IBM: We've given no client data to NSA
Big Blue claims it has not handed over any info under PRISM programme and claims it will fight attempts to obtain customer data
IBM has asserted that it has not handed any customer data to the US National Security Agency (NSA) and claimed it would fight any attempts to compel it do so.
On Friday Big Blue's general counsel Robert Weber wrote an open letter to the vendor's clients outlining five "simple facts" concerning the company's actions in recent years and its policies regarding giving data to government agencies.
"IBM has not provided client data to the NSA or any other government agency under the programme known as PRISM," is the first statement of fact made by Weber.
He goes on to claim that the firm has not "provided client data to the NSA or any other government agency under any surveillance programme involving the bulk collection of content or metadata". Big Blue has also never handed over any data stored outside the US under a national security order, Weber writes.
Big Blue claims it does not put any back doors in its products to allow government agencies to access data, or provide such bodies with source code or encryption keys.
"IBM has and will continue to comply with the local laws, including data privacy laws, in all countries in which it operates," is the final "fact" laid out by Weber.
The legal chief points out that the vendor's business model differs from many of the other big names linked to the NSA revelations in that its business does not focus on providing internet-based communications.
Weber also notes that IBM does not really serve the consumer market and that "our client relationships are governed by contract, with clear roles and responsibilities assigned and clearly understood by all parties".
"For these reasons, it has long been our (and our clients') expectation that if a government did have an interest in our clients' data, the government would approach that client, not IBM," writes Weber.
Gag reflex Weber's letter comes three months after a lawsuit filed by the Louisiana Sheriff's Pension and Relief Fund linked IBM with colluding in the PRISM programme. At that time, the vendor dismissed the notion as "pushing a wild conspiracy theory".
In his most recent missive, Weber goes on to outline that if Big Blue were to be handed some form of US government national security order compelling it to hand over client data and imposing a gag on telling the client in question, "IBM will take appropriate steps to challenge the gag order through judicial action or other means". If ordered to supply customer data stored outside the US, the firm again asserts its commitment to challenging such a diktat "through judicial or other means".
Weber also offers some advice to governments, imploring them to "reject short-sighted policies, such as data localisation requirements, that do little to improve security but distort markets and lend themselves to protectionist tendencies". He also urges governments not to "subvert commercial technologies... that are intended to protect business data".
Weber also wants to see the US government engage in "a robust debate on surveillance reforms" and give the public a better understanding of "the scope of intelligence programmes and the data collected".
"Technology often challenges us as a society. This is one instance in which both business and government must respond," concludes Weber. "Data is the next great natural resource, with the potential to improve lives and transform institutions for the better. However, establishing and maintaining the public's trust in new technologies is essential."