Healthcare // Analytics
News
11/18/2009
11:22 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Bill Would Ban P2P Use By Federal Employees

Proposed legislation would prohibit use of P2P software like BitTorrent or Limewire on government computers and set policies for employees and contractors.

Following a leaked document that disclosed ethics investigations of members of Congress on a file sharing network, the chairman of the House Oversight and Government Affairs Committee has introduced a bill that would ban the use of public peer-to-peer networks by federal employees.

The Secure Federal File Sharing Act, introduced by Rep. Edolphus Towns, D-N.Y., would require the Office of Management and Budget to prohibit the use of P2P software like BitTorrent or Limewire on government computers and networks and to set policies on home use by federal employees who telework or remotely access government networks.

P2P programs are a popular way to share music, movies, and other digital content. Part of the problem is that, when not properly configured, they can also expose personal documents stored on PCs and laptops, making the documents widely available to anyone on the P2P network. (See "Your Data And The P2P Peril.")

Under the bill, in order to use file-sharing networks, an agency head or CIO would have to make a special request to use P2P software. The bill would ban software that accesses P2P networks in which "access is granted freely, without limitation or restriction, or there are little or no security measures in place."

Agencies will have to establish P2P use policies, require that employees and contractors comply with them, and create security mechanisms to detect and remove prohibited software. OMB will be required to inventory P2P use in government and justify every use to Congress.

The possibility of a bill banning federal government use of public P2P networks has been building. The House last year passed a bill that would have required agencies to set security policies around P2P use, but the bill was never passed by the Senate. Towns first called for a ban this summer, after P2P monitoring company Tiversa testified that it discovered the location of a Secret Service safe house for the First Family on Limewire.

In October, Tiversa provided the House Oversight and Government Reform committee with evidence that secret military documents on P2P networks had been downloaded in China and Pakistan and that personally identifiable information on U.S. soldiers was widely available. Earlier this year, Tiversa discovered the electronic schematics of Marine One, the President's helicopter, on computers in Iran, after being leaked over P2P by a defense contractor. Tiversa and others testified to similar findings, including leaks of classified and secret data, in a hearing in 2007.

The risks of file sharing over P2P resurfaced last month when a source provided the Washington Post with a confidential House ethics committee report that had been exposed on a P2P network by a staffer who has since been fired. Late last month, Speaker Nancy Pelosi, D-Calif., and House Minority Leader John Boehner, R-Ohio, ordered a review on Congressional storage of confidential data.

"We can no longer ignore the threat to sensitive government information that insecure peer-to-peer networks pose," Towns said in a statement. "Voluntary self-regulations have failed, so now is the time for Congress to act."

Even before the ethics committee leak, use of P2P software was banned on Congressional computers, but the leak was apparently inadvertent and came from the ex-staffer's home computer, according to reports. "No matter how robust our cybersecurity systems are, they remain subject to individual error," the House Committee on Standards of Official Conduct said in a statement last month.



Unified computing platforms promise to consolidate everything and anything into a single chassis. Find out about that and more in Network Computing's second all-digital issue. Download the issue here (registration required).

Comment  | 
Print  | 
More Insights
Big Love for Big Data? The Remedy for Healthcare Quality Improvements
Big Love for Big Data? The Remedy for Healthcare Quality Improvements
Healthcare data is nothing new, but yet, why do healthcare improvements from quantifiable data seem almost rare today? Healthcare administrators have a wealth of data accessible to them but aren't sure how much of that data is usable or even correct.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.