Thursday , February 25 2021

Can my boss read my Slack messages ?, Recode

  

                                 

  

Is Slack good for actually getting your work done? That’s debatable

. But the popular messaging platform – which now boasts more than million daily active users

– is definitely a promising medium for employers, regulatory agencies, the government, and even hackers seeking a trove of data about a company and its workers. Even your coworkers could find out more about you than you might expect.

Yes, your employer can get to your private messages. They’re not the only one.

First off, employers aren’t necessarily going through your messages to snoop on gossip.

“The company may have a duty to preserve and produce that information if you’re part of a lawsuit , ”Explains Brad Harris, the vice president of product at Hanzo, a company that provides a third-party, data-preservation app that works in conjunction with Slack. “The company may also want to do internal investigations, and through their privacy policies and acceptable use policies, have the right to look at your information.”

Harris added, “Companies have traditionally had that [right] with email.”

Whether and how your boss can export yourprivate messages and private channels

depends on a few factors. If your employer is using Slack’s free or standard plan – you can check this by going through the drop-down menu under your name on the app

They need Slack’s go-ahead, meaning the company will review your employer’s request and, if approved, allow the employer to conduct a one-time export. The messaging platform says it will provide that content if a company has gained employees’ consent, if the company is following a “valid legal process,” or if there’s a “right or requirement [to do so] under applicable laws.” For instance, employees in the European Union have the (right to certain data collected about them by their employers (under the) General Data Protection Regulation (GDPR).

Companies using a Plus plan also need to apply for approval from Slack to export private communications, but the company can continue using the feature until they decide to turn it off.

Keep in mind that the data downloaded by an employer isn ‘ t a mirror image of the actual Slack platform. Instead, workplace data is delivered in ZIP files, which contain a type of data-storing file called JSON. That means content comes up in long lines that resemble code, and includes message text, information about reactions, and even edit history (that’s right, your company could (retain

your deleted (messages). You can see what that data actually looks like on Slack’s website , and if you want a quick profile of what data your company might be keeping, go to [yourorganization]. slack.com/account/workspace-settings#retention. It’s also possible that your employer has invested. In a higher-level plan, like Enterprise Grid. Those plans work with third-party apps like Hanzo

that allow employers to store messages and other information

. Companies may need to consistently preserve electronic communications for review by regulatory agencies, such as the Securities and Exchange Commission (SEC)

and the (Financial Industry Regulation Authority) . Still, Slack expects employers to follow employment agreements, corporate policies, and any relevant laws. “For employees, an employer’s rights to access your data are controlled by your employment agreement and by the laws that govern that – not by Slack,” said a Slack spokesperson in an email. “Employers ultimately own their company’s Slack data and are responsible for complying with the laws that govern how they access that data.” it’s worth keeping in mind that there’s always the

manual approach

to surveilling employees’ electronic communications: booting them from their computers while their Slack accounts are still logged in . One boss described this technique in a Y Combinator thread about the investigation of an intern harassment problem. Law enforcement and legal processes can get your Slacks, too

One route to your private Slack messages being revealed? A lawsuit. Let’s say you’re suing your former employer for sexual harassment. If you think there’s evidence that could help prove your case on Slack – inappropriate messages from your boss, for example – you can fight for those records to be legally “discoverable,” meaning your old company will have to produce them. Discussion of Slack data can come up in all sorts of complaints, as it did as part of (one

) class action lawsuit

against the game developer (Activision Blizzard) . Discussion of Slack data also came up in a lawsuit against the California-based lighting fixture company Lamps Plus

. The government might also want Slack data as part of other legal processes.

In its most recent (transparency report

(which was published this week and covers all of 003418, Slack says it received . requests from US government entities for both content and metadata, including through search warrants, subpoenas, and civil subpoenas. Only nine of the requests for (content data were fulfilled by Slack, but in cases, the company provided government entities with other, non- content data, such as information about the date, time, and identities of senders and recipients of messages and files. Keep in mind, those numbers are pretty small; the company said in its last earnings report that it had more than , organizationspaying for its service, and customers can also use the platform for free. Slack also says it will consider “national security requests,” though the company says it has yet to receive any. Slack has, however, granted one request for non-content, user data stored in the US from an unnamed foreign government as part of following a mutual legal assistance treaty.

Meanwhile, if you actually work for the government, it’s possible that your Slack communications are records subject to Freedom of Information Act (FOIA) requests. FOIA is a law that allows nosy members of the public and journalists to request records about government activities, and the government must respond to those requests (within 50 business days

. FOIA requesters appear to have successfully asked for other

Slack-related data, such as a list of team domains used by the government (General Services Administration) . We couldn’t immediately find an example of when a US FOIA request has led to the release of Slack messages from within a government agency (though

some have tried

, if only because it’s unclear how many local, state, and federal government workers are using Slack. But a search of a federal contracts database reveals that the Department of State , the Department of Defense

, the Department of Health and Human Services , and apparently the “Ebola team” at the US Agency for International Development have all bought technology from the company; the platform has also was reportedly used by NASA

. Slack is also being used by a unit of technologists – (called the US Digital Service – based in the president’s office. Your coworkers can also get info on you, though it may not be that interesting Do you just have a regular employee Slack account? You can still get some (relatively benign) info on your coworkers via Slack. The first thing you should know is that you can still read all the messages and files that have been posted in public channels before you arrived (unless they’ve been deleted). Some companies might have content on their Slack systems set to auto-delete regularly, and those deletion periods can be as short as one day

. (But there’s a bit you can do through Slack’s

Analytics tab

(go to [yourworkspace]. Slack. com / stats). There, you can see how the percentage of messages – and views – are distributed in direct messages, private channels, and public channels on any given day. In a large office, it’s not clear if this information would tell you much, but in a smaller company, these statistics might be a way for a boss to check whether there’s been a spike in people talking privately. Another interesting thing you can find out through Slack Analytics is which of your coworkers has sent the most messages of all time or in any given month, though it’s unclear how useful these stats are . It’s important to remember that even if your coworkers or even your boss might not have easy access to your private Slack messages, there’s still a lot they can learn about you based on your profile, like your time zone, your contact information, phone number, location, and social media (you might volunteer this information on the platform). You could also find their member ID number, which might not be too revealing, and files that they’ve sent by clicking through on their individual profile, which would potentially be more revealing. Your employer and coworkers alike can also figure out whether you’re online, depending on your settings. That little green light? You can manually turn it off. If you don’t, Slack tells you if and when you’ll appear as “Active,”

depending on what device you’re on and how you’re using it. Whether you’re actually working hard is entirely up to you. Whether or not your company Slack offers any privacy is, maybe unfortunately, up to your employer.

Open Sourced

is made possible by Omidyar Network. All Open Sourced content is editorially independent and produced by our journalists.

(Read More) ()

About admin

Check Also

Why 168,149 Valentine’s day text messages arrived in November, Ars Technica

Why 168,149 Valentine’s day text messages arrived in November, Ars Technica

SMS arrives 9 months late — Vendor's text-message server failed on February 14, got reactivated yesterday. Jon Brodkin - Nov 8, 2019 6:29 pm UTC Aurich Lawson / GettyDid you get a Valentine's Day text message on November 7? If so, you can blame a company called Syniverse, which provides text-messaging services to major mobile…

Leave a Reply

Your email address will not be published. Required fields are marked *