She created the account while traveling in Cuba (legally) years ago and hasn’t been back to Cuba or any other sanctioned country since.
She is a cofounder of an org that uses Slack heavily and has now lost access to all her messages and files from the past couple years of work.
There appears to be no appeal process here.
This causes me to think about the metadata records they have held onto in addition to all the data.
Companies should be made accountable for such blatant abuse of user data.
I understand the complex legal frames that this exists in, but they appear to have the data to be way more precise here.
Or they did an IP to country lookup back then and kept the result of that rather than keeping the IP.
I am pretty certain I have logged into my mail, PayPal account and Digital Ocean account from countries embargoed in the regions my providers operate. PayPal I could lose without much fuzz, but jeez how I'd hate to lose access to my email.
This is absolutely ridiculous. I've opened up Slack while in Cuba to check on work things at my American company who does no business there. I don't have anything to do with our Slack bill and I'm a US citizen. So if someone goes to see their family in Iran/etc and just happens to open Slack they'll get banned? That's hamfisted as all hell.
Your analogy about grocery stores doesn't really work because logging into Slack isn't the same thing as walking into a grocery store, because buying from a grocery store isn't the same thing as exporting food across a national boarder, and because neither food nor medicine is embargoed.
Yes, it harms their customers, but that harm and the resulting damages to Slack' reputation (and maybe legal costs), is what they must pay for being negligent in the past.
In this case, if the account was actually opened from Cuba ... that could be a problem.
What they should do is offer recourse and a way to have this resolved.
So they are absolutely offering recourse and resolution, but only where it is in their power to do so.
TLDR: Don’t expect Slack to be responsive to arguments that contain “please ignore US law for my individual circumstances”.
[EDIT] to be on the safe side, I've also created a new workspace from said IP.
If not maybe everyone can consider that maybe Slack’s actions for the Iranian guy have some basis other than “his ethnicity.”
Lesson: keep backup of everything in multiple jurisdictions even if you are innocent like Jesus. You know what happened to him.
> Generate a Slack “Export” file from Slack > Administration > Workspace settings > Import/Export Data > Export > Start Export.
It's not completely arbitrary. Plus there're notions of estoppel potentially at play.
Two, they may have to at least return the data: if I let you use a desk at my place and you start doing business there, I am pretty sure I cannot legally refuse you entry and hold on to your papers.
Three, even if they are, we're also legally entitled to call Slack incompetent losers, and to tell our employers that we should not switch to Slack if we wish to continue being co-workers with Iranians. I will be telling my employer that shortly. (One fascinating aide effect of using Slack is thst the entire company must conform to Slack's policies. You cannot hire someone whom Slack won't create an account for, nor someone who won't agree to Slack's ToS, because if they're not on Slack they can't get work done.)
That’s not what the parent comment said, you’re twisting it with an assumption. Slack is not legally obligated to provide Slack accounts to anyone, that was the point.
> they may have to at least return the data: if I let you use a desk at my place and you start doing business there, I am pretty sure I cannot legally refuse you entry and hold on to your papers.
Your analogy is rather confused. The data Slack has isn’t equivalent to your papers that you dropped on their desk. When you sign up for Slack, you enter into a contract outlined in their Terms of Service that detail explicitly what they agree to be responsible for. In particular, here’s the agreement relating to your data:
“Following termination or expiration of a workspace’s subscriptions, we will have no obligation to maintain or provide any Customer Data and may thereafter, unless legally prohibited, delete all Customer Data in our systems or otherwise in our possession or under our control.”
I have to admit that this case (and some others I read in recent days, e.g. MailChimp account deleted: https://news.ycombinator.com/item?id=18715866 ) made me aware that the terms of some popular services can be much worse than I would expect. I should really start reading those terms. Thank you for helping me reduce my naivety.
And this point is untrue. As long as Slack provides accounts to the general public, they are required by law not to discriminate when doing so on the basis of race or national origin. They can stop serving everyone. They can firewall access from Iran, or identify actual persons covered by the sanctions. But they are legally obligated to serve Iranians as much as they serve anyone else.
> Following termination or expiration of a workspace’s subscriptions
One, this is an individual account, not a workspace. The workspace remains active.
Two, terms of service don't override law. There may or may not be law that overrides this and says that certain rights cannot be signed away. (For instance, if you're subject to the GDPR, my understanding is it would override it.)
> As long as Slack provides accounts to the general public
Slack does not provide accounts to the general public, in any legal sense. Slack is a private business, not a public service. Please read the terms of service to understand the terminology.
> they are required by law to not discriminate
Well, they are required by law to discriminate against traffic to Iran.
But, again, you've twisted my meaning to make your own separate point. I wasn't talking about discrimination. Slack is not compelled by law to provide accounts to someone. They can legally refuse service to someone who lives in Iran, or connects to Slack from servers located in Iran.
> But they are legally obligated to serve Iranians as much as they serve anyone else.
That statement is true in the sense that Slack is under no legal obligation to provide their service to anyone, outside of the agreement they created. That is separate from and irrelevant to whether or not they're allowed to discriminate against the people Slack agrees to provide service to, under their terms of service contract.
> they are required by law not to discriminate
BTW, what law are you talking about specifically? I'm aware of civil rights for US citizens, and anti-discrimination employment law in the US, but not of a specific law that bars online discrimination. I personally believe discrimination online would be wrong and bad, but are you certain that it's illegal?
Keep in mind we're talking about someone in Canada connecting to a US service, with a plausible decent chance that he connected from Iran or through an Iran server and just forgot about it. I'm not aware of specific US anti-discrimination or civil rights laws that would protect Amir in this case.
Of course that argument has an opposing side as well, but it seems prima facie plausible as a cause of action.
Slack is legally obligated to provide Slack accounts to people who pay, with 30 days notice for termination in most cases. There is this stipulation:
> We may terminate the Contract immediately on notice to Customer if we reasonably believe that the Services are being used by Customer or its Authorized Users in violation of applicable law.
However, if they are terminating accounts based on ethnicity that doesn't seem like a reasonable belief they can use to justify applying export controls.
Rather, Slack agrees to provide accounts to people who pay and agree to the contract in return.
That little stipulation is exactly what is in effect here. Slack believes the users are in violation of the agreement, and under the legal rules that Slack established and controls, they enforce immediate termination.
> if they are terminating accounts based on ethnicity
This defending of the argument based on wild assumptions that Slack is ethnically profiling is a bad place to start from. That hasn't been shown, nor is it very likely.
On the other hand, Slack is legally obligated to block traffic to Iran, and it's within reason to assume an account that ever had any traffic in Iran broke the law. It's certainly possible that Amir forgot that he used an Iran proxy, or traveled there. It's possible that someone on his team broke the rule without his knowledge. It's also possible that Slack made a mistake, which can and does happen from time to time at many companies when trying to enforce international laws using only IP traffic logs. None of that points at Slack intentionally terminating accounts based on ethnicity.
If not, I am totally confused about how your response connects to what I wrote.