DOJ: Google Misrepresents Govt. Security Certification -- Google's Federal Rap Sheet Grows

Google's ignominious Federal rap sheet only grows longer.

• Friday the DOJ effectively charged Google with misrepresentation to the public.
  • Google represented that its cloud service for Government was certified under the Federal Information Security Management Act (FISMA) since last July, when in fact it was not FISMA-certified for the product that Google claimed it was.
• This latest Google misrepresentation revelation came in a DOJ filing to the Federal Court which is hearing Google's case against the Department of Interior of the U.S. Government:
  • "On December 16, 2010, counsel for the Government learned that, notwithstanding Google's representations to the public at large, its counsel, the GAO and this court... Google does not have FISMA certification for Google Apps for Government."

I.   What does this mean?

• This means that Google Apps for Government, the cloud-based product that Google is trying to sell widely to the Government -- a product that would be used to routinely manage and protect broad swaths of confidential and secret Government information, highly-sensitive law enforcement information, and the public's highly-sensitive personally-identifiable information -- was represented by Google to the public as having the government's strongest "Good-Housekeeping-like-Seal-of-Approval," i.e. FISMA Certification,  when it had no such endorsement/certification from the Government.
• This means that Google -- in applying to provide literally billions of dollars of potential Google Apps for Government business for Federal, State, County and Local governments -- sought to mislead Government procurement officials on their most important concern: trustworthiness.
  • Here Google has proven deceptive and fraudulent at worst, and reckless or incompetent at best.

II.   Questions for the U.S. CIO:

Interestingly, tomorrow the Senate Homeland Security & Government Affairs Subcommittee is having an oversight hearing on "The President's Plan to Eliminate Wasteful Spending in Information Technology" and the Federal Government's Chief Information Officer (CIO) Vivek Kundra, will be testifying.

• Also interestingly, Mr. Kundra has been an especially strong advocate of Google's "open government" ideas, a longtime cheerleader for Google products and services, and a proponent for making the Government more transparent and accountable.

Given the DOJ revelation that Google has been fraudulently misrepresenting to the public and Government procurement officials that essentially the U.S. Government vouches for Google's security practices when it hasn't:

• Can Mr. Kundra tell us if Google Apps for Government is indeed FISMA certified or not?
• Does Mr. Kundra believe government spending on products that have been fraudulently misrepresented should be considered "wasteful spending?" And if not why not?
• What are the government's IT priorities? i.e. what is more important, maintaining the security/privacy of sensitive government information or open government initiatives to make government information more easily indexed for Google's search engine?
• Was Andrew McLaughlin -- Google's former head of Government Affairs worldwide, and former U.S. Federal Chief Technology Officer until January, and who was reprimanded for ethics violations in continuing to have contacts with his former Google employees on official matters when in Government -- involved in any way in Google representing itself to the government as FISMA-certified?

III.   Google's Federal Rap Sheet Grows:

Unfortunately this is not an isolated incident, but just the latest charge in Google's ignominiously long and growing Federal rap sheet.

• Deceptive Privacy Practices: Just two weeks ago, Google was charged by the FTC with public representations "that were, and are, false and misleading, and constitute a deceptive act or practice." Google settled the charges with the FTC and must abide by a strict consent order for twenty years for their deceptive misrepresentations.
• WiSpy: After a Google fleet of vehicles illegally collected WiFi signals after driving most all public roads in over 30 countries over a period of three years, with antennae on the tops of the all the vehicles, and involving hundreds of Google employees or contractors, Google's public defense and misrepresentation was it was the mistake of just one Google engineer and no one else knew anything about it.
  • This preposterous defense prompted WiSpy investigations in over ten countries.
  • Currently the U.S. FCC has a pending investigation into whether Google's wanton WiFi wardriving constituted illegal wiretapping.
    • The facts are pretty obvious that Google did in fact illegally wiretap tens of millions of Americans computer emissions that included emails, passwords and other sensitive private information.
      • The open question is whether the FCC will enforce the law or not given how close the FCC is with Google.
• Antitrust Violations: The DOJ has acted against Google's anti-competitive behavior four times in just the last 29 months.
• Copyright Violations: The DOJ, the U.S. Register of Copyrights, and a Federal District Judge all found Google's copying of 15 million books without the permission of the authors contrary to copyright law and the Google Book Settlement to not be a legal solution.

In sum, this is an illustrative, not exhaustive list of Google's many misrepresentations to the public.

• It shows that this most recent gross public misrepresentation by Google is not an isolated incident or mistake, but sadly part of a well-established Google culture of deceptiveness.