Police communicationLAPD abandons plans to move to Google cloud server

Published 4 January 2012

The Los Angeles Police Department (LAPD) recently announced that it had scrapped its plans to move its email servers to a Google-based cloud system citing the technology’s inability to meet certain FBI security requirements

The Los Angeles Police Department (LAPD) recently announced that it had scrapped its plans to move its email servers to a Google-based cloud system citing the technology’s inability to meet certain FBI security requirements.

Two years ago Los Angeles began moving city departments to a Google cloud platform, but due to recent complications, the LAPD will continue using its existing Novell GroupWise applications while the rest of the city migrates to the cloud.

As a result of its failure to comply with federal security standards, Google has agreed to pay as much as $350,000 a year for the LAPD to maintain its GroupWise licenses as well as reducing the amount it charges the rest of the city for the use of Google Apps. Meanwhile, CSC, the project’s system integrator, has also agreed to reduce its initial fee by $250,000.

In a joint letter, Gerry Miller, Los Angeles’ chief legislative analyst, and Miguel Santana, the city’s chief administrative officer, explained that amending the original 2009 contract with Google and CSC was necessary because Google’s cloud could not meet the FBI’s security standards for Criminal Justice Information Systems (CJIS).

Miller and Santana were careful to mention that “although CSC does not have the technical ability to comply with the City’s security requirements, it should be noted that the DOJ requirements are not currently compatible with cloud computing.”

CJIS, one of the world’s largest databases for criminal records and fingerprints, is accessible to law enforcement agencies around the United States so long as they meet stringent security standards set forth by the FBI. These requirements include regulations regarding the access, sharing, encryption, transmission, storage, and destruction of data.

City administrators did not specify what security requirements Google and CSC failed to comply with, but the program has been plagued with delays and complications from the start.

In December of 2010, Randi Levin, Los Angeles’ chief technology officer, sharply criticized Google and CSC for repeatedly failing to meet deadlines regarding security requirements for the LAPD’s system migration.

According to Levin, project delays had forced the police department to shift nearly 2,000 users who had already moved to Google’s new email system back to the old platform. In addition, the delay also resulted in the interruption of the migration of an additional 4,000 users to the new system last October.

In defense of its work, Google insisted that the LAPD’s security requirements were not included in the original contract. In addition, the tech giant admitted that the FBI’s standards for CJIS are not only incompatible with Google’s cloud platform, but all cloud platforms, creating a challenge for any tech company seeking to move law enforcement systems to the cloud.

“We’re disappointed that the City introduced requirements for the LAPD after the contract was signed that are, in its own words, ‘currently incompatible with cloud computing,’” Google said in a statement. “We realize this means the LAPD may not be joining the 17,000 other City employees successfully using Google Apps.”

Jeff Gould, the CEO of Peerstone Research, an IT consulting firm, speculated that Google’s problems could have stemmed from the FBI requirement for all IT contractors to pass a criminal background check and sign an FBI Security Addendum.

With much of Google’s support staff for government Google Apps servers based in Europe, many contractors may not have been willing to sign the addendum, Gould said.

The FBI does not require support personnel to be based in the United States, but according to Gould, European laws make it difficult for Google to compel European employees to submit to FBI screening and fingerprinting.

Gould went on to say that it was incorrect of Google to claim that CJIS requirements are incompatible with cloud platforms as the tech company along with CSC should have known about the FBI’s security standards as they were clearly outlined in the original contract.