Bill would make P2P software a no-no for fed systems

Feds, contractors generally wouldn't be able to use file-sharing programs on government systems, networks

Government employees and contractors would generally be prohibited from installing or using open-network popular peer-to-peer (P2P) file-sharing software on all federal computers, systems and networks under a bill in the House.

The measure, introduced Nov. 17 by Rep. Edolphus Towns (D-N.Y.), chairman of the Oversight and Government Reform Committee, would require the Office of Management and Budget (OMB) to come up with guidance for the P2P ban within 90 days of the bill’s enactment. OMB would also have to develop guidance for the use of the software by employees or contractors on home computers used to telework.

Commercial P2P programs let users easily share videos, music and other data but have also been used to extract sensitive information from users' computers without the victims' knowledge. The “open network” P2P programs on which the bill focuses are software to which access is granted freely, without limitation or restriction, and that has little or no security.

The problem hit home on Capitol Hill recently when a confidential document that listed ongoing investigations of lawmakers’ activities made its way from the secretive House Ethics Committee into newspaper headlines. The document was inadvertently disclosed by a committee staffer who used P2P software while working from home.

Even before the recent breach, some lawmakers had considered P2P networks as a potential problem. They worried that personal bank records and tax forms, attorney-client memos, sensitive corporate documents, government emergency response plans, and military operation orders are available on the networks.

Another bill designed to protect the public from the risks to security and privacy associated with computer-to-computer file-sharing programs was introduced in the House during March.

“The file-sharing software industry has shown it is unwilling or unable to ensure user safety,” Towns said in his prepared closing statement for a July hearing. “It’s time to put a referee on the field.”

Under the measure, OMB would have to require agencies to have policies consistent with its guidance for P2P software, ensure proper training, and put in place the proper security to restrict the prohibited software. Agencies would also have to require the contractors comply with OMB's guidance on P2P networks.

In addition, OMB would develop a procedure through which agencies could make requests to use P2P software programs that are:

  • Necessary for the day-to-day business operations of the agency,
  • Instrumental for a project that directly supports the agency’s overall mission.
  • Necessary for use between federal, state, or municipal government agencies to do official business.
  • Required during a law enforcement investigation.

OMB would also have to submit to Congress an annual report to justify any approved exceptions to the P2P ban and a list of agencies that use the programs.

About the Author

Ben Bain is a reporter for Federal Computer Week.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.

Featured

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

  • Shutterstock image.

    Merged IT modernization bill punts on funding

    A House panel approved a new IT modernization bill that appears poised to pass, but key funding questions are left for appropriators.

  • General Frost

    Army wants cyber capability everywhere

    The Army's cyber director said cyber, electronic warfare and information operations must be integrated into warfighters' doctrine and training.

  • Rising Star 2013

    Meet the 2016 Rising Stars

    FCW honors 30 early-career leaders in federal IT.

Reader comments

Thu, Nov 19, 2009 Fred D.C.

The file-sharing industry is not responsible for user safety. That is an obligation of the person(s) who have or have access to sensitive information. P2P software has no business on government machines and sensitive documents taken home have no business on a personal machine that is not secured at the same level as their work machine. The committee staffer should be held responsible for irresponsible behavior.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group