In most mid-size and larger companies, the IT department will have a set of policies of what is acceptable and what is not acceptable software for employee computers. Some companies are as rigid as a steel girder, allowing nothing to be installed if it doesn’t come from a Windows Active Directory server. Others might be a little more permissive, allowing employees to use Firefox instead of Internet Explorer, for example.
And then there’s your government.
A Congressional panel held hearings this week on a proposed law that would, in part, ensure peer-to-peer file sharing applications do not compromise the security of federal government computers. The law is H.R. 4791, the Federal Agency Data Protection Act.
It’s actually somewhat complicated. The Office of Management and Budget (OMB) mandates that all data be encrypted and government systems use 2-factor authentication, but not all agencies have acted.
Shortly before this past Christmas, Rep. William Clay (D-Mo.) introduced the bill to provide guidance to agencies on how to comply with the OMB mandates. As part of that guidance, rules about running P2P software have become a part of the bill.
[cob:Related_Articles]Clay is chairman of the House Oversight and Government Reform Committee’s Information Policy, Census and the National Archives Subcommittee. The bill would require agencies to develop policies to identify and protect sensitive information and come up with a procedure for dealing with data breaches.
Congress has been turning a wary eye on P2P technologies lately. Last July, Congressman Henry Waxman (D-Calif.), chairman of the Oversight Committee, grilled LimeWire CEO over just how much data LimeWire exposes to the outside world. LimeWire is a P2P file sharing site similar to Napster and Kazaa
“It is truly chilling to think of what private information an organized operation or a foreign government could acquire with additional resources,” Waxman said.
On that, he and Gartner senior analyst Avivah Litan are in agreement. “I know that consumers that have LimeWire on their PCs are pretty much dead ducks, because a criminal can get right in and take over the PC. It’s like a wide open door, telling the world ‘come see what’s on my hard drive’,” she told InternetNews.com.
But she doesn’t understand why there has to be federal legislation to do what most companies do by edict. “I don’t think we need more regulations, we just need regulators that are awake, and it’s probably a good idea for them to stay out of technology mandates,” she said. “The laws are to hold agencies and regulators accountable, not telling them how to do their job.”
A request for comment from Congressman Clay’s office was not available at press time.