Forgot your password?
typodupeerror
Microsoft Google Government Software The Courts

Microsoft Blasts Google For False Claims In Court Documents 213

Posted by Soulskill
from the a-case-of-he-filed-she-filed dept.
recoiledsnake writes "Microsoft writes in a blog post that Google knowingly lied to the court while suing the US government over its consideration of only Microsoft implementations. We previously discussed Google winning an injunction against the Department of the Interior over this. According to Microsoft Deputy General Counsel David Howard, 'Google filed a motion for a preliminary injunction telling the court three times in a single document that Google Apps for Government is certified under FISMA. Google has repeated this statement in many other places as well. Indeed, for several months and as recently as this morning, Google's website states, "Google Apps for Government – now with FISMA certification." ... So imagine my surprise on Friday afternoon when, after some delay, some of the court papers were unsealed, at least in part. There for all to see was a statement by the Department of Justice contradicting Google on one of its basic FISMA claims.' Howard goes on to quote the DoJ brief (PDF), which says, '... it appears that Google's Google Apps for Government does not have FISMA certification.'"
This discussion has been archived. No new comments can be posted.

Microsoft Blasts Google For False Claims In Court Documents

Comments Filter:
  • by Tigger's Pet (130655) on Monday April 11, 2011 @04:01PM (#35785230) Homepage

    I think the title says it all. What's the old phrase? "If you can't blind them with science, then baffle them with bullshit."

    • Are you talking about Microsoft or Google?

      • by StuartHankins (1020819) on Monday April 11, 2011 @04:06PM (#35785304)
        Yes.
      • Re: (Score:3, Interesting)

        According to the court papers, Microsoft is not lying here. Google Apps for Government really doesn't have FISMA certification, even though Google said it did.

        • by RobertM1968 (951074) on Monday April 11, 2011 @06:42PM (#35786902) Homepage Journal

          According to the court papers, Microsoft is not lying here. Google Apps for Government really doesn't have FISMA certification, even though Google said it did.

          According to the papers just filed, neither is Google:

          A portion of Google's response: Even so, we did not mislead the court or our customers. Google Apps received a FISMA security authorization from the General Services Administration in July 2010. Google Apps for Government is the same system with enhanced security controls that go beyond FISMA requirements. As planned we’re working with GSA to continuously update our documentation with these and other additional enhancements.

          And the confusion stems from this:

          The Justice Department acknowledges that the General Services Administration (GSA) had certified a different Google offering, Google Apps Premier, for its own particular use under FISMA last July. As the DOJ's brief explains, "However, Google intends to offer Google Apps for Government as a more restrictive version of its product and Google is currently in the process of finishing its application for FISMA certification for its Google Apps for Government." Lest there be any doubt about the situation, the brief adds, "To be clear, in the view of the GSA, the agency that certified Google's Google Apps Premier, Google does not have FISMA certification for Google Apps for Government."

          And finally, to clarify, GAfG is a subset of GAP (which does have FISMA certification).

          • >And finally, to clarify, GAfG is a subset of GAP (which does have FISMA certification).

            Where did you get that it was a subset? Bolding something doesn't make it true.

            Even if it were a subset, why did Google apply for certification again?

            • by iserlohn (49556)

              You're not familiar with government certification are you? If you're talking about stuff like EAL4+ compliance under common criteria, technically, every deployment need to be certified. However, you can certify a product as "the next best thing", but that certification is only valid for that particular version of software and it's tested environment, and most vendors use a special locked down mode to ensure compliance. Most people don't deploy EAL4+ devices in the real world under this mode as there are bui

              • How does that excuse Google for falsely claiming that it had FISMA for Google Apps for Govt. when it did not?

              • by dimeglio (456244)

                If Microsoft can get certification, so can Google. If DOJ's requirements state FISMA is mandatory, they should allow them the chance to obtain this certification by a certain date.

          • by grapeape (137008)

            That doesn't matter though...what matters is the exact product in question is what has to have certification, subset, superset even a simple version change doesn't matter they all have to be submitted for certification, google hadn't done that yet claimed it had...yes it was a "technicality" but in the eyes of the govt. and their sometimes ridiculous processes an important one.

          • by cbhacking (979169)

            That's interesting. It also has absolutely nothing to do with the subject, except for the very last sentence you quoted. When something is certified, neither a subset nor a superset of that thing also receive certification. If Google did in fact claim that GAfG had FISMA certification before FISMA certification was granted to GAfG, then they were lying.

    • by DavidR1991 (1047748) on Monday April 11, 2011 @04:06PM (#35785300) Homepage

      Same as what they were doing against Apple. They accused Apple of using the wrong font size in their court documents (hence claiming they were invalid) rather than actually fighting the case. They really are at the pinnacle of the BSing

      • by meerling (1487879)
        "They really are at the pinnacle of the BSing" - Of course, they are both using lawyers.
      • by Anonymous Coward on Monday April 11, 2011 @04:47PM (#35785742)

        So, for those of you who didn't RTFA, here's what actually happened:

        Google Apps Premier HAS a certification.

        The even more secure Google Apps for Government has applied for the same certification but hasn't gotten it yet.

        It is unclear whether or not there is even a need for the additional certification given the massive similarities between the two platforms. Microsoft is claiming that there must be because Google applied for a new certification for Google Apps For Government. Given that the two platforms vary by not much more code than would be involved in a typical Patch Tuesday, it is highly unlikely that this is material to the conversation.

        Just to go back to the original problem: A government entity approved a massively more expensive Microsoft solution over an equivalent Google solution that would have saved the taxpayers significant amounts of cash. Microsoft is now saying that this is all because of the difference in title between "Premier" and "For Government." Call me skeptical, but this smells rotten to me.

        • by msauve (701917)
          Yep, and if you follow throught on the references, you'll find one to check for lies on pages 18, 29, and 37 of a linked PDF document. Unfortunately, they don't say which pages they mean - page 18 of the PDF is page 15 of the fax it was scanned from, which is page 11 of the original document.

          From what I can tell, FISMA [wikipedia.org] certification is for information systems, not applications. If Google runs "Apps for Gov't" on the same cloud infrastructure as their "Apps Premier," it would seem to qualify under the certi
          • My understanding is that Google does NOT run Apps for Government in the same cloud infrastructure. They deliberately isolated the Govt systems for security purposes.

            • by msauve (701917)
              By "not the same," do you mean physically, or logically? ISTM, they'd use an identical "information system," but possibly consisting of physically separate servers. Again, by my reading on what FISMA is all about, that wouldn't matter - it seems to be concerned with architecture and procedures, not specific apps or physical devices.
          • Yep, and if you follow throught on the references, you'll find one to check for lies on pages 18, 29, and 37 of a linked PDF document. Unfortunately, they don't say which pages they mean - page 18 of the PDF is page 15 of the fax it was scanned from, which is page 11 of the original document.

            From what I can tell, FISMA [wikipedia.org] certification is for information systems, not applications. If Google runs "Apps for Gov't" on the same cloud infrastructure as their "Apps Premier," it would seem to qualify under the certification received for the latter. Is there really any difference between the two, except for marketing? From their website, any difference is not apparent.

            The other references to Goog'e's websites do check out. If what you say is true then why is Google applying for FISMA certification again?

            • by msauve (701917)
              "why is Google applying for FISMA certification again?"

              Because to a company of their size the cost is negligible, and they want to remove any ability for competitors to spread FUD?
        • by IICV (652597) on Monday April 11, 2011 @05:55PM (#35786474)

          Just to go back to the original problem: A government entity approved a massively more expensive Microsoft solution over an equivalent Google solution that would have saved the taxpayers significant amounts of cash. Microsoft is now saying that this is all because of the difference in title between "Premier" and "For Government." Call me skeptical, but this smells rotten to me.

          While keeping in mind that (IIRC) the Microsoft solution currently does not have FISMA certification, and part of the reason why it was going to be so expensive is because they were going to get it certified in the process.

        • by erroneus (253617)

          There you go being reasonable and logical. Working in a company that is insanely technical and bureaucratic that also deals with US government has showed me that it is simply not a logical conclusion to draw when it comes to government certification.

          Patches to an existing approved app is one thing, but adding or removing a whole program, adding or removing features and functionality and certainly changing the name are major things which can cause a requirement to get [re]certified.

          It's hard to say "Google

    • by jdgeorge (18767)

      The old phrase is, "If you can't dazzle them with brilliance, baffle them with bull....", attributed to W.C. Fields

  • Double-standards (Score:3, Insightful)

    by Anonymous Coward on Monday April 11, 2011 @04:08PM (#35785332)

    Google does this, it's "Nothing to see here, you shouldn't be surprised, move on, move on"

    Microsoft does this, "omg .. did you see what they did! remember this day, and USE IT IN COMMENTS FOR THE NEXT SEVEN YEARS"

    • Not quite. I don't like MS and do prefer Google as a company BUT if they out right lied then they should be punished accordingly. If they keep on doing it then its time to support someone else who can do business with out lying or borderline breaking laws.

      • by iserlohn (49556)

        Did you read the comment surrounding this? it's looks like classic Microsoft FUD as usual.

    • Sure, Ill take some double standards, looks good next to my giant bias.
      I dont remember swearing to treat evil crap companies the same as decent ones.

    • Re:Double-standards (Score:5, Interesting)

      by brennz (715237) on Monday April 11, 2011 @04:35PM (#35785622)

      The truth of the matter is more simple.

      Google went through the agonizing process of FISMA that is very stringent compared to jokes like a SAS 70 type 2. Microsoft did nothing. DOI does not have a FISMA certified private or govt cloud.

      DOI determined they would add in their own unique security requirements for a yet-unbuilt cloud solution that had never been certified for FISMA. Basically a joke of a to-be solution.

      Google cried foul, claiming they had already passed the FISMA qualification, something no other cloud vendor had done at the same time period. Google claimed a certified solution like their cloud could not be compared against a non-existent pipedream cloud.

    • Blameless company does this, it's "Nothing to see here, you shouldn't be surprised, move on, move on" Convicted monopolist does this, "omg .. did you see what they did! remember this day, and USE IT IN COMMENTS FOR THE NEXT SEVEN YEARS"

      FTFY.

  • While I don't doubt that this story is worth mentioning if Google didn't have the certification and claimed it did, is it worth mentioning yet?

    While this may be what happened, even the author is vague about it. This seems like a Glenn Beck style story of "I'm not absolutely sure, but I heard "

  • by brennz (715237) on Monday April 11, 2011 @04:22PM (#35785486)

    GSA certified and accredited Google Apps (FISMA certification)
    GSA is the lead agency for acquisition for the US Govt
    GSA met several the NIST standards at the moderate level
    DOI claims that the GSA certification doesn't meet their specific standards and they have to have a govt only cloud in the continental US.
    DOI security has been the laughingstock of the US govt for as long as I can remember*

    DOI disconnected from the internet by a federal judge for complete failure in IT security [google.com]

  • If you read the brief, it's actually not quite as simple as Google "does not have FISMA certification." FISMA certification is per-agency, and Google *has* FISMA certification for GSA. Google *does not* have FISMA certification for any other agency. Each agency makes its own determination. It also appears that FISMA is a minimum for information security, so agencies can require more than FISMA if they want to. (Refer to brief pages 37-39 for the details on FISMA.)
  • proof? (Score:5, Insightful)

    by dwater (72834) on Monday April 11, 2011 @04:33PM (#35785598)

    Being wrong is not the same as lieing. Furthermore, I would imagine it is very difficult to prove someone deliberately lied.

    • by Rockoon (1252108)

      Being wrong is not the same as lieing.

      Being wrong on purpose is.

      Furthermore, I would imagine it is very difficult to prove someone deliberately lied.

      Thats another matter entirely. This allows people to be wrong on purpose without you (apparently) thinking that they are a liar.

      • by dwater (72834)

        Being wrong is not the same as lieing.

        Being wrong on purpose is.

        well, der. that is the very definition of 'lieing'

  • Now there's an unbiased source of news.

    This may be true, Google might have lied (on purpose or by accident), but can't we at least come up with a source that isn't so obviously biased?

  • take Microsoft serious, pay

    .. and believe
  • It's just in Beta still.

  • So pulling back a bit and looking at the big picture: has there been a significant increase in the number of petty corporate lawsuits or is it just my observational bias, IE reading too much Slashdot?

  • Pot and Kettle (Score:5, Informative)

    by madmark1 (1946846) on Monday April 11, 2011 @05:04PM (#35785934)

    Microsoft Chief Council says Google Lied in Court...

    Pot, meet kettle...

    As usual, the headline is a bit misleading, and certainly leaves out a large part of the story. Google Apps Permier has been FISMA certified by the GSA, so when you go to the Google website and look, and it says "Now FISMA certified", they aren't lying. They really are FISMA certified. However, FISMA is not a blanket certification. The DoI does not have to accept the FISMA certification of the GSA, it can decide to do its own testing if it wishes. This doesn't change the fact that Google Apps Permier has in fact attained FISMA certification.

    The second tricky bit is Google Apps for Government, a product that didn't exist at the time the court case started. The law says (and the brief points out) that FISMA certification cannot be attained until after implementation of the product, and thorough testing. So, in that case, Neither Microsoft's offering, nor Google Apps for Government, is FISMA certified, nor could they have been at the time. Now, Google Apps Premiere was certified, and Apps for Government was going to be done under a more restrictive set of security constraints, so it would have likely passed too. What I have to wonder though, is did Google lie, and say Google Apps for Government had the FISMA cert, or did they say "Google Apps is FISMA certified", which is true?

    I have to come down on the side of the Microsoft lawyer playing this up for far more than it should be.

    • What I have to wonder though, is did Google lie, and say Google Apps for Government had the FISMA cert, or did they say "Google Apps is FISMA certified", which is true?

      Why wonder? It is demonstrated in the attachments. Example [google.com]:

      Google Apps for Government, now with FISMA certification

      The representative from the GSA who granted the certification also clearly states in emails that Google Apps for Government is not certified by their department (as you mentioned, it could not be).

  • FISMA is a guideline. You hire someone to certify you in it. Much like you can get a fire inspector to come to your business and rate the place as "Safe" and then some other inspector could find fault. Per googles site, "Google Apps has received an authority to operate at the FISMA-Moderate level; an independent auditor assessed the level of operational risk as Low."
    Also, you can request their documentation:
    "Google's FISMA documentation is available for review by interested agencies.This enables agencies to
    • by Rockoon (1252108)
      ..they need to get certified for each product that they want to claim is certified.

      If Google Widget is certified, that doesnt mean that Google Sprocket is also certified. In this case, Google did not receive certification for the product that they were selling (they received certification only for a product similar, but distinctly feature-different, to what they were selling)
  • by monk (1958)

    Here's the link to Google's claim and a link to request the documentation if anyone wants to follow up:

    http://www.google.com/apps/intl/en/government/trust.html [google.com]

    I'm betting they can back it up.

  • Google really begins to look nasty here.... the government is trying to do something that is the right thing by sane security standards (there is no such thing as 'secure multitenancy'.... that is an Oxymoron.)... and Google's insisting they sacrifice security requirements they have specified, just so that Google can provide service to them using a non-dedicated cloud?

    I understand Google fearing they pick M$ due to hegemony... but if Google verifiably hasn't provided a product yet that will meet the

    • by walshy007 (906710)

      Google apps premier was certified, when the lawsuit started and the contract given google apps for government did not even exist. No microsoft solution ever had certification.

      Basically google was already further towards the requirements, and microsoft said, sure, we can make it compliant to whatever for $x, google should not have been ruled out instantly.

    • by 517714 (762276)
      Trademark law prevents Google from using "Microsoft" in their products. The lawsuit is about the DOI specifying a Microsoft product instead of allowing a competitive bid based on the functional requirements.

"I have more information in one place than anybody in the world." -- Jerry Pournelle, an absurd notion, apparently about the BIX BBS

Working...