How would giving them read-only access be significantly better than the current situation of them demanding read-write access? They aren't asking so they can pretend to be you, they're asking so they can snoop on what you've posted that isn't public..
Because they don't need write access. It's a basic principle of security to only give people the access they need -- it keeps them honest, and protects you if they're dishonest or incompetent (or both).
What they should get is actually a snapshot, attested to by Facebook, of the configuration of the facebook account (data export/data dump) from a time chosen before you applied for the clearance, assuming Facebook could reconstruct that. That way I can't remove my anarchist/communist party friends; they could ask for a snapshot randomly selected in a 0-7 or 0-10 year interval beforehand.
I actually trust Facebook security (and my personal password management and computing environment) to be secure against accidental disclosure MORE than I trust OPM or the OPM contractors who do clearance investigations, and certainly more than the shitty credit check plus type investigators most private firms, state/local agencies use. So, giving long-lived access to my facebook profile (or password) would be a bigger cost than just giving them the data. (There have been several cases of laptops without full disk encryption going missing...) Incidentally, it might be interesting to note that most security clearance investigations are actually processed almost entirely by contractors working for the government, not by GS employees, since sometime in the 1990s.
I still don't believe in asking for or giving out FB profile info (beyond "make sure your public facebook profile is professional", for a public-facing role; that seems pretty reasonable to me, although what you have in your friends-locked area is up to you), but if you're going to do it, do it right.
There are already cases where people consent to credit and background checks (fairly thorough; talking to neighbors, friends, etc. at length, for 7-10 years). These are voluntary checks for high level security clearances with the government.
I don't think it's unreasonable to include online social networking profiles in that.
Similarly, a court order should be able to get all the data from a profile, but not to allow the government to masquerade as you by logging in and actively communicating with others.
This has all been debated during the "key escrow" debate period; even the government wasn't able to make an argument for signing key escrow, only encryption key escrow. It's the same issue with a profile.
(I am generally against key escrow, but eliminating some classes of keys from the debate off the bat was a useful strategy then; it would be more useful now.)
> There are already cases where people consent to credit and background checks (fairly thorough; talking to neighbors, friends, etc. at length, for 7-10 years). These are voluntary checks for high level security clearances with the government.
The SSBI is not significantly more thorough than has become common for many private employees, and doesn't find, attempt to find, or care about a great deal of the personal information that may be found in a Facebook profile.
> Similarly, a court order should be able to get all the data from a profile, but not to allow the government to masquerade as you by logging in and actively communicating with others.
Facebook has been providing information in response to court orders for years, but does not provide the ability to masquerade as the user.
