IBM denies assisting NSA in customer spying

IBM denies assisting NSA in customer spying

Summary: IBM has categorically denied any involvement with the U.S. National Security Agency's spying spree, and insists it has never handed over client data in the name of surveillance.

Screen Shot 2014-03-17 at 11.22.28

IBM has denied any involvement with the U.S. National Security Agency (NSA)'s surveillance programs, and the company claims it has never handed over any client data to governmental bodies.

In response to allegations concerning the NSA's PRISM program, Big Blue has posted a response in the form of a blog post written by Robert C. Weber, IBM's Senior Vice President of Legal and Regulatory Affairs. Weber writes that IBM has never handed over client data to any third party, and would send the U.S. agency to the client rather than assist the governmental body:

"IBM is fundamentally an enterprise company, meaning our customers are typically other companies and organizations rather than individual consumers. We serve some of the world’s most successful global corporations, helping them achieve their business goals.

IBM has not provided client data to the National Security Agency (NSA) or any other government agency under the program known as PRISM."

Due to documents leaked by ex-NSA contractor Edward Snowden, the enterprise vendor is reportedly being probed by China over security issues, as so many of the country's systems are dominated by IBM, Oracle and EMC. The document leak alleges that the NSA hacked in to Chinese telecommunications firms in order to steal text messages and attack Chinese university servers for spying purposes.

Read this

PRISM: Here's how the NSA wiretapped the Internet

PRISM: Here's how the NSA wiretapped the Internet

The National Security Agency's "PRISM" program is able to collect, in realtime, intelligence not limited to social networks and email accounts. But the seven tech companies accused of opening 'back doors' to the spy agency could well be proven innocent.

IBM says that while it complies with local laws in the countries in which it operates, the firm has not provided client data to "the NSA or any other government agency under any surveillance program involving the bulk collection of content or metadata," and "has not provided client data stored outside the United States to the U.S. government under a national security order, such as a FISA order or a National Security Letter."

Furthermore, the tech giant says that you won't find any "backdoor" entry within its products, and nothing has been put in place to help government agencies spy on consumers -- and IBM also claims it does not provide source code or encryption keys to governments.

"In general, if a government wants access to data held by IBM on behalf of an enterprise client, we would expect that government to deal directly with that client," the company added. "If the U.S. government were to serve a national security order on IBM to obtain data from an enterprise client and impose a gag order that prohibits IBM from notifying that client, IBM will take appropriate steps to challenge the gag order through judicial action or other means."

The company took the opportunity to make recommendations to surveillance-happy governmental bodies, stating that such entities need to "act to restore trust," and should "not subvert commercial technologies, such as encryption, that are intended to protect business data."

Topics: IBM, Government US, Privacy, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • As a regular user here pointed out, not too long ago

    the more IBM says "we didn't" the more proof they actually did.
  • As Bruce Schneier said..

    "The best XXXXXX(*) can say is that we are secure except for the vulnerabilities that we don't know about and the ones we are prohibited by law from telling you about,"

    (*) Replace XXXXXX with any company based in the USA, UK, Australia, Canada or New Zealand (Five-Eyes).
  • Does anyone remember the gaping hole in the PC/AT?

    Regardless of OS, the PC/AT and many of its clones had a BIOS backdoor on the COM port(s). Whether it was intended for third-party use or just a way for IBM to perform "online" tech-support, I never found out but, I did see it used as a break-in tool.

    With today's multi-million-line programming full of gaping security holes, how are we supposed to believe that there aren't some deliberate ones as well?

    As soon as you give your data to another company, don't consider it to be safe. If there's a buck to be made selling your marketing information, it will be sold.

    How safe is the data stored on your own PC? If it's networked, it's not.
  • IBM helped the Nazi's, they cooperate willingly with the NSA Stazi

    Nothing new here, just same nasty corporation dealing with the devil, profiting on the oppression of fellow humans.
    Reality Bites