More than 90 organizations have signed a letter addressed to Slack asking for end-to-end encryption to be made available on the communications and online collaboration platform, with lobbyists expected to descend on the company’s offices today in an effort to raise awareness.
The request, which has been backed by the likes of Mozilla and Tor, details the breadth of users asking for better security:
“We are activists organizing for change; journalists who communicate with sources and about sensitive stories; nonprofits providing care and support for our communities; companies that need to streamline our processes and share ideas; students, creators, gamers, alumni, artists, athletes, and other communities that use the Internet to connect with people all over the world.”
Popular opinion: Slack needs E2EE`
The group cites a 2015 article by Vice urging Slack to introduce end-to-end encryption and other old work by journalists and privacy experts, arguing that the Salesforce-owned company is instead prioritizing profits.
As well as a lack of encrypted messages, which can see hackers and law enforcement gain unauthorized access to users’ DMs, the consortium also raises concerns over the lack of blocking and reporting tools that should be there to help protect users from abuse.
Currently, users seeking encrypted messaging will typically be using WhatsApp or Signal, two of the most well-known platforms to employ the privacy measures, however other companies have spoken out about their commitment to using encryption in the future such as Facebook Messenger.
Slack told TechRadar Pro:
"Slack is a workplace communication tool and we take the privacy and confidentiality of our customer’s data very seriously. Our policies, practices, and default settings are aligned with the business uses of our product.
By default, Slack encrypts data at rest and data in transit for all of our customers. All our plans offer customizable retention settings, where customers can automatically delete messages and files after set periods of time. We also offer EKM (Enterprise Key Management), a security add-on for Slack Enterprise Grid that allows organizations to manage their own encryption keys using Amazon Key Management Service (KMS).
Slack will not share customer data with government entities or third parties unless we’re legally obligated to do so – and we make it our practice to challenge any unclear, overbroad, or inappropriate requests.
We’re always evaluating our security practices and the best options to protect data on Slack so that we meet our customers’ needs and provide an excellent product experience."
- Here are the best firewalls to add an additional layer of security