Slashdot Mirror

← Back to Stories (view on slashdot.org)

Slack Now Letting Employers Tap Workers' Private Chats

Posted by Soulskill on from the will-save-BOFH-the-trouble-of-keylogging-you dept.

itwbennett writes: Chat app maker Slack is hoping to make inroads in the enterprise with a new paid plan that will include an optional feature called Compliance Exports that will let administrators access their team's communications, encompassing public and private messages. The tool is far-reaching, potentially including the edit history for workers' messages as well as messages workers have marked for deletion, if the supervisor so desires.

7 of 79 comments (clear)

  1. Pretty good idea if it is your computer by Crashmarik · · Score: 2

    to still assume it's not private.

    The only secure computer is one that is disconnected from the net, turned off, and cased in concrete and even then I wouldn't be sure.

  2. Discovery nightmare by Todd+Knarr · · Score: 4, Insightful

    I think if I were in Legal I'd nix this instantly as a discovery nightmare in the making. Employees start to say a lot of things, reconsider and rephrase or outright rewrite before sending the message. Often the message they didn't send is exactly the kind of thing the opponent in a lawsuit is looking for and exactly what you don't want to have to give them. If your compliance monitoring application will let you store and view those unsent, often inappropriate or ill-conceived, messages then you're going to have to cough them up during discovery or during any investigation by regulators. Worse, if any of them get out through other channels you've weakened your defense against a claim that you knew or ought to have known about them since they're in your compliance system. Better to only record the stuff that was actually sent and not have to explain your employees' private opinions.

    As far as monitoring of sent messages goes, the first rule is "If you're on someone else's network, they can see everything you do.". Or, to quote Pitr, "God, root, what is difference?". If you're on the company network, don't say anything you don't want the company becoming aware of. If you need to express a private opinion without putting it on the record, do it face-to-face and verbally (especially if it involves an unflattering opinion of someone with the authority to get you fired).

    1. Re:Discovery nightmare by Anonymous Coward · · Score: 2, Interesting

      If your compliance monitoring application will let you store and view those unsent, often inappropriate or ill-conceived, messages then you're going to have to cough them up during discovery or during any investigation by regulators.

      That is exactly the point. The 'compliance' refers to compliance with the regulators/regulations.

      I work for a company that provides call and SMS recording solutions to banks where they can record the phone calls and text messages sent and received by their employees on their mobile phones. This doesn't mean all employees, it's just those in certain positions like traders.

      Doing so is an FSA requirement - banks *must* do this in order to gather the evidence that can prove or disprove that traders are involved in things they shouldn't such as insider trading, libor rate fixing etc. The bank has a team that is responsible for monitoring those communications and preparing reports for the FSA proving they are recording these communications as required (which is essentially showing you have a recording of every call made/received).

      This is just an IM platform catering to that market.

  3. Re:Not a good name for enterprise by Savage-Rabbit · · Score: 2

    Wouldn't "Work Hard" be a better name for your app?

    Product names should be descriptive. How about Quisling? ... or Canary? ... Stool Pigeon? ... Rat? ... Grass?

    --
    Only to idiots, are orders laws.
    -- Henning von Tresckow
  4. Re:We need communism by Zontar+The+Mindless · · Score: 2

    Most Americans wouldn't recognise a welfare state if it walked up to them and and handed them its ID.

    --
    Il n'y a pas de Planet B.
  5. Re:Chat is terrible hellscape by SeaFox · · Score: 2

    Sure, XMPP exists, but nobody uses it.

    My employer does. It's the official office chat platform. The workstations come with Miranda on them and it's run from a network drive so your profile roams with you.

    If IRC and XMPP are ever going to be competitive with the new proprietary guys in town, it needs to get competitive on the usability front.

    Why must everything be a competition to gain share? IRC isn't going anywhere. The people using IRC now are using other chat clients along side it. Or they aren't. There's no reason XMPP or IRC can't continue to exist in their own little niches just because more people use Slack/Skype/$currenthypedmessagingprotocol. People still use newsgroups for crying out loud, and mailing lists, when web messaging boards give a better experience.

    All these newfangled proprietary chat platforms mean to IRC users is something to distract Joe Sixpack and keep him from creating another Eternal September in their backyard. They don't give a flip if they're "winning" any imaginary war with Slack.

  6. Re:If it's not your computer by TheCarp · · Score: 2

    it is, though, I think this is amusing in a way as, where I work we have an internal messaging solution, but we are actually expressly forbidden from turning on logging because well...if we are using im for work, then likely important and confidential information goes over that channel, which is fine being both internal and encrypted to the endpoint but.... if we log, it means that information sitting around in logs, which is a liability since it would be yet one more source of confidential information that has to be protected.

    It sounds to me like anyone using this is exposing themselves, and their employees to unnecessary risk.

    --
    "I opened my eyes, and everything went dark again"