IBM has denied any involvement with the U.S. National Security Agency (NSA)'s surveillance programs, and the company claims it has never handed over any client data to governmental bodies.
In response to allegations concerning the NSA's PRISM program, Big Blue has posted a response in the form of a blog post written by Robert C. Weber, IBM's Senior Vice President of Legal and Regulatory Affairs. Weber writes that IBM has never handed over client data to any third party, and would send the U.S. agency to the client rather than assist the governmental body:
"IBM is fundamentally an enterprise company, meaning our customers are typically other companies and organizations rather than individual consumers. We serve some of the world’s most successful global corporations, helping them achieve their business goals.
IBM has not provided client data to the National Security Agency (NSA) or any other government agency under the program known as PRISM."
Due to documents leaked by ex-NSA contractor Edward Snowden, the enterprise vendor is reportedly being probed by China over security issues, as so many of the country's systems are dominated by IBM, Oracle and EMC. The document leak alleges that the NSA hacked in to Chinese telecommunications firms in order to steal text messages and attack Chinese university servers for spying purposes.
IBM says that while it complies with local laws in the countries in which it operates, the firm has not provided client data to "the NSA or any other government agency under any surveillance program involving the bulk collection of content or metadata," and "has not provided client data stored outside the United States to the U.S. government under a national security order, such as a FISA order or a National Security Letter."
Furthermore, the tech giant says that you won't find any "backdoor" entry within its products, and nothing has been put in place to help government agencies spy on consumers -- and IBM also claims it does not provide source code or encryption keys to governments.
"In general, if a government wants access to data held by IBM on behalf of an enterprise client, we would expect that government to deal directly with that client," the company added. "If the U.S. government were to serve a national security order on IBM to obtain data from an enterprise client and impose a gag order that prohibits IBM from notifying that client, IBM will take appropriate steps to challenge the gag order through judicial action or other means."
The company took the opportunity to make recommendations to surveillance-happy governmental bodies, stating that such entities need to "act to restore trust," and should "not subvert commercial technologies, such as encryption, that are intended to protect business data."