April 13, 2011 Mr. Larry Page CEO, Google Inc. 1600 Amphitheatre

April 13, 2011
Mr. Larry Page
CEO, Google Inc.
1600 Amphitheatre Parkway
Mountain View, CA 94043
Dear Mr. Page:
As a member of the California State Senate who sits on the Senate Sub-Committee on Privacy, and is very
interested in internet security issues, I respectfully request that you clarify your company’s position on the
claims made in recent news stories about Google.
It is my understanding that while attempting to secure operating contracts with government agencies,
Google stated on a marketing page that its “Google Apps for Government” platform had been certified by
the General Service Administration to be in accordance with security standards promulgated by the Federal
Information Security Management Act. Recently, it has been asserted this claim was a misrepresentation,
and “Google Apps for Government” is not, in fact, officially certified.
The Los Angeles Times reported: “Google said that the consumer and business versions of its office
software — Google Apps — did receive the federal certification in July, and that its government version is
essentially the same product, only with further security enhancements.” Would you please clarify whether
or not the “Google Apps for Government” platform, specifically, has been certified to meet security
standards set forth in the FISMA by the GSA, as stated on your company’s website?
Secondly, a recent article in Politico reported concerns over “whether Google’s email service, Gmail, has the
security features necessary for [Los Angeles’] 13,000 police department employees, among others.” What
inadequate security features, if any, prevent the migration of these employees to the Gmail system?
Thank you for your attention to this matter.
Joel Anderson
cc: Leslie Miller, Public Policy Manager, Google Inc.
Jonathan Ross, KP Public Affairs