Google, CSC L.A. Cloud Project Under Fire In Leaked Memo

Google's start-stop cloud computing deployment for the City of Los Angeles is under fire again, this time in the form of a recently leaked memo from December 2010 that outlines a host of gripes the city has with the often stalled cloud services project.

The four-page internal memo from the city to Google's L.A. cloud project solution provider, CSC, illustrates the frustration mounting among city officials that the cloud computing project, which was supposed to be completed late last year, is delayed.

The memo, published by advocacy group Consumer Watchdog, features a timeline that shows the project originally failed to meet security guidelines needed by the Los Angeles Police Department (LAPD) and other public safety organizations, which required that Google and CSC obtain federal CJIS (Criminal Justice Information Services) security certification, which authorizes solutions to properly handle criminal information.

The lack of CJIS certification postponed the migration of the 4,000 L.A. city employee users to the Google Apps for Government cloud computing system in October 2010. And by the time of the writing of the December 2010 memo the city said no plan for CJIS certification and additional migration had been met.

"Rather, CSC has indicated it will need an additional 12 to 18 months to meet all security requirements, and that it will be necessary to, among other things, convince the DOJ and FBI to amend or reinterpret the current CJIS policy," Randi Levin, L.A. CTO, wrote in the letter. "CSC as also indicated that it expects the 'LAPD to make policy and operational changes' and to 'sponsor' CSC and Google in conversations with the FBI. These new demands made by CSC and Google are unacceptable."

At the time of the memo, the city's technology department also said the eSubpoena system had not been delivered in a production-ready state, which could foul up the handling of subpoenas and have "significant public safety ramifications" such as failed prosecutions and warrants being issued erroneously.

"These failures are wholly unacceptable to the City of Los Angeles," Levin wrote. "CSC and Google have repeatedly committed to meet particular deliverables on specific dates, only to reveal, at the last minute, that the set of deliverables/dates will not be met. CSC and Google's behavior goes beyond a mere failure to communicate in a timely manner, and instead, on several occasions, has risen to the level if misrepresentation."

In light of the issues, the city said it reserved the right to ask CSC and Google to move many LAPD users and users from other city departments, such as the City Attorney, Arson Investigation, Public Safety, Public Transportation and more back to the Novell GroupWise system.

The city also asked CSC to sign a contract amendment that included a commitment to meet all security requirements; a detailed timeline for when it would do so, with an agreement to monetary penalties for missed milestones; an agreement to credit the city any dollars charged for all Google licenses for the LAPD or other city department that would need to move back to the Novell System; an agreement by CSC and Google to pay additional costs incurred by the city through December 31, 2012 due to delays; and a host of other requirements.

NEXT: Google, CSC Respond To L.A. Cloud Concerns

In an interview with CRN this week, a Google spokesperson highlighted that a lot of the concerns raised in the December 2010 memo have been addressed and that a lot has changed in the four months since it was issued. Google said it is working with the city to keep the project on track.

Google has said that more than 16,000 city employees representing 36 of 40 departments are currently using Google Apps.

CSC also noted that it is working with the city to ensure all necessary security guidelines are met and that the requirements outlined in the memo are addressed.

"These new requirements were not included in CSC's contract with the city and were not specified in the city's RFP for this project," CSC said in a statement e-mailed to CRN. "As the LAPD and the city have brought new requirements to CSC, we have developed a process with the city to identify new requirements, prioritize them, and develop a schedule to deliver them to the city. Many of these new features have been incorporated at no additional cost to the city. In accordance with our process, CSC and Google will provide the city with a timeline for developing and incorporating these new security requirements."

CSC's statement continued: "We recognize the importance of the security requirements, and CSC is working with the city to reach a solution to completing them. In the case of these and other new requirements, CSC will proactively work with the city to follow the change control process and find the right solutions to support our contract obligations. CSC, however, cannot be held accountable for requirements that were not established by the city in its RFP or by contract, or for additional requirements not introduced through the city’s change-control processes established in the contract between CSC and the city."

L.A. tapped Google and solution provider CSC in late 2009 to move city employees off of its aging Novell GroupWise system to Google Apps for Government for cloud computing, e-mail and collaboration. In July 2010, the Los Angeles cloud project hit delays and Google and CSC had missed the June 30, 2010 deadline to complete the project. The delay, the city and Google said at the time, stemmed from security concerns from some city agencies, namely the LAPD and other public safety organizations that were concerned with how sensitive data would be handled in a cloud environment.

Despite the delays, the L.A. City Council voted in August 2010 to stick with Google Apps for the city-wide cloud computing deployment.