IBM said it has not provided client data to the U.S. National Security Agency or any other government agency under surveillance programs involving the bulk collection of content or metadata.
The enterprise-focused company is the latest among U.S. tech companies to distance itself from NSA surveillance, which has raised concerns among customers worldwide about the safety of their data from U.S. government spying.
[ Also on InfoWorld: The great escape: How the NSA is driving companies out of U.S. clouds. | Get the skinny on the state of the cloud with InfoWorld's "Cloud Computing Deep Dive" special report. | Stay up on the cloud with InfoWorld's Cloud Computing Report newsletter. ]
The U.S. cloud computing industry could lose $22 billion to $35 billion of its foreign market over the next three years to competitors abroad as a result of the revelations of the NSA programs, think tank Information Technology & Innovation Foundation said in August.
Some nations like Brazil have also considered asking service providers to hold data within the country, a move that some Internet companies like Google have described as potentially fragmenting the Internet.
In a letter to customers Friday, IBM said it had not provided client data stored outside the U.S. to the U.S. government under a national security order, such as an order under the Foreign Intelligence Surveillance Act or a National Security Letter.
Former NSA contractor, Edward Snowden, claimed through disclosures to newspapers that a number of Internet companies were providing real-time access to content on their servers to the NSA under a program called Prism, which the companies denied. The agency also had secretly broken into the main communications that connect the data centers of Google and Yahoo around the world, according to reports.
IBM denied providing client data to the NSA or any other government agency under Prism. It said it does not have "backdoors" in its products or provide software source code or encryption keys to the NSA or any other government agency for accessing client data.
In a series of commitments to its customers, Robert C. Weber, (IBM's senior vice president for legal and regulatory affairs, and general counsel wrote in the letter, which was also posted online, that "in general, if a government wants access to data held by IBM on behalf of an enterprise client, we would expect that government to deal directly with that client."
But if served by the U.S. a national security order for data from an enterprise client and a "gag order" prohibiting it from discussing the order with the client, the company promises to challenge the gag order through legal and other means, it said.
For enterprise clients' data stored outside the U.S., IBM holds that any U.S. government effort to obtain such data "should go through internationally recognized legal channels, such as requests for assistance under international treaties." It would challenge through legal and other means a U.S. government order for access to data of enterprise clients stored outside the country, it added.