Microsoft: Google lied about U.S. government security claim

By Tom Warren, on 11th Apr 11 7:40 pm with 5 Comments

Microsoft: Google lied about U.S. government security claim

Microsoft claimed on Monday that Google has mislead its customers by claiming it has been certified under the Federal Information Security Management Act (FISMA).

Microsoft’s Corporate Vice President & Deputy General Counsel David Howard, made the revelation in a company blog posting on Monday. Howard claims that the United States Department of Justice had rejected Google’s claim that Google Apps for Government, Google’s cloud-based suite for government customers, has been certified under the Federal Information Security Management Act (FISMA).

The rejection comes in form of unsealed court papers that were made available on Friday April 8. “So imagine my surprise on Friday afternoon when, after some delay, some of the court papers were unsealed, at least in part. There for all to see was a statement by the Department of Justice contradicting Google on one of its basic FISMA claims,” writes Howard. The DoJ states the following:

On December 16, 2010, counsel for the Government learned that, notwithstanding Google’s representations to the public at large, its counsel, the GAO, and this Court, it appears that Google’s Google Apps for Government does not have FISMA certification. … We immediately contacted counsel for Google, shared this information and advised counsel that we would bring this to the Court’s attention. According to the GSA, Google‟s Google Apps Premier received FISMA certification on July 21, 2010. However, Google intends to offer Google Apps for Government as a more restrictive version of its product and, Google is currently in the process of finishing its application for FISMA certification for its Google Apps for Government. … To be clear, in the view of GSA, the agency that certified Google’s Google Apps Premier, Google does not have FISMA certification for Google Apps for Government.

“So why did Google tell governments and the public that Google Apps for Government was FISMA certified even before it had applied for that certification? We’ll have to wait for Google to tell us what they were thinking,” says Howard. The public attack on Google follows Microsoft’s formal complaint with the European Commission against Google. The complaint is part of an ongoing investigation in the EU into whether Google has violated European competition law. Microsoft has claimed its “concerned by a broadening pattern of conduct aimed at stopping anyone else from creating a competitive alternative.”

Microsoft has called on Google to issue a correction on its website but at the time of writing it has yet to respond.

Update: Google has issued a response to NewsGrange:

“This case is about the Department of Interior limiting its proposal to one product that isn’t even FISMA certified, so this question is unrelated to our request that DOI allow for a true competition when selecting its technology providers.

Even so, we did not mislead the court or our customers.  Google Apps received a FISMA security authorization from the General Services Administration in July 2010.   Google Apps for Government is the same system with enhanced security controls that go beyond FISMA requirements.  As planned we’re working with GSA to continuously update our documentation with these and other additional enhancements.”

  • sarkis chamelian

    I’m a Doctor……Trust me !!

    • Anonymous

      Or at least my dad was… and I’m pretty much just an enhanced version of my dad.

    • noname

      ericesque: lol… one of the best comments ever :)

  • Avatar X

    So in Google’s side of it they not lied because they were already in the certification process and since they were sure they would pass, this equates to the same to already having it?

    Yeah, i guess it is the same…..wait…no it is not.

  • Guest

    I know I’m on a MS site and all, but it wouldn’t be the first time Google lied. Just one example: Chrome OS firmware is closed source. Sergey Brin said it was “fully open source”. Anyway screw Google infecting Disqus’s reCaptcha.