They are getting the credentials by asking the potential employee for them. So it's not without authorization.
Even if they wanted to build a case of coercion or duress they would need the cooperation of the employee to do this. And most importantly what is the specific harm done to facebook by this individual action? If I give you my facebook credentials and you login what damage has been done (to facebook in my specific case)?
If I was the opposing attorney I would raise the issue of whether they police and take action when people share their passwords in other cases. My guess is they have never taken action on something like this in the past.
And as far as changing their TOS what are they going to say? We forbid you from sharing your password with an employer (some might want to do this for some reason) or we forbid you to share with anyone? And if that is the case they have to police all sharing of passwords which, with hundreds of millions of users is simply not going to happen.
Say you let me have a copy of your house key (in case you lock yourself out or sometimes I come in to water your plants maybe watch a little TV and you are cool with both of those). Someone then asks me for the key, and I let them have a copy of it. Do they have your permission to enter your house at all? I sorta think not.
Permission to enter with a key does not necessarily transfer with possession of the key.
How do you get an analogy between a facebook password (which you pick by the way not them) and "copy of your house key"?
The analogy would be you rent a house and are given a key. And then you can give that key to someone else (like the cleaning person). You can also give the key to someone on Airbnb but that might be prohibited by other language ("you can't rent").
Your key example would be "does the employer have the right to give your password (which you gave them) to someone else". The answer to that is obviously "no" unless you told them it is ok to do.
Your Facebook user name and password is exactly like your copy of a key that lets you into their house. Your having picked the character strings used doesn't matter. You are entering their system when you use that key.
Them letting you put a bit of your furniture in their house (i.e. content you own) doesn't mean the house itself is yours. Nor does it mean that your permission to enter their system necessarily transfers to other people even given that you happen to give those other people a copy of the key.
It's probably not productive to use poor analogies here.
Accessing a computer system without authorization from the owner of that system is a crime. Facebook doesn't give authorization for employers to access their employee's accounts on their system, and explicitly forbids their users from transferring their own authorization to others.
As far as I can see, there is simply no way to construe an employer's access as authorized by the owner of the system i.e. Facebook.
"Hey Larry, here's my health insurance card. You can use it, I give you permission."
As soon as you think about this in the context of a paid service, who can grant authorization becomes very clear. The fact that Facebook is providing a free service should not change a thing. It's still their service.
Paid service? An analogy might be a paid hosting service. In that case there is no restriction on who you can give your password to to access say, your, website hosting or domain registration or similar service. Or to make changes or see what is going on there. After all, it's your content. Unless I am missing something which says facebook owns your content once you upload it.
And actually this issues has been settled (you own it):
"You are responsible for maintaining the confidentiality of both your password and your account and are fully responsible for all activities that occur under your password and your account."
Now while 1and1 probably has some language that restricts your ability to resell something (same as you can't resell your cable connection) allowing someone to login (like your web designer?) to view what you have is most certainly not prohibited.
So if your employer said "I want your password to your webhosting account" I don't believe the web host would have standing and/or a cause of action.
>...(you) are fully responsible for all activities that occur under your password and your account
and Facebook's version, which goes:
>You will not share your password, (or in the case of developers, your secret key), let anyone else access your account...
One says you're responsible for whatever happens on your account, the other explicitly says not to share your password. Kind of different, wouldn't you say?
It's worth mentioning that letting randoms into your Facebook account isn't only playing chicken with your account security, you're also playing with the security of everyone you have friended, who implicitly trust that the only person on the account is the person who's name is on it.
That is something you do not have the right to do on an ethical level, let alone a legal one.
The standard for "having standing" legally is quite low: To file a lawsuit in court, you have to be someone directly affected by the legal dispute you are suing about[1].
Is Facebook directly affected? Yes - people access their servers.
Harm, authorization etc etc can all be argued in the case, but there is no doubt at all that Facebook does have standing here.
Even if they wanted to build a case of coercion or duress they would need the cooperation of the employee to do this. And most importantly what is the specific harm done to facebook by this individual action? If I give you my facebook credentials and you login what damage has been done (to facebook in my specific case)?
If I was the opposing attorney I would raise the issue of whether they police and take action when people share their passwords in other cases. My guess is they have never taken action on something like this in the past.
And as far as changing their TOS what are they going to say? We forbid you from sharing your password with an employer (some might want to do this for some reason) or we forbid you to share with anyone? And if that is the case they have to police all sharing of passwords which, with hundreds of millions of users is simply not going to happen.