May 30, 2018
Categorized: Data Responsibility
Share this post:
For more than a century, IBM has earned the trust of our clients by responsibly managing their most valuable data, and we have worked to earn the trust of society by ushering powerful new technologies into the world responsibly and with clear purpose.
IBM has for decades followed core principles – grounded in commitments to Trust and Transparency – that guide its handling of client data and insights, and also its responsible development and deployment of new technologies, such as IBM Watson.
We encourage all technology companies to adopt similar principles to protect client data and insights, and to ensure the responsible and transparent use of artificial intelligence and other transformative innovations. We offer our own Trust and Transparency Principles here as a roadmap. They include:
“Every organization that develops or uses AI, or hosts or processes data, must do so responsibly and transparently. Companies are being judged not just by how we use data, but by whether we are trusted stewards of other people’s data. Society will decide which companies it trusts.”
-Ginni Rometty, IBM Chairman, President and CEO
THE PURPOSE OF AI IS TO AUGMENT HUMAN INTELLIGENCE
The purpose of AI and cognitive systems developed and applied by IBM is to augment – not replace – human intelligence. Our technology is and will be designed to enhance and extend human capability and potential. At IBM, we believe AI should make ALL of us better at our jobs, and that the benefits of the AI era should touch the many, not just the elite few. To that end, we are investing in initiatives to help the global workforce gain the skills needed to work in partnership with these technologies.
Investing in skills for the era of man + machine
- IBM does not believe taxing automation or penalizing innovation is an effective substitute for investing in the workforce of the future.
- IBM is working with policymakers to modernize education systems to emphasize in-demand skills rather than focusing solely on specific academic degrees.
- Better preparing more students and workers for modern careers, including well-paying new collar jobs, will help ensure that more people have an opportunity to benefit from technology-driven economic growth.
- IBM encourages governments to:
- Better align education with in-demand skills and competencies;
- Support business investment in retraining employees; and
- Encourage individuals to invest in skills for career advancement.
DATA AND INSIGHTS BELONG TO THEIR CREATOR
IBM clients’ data is their data, and their insights are their insights. Client data and the insights produced on IBM’s cloud or from IBM’s AI are owned by IBM’s clients. We believe that government data policies should be fair and equitable and prioritize openness.
DATA AND INSIGHT OWNERSHIP
Clients are not required to relinquish rights to their data — nor the insights derived from that data — to have the benefits of IBM’s solutions and services.
Our commitments on data ownership
- IBM client agreements are transparent. We will not use client data unless they agree to such use and we will limit that use to the specific purposes clearly described in the agreement.
- IBM employs industry-leading security practices to safeguard data. This includes use of encryption, access control methodologies, and proprietary consent management modules which allow us to restrict access to authorized users and to de-identify data in accordance with applicable permissions.
IBM is fully committed to protecting the privacy of our clients’ data, which is fundamental in a data-driven society.
How we advance data privacy
- While there is no single approach to privacy, IBM complies with the data privacy laws in all countries and territories in which we operate.
- IBM was an early leader in developing and adopting the European Union (EU) Data Protection Code of Conduct for Cloud Service Providers for several offerings, securing certification under the U.S.-EU Privacy Shield and the APEC Cross-Border Privacy Rules, and established a comprehensive compliance framework to ensure GDPR compliance for all IBM products and services.
- IBM will advocate for strong and innovative means to enhance privacy and data protection, and will continue to invest in privacy-enhancing technologies.
- IBM supports global cooperation to facilitate mutual recognition of privacy regimes to enhance and facilitate cross-border data flows.
IBM is devoting our powerful engines of innovation to create tools to protect our clients, their data and global trade from cyber threats. We are also convening a broader discussion on balancing security, privacy and freedom.
Protecting encryption and preventing 3rd party data access
- IBM opposes any effort to weaken or limit the effectiveness of commercial encryption technologies that are essential to modern business.
- IBM does not put ‘backdoors’ in its products for any government agency, nor do we provide source code or encryption keys to any government agency for the purpose of accessing client data.
- In response to the global data breach epidemic, IBM will continue to develop new technologies to enhance the protection of our clients’ data and transactions, which are the foundation of the worldwide digital economy.
- IBM supports the use of internationally-accepted encryption standards and algorithms, rather than those mandated by individual governments.
Advancing cybersecurity innovation and standards
- IBM employs industry-leading security practices and technologies to safeguard data and is at the forefront of applying artificial intelligence capabilities to stay one step ahead of emerging digital threats.
- IBM believes in public-private partnerships to raise cybersecurity awareness and tackle current and future threats to data security. The most effective approach involves voluntary, industry best practices and flexible risk management, such as the NIST Cybersecurity Framework.
- IBM also supports voluntary, real-time sharing of actionable cyber threat information between government, business and academia to collaboratively prevent and mitigate attacks.
- We believe that securing the Internet of Things – including all data, communications and processing associated with those systems – can only be achieved if their designs put data security and privacy first.
GOVERNMENT ACCESS TO DATA
IBM has not provided client data to any government agency under any surveillance program involving bulk collection of content or metadata.
Following the law, protecting client data
- In general, if a government wants access to data held by IBM on behalf of an enterprise client, we would expect that government to deal directly with that client.
- We do not provide access to client data stored outside the lawful jurisdiction of any government requesting such data, unless the request is made through internationally recognized legal channels such as mutual legal assistance treaties (MLATs).
- If we receive a request for enterprise client data that does not follow processes in accordance with local law, we will take appropriate steps to challenge the request through judicial action or other means.
- If we receive a government request for enterprise client data that includes a gag order prohibiting us from notifying that client, we will take appropriate steps to challenge the gag order through judicial action or other means.
- We will continue to work closely with governments and clients to balance the protection of data with law enforcement’s obligation to conduct lawful investigations of criminal activity.
- IBM supports measures to increase the transparency, oversight and appropriate judicial review of government requests for data, including modernized international agreements on legal assistance.
- Read the letter to our clients about government access to data.
CROSS-BORDER DATA FLOWS
IBM views the free movement of data across borders as essential to 21st century commerce.
Stances we take to grow the digital economy
- IBM supports digital trade agreements that enable and facilitate the cross-border flow of data and that limit data localization requirements.
- We believe clients, not governments, should determine where their data is stored and how it is processed. Mandating that data be kept or processed within national boundaries does not make it safer from hackers or cyber criminals.
- IBM is making significant investments in cloud data centers around the world to give clients the flexibility to decide where to store and process their data. These decisions generally should be driven by client choice rather than government mandate.
NEW TECHNOLOGY, INCLUDING AI SYSTEMS, MUST BE TRANSPARENT AND EXPLAINABLE
For the public to trust AI, it must be transparent. Technology companies must be clear about who trains their AI systems, what data was used in that training and, most importantly, what went into their algorithm’s recommendations. If we are to use AI to help make important decisions, it must be explainable.
IBM will make clear:
- When and for what purposes AI is being applied in the cognitive solutions we develop and deploy.
- The major sources of data and expertise that inform the insights of cognitive solutions, as well as the methods used to train those systems and solutions.
- That while bias can never be fully eliminated, and our work to eliminate it will never be complete, we and all companies advancing AI have an obligation to address it proactively. We therefore continually test our systems and find new data sets to better align their output with human values and expectations.
- The principle that clients own their own business models and intellectual property and that they can use AI and cognitive systems to enhance the advantages they have built. We will work with our clients to protect their data and insights, and will encourage our clients, partners and industry colleagues to adopt similar practices.
- Our firm support for transparency and data governance policies that will ensure people understand how an AI system came to a conclusion or recommendation.