Whether this case has merit or not, I hope it makes it's way to the evening news. Americans may not care about privacy, but they care about their jobs and a prosperous economy.
It probably does not. It is perfectly legal to damage anyone if you do not violate any laws. Given that IBM can probably show a court order, if necessary a retroactive one from the NSA.
In order to get a conviction, shareholders would have to prove :
1) that such cooperation existed
2) that it violated existing laws
3) that they personally suffered losses as a result.
3 looks to me hard to prove by itself, but the real problem is of course condition 2. An action that was the result of directly following a court order is not illegal, not even if it violates laws (that's the whole point of court orders, after all).
I would be interested in what would happen if they did get a conviction. This would be a weird situation. Shareholders own IBM, after all. So any damages paid would effectively be a transfer from one part of their ownership to another, effectively a zero-worth transaction.
Please read about shareholder lawsuits. Shareholder lawsuits typically aim to show a breach of duty on the part of a corporate officer or board member, which is a completely different standard than the one you lay out. A violation of the law is unnecessary. It would be legal for Mark Zuckerberg to use his voting shares to sell Facebook to IBM for a dollar, but doing so would be a breach of his fiduciary duty to shareholders. There is also no notion of a "conviction", it is a civil suit.
In particular it is totally possible to argue that IBM directors / officers were in fact acting in the best interests of US national security, but not their shareholders, the same way that the board of Lockheed would be in breach of their fiduciary duty if they started giving away stealth fighters for free.
Shareholder litigation is typically brought under federal securities laws. In this case IBM misled the market by failing to disclose material adverse information which caused the stock price to fall. To prove you suffered losses you only have to show that you bought stock during the time period affected, and lost money as a result of the information coming to light.
This is interesting. Investors have a right to all material information about a company, and public companies are obligated to provide that information, and SEC regulations require that they do so. But, in this case, that information was classified, so IBM would be breaking the law by revealing it. Conflicting laws.
If the shareholders win, who knows, we may see more lawsuits like this. Maybe that would compel these companies to stand up to the government.
All modern law systems have methods to resolve conflicts between differing law interpretations. Every law falls somewhere on a priority list. At the top (in the US) is the constitution and it's amendments (with the amendments higher than the constitution). Then federal laws. Then federal executive orders. Then ... This is a very complex topic with dozens of exceptions and weird cases (for example court orders have higher precedence than federal laws, except if ...).
But the end result is very simple : if 2 laws conflict one is more important than the other, and you get to ignore one of them. To further qualify this principle you have to build in perspective : it only matters what you see personally, not "the truth", only how the situation appeared to you.
> Given that IBM can probably show a court order, if necessary a retroactive one from the NSA.
This is precisely why many tech companies weakly supported CISPA. The NSA currently does this, but it's on a case by case basis. CISPA was blanket immunity as long as the company said "security".
Too bad it hasn't happened to AT&T (and other carriers), too. AT&T especially has been pretty dismissive to shareholders caring about its relationship with the NSA:
Does AT&T have international business? It seems like a key point of the suit is that the Chinese government cancelled IBM contracts due to these worries, which translates to actual shareholder damages. I don't see any indication AT&T has lost business as a result.
Why would it be expected that do-not-disclose agreements cover all employees or owners? Most top secret information is handled on a need-to-know basis; it is only given to people who are deemed to need to know it. Even within IBM (or any other large company that was involved in PRISM or other NSA programs), most people in the company wouldn't know about it. In general, there are only a few people within the company, who have a secret or top secret clearance, who get to know about what's going on.
Furthermore, owners don't know everything about a company either; shareholders in a public company have no greater insight into the company than the general public.
