The U.S. House of Representatives approved legislation Wednesday that requires federal agencies to develop and implement security plans to protect their network systems from the risks posed by peer-to-peer (P2P) file sharing. No comparable legislation has been introduced in the Senate.
Both the House and the Senate have already implemented security measures against P2P security threats through both technical and non-technical means, including firewalls and employee training. The Government Network Security Act of 2003 (H.R. 3159) would give Executive Branch agencies six months to take similar steps.
The federal government uses and stores a wide variety of classified and sensitive information, including information vital to national security, defense, law enforcement, economic markets, public health, and the environment. Government computers also contain personal and financial information of U.S. citizens and businesses.
Installation of P2P software on government computers can expose this sensitive information to the public.
“We learned (through hearings held in May) that using these programs can be similar to giving a complete stranger access to your personal file cabinet,” said bill co-sponsor Tom Davis (R-Va.) said. “Needless to say, file sharing programs create a number of risks for federal departments and agencies if they are installed on government computers. Because files are shared anonymously on peer to peer networks, there is also a risk of the spread of viruses, worms, and other malicious computer files.”
Davis’ Committee on Government Reform issued a staff report in May showing how through a “couple of simple searches” of the most popular P2P programs, personal information such as tax returns, medical records, and confidential legal documents and business files were found.
Instead of banning P2P networks on government computers, a Davis spokesman told internetnews.com in Sept., “We didn’t want to be that draconian.” Neither the legislation, the staff committee report nor the Davis spokesman could site how many government computers have P2P software installed.
The legislation contains language that states, “Innovations in peer-to-peer technology for government applications can be pursued on intragovernmental networks that do not pose risks to network security.”
“File sharing technology is not inherently bad, and it may turn out to have a variety of beneficial applications,” Davis said Wednesday. “H.R. 3159 recognizes this by protecting the ability of federal agencies to pursue innovations in peer-to-peer technology on government networks, as long as they do not put government information or computers at risk. This bill takes a common sense approach to protect the computers and networks of the federal government and the valuable information they contain.”