Google falsely claimed that a version of its hosted services for government agencies was certified under a government security standard, according to court documents.
Microsoft noticed the false claim in a court filing and quickly pointed it out on its legal and government affairs blog.
The lie was more of an exaggeration, really — another LESS secure version of the same product has been certified, so it’s logical for Google to assume this version will be as well.
Still, Google can’t afford this kind of legal mushiness as it comes under increasing government scrutiny.
The dispute goes back to a government contract that the Department of the Interior (DOI) awarded to Microsoft last year. Google sued, saying that the DOI didn’t give fair consideration to Google Apps. In January, a judge agreed and slapped the DOI with a temporary injunction.
Part of the lawsuit hinges on a security standard called FISMA. Microsoft’s offering, BPOS-Federal, is not compliant with FISMA. (Microsoft says it’s in the certification process and it should be done “soon.”)
Google has publicly claimed that Google Apps for Government is compliant:
On another page, Google says “Google Apps for Government is certified and accredited under the Federal Information Security Management Act (FISMA)….”
But the U.S. Department of Justice — which is representing the DOI — says that’s not the case in a brief it filed in the case. (PDF is here.)
“On December 16, 2010, counsel for the Government learned that, notwithstanding Google’s representations to the public at large, its counsel, the GAO, and this Court, it appears that Google’s Google Apps for Government does not have FISMA certification.”
How did Google think it could get away with this?
Because another version of Google Apps — Google Apps Premier — was certified by the General Services Administration. At that time, Google Apps for Government didn’t exist. Google Apps Premier is actually LESS secure than Google Apps for Government, so Google thinks the FISMA certification will be a no-brainer.
David Mihalchik of Google Enterprise says: “Google Apps for Government is the same system with enhanced security controls that go beyond FISMA requirements. As planned we’re working with GSA to continuously update our documentation with these and other additional enhancements.”
Still, it looks like Google got a bit ahead of itself with the facts here. A simple asterisk linking to an explanation would have eliminated any possible ambiguity.
A technicality is just a technicality. But as Microsoft found out in its battles with the law, even the littlest mistake can be blown into a huge and costly issue by legal opponents.
Update: A Google spokesperson clarified that Google believes that the FISMA certification for Google Apps Premier already covers Google Apps for Government. Google is updating the certification with the GSA anyway.