Government tech team in hot water for ‘data breach’ tied to Slack

A high-profile tech team within a federal agency has pushed back on an inspector general’s allegation that its actions lead to a data breach.

The watchdog, in a Thursday alert, said the 18F team had connected the popular workplace messaging application Slack with Google Drive, allowing team members to preview files hosted on Drive in the chat window.

{mosads}“Due to authorizations enabled by GSA [the General Services Administration] 18F staff, over 100 GSA Google Drives were reportedly accessible by users both inside and outside of GSA during a five month period, potentially exposing sensitive content such as personally identifiable information and contractor proprietary information,” wrote the watchdog in its alert.

The inspector general’s office said the decision to connect the two pieces of software resulted in “a data breach.” It recommended the agency stop using Slack and the protocol used to connect it with Google Drive until the tools are approved under the agency’s standards for information technology.

18F said the issue hinged on what happened when the two devices were connected. By automatically allowing Slack to create previews for the files, they were also giving it permission to automatically upload it to its servers.

“Bottom line: It’s not ok to let an external company automatically index and store our Google Drive documents,” wrote members of the team in a Friday blog post.

18F acknowledged that the decision was the wrong one but resisted the watchdog’s characterization.

“Enabling this integration was a mistake, but the consequences were not a data breach or hack,” they wrote. “Our review indicated no personal health information (PHI), personally identifiable information (PII), trade secrets, or intellectual property was shared.”

Slack defended its product.

“Slack administrators and team owners can control which team members can add integrations to their Slack team,” said a Slack spokesperson. “Slack is highly configurable to meet the regulatory and compliance needs of a variety of different kinds of organizations, in both the public and private sectors.”

18F is one of the more prominent Obama administration experiments in boosting the technical capabilities of the federal government. The group was founded over two years ago to provide tech services to different federal agencies.

Since then, it has worked on projects as varied as the scorecard the Department of Education produces for colleges and an overhaul of the Federal Election Commission’s digital presence.

The group operates generally like a tech startup. Slack is popular in Silicon Valley and with many news organizations for the way it allows teams to collaborate. 

– This story was updated at 5:45 p.m.