Want CNET to notify you of price drops and the latest stories?

US prison demands Facebook login details from staff

The Maryland Division of Correction forced Robert Collins to provide full access to his Facebook account. He's now suing his employers with the help of the ACLU.

Andrew Lanxon headshot
Andrew Lanxon headshot
Andrew Lanxon Editor At Large, Lead Photographer, Europe
Andrew is CNET's go-to guy for product coverage and lead photographer for Europe. When not testing the latest phones, he can normally be found with his camera in hand, behind his drums or eating his stash of home-cooked food. Sometimes all at once.
Expertise Smartphones, Photography, iOS, Android, gaming, outdoor pursuits Credentials
  • Shortlisted for British Photography Awards 2022, Commended in Landscape Photographer of the Year 2022
Andrew Lanxon
2 min read

In a wonderful example of how privacy rights can be casually ignored, US jailkeepers at the Maryland Division of Correction (DOC) are requiring all new members of staff, as well as those recertifying, to provide full access to their Facebook accounts for use in background checks.

The new regulations came to light with the case of Robert Collins, who was undergoing recertification last year for a position following a 4-month leave of absence, Slashdot reports. Collins, who's now suing his employers with the help of the American Civil Liberties Union, was informed that he was required to provide full access to his Facebook account as part of the interview process and was then made to wait while the interviewer logged into his account and brazenly browsed his profile.

The reason given for this blatant invasion of privacy was to enable the government to examine Collins' wall posts, emails, photos and friend lists to ensure that new employees within the facility were not engaged in illegal activity or affiliated with known criminals -- particularly gang members.

This was not due to any suspicion of Collins in particular, but rather a blanket policy applied to all new members of staff including those -- like Collins -- who were undergoing recertification and had already been employed with the Maryland DOC before.

It's no different to an employer demanding a new starter bring in their old photo albums, CD collections, text messages, letters and diaries and have everyone in the office have a good laugh at them. It violated the privacy of not only Collins, but also his friends and family, as his employer has full access to emails Collins has received, as well as sent.

While the policy is illegal under the US federal Stored Communications Act, the specific case law in Maryland is a little more vague -- not because of any kind of split opinion, but purely due to the fact that such laws have never needed to be enforced before. It is also in violation of Facebook's own terms of service, which state, "You will not solicit login information or access an account belonging to someone else."

The American Civil Liberties Union of Maryland is currently fighting the case on behalf of Collins and all other employees of the Maryland DOC. We sincerely hope its social media policies are quickly revised, and the case gives other organisations pause for thought before imposing similar policies. Do you agree? Or do you think everything you put online is fair game, particularly if you work in a legally sensitive job?