Attention, Feds: Your Slack Messages are Subject to FOIA

jdwfoto/Shutterstock.com

If you work for a government agency, your taco emoji are federal records.

In offices the world over, email servers are gathering dust as workers flock to group instant-messaging platforms to communicate.

Slack, one of the most popular platforms, lets users in a team send messages to one another, individually or in groups. It plays nicely with other online services, a feature which has helped it take off among media and technology companies. The company says its platform has attracted more than 2 million active users—including hundreds here at The Atlantic—and it’s valued at nearly $3 billion.

Recently, the government, which often lags behind on technology, has begun to catch on. According to Slack CEO Stewart Butterfield, the General Services Administration, NASA, and the State Department are all experimenting with using Slack for internal communication.

The move is a potential boon to government productivity (notwithstanding the tide of emoji it will likely bring into the work lives of our nation’s public servants). But it could also be a threat to a vital tool for government accountability.

Emails sent to and from most government accounts are subject to Freedom of Information Act requests. That means that any person can ask a federal agency to turn over emails sent to or from government email accounts, and the agency must comply—unless protected by one of nine exemptions, which cover classified material, trade secrets, and information that would invade personal privacy if released. (A FOIA request filed by Jason Leopold of Vice News resulted in the release of tens of thousands of emails from Hillary Clinton’s time as Secretary of State.)

Calls to the FOIA offices of GSA, NASA, and the State Department inquiring about their policies with regards to Slack messages went unreturned. But a document posted last July by the National Archives and Records Administration mentions Slack specifically, and lays out guidelines for archiving electronic communications.

To find out how the policies will actually be carried out, one FOIA enthusiast is testing the government’s readiness to comply with requests for Slack messages.

Allan Lasser is a developer at MuckRock, a website that helps its users send and monitor FOIA requests. Earlier this month, he sent a request to the Federal Communications Commission, asking the agency to reveal a list of teams that use Slack to communicate at work.

If he’s successful, Lasser wrote to me in an email, he’ll be able to search for the names of the specific Slack channels and groups that the FCC has set up, and can tailor a follow-up FOIA request for the actual messages he wants to see.

So why is Lasser going after FCC employees’ work-related communications? He was motivated by the same reason that set me out to write this story: to find out if and how Slack and the federal government have thought about how to deal with FOIA requests. The FCC is generally up with modern technology and has been responsive to FOIA requests in the past, Lasser said, so he chose that agency as his proving ground—even though he’s not sure if they use Slack. (His request is unlikely to succeed: An FCC spokesperson said the agency does not use the program.)

“It’s important that we set high expectations and a clear path for requesting Slack data from agencies,” Lasser wrote to me. “Slack is becoming a de-facto tool for internal workplace communication, so this is a situation where we can really get ahead of the government in setting clear expectations for record retainment and disclosure.”

Slack, for its part, is trying to make it easier for organizations to comply with strict document-retention requirements. Usually, the lead user of a group that uses Slack is allowed to export a transcript of all messages sent and received in public channels and groups. But a change the company made in 2014 allows organizations to apply for a special exemption that allows them to export every message sent and received by team members—including one-on-one messages and those sent in private groups.

A spokesperson for Slack said the extra export capabilities were designed in part to allow federal agencies to comply with FOIA requests, in addition to helping financial-services companies that have to follow strict message-retention rules, and companies that are subject to discovery in litigation. The spokesperson would not share the number of organizations that have applied for the special export program, saying only that it represented “a small percentage of Slack customers.”

The federal government has made note of the special allowance. “Slack functionality has the potential to provide improved searchability for FOIA purposes if implemented appropriately within agencies, and with adequate records management control in accordance with NARA’s regulations,” said a spokesperson for the National Archives.

I could find no record of a completed FOIA request in the U.S. that targeted Slack messages. But in November, an Australian news website called Crikey successfully filed a freedom-of-information request for Slack messages sent between employees in a government agency focused on digital technology.Crikey got back a 39-page transcript of Slack messages exchanged on October 8, 2014, in an apparently public channel.

The Australian government redacted Slack usernames to protect employees’ privacy, but the transcript still reveals the day-to-day banalities of office work: comments about the weather, morning commutes, and work-life balance. It even included emoji reactions: A message complaining about a chilly office earned its author one ironic palm tree.

Of course, there will always be easy ways to keep communications off the record: picking up the phone, or, better yet, arranging an in-person meeting. But email has for years been the bread and butter of everyday communication, and plays a role in nearly every bureaucrat’s daily life. If email fades, and Slack—or some other platform—becomes the new nexus for daily correspondence, then open-government policies must also evolve to keep up.

(Image via /Shutterstock.com)

NEXT STORY: An Unprecedented Threat to Privacy