September 16, 2014

IBM says no NSA backdoors in its products

SP-robert_weber-230x300In an open letter written published on the web, IBM has confirmed that it does not include any NSA “backdoors” in its products. The letter written by Robert C. Weber, an IBM Senior Vice President, is IBM’s latest assurance to its clients following the months of revelations about the US government’s spying activities. As a result of the documents leaked by Edward Snowden, various US technology companies have come under pressure to reveal if they have been working with the NSA.

The IBM letter states that the technology giant has not provided client data to the NSA or any other government agency. Specifically it states that:

  • IBM has not provided client data to the National Security Agency (NSA) or any other government agency under the program known as PRISM.
  • IBM has not provided client data to the NSA or any other government agency under any surveillance program involving the bulk collection of content or metadata.
  • IBM has not provided client data stored outside the United States to the U.S. government under a national security order, such as a FISA order or a National Security Letter.
  • IBM does not put “backdoors” in its products for the NSA or any other government agency, nor does IBM provide software source code or encryption keys to the NSA or any other government agency for the purpose of accessing client data.
  • IBM has and will continue to comply with the local laws, including data privacy laws, in all countries in which it operates.

“Given the global discussion about data security and privacy, we wanted to communicate our view on these issues,” wrote Weber. “It has long been our (and our clients’) expectation that if a government did have an interest in our clients’ data, the government would approach that client, not IBM.”

In reiterating its commitment to its customers, the letter states several times that IBM would challenge the any orders served on it by the NSA for data, stored inside or outside the USA, through judicial action or other means.

The letter also calls for the U.S. government to enter into a robust debate on surveillance reforms, including new transparency provisions that would allow the public to better understand the scope of intelligence programs and the data collected. It also goes on to say that no government should subvert commercial technologies, such as encryption, that are intended to protect business data.

IBM Buys Itself Some Network Security Intelligence

(LiveHacking.Com) – IBM is to buy Q1 Labs, a network security intelligence software developer creating a new division – the  IBM Security Systems division which will be led by the current CEO of Q1 Labs, Brendan Hannigan. The new division will also include IBM’s Tivoli, Rational and Information Management security software, appliances, lab offerings and services.

Q1 Labs’ flagship product is the QRadar Security Intelligence Platform which combines various network security functions, like SIEM, risk management, log management, network behavior analytics and security event management, into a single security solution.

According to IBM the new IBM Security Systems division will help its clients identify threats, detect insider fraud, predict business risk and address regulatory mandates. Three quarters of firms feel cyberattacks are hard to detect and their effectiveness would increase with end-to-end solutions, according to a recent industry report.

“Since perimeter defense alone is no longer capable of thwarting all threats, IBM is in a unique position to shift security thinking to an integrated, predictive approach,” said Brendan Hannigan, CEO of Q1 Labs. “Q1 Labs’ security analytics will add greater intelligence to IBM’s security portfolio and continue to distinguish IBM from competitors.”

IBM also plan to use Q1 Labs’ technology to create a common security platform for IBM’s software, hardware, services and research offerings.

“Realigning IBM’s security expertise in a new division with a greater focus on analytics is a bold step IBM is taking to help clients stay ahead of growing security threats,” said Robert LeBlanc, senior vice president, IBM Middleware Software. “By consolidating our global expertise, IBM clients will have access to the most comprehensive, insightful view of security across their people, data and infrastructure.”