Feeds

back to article IBM: We gave NOTHING to the NSA, stateside or elsewhere

IBM has become the latest of the tech giants to deny handing over customer data to the NSA's PRISM program. In this open letter, Big Blue's general counsel Robert Weber (also senior veep for legal and regulatory affairs) gives the “no way” message to the world at large. Specifically, Weber writes that IBM did not provide “ …

COMMENTS

This topic is closed for new posts.
Silver badge

Reform?

From El Reg: " to El Reg strikes a discord: if Uncle Sam never actually got the data David Snowden asserts it has accessed (at least from IBM), where's the need for reform? "

I take it you either believe all the releases might be a smokescreen or IBM is shoveling cow droppings? I tend to believe the latter since IBM has always had a relationship with security and defense interests in the US.. read that as "made a profit from them".

4
1
Gold badge

Re: Reform?

Nor, I should point out, does IBM have a history of scruples when it comes to customer selection. In fact, of all the vendors out there, I would most easily believe that the devices used to remove the presumption of innocence from billions of individuals were manufactured by IBM. Of course, I've no proof of that, but they would be the logical supplier to me.

4
3
Anonymous Coward

Re: Reform?

I fear you may both be the victim of successful diversion tactics (no matter, so is the author).

What you forget is that intercept is not the sole province of the NSA - the whole acronym soup can participate, and that LEGALLY SUPPORTED. I predicted that 2014 would be the year of privacy spin - here is another example. I don't care two pennies about IBM claiming they never provided data to the NSA - I note wit interest that being specific nicely excludes all the other agencies..

0
1
Gold badge

Re: Reform?

Other agencies have to get a warrant. The NSA does not*. This is the primary difference. Warrant = presumption of innocence preserved. No warrant = Spookocracy.

*warrants from secret courts operating with zero oversight overseeing secret laws issuing secret letters of demand are not counted as "warrants" for the purpose of hte preservation of the presumption of innocence.

0
1
Anonymous Coward

Re: Reform?

Other agencies have to get a warrant.

Actually, thats not always the case, which is one of the key problems in the US.

0
0
Bronze badge

Translation

Give us your money because saying we're trustworthy makes it so. And we don't want to spend any of it to store your data in your country.

6
1
Bronze badge

It's what a witch would say

As brighter minds have pointed, trust is the biggest casualty in this whole surveillance debacle. Even if IBM et al swear they're clean, there's always the feeling that's just what they'd say either way. When lying is a standard business practice, how do honest (or at any rate, uninvolved) companies prove themselves in the eyes of customers?

12
1

Re: It's what a witch would say

Its not just that they may want to lie but legally they may have to. Current US law means no one can be trusted to tell the truth which is bad news for everyone, mainly the consumers but all parties suffer.

4
1
Anonymous Coward

Re: It's what a witch would say

Several problems with this:

1. It is a variation of the lyar's paradox. If IBM has ever had a National Security Letter it will be obliged to lie that it has never had it.

2. IBM supposedly operates cloud on behalf of customers including foreign entities. If it never had a national security letter this means that its own claims of cloud prowess are highly overrated. After all everyone and their dog has had one.

3
1
Silver badge

Uh-huh

"We gave NOTHING to the NSA, stateside or elsewhere"

"We just pretended they weren't here while they were tapping everything, since we're not allowed to talk about it."

6
1
Bronze badge

We gave them nothing,

But we do have an employee called Nigel Stephen Andrews, who has unfettered access to all of our systems and records.

1
1

David?

Is David Snowden related to Edward?

7
0
Anonymous Coward

Re: David?

Maybe he's using "David" as a nom-de plume in the hopes that it'll make it harder for the NSA to know whether they've got the 'right Snowden'.

1
0
Anonymous Coward

Didn't give them anything

They just took it for themselves.

3
1
Anonymous Coward

I just bought an IBM server blade for forensic experimentation

16 cores, 92GB ram - now I'll start to probe the Built-In-Lights-Out management mini-pc & everything else we can think of and see if there's anything covert going on, (we've already had a tailored-access-modified HP server delivered a couple of years ago - so are definitely a target of economic/scientific interest)

The IBM can go and live in our shiny new double-anechoic tent (the Shamir-zone) whilst we see what it's doing ...

...as for IBM hardware that's remotely located in some far away US Cloud, we have no suspicions that all our data is being leaked/profiled/analysed - just because they can. Surely we can believe large USAian enterprises!

3
0
Bronze badge

Re: I just bought an IBM server blade for forensic experimentation

Interested to hear how you intend to profile what the CIM jobbie is upto. Obviously you can watch its net traffic which would be fun up to a point.

Just in case anyone reading here has never thought about it: iLOs (HP) DRAC (Dell) etc etc are able to do things like checkpoint their host and read the RAM contents without the host or its OS being any the wiser that anything is happening.

Read this http://fish2.com/ipmi/itrain.pdf for a more involved write up on these things. It's quite long and a bit idiosyncratic but a good wake up call for any sysadmin who might not have even bothered with a VLAN or two for them.

1
0
Silver badge
Facepalm

Re: AC Re: I just bought an IBM server blade for forensic experimentation

Why? Will IBM even be making blades for much longer? Maybe you should have tested a Lenovo one instead?

0
0

NSA is National Security Agency of the USA only not of the whole world. Why NSA thinks that it is an authoritative body which has a rule all over and can control the data of any one. It should stop thinking in this way and accepts that it is their own employees which leaked the secrets. Freedom rights to every person must be abided by the agency.

3
1

It's not that we don't trust *you*, IBM...

...the problem is, planet earth doesn't trust *your* government. As we know, your government permits the NSA to come to you and order you to hand over just whatever the hell it wants. Further more, we all know that the NSA has the legal powers to prevent you, IBM, from disclosing the fact that you have:

a) been approached by the NSA

b) actually handed over any data

In fact, the NSA could have requested data, and you may have indeed declined, and you would still be legally prevented from disclosing that fact.

And for all those reasons, dear, beloved, IBM, it's a "thanks, but no thanks".

2
1
Anonymous Coward

I always find these denials interesting, especially from government where they are quite specific in what they have not done, yet leave what they have done in the shadows.

The NSA says they didn't infect millions of PC's with malware, which means it could be 100,000, 500,000, or up to 1.9 million PC's and they are still telling the "truth".

Any government department that goes rogue, lies to the people, Congress, or indeed any civilian oversight should be slapped down with the harshest of jail terms by the courts. The men who run those departments should face the full fury of the law when they exceed their mandates. Anything less, encourages tyranny.

2
1
Gold badge
Unhappy

While THE PATRIOT Act exists he *would" say that.

Even if it was lying through his teeth.

0
1
Silver badge

Re: While THE PATRIOT Act exists he *would" say that.

Whether it's true or not, if he failed to take a (legal) action on something that was affecting the company's bottom line; then he'd be opening himself up to a sueball from the shareholders.

Lying glibly isn't illegal. Especially if you have orders requiring you to lie.

0
0
Anonymous Coward

Re: While THE PATRIOT Act exists he *would" say that.

Lying glibly isn't illegal. Especially if you have orders requiring you to lie.

Many Germans tried a variation of that excuse at Nuremberg... it didn't wash then either.

2
0
Anonymous Coward

just not enough

Sorry, IBM, but because of your government's behaviour I'm not inclined to trust you just because of a press release.

2
1
Silver badge

Disgusted

So the preferred supplier of data processing equipment to the Third Reich refused to help the noble NSA in defending freedom, democracy and Apple pie from the evil terrorists?

4
0
Bronze badge

IBM and NSA secrets

Given IBM's history, including the design of DES - where it emerged, decades later, that the S-box values had been carefully chosen for resistance to differential cryptanalysis, which IBM and the NSA were keeping a closely guarded secret at the time - it's not exactly far-fetched to think IBM might be doing things covertly now as well. Indeed, to assert IBM hasn't done secret things with NSA would be a flat-out lie (they've worked together on classified projects for decades); the only question is if and how much this impacts IBM's other customers. (For that matter, Google employs people with high security clearance, like many high-tech US companies - and of course what they do is secret, so they can't actually tell us whether it infringes our privacy or not...)

David Snowden did actually work for IBM, though I suspect the article's supposed to be referring to the more famous Edward J Snowden currently living in Russia.

3
0
Bronze badge

Re:David?

Perhaps he is following the traditional route and is in a state of transition on his way to becoming Davina ( See Chelsea WoManning).

0
0
Silver badge

In other words, one of the USAs biggest hardware-slingers is getting a spanking due to the NSAs shenanigans. Possibly time for some lobbying or something to bring them to heel? Even though IBM do have form with undue cooperation with temporal authorities *cough* 1940s census *cough*; the basic claim that they just punt kit out seems plausible enough. The bit I found interesting was this:

"IBM does not put “backdoors” in its products for the NSA or any other government agency, nor does IBM provide software source code or encryption keys to the NSA or any other government agency for the purpose of accessing client data."

Why the scare quotes round "backdoors"? Do they call them something else internally in IBM (NSA-holes would be my favourite). Could they technically not be called backdoors because they're always located on the top of the board?

2
1
Anonymous Coward

Why the scare quotes round "backdoors"? Do they call them something else internally in IBM

I'm plumping for them calling such backdoors "features".

1
0
Gold badge
Joke

IBM: "We gave NSA *nothing* "

We charged them through the nose like we do all our customers.

2
1
Anonymous Coward

Like, totally believable - NOT

That's what they're expected to say.

1
0

FISA in the USA...

IBM's comment needs to cover all FISA warrants (that is what you are talking about here), that would be key. The proceedings of FISA are often top-secret and are reviewed by the Chief Justice of the Supreme Court (who appoints and fires these judges).

Edward Snowden has certainly gained notoriety for exposing the broad warrant granted to the NSA for disclosure of Verizon call-metadata (but not the calls themselves). It was amazing because FISA was used to 'go fishing' with otherwise-not-suspects people, both Americans and non-Americans.

EVERYONE wants to deny that they are complying with FISA Warrants, but they would risk TREMENDOUS HARM if it eventually came out that they lied about complying.

Given the recent penchant for disclosure of these types, I wonder if IBM would openly lie about FISA warrants. There are about 2000 of them every year, though.

0
0
Bronze badge

Localization apparently actually accomplished and accomplishes quite a bit then.

"Governments should reject short-sighted policies, such as data localization requirements, that do little to improve security but distort markets and lend themselves to protectionist tendencies."

"Do little" he says.

[I added the numbering below.]

"1. IBM has not provided client data to the National Security Agency (NSA) or any other government agency under the program known as PRISM.

2. IBM has not provided client data to the NSA or any other government agency under any surveillance program involving the bulk collection of content or metadata.

3. IBM has not provided client data stored outside the United States to the U.S. government under a national security order, such as a FISA order or a National Security Letter."

Analysis:

1. Denial only covers PRISM.

2. Denial only covers bulk collection.

3. Denial only covers data that was localized to a foreign country.

In other words what US law forces IBM to do is results in a privacy benefit to foreign governments, foreign companies and foreign private citizens who localize their country's data within their own country, or at least localized anywhere but the USA.

Localization apparently actually accomplished and accomplishes quite a bit then.

Probably the only downside of localization is that it hurts the bottom line of large multinational storage and cloud providers.

0
0
Bronze badge

How does data get to IBM?

IBM would not have to turn over data from foreign governments, companies and individuals to the NSA if the NSA intercepted that data on its way from overseas to IBM USA or when it traveled between IBM facilities over US owned or US controlled networks.

So even if IBM issued a broad statement and was truthful, the issue still stands that the data is passing through the USA or US controlled networks, and so IBM cannot assure anyone that that data is not being intercepted during that transmission.

Part of the solution is for foreign governments, companies and individuals to keep their data in their own country (or the EU) so their own country's human rights laws and privacy legislation can protect it.

It is not IBM's sole responsibility that its government does not recognize the ordinary citizens of long-time allies as human beings with human rights, but that is how it is. IBM has to live with that fact until it can convince its government that treating the rest of the world's population as untermenschen is bad for business.

0
0
Anonymous Coward

Bruce Schneier has a bone to pick with IBM, and rightly so:

https://www.schneier.com/blog/archives/2014/03/an_open_letter_.html

0
0
This topic is closed for new posts.