Events, news, technologies and products about cyber security
Monday, March 17, 2014
[scmagazine] IBM to clients: No data, source code handed over to NSA
In an open letter to its clients, software and IT services giant IBM made some weighty assurances that it has not helped the National Security Agency (NSA) obtain customer data through contested surveillance programs.
On Friday, Robert Weber, general counsel and senior vice president of legal and regulatory affairs at IBM, published the letter on a company blog.
In light of customer questions about data privacy and security, IBM publicly denied that it aided bulk data collection programs uncovered by Snowden leaks.
In a straightforward, bulleted list, IBM said that it “has not provided client data to the National Security Agency (NSA), or any other government agency under the program known as PRISM.” The tech giant also went on to say that it had not provided client data under any government bulk collection program.
In addition, IBM addressed anxieties that its products may have been compromised by the NSA in order to give the government widespread access to client information.
“IBM does not put ‘backdoors' in its products for the NSA or any other government agency, nor does IBM provide software source code or encryption keys to the NSA or any other government agency for the purpose of accessing client data,” the open letter said.
The company further explained that if a request for client data were to come in the form of a government order, such as a national security letter, which could impose a gag order to keep IBM from notifying clients, it would take legal action, or other appropriate steps, to challenge the gag order.
IBM continued that, unlike some tech companies, which provide telephone and internet services to the general public, its primary business is with other companies and organizations.
“Our client relationships are governed by contract, with clear roles and responsibilities assigned and clearly understood by all parties,” IBM said, later adding that, because of this, it expects the government to directly approach clients for data.