Hacker News new | comments | ask | show | jobs | submit login

How is it that IBM would gain business? They are still an American company which makes them equally susceptible to this form of data theft. I can't see handing my data over to IBM any more than I would Facebook or Amazon. Surely the article could have picked a better example.

IBM could make their products verifiably secure. Open source client software. Web of trust. Making encryption the default. Any non-US competitor would have to do at least as much because NSA surveillance recognizes no borders. Against tier-1 state actors, everyone is on a level playing field. The question is, which nation's tech industry will be the first to decide that the only way to win is to not play the game?

Big Blue surely has clever enough lawyers to come up with a corporate structure that works here. They probably just need a foreign subsidiary in each country they want to do business in and have that subsidiary completely own and control its data centers. If you're a German company your data is and stays in Germany and would be subject to German law (which according to Snowden may not mean a much for privacy).

I wish I could find the HN comment from a few months back addressing the same idea. If I remember correctly there was consensus that the US govt has enough legal power over American corporations to force their hand with even independent international subsidiaries. As stated earlier, I wish I could find the previous thread covering this.

In many cases, IBM will sell you hardware and software. They will help you install and set it up, but at the end of the process you own your data. It's not on some 'cloud' controlled by IBM, it's on a rack of IBM-branded servers in your own datacenter or server closet. The software is almost invariably some version of Linux, so you can audit it for security.

Your question is like asking, "How can I trust that Western Digital won't turn over the data on my hard drive they sold me?"

I suppose it's possible future revelations will show that all major software and hardware packages supported by US firms contain legally-mandated secret backdoors, but we're not that far down the rabbit hole yet.

I've done business with IBM at a corporate level and I assure you that's not what's happening here. It's the clients whom are buying services from IBM saying "whoa, I'm using your services, but I don't want our data falling into the US govt's hands", that they are addressing. IBM is appeasing these clients by telling them they'll locate their data elsewhere, yet there's quite a bit of data attached to and flowing into those services.

In that case, I agree it's pretty pointless. IBM can still be subpoenaed (secretly, even) by the US government, and the NSA has been happy to work with partner agencies overseas to tap datacenter traffic in foreign jurisdictions.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact