90+ orgs tell Slack to stop slacking when it comes to full encryption
Protests planned for Wednesday in San Francisco and Denver
A coalition of 90-plus groups, including Fight for the Future and Mozilla, will descend upon Slack's offices in San Francisco and Denver on Wednesday to ask on the collaboration app to protect users' conversations via end-to-end encryption (E2EE).
The groups include digital and racial justice organizations, pro-abortion lobbyists, and security-focused businesses. Protestors will carry — and sometimes drive — mobile billboards and digital signs while wearing "Make Slack Safe" tee-shirts.
According to the rally's organizers, in post-Roe America, the communication app is not safe. And it won't be until Slack offers E2EE as well as blocking and reporting features to help protect users from harassment, they claim.
"Millions of people use Slack every day to do their work, volunteer, and connect with communities online — including abortion funds and reproductive rights groups that are being targeted by anti-abortion efforts," Caitlin Seeley George, Fight for the Future's campaigns and managing director, told The Register.
"And the company has shrugged off questions about offering end-to-end encryption in the past, saying they don't think their users want it," she added.
Last week, Fight for the Future organized an open letter signed by the 90-plus organizations participating in the protest. The document urges Slack to implement these security and privacy features to prevent governments from using the service for evil.
"In the US and around the world, governments are using data and digital communications to target human rights defenders and people exposing human rights violations, including political nonprofits, activist networks, journalists," the letter states. "For many of these groups and individuals, Slack is an absolutely vital communication tool, but it could also become the basis of government targeting, repression, censorship."
These issues become especially pressing in the USA, as following the Supreme Court's reversal of Roe v Wade private communications can be used to criminalize abortion seekers, Seeley George added.
"Every day that Slack fails to offer end-to-end encryption it puts abortion seekers, providers, and facilitators in danger, which is why we're making a major push to get the company to address this security issue and protect its users," she said.
Slack slacks back
Slack, for its part, says despite the lack of E2EE, "we take the privacy and confidentiality of our customer's data very seriously. Our policies, practices, and default settings are aligned with the business uses of our product," a spokesperson told The Register.
In an emailed statement, the spokesperson described Slack's policies thus:
"By default, Slack encrypts data at rest and data in transit for all of our customers. All our plans offer customizable retention settings, where customers can automatically delete messages and files after set periods of time. We also offer EKM (Enterprise Key Management), a security add-on for Slack Enterprise Grid that allows organizations to manage their own encryption keys using Amazon Key Management Service (KMS).
Slack will not share customer data with government entities or third parties unless we're legally obligated to do so – and we make it our practice to challenge any unclear, overbroad, or inappropriate requests.
We're always evaluating our security practices and the best options to protect data on Slack so that we meet our customers' needs and provide an excellent product experience."
Slack declined to answer specific questions about its plans — or lack thereof — to enable E2EE.
- Meta, Twitter, Apple, Google urged to up encryption game in post-Roe America
- International cops urge Meta not to implement secure encryption for all
- US bill to protect reproductive health data is dead. Here's why you should care anyway
- Google sued over 'interception' of abortion data on Planned Parenthood website
E2EE, when properly implemented, prevents anyone other than the parties to a private conversation from accessing its content. This includes the platform provider, which means that even if Slack were served with a subpoena to hand over messages, the content of these communications would remain encoded.
Fight for the Future and other digital privacy advocates have been beating this drum for years, and it's become louder since the 2022 Dobbs decision that the US Constitution does not include a right to abortion.
Some messaging platforms seem to be listening. Both Apple and Meta have promised to provide more E2EE this year: Apple for most of its iCloud services globally (offer unlikely to apply in China,) and Meta has committed to default E2EE on both Messenger and Instagram — despite strong objections from the FBI and other international law enforcement agencies.
Meta's WhatsApp platform, for the record, has long used E2EE by default. Signal always has.
Google has also expanded its end-to-end encryption for Messages and client-side encryption for some Gmail and Calendar users.
"A lot of these platforms are making progress," Seeley George said.
And then there's Slack. By name, and currently by choice, too. ®
Biting the hand that feeds IT
