And what if the issue is two employees are using Slack to discuss using a competitors proprietary information on a contract proposal? Or two employees are discussing how to arrange the books so that they don't receive margin calls while trying to hide large trading losses?
You can't depend on everyone being on the up and up.
Replace "are using Slack" with "discussing at the bar across the street from the office" and what changes about the situation? If the company has an obligation to look into something, they have to look into it. They don't necessarily (and in my opinion shouldn't ever) have the need to, say, record audio of everything you ever do. What does the gray-er area of conversation in the break room at the office look like? What about the darker, gray-er area of conversation in the parking lot before you drive home at the end of the day?
My personal opinion, having avoided the MS IM client at work, is that you never say anything in writing that you wouldn't walk into the CEOs office and say to him in person. Chat of any kind, Slack included, is "in writing" and will have the same full force legal effect as email, so who's honestly surprised by this news?
This idea that, because you can't perfectly stop something, you shouldn't try to do it at all is madness. Yes, they could get around it. But in this situation, they're not.
Do you think you will go over every single DM to see if your employees are doing this? That's insane amount of time wasted. How do you think you will capture all of that? AI? Good luck. We had a system in my previous job that highlighted conversations which had keywords and we just abused it by mentioning those keywords constanly in "relevant" contexts. And if you really wanted to get the password (one of the monitored keywords) you'd just say: "Can you give me the details for ..."
You're missing the point. You don't actively monitor it, you record it so that later you can go back and review those conversations in the event you are required to by law. I don't know where you've worked, but this standard in any sizable company, or any involved in particular industries, and is not that difficult to arrange. There are specific legal requirements to keep records of certain types around for 2, 5, 10+ years, whether it's email, chat, file servers, etc. And yes, that includes Slack.
Why do you think Slack is any different than the systems that we have in place already? What makes Slack any different from email? Answer: nothing.
And if Slack didn't do this, they'd eventually find themselves filtered out of nearly every corporate network due to the inherent legal risk.
You can't depend on everyone being on the up and up.