Google product doesn’t really have security credential, Justice Department says


This article was originally on a blog post platform and may be missing photos, graphics or links. See About archive blog posts.

Google Inc. has maintained that its suite of office products aimed at government clients has been certified under a law that mandates strict information security rules for federal agencies. But the Justice Department says that’s not the case.

Google has maintained that Google Apps for Government, the company’s government-focused email and office software product, is certified under the Federal Information Security Management Act, known as FISMA. FISMA requirements derive from a 2002 law designed to safeguard and manage digital information used by federal government agencies.


Google has been trying to win more clients in the lucrative government email market, long dominated by rival Microsoft Corp. Building a special, extra-secure government version of its popular Google Apps software has been key to those efforts, and in various promotional and support documents, Google says its government offering is certified and accredited under FISMA.

But in documents unsealed last week as part of a lawsuit that Google filed in October against the Department of the Interior, the Justice Department disagrees.

In its recent brief, Justice Department lawyers wrote that ‘notwithstanding Google’s representations to the public at large, its counsel, the [Government Accountability Office], and this Court, it appears that Google’s Google Apps for Government does not have FISMA certification.’

The brief cites a December email in which a security officer at the U.S. General Services Administration, which issues the certifications, tells another official that ‘google for government does not have a c and a yet,’ referring to a FISMA certification and accreditation, but that the company was seeking the credential.

The General Services Administration did not immediately respond to a request for comment.

Google has responded that the consumer and business version of its office software -- Google Apps -- did receive a FISMA certification last July from the GSA.

‘Google Apps for Government is the same system with enhanced security controls that go beyond FISMA requirements,’ said David Mihalchik, who oversees Google’s government software intiatives, in a statement. He noted that Google ‘did not mislead the court or our customers.’


In January, a judge granted Google a preliminary injunction in its case against the Interior department, in which Google alleged that in the agency’s process to procure a new email system for its 88,000 employees, it had illegally skewed the bidding process to favor Microsoft products.

Microsoft jumped on the unsealed documents on Monday morning, with its Deputy General Council David Howard noting in a blog post the apparent contrast between Google’s claims and those by the Justice Department.

‘When it comes to security,’ Howard wrote, ‘the facts matter.’

The city of Los Angeles has partially adopted Google’s government email system for some of its 30,000 employees.


Google sues the U.S. government in its ongoing ‘cloud’ battle with Microsoft

Los Angeles adopts Google e-mail system for 30,000 city employees


-- David Sarno