The city of Bozeman, Montana was taken to the cyberspace woodshed recently over a policy of asking job applicants for their passwords and logins to social neworking sites. News reports about the policy quickly gained the attention of bloggers all over the world.

The city’s background check policy required applicants to provide login details, including passwords, for all social networking sites they belong to. The requirement, which is included on a waiver statement, asks applicants to “Please list any and all current personal or business websites, web pages or memberships on any Internet-based chat rooms, social clubs or forums, to include, but not limited to: Facebook, Google, Yahoo, YouTube.com, MySpace, etc.” Forcing applicants to turn over their passwords, especially for Google and Yahoo, may even cause the applicants’ personal email to be vulnerable to snooping as well. Bozeman’s City Attorney defended the policy in true lawyerly fashion, claiming the policy was necessary to protect the public trust.

Is it necessary? Companies do conduct background checks on potential employees, and are justified in doing so. It is of course, very common for potential employers to check out a job candidate’s cyber-background, conducting a quick search on Google and on various social networking sites. For potential employees, anything you have posted publicly is fair game for the background check. But requesting passwords is over the top and is just too egregious of a privacy violation to stand. There’s no excuse for it and no justification.
 
Days after the news broke and the blogosphere showed its outrage, the city revoked the policy, probably out of embarrassment for even having thought up this stinker of an idea in the first place.

There’s a fine line that Bozeman crossed here, and policies like this could very easily lead to cracking into personal email accounts. It’s one thing for a job applicant to post on a public social networking site “I just interviewed at XYZ company, and the boss is a pointy-haired idiot.” Said pointy-haired idiot can legitimately look at that public post, since it is, well, public. If you lose out on a job after making a post like that, you got what you had coming to you for being stupid enough to post it. But, if the applicant writes a personal email and says the same thing, then that’s another matter, and the hiring manager has no business looking at it. The fine line is made even finer, since it has been generally accepted as legitimate for companies to read employee email sent through the company server, so long as the employee is aware of the policy.