Two Years in, Google's L.A. Cloud Contract Hits Security Snag

Two years after winning a contract to provide cloud-based applications to the city of Los Angeles, Google is still fielding concerns over the security of its offerings.

L.A. officials contend that Google has not satisfied the security requirements of some of its agencies, including the L.A. Police Department. According to an Aug. 17 letter from Randi Levin, general manager of the city's Information Technology Agency, the security specifications of some of the city's more sensitive departments have not been met by the Google project's lead contractor, Computer Sciences Corp.

Specifically, CSC was supposed to have met the Criminal Justice Information Systems (CJIS) requirements as spelled out by the U.S. Department of Justice (DoJ), the letter said.

The letter surfaced via Consumer Watchdog, an advocacy group. Consumer Watchdog is known for its Proposition 103 work in California that regulates car insurance rates in the state while also legally compelling resident drivers with incomes above a certain level to buy coverage from insurance companies. Consumer Watchdog has a privacy campaign specifically targeting Google's business practices and has called for Google to be broken up by regulatory agencies (PDF).

On Tuesday, Consumer Watchdog sent a letter (PDF) to L.A. Mayor Antonio Villaraigosa asking for the city to "fully disclose immediately the extent to which Google has failed to comply with its contractual obligations."

In December 2009, Levin had explained that the city planned to move "all 30,000 city employees to Google Apps from our existing [Novell] GroupWise email system," according to a Google blog post. She noted then that "everyone will benefit from Google's security controls." The Consumer Watchdog letter to Villaraigosa, dated Oct. 18, 2011, claimed that "a mere 17,000 city employees use the Google system while 13,000 LAPD and other employees involved in law enforcement cannot make the move."

A Google spokesperson, without clarification, issued the following statements, asserting that its competitors were engaged in a publicity stunt, and that the city introduced new requirements to meet.

"This is just the latest in a long list of press stunts from a group that admits to working closely with our competitors," Google stated. "We are meeting our commitments to the City of Los Angeles. Indeed, the City recently renewed their Google Apps contract for 17,000 employees, and the project is expected to save Los Angeles taxpayers millions of dollars.

"The City has acknowledged Google Apps is more secure than its current system. Along the way they've also introduced new requirements which require work to implement in a cloud computing environment, and we've presented a plan to meet them at no additional cost."

The contract, established on Nov. 20, 2009, was originally estimated at $7.2 million. One of the failing bids for the contract came from Microsoft. Since then, the two companies have been locked in public relations battles over cloud security issues on public sector contracts.

The city's complaints appear to have been ongoing for at least a year. Consumer Watchdog dredged up an earlier memo from Levin on the matter, from December 2010, in which she said that communications from Google and CSC on the contract had "risen to the level of misrepresentation," according to a Los Angeles Times article.

The city is now requiring CSC and Google to implement a "Second Amendment" in the contract. It requires them to pay the city for its costs running GroupWise through June 30, 2011, as well as "for the period of July 1, 2011 through November 20, 2012." The city also will use the Google Apps for Government Edition at no extra cost. The original contract specified Google Apps Premier Edition.

Google Apps Premier Edition met Federal Information Security Management Act (FISMA) standards in July 2010, according to a U.S. General Services Administration official. Given that fact, it's not exactly clear why the city is also requiring compliance with the DoJ's security spec.

CSC released a statement on the matter on Wednesday, claiming success in migrating 17,000 city government users to Google Apps, with the exception of Los Angeles' law enforcement agencies. CSC is working with the city on the DoJ security requirements it says were added to the original contract.

"Subsequent to the award of the original contract, the City identified significant new security requirements for the Police Department," CSC said in an e-mailed statement. "CSC and Google worked closely with the City to evaluate and eventually implement the additional data security requirements, which are related to criminal justice services information ('CJIS'), and we're still working together on one final security requirement."


About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • The 2020 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generations of .NET and PowerShell, here's what's on tap from Microsoft this year.

  • 2020 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss. (Now updated with COVID-19-related event changes.)

  • Curvey Stone Steps Graphic

    Microsoft Makes Run at 5G, Edge Computing with Azure Edge Zones

    Microsoft is promising to enable new edge computing scenarios for partners and developers with Azure Edge Zones, which became available as a preview this week.

  • Microsoft's Entire 2020 Event Lineup Going 'Digital-First'

    In response to concerns about the ongoing coronavirus (COVID-19) pandemic, Microsoft is transitioning all of its big conferences in 2020 to be online only.

RCP Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.