While I agree with auditable access to employee DMs, there is a middle ground solution that trivially solves the problem you've presented. Instead of providing the employer with access to the employee's messages directly, logs can be signed at both the blob and message level. Then if an employee selectively turns over only some of their logs, the mismatch will be readily apparent.
Of course it can be solved! I was pointing out that the prior comment was incorrect.
If an employee is in possession of chat logs that if divulged will get them fired, they can simply delete the logs. "Sorry, the drive crashed. IT is working to fix it right now." Stepwise refinement to insecurely re-create security solutions is one of the reasons for many security vulnerabilities.
Logs are well understood, and logging of sensitive information is not just a small technical issue but a security issue. The same way that people shouldn't design their own crypto, when people design logging mechanisms for sensitive data, which is seemingly simple, they will almost always introduce these security errors, as in your post.
Unfortunately, there are also a number of legal issues (and possibly compliance issues) that need to be accounted for from redaction to anonymity and from GDPR to encryption.
Not sure what you mean by blobs? If Slack implemented a scheme like this, they should sign a message which includes metadata like the org name, channel name and timestamps in addition to text.
By blob I mean an archive dump of every message and the metadata you're describing. If that dump is hashed, selectively presenting messages in the dump is obvious.
