Broad coalition of advocacy groups urges Slack to protect users’ messages from eavesdropping
A broad coalition of technology, civil liberties, reproductive justice and privacy advocacy groups are urging the global workplace collaboration platform Slack to offer end-to-end encryption so that its users’ messages can’t be read by government officials or eavesdropping bosses.
“Right now, Slack is falling short in terms of the most basic guardrails for platform safety and privacy,” a group of 93 organizations wrote in the letter. “At this political moment, this can mean life or death for some people online. We call on Slack to go beyond statements and put into action its commitment to human rights by implementing basic safety and privacy design features immediately.”
Concerns about the security of private messages have come into greater focus in recent years due to a number of factors, including the rise of government use of spyware on activists and dissidents as well as the increased risks posed to reproductive rights after the U.S. Supreme Court overturned the right to abortion last summer. While there are no reported instances of Slack messages being weaponized in these cases, the trove of communications the platform collects from clients ranging from government agencies to activists has made users’ communications a target of both lawsuits and hackers.
The letter from groups such as the Mozilla Foundation and the Tor Project is the latest step in a campaign led by the digital rights advocacy group Fight for the Future that urges messaging companies to adopt encryption. Fight for the Future launched its campaign last year in response to the Supreme Court’s Dobbs decision that ended the constitutional right to abortion, a ruling that led to concerns that abortion seekers’ unsecured communications could be used against them in criminal prosecutions.
In the aftermath of Dobbs, companies such as Meta doubled down on existing encryption efforts. However, Fight for the Future Campaign director Caitlin Seeley George said that Slack, which was named alongside other companies such as Meta, Twitter and Google in the “Make DMs Safe” campaign, hasn’t been responsive to the group’s requests.
The concerns raised by the Fight for the Future campaign aren’t abstract. In the past year, there have been several high-profile cases in which law enforcement used private messages turned over by tech companies to investigate illegal abortion.
“We’re moving to a point where the expectation that communication platforms have end-to-end encryption is becoming the new norm,” said Seeley George. “I think people broadly are a lot more aware and cautious about how they’re communicating with people in part because, unfortunately, we’ve seen cases pop up already where the consequences of not having secure messaging have become really clear.”
Slack has more than 10 million daily users around the globe and is used by a range of entities including government agencies, political campaigns and Fortune 500 companies. The platform does encrypt data in transit. However, user messages are not protected using end-to-end encryption, meaning that workspace administrators or Slack are free to snoop on conversations. Without end-to-end encryption, that data could also be accessed by law enforcement that requests it.
Slack said in a blog post that its policy is to “carefully review all requests for legal sufficiency and with an eye toward user privacy.” According to its last available transparency report, Slack received 31 law enforcement requests between January 1 to December 31, 2021. Five of those requests involved content data.
Ranking Digital Rights, one of the groups that signed the letter, observed that Slack was in the minority when it came to the practices of most global messaging services and instead aligns more closely with Chinese messaging platforms.
The letter to Slack comes amid growing pressure on encrypted messaging services from lawmakers in both the U.S. and abroad. WIRED reported Monday that a leaked European Council document found that the majority of EU countries represented in the document supported some form of scanning encrypted messages with Spain taking the more extreme position of advocating for a full ban of the technology.
In addition to end-to-end encryption, the groups behind the letter are urging Slack to adopt anti-harassment tools such as blocking and reporting features. In the past, the company has said that such a feature doesn’t make sense for a workplace tool. Critics say that the messaging platform is used by a broad array of groups and that workplace harassment on Slack is a well-documented issue that got even worse during the rise of remote work.
Caroline Sinders, a researcher who has been pushing Slack to introduce a block feature since 2019, says that anti-harassment and encryption features are the “seatbelts of online safety.” “We need to shift our thoughts away from thinking of these solely as additional features, but as necessary and required functionality to create and maintain a healthier web,” she said in a statement.
Slack responded to a request for comment from CyberScoop by reiterating its user privacy policies.
“Slack is a workplace communication tool and we take the privacy and confidentiality of our customer’s data very seriously,” a spokesperson wrote in an email. “Our policies, practices, and default settings are aligned with business uses of our product.”
Seeley George said that it’s important to push companies that have come out as pro-choice to follow through with that commitment when it comes to user security. “We can’t and won’t let companies like Slack hide behind good PR moments,” she said. “We really need to push them to go further and really consider safety more holistically.”
Updated May 24, 2023: To include a comment from Slack.