Yesterday, Microsoft called Google a liar. Today before the U.S. Senate, a government agent agreed.
The dispute hinges over a security certification called FISMA, which is required for some government contracts. Google has maintained that Google Apps for Government was FISMA-certified. Microsoft uncovered a court filing where the U.S. Department of Justice said it’s not.
Google explained that the DoJ was looking at a small technicality. Google Apps Premier was certified by the General Services Administration (GSA). At that time, Google Apps for Government didn’t exist yet.
But Apps for Government is a subset of Apps Premier, and is MORE secure. So Google said it “believes” that the certification covered Apps for Government as well.
That’s not what the GSA thinks.
Today, U.S. Senator Tom Carper (D-Del.) conducted a hearing into the matter. He quizzed David McClure from the GSA about the contract. Here’s the testimony (emphasis added):
CARPER: According to press reports the Department of Justice notified Google in December of 2010 that its Apps for Government was not in fact FISMA compliant. To help provide some greater clarity on this issue, I’d like to ask both of you if you would to comment on these recent reports and discuss how OMB and GSA are addressing the concerns that are raised by them.
MCCLURE (GSA): Sure, I’d be glad to bring some clarity to it. In July 2010, GSA did a FISMA security accreditation for “Google Apps Premier.” That’s what the Google product was called, and it passed our FISMA accreditation process. We actually did that so other agencies could use the Google product. If we do one accreditation, it’s leveraged across many agencies. Since that time, Google has introduced what they’re calling “Google Apps for Government.” It’s a subset of Google Apps Premier, and as soon as we found out about that, as with all the other agencies, we have what you would normally do when a product changes, you have to re-certify it. So that’s what we’re doing right now, we’re actually going through a re-certification based on those changes that Google has announced with the “Apps for Government” product offering.
In other words, the agency that certified Apps Premier does NOT think that it covers Apps for Government. Neither does the DoJ.
Only Google seems to think so.
Later Senator Carper said, “Given the potentially serious nature of this, I¹ve asked my staff to follow up with your offices today on this issue so that we can get to the bottom of it.” (Carper also quizzed the Office of Management and Budget, which said it wasn’t involved in procurement.)
Carper also sent out a tweet saying he was going to figure out what’s going on.
In a sense, the FISMA issue is a distraction from the main legal case here — Google is accusing the Department of Interior of choosing Microsoft’s products without giving Google Apps fair consideration. But all along, Google had said that it was FISMA certified. Now, it turns out that it wasn’t.