Security

Stay out of Bozeman

Bozeman, Montana has some disturbing city employment application requirements. The effects of those requirements might be more important than you think.

Perhaps part of the problem with governmental violations of privacy in the United States is the public's insatiable thirst for private information about its politicians. Whenever someone runs for President, you can expect a lot of information to get dug up about his or her sordid past, and the press feeds not only this thirst for private information but also the public perception that it has a "right" to know about these things. It has gotten to the point where nobody (sane) runs for public office without simply accepting the notion that the details of his or her private life are going to be subject to public scrutiny.

I am the last person to argue against governmental transparency. In general, policy should not have to be secret for it to work. Just ask Claude Shannon, the Father of Information Theory: Shannon's Maxim states "The enemy knows the system." He was saying that, in security, one should never rely on the secrecy of policy or process to ensure security.

Shannon's Maxim was just a more recent, generalized, and pithy formulation of the same ideas embodied in Kerckhoffs' Principle: The design of a system should not require secrecy and compromise of the system should not inconvenience the correspondents. This principle is one of six principles of practical cipher design articulated by Auguste Kerkhoffs in La Cryptographie Militaire, arguably one of the most important documents on the subject of cryptography ever written.

As I pointed out in Public officials and private lives, though, there may be a connection between the desire of the American public for the sordid details of the lives of public officials on one hand, and the growing prevalence of privacy violating policy and legislation in US government on the other. Ironically, much of this systematic violation of the privacy of millions of US citizens and other residents is being done in the name of national security. This flies directly in the face of the simple, unavoidable fact that privacy is security.

In City wants job applicants to turn over Facebook user names and passwords, Toni Bowers reported a recent revelation about Bozeman, MT city hiring practices, which read like something out of an Orwell novel. She quoted cbsnews.com:

The Rocky Mountain city instructs all job applicants to divulge their usernames and passwords for "any Internet-based chat rooms, social clubs or forums, to include, but not limited to: Facebook, Google, Yahoo, YouTube.com, MySpace, etc." Bozeman city officials say that this is just a component of a thorough background check.

As pointed out in a quote from attorney Kevin Bankston, this essentially makes employment by the city of Bozeman conditional upon waiving First Amendment rights and relinquishing any control over your own online security. The easy answer seems to be to never seek employment with the city of Bozeman, of course — but this may be relevant to the question of living in Bozeman too, or even of visiting. Consider the points I brought up in my examination of the way the American public treats the privacy of public officials. Here, we are not just talking about elected officials getting the "no privacy" treatment. We have gone well beyond that, and are now talking about every single employee of the city having his or her online privacy and security violated as a routine part of the hiring process.

Consider the kinds of people who would accept this kind of intrusion into their lives just to get an entry-level city bureaucrat's job. How many of these people are likely to have any regard for your privacy at all? Consider what this says about people tasked with teaching your children if they attend Bozeman's public elementary schools. What values will they instill in the impressionable minds for whose education they are responsible?

Regardless of whether a candidate for President, or a current President, should have to regard his or her entire life as an open book, I quite simply believe that the way Bozeman, MT handles its hiring process is beyond all reason. If the United States is, as some claim, on its way to becoming a police state, it seems Bozeman is in the race to get there first. Considering that most of Montana seems to be solidly grounded in principles quite antithetical to this kind of intrusive insanity, the mind must boggle at the audacity of Bozeman officials' disregard for simple standards of human decency.

I, for one, will never give up the passwords for even the most trivial online Website logins as a condition of employment. Any prospective employers will have to sift through network traffic for the passwords to sites that do not use encrypted connections for authentication, just like any other malicious security cracker — and make no mistake, I do regard this behavior as malicious.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

Editor's Picks

Free Newsletters, In your Inbox