Facebook privacy and employer fishing

 As society encounters new technologies it is also in a constant process of creating new paradigms for the use and misuse of those technologies. It seems that with every positive use found, a negative use of the same technology is developed. Just as the telephone allowed us to connect with distant relatives and friends, it also enabled the proliferation of wiretapping and other surveillance methods by law enforcement or otherwise. As high powered cameras gain even greater ability to zoom into the dens of African lions so too do they enable paparazzi to zoom into celebrity backyards from greater distances, the unfortunate result is that the expectation of privacy in public and semi-public spaces becomes more muddled as technology has advanced. Given that U.S. citizens expect a certain amount of privacy and exhibit a certain amount of control over that privacy in real life, are those expectations and controls extended to the virtual world as well? The question of privacy and control over personal information may come into sharper focus when discussing means of getting and using that information which employers may apply to potential job candidates. Those means and uses have been criticized and debated in both the public arena and through the law. This paper will examine the current trends in Facebook (a popular social networking site) privacy controls and the ethical and legal uses of publicly available data with special emphasis on employer information fishing. Research will include an examination of popular privacy control tactics and practices potential employees may use when safeguarding personal information. Additional legal definitions of privacy and ethical considerations surrounding privacy will also be used to discuss the employers use of data publicly found on Facebook.

First let’s discuss a definition of privacy. Privacy is generally defined as the freedom to be secluded from company or observation as well as from unauthorized intrusion. Although not explicitly found in the Bill of Rights as an unalienable human right, the expectation of privacy in the United States has usually been inferred from the Fourth Amendment of the U.S. Constitution.

 “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” – U.S. Const. amend. IV

In a later mocked opinion, Justice William O. Douglas found the right to privacy to be just in the shadows or the penumbra of the Third, Fourth and Fifth Amendments (Griswold v. Connecticut, 1965).  But an expectation of privacy is well documented through case law and legal precedents establishing both boundaries and expectations of public and private spaces. In the landmark case of Katz v. United States (1967) a standard two-pronged analysis of subjective and objective expectations were used in order to test for a reasonable expectation of privacy. To pass the Katz test one must first have exhibited an actual (subjective) expectation of privacy and that expectation of privacy must then be one that society is (objectively) prepared to recognize as reasonable. These court precedents for the expectation of privacy are readily found with regard to the physical world but can they be extended to the virtual world as well? Further, does society recognize the publicly available information on the internet as having a reasonable expectation of privacy? Unfortunately current research is not clear or does not agree on the public’s perception of digital privacy and future research on these questions is needed before a determination can be made.

It should be noted that the philosophical idea of privacy does not necessarily extend across all cultures or even within a culture. According to Liptak (2010), the difference in European and American ideals of privacy often collide. For example, there is a philosophical difference in the belief of privacy as a fundamental human right (as Europeans see it) and the belief of privacy a consumer right (from the American viewpoint). This is evidenced in the American legal system’s emphasis on making legal decisions based on the protection of consumer rights against non-governmental searches and surveillance (Liptak, 2010).

Of interest for this paper, American Mark Zuckerberg, founder and CEO of Facebook, has been famously quoted for his cavalier attitude toward privacy. Beginning with his general philosophy for Facebook as “making the world more open and connected” (Grossman, 2010) and more recently extending to his statements regarding Facebook privacy settings, Zuckerberg claims that Facebook privacy is only an extension of societal norms evolving toward increased openness (Kirkpatrick, 2010).  Although society’s acceptance of Facebook’s privacy settings establishing an openness standard still remains to be seen and is currently hotly contested (Smith, 2010), the uses of the information that is publicly available has a many varied uses both positive and negative. Data phishing and data mining on Facebook has been made infinitely easier through the use of the publicly available FacebookAPI. The complex privacy controls, constant updates and increasingly prevalent applications requesting access to data are making it more difficult for time pressed users to manage their personal information. Although sites such as http://www.OpenBook.org and the “public preview” view on Facebook are attempting to increase awareness of publicly available information on individual’s Facebook pages. Facebook has received criticism that the privacy settings should default to be more closed and protective and not have the user opt in to higher privacy settings. This seems in direct contrast to founder Mark Zuckerberg’s general philosophy. Unfortunately for Zuckerberg, the Federal Trade Commission has raised issues challenging Zuckerberg’s tactics of pulling Facebook users kicking and screaming into his radically transparent world  view. The FTC has recently found Facebook to have engaged in “unfair and deceptive” practices regarding changes to its 2009 privacy settings (Kravets, 2011). The changes in question publicly exposed personal photos and information previously marked as private. As part of the settlement with the FTC, Facebook will now have to ask users permission before changing future security settings and as a precautionary measure Facebook will have to submit to external audits for the next 20 years (Kravets, 2011). Although one can assume that Facebook did not maliciously expose user data when making those changes, we might be able to consider the case of Facebook privacy settings as an extension of Zuckerberg’s cavalier attitude of begging for forgiveness later rather than asking for permission now. However, these constant changes in the Facebook privacy settings (which are infamously longer than the U.S. Constitution) are really only part of a reality of life in perpetual beta.

Information and/or data privacy policies are constantly being defined and redefined based on the relationship between society’s use of new technologies and the legal right to or expectation of privacy using those technologies. Technology is growing at a rapid pace and our inability to keep up with the arduous legislative changes required to manage never ending system changes is a first world hurdle which must be addressed.  This is especially true when dealing with the sharing and protection of personal data. The dichotomy between personal security and the use of new technology has been at the heart of the privacy argument since the historic Olmstead v. United States (1928) Supreme Court case where new telephone and wiretapping technologies were being put to the privacy rights test. Current issues surrounding personal privacy in the digital age usually revolve around data collection, data storage, ownership rights, sharing and access. Here we will only examine the issues of data collection and sharing as they directly relate to employers seeking publicly available information on Facebook for potential job candidates

As businesses become more familiar with the increasing availability of personal information through new technologies and systems, such as Facebook, the negative implications for retaining privacy becomes increasingly apparent. In the face of the volume of data that is now collected on each individual, it is surprising that more information is not publicly shared as there is no practical means of controlling access to all of our fragmented data. In some cases access to this data is assumed to be public as in the example of the Library of Congress’s recent announcement that it will be archiving all Twitter (a social networking and microblogging site) posts since 2006 (Rosen, 2010).

According to a survey conducted by Cross-Tab research and sponsored by Microsoft (2010), “the recruiters and HR professionals surveyed are not only checking online sources to learn about potential candidates, but they also report that their companies have made online screening a formal requirement of the hiring process.” Companies like Social Intelligence (www.socialintel.com) are now being outsourced to search the Facebook pages of potential job candidates and return volumes of synthesized data which are then categorized into positive and negative results (Preston, 2011). The FTC originally raised questions regarding Social Intelligence’s business practices but eventually found the company to be in compliance with the Fair Credit Reporting Act and upheld the company’s right to fish for public information on Facebook. This ruling sets a new precedent where companies like Social Intelligence can now be considered consumer reporting agencies.

The Fair Credit Reporting Act (15 U.S.C § 1681 et seq., 1970) is a United States federal law which protects consumers from employers receiving “too much information” and requires an employer to “clearly and accurately disclose to the consumer that an investigative consumer report including information as to his character, general reputation, personal characteristics and mode of living, whoever are applicable, may be made” (15 U.S.C. § 1681d, 1994).  Employers cannot undo what may be seen in an internet search or on an individual’s Facebook page but per FCRA employers may have to explain how that information did not enter into their hiring decision.

The idea of a radically transparent society and world is especially sexy to social networking sites and other networked sites. The “social capital” (Bourdieu, 1986) of the information that individuals collect and display on Facebook includes text, videos and photos (Cross-Tab, 2010) and allows individuals to increase one’s sense of community and reputation. In the Web 2.0 world this social capital is also used to better target content and personalize user experiences. Although some codes and laws like FCRA are available to protect consumer rights to privacy on the web, the most effective protection that consumers have is located between their ears. The long term impacts of the data trail that each individual leaves are still not yet known so job candidates and the general public  should proceed with caution when posting publicly available information. The public post from high school or college graduation shenanigans may have a longer shelf life than one may expect. Current and future job seekers must make some considerations when managing their online presence and privacy. Individuals searching for jobs are selling themselves as a one man business (i.e. selling yourself in an interview) and may benefit from some radical opacity (Dibbell, 2010) as opposed to the radical transparency (Beal and Strauss, 2998) of information that social networks encourage.

Privacy allows citizens protection of intellectual, political and religious freedoms and is closely linked with anonymity and security. As technology has advanced, so too have the tactics by which individuals protect their privacy. These tactics enable consumers to create radically opaque public profiles which would not cause any red flags to be raised in the investigative consumer reports that employers receive. A call to action is needed for all consumers to better manage their publicly available information and radical opacity may just be the answer potential job candidates need in order to present their best side during the increasingly competitive job hunting process.


  1. Beal, A. & Strauss, J. (2008). Radically transparent: Monitoring and managing reputations online. Indianapolis, Indiana: Wiley Publishing, Inc.
  2. Bourdieu, P. (1986). The Forms of Capital. In Richardson, J. (Ed.), Handbook of Theory and Research for the Sociology of Education (pp. 241-58). Westport, CT: Greenwood.
  3. Cross-Tab. (2010). Online Reputation in a Connected World. Last retrieved December 13, 2011 from http://go.microsoft.com/?linkid=9709510
  4. Dibbell, J. (September/October 2010). Radical Opacity. Technology Review, 16(16) 2. Last retrieved December 13, 2011 from http://www.technologyreview.com/web/25997/page1/
  5. Fair Credit Reporting Act 15 U.S.C 1681 et seq. (1970). Last retrieved December 13, 2011 from http://www.ftc.gov/os/statutes/031224fcra.pdf
  6. Fair Credit Reporting Act 15 U.S.C 1681d (1994). Last retrieved December 13, 2011 from http://www.ftc.gov/os/statutes/031224fcra.pdf
  7. Griswold v. Connecticut 381 U.S. 479 (1965)
  8. Grossman, L. (2010). Person of the Year 2010: Mark Zuckerberg. Time. Last retrieved December 13, 2011 from http://www.time.com/time/specials/packages/article/0,28804,2036683_2037183_2037185-7,00.html
  9. Katz v. United States, 389 U.S. 347 (1967)
  10. Kirkpatrick, M. (2010). Facebook’s Zuckerberg Says the Age of Privacy is Over. ReadWriteWeb.  Last retrieved December 13, 2011 from http://www.readwriteweb.com/archives/facebooks_zuckerberg_says_the_age_of_privacy_is_ov.php
  11. Kravets, D. (2011). FTC Slaps Facebook’s Hand Over Privacy Deception. Wired. Last retrieved December 13, 2011 from http://www.wired.com/threatlevel/2011/11/ftc-slaps-facebook-privacy/
  12. Liptak, A. (February, 2010). When American and European Ideas of Privacy Collide. The New York Times, pp. WK1, New York edition. Last retrieved December 13, 2011 from http://www.nytimes.com/2010/02/28/weekinreview/28liptak.html
  13. Olmstead v. United States, 277 U.S. 438 (1928)
  14. Preston, J. (2011). Social Media History Becomes a New Job Hurdle. New York Times. Last retrieved December 13, 2011 from http://www.nytimes.com/2011/07/21/technology/social-media-history-becomes-a-new-job-hurdle.html?pagewanted=all
  15. Rosen, J. (July 2010). The Web Means the End of Forgetting. The New York Times, pp. MM30, Sunday Magazine. Last retrieved December 13, 2011 from http://www.nytimes.com/2010/07/25/magazine/25privacy-t2.html?_r=1&ref=technology
  16. Smith, C. (2010). Delete Your Facebook Account: ‘Quit Facebook Day’ Wants Users to Leave. Huffington Post. Last retrieved December 13, 2011 from http://www.huffingtonpost.com/2010/05/15/delete-facebook-account-q_n_576956.html
  17. U.S. Const. amend. IV
For more information on users expectation of privacy in social networks see the extension of the Cross-Tabs survey through the Online Reputation (“Word-on-the-street”) video by Microsoft