Bozeman, MT Goes Phishing--Applicants Seeking City Jobs Must Disclose Usernames and Passwords
It's no secret that more and more employers are doing a quick Google search for a job applicant’s name as part of their background checks, but the City of Bozeman is taking it one step further.
In an article published yesterday afternoon, Montana's News Station reports that applying for a city job now requires turning over some fairly sensitive information. Specifically, the background check form for city jobs requires applicants to
list any and all, current personal or business websites, web pages or memberships on any Internet-based chat rooms, social clubs or forums, to include, but not limited to: Facebook, Google, Yahoo, YouTube.com, MySpace, etc.,...There are then three lines where applicants can list the Web sites, their user names and log-in information and their passwords.
When the station asked Bozeman City Attorney Greg Sullivan about the new policy he stated,
So, we have positions ranging from fire and police, which require people of high integrity for those positions, all the way down to the lifeguards and the folks that work in city hall here. So we do those types of investigations to make sure the people that we hire have the highest moral character and are a good fit for the City...
In other words, in order to apply to become a lifeguard employed by the City of Bozeman, I can never have any expectation of privacy online. At any given time, some random city employee can use my login credentials to chat on AOL using my name. Perhaps the form should include authorization for the City to enable one-click purchasing on Amazon.com using my account in order to expedite the hiring process.
Although thorough background checks are mandated for certain types of jobs in both the public and private sectors, requiring all job-seekers, no matter the position, to disclose sensitive login information on an application that may be seen by dozens of people raises major concerns regarding discrimination, privacy, and the safety of data stored on remote servers.
[Update (6/19/09): According to this article in the Bozeman Daily Chronicle, the City's policy caused enough of a stir on the internet to prompt the ACLU to look into the matter. Consequently, "City Attorney Greg Sullivan said in light of concerns being expressed by the public, officials are looking at ways to alter the policy so that they might view an applicant’s online information without asking for log-in codes."]
[Update (6/21/09): According to cnet, Bozeman stopped asking for passwords as of midday on Friday.]
