GOOGLE, INC. et al v. USA
Filing
36
REDACTED MOTION for Judgment on the Administrative Record Reply to Defendant's and Defendant-Intervenor's Opposition to Plaintiffs' Motion for Preliminary Injunction, and Response to Defendant-Intervenor's Motion to Dismiss (Agreed-to Public Version), filed by GOOGLE, INC., ONIX NETWORKING CORPORATION.(Nucci, Katherine) Modified on 12/20/2010 (dls).
<![CDATA[
GOOGLE, INC. et al v. USA
Doc. 36
IN THE UNITED STATES COURT OF FEDERAL CLAIMS Bid Protest
GOOGLE, INC.,
) ) )
AGREED-TO PUBLIC VERSION
and
ONIX NETWORKING CORPORATION
Plaintiffs,
y.
) )
)
)
) )
) )
) )
No. 10-743 C
Judge Braden
THE UNITED STATES, Defendant,
)
)
and
SOFTCHOICE CORPORATION,
) ) ) )
)
Defendant-Intervenor.
) ) )
Plaintiffs' Motion For Judgment On The Administrative Record, Reply To Defendant's And Defendant-Intervenor's Oppositions To Plaintiffs' Motion For Preliminary Injunction, And Response To Defendant-Intervenor's Motion To Dismiss
Timothy Suffivan 1909 K Street, N.W., 6th Floor Washington, D.C. 20006 (202) 585-6930 (tel.) (202) 508-1028 (fax) Attorney of Record for Plaintiffs Google, Inc. and Onix Networking Corporation
Of Counsel: Katherine S. Nucci Scott F. Lane Thompson Coburn LLP
Dated: December 3, 2010
Dockets.Justia.com
TABLE OF CONTENTS
I.
STATEMENT OF FACTS ("SOF") THE COURT HAS JURISDICTION TO DECIDE, AND PLAINTIFFS HAVE STANDING TO BRING, THIS CASE
3
II.
19 19
21
III.
The Court's Relevant Bid Protest Jurisdiction Google And Onix Are Prospective Bidders Google And Onix Have A Direct Economic Interest In The Procurement DEFENDANT'S PROCUREMENT ACTIONS VIOLATED STATUTORY AND REGULATORY REQUIREMENTS
Standard of Review
25
27
29
DOl Pre-selected Microsoft in Violation of CICA and FAR Subpart
6.3
30
33
IV.
V.
DOl's Post Hoc Actions And Justifications Were Tailored To Support Its Improper Pre-Selection And Were Not Rationally Based 1. DOl's Post Hoc Market Research 2. DOl's Requirement for a Federal-Government-Only Cloud (Often Mistakenly Referred To As A Private Cloud) Types of Computing Clouds DOI's Risk Assessment DO! Did Not Rationally Consider Whether Sharing A Cloud With State And Local Governments Would Be An Acceptable Alternative To A Cloud With Only Federal Government Customers How Security Risk Should Be Assessed And The Significance Of FISMA 3. DOl's Selection Of The BPOS-Federal Community Cloud Was An Irrational Choice PLAINTIFFS WILL SUFFER IRREPARABLE HARM IF THE INJUNCTION IS NOT GRANTED
THE BALANCING OF HARM FAVORS ISSUANCE OF THE INJUNCTION THE PUBLIC INTEREST FAVORS ISSUANCE OF AN INJUNCTION
CONCLUSION
34
37 37
39
42 46
49 53
54
54 55
VI.
VII.
TABLE OF AUTHORITIES
Cases
210 Earll, L.L.C. y. United States, 77 Fed. Cl. 710 (2006)
Advanced Systems Technology, Inc. y. United States, 69 Fed. Cl. 474 (2006)
42
55
Ala. Aircraft Indus. Inc.-Birmingham y. United States, 586 F.3d 1372 (Fed. Cir. 2009) Allied Materials & Equipment Co., Inc. y. United States, 81 Fed.C1. 448 (2008)
29
26 24
Am. Fed'n of Gov't Employees y. United States, 258 F.3d 1294 (Fed. Cir. 2001)
ATA Defense Industries, Inc. y. United States, 38 Fed.C1. 489 (1997) BioFunction, LLC y. United States, 92 Fed.C1. 167 (2010)
24, 30
31 19
Blue & Gold Fleet L.P. y. United States, 492 F.3d 1308 (Fed.Cir. 2007) CCL, Inc. y. United States, 39 Fed. Cl. 780(1997) Centech Group, Inc. y. United States, 554 F.3d 1029 (Fed. Cir. 2009)
CHE Consulting, Inc. y. United States, 552 F.3d 1351 (Fed.Cir. 2008)
Cincom Sys., Inc. y United States, 37 Fed. Cl. 266 (1997)
24
29
30
55
Cobell y. Norton, 394 F.Supp.2d 164 (D.D.C. 2005)
CS-360, LLCv. United States, 94 Fed.C1. 488 (2010)
48, 49
26
Distributed Solutions, Inc. y. United States, 539 F.3d 1340 (Fed. Cir. 2008)
Henke y. United States, 60 F.3d 795 (Fed.Cir. 1995)
passim
19
Impresa Construzioni Geom. Domenico GarujI y. United States, 238 F.3d 1324 (Fed. Cir. 2001) Information Tech. & Applications Corp. y. United States, 316 F.3d 1312 (Fed.Cir. 2003)
Kenney Orthopedic, LLC y. United States, 88 Fed.Cl. 688 (2009)
29
27
19
55
Magellan Corp y. United States., 27 Fed. Cl. 448 (1993)
Magnum Opus Technologies, Inc. y. United States, 94 Fed.Cl. 512 (2010)
20, 26, 27
MCI Telecommunications Corp. y. United States, 878 F.2d 362 (Fed. Cir. 1989)
Myers Investigative & Sec. Servs. y. United States, 275 F.3d 1366 (Fed. Cir. 2002)
22
22
Pure Power!, Inc. y. United States, 70 Fed. Cl. 739 (2006)
RAMCOR Services Group, Inc. y. United States, 185 F.3d 1286 (Fed. Cir. 1999)
Raymark Indus., Inc. y. United States, 15 C1.Ct. 334 (1988)
22
21
20 30, 36
42
22
19 31
Redland Genstar, Inc. y. United States, 39 Fed.C1. 220 (1997) Reilly's Wholesale Produce y. United States, 73 Fed. Cl. 705 (2006) Rex Service Corp. y. United States, 448 F.3d 1305, (Fed. Cir. 2006)
Reynolds y. Army & Air Force Exch. Serv., 846 F.2d 746 (Fed.Cir. 1988)
Russell Corp. y. United States, 537 F.2d 474 (Ct.Cl. 1976) Savantage Financial Services, Inc. y. United States, 81 Fed.C1. 300 (2008) Sommers Oil Co. y. United States, 241 F.3d 1375 (Fed. Cir. 2001)
Weeks Marine, Inc. y. United States, 575 F.3d 1352 (Fed. Cir. 2009)
23
31
25, 26
Statutes and Regulations
18U.S.C.1831
18 U.S.C. § 1905
43 43
28 U.S.C. § 1491(b)(1)
28 U.S.C. § 149 1(b)(4)
20
29
19
31 U.S.C. § 3553(c)(1)
41 u.s.c. § 253(a)(1)(A)
30
21
41 u.s.c. § 403(2)
5 u.s.c. § 552
43
s u.s.c. § 706
5 u.S.C. § 706(2)(A)
FAR (48 C.F.R.) 6.302-1(c)
29 29 10, 31, 32
FAR (48 C.F.R.) 6.303-1
31 31
FAR (48 C.F.R.) 6.303-2 FAR (48 C.F.R.) 6.304
31
IN THE UNITED STATES COURT OF FEDERAL CLAIMS Bid Protest
) )
GOOGLE, INC.,
and
)
) )
AGREED-TO PUBLIC VERSION
ONIX NETWORKING CORPORATION
Plaintiffs,
y.
) ) )
) )
)
) )
No. 10-743 C
Judge Braden
THE UNITED STATES,
) )
) )
Defendant,
and
SOFTCHOICE CORPORATION,
)
) ) )
Defendant-Intervenor.
) )
Plaintiffs' Motion For Judgment On The Administrative Record, Reply To Defendant's And Defendant-Intervenor's Oppositions To Plaintiffs' Motion For Preliminary Injunction, And Response To Defendant-Intervenor's Motion To Dismiss
Plaintiffs Google, Inc. ("Google") and Onix Networking Corporation ("Onix") hereby submit their Motion for Judgment on the Administrative Record and Reply to Defendant's and
Defendant-Intervenor' s Oppositions to Plaintiffs' Motion for Preliminary Injunction ("Def.
Opp." and "mt. Opp."), as well as Plaintiffs' Response to Defendant-Intervenor's Motion to Dismiss ("Dismissal Motion"). For the reasons described herein, the Court should grant
Plaintiffs' Motion on the grounds that the Department of the Interior ("DOT") improperly
5253334.1
selected the Microsoft product on a sole-source basis to satisfy DOT's requirement for a unified, agency-wide messaging system.
The Def. Opp. selectively described the facts to make it appear that, after conducting exhaustive market research into various messaging products and computing cloud models, DOl reasonably determined that only the Microsoft Business Productivity Online Suite-Federal
("BPOS-Federal") could satisfy DOI's minimum needs. In reality, the Administrative Record
("AR") paints a very different picture. The AR shows that DOl chose a Microsoft solution - one
that preceded Microsoft' s launch of BPOS-Federal by many months - more than a year ago without a sole-source justification pursuant to Federal Acquisition Regulation ("FAR") Subpart 6.3 and solely because DOl had established the Microsoft Office suite as a departmental standard
in a standardization memo issued in September 2002. DOl then developed its requirements or
"minimum needs" collaboratively with Microsoft in the ensuing months, leading to the June
2010 "proof of concept" project to migrate the Bureau of Indian Affairs ("BIA") to the Microsoft solution and, ultimately, to DOI's Request for Quotations ("RFQ") issued on August 30, 2010
for the purpose of completing the migration to DOl's other offices and bureaus. DOI's so-called
extensive market research was tailored after the fact in 2010 to support the 2009 sole-source
selection of a Microsoft solution. There is no dispute that DOT has had problems with its disjointed e-mail system, or that DOT needs a secure, unified messaging solution to replace the 13 systems currently owned and
operated by the various DOT bureaus and offices. These problems and needs, however, do not trump the Competition in Contracting Act's ("CTCA") mandate for full and open competition, and DOT's post hoc justifications for the selection of Microsoft's solution do not stand up under
close scrutiny. Google's messaging solution, Google Apps for Government, was given no
2
serious consideration by DOT, and DOl did nothing to assess the security of Google's cloud model even though Google Apps is the only computing cloud to have successfully undergone the rigorous certification and accreditation ("C&A") process for Federal Information Security Management Act ("FISMA") authorization. There is more than one responsible source for a secure, unified messaging solution
provided in a cloud computing environment and, thus, DOT has improperly circumvented
CICA's requirements for a competitive procurement.
I.
STATEMENT OF FACTS ("SOF")
1.
Between November 2007 and May 2009, DOl's Chief Technology Officer
("CTO")
AR Tab 14, pp. 175-77. DOl has had access to Gartner analysts and
materials
AR Tab 34. On April 15, 2009,
AR Tab 14, p. 176. On April 27, 2009,
Id. On May
14, 2009,
." Id. Later, on May 28, 2009,
I
3
" Id. atp. 177.
2.
In June 2009, DOl started
." Id. at p. 180. According to the
document in the AR, the
was last updated on
and
AR Tab 33.' The
that it is DOl's intention'
because DOT had'
states
"and'
Id.atp. 1098. Thescopeofthe
"(ji 1099) starting with a
Id. at pp. 1100-01. The
Based on discussions with Defendant' s counsel, it is unclear whether the
4
Id. atp. 1106.
The
further stated that
,,
This support would include
." Id. atp. 1107.
DOl's CTO, Mr. William Corrington, was the
,
and Mr. Andrew
Jackson, DOT's Deputy Assistant Secretary for Human Capital, Performance and Partnerships, was designated as
." Id. at pp. 1093 and 1100.
DOT asked Gartner
.
In a letter dated
October 16, 2009, Gartner advised DOl that
." AR Tab 14, p. 181. Further, Gartner stated"
5
5.
Asthe
,DOI
E-mails
contained at Tab 32 of the AR evidence
See Exhibit A attached hereto.2 DOl and Microsoft
(AR Tab 32, pp. 1088-89)
and
(Exhibit A, pp. 1-3). Both Mr. Jackson and Mr. Corrington
described by Mr. Corrington
on January 8, 2010 as DOT's'
AR Tab 32, pp. 1050-5 1. Even
,,
AR Tab
32, pp. 1046, 1048 and 1050; Exhibit A, p. 2. On February 6,
Id. at pp. 1045-46.
responded by
2 Exhibit A is a chronological summary of events from April 2009 to August 2010 as reflected in e-mail exchanges and other documents contained at various Tabs in the AR. The document is not a supplement to the record but was created to facilitate the Court' s review of the record, most particularly the lengthy and repetitive e-mail threads contained at Tab 32.
." Id. atp. 1045.
During this same time frame in mid-to-late 2009, Google representatives were
attempting to engage DOl officials in substantive discussions about Google's ability to meet DOT's unified messaging requirements. Mr. Corrington met with Google's Mr. Dave Standish on July 8, 2009 to discuss DOl's goals and Google's interest in meeting those goals, but subsequent Google requests for meetings were either ignored or declined. Exhibit A, pp. 1-2 (referencing AR Tab 6). On September 15, 2009, Google publicly announced its intent to create
a Google Apps cloud computing environment dedicated only to government customers, and that Google was near the completion of its FISMA C&A package to be submitted to the Government
by the end of the year. See http://googleenterprise.blogspot.com/2009/09/google-apps-andgovernrnent.html.
Consistent with
DOT awarded a task order to
." ARTab36.
." Id. at p. 1176. The task order had a six-month period of
performance. Id. atp. 1179.
On February 18, 2010, DOl finally agreed to a Google request for a meeting. Mr.
Corrington, Mr. Jackson and another DOl official, Mr. Bernard Mazer, met with three Google
7
representatives, including Google's Vice-President of North America. Exhibit A, p. 2
(referencing AR Tab 6); see also AR Tab 9, p. 1 50. The meeting agenda included executive
introductions, an update of the FISMA certification status of Google's cloud messaging solution,
and Google's expressed desire for further, more detailed discussions regarding Google's ability
to meet DOT's requirements. Complaint, ¶ 7. On February 24, 2010, Microsoft publicly announced its plans to launch BPOS-
Federal. AR Tab 32, P. 1044. Microsoft's press release stated that BPOS-Federal "is launching
today for U.S. federal government agencies, related government contractors and others that
require the highest levels of security features and protocols." Complaint, ¶ 40.
In April 2010, Google's Mr. Standish made further requests to meet with DOT
officials. Exhibit A, p. 3 (referencing AR Tab 6 and Tab 32 e-mails). On April 28, 2010, Mr.
Corrington and Mr. Mazer attended a public Google presentation on cloud computing for
government IT leaders. AR Tab 9, p. 150. After the presentation, Mr. Corrington informed
Google's representatives that "a path forward had already been chosen" for DOT's messaging solution and there would be no opportunity for Google to compete because its solution did not
meet DOl's security requirements. Complaint, ¶ 8.
Google addressed its reaction to Mr. Corrington's statements, and its concerns
about DOI's strategy, in a letter dated May 17, 2010 sent to Ms. Debra Glass, DOI's Chief of
Acquisition Management. AR Tab 2. Google's letter described how its Google Apps solution
was a competitive alternative for DOl and why a solicitation restriction for a Microsoft solution
Tab 9 purports to be a summary of meetings and other interactions between DOT and Google prepared by Mr. Corrington based on his meeting notes. This summary presents a one-sided, self-serving description of the discussions at the referenced meetings and, as such, has little probative value as to the actual discussions (particularly what was said by Google's representatives) that took place at the referenced meetings.
8
was contrary to CICA' s competition requirements. Google requested that Ms. Glass investigate Google's concerns and that the anticipated solicitation be revised to allow for the offer of Google
Apps as a potential solution. Ms. Glass forwarded the letter to Mr. Corrington, stating" ." AR Tab 6, p. 101.
Around this same time, DOT was
AR Tab 32, p. 1036
"); see also AR Tab 31, p. 859 (Corrington June 4
memo regarding
).
The record does not explain why or how DOl
On May 27, 2010, Ms. Glass sent an invitation to Google to make a presentation
of the Google Apps solution. AR Tab 4. The letter made no reference to Google's May 17
letter; instead, it referenced the "market research discussions" at the February 18 meeting. DOT asked Google to address how its solution meets each of 11 stated requirements at a meeting to be held at DOT headquarters. Referencing market research conducted from October 2009 through
March 2010 by a third-party vendor (i. e.,
), the letter stated that "[t]he information
obtained from the market research will be used to improve the Government's knowledge of private industry's commercial and government practices and capabilities" and that "[m]arket research sessions are the preliminary steps taken to enhance a procurement strategy." Id. at p.
48.
Google made its presentation at a meeting held on June 9, 2010 that was attended by six DOT officials, including Mr. Jackson and Mr. Corrington. AR Tab 9, p. 151; AR Tab 14,
9
p. 184-85. According to Mr. Corrington's summary of his meeting notes, Google's
representatives informed DOl that Google was incapable of providing service on a dedicated infrastructure and that Google' s "community cloud" for government customers (federal, state
and local) would satisfy DOT's needs.
15.
On that very same day, Mr. Corrington
("
'). AR Tab 3 lA. According to
Id. atp. 1003.1. Section8ofthe
Id. atp. 1003.3. This
section further states that,
16.
Based on the
Section 5 of the
Ici atp. 1003.2.
Id. atp. 1003.4.
Finally, the
Id. at pp. 1003.7-1003.10.
On June 10, 2010, DOT issued Modification No. 0003 to
ARTab31,p. 855. The
prices are for
'p.
901. Exhibit J to the
Id. atp.902.
On June 17, 2010, Google sent DOT's Mr. Jackson a letter thanking DOl for the opportunity to make the presentation on June 9, stating that Google Apps could meet or exceed
DOT's requirements, and explaining Google's view that aprivate cloud was neither necessary nor
reflective of industry "best practices." Google's letter stated that DOI's security concerns could
be addressed in the same manner as a recent GSA solicitation for enterprise e-mail and collaboration services from a commercial provider of cloud computing services and software,
wherein
s Statement of Objectives required the contractor to "provide security controls that
are confirmed to meet the security standards for Moderate Impact systems as described in NTST
SP 800-53 with an accepted Certification and Accreditation (C&A)." By stating its needs in
such a manner, Google stated that DOT and the taxpayers would benefit from a much more
robust competition.4 AR Tab 5.
Mr. Jackson sent Google's Mr. Standish an e-mail the following day to thank Google for the presentation and the June 17 letter. Mr. Jackson asked Google questions about
when the complete government-only community cloud, and elements of the cloud, would be
available. Mr. Jackson further stated:
Also, I feel I need to clarify a misconception noted in your letter. As I stated last week, DOl has not finalized its procurement strategy for the planned cloud messaging solution. We continue to evaluate all options in light of our business requirements.
AR Tab 32, p. 1034 (emphasis added). DOl's Competition Advocate, who had received a copy
of Google' s June 17 letter, also wrote to Mr. Standish stating that her office was "confident that
Google, and all interested parties, will be treated fairly during the process." Id. at p. 1033.
On June 23, 2010, Mr. Standish responded to Mr. Jackson's questions regarding
the current availability of Google Apps and the messaging functionality. Regarding Mr.
Jackson's assurances that DOT's procurement strategy was not yet finalized, Mr. Standish wrote: Finally, we are encouraged by your clarification that the DOl has not finalized its procurement strategy for the planned cloud messaging solution and is continuing to evaluate all options in light of DOT's business requirements. However, we believe you should know that we continue to hear very disconcerting rumors that project deployment activities are already underway to migrate the DOl to a pre-determined messaging solution notwithstanding the lack of any legitimate market research or a "full and open" competition for the DOI's messaging solution. We would On December 1, 2010, GSA announced its award of a five-year task order pursuant to the referenced solicitation, stating that "GSA is the first federal agency to move e-mail to a cloudbased system agencywide." The $6.7 million award was made to Unisys Corp, which partnered with Google and two other companies. See www.gsa.gov (Latest News - "GSA Becomes First Federal Agency to Move E-mail to the Cloud Agencywide"). Under this Unisys task order, GSA's entire e-mail system will move to Google's government community cloud.
therefore appreciate your confirmation that product selection remains part of DOl' s procurement strategy that is currently being defined.
AR Tab 32, p. 1029-30.
Later that same day, Mr. Jackson sent Mr. Standish an e-mail seeking clarification of when Google's complete government-only messaging solution would be available because Mr. Standish's explanation appeared to conflict with statements made during the June 9
presentation. As to Mr. Standish's concerns about the rumors Google was hearing, Mr. Jackson
again sought to allay those concerns:
As for the "disconcerting rumors" you allude to below, I would encourage you to treat rumor and innuendo as just that. As I am sure you are aware, moving from 13 separate messaging platforms to 1 messaging instance is necessarily a traumatic process for many of our bureaus. It is one of the challenges of bringing transformative change to a very decentralized department. We have of course required our bureaus to commence preparations for a migration to our new messaging system, and we believe these preparation activities will be useful for a successful migration, no matter .which messaging provider is ultimately selected. If you are being told otherwise, I would request that you recommend that your source contact me directly, so that I can help correct any misconceptions.
AR Tab 32, pp. 1026-27 (emphasis added).
The next day, June 24, Mr. Standish answered Mr. Jackson's questions by stating
that Google's engineering team had delivered the government-only cloud ahead of schedule, and reiterating that Google would contractually commit to meeting any DOl-specified
implementation timelines "given the importance of the DOl as a Google customer." Further, Mr.
Standish stated:
Finally, I want to thank you for again confirming that the procurement strategy and product selection are still being evaluated by the DOT. As you can see, Google is sincerely interested in the opportunity to compete for the DOl's business.
Please let us know if you need any additional details on our products or our FISMA certification and accreditation package.
AR Tab 32, p. 1023.
Mr. Jackson forwarded Mr. Standish's e-mail to many colleagues with the
following message:
." AR Tab 6, p. 114. Mr. Jackson did not respond to
subsequent e-mails from Mr. Standish, except to tell Mr. Standish to address all correspondence
to Ms. Glass. Exhibit A, p. 5 (referencing e-mails at AR Tabs 6 and 32).
DOT issued its "Risk Assessment of Cloud Deployment Models for Department of
the Interior Unified Messaging" ("Risk Assessment") on June 29, 2010. AR Tab 11. DOT used a
framework developed by the Cloud Security Alliance ("CSA")5
As defined by the National Institute of Standards and
Technology ("NIST"), a cloud "solely dedicated to DOT" is a private cloud whereas a cloud
dedicated "to DOT and other Federal government customers only" is a community cloud. Id., p.
162. The Risk Assessment discussed
The Cloud Security Alliance is a not-for-profit organization formed as a "grassroots effort to facilitate the mission to create and apply best practices to secure cloud computing." AR Tab 14S, p. 305.
Ici., p. 166. The Risk Assessment contradicts itself by Moreover, the Risk Assessment does not mention
Also on June 29, 2010,
issued a report summarizing its market research.6
AR Tab 12. The
report states that its research included'
Id., pp. 170 and 172. The abbreviated report
." After
.
The report concludes that only BPO S-Federal"
." Id., p. 171.
DOl issued
onJuly 15, 2010. Thefirst
AR Tab 16. The decision states that no
6
It is not clear why
Id., p. 761. The second
AR Tab 15. The decision addresses the
The decision
concludes that, among other things, DOT requires"
." Id., p. 756.
On July 26, 2010, Google publicly announced that its Google Apps had received
FISMA certification and that Google Apps for Government had been launched. Google's Mr. Standish notified Mr. Corrington of the FISMA certification on August 2, 2010. AR Tab 6, p.
108. Mr. Standish asked Mr. Corrington to "confirm what next steps DOT has planned for a
competition and selection of a messaging solution for the Department." Id. Mr. Standish sent
another e-mail the same day inquiring about DOT's next steps and what Google could do to show
DOT that Google Apps for Government "can help advance successful mission outcome by the
Department." Id., pp. 109-10. Mr. Corrington responded that Mr. Standish should direct all
correspondence to Ms. Glass, the Bureau Procurement Chief. Id, p. 110. On August 11, 2010, Google's Mr. Standish sent another e-mail to Mr. Jackson
and Ms. Glass because Google had just learned of the POC project. Mr. Standish stated:
As you surely recognize, it is very troubling to learn that this project was being developed behind-the-scenes while we were being provided with repeated assurances of a full and open competition. Google is making the following requests of DOT:
We request that the DOT provide an explanation of how the pilot, meets the Competition in Contracting Act' s requirements for full and open competition and how it comports with your statements that the DOT has not finalized its procurement strategy. We request that DOT immediately award and undertake a similar pilot for Google Apps to fully evaluate and compare the technologies. Such action would be consistent with your statement that DOT is continuing to explore all options regarding the best means for satisfying its messaging system requirements.
As we have repeatedly stated, Google seeks only a fair and equal opportunity to compete for the DOT's messaging system as we firmly believe that Google's solution offers the best value to the Government. I look forward to your prompt response to this communication.
AR Tab 32, pp. 1004-05. Mr. Standish also sent an e-mail to Mr. Corrington seeking his
feedback on the Google Apps for Government announcement. AR Tab 6, p. 111. No one at DOl
responded to either of Mr. Standish's e-mails.
29.
Google's announcements of its Google Apps for Government product offering
and its FISMA certification prompted an internal reaction at DOl. In a memorandum to Mr.
Jackson and Ms. Glass, dated August 20, 2010, Mr. Corrington addressed
AR Tab 21. Mr. Corrington expressed his opinion that the
." Ici., p. 784. The memo then
referenced and quoted from a news article in the online publication Washington Technology
Assuming the accuracy and truth of this article, but without
- 17-
any attempt at verification, Mr. Corrington concluded that the
Id. Regarding Google's FISMA
certification, Mr. Corrington
Id., pp. 784-85.
The memo omitted the obvious fact that, regardless of the newness of cloud computing
technology,
See AR Tab 14KK, ," pp. 702-05
(describing federal laws and guidance that specify requirements for protecting federal systems
and data). Mr. Corrington's memo also failed to note that BPOS-Federal is
FISMA-certified.
DOl published a Limited Source Justification pursuant to FAR 8.405-6 and in
support of the RFQ that was issued on August 30, 2010. AR Tab 27. The Limited Source
Justification, executed by various DOl officials between August 19 and August 30, addresses the same concerns and rationale contained in the prior justifications, concluding that BPOS-Federal is the only commercial product that satisfies DOT's requirements. Id., pp. 847-48.
DOl issued the RFQ on August 30, 2010 via GSA c-Buy. Consistent with DOT's
Project Plan developed more than a year earlier, the RFQ represents the continuation of the POC project and completion of the migration of all DOl users to the BPOS-Federal messaging
solution. AR Tabs 22-30.
II.
THE COURT HAS JURISDICTION TO DECIDE, AND PLAINTIFFS HAVE STANDING TO BRING, THIS CASE
The facts show that Google continuously demonstrated its desire and commitment to
provide a messaging solution to meet DOT's needs throughout the period of DOl's alleged market research, and there is no doubt that, but for the restrictions articulated in the Limited Source Justification, Plaintiffs would have submitted a proposal in response to the anticipated
solicitation. Contrary to the Defendant-Intervenor's position, urged upon the Court in its
Dismissal Motion, the Court clearly possesses jurisdiction to decide Plaintiffs' protest against DOT's violations of law in connection with a procurement. Moreover, under applicable
precedent, Plaintiffs have standing to bring this action.7
A.
The Court's Relevant Bid Protest Jurisdiction
When deciding a motion to dismiss for lack of subject matter jurisdiction, the Court is "obligated to assume all factual allegations to be true and to draw all reasonable inferences in plaintiffs favor." Kenney Orthopedic, LLC y. United States, 88 Fed.C1. 688, 697 (2009), quoting Henke y. United States, 60 F.3d 795, 797 (Fed.Cir. 1995). Nonetheless, a plaintiff bears the
burden of establishing jurisdiction by a preponderance of the evidence. See Reynolds y. Army &
Air Force Exch. Serv., 846 F.2d 746, 748 (Fed.Cir. 1988). In doing so, a plaintiff need only set
Plaintiffs acknowledge that Onix, unlike Google, did not file a protest at the GAO before proposals were due in response to the RFQ. Defendant-Intervenor cited the decision in Blue & Gold Fleet L. P. y. United States, 492 F.3d 1308 (Fed.Cir. 2007), in support of its argument that Onix lacks standing. Dismissal Motion at pp. 10-12. The underlying rationale for the Federal Circuit's holding in Blue & Gold was Section 149 1(b)'s mandate that "the courts shall give due regard to the interests of national defense and national security and the needfor expeditious resolution of the action." Id. at 1313 (emphasis in original). Since Google filed its GAO protest before proposals were due, DOT was precluded from making a contract award during the pendency of the protest. 31 U.S.C. § 3553(c)(1). Thus, as a practical matter, Onix's joining Google as a plaintiff in this bid protest does not impede or otherwise affect the Court' s adherence to this statutory mandate underlying the holding in Blue & Gold.
forth aprima facie showing of jurisdictional facts to survive a motion to dismiss. Raymark
Indus., Inc. y. United States, 15 Cl.Ct. 334, 338 (1988).
The U.S. Court of Federal Claims has recognized three categories of bid protest
jurisdiction under the Tucker Act: (1) a pre-award solicitation protest, which is an objection to
"a solicitation by a Federal agency for bids or proposals for a proposed contract or to a proposed
award.. .of a contract," 28 U.S.C. § 149 1(b)(1); (2) a post-award contract protest, which objects
to "the award of a contract," id.; or (3) a protest objecting to "any alleged violation of statute or regulation in connection with a procurement or a proposed procurement." Id.; see also Magnum Opus Technologies, Inc. y. United States, 94 Fed.Cl. 512, 527 (2010). This protest fits squarely within the third category because Plaintiffs object to DOT's violations of the Competition in Contracting Act ("CICA") and FAR Subpart 6.3 in connection with DOT's acquisition of a
messaging solution based on the Limited Source Justification. See Complaint ¶J 49, 50, 52.
The U.S. Court of Appeals for the Federal Circuit recently provided additional insight
into the analysis of protests under this third category and observed that "the phrase, 'in
connection with a procurement or proposed procurement,' by definition involves a connection with any stage of the federal contracting acquisition process, including the process for determining a need for property or services." Distributed Solutions, Inc. y. United States, 539
F.3d 1340, 1346 (Fed. Cir. 2008) (quotations omitted). In Distributed Solutions, Inc., the Federal Circuit was deciding an appeal from this Court's dismissal of two software vendors' protest for lack of subject matter jurisdiction. The underlying facts were that the U.S. Agency for
International Development and the Department of State jointly initiated market research through
a Request for Information ("RFI") for commercial off-the-shelf software. Id. at 1342. After
completing their review of the RFI responses, however, the agencies announced that they would
use a specific prime integrator, SRA, to select the vendors that would provide the software. Id.
The award was added to SRA's pre-existing Millennia Government Wide Acquisition Contract ("GWAC") with the General Services Administration ("GSA"), and SRA coordinated with the
agencies to select subcontractors for the necessary software. Id. SRA did not select the software
of Distributed Solutions, Inc. and another vendor, and the two then filed.a protest action with this
Court.
The Federal Circuit reversed this Court' s dismissal of the action, holding that the Court
possessed jurisdiction under the third category of protests. The Court confirmed that the phrase
"in connection with" is "very sweeping in scope" (id. at 1345, quoting RAMCOR Services
Group, Inc. y. United States, 185 F.3d 1286, 1289 (Fed. Cir. 1999)) and the definition of "procurement or proposed procurement" should be given the definition under 41 U.S.C.
§ 403(2). That definition includes "all stages of the process of acquiring property or services,
beginning with the process for determining a need for property or services and ending with
contract completion and closeout." Id. Because the agencies' RFI started the process for
determining the agencies' need for the software, at first to be procured directly from vendors and changed to an indirect procurement through SRA, the Federal Circuit held that the decision to change course was made in connection with a proposed procurement. Distributed Solutions,
Inc., 539 F.3d at 1346.
B.
Google And Onix Are Prospective Bidders
The Dismissal Motion notably avoided decisions on pre-award bid protests based upon
this third category ("in connection with a procurement or proposed procurement"). Rather,
Defendant-Intervenor relies upon a slew of post-award protests that have limited relevance to the
facts in this case.8 Defendant-Intervenor' s focus on these cases evidences a fundamental
misunderstanding of what Google and Unix are protesting. Whether Google or Unix submitted a
proposal or intended to submit a proposal in response to the actual RFQ (that was restricted to offers of a Microsoft product) is irrelevant. Indeed, Defendant-Intervenor' s position is illogical since neither Google nor Unix supplies the specified Microsoft product and any proposal from them obviously would be rejected as noncompliant. Just as the agencies in Distributed Solutions, Inc. initiated market research by soliciting RFI responses from software vendors, DUI initiated market research and had discussions with Google wherein Google repeatedly expressed its interest and commitment to provide its
messaging solution to DOl. See AR Tabs 6 and 32; Complaint ¶J 3-4 (stating that "Google
licenses its products and solutions to customers either through direct agreements or Google' s
licensed resellers" and identifying Unix as a licensed reseller); see also AR Tab 31, pp. 88 1-882
(reflecting an industry practice that even where an agency contracts through resellers, it enters
licensing agreements with the manufacturer); SUF ¶ 2 (
"). Thus, Google and Unix were prospective suppliers for a
proposed procurement that was not restricted to the proposal of the Microsoft BPUS-Federal
solution.
It matters not that DOl ultimately implemented its Limited Source Justification through a
solicitation that was restricted to GSA Schedule 70 contract holders. Despite Defendant-
Post-award protests relied upon heavily by Defendant-Intervenor in this argument include: Rex Service Corp. y. United States, 448 F.3d 1305, (Fed. Cir. 2006); MCI Telecommunications Corp. y. United States, 878 F.2d 362 (Fed. Cir. 1989); Pure Power!, Inc. y. United States, 70 Fed. Cl. 739 (2006); Myers Investigative & Sec. Servs. y. United States, 275 F.3d 1366 (Fed. Cir. 2002). See Defendant-Intervenor's Motion to Dismiss at 5-8.
8
Intervenor' s argument to the contrary, Savantage Financial Services, Inc. y. United States, 81
Fed.Cl. 300, 306 (2008), addressed remarkably similar circumstances. Savantage argued that the
Department of Homeland Security ("DHS") violated statutes and regulations in connection with a "Brand Name Justification" to migrate the DHS agency components to a single financial
management system. The DHS implemented the Brand Name Justification through a solicitation
that was restricted to offerors with Enterprise Acquisition Gateway for Leading-Edge Solutions
("EAGLE") IDIQ contracts. Savantage did not have an EAGLE IDIQ contract or license its
software through any reseller with an EAGLE contract, but it supplies a software product that
competes with those chosen in the Brand Name Justification. The Court held that Savantage had standing to protest the Brand Name Justification. The Court concluded that Savantage was a
prospective bidder because it supplied a competitive product to those selected in the Brand Name
Justification, and DHS knew Savantage could have competed. Id. at 306. DOT's implementation
of the Limited Source Justification through an RFP restricted to Schedule 70 contract holders presents the same situation confronted by the Court in Savantage, and the result on the jurisdiction and standing issues should be the same. Similarly, in Distributed Solutions, Inc., the Court declined to narrow the standing requirements under this third category of bid protests based on the government' s ultimate choice
of a particular contract method, i.e., through SRA's GWAC contract. The Court held that the
Defendant-Intervenor also intermittently attempts to distinguish Savantage because Savantage was an incumbent that had previously supplied software for six of the twenty-two DHS components. However, there is simply no support in Savantage that incumbency is a prerequisite to qualifying as a "prospective offeror" for standing purposes. Although the Court stated that Savantage "clearly could have competed" because it was the incumbent (Id.), Google also made it abundantly clear that it could have competed in a proper competition. See AR Tabs 6 and 32. Further, there is no indication that the protesters in Distributed Solutions, Inc. were incumbents; rather, they established their prospective offeror status by responding to market research. Distributed Solutions, Inc., 539 F.3d at 1344-1345.
vendors were prospective bidders simply because they had responded to an RFI in the initial market research phase'° and were prepared to submit bids pursuant to an anticipated competitive
solicitation. In a decision involving similar facts, this Court aptly described why protesters in the
same situation as Google and Onix qualify as "prospective bidders:" As explained above, applying Section 355 1(2)'s definition of "interested party" to Section 1491(b) would limit potential plaintiffs thereunder to actual and prospective bidders, but there is no indication in the working of Section 3551(2) that Congress intended to go further and exclude from the scope of "prospective bidders" those parties that intended to present a bid but were prevented from so doing in violation of controlling statutes and regulations. Defendant has not presented a viable rationale based in sound contracting policy for Congress to have intended such a result and allow a contracting officer to make a legally erroneous decision not to entertain an offer from a party seeking to compete for contract work, and then to rely upon that decision as the basis for concluding that the party was not an "interested party."
ATA Defense Industries, Inc. y. United States, 38 Fed.Cl. 489, 495 (1997). Finally, Defendant-Intervenor also claims that CCL, Inc. y. United States, 39 Fed. CI. 780
(1997) ("CCL") is no longer good law because it applied a somewhat different definition of
"interested party." Although Defendant-Intervenor is correct that CCL predates Am. Fed'n of
Gov't Employees y. United States, 258 F.3d 1294, 1300-02 (Fed. Cir. 2001) ("AFGE"), the
AFGE Court did not overrule CCL. In fact, CCL also relied upon the CICA definition of
"interested party" to frame its result.. CCL, 39 Fed.Cl. at 790 ("The thrust of the GAO definition,
however, is clearly relevant."). Moreover, there is absolutely no indication the result would have
been different under the AFGE Court's definition because the Federal Circuit has cited CCL 's jurisdictional result approvingly. See Distributed Solutions, Inc., 539 F.3d at 1345, n. 1. Although the vendors had submitted "proposals" in the initial market research, the RFI had made it clear that the proposals were "for market research purposes only" and would "not result in a contract award." Id. at 1342.
Accordingly, CCL remains good law and provides additional support for the conclusion that
Google and Onix qualify as prospective offerors.
C.
Google And Onix Have A Direct Economic Interest In The Procurement
The Court also must reject Defendant-Intervenor's argument that the standard in Weeks Marine, Inc. y. United States, 575 F.3d 1352, 1361-62 (Fed. Cir. 2009) ("Weeks Marine") should not apply because it was limited to pre-award cases where there were no bids or offers submitted.
In Weeks Marine, a contractor filed a pre-award protest alleging that the agency' s decision to
seek negotiated proposals rather than sealed bids violated the CICA. The Court recognized that
there are various tests to determine whether a protester has a direct economic interest in a
procurement and explained that the "substantial chance test" (advocated by Defendant-
Intervenor) has a strange application in a pre-award context because "there have been neither
bids/offers, nor a contract award. Hence, there is no factual foundation for a 'but for' prejudice analysis." Id. at 1361. Accordingly, the Court upheld the determination that "direct economic
interest" could be shown by a "non-trivial competitive injury which can be addressed by judicial
relief." Weeks Marine at 136211; see also Magnum Opus Technologies, Inc., 94 Fed. Cl. at 530-
31 (elaborating on the impracticalities of the "substantial chance test" when the protester alleges a violation of law in a "proposed procurement" and adopting the Weeks Marine standard); Distributed Solutions, Inc., 539 F.3d at 1345 ("The contractors also possess a direct economic interest in the government action at issue in that they were.. . deprived of the opportunity to compete for the provision of [the services].") Defendant-Intervenor advocates for the standard typically adopted in post-award protests.
See Allied Materials & Equipment Co., Inc. y. United States, 81 Fed.Cl. 448, 456-457 (2008)
(comparing the test ultimately adopted by Weeks Marine to the "substantial chance test"). Essentially, Defendant-Intervenor argues that Google and Onix do not possess a direct economic interest in DOT's messaging procurement because neither had a "substantial chance" of receiving
a contract to provide Microsoft products. See Dismissal Motion at p. 8. Defendant-Intervenor
has conveniently ignored the second half of the test it seeks to apply, i.e., "that there was a
'substantial chance' that it would have received the contract award but for the alleged error in the
procurement process." Information Tech. & Applications Corp. y. United States, 316 F.3d 1312,
" Defendant-Intervenor's reliance on a recent decision, CS-360, LLC y. United States, 94 Fed.Cl. 488 (2010), for the proposition that the "substantial chance" test should apply in this case is misplaced. While the Court did ponder whether the Weeks Marine test may only apply to preaward protests where no bids or offers have been submitted, we contend that such a narrow reading of that case would emasculate the rationale for applying a different test in a pre-award protest involving challenges to solicitation improprieties. Although GAO regulations and court precedent require that such protests must be filed before proposals are due in order to be timely, agencies are not required by CICA to stop the submission of bids/offers or to refrain from evaluating those bids/offers while a timely protest is pending. Only the award is stayed automatically by CICA or, in a protest before this Court, if an injunction is issued. It would be wholly unjust and irrational then to subject protesters in the same boat as Plaintiffs (i.e., precluded from competing because of the challenged restrictions in a solicitation) to the "substantial chance" test, especially in light of the fact that the protester in Weeks Marine, which was held to the less stringent "non-trial competitive injury" test, was not precluded from competing by the terms of the challenged solicitation.
1319 (Fed.Cir. 2003) (citations omitted) (emphasis added). Thus, even assuming arguendo that the "substantial chance test" should be applied in this case, Google and Onix could satisfy it. If
the Limited Source Justification did not improperly restrict the product offering to the BPOSFederal solution, Google contends that it would offer a messaging solution with more functionality at far less cost, which features clearly would give Google a substantial chance for
award.
Finally, Plaintiffs have satisfied the requirement to demonstrate prejudicial harm resulting from DOT's actions. "A deprivation of an opportunity to compete is sufficient
economic harm to demonstrate prejudice for purposes of standing." Magnum Opus, supra, 94
Fed.C1. at 533, citing Distributed Solutions, 539 F.3d at 1345.
For the foregoing reasons, the Court should deny Defendant-Intervenor's Dismissal
Motion. Under the circumstances of this case and based on applicable precedent, Plaintiffs have
standing to file their protest and the Court has jurisdiction to decide this case.
III.
DEFENDANT'S PROCUREMENT ACTIONS VIOLATED STATUTORY AND REGULATORY REQUIREMENTS
The record establishes that, without doubt, DOT selected the Microsoft product in 2009,
long before any justifications were prepared as required by CICA and FAR Subpart 6.3 to use other than full and open competition for the procurement of a unified messaging solution.'2
Everything DOT did in 2010 assumes the validity of the 2009 selection of Microsoft
If that selection was improper, the whole house of cards
falls. Even if the Court lends credence to the
DOl in
It is obvious from the record that DOl's selection was role, however, to define DOT's minimum needs or to SOF ¶ 1. It is not determine that an exception to CICA's competition mandate is justified.
12
2010 to support its 2009 pre-selection, DOT's support for determining that only the Microsoft
BPOS-Federal solution will satisfy DOT's minimum needs lacks a rational basis for several
reasons.
-
First, DOl's market research was
Second,
DOT's alleged minimum need for an external private cloud for its messaging solution lacks a rational basis because, in actuality, the Microsoft computing and data storage cloud to be
furnished is
private and DOT did nothing to assess the security of a federal-government-only
community cloud versus that of a federal/state/local-government-only community cloud.
Moreover, despite repeated offers by Google, DOT never reviewed Google's FISMA package to
ascertain the security controls and processes implemented by Google to mitigate security risks. Had DOl done so as part of its market research, it would have learned that an independent auditor's report included the results of nearly 1,000 test cases performed against the Google Apps platform in addition to vulnerability and penetration testing, and found Google's overall level of operational risk to federal agencies to be "low." Finally, DOT's justifications cannot be deemed rational since the very product DOl is to obtain, BPOS-Federal, does not satisfy DOT's alleged minimum needs as reflected in the Risk Assessment and DOT's various justification
documents.
DOT and Microsoft have been collaborating closely and extensively for more than a year to implement DOT's improper sole-source procurement of a unified messaging solution, all the while as DOT was falsely assuring Google that a messaging solution had not been chosen and
that a full and open competition would be conducted. DOl's conduct should not be condoned by
the Court.
A.
Standard of Review
The Tucker Act, as amended by the Administrative Dispute Resolution Act, Pub. L. No. 104-320, § 12, 110 Stat. 3870, 3874 (Oct. 19, 1996), authorizes the U.S. Court of Federal Claims to review agency decisions under the standards of the Administrative Procedure Act, 5 U.S.C. §
706 (the "APA"). 28 U.S.C. § 149 1(b)(4). In a bid protest action, the Court may set aside an
agency decision that is "arbitrary, capricious, an abuse of discretion, or otherwise not in accordance with law." 5 U.S.C. § 706(2)(A); see Centech Group, Inc. y. United States, 554 F.3d
1029, 1037 (Fed. Cir. 2009). Under this standard, the Court may set aside a procurement if"(1)
the procurement official's decision lacked a rational basis; or (2) the procurement procedure involved a violation of regulation or procedure." Id. (quoting Impresa Construzioni Geom.
Domenico Garufi ("Impresa") y. United States, 238 F.3d 1324, 1332 (Fed. Cir. 2001).
When the Court reviews a challenge brought on the first ground, it is obliged "to determine whether the contracting agency provided a coherent and reasonable explanation of its
exercise of discretion." Impresa, 238 F.3d at 1332-1333 (citations omitted). "[TJhe
disappointed bidder thus bears a heavy burden of showing that the award decision had no
rational basis." Id. Furthermore, courts have set aside agency decisions where the agency
"entirely failed to consider an important aspect of the problem, offered an explanation for its decision that runs counter to the evidence before the agency, or is so implausible that it could not
be ascribed to a difference in view or the product of agency expertise." Ala. Aircraft Indus. Inc.Birmingham y. United States, 586 F.3d 1372, 1375 (Fed. Cir. 2009) (quotation marks and
citations omitted). "When a challenge is brought on the second ground, the disappointed bidder
must show a clear and prejudicial violation of applicable statutes or regulations." Impresa, 238
F.3d at 1333 (quotation marks and citations omitted).
Courts apply these same review standards when considering protests against solicitation
requirements alleged to be unduly restrictive of competition and in violation of CICA. E.g.,
CHE Consulting, Inc. y. United States, 552 F.3d 1351, 1354 (Fed.Cir. 2008). When considering whether an agency's restrictive specifications are reasonably necessary, this Court has observed: While the court "recognize{s] the relevant agency's technical expertise and experience, and defer[s] to its analysis unless it is without substantial basis in fact," Federal Power Comm 'n y. Florida Power & Light Co., 404 U.S. 453, 463, 92 S.Ct. 637, 644, 30 L.Ed.2d 600 (1972), the court must also perform an informed review of even technical decisions in order to meaningfully exercise its jurisdiction. Prineville Sawmill Co., Inc. y. United States, 859 F.2d 905, 910-11 (Fed. Cir. 1988). Furthermore, "[e]xpertise is a rational process and a rational process implies expressed reasons for judgment." Mid-State Fertilizer y. Exchange Nat'l Bank; 877 F.2d 1333, 1339 (7th Cir. 1989) (quoting Federal Power Comm 'n y. Hope Natural Gas Co., 320 U.S. 591, 627, 64 S.Ct. 281, 299-300, 88 L.kEd. 333 (1944) (Frankfurter, J., dissenting)). The court "must ensure that the agency has 'examin[ed] a satisfactory explanation for its action including a rational connection between the facts found and the choice made." Rainbow Navigation, Inc. y. Department of Navy, 783 F.2d 1072, 1080 (D.C. Cir. 1986) (Scalia, J.) (quoting Motor Vehicle Mfrs. Ass 'n y. State Farm Mut. Automobile Ins. Co., 463 U.S. 29, 43, 103 S.Ct. 2856, 2866-67, 77 L.Ed.2d 443 (1983) (citation omitted). Redland Genstar, Inc. y. United States, 39 Fed.Cl. 220, 231 (1997).
B.
DOl Pre-selected Microsoft in Violation of CICA and FAR Subpart 6.3
CICA requires federal agencies to "obtain full and open competition through the use of
competitive procedures" unless certain limited exceptions apply. 41 U.S.C. § 253(a)(1)(A).
FAR Subpart 6.3 implements CICA's requirements and describes the process to be followed by
agencies in order to properly invoke one of the limited exceptions. Agencies must justify in
writing the use of noncompetitive procedures, as required by the process laid out in FAR Subpart
6.3, prior to entering into a contract. A TA Defense Industries, Inc. y. United States, supra, 38
Fed.Cl. at 498.
This case is unusual in that the facts show that,
6.303-1, 6.303-2 and 6.304, DOl chose the Microsoft solution
SOFIJ2.
Then, for the next which all
other DOl users subsequently will be migrated pursuant to the contract awarded in response to
the RFQ. The record does not contain a
13
If it does not violate the letter of FAR Subpart 6.3, this DOl/Microsoft collaboration
clearly violates the spirit of those requirements. DOl determined in September 2009 that it
needed a single e-mail system furnished by an external service provider, and it identified the
Microsoft product as that single e-mail system. SOF ¶ 2. There is
or
that explains why Microsoft is the "only responsible source" of, or has a "unique capability" to provide, a single e-mail system.
13
The numerous
This Court and the Federal Circuit (and its predecessor) have recognized the existence and enforceability of implied-in-fact contracts where the requisite factors have been met. E.g., BioFunction, LLC y. United States, 92 Fed.Cl. 167, 172 (2010), citing Sommers Oil Co. y. United States, 241 F.3d 1375, 1378 (Fed. Cir. 2001); see also Russell Corp. y. United States, 537 F.2d 474, 482 (Ct.Cl. 1976). Moreover, there may be a
Nor is there a
). The only "justifications" for
DOT's selection of the Microsoft product were its previous establishment of "Microsoft Exchange as the agency standard" and
." SOFJ2.
These are not legally-sufficient justifications for avoiding CICA's requirement for full and open competition. The fact that DOT standardized to the Microsoft Office suite in 2002, or to Microsoft Outlook in 2006, does not dictate a "once Microsoft, forever Microsoft" result. While Microsoft's products likely were the industry standard in 2002, technological advancements in the computing industry have exploded and new, capable competitors have
entered the market since then. Moreover, since most organizations have been using one or more
Microsoft products because there used to be few alternatives, competitors such as Google have
made their software products compatible with Microsoft applications. It is also noteworthy that,
according to DOT's
,
the majority of DOT's bureaus and users were
ARTab33,p. 1097("
'). Finally, since DOT
made no attempt to
In sum, DOT's decision in September 2009 that only the Microsoft messaging solution would satisfy DOT's need for a unified secure e-mail system was clearly contrary to law. The
Court could - and we believe should - end its inquiry here. Even if the Court were to conclude
that DOT complied with the requirements for a properly-authorized, written justification because
it did so prior to the award of any contract, DOT' s
are nonetheless
factually and legally flawed.
C.
DOl's Post Hoc Actions And Justifications Were Tailored To Support Its Improper Pre-Selection And Were Not Rationally Based
The logical gaps and inconsistencies in the AR prove that DOI's alleged market research
and its resulting Risk Assessment were transparent byproducts of DOT' s pre-selection of the
BPOS-Federal community cloud. The contractually stated "objective" of the firm conducting
market research for DOT was
,
and DOT's
additional market research simply consists of
Even when DOl eventually conducted its "Risk Assessment" - __________ the assessment
repeatedly referenced sources out of context and applied the CSA "framework" illogically. As a result, DOl failed to consider whether Google's government community cloud actually posed any more security risk than Microsoft's government community cloud. Furthermore, DOT's
selection of BPOS-Federal arbitrarily sacrifices DOI's underlying concerns for enhanced security
(i. e., demonstrated FISMA compliance) as well as its alleged "need" for a federal-government-
only cloud because it is ultimately obtaining a messaging solution with some elements hosted in
public clouds. These compromises were made for a simple reason, namely, to conform to what
Microsoft could provide.
1.
DOl's Post Hoc Market Research
a misleading story about
DOl's
DOT' s market research, explaining that DOl tasked
SOF ¶ 26. The AR tells a different story.
Section Two of
Statement of Work clarifies the "Objective" of its contract with DOl:
AR Tab 36, p. 1173. This leaves no doubt that DOT merely contracted with
to create a paper trail to support the decision already made by DOT to procure the
Microsoft solution. This alone undermines the value of any purported "research" by
makes DOT's motives in creating "extensive" research utterly transparent.
and
Given the objective of its task, it is not surprising that
provided DOT with U
.SOF
¶ 25 In
brief analysis (including the cover and appendix),
AR Tab 12, p. 171. The only Id., p. 172. Even with respect to its review of Microsoft's
BPOS offering,
." Id., p. 171. Microsoft's solution is not
FISMA-certified and, thus,
.Id.
In addition to the
analysis, DOl claims it conducted its own market research by
reviewing industry and government reports on cloud computing. AR Tab 15, p. 756.
Surprisingly, DOT did not prepare an analysis of these reports and how they guided DOl's
product selection; instead, DOl
that
superficially supported DOl's determination that it required a private cloud. DOl produced a
plethora of third-party reports in the AR, which mostly provide generic considerations for technology professionals but certainly do not compare the security of Google's government
cloud model against Microsoft's government cloud model. E.g., AR Tab 14A (
); Tab 14B
). Only one report,
discussion on specific cloud models. AR Tab 14U, p. 424 ("
, comes close to a relevant
j'). However, that report was issued in June 2009, several months
before Google's or Microsoft's government clouds were even announced. Moreover, the report
Another
report discusses general risks that are unique to all governmental
entities, but never indicates that sharing a cloud with state or local governments creates
additional risk. AR Tab 14R, p. 293. Indeed, under the heading" y. AR Tab l4R, p. 298, Note 2 (
)14
Similarly, the summary notes of DOT's
discussions
AR Tab l4,pp. 175-185.
The
reports also include a few general discussions on Google, but there are no
analyses or commentaries stating that a cloud including state and local government customers
increases security risk. See Tab 14AA (
Tab 14FF (a
); Tab 14HH
). Thus, DOT's alleged "extensive" market research avoided any analysis of Google's government cloud, its features, or its FISMA-certified
security controls. Consequently, DOT' s market research failed to examine all relevant data and it
failed to articulate "a satisfactory explanation for its action including a rational connection
betwečn the facts found and the choice made." Redland Genstar, Inc. y. United States, supra, 39
Fed.Cl. at 231 (holding that agency' s restrictive specification was invalid because, inter alia, the reports and analyses relied upon by the agency did not support the choice made by the agency). report included in the AR that includes substantive commentary on The only other ovemment cloud computing is at Tab 14JJ. That report lists
2.
DOT's Requirement for a Federal-Government-Only Cloud (Often Mistakenly Referred To As A Private Cloud)
DOT supposedly eliminated Google from consideration because
market research
concluded that Google did not offer a "private cloud." SOF ¶ 25. DOT's Risk Assessment and justifications identified DOI's actual requirement as a "data storage [and computing]
infrastructure that is solely dedicated to DOT or DOT and other Federal government customers
only." AR Tab 11, p. 156; Tab 15, p. 755; Tab 27, p. 847. As demonstrated below, DOT
irrationally and arbitrarily conducted its Risk Assessment to reach this "minimum need" well
after it had chosen and contracted for the Microsoft product. Even more importantly, however,
DOT's stated requirement is not for a private cloud; rather, it is for a government community
cloud, an infrastructure that is not rationally distinguishable from the infrastructure offered by Google's government community cloud.
i.
Types of Computing Clouds
Defendant and Defendant-Intervenor imprecisely refer throughout their briefs to DOT' s requirement for an infrastructure that is shared by DOT and other Federal government customers
as one for a "private cloud." Def. Opp. at pp. 6, 18, 19, 24, 28, 30 (and in several headings); Tnt. Opp. at pp. 8, 18-20. Tn so doing, Defendant and Defendant-Intervenor have blurred the distinctions among defined cloud models in order to make the reports which compare "private" and "public" clouds appear relevant and, ultimately, to lend support to DOT's decision to reject Google's government cloud solution. As defined by NIST, there are four different types of cloud models:
Private cloud. The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise.
Communily cloud. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise.
Public cloud. The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. Hybrid cloud. The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds).
AR Tab 14V, p. 437; Tab 11, p. 162; Def. Opp. at p. 6.
If DOl had defined a need for an infrastructure that was solely dedicated to DOT, it would
be requiring a "private cloud." Although the BPOS-Federal solution might be available for
purchase in a "private cloud," DOl' s requirement was not so limited. Since DOT allows the infrastructure (owned and managed by Microsoft) to be shared among any Federal government
customers, it is procuring a "community cloud." By comparison, Google Apps for Government
shares its infrastructure among Federal, state and local government customers of Google, a
limited community with common security and privacy concerns. Thus, Google Apps for
Government is also a "community cloud."
Defendant' s and Defendant-Intervenor' s attempts to mischaracterize the cloud model being procured by DOT and to then compare public and private clouds to support the pre-
selection of the Microsoft product are misleading and irrelevant. The record shows that DOT
never considered whether Google's community cloud product would satisfy DOI's essential
needs.
ii.
DOT's Risk Assessment
DOl conducted the Risk Assessment at Tab lito establish its need for a cloud that shares
infrastructure among only DOT and other Federal government customers. As the record reflects, this Risk Assessment represents nothing more than a post hoc justification for a choice made
long before its creation. The Risk Assessment was completed on
C.J,SOFJ
17 ( 12 (
), SOF ¶ 24 (dated June 29, 2010), SOF ¶
). Oddly, the Risk Assessment was completed SOF ¶ 25. Consequently, there
is no way
Finally, the Risk Assessment post-dated DOT's wherein the Microsoft solution was pre-selected
Turning to the substance of the report, DOI's Risk Assessment selectively quotes
statements, and takes others out of ňontext, in the
so as to
render questionable the value of the conclusions reached by DOT. For example, under the
heading"
," DOT cites a
e. DOT's Risk Assessment reads:
AR Tab 11, P. 163. However, that
,
included at Tab 14W, shows that DOT, for
reasons that are obvious now, omitted the statement between the two quoted above, which reads:
''
." AR Tab 14W, p. 472.'
The Risk Assessment goes on to state that"
." AR Tab 11, p. 163. The
quotation that follows simply does not support DOT's assertion. DOT quotes
." Id. However, the context of that quote
in the
at Tab i 4R makes it clear that
AR Tab 14R, p.
295.16
15
The Risk Assessment cites this document as
." ARTab 14W, p. 441.
16
The pattern of takin: suotes out of context is .revalent throu:hout the Risk Assessment. DOl uotes a
h by omitting the next sentence which
reads:
AR Tab 1411, P.
686. And again,
The only time the Risk Assessment mentions Google is when it references
ARTab11,p. 162("
"). It does not discuss Google's
Even the CSA "framework" applied by DOl to analyze its risk tolerance was applied incorrectly. Proper utilization of the CSA's framework would have required DOT to
AR Tab 14Y, pp. 549-5 50 ("e
"). This expected in-depth analysis would have allowed
DOT to determine whether, for example,
Instead of following the CSA guidelines, DOl
SeeARTab "pp. 159-161. TheresultwasthatDOl
unnecessarily and illogically determined that
The point of CSA's Step Three is to choose an
acceptable cloud model for each asset (AR Tab 14Y, p. 550 ("
)); however, DOT
." The
," which DOl concluded was not
compatible with DOl's "appetite for risk." AR Tab 11, pp. 165-166. There is no substantive
explanation accompanying this
selection.
Thus, the many flaws and omissions in the Risk Assessment are explained by DOT's
obvious goal
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
