Data Responsibility

A Letter to Our Clients About Government Access to Data

Share this post:

To Our Clients:

For decades, clients around the world have trusted IBM with their data. We believe we have earned that trust.

In view of the wide range of proposed government regulations around the world related to the handling and treatment of data, clients have asked us questions about their data – how best to secure it, where to locate it, and how we would respond should governments request access.

This is also a matter of interest to our employees, our partners, and our shareholders. Given the global discussion about data security and privacy, we wanted to communicate our view on these issues.

At the outset, we think it is important for IBM to clearly state some simple facts:

  • IBM has not provided client data to the National Security Agency (NSA) or any other government agency under the program known as PRISM.
  • IBM has not provided client data to the NSA or any other government agency under any surveillance program involving the bulk collection of content or metadata.
  • IBM has not provided client data stored outside the United States to the U.S. government under a national security order, such as a FISA order or a National Security Letter.
  • IBM does not put “backdoors” in its products for the NSA or any other government agency, nor does IBM provide software source code or encryption keys to the NSA or any other government agency for the purpose of accessing client data.
  • IBM has and will continue to comply with the local laws, including data privacy laws, in all countries in which it operates.

IBM is fundamentally an enterprise company, meaning our customers are typically other companies and organizations rather than individual consumers. We serve some of the world’s most successful global corporations, helping them achieve their business goals.

Our business model sets us apart from many of the companies that have been associated with the surveillance programs that have been disclosed. Unlike those companies, IBM’s primary business does not involve providing telephone or Internet-based communication services to the general public. Rather, because the vast majority of our customers are other companies and organizations, we deal mainly with business data. Our client relationships are governed by contract, with clear roles and responsibilities assigned and clearly understood by all parties. To the extent our clients provide us access within their infrastructure to the type of individual communications that reportedly have been the target of the disclosed intelligence programs, such information belongs to our clients.

For these reasons, it has long been our (and our clients’) expectation that if a government did have an interest in our clients’ data, the government would approach that client, not IBM.

Our Commitment to Clients and Recommendations to Governments

We understand that clients are concerned about the security and privacy of their data. Therefore, we want to offer the following assurances:

  • In general, if a government wants access to data held by IBM on behalf of an enterprise client, we would expect that government to deal directly with that client.
  • If the U.S. government were to serve a national security order on IBM to obtain data from an enterprise client and impose a gag order that prohibits IBM from notifying that client, IBM will take appropriate steps to challenge the gag order through judicial action or other means.
  • For enterprise clients’ data stored outside of the United States, IBM believes that any U.S. government effort to obtain such data should go through internationally recognized legal channels, such as requests for assistance under international treaties.
  • If the U.S. government instead were to serve a national security order on IBM to obtain data stored outside the United States from an enterprise client, IBM will take appropriate steps to challenge the order through judicial action or other means.
  • IBM will continue to invest in world-class security technologies and services, and we will engage governments around the world on behalf of sensible, market-led policies that enable the free flow of data while promoting strong security. IBM will also continue its decades-long tradition of privacy leadership.

Governments must act to restore trust. IBM believes governments should take the following actions:

  • Governments should reject short-sighted policies, such as data localization requirements, that do little to improve security but distort markets and lend themselves to protectionist tendencies.
  • Governments should not subvert commercial technologies, such as encryption, that are intended to protect business data.
  • The U.S. government should have a robust debate on surveillance reforms, including new transparency provisions that would allow the public to better understand the scope of intelligence programs and the data collected.

Conclusion

Technology often challenges us as a society. This is one instance in which both business and government must respond. Data is the next great natural resource, with the potential to improve lives and transform institutions for the better. However, establishing and maintaining the public’s trust in new technologies is essential.

IBM is committed to being a responsible participant in this discussion and a strong advocate for our clients.

IBM Senior Vice President, Legal and Regulatory Affairs, and General Counsel

More Data Responsibility stories

IBM Named One of the World’s Most Ethical Companies of 2020

IBM today was named one of the World’s Most Ethical Companies for the second year in a row by the Ethisphere Institute, an organization devoted to defining and advancing the standards of ethical business practices across the globe. The list distinguishes companies that influence the business community and societies around the world in order to […]

Continue reading

Digital Transformation & ERP: Why Enterprises Need to Modernize Now

Building a cognitive enterprise – one that can respond immediately and intelligently to streams of real-time data – requires agility across the information backbone. For many, that backbone is the enterprise resource planning (ERP) system, that connects all operations, from sales and customer management, to inventory and finance. It’s one of the reasons SAP, the […]

Continue reading

How Consumer Data, Insights Can Aid Players in the Video Streaming Wars

Video streaming has been around for years, but the technology has advanced to the point now that it’s about to shake up a decades-old business model to its foundation and disrupt long-established players in film and television. Let the video streaming wars begin. For more than 50 years, studios have operated a lucrative B2B content […]

Continue reading