account.
On March 23, 2012, Facebook Chief Privacy Officer Erin Egan posted a blog on the Facebook website suggesting that any access employers sought to private information or profiles of employees “undermines the privacy expectations and the security of both the user and the user’s friends. It also potentially exposes the employer who seeks this access to unanticipated legal liability” (Egan, 2012). She further stated that not only did asking for passwords explicitly violate Facebook’s terms of service, but that employers may open themselves to claims of discrimination by members of protected classes, using the same rationale as our earlier article (Davison et al., 2012; Egan, 2012), as well as the previously described “guilty by association” process above.
Thus, for legal and practical reasons, not to mention the negative press organizations like the Maryland Department of Corrections have received, we suggest that this practice is just not worth the risk. We strongly suspect that a traditional background check targeting job-relevant information is much more useful at identifying high risk candidates.
But the practice of searching Internet sites, even to require the surrendering of passwords, seems to be irresistible for many employers and human resources personnel. Notably, the Maryland Chamber of Commerce opposed the Maryland legislation, reportedly citing the need to investigate “harassment claims and other misconduct.” Investigation of harassment claims might seem reasonable. What “other misconduct” would imply was a bit more vague and undefined (Breitenbach, 2012).
The Thought Police Cometh
Where does this kind of invasiveness take us in the future? Why don’t we just let our employers come in our houses and poke around in our dressers and read our diaries? Talk to our friends and family? Or even open our mail? This kind of scrutiny may very well be completely acceptable in the final stages of a government security clearance, especially those that lead to top secret clearances, but not for private employers, or even most governmental employers. People might think that it is acceptable for certain governmental entities to do this, like a Department of Corrections that needs to make sure they do not have guards with gang affiliations, but what about other employers? Sullivan’s (2012) article also notes that some colleges and universities are requiring student athletes to “friend” a coach or compliance officer who can then access the athletes’ posts. Is that practice justified?
The legal and ethical issues of such practices are manifold. There may be violations of constitutional rights (both federal and state) such as freedom of speech, freedom of assembly, or protection from unreasonable search and seizure. It is also easy to imagine that Title VII could be violated—under Title VII it is illegal to deny employment on the basis of association with an individual of a particular race, religion, or national origin. What if an employee has friends on Facebook who are Muslim? The invalid “guilty by association” process might lead an employer to consider that friendship to be a security risk in today’s (still) post-9/11 climate, even if such discrimination is banned by Title VII.
Consider for example the variety of people one might have as friends on Facebook. One of the authors took a look at the profile and found the year of high school graduation, allowing a decent guess at the author’s age. The author’s friends also represented a variety of religions, from mainstream Protestants and Catholics, fundamentalist Christians, Jews, and atheists and agnostics. A variety of races, colors, and ethnicities are represented, as are both sexes and a few individuals with disabilities. A biased employer who viewed the page could certainly find plenty of classes they might illegally discriminate against, at least based on association. Moreover, employers might “legally” screen employees in areas that are technically not protected classes under federal law, such as homosexuality.
We can extend this “guilty by association” concept beyond the traditional protected classes. There are also potential sources of discrimination based on friends’ views and the implication that the associated job candidate shares those views. For example, one of the authors has liberal, conservative, and moderate friends on Facebook. There are friends who are single, married, and divorced, as well as gay and lesbian couples. And based on their postings, some of the author’s friends believe in evolution, while others believe in intelligent design. They support President Obama and Mitt Romney. They like and hate Obamacare. They support gays in the military and believe that homosexuals are going to hell. Does the author share all of their views? No, and even if the author disagrees with those views, he or she is not going to “unfriend” them because of their views.
Does the author post in response to their postings about political or social views? Typically not. The authors don’t want a current or future employer to know what they think. It is none of the company’s business.
And this is what troubles us about employers’ asking for Facebook passwords. Even if a job candidate does not post on Facebook or other websites, is it any business of an employer to know what that job candidate’s friends believe? Friends’ views are not job relevant, and assumptions of “guilt by association” are not valid. Thus, the views of friends and associates, when accessed by potential employers, open these employers up to charges of discrimination, invasion of privacy, and potentially even violation of constitutional rights.
Some people argue that you do not have to give out your password, or you do not have to apply for the job at that employer. That point is irrelevant. As I-O psychologists we need to speak out against practices that are unfair, unethical, and, of course, not valid.
In the meantime, watch what you post...Big Brother is watching.
And to our Facebook friends, if we suddenly delete our profiles—don’t take it personally. You will know we’re applying to work for the Department of Corrections.
There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they wanted to. You had to live—did live, from habit that became instinct—in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized.
—George Orwell, 1984
Breitenbach, S. (2012). Maryland becomes first to OK password protection bill. The Associated Press. Retrieved from http://news.yahoo.com/md-becomes-first-ok-password-protection-bill-113022373.html;_ylt=A2KJ3CWuX59PITYAMkLQtDMD.
Davison, H. K., Maraist, C. C, & Bing, M. N. (2011). Friend or foe? The promise and pitfalls of using social networking sites for HR decisions. Journal of Business and Psychology, 26, 153–159.
Davison, H. K., Maraist, C. C., Hamilton, R., & Bing, M. N. (2012). To screen or not to screen? Using the internet for selection decisions. Employee Responsibilities and Rights Journal, 24, 1–21.
Egan, E. (2012). Protecting your passwords and your privacy. Retrieved April 30, 2012 from https://www.facebook.com/notes/facebook-and-privacy/protecting-your-passwords-and-your-privacy/326598317390057.
Fishman, N. & Morris, J. (2010). Recruiting with social networking sites: What you DO know can hurt you. Retrieved from http://www.employeescreen.com/whitepaper_social_networking.pdf.
Gatewood, R. D., Feild, H. S., & Barrick, M. (2011). Human resource selection (7th ed.). Mason, OH: Thomson-Southwestern.
Gosling, S. D., Ko, S. J., Manarelli, T., & Morris, M. E. (2002). A room with a cue: Personality judgments based on offices and bedrooms. Journal of Personality and Social Psychology, 82, 379–398.
Juffras, D. (2010, October). Using the Internet to conduct background checks on applicants for employment. University of North Carolina School of Government Public Employment Law Bulletin Number, 38, 1–22.
Marcus, B., Machilek, F., & Schütz, A. (2006). Personality in cyberspace: Personal web sites as media for personality expressions and impressions. Journal of Personality and Social Psychology, 90, 1014–1031.
Kluemper, D. H., & Rosen, P. A. (2009). Future employment selection methods: Evaluating social networking web sites. Journal of Managerial Psychology, 24, 567–580.
Kluemper, D. H., Rosen, P. A., & Mossholder, K. (2012). Social networking websites, personality ratings, and the organizational context: More than meets the eye? Journal of Applied Social Psychology.
Kowske, B. & Southwell, M. (2006). E-screening proves “e-resistible”: But at what cost? Retrieved from Human Resource Executive Online, http://www.hreonline.com/HRE/ story.jsp?storyId=6835642.
Mullins v. Department of Commerce, No. 06-3284 (D.C. Cir. May 4, 2007).
Pietrylo v. Hillstone Restaurant Group. (2009). No. 06-5754, 2009 U.S. Dist. LEXIS 88702 (D. N.J. Sept. 25, 2009).
Rosen, L. (2010). Social network background checks of job applicants present challenges for employers and recruiters. Employment Screening Resources. Retrieved from http://www.esrcheck.com/wordpress/2010/09/29/social-network-background-checks-of-job- applicants-present-challenges-for-employers-and-recruiters/.
SHRM Staffing Research. (2008). Online technologies and their impact on recruitment strategies. Retrieved from www.shrm.org.
Spanierman v. Hughes. (2008) U.S. Dist. LEXIS 69569 (D. Conn. Sept. 16, 2008).
Sullivan, B. (2012, March 6). Govt. agencies, colleges demand applicants’ Facebook passwords. Retrieved from http://redtape.msnbc.msn.com/_news/2012/03/06/10585353-govt-agencies-colleges-demand-applicants-facebook-passwords.
The Atlantic. (2011, February 22). Maryland agency stops asking interviewees for Facebook login. Retrieved from http://www.theatlantic.com/technology/archive/2011/02/maryland-agency-stops-asking-interviewees-for-facebook-login/71582/.
Vazire, S., & Gosling, S. M. (2004). e-Perceptions: Personality impressions based on personal websites. Journal of Personality and Social Psychology, 87, 123–132.