Google's lawsuit: bigger target is security seal of approval from feds

Google's lawsuit: bigger target is security seal of approval from feds

Summary: By suing the federal government over a $50 million Department of Interior contract, Google is forcing feds to give Google Apps a true competitive look and, hopefully, put it on equal footing with Microsoft when it comes to security.

SHARE:

Google's lawsuit against the federal government, filed late last week over a $50 million Department of Interior contract, has very little to do with the contract itself.

Instead, this is one of those backed-into-a-corner moves, albeit a strategic one that could play well into Google's larger mission of growing Apps.

On the surface, Google appears to be hauling the government into court, crying foul over language in a Department of Interior Request for Quotation (RFQ) that specifically requires Microsoft's Business Productivity Online Suite (BPOS) Federal suite in order to be considered for the contract.

Armed with the Competition in Contracting Act of 1984 (CCA) in-hand, the company is asking the court to halt the Department of Interior's bidding process until a "competitive procurement" is conducted.

Also: Full text of complaint embedded on Techdirt.com

But more importantly, Google is taking a stand in defense of its Google Apps suite.  By asking the court to force the Department of the Interior to give the options competitive consideration, Google is forcing the Microsoft vs. Google security debate into a government testing ground. At the end of that testing period, Google either needs to win the bid or lose it to Microsoft for a reason other than security issues - maybe the costs of integration or something else that suggests that the offerings were more or less equal.

If it's secure enough for the government, then it's certainly secure enough for a big corporation, right? That's got to be the message that Google wants to emerge when all of the legal dust settles.

After all, the company is pretty solid on other fronts. In July, Google announced Google Apps for Government, an enhanced offering intended to address security concerns specific to government agencies. It also announced that it had received FISMA (Federal Information Security Management Act) certification, which allows it to store sensitive, yet unclassified, information, which makes up about 80 percent of all government data.

In the suit, Google points to its FISMA certification and questions the independent research that the government conducted over the Microsoft BPOS-Federal offering. It notes

  • There is very little to no publicly-available information about the Microsoft BPOS solution other than a Microsoft press release on its website.
  • The BPOS-Federal solution is a new product and there are no publicly-identified customers who have either purchased or implemented it, nor are there any case studies reported of any customer using it.
  • The BPOS-Federal solution has not been FISMA certified.

This is not the first time that Google has been irked by language in a government bid request that favored Microsoft. In August, Google decided against submitting a bid for the state of California's e-mail contract because it said that the language was vendor-specific to Microsoft products. Without a bid from Google for the state to consider, let alone reject, it eventually went with a Microsoft offering.

I'm not saying that Google, despite its efforts to create a super-secure government cloud for sensitive data, is offering something better than Microsoft or vice-versa. But if anyone is going to put these two systems to the ultimate test from a security perspective, it only makes sense that the federal government be the one to tackle it first.

Hopefully, this will all end with an understanding of the security issues - if any - that are big enough to keep a government agency from pursuing Google. Certainly, Microsoft's offerings must have a security issue or two that could be of concern.

Other coverage:

Topics: Microsoft, Google, Government, Government US, Legal, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

28 comments
Log in or register to join the discussion
  • Deleted duplicate post

    NT
    Economister
  • Thank you

    There is unfortunately too much "I want to be first" or "I want to blog on that too" blogging on this site, rather than a careful examination of the facts and issue and then posting an informed, balanced, and thoughtful blog on a subject, which incidentally seems to be your approach, and that of a few other bloggers.

    The "me first" and "me too" blogs do create a lot of poorly informed and opinionated Talkbacks as well, including endless and pointless fanboy dogfights, at times as a direct result of the poor blogs (and yes, I will include my own Talkbacks from time to time).

    If low quality blogs and many Talkbacks of questionable value is what ZDNet wants, then it should continue with its current approach, I guess. Ultimately this approach will drive away many quality Talkback contributors, because the signal to noise ratio is just too low.

    If on the other hand ZDNet values quality over quantity, a place where those with real contributions to make feel that it is worth their while to "hang out", then a change may be necessary.
    Economister
    • RE: Google's lawsuit: bigger target is security seal of approval from feds

      @Economister
      Oh, I don't know about that. I think that much of this blog and others here are opiniated blogging. I sincerely doubt their bloggers are "government qualified" so this is not the place to get "government gospel".

      In as much, let the opinions flow. Of course, I, sometimes become iritated with some opinions. But, that's the popcorn that goes with the movie!
      eargasm
    • infrastructure of ZdNet

      @Economister. I agree. I think ZdNet was better when the latest post was the first comment seen. It was just the 1st 2 lines so one had to structure a comment carefully so people would get the key point without scrolling all the way down to the post's position. Since the feature was dropped the threads have deteriorated quite badly.<br>Regards from<br>Tom <img border="0" src="http://www.cnet.com/i/mb/emoticons/happy.gif" alt="happy">
      Tom6
  • RE: Google's lawsuit: bigger target is security seal of approval from feds

    I wish Google would face the facts that they lost the bid fair and square. If you look at these points, Google is trying to harvest more data that they do not and should not have access to:

    [i]* There is very little to no publicly-available information about the Microsoft BPOS solution other than a Microsoft press release on its website.[/i]
    There doesn't need to be. Microsoft can demo it to its customers when their is genuine interest. They don't need to post a public site about it.

    [i]* The BPOS-Federal solution is a new product and there are no publicly-identified customers who have either purchased or implemented it, nor are there any case studies reported of any customer using it.[/i]
    Again, there is no need to make this information public. If the government found that this solution works for them then so be it. If Microsoft released public data like this Google would be trying to bribe those customers in a heartbeat.

    [i]* The BPOS-Federal solution has not been FISMA certified.[/i]
    Maybe, maybe not.

    The bidding was done, the DoI made a decision, and that decision was what works for them and was the best solution. Google is just going to have to suck it up.
    Loverock Davidson
    • Not the sharpest knife in the drawer

      @Loverock Davidson

      When you restrict the the "bidding" process to one supplier there is no bidding, period. As a general rule, in government, that is a cause for concern and a fertile ground for corruption.

      As the custodian of the TAXPAYERS' money, the government has a duty to get the best value for the money. As a general rule, if you restrict the bidding to one supplier, the bidding process is essentially rigged and you do not get the best value for the money.

      If MS has the only viable solution, giving the contract to them may be entirely appropriate. I think a major point here is that very issue.

      The government also has a duty to be very transparent about any requirements for any particular bid, which also seems to be a concern here.

      Just because you are a mindless MS fanboy, does not automatically mean that giving MS a contract is the appropriate thing for a government to do.
      Economister
      • RE: Google's lawsuit: bigger target is security seal of approval from feds

        @Economister
        Correct. The same activity can be shown in events like the Haliburton Pipeline and various other military projects that are, in essence, no bid contracts. The result of the practice is costs go up, budget goes up, taxes go up, tea partiers get elected to congress. It's a vicious cycle.
        hoaxoner
      • RE: Google's lawsuit: bigger target is security seal of approval from feds

        @Economister
        Come on now, not holding to your thesis. Now there is such a thing as sole sourcing written into the law. There was a justification provided by DOI. Now, Google is not the approval/disapproval agency for that justification. If the approval agency approved the sole contract based upon that justification, then Google is just mud in the water and they need a stick in the eye, or upon another body part. No matter, Google don't like the process, they don't own it. They have enought problems running Google. They are not "Government Qualified" either.
        eargasm
    • RE: Google's lawsuit: bigger target is security seal of approval from feds

      @Loverock Davidson You miss the point. The government should give parameters and then solicit vendors to supply software that meets their parameters. It should not decide on the product in advance and then call that competitive bidding. You have to wonder about some of the folks hired by government.
      Al_nyc
    • Arguing with Loverock:An exercise in futility

      @Loverock Davidson
      >>>The bidding was done, the DoI made a decision, and that decision was what works for them and was the best solution. Google is just going to have to suck it up.<<<
      The point of the lawsuit is that the bidding was not done. Google was barred from bidding. Did you read the article and/or the lawsuit?
      richdave
    • "I wish Google would face the facts..."

      @Loverock Davidson :
      <i>"I wish Google would face the facts that they lost the bid fair and square."</i>
      How did they lose 'fair and square' when they weren't even allowed to compete?

      <i>"Microsoft can demo it to its customers when their is genuine interest. They don't need to post a public site about it."</i>
      When a package is being submitted for a bidding package, while the specifics of that package don't need to be public knowledge, the general data needs to be available to see if there is even a competing package in the market. By the DOI making the RfB the way it did, neither the DOI nor anyone else knows for sure if there's even a competing product.

      <i>" If the government found that this solution works for them then so be it."</i>
      How do they know it's the solution that works for them? How did they test it? How, when <i>"The BPOS-Federal solution has not been FISMA certified"</i>, can they possibly know it can even meet their needs?

      No bidding was done; the DOI made their decision based on hearsay that there was only one possible solution for their needs. This goes entirely counter to the purpose for which the government puts out their Request for Bids.

      Google is totally in the right, here. They should have at least been given the opportunity to compete so that the DOI, Google and everybody else has some idea of who can field what and how well it stacks up to the competition. <b>By specifying a single solution, there was no competition.</b>
      Vulpinemac
    • RE: Google's lawsuit: bigger target is security seal of approval from feds

      @Loverock Davidson

      Just to be clear, it doesn't seem that the blog was about Microsoft being granted a contract over Google. The issue at hand is that the contract restricted contractors who made use of anything other than Microsoft products.

      Thus, even if a contractor was proficient with Google's apps, they would not be considered for the contract. Considering that contract bidding revolves primarily around costs, why limit contractor choices to a more expensive product when there is no precedent that MS' cloud is any more secure than Google's?

      This isn't a MS vs Goog debate. This is a legacy vs modern debate. I think Google has a lot of ground to stand on here. To put it in the simplist words: Google was discriminated against, and that's unfair.

      This is what the case is about. So, now DoI has to prove why they excluded Google. ...or say that they prefer MS because of familiarity, but Google is secure.

      Google wins either way...

      Stop with the fights...

      Be happy...
      GSystems
  • I don't want state secrets in the "cloud".

    May as well cc our enemies with everything if you put it in "the cloud". Saves everyone time that way.
    NoAxToGrind
    • RE: Google's lawsuit: bigger target is security seal of approval from feds

      @NoAxToGrind
      You should read the DOI requirements. Thery were looking for a private cloud. That is not open to the public, enemies or anyone else. Same as the difference between "Inter"net and "intra"net. Please understand before you critique!
      I'm frustrated to read stuff which displays such bleep
      vsud
  • Irrespective of the bidding and all the machinations...

    ... I sincerely hope, for the users sake, that they end with Microsoft - just because I, as an end user, would prefer to use the normal Office apps instead of the Google Apps. I suppose that would be the same sentiment of the government users.
    Roque Mocan
    • A little .....

      @Roque Mocan

      too stuck in your ways perhaps? Would you try it if your taxes went down?
      Economister
      • RE: Google's lawsuit: bigger target is security seal of approval from feds

        @Economister I'm not stuck in my ways and Google Apps is by no means a full office suite. It has good collaboration - and that's about it. It can no where compete against Office or Open Office. It's basic some some really stupid things and can't do A LOT of things. I know you and Donniechild conceive children thinking about Google, but they have a long way to go to really "compete" against a true office suite. But it does grade school level work with some very , very good collaborative work. And using the "taxes go down" is a huge joke. hopefully after last night we might get some better thinking in Washington, becasue what is there now is crap.
        ItsTheBottomLine
      • Have you ever used Google Apps?

        @Economister

        While not bad for WebApps... They are still a very poor substitute for a native app. GMail in a browser. Still sad (yes I have used them).
        Bruizer
    • Irrespective of the bidding and all the machinations...

      @Roque Mocan I have had those same feelings. Unfortunately, management has never seen fit to consult me as to my preference.
      richdave
    • RE: Google's lawsuit: bigger target is security seal of approval from feds

      @Roque Mocan
      So you think that Google's apps are abnormal, or substandard?
      Funny that they seem to do the job just fine for the vast majority of regular users.
      I will admit that MS Office has a few features that 99.999% of users never touch, is that why you find Google Apps substandard, because it has all the "Normal" features, just not the esoteric rarely used features?
      Why pay for something no one uses?
      x-windows user