Slack – a US software giant offering a workplace collaboration tool to millions of enterprise users – is firmly standing its ground against introducing end-to-end encryption to the service.
Given the potentially highly sensitive nature of communications, including confidential files, exchanged on the platform every day within a huge number of companies now utilizing the collaboration tool – the stubborn perseverance in rejecting making this information protected through end-to-end encryption may seem baffling.
However, Slack has long since argued that this type of encryption – storing encryption keys on devices used by individuals, thus securing access to their communication only to their intended recipients – was not their way.
In the past, the decision was explained as Slack’s desire to accommodate its paying, enterprise customers – even though, ironically, this kind of lax approach to security might end up hurting precisely those clients in the long run.
Convenience and ease of use were cited in the past as the reason not to consider end-to-end encryption – instead, Slack introduced last year its encryption key management (EKM) that surrenders control over the keys used to encrypt and decrypt data to enterprise customers.
But now Slack is offering yet more security solutions to its customers who have a lot riding on that security – however, end-to-end encryption is still not among the features.
Slack reiterates that it sees this communication security standard as something “adversely affect the user experience” – and moreover, there allegedly hasn’t been much demand for the feature.
“If we were to add E2E encryption, it would result in limited functionality in Slack. With EKM (encryption key management), you gain cryptographic controls, providing visibility and opportunity for key revocation with granularity, control and no sacrifice to user experience,” the company said.
However, Slack is at the same time trying to ramp up its image as a secure app acceptable in the workplaces of some of the world’s largest companies – who certainly have many things “to hide.”
In early July, the Electronic Frontier Foundation (EFF), a leading online digital rights group, had published an op-ed in the New York Times blasting Slack for their poor privacy practices – including the company “retaining all messages forever by default and not giving individual users, particularly those using its free accounts, enough options to control their own data themselves.”
EFF’s associate director of research Gennie Gebhart called out Slack in the article for storing everything its users do “by default – your username and password, every message you’ve sent, every lunch you’ve planned and every confidential decision you’ve made.”
And Slack’s privacy policy says that only paid customers get the privilege of managing data retention – but even they still can’t count on having the privilege of end-to-end encryption on the platform.