Technology giant IBM hasn't given the U.S. National Security Agency access to any client data and would challenge any surveillance-related gag orders imposed by the government, a top company executive wrote in an open letter to clients Friday. The world's largest technology services company also says it hasn't put "backdoors" in any of its products or provided the NSA with encryption keys that would allow the agency to access client data, according to Robert C. Weber, IBM General Counsel and Senior Vice President for legal and regulatory affairs.
IBM's letter, which is clearly designed to reassure clients who have been spooked by recent revelations about the role of major technology companies in U.S. surveillance programs, is Big Blue's most detailed public statement following disclosures supplied by former NSA contractor Edward Snowden. Industry experts estimate that the NSA revelations could cost top U.S. tech companies billions of dollars over the next several years if international clients take their business elsewhere. Over half of IBM's revenue comes from clients outside the U.S.
"The U.S. government should have a robust debate on surveillance reforms, including new transparency provisions that would allow the public to better understand the scope of intelligence programs and the data collected," Weber wrote, adding that governments "should not subvert commercial technologies, such as encryption, that are intended to protect business data."
In the letter, Weber wrote that IBM has not provided client data to the NSA or any other government agency under the program known as PRISM, nor has the company provided such data under any surveillance program involving the bulk collection of content or metadata. The NSA has used the PRISM program to examine data — including e-mails, videos and online chats — via requests made under the Foreign Intelligence Surveillance Act (FISA), according to documents leaked by Snowden.
Weber goes on to write that IBM has not provided client data stored outside the U.S. government under a national security order, such as a FISA order or a National Security Letter, nor has the company put "backdoors" in its products or provided software source code or encryption keys to the NSA or any other government agency for the purpose of accessing client data.
In the letter, IBM sought to distance itself from other major tech and telecom companies that were named in the Snowden documents, and said that its expectation is that if a government did have an interest in its clients’ data, the government would approach that client, not IBM.
"Our business model sets us apart from many of the companies that have been associated with the surveillance programs that have been disclosed," Weber wrote. "Unlike those companies, IBM’s primary business does not involve providing telephone or Internet-based communication services to the general public. Rather, because the vast majority of our customers are other companies and organizations, we deal mainly with business data."
Weber wrote that if the U.S. government were to serve a national security order on IBM to obtain data from a client and impose a gag order that prohibits IBM from notifying that client -- as the government as done with respect to user data received from big Internet companies like Google, Yahoo and Facebook -- IBM would take "appropriate steps to challenge the gag order through judicial action or other means." The same goes for any national security order seeking to obtain client data stored outside the U.S., Weber wrote.
"Governments must act to restore trust," Weber wrote. "Technology often challenges us as a society. This is one instance in which both business and government must respond. Data is the next great natural resource, with the potential to improve lives and transform institutions for the better. However, establishing and maintaining the public’s trust in new technologies is essential."