Data Responsibility

A Letter to Our Clients About Government Access to Data

Share this post:

To Our Clients:

For decades, clients around the world have trusted IBM with their data. We believe we have earned that trust.

In view of the wide range of proposed government regulations around the world related to the handling and treatment of data, clients have asked us questions about their data – how best to secure it, where to locate it, and how we would respond should governments request access.

This is also a matter of interest to our employees, our partners, and our shareholders. Given the global discussion about data security and privacy, we wanted to communicate our view on these issues.

At the outset, we think it is important for IBM to clearly state some simple facts:

  • IBM has not provided client data to the National Security Agency (NSA) or any other government agency under the program known as PRISM.
  • IBM has not provided client data to the NSA or any other government agency under any surveillance program involving the bulk collection of content or metadata.
  • IBM has not provided client data stored outside the United States to the U.S. government under a national security order, such as a FISA order or a National Security Letter.
  • IBM does not put “backdoors” in its products for the NSA or any other government agency, nor does IBM provide software source code or encryption keys to the NSA or any other government agency for the purpose of accessing client data.
  • IBM has and will continue to comply with the local laws, including data privacy laws, in all countries in which it operates.

IBM is fundamentally an enterprise company, meaning our customers are typically other companies and organizations rather than individual consumers. We serve some of the world’s most successful global corporations, helping them achieve their business goals.

Our business model sets us apart from many of the companies that have been associated with the surveillance programs that have been disclosed. Unlike those companies, IBM’s primary business does not involve providing telephone or Internet-based communication services to the general public. Rather, because the vast majority of our customers are other companies and organizations, we deal mainly with business data. Our client relationships are governed by contract, with clear roles and responsibilities assigned and clearly understood by all parties. To the extent our clients provide us access within their infrastructure to the type of individual communications that reportedly have been the target of the disclosed intelligence programs, such information belongs to our clients.

For these reasons, it has long been our (and our clients’) expectation that if a government did have an interest in our clients’ data, the government would approach that client, not IBM.

Our Commitment to Clients and Recommendations to Governments

We understand that clients are concerned about the security and privacy of their data. Therefore, we want to offer the following assurances:

  • In general, if a government wants access to data held by IBM on behalf of an enterprise client, we would expect that government to deal directly with that client.
  • If the U.S. government were to serve a national security order on IBM to obtain data from an enterprise client and impose a gag order that prohibits IBM from notifying that client, IBM will take appropriate steps to challenge the gag order through judicial action or other means.
  • For enterprise clients’ data stored outside of the United States, IBM believes that any U.S. government effort to obtain such data should go through internationally recognized legal channels, such as requests for assistance under international treaties.
  • If the U.S. government instead were to serve a national security order on IBM to obtain data stored outside the United States from an enterprise client, IBM will take appropriate steps to challenge the order through judicial action or other means.
  • IBM will continue to invest in world-class security technologies and services, and we will engage governments around the world on behalf of sensible, market-led policies that enable the free flow of data while promoting strong security. IBM will also continue its decades-long tradition of privacy leadership.

Governments must act to restore trust. IBM believes governments should take the following actions:

  • Governments should reject short-sighted policies, such as data localization requirements, that do little to improve security but distort markets and lend themselves to protectionist tendencies.
  • Governments should not subvert commercial technologies, such as encryption, that are intended to protect business data.
  • The U.S. government should have a robust debate on surveillance reforms, including new transparency provisions that would allow the public to better understand the scope of intelligence programs and the data collected.

Conclusion

Technology often challenges us as a society. This is one instance in which both business and government must respond. Data is the next great natural resource, with the potential to improve lives and transform institutions for the better. However, establishing and maintaining the public’s trust in new technologies is essential.

IBM is committed to being a responsible participant in this discussion and a strong advocate for our clients.

IBM Senior Vice President, Legal and Regulatory Affairs, and General Counsel

More Data Responsibility stories

Cybersecurity Awareness Month: Championing a Culture of Security

October is Cybersecurity Awareness Month in many places around the world – so it is a great time to reinforce the importance of championing a culture of security, both inside IBM, and with our clients worldwide. Supporting smart habits in the workplace can go a long way in preventing cyber incidents that might lead to […]

Continue reading

IBM Watson: Reflections and Projections

AI has gone through many cycles since we first coined the term “machine learning” in 1959. Our latest resurgence began in 2011 when we put Watson on national television to play Jeopardy! against humans. This became a cornerstone event, demonstrating that we had something unique. And we saw early success, putting Watson to work on […]

Continue reading

PMI Ranks Watson One of the Top 50 Projects of Last 50 Years

In celebration of its 50th anniversary, the Project Management Institute (PMI) has announced a first-of-its-kind ranking: the 50 Most Influential Projects of the Past 50 Years. This list, which spans notable and influential projects across decades, industries, disciplines and locations, represents PMI’s vision of how project work can turn ideas into reality and help change […]

Continue reading