In an open letter to their clients, IBM Senior Vice President for Legal and Regulatory Affairs and General Counsel, Robert C. Weber, issued some statements in an attempt to address concerns over allegations of U.S. spying and access to cloud data, specifically within the confines of the government program called PRISM. IBM, while not mentioned in any of the communiques from Edward Snowden, former CIA employee and NSA whistleblower, has taken this opportunity to clarify its position as it relates to the company’s involvement (or lack thereof) in any U.S. government data collection programs.
In the letter, Mr. Weber states the following:
- IBM has not provided client data to the National Security Agency (NSA) or any other government agency under the program known as PRISM.
- IBM has not provided client data to the NSA or any other government agency under any surveillance program involving the bulk collection of content or metadata.
- IBM has not provided client data stored outside the United States to the U.S. government under a national security order, such as a FISA order or a National Security Letter.
- IBM does not put “backdoors” in its products for the NSA or any other government agency, nor does IBM provide software source code or encryption keys to the NSA or any other government agency for the purpose of accessing client data.
- IBM has and will continue to comply with the local laws, including data privacy laws, in all countries in which it operates.
Mr. Weber goes to state that:
Our business model sets us apart from many of the companies that have been associated with the surveillance programs that have been disclosed. Unlike those companies, IBM’s primary business does not involve providing telephone or Internet-based communication services to the general public. Rather, because the vast majority of our customers are other companies and organizations, we deal mainly with business data. Our client relationships are governed by contract, with clear roles and responsibilities assigned and clearly understood by all parties. To the extent our clients provide us access within their infrastructure to the type of individual communications that reportedly have been the target of the disclosed intelligence programs, such information belongs to our clients.
The full text of the letter can be viewed online. This letter is important for many managed service providers (MSPs) as IBM continues to increase its marketing and outreach to MSPs in an attempt to promote its private and hybrid cloud computing software and hardware offerings. As more and more countries continue to deliberate on how to address data privacy and security concerns within their respective countries, MSPs using IBM technology are in a unique position to assist local businesses with keeping data within specified boundaries.
What is very promising is to see IBM’s affirmative statements about how they would protect their customer data in the event that any government would try and secretly access that data. In a world where public cloud vendors are very eager to comply with government data requests AND keep those disclosures secret from their business customers. I hope IBM does not change their position on this important issue.