- | 8:00 am
How IBM responded to the Snowden revelations with ‘good power’
IBM wasn’t connected to the U.S. government’s PRISM surveillance program. But when its existence leaked, the company had to react, writes former CEO Ginni Rometty.
I’d only been CEO of IBM for a year and a half when something happens that would change the nature of the global tech industry. In June 2013, an intelligence contractor named Edward Snowden leaks classified government documents to the Washington Post and the Guardian newspapers. The documents state that the U.S. government has been collecting data from several tech companies to track people potentially connected to terrorism. The surveillance program, called PRISM, conducts broad sweeps of internet traffic, making it possible for the private communications of American citizens to be collected and possibly viewed without a court order, amounting to warrantless surveillance.
When I first hear the news about PRISM, I’m surprised but not worried. IBM has no connection to it, and we aren’t among the companies named in the leaked documents.
This isn’t my problem, I think.
Then the phone starts ringing. Foreign governments are calling. They’re asking about their data on IBM systems—how we secure it, where we keep it, how we respond to government requests to access it, whether we are letting the U.S. government see it. We already have contracts ensuring that we don’t do this, but still they want to hear it from me. My erroneous assumption that IBM won’t get caught up in PRISM fallout swings to disbelief as we get inquiries from organizations we’ve worked with for years, sometimes decades, asking about the security of our systems, and questioning our intentions and integrity.
Months go by, and by early 2014, my team is debating what to do. We’re not at the center of this problem, so we could lay low and hope to stay out of the heat. Or we can go on the offensive and speak more publicly to try to differentiate ourselves. We pick the latter.
Whatever we say can’t be platitudes. We’ll only be taken seriously if what we put out is clear, concise, and of course true. Our head lawyer, Robert C. Weber, volunteers to write our beliefs and positions about data safety and security. We must be sure that whatever we write we can prove with evidence.
On March 14, 2014, IBM releases “A Letter to Our Clients About Government Access to Data.” It states that IBM has absolutely no connection to PRISM and does not put backdoors in its products or provide software source code or encryption keys to the NSA or any other government agency. Our clients appreciate and applaud the letter, but these won’t be our last words on the subject of privacy.
This good power principle—stewarding good tech—is about taking responsibility for the creation, application, and disruption of technology by making values-based decisions within a long-term context, addressing technology’s upsides and downsides, and considering all stakeholders.
Even businesses that are not tech companies, and even people who are not tech professionals, still use tech in some way. As consumers and users, we’re in positions to make choices about how we wield it, and how companies make and manage it.
I’ve thought a lot about this, especially during my years as IBM’s CEO. It was during that time that the world came to terms with harsh realities about the presence of technology in our lives. Important questions continued to be asked by consumers, businesses, and governments alike.
I believe society gives a business license to operate, and that license can get revoked if large swaths of society don’t trust that business. We vote with our dollars as well as our voices. I’m not the first to say this, of course, but it needs repeating. If society is to flourish in our digital age, people must believe technology will lead them to a brighter future, not a darker place.
Even before the 2013 Edward Snowden leaks revealed that the U.S. government was accessing servers at several tech companies to track people potentially connected to terrorism, a collective lack of attention to the consequences of tech was eroding confidence in it, fueling a brewing war between what I came to call “good tech” and “bad tech.” Good and bad tech refer to how companies are perceived, based on their behaviors in the digital era. Every organization has the potential to be considered good tech or bad tech, even those that do not make or sell tech. That’s because, today, every company uses tech in some way to go about their business. In short, every company is a tech company.
Technology that the world is unprepared for, that goes unchecked, or that falls into the wrong hands can also hurt societies by harming minors, advancing terrorism, jeopardizing democracies, and widening socioeconomic divides. We must make trade-offs between enjoying tech’s convenience and freedoms, and protecting the privacy, security, and well-being of ourselves and others.
I consider this the muscle of good power because it takes strength to do what’s right for the long term, and to speak out and advocate for others. And like other good power principles, stewarding good tech requires dealing with explicit tensions. Weighing short-term rewards versus long-term ripple effects. Advancing upsides while publicly dealing with the downsides. Addressing self-regulations as well as government regulations. And not abandoning a greater purpose in the pursuit of personal gain or corporate profits.
As time went on, I would be asked for IBM’s position on myriad of related topics. I always tried to ground those positions in our values, and I was thankful to be leading an organization long steeped in those values.
Elsewhere, I could see decisions were inconsistent or very hard for leaders and organizations that did not have well-understood, embedded values to guide them, particularly if the decisions impacted their business models, profits, or growth.
As the list of issues and tensions demanding our/my position grew—be they from our employees or from governments around the world—I found it essential to declare a framework that reflected vital, values-based outcomes we would focus on. We would prioritize speaking up on issues associated with these values.
To steward good tech, I had us strive to: Be trusted. Be a champion and innovator for the highest standards of diversity and inclusion. Prepare society to thrive in the digital era.
Each person and organization can define their own framework, but I do believe these desired outcomes apply to all types of businesses, as stewarding good tech is not a technology issue; it is a values issue. That said, the bar is highest for those companies that make technologies the rest of us use.
Reprinted by permission of Harvard Business Review Press. Excerpted from Good Power: Leading Positive Change in Our Lives, Work, and World by Ginni Rometty. Copyright 2023 Harvard Business School Publishing Corporation. All rights reserved.