Microsoft's Bizarre And Misleading Statement About Google In Gov't Procurement Fight

from the well,-well, dept

You may recall the interesting case from late last year, in which Google sued the government, claiming that the Department of the Interior set up a bid for a cloud-based apps service in a way that only Microsoft could win. However, recently, Microsoft made a big stink on its blog, claiming that Google lied in claiming its Apps solution was accredited under FISMA, the Federal Information Security Management Act. Google quickly shot back claiming that its offering absolutely was FISMA certified.

The news coverage on all of this has been a bit confusing, as there's a lot of back and forth with seriously conflicting claims, though Groklaw does a nice job trying to piece together the truth. In the end, it appears that a Justice Department official was confused, mainly because Google got FISMA approval for Google Apps Premiere, and then introduced a product subset of that, with additional security features, called Google Apps for Government. The DoJ seemed to assume that this meant there was no FISMA on the new offering, and Microsoft ran with it. However, as the GSA quickly made clear, it agrees with Google:
Google Apps for Government uses the Google Apps Premier infrastructure but adds additional controls in order to meet requirements requested by specific government agencies. The original FISMA certification remains intact while GSA works with Google to review the additional controls.
Of course, even the GSA seems a bit confused about all of this. While the above statement was the official position of the GSA, in a Senate hearing on the matter, a GSA official described it slightly differently:
"In July 2010, GSA did a FISMA security accreditation for 'Google Apps Premier.' That's what the Google product was called, and it passed our FISMA accreditation process. We actually did that so other agencies could use the Google product. If we do one accreditation, it's leveraged across many agencies. Since that time, Google has introduced what they're calling 'Google Apps for Government.' It's a subset of Google Apps Premier, and as soon as we found out about that, as with all other agencies, we have what you would normally do when a product changes, you re-certify it. So that's what we're doing right now, we're actually going through a re-certification based on those changes that Google has announced with the 'Apps for Government' product offering."
Leading to a bunch of headlines claiming that the GSA disagrees with Google. However, if you read both statements in context, you realize that it appears the GSA does, in fact, agree with Google. What the latter statement notes is that the new subset product needs to be re-certified, but nowhere does he say that it lost its ongoing certification. The official GSA statement above that confirms the initial certification remains intact.

In other words, nothing to see here. A lot of people got confused, but Google has the FISMA certification.

Oh, and an important sidenote in all of this: the Microsoft product which "won" the DoI bid does not have FISMA certification. Yes, you read that correctly. Microsoft is mocking Google for not having FISMA certification (which the product actually did have), while leaving out the bit about how their own product does not. In fact, the government's own filings in the case highlights that it's fine if Microsoft doesn't have FISMA certification now, because it can get it later:
Pursuant to FISMA, an agency may certify and accredit the security of an information system after testing its controls to ensure they work properly. In soliciting a private external cloud, DOI is requesting offerors to propose implementation of its pre-existing technology to meet DOI's specific needs. Accordingly, it follows that such a cloud cannot possibly obtain certification or accreditation because it has not yet been implemented to meet DOI's needs or actually tested. Thus, the lack of FISMA certification for DOI's personalized cloud is not a sign of lax security, as plaintiffs suggest; rather, it is a necessary step in acquiring a dedicated cloud.
In other words, no matter who wins, there will be customization done which will need re-certification... exactly as Google is having done now. In other words, there's no story here. None.

And yet, the Google haters came out quickly on this one. Not only did that Senate hearing happen almost immediately, but the group Consumer Watchdog, which seems to spend all its time coming up with bogus reasons to attack Google, rushed out a press release demanding a further investigation:
"Making misrepresentations to government agencies, particularly involving security clearance, again shows the arrogance of Google engineers, who give little respect to civil society and its accepted rules of conduct. We again urge your committee to hold hearings."
Except, of course, Google did not make misrepresentations to the government agencies. This has nothing to do with Google engineers -- arrogant or not. In fact, you could argue that Consumer Watchdog is actually "making misrepresentations to government agencies" with the letter it sent demanding an investigation.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: fisma, government, gsa
Companies: google, gsa, microsoft


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Chris Rhodes (profile), 15 Apr 2011 @ 3:49pm

    Err, what?

    again shows the arrogance of Google engineers, who give little respect to civil society and its accepted rules of conduct.

    Again? When was the first time? Funny how the haters jump on to the bandwagon immediately and start making accusations without cause, merely because it's Google.

    It just goes to show you: people hate success in others. Make something new and game-changing and people will line up in droves, either with their hand out pleading for cash, or with a club in their hand demanding it "or else". And if refuse, well, that's what we have a government for.

    link to this | view in chronology ]

  • identicon
    Alatar, 15 Apr 2011 @ 4:53pm

    Google haters are so miserable

    Yes, they look so stupid, crying wolf about how "Google is invading privacy and getting everywhere", holding an Iphone in their right hand, and a mswindows PC in the other one (having defended both of them adamantly).

    I can accept criticism towards Google from radical Linuxians who compile their own packages, but not from idiot MS/Apple fanboys

    link to this | view in chronology ]

  • icon
    ltlw0lf (profile), 15 Apr 2011 @ 11:18pm

    This is the only thing Microsoft is good at

    While companies like Google come up with new ways to do business, the only thing that Microsoft is good at is buying/borrowing other people's ideas, making subtle but significant changes to them to prevent compatibility, and then introduce FUD to convince customers that their product is superior than the original product they "borrowed." This is the bleeding edge where Microsoft innovates, and they do it well.

    People actually believe that Active Directory is the best thing Microsoft ever invented, but Active Directory is LDAP, Kerberos, and a couple other pre-existing services. Novell had been doing the same thing for years before Microsoft entered the game, but Microsoft threw up so much FUD about how Active Directory was so much better than Novell's offerings, and with their market share on the client side and their bastardization of the protocols to push out competitors, they quickly knocked Novell out of the market, as they had done with Netscape and IIS.

    link to this | view in chronology ]

    • identicon
      abc gum, 16 Apr 2011 @ 7:06am

      Re: This is the only thing Microsoft is good at

      Embrace, extend and extinguish

      http://en.wikipedia.org/wiki/Embrace,_extend_and_extinguish

      - Is this a MS trademark, patent or copyright?

      link to this | view in chronology ]

    • icon
      nilayan (profile), 18 Apr 2011 @ 1:43am

      Re: This is the only thing Microsoft is good at

      cant u do something better than spend your life bitching abt MS.

      link to this | view in chronology ]

      • icon
        ltlw0lf (profile), 18 Apr 2011 @ 12:27pm

        Re: Re: This is the only thing Microsoft is good at

        cant u do something better than spend your life bitching abt MS.

        You mean like responding to someone else's comment with poor spelling, grammer, and logic?

        I work with Microsoft all day long, every day, along with other software vendors. I bitch just as much about the other vendors I have to deal with, but none of them are convicted monopolists like Microsoft is. When I update Microsoft software, there is absolutely no reason that I then have to spend hours trying to fix the compatibility issues between Microsoft and third parties...but yet I do, and it is usually because Microsoft changes their software and doesn't change their published standards, which everyone else has to play catch-up with by reverse engineering the changes. If they didn't use their monopoly to screw other vendors, then I wouldn't have as much to bitch about, would I?

        link to this | view in chronology ]

  • icon
    nasch (profile), 16 Apr 2011 @ 6:28pm

    Google Apps for Government

    Google Apps for Government must have the worst acronym ever. Would you want to use GAG in your daily work?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Apr 2011 @ 10:11am

    spin

    The most effective spin classes will always have the government involved and all that is lost is money.

    link to this | view in chronology ]

  • identicon
    Riyajkhan, 5 May 2012 @ 5:02am

    Stadye

    I wont to be engeniyar

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.