Facebook is a useful tool for gathering information about others. From the beginning, the advice has been to be careful that what is posted well represents us. Or… To limit who can see those things we might not want seen.
Hiring managers also have a difficult situation. Is who you are looking to hire who they say they are? One approach is to look at what candidates offer publicly. Another is to friend the candidate. In both cases, I as a candidate can easily hide information by controlling who can see it. It looks like the Maryland Department of Public Safety and Correctional Services wanted to know if applicants had gang affiliations. Intelligent users would not publicly proclaim this information, but they might have the information privately available.
Michael Covington says in his blog you could be committing a crime in Georgia by giving out your Facebook password:
An employer who asks for your password is potentially requiring you to commit an illegal act (unauthorized computer password disclosure) under the laws of Georgia and other places, as well as breaching your contract with Facebook. Your password is not yours to give away. You have agreed, as part of the terms of service, to keep it secret. (And while you’re looking at the Georgia law, look at computer invasion of privacy, too.)
The relevant code from the page to which he linked:
(e) Computer Password Disclosure. Any person who discloses a … password, or other means of access to a … computer network knowing that such disclosure is without authority and which results in damages (including the fair market value of any services used and victim expenditure) to the owner of the … computer network in excess of $500.00 shall be guilty of the crime of computer password disclosure.
So, if by giving your Facebook password to a potential employer you cause more than $500 to Facebook or another entity with that account, then you face criminal penalties. Causing damages with the account whose password was given out is the key, which I think would require the user of the password doing something criminal with the account. You as the holder of the account are a criminal. What kind of penalties?
(h) Criminal Penalties.
…(2) Any person convicted of computer password disclosure shall be fined not more than $5,000.00 or incarcerated for a period not to exceed one year, or both.
Worse, you intentionally violate the Terms of using Facebook by giving an employer the password. Facebook emphatically rejects that employers should ask for a password.
4. Registration and Account Security
8. You will not share your password,… let anyone else access your account, or do anything else that might jeopardize the security of your account.
I have seen a compromise suggested, where a candidate logs into the account and lets someone else look around for whatever it is they seek. Even that makes me squirm.
Privacy is always a tough issue, but I think when in doubt side with preserving that of the individual.