If you’ve worked in a modern office sometime over the past few years, odds are you’ve become aquatinted with the luminous looming red glow of a Slack notification. For those less acquainted, Slack is an office management/productivity tool that functions largely like a messaging app. The company was founded nine years ago with the expressed purpose of “eliminating email,” and in some respects, it succeeded in that lofty goal.
Work email—long-beleaguered by cumbersome formality, inbox logjams, and insufferable spam—made checking letters a part-time job in itself for many workers. By communicating directly with managers and coworkers through Slack for more immediate, less permanent communications, Slack and its copy cats reduced many worker’s slavish reliance on email and simultaneously crafted a more definable, separate role for email. I myself got all too familiar with the chiming updates of Slack notifications while working at several different newsrooms.
Of course, the move to a more immediate, always available text message like system for work has its pitfalls. Lower levels of commitments and ease of access meant that the sheer volume of communications received from bosses and coworkers increased rapidly. Informal language and text messaging iconography—think shorthand variations of “brb” “ikr” and “lmafao—and a flurry of memes and gifs, all combine together to blur the line between “work” and regular life. Moreover, Slack’s slick integration into mobile devices meant you were only ever one swipe away from the office, whether that be at home, at a bar, or with loved ones. As a result, Slack users, (or maybe just myself?) are left feeling like a doctor on call, nervously awaiting the next impending pager buzz.
Despite the drawbacks, one upshot I personally found in Slack was its role as an alternative to the Big Tech monopoly powers. Sending private communications (especially as a journalist discussing sources and stories) felt slightly more secure on Slack—a private company answering to its customers—than say Google.
But that workplace management balance of power shifted last week with the acquisition of Slack by Salesforce. That acquisition could spell trouble for worker privacy.
Many have written about the specifics of the Slack acquisition but one common theme I’m pulling from the writings is that Slack’s sale can’t be fully understood without considering the simultaneous success of Microsoft Teams. For a more thorough reading of how Microsoft felled Slack and led to the Salesforce acquisition, I recommend reading last week's edition of Platformer by Casey Newton.
In short, Microsoft launched its “Teams” service (a copy cat of Slack) in 2016 with the goal of taking over the road Slack had paved. Slack welcomed the completion at the time, even going as far as to publish an open letter in The New York Times, boasting that, “Slack is here to stay.” Yet, between the time of that letter and today, Slack’s user base has only increased from 4 million to 12 million. That might not seem like chump change, but in that same time, Teams, starting at nothing, grew to swallow 115 million users.
Despite having a better product in almost every way, Slack, a small private company, simply couldn't compete with Microsoft’s massive access to distribution. Tipping the balance even further, Microsoft included Teams for free with its Office 365 products, thus eliminating any second thoughts from would-be users. So, as the explanations I’ve read so far go, Slack, valued at around $27 billion, welcomed the Salesforce acquisition because the partnership would grant Slack access to some of that Salesforce distribution and potentially allow them to go toe to toe with Microsoft.
In this telling, getting big is looked at as a benefit, but when one starts to consider the privacy implications for everyday workers and users, bigger is not always better.
Microsoft’s rapid success with its Teams product and evidence of its appetite for espionage are intertwined. One necessarily only exists because of the other. In some ways, to borrow and slightly tweak a phrase penned by anti-trust scribe Tim Wu, Microsoft’s spying success is a product of “The Curse of Bigness.”
Past reporting has shown how surveillance techniques undergird many aspects of Microsoft's Office 360 suite. Managers using Teams and other services, for example, can reportedly track the email, chats, and calendar appointments of workers. Microsoft collects even more granular workplace analytics and sells that data to other companies like Macy’s and similar retailers. According to a Wall Street Journal report earlier this year, mortgage giant Freddie Mac “used Microsoft’s analysis to gauge how much time workers spent in meetings and try to determine whether some of those gatherings were redundant.”
Just last week, the American company came under fire after GeekWire discovered patent fillings for technology that could “score” team meetings based on body language and facial expressions.
The technology would reportedly use a combination of cameras and software to track workers and assign them a “productivity score.” This tool could allegedly be used to track just how engaged a worker was in a meeting and assign him a score based on the measured metrics. Those metrics include the worker’s facial expression, body his movement, the temperature of the room, and the number of people in the meeting. Once assigned productivity scores, a “meeting insight computing system” would use the data to predict the utility of any upcoming meeting.
These are admittedly specific cases and are not limited solely to Microsoft. The larger point to drive home here is that growth at all costs comes with compromises and one of those compromises is personal privacy.
Again, Microsoft’s rapid success with its Teams product and its proclivity for spying are connected. When one proceeds forward with the end goal of dominating the productivity tool market completely unopposed, there’s ample incentive to surveil, exploit, and engage in any number of less than ethical business practices.
State surveillance, personal privacy, and corporate business practices may initially appear separate, distinct issues, but in a society where nearly every person has wittingly or unwittingly made themselves dependent on the services of a few major companies for the basic functioning of their daily lives, these issues become cyclical.
Cory Doctorow explained this pattern well in his recent book, How to Destroy Surveillance Capitalism, writing, “There is no firm distinction between state surveillance and surveillance capitalism.” Doctorow went one:
“Mass state surveillance is only feasible because of surveillance capitalism and its extremely low-yield ad-targeting systems, which require a constant feed of personal data to remain barely viable. Surveillance capitalism’s primary failure mode is mistargeted ads while mass state surveillance’s primary failure mode is grotesque human rights abuses, tending toward totalitarianism.
That’s not to say Slack, the independent company, has a perfect track record on workplace surveillance whatsoever. Slack collects names, email addresses, and messages, and, for the most part, employers are able to gain access to any chat if they so desire.
Despite that, there still exists a clear distinction between the business model of the old Slack and the Surveillance Capitalist giants. While Slack made money through selling premium subscriptions, companies like Google and Facebook, and increasingly Microsoft, derive profit specifically from the harvesting of “personal” information and packaging that off to advertisers.
So what of the future of Slack then, the imperfect but laudable private company that attempted to challenge the surveillance capitalist titans? The Salesforce acquisition may bring them to more offices around the world, but that may also come at a price, both reputationally and ethically.
As I type this, Salesforce is currently facing a lawsuit in the UK and the Netherland over the use of its third-party cookies for ad tracking. The suit alleges Salesforce violated the European Union’s General Data Protection Regulation and are asking for more than 10 billion euros. Also as I type this, we are just one day removed from an announcement by the FTC to potentially break up Facebook (look for more on that here next week.)
All of these things are connected. While Slack may embody the role of the martyr, the ground is shaking, and the appetite for trust-busting appears to be gaining meaningful momentum.
Thank you for sticking with me. If you like what you’ve read so far, I’d really appreciate you sharing this link with a friend or on social media.
In Other News…
1. The US Military Is Buying Location Data From Muslim Prayer Apps
Your seemingly innocuous phone app may be selling off your location data to the US Military. That’s according to documents reviewed by Motherboard revealed last month.
Many of the most noteworthy apps involved were tied to Muslim groups.
The most popular app, for example, was a Muslim prayer and Quran app that’s reportedly been downloaded more than 98 million times worldwide.
Muslim dating apps, storm watching apps, and an app for leveling bedroom shelves were all allegedly implicated in the data sharing.
The data was allergy obtained by US Special Operation Command by way of two private companies: Babel Street and X-Mode
Those two companies are in the business of buying up personal data (including location data) from apps and then selling that to other parties. In this case, their buyer was the US Military.
Muslim Pro, a prayer app that claims it’s the “Most Popular Muslim App!” was reportedly involved in the data selling.
The app, which primarily reminds users when and what direction to pray to Mecca, was reportedly downloaded more than 50 million times.
In a Tweet, Muslim Pro denied the Motherboard allegation as “INCORRECT AND UNTRUE,” without denying any of the factual details.
Days after the report, however, Muslim Pro said it would terminate its partnership with X-Mode, which sold the user’s data to the US Military.
While the data sold to the military by Babel Street and X-Mode were “anonymized,” multiple academic and security reports have proved this type of data can be anonymized with relative ease.
A Babel Street employee told Motherboard they could, “absolutely deanonymize a person."
Counter-terrorism officers analyzing this type of data may have a clear motivation, and the necessary resources, to link this type of data to individuals.
While this all reeks of military overreach and a breach of civil liberties, it’s not technically illegal.
Part of the problem here, the military’s disregard for civilian privacy notwithstanding, is that any private company with a somewhat useful app can collect massive, granular personal information in the first place.
Without any meaningful surveillance laws regulating these industries, smaller groups like Muslim Pro and other are left following the precedent set by tech giants like Facebook and Google.
2: New EFF Report Highlights Prevalence of Real-Time Crime Networks in US
A new report released by the Atlas of Surveillance, (a division of the Electronic Frontier Foundation) exposes the growing prevalence of Real-Time Crime Networks scattered throughout the US.
The new EFF report documents at least 80 RTCCs located throughout the country, with dense clusters in Southern and Northeastern states.
While the more commonly known “fusion centers” operate largely on the state level and are a product of the US Department of Homeland Security, RTCCs zoom in on the municipal and county level.
The EFF report found RTCCs in 29 states, with Florida possessing the most. New York followed closely behind.
The graphic below, pulled from the EFF report, shows the location of each RTCC.
The data pouring into these crime centers comes via the way of automated license plate readers, networked cameras, and gunshot detectors.
These data points are used alongside predictive AI algorithms to create a so-called predictive policing system administered centrally from Real-Time Crime Centers.
3: Demand for Employee Surveillance Higher Than Ever Amid Global Pandemic
With more people working remotely due to the pandemic, the demand for employer surveillance tools has skyrocketed.
A study, conducted by Top10VPN used its global monitoring data to look at search terms related to employee surveillance and found that demand for employee surveillance software increased by 55% compared to averages before the pandemic.
Additionally, global demand for employee monitoring software increased by 108% in April compared to the previous year.
In that same month, search results for “How to monitor employees working from home,” increased by 1,705% from the previous year.
The table below shows the five most common search queries related to surveillance and how they increased in April and May compared to those same months one year ago.
According to a survey conducted by MIT, up to one-third of the US workforce have started working remotely due to the pandemic.
While most of Europe and North America started experiencing shutdowns around March, it wasn’t until April, presumably when employers began noticing that the pandemic was likely here to stay, that searches for surveillance tools really climbed. Here’s a direct quote from the report explaining that point further.
“While data from March shows a slight increase in demand, 7% over the full month, it wasn’t until April that the impact of lockdown measures had fully taken effect. In response, demand for employee monitoring tools surged by 87% and remained 71% above the pre-pandemic average in May.”
4: Are We Ready For a “New” Type of Internet?
A common refrain I hear when speaking to colleagues about the ills of online surveillance is the pervading sense of helplessness and inaction. The internet and its benefactor have grown too big and surveillance too entrenched, the argument goes, so what really is the point of worrying about it?
Well, one company is taking on the admittedly Herculean efforts of flipping that script, and it has an eye-grabbing backer: one of the founders of the internet as we know it.
The company is called Inrupt and it has a simple, but audacious pitch: let individuals control their personal data completely and only let others use it when absolutely necessary.
The venture is backed by Tim Berners-Lee, the founder of the World Wide Web.
In theory, Inrupt would work by creating many different “pods” with which you could store your personal data.
Those pods would then be accessed by using the company’s open-source data storage technology called Solid.
Your doctor, TV provider, or, say news site would then have to access your Solid through a data request.
“The technologies we're releasing today are a component of a much-needed course correction for the web," Berners-Lee said in a statement to CNET. "Ultimately, this new foundation of trust and cooperation will lead to entirely new business models that actually benefit users as well."
5: Zoom Settles With the FCC After Misleading Users About Security Features
Zoom, the remote concerning app unexpectedly thrust upon the world thanks to the pandemic, has settled with the FTC after repeated security blunders.
The FTC complaints accuse Zoom of overstating its privacy ability, specifically that if it’s supposed encryption, to customers for the past four years.
Now, as a result of the settlement, Zoom will have to have its security reviewed by a third party observer every two years.
While it’s unclear exactly how much Zoom settled for, the company could be subject to up to $40,000 in fines. That’s not nothing, but it’s chump change for a company that’s reportedly made $12 billion in the past nine months.
As for the third-party audits, Zoom will have to used to it. The order reportedly stands for 20 years.
While the investigation began over a year ago, that all sped up in the Spring as millions of quarantined workers suddenly found themselves flocking to the software,
Aaron Tilley, The Wall Street Journal
Here’s What Else Is New
Advertisers Are Working Hard to Monetize Your TV Streaming Habits
Experts say streamers have higher privacy standards than traditional TV viewers, so the need for companies to come up with sneaky ways to manufacture “consent” is all the more urgent.
Israel's new virus surveillance system draws comparisons to China
Ring recalls 350,000 video doorbells because they can catch fire
Canadian ecologists used facial recognition to track vulnerable Grizzly Bears
Apple Fires Back att European Activist Complaints Against Tracking Tool
Nashville is Considering Lifting it’s Ban on License Plate Readers to Catch … Drag Racers
When these drag racers get together, they'll often do doughnuts in the parking lot; so you go the next day and there are all these black marks, well someone has to pay for that," Council Member Joy Styles said.
New Orleans Police Department Admits Using Facial Recognition After Years of Denials
Warnings Applied to Trump Election Tweets Only Reduced Sharing by 8%
Google Founder Eric Schmidt is Reportedly Considering A Top Role in the Biden Administration
Walmart is Using Drones to Deliver Covid Test Kits to El Paso Customers
That’s it for now. As always, please feel free to reach out to me at thestateofsurveillance@gmail.com or Mack.degeurin@gmail.com
Later y’all.