Slack content can make its way into your email inbox. This is something that Slack could and should fix, but it refuses to even explain why it has included these loopholes. Although it states that it will provide advance notice to users of government demands, it allows for a broad set of exceptions to that standard. Slack’s policy in this regard is lacking. When the government comes knocking on a website’s door for user data, that website should, at a minimum, provide users with timely, detailed notice of the request. Slack may fail to notify users of government information requests. But if Slack complies with a warrant, users’ communications are readable on Slack’s servers and available for it to turn over to law enforcement. Slack does require warrants to turn over content, and can resist warrants it considers improper or overbroad. Since Slack can read this information on its servers-that is, since it’s not end-to-end encrypted -Slack can be forced to hand it over in response to law enforcement requests. Slack’s servers store everything you do on its platform. Slack can turn over content to law enforcement in response to a warrant. These are things that Slack could change, and EFF has called on them to do so. Risks With Slack In ParticularĪnd now the downsides. This is also not useful if you are worried about governments or other entities putting pressure on Slack to hand over your information. But Slack does not claim to encrypt that data while it is stored in memory, so it is not protected against attacks or data breaches. This method will protect against someone walking into one of the data centers Slack uses and stealing a hard drive. Slack also stores your data in encrypted form when it’s at rest. Additionally, federal law prohibits Slack from handing over content (but not metadata like membership lists) in response to civil subpoenas. Slack also promises to require the FBI to go to court to enforce gag orders issued with National Security Letters, a troubling form of subpoena. Further, it promises not to voluntarily provide information to governments for surveillance purposes. Slack does require a warrant for content stored on its servers. Slack follows several best practices in standing up for users. Regardless of your situation, it is important to understand the risks of organizing on Slack. Organizations have to balance their own risks and benefits. Meanwhile, Slack is easy, convenient, and useful. We know that for many, especially small organizations, self-hosting is not a viable option, and using strong encryption consistently is hard. This means that if you use Slack as a central organizing tool, Slack stores and is able to read all of your communications, as well as identifying information for everyone in your workspace. The central thing to understand about Slack (and many other online services) is that it fulfills neither of these things. Two things that EFF tends to recommend for digital organizing are 1) using encryption as extensively as possible, and 2) self-hosting, so that a governmental authority has to get a warrant for your premises in order to access your information. We urge Slack to recognize the community organizers and activists using its platform and take more steps to protect them. That results in a sometimes dangerous mismatch between the needs of the audience the company is aimed at serving and the needs of the important, often targeted community groups and activists who are also using it. Slack is designed as an enterprise system built for business settings. In the meantime, this post provides context and things to consider when choosing a platform for political organizing, as well as some tips about how to set Slack up to best protect your community. Slack has yet to support this community in its default settings or in its ongoing design. But many of the people using Slack for political organizing and activism are not fully aware of the ways Slack falls short in serving their security needs. Community groups, activists, and workers in the United States are increasingly gravitating toward the popular collaboration tool to communicate and coordinate efforts. The revolution will not be televised, but it may be hosted on Slack. We have also clarified that granular retention settings are only available on paid Slack workspaces. UPDATE (2/16/18): We have corrected this post to more accurately reflect the limits of Slack's encryption of user data at rest.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |