Microsoft Blasts Google For False Claims In Court Documents

recoiledsnake writes "Microsoft writes in a blog post that Google knowingly lied to the court while suing the US government over its consideration of only Microsoft implementations. We previously discussed Google winning an injunction against the Department of the Interior over this. According to Microsoft Deputy General Counsel David Howard, 'Google filed a motion for a preliminary injunction telling the court three times in a single document that Google Apps for Government is certified under FISMA. Google has repeated this statement in many other places as well. Indeed, for several months and as recently as this morning, Google's website states, "Google Apps for Government – now with FISMA certification." ... So imagine my surprise on Friday afternoon when, after some delay, some of the court papers were unsealed, at least in part. There for all to see was a statement by the Department of Justice contradicting Google on one of its basic FISMA claims.' Howard goes on to quote the DoJ brief (PDF), which says, '... it appears that Google's Google Apps for Government does not have FISMA certification.'"

Shock - Big Business Lies

[Tigger's+Pet]

I think the title says it all. What's the old phrase? "If you can't blind them with science, then baffle them with bullshit."

Re:Shock - Big Business Lies

[recoiledsnake]

Are you talking about Microsoft or Google?

Re:Shock - Big Business Lies

[DavidR1991]

Same as what they were doing against Apple. They accused Apple of using the wrong font size in their court documents (hence claiming they were invalid) rather than actually fighting the case. They really are at the pinnacle of the BSing

Re:Shock - Big Business Lies

[StuartHankins]

Yes.

Re:Shock - Big Business Lies

[Overly+Critical+Guy]

According to the court papers, Microsoft is not lying here. Google Apps for Government really doesn't have FISMA certification, even though Google said it did.

Re:Shock - Big Business Lies

Except Google lying to a court would be perjury. And that is pretty darn illegal.

Re:Shock - Big Business Lies

[jdgeorge]

The old phrase is, "If you can't dazzle them with brilliance, baffle them with bull....", attributed to W.C. Fields

Re:Shock - Big Business Lies

'Yes' is now a meme? Damn. I'll have to start using 'Not No' from now on.

Re:Shock - Big Business Lies

because (believe it or not) it's faster to resolve a case based on a technically that actually have to argue out law

i know amazing isn't it?
a lawyer possibly trying to finish things up quickly
to fulfil the required level of microsoft bashing i'll add this:
probably as laywer wants to spend as little time with microsoft as possible. he might be evil, but not that evil.

Re:Shock - Big Business Lies

[meerling]

It's not a meme, it's been around a long time, it's an answer to both.
To clarify if you don't get it: "Are you talking about Microsoft of Google?" Yes, both Microsoft AND Google were being referenced.

Re:Shock - Big Business Lies

[meerling]

"They really are at the pinnacle of the BSing" - Of course, they are both using lawyers.

Re:Shock - Big Business Lies

According to the court papers, filed in opposition to Google, Microsoft is not lying here.

FTFY.

In fact the court papers themselves mention that Google Apps does have FISMA certification. Google Apps for Government is a restricted subset of Google Apps - which, technically, appears not to have been seperately certified as of the given date.

Re:Shock - Big Business Lies

[jdgeorge]

It's not a meme. It's a correct answer to a question which was written ambiguously, allowing multiple interpretations.

It's an annoying and eccentric behavior, perhaps, but it has been done for centuries, or longer.

Re:Shock - Big Business Lies

So, for those of you who didn't RTFA, here's what actually happened:

Google Apps Premier HAS a certification.

The even more secure Google Apps for Government has applied for the same certification but hasn't gotten it yet.

It is unclear whether or not there is even a need for the additional certification given the massive similarities between the two platforms. Microsoft is claiming that there must be because Google applied for a new certification for Google Apps For Government. Given that the two platforms vary by not much more code than would be involved in a typical Patch Tuesday, it is highly unlikely that this is material to the conversation.

Just to go back to the original problem: A government entity approved a massively more expensive Microsoft solution over an equivalent Google solution that would have saved the taxpayers significant amounts of cash. Microsoft is now saying that this is all because of the difference in title between "Premier" and "For Government." Call me skeptical, but this smells rotten to me.

Re:Shock - Big Business Lies

[Overly+Critical+Guy]

According to the court papers, filed in opposition to Google, Microsoft is not lying here.

FTFY.

Hello, anonymous Google supporter who shows up in every article. The information is in a statement from the Department of Justice in the court briefing. It's not an allegation or statement of opinion; Google really doesn't have the FISMA certification they claimed they did. Microsoft further made the point in the linked article that if the FISMA certification for Google Apps Premier applied to Google Apps for Government, Google wouldn't be applying for another certification specifically for Google Apps for Government.

Re:Shock - Big Business Lies

It's a Mathematician's Answer.

Re:Shock - Big Business Lies

You mean even though Google continue to claim, even though its clear that they don't. Why does Google feel the need to pad its credentials out like this though? Its like Bill Gates putting "awarded bronze swimming certificate" on his CV, right next to "Founded Microsoft".

Re:Shock - Big Business Lies

Mod parent up!

Re:Shock - Big Business Lies

What is it with that dumb as fuck "What" meme shit? And don't get me started about those ridiculous "dumb" "fuck" "meme" and "shit" memes, those are fucking retarded. It's like everything everyone says is some stupid meme.

Re:Shock - Big Business Lies

[Locutus]

you must be too young to have watched the Microsoft vs DOJ case where Microsoft showed a video of how easy it was to download netscape and install it(or something like that) and repeatedly was asked if this was an unedited unscripted video and repeatedly they said yes Your Honor. So out comes the prosecution with scenes showing icons mysteriously moving and even disappearing on the desktops in the video and to that the Microsoft lawyers confessed it was mocked up. So what is lying to the Judge and perjury really mean in todays courts? zip, zero, nada, nothing.

BTW, I still have seen no dates for when Google got that cert and when they said they "had" it.

LoB

Re:Shock - Big Business Lies

[UnknowingFool]

That's not how I read the DOJ's brief. The problem is people think that FISMA certified = secure. It doesn't. FISMA certified means that security planning has been documented. The DOJ objected to the overall security of Google Apps and never said Google was lying. Another issue is that Google Apps was certified by the GSA which has different security needs than the DOJ. If I understand FISMA correctly each agency willhave to go through their own certification process.

Re:Shock - Big Business Lies

[UnknowingFool]

If you read the brief and not the summary, you'd see that MS is twisting words. The DOJ never said Google lied. If they had, the DOJ has the power to pursue perjury charges. The DOJ did say that Google Apps security was not good enough which is completely different than Google is lying.

Re:Shock - Big Business Lies

Minor differences can be huge. Particularly in security. In fact, one line of code could make a very big deal.

Re:Shock - Big Business Lies

[idontusenumbers]

It's a smart-ass reply that is more confusing and less polite then "both, actually".

Re:Shock - Big Business Lies

[msauve]

Yep, and if you follow throught on the references, you'll find one to check for lies on pages 18, 29, and 37 of a linked PDF document. Unfortunately, they don't say which pages they mean - page 18 of the PDF is page 15 of the fax it was scanned from, which is page 11 of the original document.

From what I can tell, FISMA certification is for information systems, not applications. If Google runs "Apps for Gov't" on the same cloud infrastructure as their "Apps Premier," it would seem to qualify under the certification received for the latter. Is there really any difference between the two, except for marketing? From their website, any difference is not apparent.

Re:Shock - Big Business Lies

[IICV]

Just to go back to the original problem: A government entity approved a massively more expensive Microsoft solution over an equivalent Google solution that would have saved the taxpayers significant amounts of cash. Microsoft is now saying that this is all because of the difference in title between "Premier" and "For Government." Call me skeptical, but this smells rotten to me.

While keeping in mind that (IIRC) the Microsoft solution currently does not have FISMA certification, and part of the reason why it was going to be so expensive is because they were going to get it certified in the process.

Re:Shock - Big Business Lies

Call me skeptical, but this smells rotten to me.

Skeptical is the only way to go, when someone tries to fight a court battle with press releases rather that court filings.

Putting it in a blog serves no purpose except to influence public opinion.

Re:Shock - Big Business Lies

[MobileTatsu-NJG]

It was a pefectly understandable answer to the question that was asked. Is your common sense down today?

Re:Shock - Big Business Lies

http://tech.fortune.cnn.com/2011/04/11/google-responds-to-microsofts-fisma-certification-accusations/

Re:Shock - Big Business Lies

[erroneus]

There you go being reasonable and logical. Working in a company that is insanely technical and bureaucratic that also deals with US government has showed me that it is simply not a logical conclusion to draw when it comes to government certification.

Patches to an existing approved app is one thing, but adding or removing a whole program, adding or removing features and functionality and certainly changing the name are major things which can cause a requirement to get [re]certified.

It's hard to say "Google Lied" when a certification has actually been obtained. When the difference is more along the lines of a technicality, it's probably something that can be overlooked and certainly corrected. And I am certain the court will agree with that general analysis. However, the judge might still require that Google restate or retract the claims until it is corrected.

Re:Shock - Big Business Lies

[man_of_mr_e]

My understanding is that Google does NOT run Apps for Government in the same cloud infrastructure. They deliberately isolated the Govt systems for security purposes.

Re:Shock - Big Business Lies

[dunng808]

If only Rupert Murdoch would buy Microsoft. Then we would have a single source for all this "news."

Re:Shock - Big Business Lies

[RobertM1968]

It's a smart-ass reply that is more confusing and less polite then "both, actually".

It's 'thAn "both, actually"' (use a lower case "A" though), and I disagree. It makes perfect sense to me. And all of my friends. But then again, they're decently smart. Even some self admittedly slow people I know would have easily figured it out in just a few seconds. ;-)

I suspect you understood it perfectly well also - but that would mean you're trolling.

Re:Shock - Big Business Lies

[RobertM1968]

According to the court papers, Microsoft is not lying here. Google Apps for Government really doesn't have FISMA certification, even though Google said it did.

According to the papers just filed, neither is Google:

A portion of Google's response: Even so, we did not mislead the court or our customers. Google Apps received a FISMA security authorization from the General Services Administration in July 2010. Google Apps for Government is the same system with enhanced security controls that go beyond FISMA requirements. As planned we’re working with GSA to continuously update our documentation with these and other additional enhancements.

And the confusion stems from this:

The Justice Department acknowledges that the General Services Administration (GSA) had certified a different Google offering, Google Apps Premier, for its own particular use under FISMA last July. As the DOJ's brief explains, "However, Google intends to offer Google Apps for Government as a more restrictive version of its product and Google is currently in the process of finishing its application for FISMA certification for its Google Apps for Government." Lest there be any doubt about the situation, the brief adds, "To be clear, in the view of the GSA, the agency that certified Google's Google Apps Premier, Google does not have FISMA certification for Google Apps for Government."

And finally, to clarify, GAfG is a subset of GAP (which does have FISMA certification).

Re:Shock - Big Business Lies

[msauve]

By "not the same," do you mean physically, or logically? ISTM, they'd use an identical "information system," but possibly consisting of physically separate servers. Again, by my reading on what FISMA is all about, that wouldn't matter - it seems to be concerned with architecture and procedures, not specific apps or physical devices.

Re:Shock - Big Business Lies

[recoiledsnake]

Did you even RTFA or your parent's post? The issue is about Google claiming something as FISMA compliant in court when it's not.

Re:Shock - Big Business Lies

[recoiledsnake]

Yep, and if you follow throught on the references, you'll find one to check for lies on pages 18, 29, and 37 of a linked PDF document. Unfortunately, they don't say which pages they mean - page 18 of the PDF is page 15 of the fax it was scanned from, which is page 11 of the original document.

From what I can tell, FISMA certification is for information systems, not applications. If Google runs "Apps for Gov't" on the same cloud infrastructure as their "Apps Premier," it would seem to qualify under the certification received for the latter. Is there really any difference between the two, except for marketing? From their website, any difference is not apparent.

The other references to Goog'e's websites do check out. If what you say is true then why is Google applying for FISMA certification again?

Re:Shock - Big Business Lies

[sexconker]

Technically correct. The best kind of correct.

Re:Shock - Big Business Lies

[UnknowingFool]

Did you read the brief at all? Both TFA and the summary are heavily biased and misleading. The brief which was filed by the DoJ says nothing about Google lying. The DoJ disagreed with Google on certain points but did not call them liars. I would think that if the DoJ thought Google lied, they would have the power to bring perjury charges against the company. Page 37-38:

First and foremost, GSAs certification of Googles cloud does not mean that the cloud is secure enough for DOI. FISMA certification is made on an agency-by-agency basis. . . . Yet that certification merely means that Google Apps for Government, assuming it even has FISMA certification, is secure enough for GSA. This fact has no direct impact upon whether the clouds security is sufficient for DOI. . . FISMA establishes a bare minimum level of security for information systems. . .The law permits and encourages agencies to impose additional requirements to account for their own unique security needs.

Where in there do you read that the DoJ called Google liars? The DoJ even concedes that Google has FISMA certification; but they say that FISMA certification alone isn't enough. The brief goes on for 89 pages including exhibits. There is not one mention of "lying" or "perjury" anywhere the brief. TFA and the summary are twisting words.

Re:Shock - Big Business Lies

[recoiledsnake]

>And finally, to clarify, GAfG is a subset of GAP (which does have FISMA certification).

Where did you get that it was a subset? Bolding something doesn't make it true.

Even if it were a subset, why did Google apply for certification again?

Re:Shock - Big Business Lies

[recoiledsnake]

Then why did Google re-apply for certification that they claim to already have?

Re:Shock - Big Business Lies

[msauve]

"why is Google applying for FISMA certification again?"

Because to a company of their size the cost is negligible, and they want to remove any ability for competitors to spread FUD?

Re:Shock - Big Business Lies

[recoiledsnake]

Did I say DoJ called Google liars? You just handwave about 'twisting words' but fail to say how.

Why do you have to trust someone when you have eyes to go read?
See here: http://www.google.com/apps/intl/en/government/trust.html

Google Apps for Government, now with FISMA certification.

That's not true(ergo a lie), because certification is pending and what actually got certified was a different product Google Apps for Premier. Now tell me why you think TFA and summary are lying.

Are you intentionally acting dense?

Re:Shock - Big Business Lies

[recoiledsnake]

After my other reply I found this in DoJ's document too.

On December 16, 2010, counsel for the Government learned that, notwithstanding Googles
representations to the public at large, its counsel, the GAO, and this Court, it appears that
Googles Google Apps for Government does not have FISMA certification.

That's legal speak for lying. You're the one twisting words.

Re:Shock - Big Business Lies

[grapeape]

That doesn't matter though...what matters is the exact product in question is what has to have certification, subset, superset even a simple version change doesn't matter they all have to be submitted for certification, google hadn't done that yet claimed it had...yes it was a "technicality" but in the eyes of the govt. and their sometimes ridiculous processes an important one.

Re:Shock - Big Business Lies

[iserlohn]

You're not familiar with government certification are you? If you're talking about stuff like EAL4+ compliance under common criteria, technically, every deployment need to be certified. However, you can certify a product as "the next best thing", but that certification is only valid for that particular version of software and it's tested environment, and most vendors use a special locked down mode to ensure compliance. Most people don't deploy EAL4+ devices in the real world under this mode as there are built in security controls such as the lack of remote management.

I expect the FISMA regulations to be just a anal retentive and arcane.

Re:Shock - Big Business Lies

[UnknowingFool]

Hello? That comes from TFA. It comes from a blog written by MS Corporate Vice President & Deputy General Counsel David Howard . It does not come from the DoJ. Click on that link to the PDF and actually read it.

Re:Shock - Big Business Lies

[recoiledsnake]

You need to read the PDF. It's on page 13. Read that page fully. DoJ is indeed saying Google lied.

Re:Shock - Big Business Lies

[RobertM1968]

That doesn't matter though...what matters is the exact product in question is what has to have certification, subset, superset even a simple version change doesn't matter they all have to be submitted for certification, google hadn't done that yet claimed it had...yes it was a "technicality" but in the eyes of the govt. and their sometimes ridiculous processes an important one.

No, what really matters is that Microsoft is clutching at straws to try to "win" the case or clear the injunction.

Re:Shock - Big Business Lies

[idontusenumbers]

Thanks you kind sir, whatever would we do without the grammar police! You have no idea the life changing impact your pointing out of this (unusual) mistake has has on my life! You are truly in my debt! As for the grammar police calling others trolls, wouldn't that be a little hypocritical?

Re:Shock - Big Business Lies

[mysidia]

That's legal speak for lying. You're the one twisting words.

the footnotes go on to say.... According to the GSA, Googles Google Apps Premier received FISMA certification on July 21, 2010. However, Google intends to offer Google Apps for Government as a more restrictive version of its product and, Google is currently in the process of finishing its application for FISMA certification for its Google Apps for Government.

In other words.... the less limited version of their product 'had FISMA' certification from an agency? HMM(!)

Re:Shock - Big Business Lies

[Runaway1956]

Come on - I'm working to understand all this - and suddenly you changed out one term for another. Is the application(s) in question FISMA COMPLIANT, or is it FISMA CERTIFIED? Perhaps the difference is to subtle for some people to understand, but it's enough to entirely wreck an argument.

Re:Shock - Big Business Lies

[recoiledsnake]

How does that excuse Google for falsely claiming that it had FISMA for Google Apps for Govt. when it did not?

Re:Shock - Big Business Lies

[RobertM1968]

Thanks you kind sir, whatever would we do without the grammar police! You have no idea the life changing impact your pointing out of this (unusual) mistake has has on my life! You are truly in my debt!

As for the grammar police calling others trolls, wouldn't that be a little hypocritical?

Oh, I admit I was at least partially trolling (the grammar part). But the rest, you've gotta admit, is true. So, perhaps you'll end up admitting you were trolling too. (ir)Regardless, doesn't change that you did. ;-)

Re:Shock - Big Business Lies

[Runaway1956]

Alright, read page 13. It doesn't look good for Google, but GSA falls short of calling Google liars. It's rather ambiguous. Premier was certified, and Government was even more restrictive and secure than Premier - perhaps Google believed that Government was automatically certified?

And, I'm mindful that the entire PDF is a motion filed by people hostile to Google - the PDF is not a definitive source of what is true or not true.

In short, I'm not convinced either way.

Re:Shock - Big Business Lies

[dimeglio]

If Microsoft can get certification, so can Google. If DOJ's requirements state FISMA is mandatory, they should allow them the chance to obtain this certification by a certain date.

Re:Shock - Big Business Lies

[idontusenumbers]

I was just letting our good friend Stuart know how his response of just 'yes' is regarded by readers of this site. There's nothing wrong with honesty.

Re:Shock - Big Business Lies

[cbhacking]

That's interesting. It also has absolutely nothing to do with the subject, except for the very last sentence you quoted. When something is certified, neither a subset nor a superset of that thing also receive certification. If Google did in fact claim that GAfG had FISMA certification before FISMA certification was granted to GAfG, then they were lying.

Re:Shock - Big Business Lies

[dudpixel]

unfortunately common sense isn't

Re:Shock - Big Business Lies

[brennz]

FISMA certified ( and accredited ) means a great deal more than security planning.

Certified means it was tested by an independent security tester to NIST 800-53, using 53A and all associated security pubs. I won't get into the specifics of the security testing required for this, but it is wide and primarily comprehensive*.

NIST's Risk Management Framework

NIST 800-53

Accredited means that a government executive read over everything, with the advice of government security engineers, and still thought it was a good decision to authorize government use. Government types are notoriously risk-adverse

NIST goes far beyond what you see in unregulated industries. If you don't understand the control set, you really are not qualified to speak. While there are other regulated industries that may have similar protections, they are few and far between.

* NIST control sets still need improvement in software security

Re:Shock - Big Business Lies

[Daengbo]

I remember back when MS had NT4 certified for gov't deployment by completely disconnecting every cable and locking down every service, then using that certification evidence for every deployment, whether the deployment was networked and locked-down or not, for not only NT4, but 2000 and XP.

I'm not saying that Google is right here and MS is wrong: I simply don't know enough about the system and gaming it. What Google's doing doesn't seem any different, though, and that was good enough for the government at the time. It's at least disingenuous on MS's part to claim foul.

Re:Shock - Big Business Lies

[Meski]

But for jokers that answer yes to "coffee or tea?" I have a special surprise.

Re:Shock - Big Business Lies

> has applied for the same certification but hasn't gotten it yet.

Why did you use the filler-word "gotten" instead of choosing a verb such as "received"?

Are you just lazy? Or do you genuinely have a restricted vocabulary?

Re:Shock - Big Business Lies

It is.

Re:Shock - Big Business Lies

[marcello_dl]

So google should have been more specific and the suddenly very precise MS could well start holding itself to the same standards of honesty that they are criticizing in google today.

Re:Shock - Big Business Lies

Honestly, you were being an pompous self-righteous ass.

Re:Shock - Big Business Lies

[Chrisq]

Are you talking about Microsoft or Google?

Yes.

What is it with that dumb as fuck 'Yes' meme shit?

Your lack of knowledge of boolean algebra disturbs me.

Re:Shock - Big Business Lies

[Chrisq]

Are you talking about Microsoft or Google?

Yes.

What is it with that dumb as fuck 'Yes' meme shit?

It's not a meme, it's been around a long time, it's an answer to both. To clarify if you don't get it: "Are you talking about Microsoft of Google?" Yes, both Microsoft AND Google were being referenced.

Oh for Shiv's sake:

True OR false == TRUE

Its a joke for those who understand boolean algebra

Re:Shock - Big Business Lies

[Kilrah_il]

The full footnote (Page 13, footnote 3) says:

3
  On December 16, 2010, counsel for the Government learned that, notwithstanding Googles representations to the public at large, its counsel, the GAO, and this Court, it appears that Googles Google Apps for Government does not have FISMA certification. See Attachments 1-5 to this motion. We immediately contacted counsel for Google, shared this information and advised counsel that we would bring this to the Courts attention. According to the GSA, Googles Google Apps Premier received FISMA certification on July 21, 2010. However, Google intends to offer Google Apps for Government as a more restrictive version of its product and, Google is currently in the process of finishing its application for FISMA certification for its Google Apps for Government. See Attachment 3. To be clear, in the view of GSA, the agency that certified Googles Google Apps Premier, Google does not have FISMA certification for Google Apps for Government. Attachment 3

I personally understand this as saying that the DOJ noticed that Google does not have FISMA certification (and indeed is close to calling them lairs). However, upon contacting Google, it found that GA Premier does have certification, while GA for Government does not.
These are the facts. My personal interpretation? Google had FISMA certification for Premier and since GA for Government is a restricted version of Premier, thought/hoped it can be presented as having the same certification, while in reality it is pending. Whether this was an honest mistake, a bit of truth-bending or outright lying is left to the reader's discretion.

Re:Shock - Big Business Lies

[UnknowingFool]

You need to read the whole paragraph carefully. And then search for "lying" or "mistruth" or "perjury". You won't find it. Google Apps Premier is FISMA certified. Google Apps for Government is not. Google said that Google Apps is FISMA certified. In the same vein, SCO can claim SCO Unix is Unix certified and Apple can claim that OS X is Unix certified. Now if SCO claimed that SCO Unix is UNIX03 certified, they would be lying as it is only UNIX95 certified. As for Apple, only Leopard on Intel and Snow Leopard are UNIX03 certified while other versions are not. Google should have put in an asterisk to specify which version but technically what they said is true.

Again if the DoJ thought Google was lying, you would think there would harsher language about their truthfulness. They would have put in more than a footnote about it. As a comparison, this is from the Kitzmiller v Dover decision where the judge felt witnesses had lied. He minces no words about it.

. . . the record reflects that these witnesses either testified inconsistently, or lied outright under oath on several occasions, and are accordingly not credible on these points. . . the inescapable truth is that both Bonsell and Buckingham lied at their January 3, 2005 depositions . . . It is ironic that several of these individuals . . . would time and again lie to cover their tracks. . .

At the end of the trial Judge Jones recommended to the US DA that perjury charges should be filed. I would think if the DoJ felt that strongly about Google lying they would pursue charges themselves.

Re:Shock - Big Business Lies

[UnknowingFool]

They applied for certification for a different version. Due to red-tape they probably have to even if changes are minor in Google's eyes but not in the Government's. Most certification processes normally dictate when re-certification needs to occur and it's sometimes a pain.

Re:Shock - Big Business Lies

[recoiledsnake]

Google said that Google Apps is FISMA certified

Wrong, the blog entry gives multiple examples of Google claiming that Google Apps for Goverment is FISMA certified. See just below the title here for one example. http://www.google.com/apps/intl/en/government/trust.html

Is that a lie or not?

Maybe the DoJ didn't feel it was worth it to pursue charges, but that paragraph in the footnote does show that they think Google was lying.

Re:Shock - Big Business Lies

[recoiledsnake]

That might be true, but how does that give Google the right to claim it is already FISMA certified?

Re:Shock - Big Business Lies

"I can't think of a reason, therefore the reason MUST be nefarious!"

Re:Shock - Big Business Lies

[uninformedLuddite]

So what is lying to the Judge and perjury really mean in todays courts? zip, zero, nada, nothing.

Not if you or I did it

Google's lawsuit is dumb

[bonch]

I always thought Google's lawsuit was dumb. Government agencies are free to choose Microsoft software if their sysadmins wish to use Microsoft software. Google's response was to criticize that software and tout their own. However, the government is a customer too and is free to choose a product that happens to be in the unique position of having competitors who think their products are better.

Accusations of government favoritism from Google are particularly ironic considering the numerous ties they have to the Obama administration. That there wasn't actually a FISMA certification to begin for Google Apps for Government--the certification was for Google Apps Premier, so Google has quietly filed again for the correct software--just caps the silliness of the whole thing.

Here's the relevant text in the court documents:

On December 16, 2010, counsel for the Government learned that, notwithstanding Google’s representations to the public at large, its counsel, the GAO, and this Court, it appears that Googles Google Apps for Government does not have FISMA certification. [...] We immediately contacted counsel for Google, shared this information and advised counsel that we would bring this to the Courts attention. According to the GSA, Googles Google Apps Premier received FISMA certification on July 21, 2010. However, Google intends to offer Google Apps for Government as a more restrictive version of its product and, Google is currently in the process of finishing its application for FISMA certification for its Google Apps for Government. [...] To be clear, in the view of GSA, the agency that certified Google’s Google Apps Premier, Google does not have FISMA certification for Google Apps for Government.

Re:Google's lawsuit is dumb

[doconnor]

"However, the government is a customer too and is free to choose a product that happens to be in the unique position of having competitors who think their products are better."

The government isn't free to choose. Government have to follow strict regulations in purchasing to insure it gets the best value for money, doesn't show any favoritism and prevent corruption. One can debate the effectiveness of the regulations, but they are there for a reason.

Re:Google's lawsuit is dumb

[Desler]

Yes, and Google's App Platform for Government wasn't FISMA certified and thus wasn't qualified to be bought. Then Google sues and lies about having that certification. I'm seeing no reason why Google's lawsuit should be entertained at all. Especially since if this were Microsoft doing exactly what Google is doing the S

Re:Google's lawsuit is dumb

[Dhalka226]

However, the government is a customer too and is free to choose a product that happens to be in the unique position of having competitors who think their products are better.

Sort of.

The government is a customer, but it's not any customer. It has a legal obligation to pay the least amount of money for whatever solution they need, and therefor there are only three possible reasons a department should choose Company A over Company B: 1) Company B's product does not meet the requirements; 2) Company B's product would cost more than Company A's; 3) Company B has previously operated in bad faith or incompetently with the government, meaning that even though theirs was the cheapest and technically meets the requirements, there is good and documented reason to go with another provider.

In that sense, "criticiz[ing] that software and tout[ing] their own" is actually a necessary step of the process. Either Google's offering was more expensive and they want to argue that Microsoft's does not properly meet the requirements, or (probably more likely) Google's was cheaper and they're trying to show that they do. If Microsoft's doesn't, that's fine too -- it's another path to the same victory.

Re:Google's lawsuit is dumb

[Attila+Dimedici]

Government agencies are required to place most purchases out for bid (and this is one that must be placed out for bid). What would you think of a government agency that put its need for vehicles out to bid in the following manner, "We are requesting competitive bids to replace our fleet of vehicles. All vendors are encouraged to submit bids. We are looking for 10,000 vehicles. Here are the specifications: GMC Yukon."
Except of course that it is worse than that. They put out a list of specifications that included things that MS Office does not have (FISMA certification). Now while according to this article Google Apps for Government does not yet have FISMA certification, Google Apps Premier (upon which Google Apps for Government is based) does. On the other hand, according to earlier postings here, no version of MS Office has FISMA certification. If this latter is not true, then Google's lawsuit is dumb. If on the other hand, it is true, then Google has a valid point.
On the other hand, Google appears much more savvy at greasing the wheels of government than Microsoft was at a similar stage of corporate development, which is cause for concern.

Re:Google's lawsuit is dumb

[softWare3ngineer]

also. Best value and lowest price are two different things.

Re:Google's lawsuit is dumb

[brennz]

GSA, the lead government agency for acquisition, certified and accredited Google according to FISMA.

The question is really whether or not GSA can do that (Certify and accredit for the entire US govt), and whether or not any agency can arbitrarily add their own unique security requirements(DOI excluding)

Re:Google's lawsuit is dumb

Pedant/FYI: (feel free to ignore)
"The Government has to follow strict regulations in purchasing to ensure that it gets the best value for money, doesn't show any favoritism and to prevent corruption"

(You could have also said: "It has to follow..." or "They have to follow..." depending on your local pluralism habits.)

Re:Google's lawsuit is dumb

I hope this truly is anonymous.

You are correct in saying "Government have to follow strict regulations in purchasing to insure it gets the best value for money, doesn't show any favoritism and prevent corruption" but let me precede that by saying that I'm a government employee and that I work in a position that is part of the procurement process.

Here's how it works: You go to company A, who develops an awesome product and one you really wish to purchase. It's more expensive than you'd like, but it's been tested and it works. But, since you need to get the government the best deal it possibly can you also need to get competing quotes against said product. The easiest way to get around that liability is to simply "game" the system. You go to vendor B & C (which produce vastly inferior products, or products that are similar but flat out won't work for whatever reason) and ask for comparable quotes. You *know* vendor B's products are 10x the markup on vendor A's, so immediately they don't have a shot. Vendor B's prices are actually MUCH cheaper, but you know they make a killing on their vendor supported contracts, which are 3x as expensive as vendor A's contracts. So you include contract support in both quotes and suddenly vendor A is tens-of-thousands of dollars less.

It happens _all_ the time. Better yet, you can simply request a form letter that allows you to bypass any competitive bidding completely and just purchase from the vendor as single-source.

Does it happen because we're getting our palms greased with easy money and kickbacks? Not at all, we're not politicians. It happens because of the bureaucratic process we're all required to go through just to get the items we need. Would you buy a house built by the lowest bidder? Sure it'll meet the basic requirements (shelter, protection, stability) but it's built out of asbestos and the floor is made of tar & straw. Or, would you look around and find something that *works*, fits your needs and is competitive to the price you're willing to pay without feeling like you've just been ripped off? If we all took the government motto of "get the best value for the money" we'd all be living in mobile homes. It may be the cheapest thing out there, but I wouldn't recommend it.

That's government purchasing in a nutshell.

Re:Google's lawsuit is dumb

No the bigger question is what exactly Google said in the filings. Google Apps Premier was certified, Google Apps for Government isn't yet.
If Google said they have an offering that is FISMA certified they are fine, if they said Google Apps for Government is FISMA then they will have a complicated court fight.

Re:Google's lawsuit is dumb

[doconnor]

What I meant to write is "Governments have".

I don't think adding "to" is correct. The list follows on "ensure that it" and "ensure that it to prevent corruption" doesn't make sense. I guess I should have said "prevents corruption".

Then, again I'm terrible at grammar. I have a whole blog full of errors like this.

Re:Google's lawsuit is dumb

[Leebert]

The question is really whether or not GSA can do that (Certify and accredit for the entire US govt)

Ultimately, it boils down to whether or not an Agency authorizing official will sign an authorization to operate (ATO) for their agency to use the system. Google isn't asking Agencies to just use it willy nilly; while GSA has provided an ATO, the ATO is limited in scope, and only covers specific controls (albeit most of them). There are, however, still specific controls that an agency must implement (like HSPD-12 compliant authentication for its users). Thus there is a unique specific implementation for each agency, and each agency issues an ATO for the combined mess. It's the concept of "accountability cannot be outsourced." The value in the GSA ATO is that those controls can largely be assumed operational, as they've already been assessed and are being monitored by GSA. Thus, it makes the agency's assessment, ATO, and continuous monitoring much simpler.

If you aren't familiar, you might find this interesting:

http://www.cio.gov/pages.cfm/page/Federal-Risk-and-Authorization-Management-Program-FedRAMP

Of course, this is the present, that is the past.

Re:Google's lawsuit is dumb

[tomhudson]

Yes, and Google's App Platform for Government wasn't FISMA certified and thus wasn't qualified to be bought. Then Google sues and lies about having that certification. I'm seeing no reason why Google's lawsuit should be entertained at all. Especially since if this were Microsoft doing exactly what Google is doing the S

First, Google Apps was FISMA certified in July of last year. This is about a subset of Google Apps (because the gov't. doesn't want everyone using the whole shebang). It would be like Microsoft getting Microsoft Office.Net (or whatever they call it this week) certified, then someone complaining that Microsoft Word.Net isn't.

Second, Microsoft doesn't have ANY FISMA certification, so if certification were a requirement, Microsoft cannot bid.

More here

Re:Google's lawsuit is dumb

[ozmanjusri]

Google's App Platform for Government wasn't FISMA certified and thus wasn't qualified to be bought.

Neither is Microsoft's.

Re:Google's lawsuit is dumb

[recoiledsnake]

Yes, and Google's App Platform for Government wasn't FISMA certified and thus wasn't qualified to be bought. Then Google sues and lies about having that certification. I'm seeing no reason why Google's lawsuit should be entertained at all. Especially since if this were Microsoft doing exactly what Google is doing the S

First, Google Apps was FISMA certified in July of last year. This is about a subset of Google Apps (because the gov't. doesn't want everyone using the whole shebang). It would be like Microsoft getting Microsoft Office.Net (or whatever they call it this week) certified, then someone complaining that Microsoft Word.Net isn't.

Second, Microsoft doesn't have ANY FISMA certification, so if certification were a requirement, Microsoft cannot bid.

More here

It's not a subset, it's substantially different, your analogy is completely broken. Apps for Govt has a completely different separate cloud for security.
And it was certified for a limited scope anyway.

The issue is not about whether certification is a requirement or not or whether microsoft can bid or not, it is about Google blatantly lying on its websites and in documents submitted to the court about the certification. Did Microsoft lie about having certification?

The linked Google's response is pretty weak and does not address why Google applied for a new FISMA certification for Apps for Govt when it now claims it's just a more restrictive form of Apps Premier. Looks like it's sidestepping the issue and the anti-MS folks like you are lapping it regardless of the truth.

Re:Google's lawsuit is dumb

[recoiledsnake]

But Microsoft didn't falsely claim their's was certified, which Google did.

Re:Google's lawsuit is dumb

> Microsoft Office.Net

Whatever they call it this week? You mean, Office with the year attached for the last 15 years? They've never called it Office.Net you stupid faggoty Linux cock smoker. Go drink the gay cum asshole.

Re:Google's lawsuit is dumb

[tomhudson]

It's the same code base, just running on a different set of servers.and with some functionality removed.

Re:Google's lawsuit is dumb

[tomhudson]

Microsoft originally developed (but never released) a hosted cut-down version of office a decade ago. So stop being an ignoramus.

Re:Google's lawsuit is dumb

[517714]

Microsoft's offering, Business Productivity Online Standard, was not FISMA certified either. The suit seems legitimate, regardless of their claim about their own certification.

Re:Google's lawsuit is dumb

[recoiledsnake]

FISMA looks at servers, physical security and infrastructure too, not just code.

Re:Google's lawsuit is dumb

[tomhudson]

And the servers, etc., are just duplicating an existing instance. As another article makes clear, this is mostly a paperwork issue.

Microsoft knows that it's lost the war to maintain its' monopoly. Now it's a question of fighting individual holding actions, to preserve as much as possible, for as long as possible.

By next year, not only will there be more devices shipping with linux than Windows, but when HP makes all their line dual-boot between their webOS linux variant and windows, linux will become the #2 shipping desktop OS, surpassing Apple.

After that, in 2013 you can be sure that the other manufacturers will follow suit. What that means is that on April 8th, 2014, when Microsoft finally kills off XP, most of those corporate users won't be switching to Windows. They'll have replaced those devices with a combination of tablets, smartphones, and desktops that run linux. Already, 12% of all iPad users are in corporations, and 1/3 of them are using their tablets as replacements, abandoning their desktops and laptops. It turns out that most managers don't need a desktop. It's not like they write long emails ...

Re:Google's lawsuit is dumb

[recoiledsnake]

> As another article makes clear, this is mostly a paperwork issue.

That doesn't give Google the right to make false claims to the public and court. If this was MS, people here would be running over each other to call it blatant lying and manipulation.

>Already, 12% of all iPad users are in corporations, and 1/3 of them are using their tablets as replacements, abandoning their desktops and laptops. It turns out that most managers don't need a desktop. It's not like they write long emails ...

I don't know why Linux types support things like iPad just because of their irrational hate of MS. Things like iPad are much more worse than Windows. Anyway do you have a reference for ' 1/3 of them are using their tablets as replacements, abandoning their desktops and laptops' ?

Re:Google's lawsuit is dumb

[tomhudson]

Google didn;t lie - they said that they have certification, and they do.

Also, for the stats, google is your friend. Just like it's predicted that linux=based tablets will eventually surpass apple-based (just like linux-based smartphones have surpassed the iiphone).

Re:Google's lawsuit is dumb

[Desler]

Yeah a suit based on lying and deception clearly seems legit. Oh wait, it's because it's Google and anything they do can be spun to be okay.

Re:Google's lawsuit is dumb

[517714]

You implied that lack of FISMA certification meant the product was not qualified to be bought. The FISMA certification was, according to the DOI documents, to be achieved after the contract was made. It is not really a relevant issue in the suit. The DOI sole-sourced Microsoft's product rather than issuing a competitive bid request. Both sides are spinning the side issues, but if you pay more attention to the side issues than the main issue you have been suckered.

Re:Google's lawsuit is dumb

[MeateaW]

Office XP? O RITE !! office 2002 ...

Re:A link to google statement on this

[Rene+S.+Hollan]

goatse warning.

Goatse link

[recoiledsnake]

Don't click.

probably a silly question

'... it appears that Google's Google Apps for Government does not have FISMA certification.'"

aren't they sure?

Re:probably a silly question

[Americano]

Legalese. The court makes findings of fact. The lawyers make claims about what they believe the facts to be, and supply evidence to support their claims.

To a lawyer, "it appears that Google lacks FISMA certification." In a court's findings, they will uphold or deny this claim, based on the evidence presented. If they find that Google does not have that certification, and that claim of certification is a key component of Google's case, their entire case could well be thrown out.

Re:probably a silly question

TFA points out that only DoJ has reviewed this and concluded that this is not the case. So, Microsoft has not verified this themselves nor have the court.

Re:A link to google statement on this

[YodasEvilTwin]

Link is goatse

Double-standards

Google does this, it's "Nothing to see here, you shouldn't be surprised, move on, move on"

Microsoft does this, "omg .. did you see what they did! remember this day, and USE IT IN COMMENTS FOR THE NEXT SEVEN YEARS"

Re:Double-standards

[HBI]

Past history, track record, yadda yadda. Microsoft has done little (read: nothing) to regain credibility after their past transgressions. They've crushed software innovation for the last 25 years in the interest of their bottom line, using both legal and illegal methods.

They don't get the benefit of the doubt for a reason.

Re:Double-standards

[Nerdfest]

From what I can see, it's a bit shaky, although it seems to be technically true. I read the TFA (sorry). From what I can see, this is the crux of it:

According to the GSA, Googles Google Apps Premier received FISMA certification on July 21, 2010. However, Google intends to offer Google Apps for Government as a more restrictive version of its product and, Google is currently in the process of finishing its application for FISMA certification for its Google Apps for Government.

Basically, Google Apps *is* FISMA certified, but a more restrictive version called "Google Apps for Government" is not yet through certification. I didn't read the entire attached document, but this looks like the real meat of it.

Re:Double-standards

[future+assassin]

Not quite. I don't like MS and do prefer Google as a company BUT if they out right lied then they should be punished accordingly. If they keep on doing it then its time to support someone else who can do business with out lying or borderline breaking laws.

Re:Double-standards

Oh really? Let us see who MSR employs and enables to do unencumbered research?

SPJ - haskell, Tony Hoare - Quicksort, Shotton - Kinect (this made it to actual consumers btw), Niraj Kayal (the K in AKS). MSR was itself responsible for ClearType (Windows XP), Surface and a slew of others tools you take for granted. for a more comprehensive list: http://www.quora.com/Microsoft-Research/What-products-have-come-out-of-Microsoft-Research

If you close your eyes, it doesn't mean the room is empty.

Re:Double-standards

[Jeek+Elemental]

Sure, Ill take some double standards, looks good next to my giant bias.
I dont remember swearing to treat evil crap companies the same as decent ones.

Re:Double-standards

[brennz]

The truth of the matter is more simple.

Google went through the agonizing process of FISMA that is very stringent compared to jokes like a SAS 70 type 2. Microsoft did nothing. DOI does not have a FISMA certified private or govt cloud.

DOI determined they would add in their own unique security requirements for a yet-unbuilt cloud solution that had never been certified for FISMA. Basically a joke of a to-be solution.

Google cried foul, claiming they had already passed the FISMA qualification, something no other cloud vendor had done at the same time period. Google claimed a certified solution like their cloud could not be compared against a non-existent pipedream cloud.

Re:Double-standards

We know that MSR is the good part of MS.

Re:Double-standards

What msr has done is completely orthogonal to redemption from microsoft's crimes. In light of that, their continued patent trolling, buying ISO, etc. I agree with the GP.

Re:Double-standards

Well, it's a bit more specific. Google sued the government because they did not look at Google Apps for Government. The government claimed that they didn't because Google Apps for Government lacked FISMA certification. In their lawsuit Google claimed that they did. In that context, whether or not Google Apps for Government was certified or Google Apps Premier was certified it becomes an issue of credibility for their entire lawsuit.

Re:Double-standards

Google went through the agonizing process of FISMA that is very stringent compared to jokes like a SAS 70 type 2. Microsoft did nothing. DOI does not have a FISMA certified private or govt cloud.

Irrellevant. Microsoft's product had already been proven to be able to be FISMA certified per the court documents from DOI. It also indicates that any solution cannot be FISMA certified until it is built. Whatever solution is eventually bought must past FISMA certification afterwards.

Google cried foul, claiming they had already passed the FISMA qualification, something no other cloud vendor had done at the same time period. Google claimed a certified solution like their cloud could not be compared against a non-existent pipedream cloud.

Actually, no they didn't. Google passed FISMA for Google Apps Premier not Google Apps for Government. Also, the DOI requirements were in the RFQ at the beginning. The FISMA certification was not relevant to whether Google Apps for Government was chosen or not. It was the fact that Google indicated Google Apps would co-mingle Federal, State and Local governments in that cloud. THAT was the deal breaker, not the FISMA cert or lack thereof. DOI required that only Federal be allowed and this was indicated in the RFQ. FISMA certification is per agency also. The GSA's certification is meaningless beyond the fact that it indicates a particular product *can* be certified.

Re:Double-standards

Another .NET idiot trying to defend the transgressions of Microsoft.

Re:Double-standards

AT&T had Bell Labs, but that doesn't mean AT&T (the corporate monopoly prior to break-up) didn't also stifle the market and screw over customers.

Re:Double-standards

Didn't Google Apps for Government appear after this lawsuit, as a result of discovery that Google Apps hosted content outside the US?

Re:Double-standards

[aztektum]

MS's BPOS were not FISMA certified back when they were awarded the contract (they still aren't).

If that was really a requirement by DOI, neither should have gotten the nod.

Re:Double-standards

[martin-boundary]

Blameless company does this, it's "Nothing to see here, you shouldn't be surprised, move on, move on" Convicted monopolist does this, "omg .. did you see what they did! remember this day, and USE IT IN COMMENTS FOR THE NEXT SEVEN YEARS"

FTFY.

Re:Double-standards

Logical conclusion: A lot of those Slashdotters are also GOOG stockholders.

Re:Double-standards

[iserlohn]

Did you read the comment surrounding this? it's looks like classic Microsoft FUD as usual.

Re:Double-standards

Google does this, it's "Nothing to see here, you shouldn't be surprised, move on, move on"

Microsoft does this, "omg .. did you see what they did! remember this day, and USE IT IN COMMENTS FOR THE NEXT SEVEN YEARS"

Let me translate that into WWII terms:

The Allied does this and it's "war efforts", "succesful campaigns" etc.

The Axis does this and it's "Look how inhumane these fascist pigs are".

[sarcasm]
You maybe onto something here... what's with this penchant for constant complaining about evil guys? Give them a break, will'ya? Bad people are still people and have feelings, don't you know that?
[/sarcasm]

Re:Double-standards

[517714]

The suit is about being "considered", not about being "chosen". Google was not considered, only Microsoft offerings were considered. The DOI should have issued the RFQ with whatever restrictions they wanted short of a specified product and chosen from the bids. They did it wrong. http://www.scribd.com/doc/40513712/Google-v-US-Complaint

Re:Double-standards

[a_hanso]

MSR was itself responsible for ClearType (Windows XP), Surface and a slew of others tools you take for granted

I for one, would *never* take Surface for granted.

Re:A link to google's statement on this

[YodasEvilTwin]

Link is goat se

DONT CLICK

DONT CLICK LINK.

Re:A link to google's statement on this

NSFW

Re:A link to google statement on this

do not click link. goatse alert

Re:A link to google's statement on this

You're a fucking douchbag.

While this may become news, is it news yet?

[Saishuuheiki]

While I don't doubt that this story is worth mentioning if Google didn't have the certification and claimed it did, is it worth mentioning yet?

While this may be what happened, even the author is vague about it. This seems like a Glenn Beck style story of "I'm not absolutely sure, but I heard "

Re:A link to google's statement on this

[rveldpau]

That is the most accurate comment yet

Re:A link to google's statement on this

here

you fucker

nice goatse

nice i thought it probably was just as i clicked.

Re:A link to google's statement on this

I don't think Google actually responded with a goatse.

Fine print & commentary

[brennz]

GSA certified and accredited Google Apps (FISMA certification)
GSA is the lead agency for acquisition for the US Govt
GSA met several the NIST standards at the moderate level
DOI claims that the GSA certification doesn't meet their specific standards and they have to have a govt only cloud in the continental US.
DOI security has been the laughingstock of the US govt for as long as I can remember*

DOI disconnected from the internet by a federal judge for complete failure in IT security

Re:Fine print & commentary

You might want to read the court docs from the DOI...

"On December 16, 2010, counsel for the Government learned that, notwithstanding Googles representations to the public at large, its counsel, the GAO, and this Court, it appears that Googles Google Apps for Government does not have FISMA certification. See Attachments 1-5 to this motion. We immediately contacted counsel for Google, shared this information and advised counsel that we would bring this to the Courts attention. According to the GSA, Googles Google Apps Premier received FISMA certification on July 21, 2010. However, Google intends to offer Google Apps for Government as a more restrictive version of its product
and, Google is currently in the process of finishing its application for FISMA certification for its Google Apps for Government. See Attachment 3. To be clear, in the view of GSA, the agency that certified Googles Google Apps Premier, Google does not have FISMA certification for Google Apps for Government. Attachment 3."

So in short, Google Apps Premier is FISMA certified but was not the product being offered to DOI. Google Apps for Government is NOT FISMA certified but Google claimed it was. The GSA certification is meaningless if the product you are selling is different from the one certified and in any case only shows that the product provides the bare minimums. Each department is allowed to require additional security if they so desire and this was indicated in the RFQ. Considering this department's problems with security you don't think they should ask for more than the bare minimum?

Re:A link to google's statement on this

Totally not goatse!

JK, of course it's goatse. Don't click.

Re:A link to google's statement on this

goatsex alert!

Typical /. reaction

[robot256]

A story about Google doing something wrong gets spammed with goatse links...who'da thunk it?

Grasping at straws

[tpotus]

Reading the summary makes gave me the imrpession that microsoft really has decleared open season on Google internally. As MS can't compete by product quality, they do what they do best: Spin, FUD and judicial assault.

Re:Grasping at straws

Reading the summary makes gave me the imrpession that microsoft really has decleared open season on Google internally. As MS can't compete by product quality, they do what they do best: Spin, FUD and judicial assault.

Uhm.. you accedentially switched the companies there. The story is about Google having been caught lying in their lawsuit against US Government because they lost a deal with their product offering.

Ah.. ninjaedit: My sarcasm meter might be off.

Re:Grasping at straws

[Raffaello]

Except Google was not caught lying. We have Microsoft claiming that Google lied, nothing more.

Re:Grasping at straws

Agreed. Anybody and everybody that has a stake in the future of computing being a level playig field where unencumbered innovation can happen needs to declare war on Microsoft and hit them (legally) in every way they can. Don't keep wiping viruses off of your family's computers. Don't opt for MS at work as the "safe" solution. Don't install pirated copies of their stuff on people's computers. Microsoft deserves to be plowed under with extreme prejudice.

Re:Grasping at straws

Except Google was not caught lying. We have Microsoft claiming that Google lied, nothing more.

This is untrue. Quoted and linked even in the summary: "There for all to see was a statement by the Department of Justice contradicting Google on one of its basic FISMA claims"

Re:Grasping at straws

As MS can't compete by product quality, they do what they do best: Spin, FUD and judicial assault.

Yeah, because everyone wants to use command line applications and text editors that belong to the 1980s.
Oh, my bad! You're talking about Google, carry on.

Re:Grasping at straws

[517714]

They didn't lose, they weren't allowed in the competition - that is the real story. Microsoft is trying to get people believe that there is some other issue/story, they even managed to distract you from the real story. DOI issued a RFQ that specified Microsoft product only rather than stating the requirements and accepting one on its merits, Google believed DOI was not acting properly.

Re:Grasping at straws

Did you read beyond the summary? Did you read the actual statements by Google, Microsoft and the DOJ? It is possible for a statement to be misinterpreted (deliberately or accidentally), and for a different statement to be in contradiction with one interpretation but not another. Rarely are issues like this so easily dismissed. "Oh, the DOJ said X, and Microsoft said that X means Y, so it must be true that the DOJ was talking about Y." Plus, if the DOJ's word were absolute, why allow people to sue them?

Wellll.....maybe

[magbottle]

Federal News Radio

They (Google) seem to think that Google Apps for Government _is_ Google Apps Premier with some additional security aspects that do not disqualify the application suite's FISMA certification.

Overblown, see pdf

Taken from the pdf

According to the GSA,
Googles Google Apps Premier received FISMA certification on July 21, 2010. However,
Google intends to offer Google Apps for Government as a more restrictive version of its product
and, Google is currently in the process of finishing its application for FISMA certification for its
Google Apps for Government.

So the original was certified, but the repackaged version for the government was not.

Re:Overblown, see pdf

Maybe from a technical aspect. But from a compliance and legal aspect, it puts Googles entire case in doubt.

Re:A link to google's statement on this

I had the same thought as you. What a fucking asshole. The link is nsfw.

Not entirely accurate

[insidious777]

If you read the brief, it's actually not quite as simple as Google "does not have FISMA certification." FISMA certification is per-agency, and Google *has* FISMA certification for GSA. Google *does not* have FISMA certification for any other agency. Each agency makes its own determination. It also appears that FISMA is a minimum for information security, so agencies can require more than FISMA if they want to. (Refer to brief pages 37-39 for the details on FISMA.)

Re:Not entirely accurate

It also appears that FISMA is a minimum for information security

As far as I can tell it's uncontested that the Microsoft products involved do not have FISMA certification so if FISMA certification is a minimum then the contract should not have been awarded to them.

Re:Not entirely accurate

[insidious777]

Right.

Google doesn't have the FISMA certification *for DOI*, which is the only FISMA certification that really matters in this case.

Google *could* argue that they should have been given the certification, since they have FISMA for GSA, but I think that would be a stretch.

Re:Not entirely accurate

[insidious777]

Err, I definitely read "Google" in the parent post instead of "Microsoft". Stupid dyslexia.

Re:Not entirely accurate

The FISMA certification was not a requirement. The product just had to be able to be certified. DOI determined that the Microsoft product could achieve FISMA certification and according to the court docs it has done so. 1st paragraph page 28.

"DOI never mentioned pre-FISMA certification as one of its requirements. See AR170-171. Rather, its requirements merely note DOIs obligation to meet FISMA and other security requirements. The agencys Limited Source Justification explains that DOI merely wanted to establish the vendors “[a]bility to comply with security requirements defined by FISMA.” AR847 (emphasis added). Indeed, as is discussed below, a dedicated cloud would never be FISMA-certified prior to its procurement and implementation.6 [redacted] simply determined that Microsoft was capable of meeting FISMA standards – a finding that has been borne out by subsequent events."

Re:A link to google statement on this

[recoiledsnake]

goatse warning.

Nope, that's a picture of Larry Page making a statement about this.

Re:A link to google's statement on this

[sa1lnr]

here

you fucker

you sucker. :)

proof?

[dwater]

Being wrong is not the same as lieing. Furthermore, I would imagine it is very difficult to prove someone deliberately lied.

Re:proof?

[Rockoon]

Being wrong is not the same as lieing.

Being wrong on purpose is.

Furthermore, I would imagine it is very difficult to prove someone deliberately lied.

Thats another matter entirely. This allows people to be wrong on purpose without you (apparently) thinking that they are a liar.

Re:proof?

[dwater]

Being wrong is not the same as lieing.

Being wrong on purpose is.

well, der. that is the very definition of 'lieing'

Re:proof?

Furthermore, I would imagine it is very difficult to prove someone deliberately lied.

Except for politicians.

Re:A link to google's statement on this

[CTU]

I am sick and tired of that crap on /.

can we start banning people who post that hiding it behind a url shortening link like goo.gl?

Re:A link to google's statement on this

[CTU]

here

you fucker

Why can't people post this instead?

blog: "Microsoft on the issues"

[demonbug]

Now there's an unbiased source of news.

This may be true, Google might have lied (on purpose or by accident), but can't we at least come up with a source that isn't so obviously biased?

Re:blog: "Microsoft on the issues"

...but can't we at least come up with a source that isn't so obviously biased?

How about, maybe, the DoJ?

Actually, if you RTFA, the author does lay it out rather clearly why he thinks Google is lying (although he does so a bit more diplomatically than this headline suggests).

Only very religious people

[no-body]

take Microsoft serious, pay

.. and believe

Google in the right

Poster is a troll, the DOJ say they have certification for 'Google Apps premium' which is THE SAME PRODUCT, all of these Google apps for this and that are all just marketing names for the same product with different prices.

So the original article is misleading, and poster doesn't even mention that actually they DO HAVE Certification for Google Apps Premium, he wants you to believe they don't have it certified.

So DOJ tries to riggle out of the contract by claiming its a different product, Google says, no its the same, and we'll submit for certification to show its the same, and original story claims that the act of applying is proof that it's not certified.... which is rubbish.

What I want to know is why the games here? Why not just consider Google apps, why try so hard to choose Microsoft? What's in it for them to choose a more expensive option here and then try these tricks to justify that choice?

Oh come on, sure they do

[dave562]

It's just in Beta still.

Slightly OT

[guspasho]

So pulling back a bit and looking at the big picture: has there been a significant increase in the number of petty corporate lawsuits or is it just my observational bias, IE reading too much Slashdot?

Pot and Kettle

[madmark1]

Microsoft Chief Council says Google Lied in Court...

Pot, meet kettle...

As usual, the headline is a bit misleading, and certainly leaves out a large part of the story. Google Apps Permier has been FISMA certified by the GSA, so when you go to the Google website and look, and it says "Now FISMA certified", they aren't lying. They really are FISMA certified. However, FISMA is not a blanket certification. The DoI does not have to accept the FISMA certification of the GSA, it can decide to do its own testing if it wishes. This doesn't change the fact that Google Apps Permier has in fact attained FISMA certification.

The second tricky bit is Google Apps for Government, a product that didn't exist at the time the court case started. The law says (and the brief points out) that FISMA certification cannot be attained until after implementation of the product, and thorough testing. So, in that case, Neither Microsoft's offering, nor Google Apps for Government, is FISMA certified, nor could they have been at the time. Now, Google Apps Premiere was certified, and Apps for Government was going to be done under a more restrictive set of security constraints, so it would have likely passed too. What I have to wonder though, is did Google lie, and say Google Apps for Government had the FISMA cert, or did they say "Google Apps is FISMA certified", which is true?

I have to come down on the side of the Microsoft lawyer playing this up for far more than it should be.

Re:Pot and Kettle

[sangreal66]

What I have to wonder though, is did Google lie, and say Google Apps for Government had the FISMA cert, or did they say "Google Apps is FISMA certified", which is true?

Why wonder? It is demonstrated in the attachments. Example:

Google Apps for Government, now with FISMA certification

The representative from the GSA who granted the certification also clearly states in emails that Google Apps for Government is not certified by their department (as you mentioned, it could not be).

Re:Pot and Kettle

[madmark1]

And? The fact is, Google Apps for Government may well be FISMA certified now. Conveniently, the Microsoft attorney (and you, apparently) seem to think that time stands still. Back when this was originated, it may not have been FISMA certified, but is now, so their page accurately reflects NOW with FISMA certification.

Not to mention the fact that they may have not claimed Apps for Government was certified, but only Google Apps Premiere was, or just said "Google Apps" was, which is technically true.

Re:Pot and Kettle

[madmark1]

Oh yeah, and I forgot to add.... Having that on their website does not in any way confirm they "lied in court".

Re:Pot and Kettle

Reading comprehension.

At the time:
"Google Apps for Government had the FISMA cert" = A lie
"Google Apps is FISMA certified" = Not a lie

Now:
"Google Apps for Government has the FISMA cert"
isn't going to prove at the time was a lie or not.

Re:A link to google statement on this

[Rene+S.+Hollan]

Oh My Gawd! It's full of SHIT!

It's quite obvious

to everyone now that Microsoft cannot complete anymore without playing lawyerball.

Lawyers - "They're like nuclear warheads. They have theirs, so I have mine. Once you use them, they fuck up everything"

Microsoft full of shit in 7 words...

[Kamiza+Ikioi]

All those corporate lawyers, and you don't think they have a loophole since Premier IS FISMA certified, and is basically the same service with a different label on it? Besides, who says they haven't already won? With the kick about cutting costs, Google positioned itself to make a government agency look wasteful. It doesn't matter who was certified, this was a purely political move. They set out with one message, Microsoft = Wasteful Spending.

They've already won, even if their court case goes nowhere.

And how do I know Microsoft is full of shit? "Microsoft writes in a blog post that..." End of story. If they had a real legal argument, this story would lead with 7 different words "Microsoft lawyers seek perjury Charge against Google..."

Re:Microsoft full of shit in 7 words...

[recoiledsnake]

>....is basically the same service with a different label on it?

No it's not. It's a completely different infrastructure. If what you said was true, why did not Google say that instead of claiming the new service was FISMA compliant? Also, why did they apply for it again if it's basically the same service?

>And how do I know Microsoft is full of shit? "Microsoft writes in a blog post that..." End of story. If they had a real legal argument, this story would lead with 7 different words "Microsoft lawyers seek perjury Charge against Google..."

It was just revealed on Friday, maybe give them time before jumping to conclusions.

You're the one that's full of shit, trying to karmawhore the anti-MS groupthink on here.

BS

[Charliemopps]

FISMA is a guideline. You hire someone to certify you in it. Much like you can get a fire inspector to come to your business and rate the place as "Safe" and then some other inspector could find fault. Per googles site, "Google Apps has received an authority to operate at the FISMA-Moderate level; an independent auditor assessed the level of operational risk as Low."
Also, you can request their documentation:
"Google's FISMA documentation is available for review by interested agencies.This enables agencies to compare the security of Google Apps to that of existing systems."

This is just more evidence that the Government and Microsoft were in collusion to exclude Google. Google has interdependent certification that they are FISMA compliant and the government says they are not. How many times does Google need to get certified?

Re:BS

[Rockoon]

..they need to get certified for each product that they want to claim is certified.

If Google Widget is certified, that doesnt mean that Google Sprocket is also certified. In this case, Google did not receive certification for the product that they were selling (they received certification only for a product similar, but distinctly feature-different, to what they were selling)

Noob Question

Could someone explain to me how Google's inaccuracy compares to Microsoft stating that OOXML complies with an ISO standard?

Re:A link to google statement on this

[ls671]

Already disabled by Google:

Google URL Shortener
http://goo.gl/zjJOI – this URL has been disabled.

Note that goo.gl short URLs may be disabled for spam, security or legal reasons.
Suggestions:

        * Return to the previous page.
        * Try searching to find what you're looking for.

I searched for "goatse" to find out what this was all about and I found the answer !

Google's FISMA Certification

[monk]

Here's the link to Google's claim and a link to request the documentation if anyone wants to follow up:

http://www.google.com/apps/intl/en/government/trust.html

I'm betting they can back it up.

Re:Google's FISMA Certification

[recoiledsnake]

You need to RTFA.

Re:Google's FISMA Certification

[UnknowingFool]

TFA is a blog written by a MS employee and lawyer. I'd hardly consider it unbiased.

Re:Google's FISMA Certification

[recoiledsnake]

It quotes multiple references which are not written by MS employees and they all check out. Maybe you can point out in what way it is biased about the facts?

Re:Google's FISMA Certification

[monk]

I'm not sure what you meant, but I was posting a link I didn't find when I read the article.

Did you read any of the subsequent articles?
http://www.groklaw.net/article.php?story=20110413220154117

Re:Google's FISMA Certification

[recoiledsnake]

Groklaw seems to be too biased against Microsoft and is taking whatever is said by Google at face value. Try this article:

http://www.eweek.com/c/a/Government-IT/Google-Apps-for-Government-Not-Yet-FISMA-Certified-GSA-495399/

Re:Google's FISMA Certification

[monk]

From some of your wording It seems like your trying to make a point about Google being wrong and also implying that I think they are in the right.
I never said they were right or wrong, I just posted a link with information on how to ask Google for proof.

However I can't help but notice that the article you linked

http://www.eweek.com/c/a/Government-IT/Google-Apps-for-Government-Not-Yet-FISMA-Certified-GSA-495399/

says:
"The GSA appears to be leaning toward agreeing with Google on this score, and told eWEEK it is working with Google to update the original FISMA documentation for Google Apps to incorporate Google Apps for Government."
Which doesn't seem to support your argument very well.

I haven't mentioned an opinion on the matter, but since it's come up, I assume both companies (Google and Microsoft) are splitting hairs to try to weaken each other's position in the bidding and both lawsuits will likely be settled quietly and go away after the hubbub dies down.

Mod parent down, reading comprehension fail

See other posts in this thread:

Big G begins to look nasty here....

[mysidia]

Google really begins to look nasty here.... the government is trying to do something that is the right thing by sane security standards (there is no such thing as 'secure multitenancy'.... that is an Oxymoron.)... and Google's insisting they sacrifice security requirements they have specified, just so that Google can provide service to them using a non-dedicated cloud?

I understand Google fearing they pick M$ due to hegemony... but if Google verifiably hasn't provided a product yet that will meet their stated security requirements, then Google should stop with this nonsense, interfering with government, and instead take it as a lesson about what they need to revise in regards to their product.

PAGE 38

DOI is fully entitled to constrain the cloud model it will accept even if FISMA does not dictate a particular model. FISMA establishes a bare minimum level of security for information systems. .... The law permits and encourages agencies to impose additional requirements to account for their own unique security needs.

...

Yet DOI has also determined that its security requirements exceed the bare minimum mandated by FISMA; thus it also requires that the cloud be dedicated to either DOI or Federal agencies on a physically and logically server that in at least two data centers located within the continental United States. See AR168. Contrary to Googles contention, the FISMA certification process is not meant to override an individual agencys security needs. AR784-785. DOI was wholly justified in insisting that Google offer a DOI-only or Federal-only cloud.

Moreover, DOI had good reason to require additional safeguards beyond those commanded by FISMA.

Re:Big G begins to look nasty here....

[walshy007]

Google apps premier was certified, when the lawsuit started and the contract given google apps for government did not even exist. No microsoft solution ever had certification.

Basically google was already further towards the requirements, and microsoft said, sure, we can make it compliant to whatever for $x, google should not have been ruled out instantly.

Re:Big G begins to look nasty here....

[517714]

Trademark law prevents Google from using "Microsoft" in their products. The lawsuit is about the DOI specifying a Microsoft product instead of allowing a competitive bid based on the functional requirements.

Re:Big G begins to look nasty here....

[vegiVamp]

Yes, but if FISMA is the bare minimum, and other comments here seem to suggest that MS didn't have FISMA certification either at that point in time, then the pro-MS choice was just as wrong.

Either the same standards apply to everyone, or the DOI is doing shady business. What'll it be?

impossible

[optymizer]

Google does no evil!

Google is way out of line on this one!

Google is way out of line on this one! Only Microsoft is allowed to lie cheat and steal(tm). Clearly if Google is even thinking of misrepresenting itself, its stepping into territory clearly owned by Microsoft. Microsoft owns several patents on lying to government, including 6,356,633, 2,341,743 and 2,634,117. If Google tries to lie like Microsoft again, it will face civil action for violating Microsoft's intellectual property on lying to government. Microsoft also has patents on cheating other companies, paying real fines with virtual money (offer to pay fines with software, valued at retail prices, so that instead of a CD costing 24 cents, you can claim it has whizbang software version 5.1 gold ultra-certified, and its suddenly worth $799.99. If you own a $5 million fine, you pay it with $1500.02 worth of product, that the court sees as being worth $5 million. Its like printing your own money. Google clearly is way out of line, trying to cheat, lie and steal like Microsoft.

The app does have FISMA certification

[doperative]

"On December 16, 2010, counsel for the Government learned that, notwithstanding Googles representations to the public at large, its counsel, the GAO, and this Court, it appears that Googles Google Apps for Government does not have FISMA certification. See Attachments 1-5 to this motion. We immediately contacted counsel for Google, shared this information and advised counsel that we would bring this to the Courts attention".

"According to the GSA, Googles Google Apps Premier received FISMA certification on July 21, 2010. However, Google intends to offer Google Apps for Government as a more restrictive version of its product and, Google is currently in the process of finishing its application for FISMA certification for its Google Apps for Government. See Attachment 3. To be clear, in the view of GSA, the agency that certified Googles Google Apps Premier, Google does not have FISMA certification for Google Apps for Government." link

a) The basic app does have FISMA certification, b) The more "restrictive version" is the more secure version for government, no attempt at deceit here .. link

Neither MS nor Google gets FISMA

[mbstone]

Neither player has taken the time, nor cared, to attempt to understand the reasoning behind FISMA, for two different reasons. Google is too immature as a company to realize that GSA FISMA certification doesn't cut any ice with other U.S. Government agencies and their Designated Approving Authorities. OTOH, Microsoft is too arrogant as a company to admit its cloud offerings even need to comply with FISMA.

I'm betting on MS to win this uberpisching contest because they're a hoary and bloated bureaucracy and U.S. Government customers will understand where they are coming from. Google is a bunch of children.

Microsoft will use 508 next

FISMA is only one federal IT requirement. If Microsoft really wants to play hardball, they will point out how much more accessible are their products to people with disabilities who rely upon assistive technology. Section 508 requires the Federal government to procure accessible software when commercially available. Microsoft does a good job with this. Google, only middling (Apps is not even listed).

Who do you trust?

[Gravis+Zero]

would you really take the word of Microsoft over Google? come on, microsoft is even copying google's search results and saying it's fair. i would wager my life savings on google being honest on this matter.