After more than two years of trying, the City of Los Angeles has abandoned plans to migrate its police department to Google's hosted email and office application platform saying the service cannot meet certain FBI security requirements.
As a result, close to 13,000 law-enforcement employees will remain indefinitely on the LAPD's existing Novell GroupWise applications, while other city departments will use the Google Apps for Government cloud platform.
Council members last week amended a November 2009 contract the city has with systems integrator Computer Science Corp. (CSC) under which CSC was supposed to have replaced LA's GroupWise e-mail system with Google's email and collaboration system. Under the amended contract, the LAPD will no longer move its email applications to Google.
Instead, Google will pay up to $350,000 per year for the LAPD to maintain its GroupWise licenses for the entire term of the CSC contract and any extensions beyond that. Google will also substantially reduce the amount it charges for the rest of the city's use of Google Apps. Under the amendment, CSC too will reduce its initial integration fee for the project by $250,000.
Earlier this month, LA's chief legislative analyst, Gerry Miller, and its chief administrative officer, Miguel Santana, said the contract amendment was necessary because the Google service could not be brought into compliance with the FBI's Criminal Justice Information Systems (CJIS) requirements.
"Although CSC does not have the technical ability to comply with the City's security requirements, it should be noted that the DOJ requirements are not currently compatible with cloud computing," the two wrote in a memo to council members.
The CJIS database is maintained by the FBI and is one of the world's largest repositories of criminal history records and fingerprints. The records are accessible to law enforcement officials around the country, but all entities authorized to access the database are required to comply with a strict set of security requirements pertaining to the manner in which the data is accessed, shared, transmitted, stored and destroyed. The security requirements include encryption of all data, both in transit and at rest, and FBI background checks on anyone who accesses the database. The policy applies to anyone with access to the database, including contractors.
The contract amendment proposal recommended by Miller and Santana does not make it clear how Google and CSC failed to comply with those requirements.
In the past however, city officials have not minced words in expressing their frustration over the issue. In a strongly worded notice of deficiencies to CSC last December, LA CTO Randi Levin blasted Google and CSC for repeatedly committing to deadlines for implementing the security requirements but then failing to meet them. At the time, Levin noted that the delays had forced the LAPD to move about 1,900 users who had migrated to Google's new email system back to the old GroupWise platform. The delay also caused the LAPD to postpone its planned migration of 4,000 more users to the new system last October, Levin said.
In April, the Los Angeles Times reported that the city was considering suing Google and CSC over their delay in implementing the CJIS security requirements, which both companies had agreed to implement previously.
Google maintains that the LAPD's security requirements were never part of the original contract. The company claims that the security requirements were introduced only after the migration to Google Apps was well underway at LA. According to the company, CJIS requirements are incompatible with cloud computing environments, and therefore present a unique challenge not just for Google but any cloud vendor attempting to migrate a law enforcement system to the cloud.