April 17, 2012
A fishing rod was a stick with a hook at one end and a fool at the other. – Samuel Johnson, English author (1709-1784).
Fishing and angling have long been with us and also warning about fishing in troubled water from Henry Mathew, eminent English divine (1662-1714). Now we have crooks phishing in troubled cyberspace, cheating gullible cyber netizens. But, we have to start with some basics on the subject.
The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a website where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The website, however, is bogus and set up only to steal the user’s information.
Now another avatar of phishing seems to be raising its ugly head with potential employers demanding the passwords of social networking sites like Facebook to facilitate background check-up on the job aspirants. This has woken up human rights activists and lawmakers to a new danger of invading privacy of the individuals with the threat of denial of job for non-compliance. Here are some issues and developments under churning on the subject.
According to Associated Press, Facebook and US lawmakers have warned employers against requesting Facebook passwords while screening job applicants, a controversial practice that underscores the blurring distinction between personal and professional lives in the era of social media.
The practice has reportedly grown more commonplace as companies increasingly regard profiles—or embarrassing photos from wild nights out—as windows into a prospective employee's character. On March 23, 2012, Facebook’s Chief Privacy Officer, Erin Egan, posted a note warning that the social networking company could “initiate legal action” against employers that demand Facebook passwords. Egan said in a post on Facebook’s website that the social networking company has seen in recent months “a distressing increase in reports of employers or others seeking to gain inappropriate access to people’s Facebook profiles.” A Facebook executive cautioned that if an employer discovers that a job applicant is a member of a protected group, the employer may be vulnerable to claims of discrimination if it doesn't hire that person. Personal information such as gender, race and religion are often displayed on a Facebook profile — all details that are protected by US federal employment law.
A Facebook statement said: "We don't think employers should be asking prospective employees to provide their passwords because we don't think it's the right thing to do. While we do not have any immediate plans to take legal action against any specific employers, we look forward to engaging with policy makers and other stakeholders to help better safeguard the privacy of our users". Not sharing passwords is a basic tenet of online conduct. Aside from the privacy concerns, Facebook considers the practice a security risk.
Also, lawmakers in several US states and in Washington said they would introduce bills to prohibit companies from vetting employees by demanding access to private accounts. Leland Yee, a California state senator, told Reuters on March 23 that he introduced legislation that would prohibit companies in the state from soliciting Facebook passwords from job applicants. The Associated Press reported that lawmakers in Illinois and Maryland were also considering similar moves. “Employers can't ask in the course of an interview your sexual orientation and yet social media accounts may have that information,” Yee said. “Employers have legitimate questions about a person’s job performance, but they can get that information the regular way, without cutting corners and violating people’s privacy.”
Two US senators are asking Attorney General Eric Holder to investigate whether employers asking for Facebook passwords during job interviews are violating federal law, their offices announced March 25. Troubled by reports of the practice, Democratic Sens. Chuck Schumer of New York and Richard Blumenthal of Connecticut said they are calling on the Department of Justice and the US Equal Employment Opportunity Commission to launch investigations. The senators are sending letters to the heads of the agencies.
"In an age where more and more of our personal information — and our private social interactions — are online, it is vital that all individuals be allowed to determine for themselves what personal information they want to make public and protect personal information from their would-be employers. This is especially important during the job-seeking process, when all the power is on one side of the fence," Schumer said in a statement.
Maryland and Illinois are considering bills that would bar public agencies for asking for this information.
India, especialy IT-dominated Bangalore, is not untouched by this emerging problem. According to a special story by Sheetal Sukhija, entitled “Is your Facebook page your mini resume?” published in The New Indian Express (26-3-12), as privacy debates heat up across the world, Bangaloreans reveal the trend of employers asking job aspirants for their Facebook IDs and passwords has caught on here too. When Adil Pasha, 24, revealed at an advertising job interview that his main strength was creativity, his interviewers asked for his FB password to check his latest updates. They rejected him, as he was going through a break-up and had put up song lyrics as his status message. On the other hand, Sukanya Srinivasan, 19, got an internship chance at a leading IT firm solely based on her FB photo albums.
“A company recently rejected my application after looking at the number of people I’d blocked on my chat list. They thought I didn’t have good interpersonal skills. I might be a friendly, harmless flirt, but the company might think I could sexually harass women employees. If they see my photos at a party, they might think I’m an alcoholic,” said one, who has attended over 12 interviews in the last two months, where his social life mattered more.
“This is a privacy infringement but there is no provision in the law (IT Act-2008) that prohibits employers from asking for personal information. This is happening with the willingness of potential candidates. If a person finds it unacceptable, he/she shouldn’t share the password. Background checks are common as some companies deal with sensitive information. So it’s not illegal, but intrusive. I think some power relationships can be abused if they cross the social networking barrier — like a boss-employee and teacher-student relationship. Corporate policy should prevent such things,” explained Sunil Abraham, executive director, Centre for Internet and Society.
But employers have a different take on the subject. The Times of India (26-3-12) quoted one Bangalore–based HR Manager as saying: “In the BPO sector, we deal with business data of big companies and we don’t want people who cannot be trusted. We spend almost 2-3 months training our new employees with the best trainers and even share our trade secrets with them. We would not want to here someone who isn’t trustworthy. This is the reason we ask for their passwords. We look for whether the person is honest, creative, credible and he would be an asset to the company or not.”
The Indian ingenuity will come to the fore like double entries in accounting book-keeping and dhoosra in cricket. Some people may enhance their web identity to make it more appealing so the pokey-nosed employer may be misled. People may also start building dual profiles – one with their true self and the other with their politically correct self for the prospective employer.
Corporates have been hiring private detectives to check on their employees and to do background checks on prospective recruits. Now phishing, so far the domain of cyber criminals, may become the daily bread of detectives to snoop for corporates. Laws or no laws, they would expect to make a killing out of this opportunity window. Though in a different context, Herbert V Prochnow, Jr. eggs them on:”Nothing is more powerful than hope. One little nibble will keep a person fishing all day.” What is true of fishing is even more true of phishing.
John B Monteiro, author and journalist, is editor of his website www.welcometoreason.com (Interactive Cerebral Challenger) – with format for instant response.