Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.
Oracle America is telling a federal court that the Defense Department violated federal procurement laws and regulations in at least seven significant ways when it designed its multi-billion dollar JEDI Cloud computing contract.
As a result, the court should order DoD to revise its request for proposals before it’s allowed to make an award, attorneys for the tech firm said.
The arguments largely echo the complaints Oracle lodged with the Government Accountability Office in an earlier, unsuccessful pre-award bid protest.
But in its lawsuit – filed last Friday and unsealed by the U.S. Court of Federal Claims on Monday – the company said GAO had been too deferential to the defenses DoD offered in that prior proceeding, including its claims that a single-award contract was justified for reasons of national security, cost and speed.
Oracle says single-award decision violated law
Oracle, Microsoft, and several industry associations have argued that the Pentagon’s decision to award the up-to-$10 billion contract to only one company was imprudent, since it would lock in one vendor for up to a decade and deprive the military of the benefits of competition.
But in its filing, Oracle also asserted the single-award decision was patently illegal.
“This is a straight statutory construction issue; it is not a matter of deference or national security as claimed by DoD,” attorneys for the company wrote in the complaint. “Congress has prohibited the very contract approach DoD has implemented.”
Lawyers were referring to a federal law that requires agencies to grant multiple awards whenever possible if they’re issuing large indefinite-delivery/indefinite-quantity (ID/IQ) contracts.
There are some exceptions to that rule, and DoD believes it satisfied one of them when Ellen Lord, the undersecretary for acquisition and sustainment, signed written findings saying the department would only be issuing task orders at firm, fixed prices that would be set at the time of the contract award. And since those prices would have been set after a competition with other vendors, the government could be assured it was getting fair prices, the department reasoned.
But Oracle said that argument simply isn’t true, partly because the contract also explicitly requires the winning bidder to adjust its prices to align with what it’s offering to business customers over the course of up to the next 10 years.
One clause “will require the awardee to regularly add (as frequently as daily or weekly) its new commercial offerings onto the JEDI Cloud at yet undetermined prices, and contemplates the awardee working with DoD to develop new classified offerings — none of which offerors in the JEDI Cloud competition will specify or price in their proposals,” according to the complaint.
Suit objects to DoD gate criteria
Separately, Oracle claims it was unfairly shut out of a fair chance of winning the contract because the department deliberately set up “gate criteria” that only two large cloud companies – Amazon and Microsoft – could possibly hope to satisfy, even though the department’s own market research showed its cloud requirements could be served by multiple companies.
To pass through those gates and be considered for the JEDI award, companies need to show, among other things:
That they had a large enough commercial cloud business as of January that the DoD contract wouldn’t make up a majority of their cloud sales.
That they already operate at least three infrastructure-as-a-service and platform-as-a-service data centers in the continental U.S. that can fail-over to one another if one goes down. Each would need to be certified by the government’s FedRAMP program at the “moderate” level at the time of contract award.
That they already have own “marketplaces” of third-party vendor applications to run on top of their cloud services.
Oracle contends that some of those requirements go beyond the department’s actual needs, are barred by the Competition in Contracting Act, or, in the case of the first gate criteria, that bidders shouldn’t be measured against the cloud services they were offering more than a year before the department could possibly hope to issue any orders against the contract.
To back that up, the complaint offered what Oracle said was evidence of conflicts of interest involving two defense officials who helped spearhead the procurement: A chief of staff to the deputy secretary of Defense who’d previously been an AWS consultant, and a member of the Defense Digital Service who planned JEDI’s requirements. That employee had previously worked for AWS, and returned to the company as a general manager in 2017.
With regard to the former DDS official, Oracle claimed the department hadn’t done nearly enough to probe a potential conflict of interest; the JEDI contracting officer’s investigation fit on a single page, it said.
Oracle describes attacks on multi-cloud supporters
The company also reproduced documentary evidence it had obtained through its GAO protest that it characterized as “attacks” on other defense personnel or industry groups who were pushing for a multi-cloud approach to JEDI.
In Slack messages quoted in the court complaint, the former DDS employee mocked one senior defense IT official, calling her a “dum dum” after she had apparently expressed satisfaction with Microsoft cloud services. In others, he appeared to respond with vulgar dismissals to an industry group’s presentation that summarized previous government research and experience with cloud acquisition strategies.
In testimony to GAO arbiters, the department said its contracting officer would “continue to comply with her conflict of interest duties concerning this acquisition.”
The Pentagon contended any potential conflict of interest issues shouldn’t stand in the way of the procurement, and that it would investigate the matter further, “if appropriate,” before it makes a contract award. It also minimized the DDS official’s involvement, saying he only worked on the JEDI procurement for seven weeks.
GAO did not foreclose the possibility that there was a conflict of interest, but said the matter is irrelevant until and unless AWS wins the contract and a protestor can show that a conflict actually played a role in the final decision.
DoD’s answer to Oracle’s court complaint is not due until Feb. 4.
DoD says multi-award more expensive, lengthy
In the earlier GAO protest, the department successfully fought back the Oracle challenge by arguing it had wide latitude to make procurement decisions on national security grounds, and that a multiple-award strategy would only cost the government more time and money.
“Managing security and data accessibility between clouds creates seams that increase security risk for multiple reasons,” the JEDI contracting officer told GAO. “Crossing clouds requires complex manual configuration that is prone to human error and introduces security vulnerabilities…Systems in different clouds, even when designed to work together, require complex integration. Connections that are not correctly configured and managed at both endpoints introduce new attack vectors … I find that multiple awards increase security risks.”
And on cost and schedule grounds, the department said a single-award contract was imperative when it comes to getting modern cloud services to the tactical edge as quickly as possible, and to integrate the various cloud services and legacy systems it already has in place.
“Doing that for a single solution provided to the department by either a vendor or a team of vendors is a big lift already.Trying to do that for multiple solutions, with the department operating as the integrator, would be exceedingly complex,” said Tim Van Name, the DDS deputy director. “Part of this effort is to work with the winner of the JEDI Cloud contract, so that we can help the department better understand the risk [it is] accepting, better manage that risk, but also do so in a more timely manner, so that our war fighters get access to applications and services much faster. Trying to do that with one vendor is a thing, I think, the department knows how to do. It’s going to take a considerable amount of our technical experts. Trying to do that with multiple vendors simultaneously, I just don’t think we have the technical expertise to do that well.”