Towns introduces bill banning feds from using file-sharing software
Prohibition aims to stop inadvertent leaks of sensitive government information, but OMB could grant permission to use programs if agencies need them for business operations.
The chairman of the House Oversight and Government Reform Committee introduced a bill on Tuesday afternoon that would ban federal agencies and contractors from installing file-sharing software on computers.
The measure, introduced by Rep. Edolphus Towns, D-N.Y., instructs the Office of Management and Budget to issue within 90 days of the bill's passage a guidance prohibiting the use of peer-to-peer software on federal networks, which has been the cause of some sensitive information being stolen off its computer systems. OMB also would establish procedures for agencies to seek permission to use the software, a process that would be decided on a case-by-case basis.
"The goal of the bill is to address the threat that P2P software poses to sensitive government information," said a committee staffer. "The chairman has been vocal about this issue for some time, and while the industry has done its best to self-regulate, it is clear that they've come up short. It's important that we also get the force of law behind this issue and ensure that OMB is fully aware of which agencies are using this software and for what purpose."
According to a draft copy of the bill that Nextgov obtained, the guidance would "prohibit the download, installation or use by government employees and contractors of open network peer-to-peer file-sharing software on all federal computers, computer systems and networks, including those operated by contractors on the government's behalf."
Exceptions could be made in instances where the software programs are necessary for an agency's business operations; the completion of a particular task or project that supports an agency's mission; collaboration among federal, state or local agencies; or to advance law enforcement investigations. The bill instructs OMB to issue official procedures for how agency heads or chief information officers can request exemptions.
The mandate also would apply to home computers that employees and contractors use to telecommute or for other government-related tasks.
P2P software allows computer users to exchange files, most commonly songs and video clips, directly from other computer users who have downloaded the file-sharing software. But P2P applications, if not configured properly, can give outsiders access to other folders on a hard drive that contain information not intended for the general public. File-sharing users often are unaware the software can allow the public to access other files.
Peer-to-peer software has led to numerous instances in which government data was leaked to the public. In November, P2P software was the reason an internal congressional report about House members' possible ethics violations was inadvertently released . The disclosure of the information led House Speaker Nancy Pelosi, D-Calif., and Minority Leader John Boehner, R-Ohio, to announce plans for "an immediate and comprehensive assessment of the policies and procedures for handling sensitive data."
In February, the blueprints and avionics for the president's helicopter were found on a file server in Iran. The source of the information was traced back to a defense contractor in Bethesda, Md.
Towns first announced plans to introduce a bill banning P2P software during a hearing in July. "The risk is simply too great to ignore," he said.
The measure would be in keeping with some security specialists' recommendations that agencies prohibit employees from downloading the applications, but other security professionals argue that banning the software won't solve the problem because individuals employees will still violate policy.
NEXT STORY: The Checks Aren't in the Mail