Some folks are getting riled up over employers asking job seekers for Facebook passwords, others think it might be OK. Me? I think there's a business opportunity being overlooked in catering to employers' concerns about social media.

Monitoring social media is already a business, but that applies to public posts.

Let me be very clear, in almost all situations, I'm against employers asking to monitor or interfere with employees' social media usage outside of work. Monitoring official company profiles is, of course, entirely reasonable. It's also reasonable for employers to restrict usage of social media sites during work hours. But asking to nose into workers' social media usage outside of work is entirely unreasonable for most of the workforce.

As Fredric Paul pointed out last week, sometimes it might be legitimate to request access to nonpublic interactions on Facebook and elsewhere.

I'm not entirely in agreement with the situations that Fredric lists here. For example, my job involves using social media – but there's really no legitimate argument for a publication to ask for access to my nonpublic use of Facebook and other social media. Any concerns that a publication has should be addressed with education, and I'll get to that in a moment.

We're in alignment, as they say in the boardroom, on national security and public-safety issues. If you have top-secret clearance, for instance, it might be appropriate for an employer to ask to monitor your social media use.

One group he misses, however, is high-profile employees that can quickly damage a company's reputation. Here I'm thinking of C-level executives, celebrities, politicians and positions of trust. If you're the CEO of a multibillion-dollar company, it can cause a lot of headaches if something untoward comes out of your use of social media. What's more, given the level of compensation at stake, it's reasonable to ask a C-level executive to provide more access to their personal life than one might ask a $30,000-a-year security guard. If you're giving me an eight-figure compensation package, I might be willing to provide some access to my Facebook discussions to ease your mind about whether or not there's a scandal brewing.

Show me a system that can monitor social media traffic with very little human intervention, and no involvement from anyone at the employer unless there's a possible infraction, and it might be acceptable.

The tl;dr version is this: While it might be nice to say this is an all-or-nothing issue, it's not. There's a gray area where employers have some legitimate reasons for wanting access, even if most of the time it's overreaching to ask.

Training for Employees and Employers

One business opportunity for addressing concerns is social media education. Instead of monitoring or snooping on employees, organizations should be educating their employees on acceptable and unacceptable behavior on social media.

Before companies take a heavy-handed approach to trying to play Big Brother, they should talk to their employees about what their expectations are. What's permissible to say or share on Facebook, even if it's not directly in public view? What, in short, is going to get an employee fired if it becomes public?

The flip side of this is educating employers on social media. Employers need to understand what they can, and can't, control via social-media monitoring. Education could go a long way in correcting some of the wrong-headed ideas that hiring managers and human resources have toward Facebook and social media.

Let's say requiring Facebook passwords becomes common. A lot of folks are going to be looking to create two accounts – one for their employer, one for real life. (Bonus: You can save time and effort by friending your parents using your work account, saving headaches at home and the office...)

But employers need to realize that the conversations and information passed on Facebook is not unique to Facebook. Employees have been talking and passing information around via email, phone, and even (gasp) face-to-face communication. You cannot have perfect control over what employees say and do, even during business hours. Get over it.

Password, Schmassword: Use OAuth

Facebook has already reminded users that it's against its terms of service to share a password with employers. Facebook says "you will not share your password... let anyone else access your account, or do anything else that might jeopardize the security of your account."

However, Facebook has no problem allowing applications to access user data with OAuth authentication.

So here's a perfect business opportunity for some savvy Facebook developer. Write an application that gives an employer access to a Facebook account without having to turn over the password. Job applicants and employees can grant access to the application without turning over the password. More importantly, they can revoke the access at any time.

Monitoring

Some companies already offer services monitoring public posts by employees, and if I'm not mistaken there's software for monitoring email communications too. It wouldn't be difficult to extend the model to monitoring nonpublic communications as well.

Would I turn over my Facebook password or even give permission to an application that allowed an employer the ability to view my posts on Facebook that aren't marked public? Hell no. (Barring the C-level salary mentioned above, at least.)

Would I give permission to an application monitored by a trusted, audited third party that looked for very specific infractions? Maybe. Show me a system that can monitor social media traffic with very little human intervention, and no involvement from anyone at the employer unless there's a possible infraction, and it might be acceptable. But it would have to be audited by an organization users can trust. I'm thinking the Electronic Frontier Foundation (EFF), though I'm not sure they'd sign off on any system that monitors users even if it was well-designed to protect privacy.

In the end, it might be too much trouble and cost to do this kind of monitoring right. I'm OK with that, too. If employers want to snoop that deeply into employees lives, it should be expensive and it should require a maximum of care to protect employees. Employers shouldn't be able to do it lightly, and most employees should never face a request for their nonpublic communications anyway. But if the demand is really that great, there's a business opportunity just waiting to be snapped up.