Robert Weber, IBM’s senior vice president for legal and regulatory affairs, wrote a blog post in response to customer questions about the security of their data and how the company would react in response to government requests for bulk data.
Weber said that IBM does not provide any client data to the National Security Agency under the PRISM program. It said that there were no "backdoors" within their products that would give the government or snooping agencies access to software source code or encryption keys enabling access to client data.
IBM's response to such a request, under the Foreign Intelligence Surveillance Act or a National Security Letter, would be to ask the government to directly contact the respective company. And if the government persisted with such orders and a “gag order” was issued prohibiting it from discussing the order with the client, the company would challenge the gag thought legal means.
For enterprise clients storing data outside the U.S., Weber said that the government will have to "go through internationally recognized legal channels, such as requests for assistance under international treaties.” He added the company would again challenge any strong-arm tactics by the government.
On the policy front, IBM felt that data localization requirements by governments were "short-sighted policies" and that they will do nothing to improve security and only perpetuate an air of protectionism. Also, that governments should not interfere with commercial technologies, such as encryption, that are intended to protect business data.
Other technology companies have taken steps to reassure their customers of data security in the wake of revelations made by Edward Snowden last summer about the NSA's bulk data snooping programs. Microsoft told business and government customers worldwide in December that it is committed to informing them of legal orders related to their data, and will fight gag orders in court.
Yahoo and Google have also announced strengthening encryption of their services.