News

City of Los Angeles Faults Google Apps on Security Compliance

Google's contract to provide the city of Los Angeles with cloud-based applications faces completion issues after nearly two years.

The stumbling block centers on the city's requirements for security, which aren't being met for some agencies, city officials contend. The lead contractor on the project, Computer Sciences Corp. (CSC), failed to meet security specifications required for some of the city's more sensitive departments, such as the Los Angeles Police Department, according to an Aug. 17 letter from Randi Levin, general manager of the city's Information Technology Agency. CSC was supposed to have met the Criminal Justice Information Systems (CJIS) requirements of the U.S. Department of Justice, according to the letter.

The letter surfaced via Consumer Watchdog, an advocacy group. Consumer Watchdog is known for its Proposition 103 work in California that regulated car insurance rates in the state while also legally compelling resident drivers with incomes above a certain level to buy coverage from insurance companies. Consumer Watchdog has a privacy campaign specifically targeting Google's business practices and has called for Google to be broken up by regulatory agencies (PDF). Yesterday, Consumer Watchdog sent a letter (PDF) to Los Angeles Mayor Villaraigosa asking for the city to "fully disclose immediately the extent to which Google has failed to comply with its contractual obligations."

Back in Dec. 2009, Levin had explained that the city planned to move "all 30,000 city employees to Google Apps from our existing [Novell] GroupWise email system," according to a Google blog post. She noted then that "everyone will benefit from Google's security controls." The Consumer Watchdog letter to Villaraigosa, dated Oct. 18, 2011, claimed that "a mere 17,000 city employees use the Google system while 13,000 LAPD and other employees involved in law enforcement cannot make the move."

A Google spokesperson, without clarification, issued the following statements, asserting that its competitors were engaged in a publicity stunt, and that the city introduced new requirements to meet.

"This is just the latest in a long list of press stunts from a group that admits to working closely with our competitors," Google stated. "We are meeting our commitments to the City of Los Angeles. Indeed, the City recently renewed their Google Apps contract for 17,000 employees, and the project is expected to save Los Angeles taxpayers millions of dollars.

"The City has acknowledged Google Apps is more secure than its current system. Along the way they've also introduced new requirements which require work to implement in a cloud computing environment, and we've presented a plan to meet them at no additional cost."

The contract, established on Nov. 20, 2009, was originally estimated at $7.2 million. One of the failing bids for the contract came from Microsoft. The two companies have been locked in PR battles over cloud security issues on public sector contracts.

The city's complaints appear to have been ongoing for at least a year. Consumer Watchdog dredged up an earlier memo from Levin on the matter, from December 2010, in which she said that communications from Google and CSC on the contract had "risen to the level of misrepresentation," according to a Los Angeles Times article.

The city is now requiring CSC and Google to implement a "Second Amendment" in the contract. It requires them to pay the city for its costs running GroupWise through June 30, 2011, as well as "for the period of July 1, 2011 through November 20, 2012." The city also will use the Google Apps for Government Edition at no extra cost. The original contract specified Google Apps Premier Edition.

Google Apps Premier Edition met Federal Information Security Management Act (FISMA) standards in July 2010, according to a U.S. General Services Administration official. Given that fact, it's not exactly clear why the city is also requiring compliance with the Department of Justice's security spec.

CSC released a statement on the matter today claiming success in migrating 17,000 city government users to Google Apps, with the exception of Los Angeles' law enforcement agencies. CSC is working with the city on the Department of Justice security requirements it says were added to the original contract.

"Subsequent to the award of the original contract, the City identified significant new security requirements for the Police Department," CSC said in an e-mailed statement. "CSC and Google worked closely with the City to evaluate and eventually implement the additional data security requirements, which are related to criminal justice services information ('CJIS'), and we're still working together on one final security requirement."

About the Author

Kurt Mackie is online news editor for the 1105 Enterprise Computing Group.

comments powered by Disqus

Reader Comments:

Mon, Nov 14, 2011 H Miah London

The important thing is were/are there any technical issues? These all seem to be issues about dealing with the Public Sector. Obviously if you are changing requirements during a project, things will take longer. And it is up to you to tell the supplier you're requirements, they are not mind readers. If you need special security for a certain dept. then say so.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.