“You can’t be serious. You must be joking,” Collins recalls replying. The investigator wasn’t kidding. The implication of the conversation was that disclosing a Facebook account’s password was compulsory. The request was part of a new policy the Maryland Department of Public Safety and Corrections had adopted to filter out job candidates with gang affiliations or other unsavory personal pastimes. Collins acquiesced. He needed the job. But, he says, “I felt violated on so many levels.”
The feeling lingered. Within days, Collins contacted the American Civil Liberties Union and asked if they were aware of the practice. They weren’t. On Jan. 25, 2011, the ACLU sent a letter to Maryland Public Safety and Correctional Services Secretary Gary Maynard on Collins’ behalf, calling the social media password policy a “frightening and illegal invasion of privacy.” The letter -- and a public relations campaign by the ACLU -- made its mark. The department revised the policy, making it clear that handing over a password was voluntary.
The ACLU didn’t let the issue rest there. It pushed state legislators to take action. A year after the ACLU sent its letter to the corrections department, a coalition of Maryland legislators led by Del. Shawn Tarrant introduced a bill to prohibit employers, including public agencies, from requiring employees or job candidates to disclose their social media passwords. “Just because we have new bells and whistles,” Tarrant says, “that doesn’t mean that you have the right to invade my privacy.”
The bill passed in April, and Maryland Gov. Martin O’Malley promptly signed it into law. It was the first of its kind in the United States.
Until recently, such a statute might have seemed wholly unnecessary. But social media and the broader online realm present an unusual challenge for policymakers -- one that becomes more pressing with time.
Recent studies have found Americans spend 13 hours per week online, and more than 20 percent of that time is logged on social networks. As the Internet and social media become more and more integrated into people’s daily lives, legislators can no longer ignore the need for online policies and regulations. Yet it is largely uncharted territory for policymakers, one filled with unexpected and unique obstacles. “Who would have thought that social media would be an issue and we would have to protect citizens from violation?” says Illinois Rep. La Shawn Ford, who introduced a password protection bill in his state. “But we in government have to keep up with the changes in society.”
Right now, states and localities are ground zero for the policies and statutes that will govern more than 150 million Facebook and 100 million Twitter users in the United States. The U.S. Congress voted down one password protection proposal in March, although another has since been introduced. Meanwhile, in additon to the Maryland law, 11 other state legislatures have introduced bills during the 2012 session, according to the National Conference of State Legislatures. No federal statute for online bullying exists, but 46 states have passed laws that explicitly forbid bullying by any electronic means. There are no indications that Congress will address the issue of Facebook or Twitter profiles being a part of a person’s estate when he or she dies, but five states have already enacted laws that dictate what should happen, and two others proposed legislation this year.
That said, the intersection of policymaking and social media can be hazardous terrain. In the case of Maryland and Robert Collins, the state was nearly entangled in a costly lawsuit -- Collins would have sued if the state hadn’t revised its procedure. The Missouri Legislature was less fortunate. After lawmakers approved a bill last year that restricted interactions between teachers and students on social networks, the teachers union filed litigation against the state.
Other cases, particularly those that attempt to govern online speech, have attracted the attention of civil rights and First Amendment advocates who warn that states, in their effort to protect people from digital harassment, might come dangerously close to infringing on constitutionally protected expression. Elsewhere, the social media companies themselves are intervening, concerned that state laws could disrupt the user experience they’ve worked so hard to create for their customers.
A new Arizona law barring online harassment, approved by lawmakers in April, epitomizes one aspect of the tightrope state legislators are walking. The initial bill was intended to be an update of existing harassment laws, which hadn’t kept up with emerging technologies. “The way we communicate in 2012 is vastly different than the way we used to communicate,” says Arizona Rep. Ted Vogt.
But concerns about the new law’s implications for free speech led to rampant speculation in the blogosphere that the state could be subjected to a flood of lawsuits. Language that placed “annoying” or “offensive” behavior under the bill’s parameters drew scrutiny from First Amendment advocates. There was also a question of how to define and determine the intended recipient of online communications. The previous law covered telephone communications, which have an obvious sender and receiver, explains David Horowitz, executive director of Media Coalition, a national free speech advocacy group. Online behavior (in the form of a Facebook status update or a tweet, for example) has a less clearly defined audience. The coalition sent a letter in March to Arizona Gov. Jan Brewer and state lawmakers warning that the bill had “serious and significant constitutional infirmities.”
Vogt and other legislative leaders took notice and agreed to refine the bill’s language before sending it to Brewer’s desk. They worked with state attorneys to craft more precise definitions of illegal behavior (removing terms deemed too broad, such as “annoy”) and they worked to more clearly delineate the kind of two-way communication that would constitute harassment (a private Facebook message, a Twitter mention and so on). Brewer signed it into law in May. The resulting bill was greatly improved, says Gabe Rottman, a First Amendment policy adviser at the ACLU. But if state lawmakers had been less willing to compromise with advocates, the original legislation would have been an easy target for litigation. Says Rottman: “Anytime that you’re trying to restrict speech, you’re opening yourself up to constitutional challenges.”
New York state might be heading into the same firestorm. Bills introduced in both the House and Senate in late March would require website administrators (from blogs to social networks) based in the state to remove comments made by anonymous posters unless the poster agrees to attach his or her name to it. No votes have been taken on the legislation, but free speech advocates are once again preparing for action if the proposals move forward. “This statute would essentially destroy the ability to speak anonymously online on sites in New York,” Kevin Bankston, an attorney for the Center for Democracy and Technology, which promotes an open Internet, told Wired magazine in May.
Nebraska Sen. John Wightman discovered another complication this year: Social media companies themselves are quick to jump into the legislative process. He proposed legislation (at the behest of the Nebraska State Bar Association) that would transfer control of a social media account to an individual’s personal representative upon his or her death. “It’s something that will need some regulation,” Wightman says. “The legal aspects need to be resolved.” For their template, Wightman and the bar association had looked across the border at Oklahoma, which passed the nation’s first such law in 2011.
Oklahoma’s law had passed without much notice by Facebook. Under its own terms, Facebook memorializes an account when it is notified of a user’s death. The profile stays up, while new posts are prohibited and access to the account is locked. But stories of grieving parents forbidden from logging on to their child’s account had led Oklahoma legislators to act. Nebraska lawmakers saw an opportunity to avoid a situation like that in the future by creating a policy now. This time, though, Facebook lawyered up.
The company (and other social media networks that became involved in the statehouse negotiations) expressed concerns about the privacy of their users. “Our existing policy works to ensure that privacy settings are preserved and respected, and these policies extend to memorialized accounts,” Facebook spokesman Tucker Bounds wrote in an email. Facebook’s concerns led to the bill being shelved, but Wightman anticipates it being reintroduced during the next legislative session.
In other scenarios, Facebook and state legislators are working together to protect citizens’ online privacy. The company has taken an active interest in laws like Maryland’s that prohibit employers from requiring employees or job candidates to reveal their social media passwords. Facebook’s terms of service reject the solicitation of a user’s password. As Facebook Chief Privacy Officer Erin Egan wrote in a blog post on the issue: “We don’t think it’s the right thing to do.”
This May, Illinois legislators passed a password protection bill that amends the state’s existing Right to Privacy in the Workplace Act. As in Maryland, the law would ideally guard both individual privacy and prevent public entities (as well as private companies) from being the subject of any litigation for intruding on individual privacy. During debate over the bill, law enforcement agencies, some of which request social media passwords, expressed disappointment with the bill, saying the practice was important in evaluating job candidates. The need to secure personal privacy, however, trumped those concerns. “What would be next?” asks Illinois Rep. Ford, the bill’s sponsor. “We want the PIN for your online bank account? I don’t think anyone ever thought about asking for someone’s password for their ATM card.”
State action has also honed in on public officials themselves, or people acting in an official capacity, such as jurors. According to the National Center for State Courts, at least 12 states currently include explicit warnings about inappropriate use of social media in their jury instructions. In New York, for example, the jury instructions read: “You must not communicate with anyone about the case by any other means, including [on] social websites, such as Facebook, Myspace or Twitter.”
In August 2011, California became the first state to formalize the practice in its state code. Juror instructions have been updated, and state law now requires the officer in charge of a jury “to prevent any form of electronic or wireless communication.”
State high courts have confronted the problem in recent decisions. The Arkansas Supreme Court was forced in December to throw out the murder conviction of Erickson Dimas-Martinez, who was accused of robbing and killing a teenager, after the defendant’s lawyers discovered that one juror had been tweeting about the trial. In the most grievous breach, the individual announced that the jury had reached a verdict one hour before that news became public. The court cited juror misconduct when granting Dimas-Martinez, who had been sentenced to death, a new trial.
“Because of the very nature of Twitter as an online social media site, Juror 2’s tweets about the trial were very much public discussions,” wrote Associate Justice Donald Corbin. “Even if such discussions were one-sided, it is in no way appropriate for a juror to state musings, thoughts or other information about a case in such a public fashion.” Corbin also recommended that the Arkansas Supreme Court Committee on Civil Practice consider restricting jurors’ access to their mobile phones during a trial.
In Massachusetts, the state Appeals Court this May directed judges to do a better job of explaining to jurors that they cannot post to Facebook and Twitter details about cases they are hearing. The court also urged judicial officers to monitor jurors’ social media postings during trials when possible.
The court directions stemmed from a 2009 case from Plymouth, Mass., in which the defendant was convicted on 12 counts of larceny. But, as happened in Arkansas, defense attorneys found Facebook posts from two jurors related to the case. In one instance, a juror’s friend responded to a post by saying: “Tell them that you asked all your friends and they think GUILTY.”
The Appeals Court upheld the conviction, concluding that the posts hadn’t influenced the outcome of the trial, but recognized the need for stronger enforcement of state policies on juror use of social media. “Jurors must separate and insulate their jury service from their digital lives,” the court wrote.
As for permanent state employees, a 2010 National Association of State Chief Information Officers (NASCIO) survey found that 14 states had adopted social media policies and another seven had indicated that they were developing guidelines for acceptable use of social networks (the survey has not been updated, but NASCIO’s Charles Robb says that number has only increased in subsequent years).
Even that effort, though, has encountered hurdles. Take the lawsuit challenging the Missouri law that restricted teachers from communicating with students through social networks and other electronic means. The law required school districts to adopt policies that prohibited any such communications unless the conversations were entirely public -- the result of several controversies. In one, a Jefferson City, Mo., teacher’s sexual relationship with a 14-year-old student was uncovered because of 700 text messages the two had exchanged.
The Missouri State Teachers Association argued in the Circuit Court of Cole County that under the law, school employees would be subjected to a “chilling effect on their constitutional rights.” The court issued an injunction halting the law’s implementation two days before it was scheduled to take effect.
Missouri Gov. Jay Nixon then signed legislation that repealed portions of the law in October. The new language more narrowly requires school districts to issue guidance on what would constitute inappropriate communications on social networks. The teachers union still hasn’t dropped its lawsuit against the state, instead waiting to see what kind of policies school districts create.
“If they have a policy that is overreaching, we’ll pursue any avenue we need to, to make sure teachers rights are protected in that particular district,” Todd Fuller, a spokesman for the teachers union, told Government Technology (which, like Governing, is owned by e.Republic Inc.). “If we have to go to the length of suing an individual school district, we’ll do it.”
Meanwhile, the digital culture continues to evolve, bringing with it new challenges and risks. But the key to finding the road to good governance on these issues is for lawmakers to educate themselves on emerging technologies. “The theme of protecting and serving my constituents doesn’t change,” Maryland’s Tarrant says. “Whether it be high-tech or no-tech, I have to look out for them."
This story first appeared in the July 2012 issue of GOVERNING magazine.
