Microsoft Blasts Google For False Claims In Court Documents 213
recoiledsnake writes "Microsoft writes in a blog post that Google knowingly lied to the court while suing the US government over its consideration of only Microsoft implementations. We previously discussed Google winning an injunction against the Department of the Interior over this. According to Microsoft Deputy General Counsel David Howard, 'Google filed a motion for a preliminary injunction telling the court three times in a single document that Google Apps for Government is certified under FISMA. Google has repeated this statement in many other places as well. Indeed, for several months and as recently as this morning, Google's website states, "Google Apps for Government – now with FISMA certification." ... So imagine my surprise on Friday afternoon when, after some delay, some of the court papers were unsealed, at least in part. There for all to see was a statement by the Department of Justice contradicting Google on one of its basic FISMA claims.' Howard goes on to quote the DoJ brief (PDF), which says, '... it appears that Google's Google Apps for Government does not have FISMA certification.'"
Shock - Big Business Lies (Score:3)
I think the title says it all. What's the old phrase? "If you can't blind them with science, then baffle them with bullshit."
Re: (Score:2)
Are you talking about Microsoft or Google?
Re:Shock - Big Business Lies (Score:4, Insightful)
Re: (Score:2)
To clarify if you don't get it: "Are you talking about Microsoft of Google?" Yes, both Microsoft AND Google were being referenced.
Re: (Score:3)
It's not a meme [wikipedia.org]. It's a correct answer to a question which was written ambiguously, allowing multiple interpretations.
It's an annoying and eccentric behavior, perhaps, but it has been done for centuries, or longer.
Re: (Score:2)
It was a pefectly understandable answer to the question that was asked. Is your common sense down today?
Re: (Score:2)
unfortunately common sense isn't
Re: (Score:2)
It's a smart-ass reply that is more confusing and less polite then "both, actually".
It's 'thAn "both, actually"' (use a lower case "A" though), and I disagree. It makes perfect sense to me. And all of my friends. But then again, they're decently smart. Even some self admittedly slow people I know would have easily figured it out in just a few seconds. ;-)
I suspect you understood it perfectly well also - but that would mean you're trolling.
Re: (Score:2)
Re: (Score:2)
Thanks you kind sir, whatever would we do without the grammar police! You have no idea the life changing impact your pointing out of this (unusual) mistake has has on my life! You are truly in my debt!
As for the grammar police calling others trolls, wouldn't that be a little hypocritical?
Oh, I admit I was at least partially trolling (the grammar part). But the rest, you've gotta admit, is true. So, perhaps you'll end up admitting you were trolling too. (ir)Regardless, doesn't change that you did. ;-)
Re: (Score:3, Interesting)
According to the court papers, Microsoft is not lying here. Google Apps for Government really doesn't have FISMA certification, even though Google said it did.
Re:Shock - Big Business Lies (Score:5, Informative)
According to the court papers, Microsoft is not lying here. Google Apps for Government really doesn't have FISMA certification, even though Google said it did.
According to the papers just filed, neither is Google:
A portion of Google's response: Even so, we did not mislead the court or our customers. Google Apps received a FISMA security authorization from the General Services Administration in July 2010. Google Apps for Government is the same system with enhanced security controls that go beyond FISMA requirements. As planned we’re working with GSA to continuously update our documentation with these and other additional enhancements.
And the confusion stems from this:
The Justice Department acknowledges that the General Services Administration (GSA) had certified a different Google offering, Google Apps Premier, for its own particular use under FISMA last July. As the DOJ's brief explains, "However, Google intends to offer Google Apps for Government as a more restrictive version of its product and Google is currently in the process of finishing its application for FISMA certification for its Google Apps for Government." Lest there be any doubt about the situation, the brief adds, "To be clear, in the view of the GSA, the agency that certified Google's Google Apps Premier, Google does not have FISMA certification for Google Apps for Government."
And finally, to clarify, GAfG is a subset of GAP (which does have FISMA certification).
Re: (Score:2)
>And finally, to clarify, GAfG is a subset of GAP (which does have FISMA certification).
Where did you get that it was a subset? Bolding something doesn't make it true.
Even if it were a subset, why did Google apply for certification again?
Re: (Score:3)
You're not familiar with government certification are you? If you're talking about stuff like EAL4+ compliance under common criteria, technically, every deployment need to be certified. However, you can certify a product as "the next best thing", but that certification is only valid for that particular version of software and it's tested environment, and most vendors use a special locked down mode to ensure compliance. Most people don't deploy EAL4+ devices in the real world under this mode as there are bui
Re: (Score:2)
How does that excuse Google for falsely claiming that it had FISMA for Google Apps for Govt. when it did not?
Re: (Score:2)
If Microsoft can get certification, so can Google. If DOJ's requirements state FISMA is mandatory, they should allow them the chance to obtain this certification by a certain date.
Re: (Score:2)
That doesn't matter though...what matters is the exact product in question is what has to have certification, subset, superset even a simple version change doesn't matter they all have to be submitted for certification, google hadn't done that yet claimed it had...yes it was a "technicality" but in the eyes of the govt. and their sometimes ridiculous processes an important one.
Re: (Score:3)
That's interesting. It also has absolutely nothing to do with the subject, except for the very last sentence you quoted. When something is certified, neither a subset nor a superset of that thing also receive certification. If Google did in fact claim that GAfG had FISMA certification before FISMA certification was granted to GAfG, then they were lying.
Re: (Score:2, Interesting)
Hello, anonymous Google supporter who shows up in every article. The information is in a statement from the Department of Justice in the court briefing [technet.com]. It's not an allegation or statement of opinion; Google really doesn't have the FISMA certification they claimed they did. Microsoft further made the point in the linked article that if the FISMA certification for Google Apps Premier applied to Google Apps for Gove
Re: (Score:3)
Re: (Score:2)
Did you even RTFA or your parent's post? The issue is about Google claiming something as FISMA compliant in court when it's not.
Re: (Score:2)
First and foremost, GSAs certification of Googles cloud does not mean that the cloud is secure enough for DOI. FISMA certification is made on an agency-by-agency basis. . . . Yet that certification merely means that Google Apps for Government, assuming it even has FISMA certification, is secure enough for GSA. This fact has no direct impact upon whether the clouds security is sufficient for DOI. . . FISMA establishes a bare minimum level of security for information systems. . .The law permits and encourages agencies to impose additional requirements to account for their own unique security needs.
Where in there do you read that the DoJ called Google liars? The DoJ even concedes that Google has FISMA certification; but they say
Re: (Score:2)
Did I say DoJ called Google liars? You just handwave about 'twisting words' but fail to say how.
Why do you have to trust someone when you have eyes to go read?
See here: http://www.google.com/apps/intl/en/government/trust.html [google.com]
Google Apps for Government, now with FISMA certification.
That's not true(ergo a lie), because certification is pending and what actually got certified was a different product Google Apps for Premier. Now tell me why you think TFA and summary are lying.
Are you intentionally acting dense?
Re: (Score:2)
After my other reply I found this in DoJ's document too.
On December 16, 2010, counsel for the Government learned that, notwithstanding Googles
representations to the public at large, its counsel, the GAO, and this Court, it appears that
Googles Google Apps for Government does not have FISMA certification.
That's legal speak for lying. You're the one twisting words.
Re: (Score:2)
Re: (Score:2)
You need to read the PDF. It's on page 13. Read that page fully. DoJ is indeed saying Google lied.
Re: (Score:3)
Alright, read page 13. It doesn't look good for Google, but GSA falls short of calling Google liars. It's rather ambiguous. Premier was certified, and Government was even more restrictive and secure than Premier - perhaps Google believed that Government was automatically certified?
And, I'm mindful that the entire PDF is a motion filed by people hostile to Google - the PDF is not a definitive source of what is true or not true.
In short, I'm not convinced either way.
Re: (Score:2)
Come on - I'm working to understand all this - and suddenly you changed out one term for another. Is the application(s) in question FISMA COMPLIANT, or is it FISMA CERTIFIED? Perhaps the difference is to subtle for some people to understand, but it's enough to entirely wreck an argument.
Re: (Score:2)
FISMA certified ( and accredited ) means a great deal more than security planning.
Certified means it was tested by an independent security tester to NIST 800-53, using 53A and all associated security pubs. I won't get into the specifics of the security testing required for this, but it is wide and primarily comprehensive*.
NIST's Risk Management Framework [nist.gov]
NIST 800-53 [nist.gov]
Accredited means that a government executive read over everything, with the advice of government security engineers, and still thought it was a
Re: (Score:2)
So google should have been more specific and the suddenly very precise MS could well start holding itself to the same standards of honesty that they are criticizing in google today.
Re:Shock - Big Business Lies (Score:4, Interesting)
Same as what they were doing against Apple. They accused Apple of using the wrong font size in their court documents (hence claiming they were invalid) rather than actually fighting the case. They really are at the pinnacle of the BSing
Re: (Score:3)
Re:Shock - Big Business Lies (Score:4, Informative)
So, for those of you who didn't RTFA, here's what actually happened:
Google Apps Premier HAS a certification.
The even more secure Google Apps for Government has applied for the same certification but hasn't gotten it yet.
It is unclear whether or not there is even a need for the additional certification given the massive similarities between the two platforms. Microsoft is claiming that there must be because Google applied for a new certification for Google Apps For Government. Given that the two platforms vary by not much more code than would be involved in a typical Patch Tuesday, it is highly unlikely that this is material to the conversation.
Just to go back to the original problem: A government entity approved a massively more expensive Microsoft solution over an equivalent Google solution that would have saved the taxpayers significant amounts of cash. Microsoft is now saying that this is all because of the difference in title between "Premier" and "For Government." Call me skeptical, but this smells rotten to me.
Re: (Score:2)
From what I can tell, FISMA [wikipedia.org] certification is for information systems, not applications. If Google runs "Apps for Gov't" on the same cloud infrastructure as their "Apps Premier," it would seem to qualify under the certi
Re: (Score:2)
My understanding is that Google does NOT run Apps for Government in the same cloud infrastructure. They deliberately isolated the Govt systems for security purposes.
Re: (Score:3)
Re: (Score:2)
Then why did Google re-apply for certification that they claim to already have?
Re: (Score:2)
Yep, and if you follow throught on the references, you'll find one to check for lies on pages 18, 29, and 37 of a linked PDF document. Unfortunately, they don't say which pages they mean - page 18 of the PDF is page 15 of the fax it was scanned from, which is page 11 of the original document.
From what I can tell, FISMA [wikipedia.org] certification is for information systems, not applications. If Google runs "Apps for Gov't" on the same cloud infrastructure as their "Apps Premier," it would seem to qualify under the certification received for the latter. Is there really any difference between the two, except for marketing? From their website, any difference is not apparent.
The other references to Goog'e's websites do check out. If what you say is true then why is Google applying for FISMA certification again?
Re: (Score:2)
Because to a company of their size the cost is negligible, and they want to remove any ability for competitors to spread FUD?
Re:Shock - Big Business Lies (Score:5, Informative)
While keeping in mind that (IIRC) the Microsoft solution currently does not have FISMA certification, and part of the reason why it was going to be so expensive is because they were going to get it certified in the process.
Re: (Score:2)
There you go being reasonable and logical. Working in a company that is insanely technical and bureaucratic that also deals with US government has showed me that it is simply not a logical conclusion to draw when it comes to government certification.
Patches to an existing approved app is one thing, but adding or removing a whole program, adding or removing features and functionality and certainly changing the name are major things which can cause a requirement to get [re]certified.
It's hard to say "Google
Re: (Score:2)
If only Rupert Murdoch would buy Microsoft. Then we would have a single source for all this "news."
Re:Shock - Big Business Lies (Score:5, Insightful)
BTW, I still have seen no dates for when Google got that cert and when they said they "had" it.
LoB
Re: (Score:2)
Re: (Score:2)
The old phrase is, "If you can't dazzle them with brilliance, baffle them with bull....", attributed to W.C. Fields
Double-standards (Score:3, Insightful)
Google does this, it's "Nothing to see here, you shouldn't be surprised, move on, move on"
Microsoft does this, "omg .. did you see what they did! remember this day, and USE IT IN COMMENTS FOR THE NEXT SEVEN YEARS"
Re: (Score:3)
Not quite. I don't like MS and do prefer Google as a company BUT if they out right lied then they should be punished accordingly. If they keep on doing it then its time to support someone else who can do business with out lying or borderline breaking laws.
Re: (Score:2)
Did you read the comment surrounding this? it's looks like classic Microsoft FUD as usual.
Re: (Score:2)
Sure, Ill take some double standards, looks good next to my giant bias.
I dont remember swearing to treat evil crap companies the same as decent ones.
Re:Double-standards (Score:5, Interesting)
The truth of the matter is more simple.
Google went through the agonizing process of FISMA that is very stringent compared to jokes like a SAS 70 type 2. Microsoft did nothing. DOI does not have a FISMA certified private or govt cloud.
DOI determined they would add in their own unique security requirements for a yet-unbuilt cloud solution that had never been certified for FISMA. Basically a joke of a to-be solution.
Google cried foul, claiming they had already passed the FISMA qualification, something no other cloud vendor had done at the same time period. Google claimed a certified solution like their cloud could not be compared against a non-existent pipedream cloud.
Re: (Score:3)
Re: (Score:2)
FTFY.
Re:Double-standards (Score:5, Informative)
Well, it's a bit more specific. Google sued the government because they did not look at Google Apps for Government. The government claimed that they didn't because Google Apps for Government lacked FISMA certification. In their lawsuit Google claimed that they did. In that context, whether or not Google Apps for Government was certified or Google Apps Premier was certified it becomes an issue of credibility for their entire lawsuit.
Re: (Score:3)
MS's BPOS were not FISMA certified back when they were awarded the contract (they still aren't).
If that was really a requirement by DOI, neither should have gotten the nod.
While this may become news, is it news yet? (Score:2)
While I don't doubt that this story is worth mentioning if Google didn't have the certification and claimed it did, is it worth mentioning yet?
While this may be what happened, even the author is vague about it. This seems like a Glenn Beck style story of "I'm not absolutely sure, but I heard "
Fine print & commentary (Score:3)
GSA certified and accredited Google Apps (FISMA certification)
GSA is the lead agency for acquisition for the US Govt
GSA met several the NIST standards at the moderate level
DOI claims that the GSA certification doesn't meet their specific standards and they have to have a govt only cloud in the continental US.
DOI security has been the laughingstock of the US govt for as long as I can remember*
DOI disconnected from the internet by a federal judge for complete failure in IT security [google.com]
Not entirely accurate (Score:2)
proof? (Score:5, Insightful)
Being wrong is not the same as lieing. Furthermore, I would imagine it is very difficult to prove someone deliberately lied.
Re: (Score:2)
Being wrong is not the same as lieing.
Being wrong on purpose is.
Furthermore, I would imagine it is very difficult to prove someone deliberately lied.
Thats another matter entirely. This allows people to be wrong on purpose without you (apparently) thinking that they are a liar.
Re: (Score:2)
Being wrong is not the same as lieing.
Being wrong on purpose is.
well, der. that is the very definition of 'lieing'
blog: "Microsoft on the issues" (Score:2)
Now there's an unbiased source of news.
This may be true, Google might have lied (on purpose or by accident), but can't we at least come up with a source that isn't so obviously biased?
Only very religious people (Score:2)
.. and believe
Oh come on, sure they do (Score:2)
It's just in Beta still.
Slightly OT (Score:2)
So pulling back a bit and looking at the big picture: has there been a significant increase in the number of petty corporate lawsuits or is it just my observational bias, IE reading too much Slashdot?
Pot and Kettle (Score:5, Informative)
Microsoft Chief Council says Google Lied in Court...
Pot, meet kettle...
As usual, the headline is a bit misleading, and certainly leaves out a large part of the story. Google Apps Permier has been FISMA certified by the GSA, so when you go to the Google website and look, and it says "Now FISMA certified", they aren't lying. They really are FISMA certified. However, FISMA is not a blanket certification. The DoI does not have to accept the FISMA certification of the GSA, it can decide to do its own testing if it wishes. This doesn't change the fact that Google Apps Permier has in fact attained FISMA certification.
The second tricky bit is Google Apps for Government, a product that didn't exist at the time the court case started. The law says (and the brief points out) that FISMA certification cannot be attained until after implementation of the product, and thorough testing. So, in that case, Neither Microsoft's offering, nor Google Apps for Government, is FISMA certified, nor could they have been at the time. Now, Google Apps Premiere was certified, and Apps for Government was going to be done under a more restrictive set of security constraints, so it would have likely passed too. What I have to wonder though, is did Google lie, and say Google Apps for Government had the FISMA cert, or did they say "Google Apps is FISMA certified", which is true?
I have to come down on the side of the Microsoft lawyer playing this up for far more than it should be.
Re: (Score:3)
Why wonder? It is demonstrated in the attachments. Example [google.com]:
The representative from the GSA who granted the certification also clearly states in emails that Google Apps for Government is not certified by their department (as you mentioned, it could not be).
BS (Score:2)
Also, you can request their documentation:
"Google's FISMA documentation is available for review by interested agencies.This enables agencies to
Re: (Score:2)
If Google Widget is certified, that doesnt mean that Google Sprocket is also certified. In this case, Google did not receive certification for the product that they were selling (they received certification only for a product similar, but distinctly feature-different, to what they were selling)
Google's FISMA Certification (Score:2, Informative)
Here's the link to Google's claim and a link to request the documentation if anyone wants to follow up:
http://www.google.com/apps/intl/en/government/trust.html [google.com]
I'm betting they can back it up.
Re: (Score:3)
You need to RTFA.
Big G begins to look nasty here.... (Score:2)
Google really begins to look nasty here.... the government is trying to do something that is the right thing by sane security standards (there is no such thing as 'secure multitenancy'.... that is an Oxymoron.)... and Google's insisting they sacrifice security requirements they have specified, just so that Google can provide service to them using a non-dedicated cloud?
I understand Google fearing they pick M$ due to hegemony... but if Google verifiably hasn't provided a product yet that will meet the
Re: (Score:2)
Google apps premier was certified, when the lawsuit started and the contract given google apps for government did not even exist. No microsoft solution ever had certification.
Basically google was already further towards the requirements, and microsoft said, sure, we can make it compliant to whatever for $x, google should not have been ruled out instantly.
Re: (Score:2)
Re:A link to google statement on this (Score:4, Informative)
goatse warning.
Re: (Score:2)
Already disabled by Google:
Google URL Shortener
http://goo.gl/zjJOI [goo.gl] – this URL has been disabled.
Note that goo.gl short URLs may be disabled for spam, security or legal reasons.
Suggestions:
* Return to the previous page.
* Try searching to find what you're looking for.
I searched for "goatse" to find out what this was all about and I found the answer !
Goatse link (Score:3, Informative)
Don't click.
Re: (Score:2)
Oh My Gawd! It's full of SHIT!
Re:Google's lawsuit is dumb (Score:5, Insightful)
"However, the government is a customer too and is free to choose a product that happens to be in the unique position of having competitors who think their products are better."
The government isn't free to choose. Government have to follow strict regulations in purchasing to insure it gets the best value for money, doesn't show any favoritism and prevent corruption. One can debate the effectiveness of the regulations, but they are there for a reason.
Re:Google's lawsuit is dumb (Score:4, Informative)
Yes, and Google's App Platform for Government wasn't FISMA certified and thus wasn't qualified to be bought. Then Google sues and lies about having that certification. I'm seeing no reason why Google's lawsuit should be entertained at all. Especially since if this were Microsoft doing exactly what Google is doing the S
Re: (Score:2)
GSA, the lead government agency for acquisition, certified and accredited Google according to FISMA.
The question is really whether or not GSA can do that (Certify and accredit for the entire US govt), and whether or not any agency can arbitrarily add their own unique security requirements(DOI excluding)
Re: (Score:2)
The question is really whether or not GSA can do that (Certify and accredit for the entire US govt)
Ultimately, it boils down to whether or not an Agency authorizing official will sign an authorization to operate (ATO) for their agency to use the system. Google isn't asking Agencies to just use it willy nilly; while GSA has provided an ATO, the ATO is limited in scope, and only covers specific controls (albeit most of them). There are, however, still specific controls that an agency must implement (like HSPD-12 compliant authentication for its users). Thus there is a unique specific implementation for
Microsoft full of shit in 7 words... (Score:2)
They've already won, even if their court case goes nowhere.
Re: (Score:2)
>....is basically the same service with a different label on it?
No it's not. It's a completely different infrastructure. If what you said was true, why did not Google say that instead of claiming the new service was FISMA compliant? Also, why did they apply for it again if it's basically the same service?
>And how do I know Microsoft is full of shit? "Microsoft writes in a blog post that..." End of story. If they had a real legal argument, this story would lead with 7 different words "Microsoft lawyers
Re: (Score:3)
First, Google Apps was FISMA certified in July of last year. This is about a subset of Google Apps (because the gov't. doesn't want everyone using the whole shebang). It would be like Micros
Re: (Score:2)
First, Google Apps was FISMA certified in July of last year. This is about a subset of Google Apps (because the gov't. doesn't want everyone using the whole shebang). It would be like Microsoft getting Microsoft Office.Net (or whatever they call it this week) certified, then someone complaining that Microsoft Word.Net isn't.
Second, Microsoft doesn't have ANY FISMA certification, so if certification were a requirement, Microsoft cannot bid.
More here [cnn.com]
It's not a subset, it's substantially different, your analogy is completely broken. Apps for Govt has a completely different separate cloud for security.
And it was certified for a limited scope anyway.
The issue is not about whether certification is a requirement or not or whether microsoft can bid or not, it is about Google blatantly lying on its websites and in documents submitted to the court about the certification. Did Microsoft lie about having certification?
The linked Google's response is pretty weak
Re: (Score:2)
Re: (Score:2)
FISMA looks at servers, physical security and infrastructure too, not just code.
Re: (Score:3)
Microsoft knows that it's lost the war to maintain its' monopoly. Now it's a question of fighting individual holding actions, to preserve as much as possible, for as long as possible.
By next year, not only will there be more devices shipping with linux than Windows, but when HP makes all their line dual-boot between their webOS linux variant and windows, linux will become
Re: (Score:2)
Re: (Score:3)
Google's App Platform for Government wasn't FISMA certified and thus wasn't qualified to be bought.
Neither is Microsoft's.
Re: (Score:2)
But Microsoft didn't falsely claim their's was certified, which Google did.
Re: (Score:2)
Re: (Score:2, Interesting)
I hope this truly is anonymous.
You are correct in saying "Government have to follow strict regulations in purchasing to insure it gets the best value for money, doesn't show any favoritism and prevent corruption" but let me precede that by saying that I'm a government employee and that I work in a position that is part of the procurement process.
Here's how it works: You go to company A, who develops an awesome product and one you really wish to purchase. It's more expensive than you'd like, but it's been te
Re: (Score:2)
What I meant to write is "Governments have".
I don't think adding "to" is correct. The list follows on "ensure that it" and "ensure that it to prevent corruption" doesn't make sense. I guess I should have said "prevents corruption".
Then, again I'm terrible at grammar. I have a whole blog [homeip.net] full of errors like this.
Re: (Score:2)
Sort of.
The government is a customer, but it's not any customer. It has a legal obligation to pay the least amount of money for whatever solution they need, and therefor there are only three possible reasons a department should choose Company A over Company B: 1) Company B's product does not meet the requirements; 2) Company B's prod
Re: (Score:2)
Except of course that it is worse than that. They put out a list of specifications that in
Re: (Score:2)
Legalese. The court makes findings of fact. The lawyers make claims about what they believe the facts to be, and supply evidence to support their claims.
To a lawyer, "it appears that Google lacks FISMA certification." In a court's findings, they will uphold or deny this claim, based on the evidence presented. If they find that Google does not have that certification, and that claim of certification is a key component of Google's case, their entire case could well be thrown out.
Re: (Score:2)
here [goo.gl]
you fucker
you sucker. :)
Re: (Score:3)
Except Google was not caught lying. We have Microsoft claiming that Google lied, nothing more.
Re: (Score:3)