When Elon Musk bought Twitter, he also bought a treasure trove of internal Slack messages. Just three days into his tenure, he exercised that access, tweeting a Slack message that Twitter safety and integrity head Yoel Roth sent in May.
Wachtell & Twitter board deliberately hid this evidence from the court. Stay tuned, more to come … pic.twitter.com/CifaNvtRtt
— Elon Musk (@elonmusk) October 31, 2022
The tenor of Twitter’s Slack changed overnight with the acquisition, a current Twitter employee told Protocol. Formerly outspoken employees fell silent. Submitting a tough question for “ask me anything” town halls became unthinkable.
“We definitely talked about Elon command+F-ing ‘Elon Musk,’” the employee, who requested anonymity to protect against retaliation, said. “A group of us were saying, ‘Oh shit, what did I ever say about Elon Musk on Slack?’”
Twitter did not respond to a request for comment. Slack declined to speak on the record.
In the days of the in-person office, the new company leaders may have had to set up discreet conference room confabs to get the full workplace scoop. In the world of remote work, Slack and Microsoft Teams messages are accessible and ripe for the picking. Idle gossip in the hallway has turned into direct messages to your team of co-worker confidants; personnel changes, once announced during town halls, became blasts in the #general channel. The good, bad, and ugly of the working world lives inside a single, searchable workplace app — which is why Slack, often the chosen tool of Silicon Valley, becomes the main character in workplace meltdowns.
Slack creates transparency, but with that transparency comes an inherent lack of privacy. Nothing can stop co-workers from taking screenshots or bosses from infiltrating private channels. In Twitter’s case, the new leadership is getting a taste of the Slack panopticon as well — engineers from Musk’s other companies (which use Teams instead of Slack) initially created public channels that Tweeps quickly found. Slack channels are not private by default.
“I don’t think many people predicted that — which is obvious in hindsight — the new owner would start combing through past messages once the acquisition went through,” former Twitter software engineer Manu Cornet told Protocol. “I certainly wasn’t smart enough to think about that. Some might, but we’ll never know because they were smart enough to keep quiet.”
Why we expect privacy on Slack
Slack, resembling the instant messaging of our personal lives, lulls some into a false sense of security. It feels more casual and ephemeral than email.
“When you're texting a friend or co-worker versus when you're emailing somebody, you assume the texts are mostly private,” said Anshu Sharma, CEO of data privacy platform Skyflow. “That's how all these people get in trouble. Slack feels like texting to people, especially direct messages.”
But direct messages and even deleted messages are accessible to employers if they seek that data out. “Someone can request direct messages from Slack if they have the right administrative privileges,” said Patricia Thaine, CEO of privacy software company Private AI. “This is all within their right because there is no real privacy law protecting employee data, unless it’s health care data.” Even if a company admin set up a 90-day Slack purge, a copy of this data might be accessible to a CIO.
A cursory command+F search of public Slack channels is an easy lift, and might yield useful information. Matt Haughey, a web designer and former senior writer at Slack, said one of his first moves as a new hire at the company was to search for his own name. The effort of scouring the entirety of a Slack workspace is another story, and not worth it for most employers. Of course, Musk isn’t “most employers,” but with four other companies to run and Twitter advertisers to woo, scouring Slack likely isn’t his first priority.
“Can my boss read my DMs?” Haughey asked. “Technically yes, but it's a giant pain in the ass and you have to get a massive data dump of everything ever said, and then you have to search for just that channel or person. It's needles in haystacks.”
Despite the potential for surveillance, many tech companies have thriving Slack ecosystems. Twitter was one of them. The company has historically prized feedback and openness in its culture. “We do have a very active Slack,” the current Twitter employee told Protocol. “A lot of people say things that they probably shouldn’t say in general on a company Slack, especially not when someone like Elon Musk takes over.”
Twitter post-Musk quickly became a very different place, where uncertainty reigned and layoffs loomed. Former Twitter employee Cornet, sensing he would soon lose access to his account, created a Chrome extension allowing employees to grab important documents. He then shared the message on Slack, which was ultimately deleted from the channel. Cornet thinks that message contributed to his firing on Nov. 1 (along with his subversive Twitter comics).
One of Manu Cornet's Elon Musk comics.Comic: Courtesy of Manu Cornet
Cornet might not be the only one whose Slack messages got them in trouble. Musk has access to critical and sensitive communication that could have helped him decide who to dismiss in Friday’s layoffs, though the current employee Protocol spoke to is doubtful Slack messages played a role.
“With how massive these layoffs were, it feels like there’s no rhyme or reason to it,” the employee said. “Honestly, if he was doing that, I would have been laid off.”
Your Slack messages aren’t really yours
The law is pretty clear when it comes to workplace messaging: Companies own all communications taking place on company-sponsored platforms. Lee Adler, a professor with Cornell’s School of Industrial and Labor Relations, said while it’s illegal for companies to forbid discussion of organizing, for example, the record of those discussions still belongs to the company.
“The workplace privacy that workers might have — unless they are protected by specific laws like the [National Labor Relations Act] or an analogous state law — in the digital archives of the ‘selling’ company is virtually none, in a union or non-union company,” Adler told Protocol.
Lynne Hook, an employment lawyer who has led company investigations that dredge up employees’ messages, reemphasized that workers should have no expectation of privacy. Employers typically make this clear in employee handbooks, though Hook recommends reiterating it during live onboarding sessions too. Employers’ reach can actually extend beyond Slack and into personal text messages, depending on the legal situation.
“If employees are engaging in workplace discussions — particularly discriminatory or harrassing or illegal workplace discussions — on their personal devices, an employer can actually reach that if necessary,” Hook said.
If workers have little control, what about executives? It’s highly unlikely that outgoing leaders would decide of their own volition to delete or protect sensitive Slack data. At Twitter, a Slack setting automatically forbids employees from deleting any sent messages, according to the current Twitter employee. That policy, plus the now-moot pending litigation against Musk, means Twitter’s Slack archives likely remain untouched.
In the absence of official communication this past week, Tweeps turned to Blind and Signal for more candid conversation. They crowdsourced information from the accidentally public Slack channels and executive team calendars. Communicating via anonymized or encrypted channels is a common tactic for workers seeking privacy, especially those looking to organize their workplace. Forrester analyst Will McKeon-White recommended employees also avoid using company devices for sensitive conversations.
“If you're worried about sensitive information from your work account being shared out with the organization, that is information that probably should not have been shared on that channel in the first place,” said McKeon-White.
The Twitter acquisition will forever change the way employees at the company communicate — and should remind workers everywhere to think before you Slack. The current Twitter employee told Protocol his messages will be strictly professional from now on. He’s wary of using even Twitter DMs to share personal thoughts with co-workers.
“I have no faith that our Slack is safe,” the employee said. “[Musk] is going to have to prove us wrong there.”