IBM said on Friday that they've given nothing to the NSA under the PRISM program, and that governments need to clean-up their act. The letter has odd timing. While IBM is a workhorse, and certainly one of the world’s largest IT firms, there hasn’t been much mention of them with regard to the NSA’s expansive surveillance programs. However, that didn’t stop their top lawyer from offering a soothing letter of assurance to the public, and more importantly, their existing and potential customer base. “Our business model sets us apart from many of the companies that have been associated with the surveillance programs that have been disclosed. Unlike those companies, IBM’s primary business does not involve providing telephone or Internet-based communication services to the general public. Rather, because the vast majority of our customers are other companies and organizations, we deal mainly with business data. “Our client relationships are governed by contract, with clear roles and responsibilities assigned and clearly understood by all parties. To the extent our clients provide us access within their infrastructure to the type of individual communications that reportedly have been the target of the disclosed intelligence programs, such information belongs to our clients.” Among the facts presented in the letter, IBM has not given any client data to the NSA, or any other government agency for that matter, “under any surveillance program involving the bulk collection of content or metadata.” Likewise, none of the data related to clients outside of the U.S. has been given to the government under a national security letter (NSL) or FISA order. The subject of backdoors was raised as well, to which Big Blue says that no such thing exists in their products. So what happens if IBM does see such requests? “In general, if a government wants access to data held by IBM on behalf of an enterprise client, we would expect that government to deal directly with that client… “For enterprise clients’ data stored outside of the United States, IBM believes that any U.S. government effort to obtain such data should go through internationally recognized legal channels, such as requests for assistance under international treaties.” Big Blue also said that if the government presented a NSL or FISA request, including gag orders, the company would fight it though all available means. Furthermore, Weber wrote that governments shouldn’t subvert commercial technologies, such as encryption, “that are intended to protect business data.” “The U.S. government should have a robust debate on surveillance reforms, including new transparency provisions that would allow the public to better understand the scope of intelligence programs and the data collected.” Header Image: Kansir/Flickr Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe