Bill would make P2P software a no-no for fed systems

Feds, contractors generally wouldn't be able to use file-sharing programs on government systems, networks

Government employees and contractors would generally be prohibited from installing or using open-network popular peer-to-peer (P2P) file-sharing software on all federal computers, systems and networks under a bill in the House.

The measure, introduced Nov. 17 by Rep. Edolphus Towns (D-N.Y.), chairman of the Oversight and Government Reform Committee, would require the Office of Management and Budget (OMB) to come up with guidance for the P2P ban within 90 days of the bill’s enactment. OMB would also have to develop guidance for the use of the software by employees or contractors on home computers used to telework.

Commercial P2P programs let users easily share videos, music and other data but have also been used to extract sensitive information from users' computers without the victims' knowledge. The “open network” P2P programs on which the bill focuses are software to which access is granted freely, without limitation or restriction, and that has little or no security.

The problem hit home on Capitol Hill recently when a confidential document that listed ongoing investigations of lawmakers’ activities made its way from the secretive House Ethics Committee into newspaper headlines. The document was inadvertently disclosed by a committee staffer who used P2P software while working from home.

Even before the recent breach, some lawmakers had considered P2P networks as a potential problem. They worried that personal bank records and tax forms, attorney-client memos, sensitive corporate documents, government emergency response plans, and military operation orders are available on the networks.

Another bill designed to protect the public from the risks to security and privacy associated with computer-to-computer file-sharing programs was introduced in the House during March.

“The file-sharing software industry has shown it is unwilling or unable to ensure user safety,” Towns said in his prepared closing statement for a July hearing. “It’s time to put a referee on the field.”

Under the measure, OMB would have to require agencies to have policies consistent with its guidance for P2P software, ensure proper training, and put in place the proper security to restrict the prohibited software. Agencies would also have to require the contractors comply with OMB's guidance on P2P networks.

In addition, OMB would develop a procedure through which agencies could make requests to use P2P software programs that are:

  • Necessary for the day-to-day business operations of the agency,
  • Instrumental for a project that directly supports the agency’s overall mission.
  • Necessary for use between federal, state, or municipal government agencies to do official business.
  • Required during a law enforcement investigation.

OMB would also have to submit to Congress an annual report to justify any approved exceptions to the P2P ban and a list of agencies that use the programs.

About the Author

Ben Bain is a reporter for Federal Computer Week.


  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.