back to article US city demands FaceSpaceGooHoo log-ins from job seekers

If you apply for a job with the City of Bozeman, Montana - a mid-sized burg halfway across these United States - you're forced to surrender usernames and passwords for every account you've set up with websites of the "social networking" variety. According to the City, that includes everything from Facebook and MySpace to …

COMMENTS

This topic is closed for new posts.
  1. Mike 93
    Black Helicopters

    Wouldn't handing over the requested information ...

    ... be breaking the EULA that you agreed to on sites like Facebook, therefore proving to the City that you are willing to break any such agreement you sign with them at the request of someone else asking for similar information?

  2. Jeremy 2
    Flame

    Sue them!

    Even though the details are being handed over 'voluntarily', it's still unauthorised access of a protected computer system. Isn't that a felony in the US?

    Honestly, the fuckwit who came up with this idea should be made to hand over all his login details too. I'm sure he wouldn't mind.

  3. Trev 2

    Security of the paper application?

    Re. the reassurances that regardless of what they see they will only use the bits they want, presumably means they're either using computer algos (like Google) to read and sift the info since I can't imagine any person doing that is going to be that objective.

    Even bigger worry however is simply security of the data. Can the prospective employees be assured they'll keep these forms in a secure locked-down vault with several layers of military grade security, as per Fort Knox thus ensuring that no one within the city HR dept can borrow, copy or steal the data contained within these documents?

    Of course the easy solution is say "I don't use Facebook, Yahoo Mail, Google Mail etc". Scuppered at the first fence.

    PS: You think I should post this as anon incase UK companies yet the same idea? :)

  4. Anonymous Coward
    Paris Hilton

    Eligibility test

    Has it occurred to you that it's part of the test... see how willing you are to hand out personal info and passwords.

    It's a possibility that they're using it to screen applicants - exclude those that hand over their passwords!

  5. Mike 61
    Flame

    you can have my passwords

    when you pry my SecurID token from my cold dead fingers. I mean really, if these sites used TFA this would all be rendered moot.

    I would suggest to all these sites, since the city has publicly admitted that they are violating your EULA, that you suspend all accounts associated with them and prevent any new ones from being created in that netblock..

  6. Anonymous Coward
    Thumb Down

    *shrug*

    I'm just going to wait for the first lawsuit that hits the city.. of which there will be many.

    First there is that right to privacy, which they are clearly violating. Demanding information that would normally require a warrant of some kind is going to hurt them badly.

    And eventually the first person who has their identity stolen, which includes pretty much anyone the employee interacts with via social network sites, will take the city to the cleaners. It doesn't matter if the city managers claim they didn't poke around where they weren't supposed to, they simply won't be able to prove they weren't the person that divulged the information to someone who could take advantage of it.

    As for email, that's fast becoming as protected as postal mail and if you have access to a person's Google account you have access to their email.

    Again it really doesn't matter what the employees actually look up, the city has created a liability for themselves by demanding their employees hand over this information. They become liable for every employee who has access to this information.

    We all know how well threats to employees about being fired or prosecuted works when it comes to not looking up things they shouldn't.

    I work for a State Department and regularly see new employees turned out the door with a promise of further action when they're caught poking around places they shouldn't.

    For example, anyone who has computer access at the Child Support department will eventually have a friend ask if they can "look up my case". Just accessing that information if you are not working on the case is an instant dismissal and very likely to end in a court appearance. But they still do it and many are even stupid enough to try to "help" their friend by making favourable alterations.

    So promises of "we won't do that honest" are worthless, and when something goes wrong every employee or friend of that employee has a very wealthy target to sue whether it was the City's fault or not.

    Obviously only an idiot would work for this city, but it might be worth applying for a job and then refusing to sign the disclosure paperwork just for the financial reward if you know a decent lawyer.

    Of course as everyone knows in the US, this is how millionaires are made. It's amazing how often some business or public entity volunteers to be the means to enriching Americans. The level of stupidity employed here is actually a pretty good example of how it happens and however overplayed you think the attitude that most Americans are thick as two short planks, I'm sorry but actually they really are. They usually have about as much awareness of the consequences of a given action as your average dog.. which is to say none at all.

  7. jacob 3

    ok then

    *changes password*

    oh.. looks like your information is out of date... what a shame.

  8. Dave Morris

    wait, wait, wait

    What if you are the security conscious type who changes their passwords regularly? Today's passwords may not be tomorrow's; does security mindedness automatically disqualify you from having a personal (police) or property (fire) security oriented job?

  9. Frank Thomas

    TOS?

    um, most sites TOS requires that you never give away your username and password. in fact the TOS on the Bozeman TV news site linked in TFA includes this passage in it's terms of service:

    "USE OF SECURE AREA AND PASSWORD

    You are given access to any password-protected area of the Web site when you are given permission and a password to enter such area. You may not distribute your password to others, but if you wish to authorize another individual to use your password, you must request permission from WorldNow in writing, with the understanding that WorldNow is under no obligation to approve any such request. You are responsible for all uses of your password and any and all damages to WorldNow and this Station resulting from the distribution of your password, whether or not authorized by you. "

    http://montanasnewsstation.com/global/story.asp?s=18991

    Now correct me if I'm wrong, but didn;t the prosecutors in the recent myspace impersonation/susicide case, try to charge the defendant with felonious "computer hacking" because she violated the TOS?

    http://hackaday.com/2008/05/27/violating-terms-of-service-equals-hacking/

    http://www.theregister.co.uk/2008/05/17/myspace_hacking_charges_analysis/

  10. Anonymous Coward
    Anonymous Coward

    Re: Eligibility test

    Yeah, I was thinking they are looking for "people of high integrity". Where does turning over private and confidential data, and willingly giving up passwords fall in high integrity?

  11. Christoph

    Good idea as far as it goes

    "all the way down to the lifeguards and the folks that work in city hall here. So we do those types of investigations to make sure the people that we hire have the highest moral character and are a good fit for the City,"

    Absolutely. You certainly wouldn't want your child's life to be saved by a lifeguard who once mentioned on his private, personal diary something that doesn't meet the high moral standards of the little old ladies of Lower Buttfuck, Hicksville, USA.

    But it doesn't go far enough. They need to check what you've spent money on in case you bought something they don't approve. They need to know where all your money comes from - why, you might be a DRUG DEALER!!!

    So they also need to have all your bank account and credit card details so they can log in and check all your financial transactions, and cancel any they don't approve of, and make payments from your account to their personally favoured charities if they don't think you're giving enough.

  12. Anonymous Coward
    Black Helicopters

    Reminds me of something...

    Something like "Are you now or have you ever been a member of the communist party?"

    I suppose lying on the application isn't allowed...

    PS: This is why Zefram Cochrane invents the warp drive in the 2060s... He was trying to get away from these nut jobs!

  13. LaeMi Qian
    Pirate

    So we are going to have a city...

    ...who's entire public service is lax with their passwords?

    I'd live there, yeah right!

    I might consider a visit though - walk into the local council office in a severe-looking hairdo and skirt-suit and carrying a clipboard for the "annual password check" and take down their details. :-X

  14. Ozwadi Ogolugi
    Thumb Down

    Sure are..

    complete wankers!!

  15. Anonymous Coward
    Thumb Down

    @Mike 61

    I have to agree with you there. If I were running any of these sites I would immediately close down any of the cities accounts for openly violating the EULA and for encouraging/requiring others to break the EULA as well. I think these idiots need to get with the state agencies who want to seize or shut down internet gambling sites and collectively take a long walk off a short pier.

  16. Sooty

    maybe it's me

    nothing in the quoted info reads as having to submit usernames or passwords, the quoted paragraph looks to be no more than a request to list the sites you use.

    maybe there is more to it, but without the wording of it, it's hard to judge.

    Although, where i work, we have been asked in the past to be very careful about anything on a social network that links to the company, in fact we have been specifically asked to remove any references, from any public sites, to who we work for "for security reasons".

  17. Kevin 6

    Wonder

    What if you tell them you don't have any?

    My E-mail is POP3 only so if they would check it they would delete my e-mails. I do not use facebook, myspace, shitte.. err i mean twitter, or any of those other "social" networking sites. I would probably be turned down due to them thinking I'm lying ;)

  18. Destroy All Monsters Silver badge
    Flame

    "what we look for is none of the things that the federal constitution lists as protected things"

    ...because, uhhhh... its doesn't list any? Even the amendements don't.

    If such a questionnaire would be put before me, I would suppose that I somehow slipped into the job interview scene of Men In Black.

    Anyway, should be just minutes and a few phone calls before the pullout occurs. These guys are not NSA and/or are under a presidential snooping umbrella.

  19. Seán
    Joke

    Obamanation

    See it's secret muslim communist socialism just like jesus said.

  20. Nemesii

    @ LaeMi Qian

    I was thinking the exact same thing, walking in with a severe-looking hairdo and skirt-suit and robbing them blind, but they'd probably get suspicious when they saw my 5 o'clock shadow :/

  21. MYOFB
    Flame

    This is definitely a test . . . .

    . . . . of the integrity of anyone applying for a position in the, Police, Fire, Lifeguard, City Hall areas of Numpty Land(tm)!!

    Either that or the City Attorney is a complete fuckwit trying to defend such requests!!

    Anyone who actually applied for such high office/integrity positions that relinquished the requested account details would automatically FAIL to secure employment in said positions!!

    In fact, if you were applying for a street cleaner job, I'd fucking FAIL you!!

    And as for City Attorney Greg Sullivan . . . he failed the moment he opened his saggy jawed chops and slavered his sputum in an attempt at a defense . . . . Wanker!!

    \ Calm \

    Yeah, definitely a test . . . . if only of my patience!!

  22. Anonymous Coward
    Anonymous Coward

    Oh dear...

    Should be a great way to guarantee they get only the highest quality of applicants for IT jobs. Can you imagine anyone worth an IT job title who would hand over such information?!

    I'll save mine for those people at Liverpool Street station who hand out chocolates in exchange... Never said they were valid though ;-)

    Mmmmm... chocolate :-)

  23. Nordrick Framelhammer

    There is an easy way to fix them.

    Create a new account on Arsebook, Twatter, or Mycolon, give the details over, then, a few days or weeks later, log in onto that site from a random unlocked PC, make some rude comments then complain your account has been compromised due to the shitty city policies and sue the living daylights out of them.

    No way would they get my active Yahoo account, or other sites I use for my online gaming. No way in hell!

  24. Chris C

    Liability?

    What about people who use services such as Google and Yahoo wherein multiple services are accessible with the same username and password? So the City will now be able to see your "social" activity as well as your commerce transactions, read your email, etc.

    But more importantly from a legal perspective, what about liability? If you hand over your username and password to the City, then City employees will be able to log in to your account and start changing things. They can upload copyright-infringing material, post libelous messages, and even upload images of child pornography if they want to. And because it's YOUR account, guess who's going to be investigated and likely prosecuted?

    ----------------------------------------

    @Kevin 6 re: Wonder

    "My E-mail is POP3 only so if they would check it they would delete my e-mails."

    Actually, that's incorrect. While most POP3 clients do automatically delete messages after downloading them (unless explicitly told to keep the messages on the server), that's the client that does it, not the server. With POP3, messages must be explicitly deleted from the server. See RFC1939. The LIST command shows the number of messages and their sizes, the RETR command downloads the messages, and the DELE command deletes the messages.

  25. Anonymous Coward
    Anonymous Coward

    Re: Reminds me of something...

    Me too. When you need to register with sites they sometimes require an email address(*) as the username then ask for a password. I've often wondered how many people put the password of their email account.

    (*)Yes, I know about anonymous mailboxes but I'm talking about the general population.

  26. PJ H

    Re: wait, wait, wait

    > What if you are the security conscious type who changes

    > their passwords regularly? Today's passwords may not

    > be tomorrow's; does security mindedness automatically

    > disqualify you from having a personal (police) or property

    > (fire) security oriented job?

    If you're the security conscious type, you wouldn't be handing over your passwords to begin with!

  27. Mr Larrington
    Paris Hilton

    Bozeman?

    Bozoman, more like. Mind you, this is a place which once prevented Eleanor Roosevelt from delivering a speech at the university on the grounds that she might be "too controversial".

    Worse still, my planned road trip later this year takes me through Bozoman. I may have to apply for a job there, just so's I can attempt to Fuck the System.

  28. Jason Bloomberg Silver badge
    Joke

    And when they login ....

    .... and download a virus it will all be their own fault :-)

  29. Herby

    Why doesn't the city attorney...

    ...publish HIS details for all to see. He has nothing to hide does he. Maybe all his open cases. We won't look that stuff up. No Sir!

    Lead by example is a reasonable way to go if you ask me.

    Of course, a good BOFH doesn't need this information!

  30. Rik
    Coat

    "reach out to the city of Bozeman"

    ... grab them around the neck and wring the fuck out of it.

  31. Anonymous Coward
    Anonymous Coward

    Joseph McCarthy

    Joseph McCarthy would be pleased and proud of the Western world now I'm sure although he'd still be pushing for more access, fear, and paranoia.

  32. Anonymous Coward
    Anonymous Coward

    Here's a ploy

    Just pretend to be a complete redneck and say "what a 'puter and what am this googler thinga for boy?"

  33. JohnG
    Joke

    The Nigerian Connection

    From the Humane Resourses Office of City of Bozeman,

    Lagos,

    Nigeria

    Dear Coleag,

    we are sending this message to your Yahoo account for security. You may remember policy of the City of Bozeman to collect all your logins and passwords. We now need also your bank and credit card numbers. Please follow a link below for providing this infos:

    http://somewhere.in.china/ bozosinbozeman.scam.php

    yours hopefully

    Richard Katanga

    Secretery to Director of Humane Resourses Office of City of Bozeman

    email: s.cam419@mail.ru

  34. Bernie 2

    urmm

    you'd have to be a moron to put login details on a job application.

    Perhaps that's part of the test, as has been suggested in earlier comments.

    But if it's not a trick question and they seriously want the info, I can't imagine they're going to have many successful applicants.

    And why do they want passwords anyway? Surely usernames alone would be enough to give them access to the publicly available information, which is all they're allowed to see.

  35. James Micallef Silver badge
    Flame

    Redneck hicks

    that is all

  36. Chris Harries
    Flame

    Mmmm Chocolate

    Chocolate...Liverpool Street Station....WHERE WHERE???? :)

    But moving on, it would be nice to think this was just a way to get the dumb applicants out of the process, but I fear they are being serious about this.

    Some monkey in some high up office thought this up

    "This business with this faceboy thing....can we use it some how...Jenny, brnig me coffee, a hooker and a notepad...I have an idea"

  37. dracotrapnet
    Linux

    Wow

    Wow.. I'd certainly not give away any usernames/passwords. I'll give them an email address and that's it, they can figure it out from there if they are that damned nosey, or I'd tell them to f* off right there.

    Or for more fun, give them the username admin and random passwords for every service and see how far that goes.

  38. Anonymous Coward
    Joke

    Ahh Montana

    Where the men are men, the women are men and the sheep are scared.

  39. PPPie
    Thumb Up

    Good reason

    I think this is the best reason I have heard yet for not using Billy-no-real-mates sites like MoronBook.

    If you don't use it they can't have it, simple.

  40. Fred 4
    Joke

    What is...

    What is Facebook?

    MySpace - you mean my house? you want my house in trade for a F$$$ing job ! ! !

    Google - isnt that really big number? is that my Salary?

  41. Stan Fisher

    No problem with this - under one condition

    No problem providing my login/password info to them. However, since I have no way of knowing if they can be trusted with my information, I would need to know in advance the login/password to all social networks of each individual who will be given access to my login information. This will allow me to do a background investigation of each of them to ensure they can be trusted with my information. Certainly they will have no problem with this request since they are asking the same of me.

  42. WhatWasThat?
    Pirate

    Long Gone, Me Mateys

    Avast! It seems the steely grey eye o' Ree Ality took the mainmast of USS Bozeman under its keel... Arr... was hopin' to get some Montana booty this day...

    'Specially whens I see city fishals get fine wenches as part of the comps package... Aye...

  43. Lukin Brewer
    Stop

    Bozeman makes a U-turn

    http://montanasnewsstation.com/Global/story.asp?S=10558291&nav=menu227_3

    The policy was rescinded at noon on Friday.

    Couldn't help thinking how "Bösemann" would mean "evil man" in German. :-)

  44. Anonymous Coward
    Thumb Up

    What Stan Fisher said.

    Seriously. Glad they rescinded the policy. But I bet 5 years from now, everyone will be handing over this info. I.e., this was just the first blow to soften us up. Remember when people refused to use websites that used cookies? Now many major websites don't work at all if I don't enable javascript and cookies. Isn't Gmail the most popular webmail now? The asstwanks at AT&T had the gall to tell me that I should have frozen my credit report, yet they authorized some crook to open a line of credit with my name and Social Security Number (compromised thanks to the TD Ameritrade breach, I'm almost certain) DESPITE the prominent fraud alert telling them not to open any accounts without calling me! Point being, we're getting softened up. It's reached the point where if I don't discover a company I do business is ripping me off, I probably just haven't been paying enough attention to notice yet.

This topic is closed for new posts.

Other stories you might like