"In view of the wide range of proposed government regulations around the world related to the handling and treatment of data, clients have asked us questions about their data – how best to secure it, where to locate it, and how we would respond should governments request access," Robert C. Weber, IBM senior VP of legal and regulatory affairs, and general counsel, noted in a blog post on Friday.
"This is also a matter of interest to our employees, our partners, and our shareholders. Given the global discussion about data security and privacy, we wanted to communicate our view on these issues."
He stated that IBM has not given out client data to the NSA or any other government agency, whether via PRISM or any other surveillance and data collection program; that they have not provided client data stored outside the United States to the US government under any national security order; that they do not put backdoors in their products on behalf of any government agency, nor do they provide software source code or encryption keys to them in order for them to be able to access client data; and that they comply with local laws - including privacy laws - in all the countries in which the company operates.
Noting that most of its clients are companies and organizations, he pointed out that if a government wants access to data held by IBM on behalf of an enterprise client, they would expect that government to deal directly with that client.
"For enterprise clients’ data stored outside of the United States, IBM believes that any US government effort to obtain such data should go through internationally recognized legal channels," he said, and added that if the company is ever served with a national security order that orders them to provide customer data, they would challenge it and an eventual gag order in court.
Finally, he shared that the company is of the opinion that governments should not subvert commercial technologies that are intended to protect business data, and that they should think about revoking "short-sighted policies such as data localization requirements." He also added that the US government should open up the debate on surveillance reforms and give the public more insight into the various data and intelligence collection programs it runs, in order to gain the public's trust.