Reprinted from TidBITS by permission; reuse governed by Creative Commons
license BY-NC-ND 3.0. TidBITS has offered years of thoughtful commentary
on Apple and Internet topics. For free email subscriptions and access to the
entire TidBITS archive, visit http://www.tidbits.com/


        Slack AI Privacy Principles Generate Confusion and Consternation

   Adam Engst

   As I traveled home from Salt Lake City last Friday, controversy began
   to swirl around the popular group messaging system Slack, [1]which we
   use and cover regularly. A Slack online document titled '[2]Privacy
   principles: search, learning and artificial intelligence' went viral
   after it was discovered that Slack failed to use the Oxford comma in
   its title. Wait, no, that's wrong'the controversy came about after a
   link to the privacy principles was posted to Hacker News with the title
   '[3]Slack AI Training with Customer Data' and boosted on [4]X/Twitter,
   focusing on how the document includes an awkward opt-out-via-email
   provision if 'you want to exclude your Customer Data from Slack global
   models.'

   Well, heck, yes, who wouldn't want to exclude their data from Slack
   global models? One of Slack's selling points is its promises
   surrounding privacy and security, so confidential business and personal
   information can be discussed with impunity. If Slack were training
   large language models (LLMs) on customer data, anything you say in
   Slack could be ingested into the model, digested by the neural network,
   and spit back in who knows what situations and contexts. Maybe your
   competitors could even ask Slack AI to reveal your business secrets!
   Quick, panic on social media!

   If people actually read Slack's privacy principles document instead of
   just reacting to an incorrectly titled link or an out-of-context
   screenshot on X/Twitter, they would see that Slack isn't doing any of
   those things. Refer to unambiguous sentences like:

     We do not develop LLMs or other generative models using customer
     data.

     No Customer Data is used to train third-party LLM models. Slack does
     not train LLMs or other generative models on Customer Data, or share
     Customer Data with any LLM providers.

   That's not to say Slack's privacy principles are a paragon of clarity.
   The document uses a variety of terms without defining them (what's a
   'global model,' and is it generative AI?), waits until the end to
   mention that Slack does use generative AI for the separate [5]Slack AI
   product offering (but not LLMs trained on customer data), and tends to
   mix what Slack doesn't do (develop LLMs using customer data) with what
   it does do (develop non-generative AI/ML models by analyzing customer
   data) in the same paragraph.

   The entire kerfuffle occurred because people didn't read carefully and
   posted out-of-context hot takes to social media. If only we had a tool
   that could help our social media-addled human brains extract meaning
   from complex documents... Hey, I know'I'll ask ChatGPT if Slack will be
   training generative AI models based on the confidential discussions in
   my Slack workspace.

   There you have it. ChatGPT: 1, random people on social media: 0.
   Unless, of course, ChatGPT is in cahoots with Slack AI, and that's just
   what they want us to believe.

   I also asked ChatGPT to tell me what people might find confusing about
   Slack's privacy principles and to rewrite it so there would be less
   chance for confusion. You know what? It did a pretty good job calling
   out Slack's definitional and organizational problems and creating a new
   version that relied heavily on headings and bullet lists to get the
   point across more directly. Paste in Slack's privacy principles and try
   it yourself sometime'chatbots can do a decent job of telling you what's
   wrong with a document.

   More seriously, there's an important point to make here. Even as we
   rely ever more on gadgets and services, society has lost a great deal
   of trust in the tech industry. This controversy arose because the
   suggestion that Slack was doing something underhanded fit a lot of
   preconceived notions. Slack didn't even get enough of the benefit of
   the doubt to cause people to read its privacy principles carefully.

   This lack of trust in how the generative AI sausage is made is
   understandable. OpenAI and other firms trained their LLMs on vast
   quantities of information from the Internet, and although that data may
   have been publicly available, using it to build and maintain
   billion-dollar businesses doesn't feel right without compensation or at
   least credit.

   Worse, will anything you say'or documents you submit'to an AI chatbot
   be added to future training data? Although the privacy policies for all
   the leading AI chatbots say they wouldn't think of doing any such
   thing, prudence would suggest caution when sharing sensitive health,
   financial, or business information with a chatbot.

   I fear there's no returning to the techno-optimistic days of
   yesteryear. Experts say a company can regain trust with clear and
   transparent communications, consistent competence, ethical practices, a
   positive social impact, and a serious attitude toward stakeholder
   concerns. That would be difficult for even a motivated company and
   seems impossible for the tech industry overall.

   But I'm not worried about Slack for the moment.

References

   Visible links
   1. https://tidbits.com/tag/slack/
   2. https://slack.com/intl/en-gb/trust/data-management/privacy-principles
   3. https://news.ycombinator.com/item?id=40383978
   4. https://x.com/QuinnyPig/status/1791220276350390575
   5. https://slack.com/features/ai

   Hidden links:
   6. https://tidbits.com/wp/../uploads/2024/05/Slack-fuss-ChatGPT.png

.