Slack AI Privacy
Ashley Belanger (Hacker News):
After launching Slack AI in February, Slack appears to be digging its heels in, defending its vague policy that by default sucks up customers’ data—including messages, content, and files—to train Slack’s global AI models.
According to Slack engineer Aaron Maurer, Slack has explained in a blog that the Salesforce-owned chat service does not train its large language models (LLMs) on customer data. But Slack’s policy may need updating “to explain more carefully how these privacy principles play with Slack AI,” Maurer wrote on Threads, partly because the policy “was originally written about the search/recommendation work we’ve been doing for years prior to Slack AI.”
Maurer was responding to a Threads post from engineer and writer Gergely Orosz, who called for companies to opt out of data sharing until the policy is clarified, not by a blog, but in the actual policy language.
An ML engineer at Slack says they don’t use messages to train LLM models. My response is that the current terms allow them to do so. I’ll believe this is the policy when it’s in the policy.
Salesforce division Slack has responded to criticism by users outraged that its privacy principles allowed the messaging service to slurp customer data for AI training unless specifically told not to, claiming the data never leaves the platform and isn’t used to train “third party” models.
The app maker said its ML models were “platform level” for things like channel and emoji recommendations and search results, and it has now updated the principles “to better explain the relationship between customer data and generative AI in Slack.”
[…]
The privacy principles were overhauled in 2023 and contained the text: “To develop AI/ML models, our systems analyze Customer Data (e.g. messages, content and files) submitted to Slack.”
[…]
The principles have since been tweaked slightly, and now read: “To develop non-generative AI/ML models for features such as emoji and channel recommendations, our systems analyze Customer Data.”
If people actually read Slack’s privacy principles document instead of just reacting to an incorrectly titled link or an out-of-context screenshot on X/Twitter, they would see that Slack isn’t doing any of those things.
However, the “unambiguous sentences” that he quotes seem to be from the current privacy principles, not the May 17 version that sparked the outrage.
More seriously, there’s an important point to make here. Even as we rely ever more on gadgets and services, society has lost a great deal of trust in the tech industry. This controversy arose because the suggestion that Slack was doing something underhanded fit a lot of preconceived notions.
People didn’t want to give them the benefit of the doubt because their behavior played into preconceived notions and seemed sketchy. Their privacy document was antiquated (written to cover a previous AI feature) and not very clearly written. It gave examples of how the customer data might be used but didn’t specify limits. The document has no modification date or change history, with the overall privacy policy still showing a date of July 5, 2023. You had to opt out, and not via a visible setting—but by sending them an e-mail with a special subject. It’s all basically the opposite of what Steve Jobs recommended.
Update (2024-05-22): Adam Engst:
All that said, I still feel like Slack’s mistake in failing to update the document to be more clear wasn’t that bad. The subsequent changes Slack made show that even if the document wasn’t as clear as would be ideal, Slack wasn’t trying to put one over on us. Even in the problematic May 17 version, Slack said:
For any model that will be used broadly across all of our customers, we do not build or train these models in such a way that they could learn, memorise, or be able to reproduce some part of Customer Data.
Of course, because of the lack of trust many people have in the tech industry, even relatively clear statements like that don’t necessarily have the desired effect. “Sure,” one may think, “that’s what you say, but how do we know that’s true?”
And we don’t. There are many lapses, security breaches, and broken promises. But simultaneously, we have to trust the technology we use to a large extent because the only other option is to stop using it.