
In an open letter to their clients, IBM Senior Vice President for Legal and Regulatory Affairs and General Counsel, Robert C. Weber, issued some statements in an attempt to address concerns over allegations of U.S. spying and access to cloud data, specifically within the confines of the government program called PRISM. IBM, while not mentioned in any of the communiques from Edward Snowden, former CIA employee and NSA whistleblower, has taken this opportunity to clarify its position as it relates to the company's involvement (or lack thereof) in any U.S. government data collection programs.
In the letter, Mr. Weber states the following:
- IBM has not provided client data to the National Security Agency (NSA) or any other government agency under the program known as PRISM.
- IBM has not provided client data to the NSA or any other government agency under any surveillance program involving the bulk collection of content or metadata.
- IBM has not provided client data stored outside the United States to the U.S. government under a national security order, such as a FISA order or a National Security Letter.
- IBM does not put “backdoors” in its products for the NSA or any other government agency, nor does IBM provide software source code or encryption keys to the NSA or any other government agency for the purpose of accessing client data.
- IBM has and will continue to comply with the local laws, including data privacy laws, in all countries in which it operates.
Mr. Weber goes to state that:
Our business model sets us apart from many of the companies that have been associated with the surveillance programs that have been disclosed. Unlike those companies, IBM’s primary business does not involve providing telephone or Internet-based communication services to the general public. Rather, because the vast majority of our customers are other companies and organizations, we deal mainly with business data. Our client relationships are governed by contract, with clear roles and responsibilities assigned and clearly understood by all parties. To the extent our clients provide us access within their infrastructure to the type of individual communications that reportedly have been the target of the disclosed intelligence programs, such information belongs to our clients.

