Saturday, November 21, 2009

Proposed Law Seeks To Ban P2P Networks By Federal Workers

Via Dark Reading -

Following a leaked document that disclosed ethics investigations of members of Congress on a file sharing network, the chairman of the House Oversight and Government Affairs Committee has introduced a bill that would ban the use of public peer-to-peer networks by federal employees.

The Secure Federal File Sharing Act, introduced by Rep. Edolphus Towns, D-N.Y., would require the Office of Management and Budget to prohibit the use of P2P software like BitTorrent or Limewire on government computers and networks and to set policies on home use by federal employees who telework or remotely access government networks.

P2P programs are a popular way to share music, movies, and other digital content. Part of the problem is that, when not properly configured, they can also expose personal documents stored on PCs and laptops, making the documents widely available to anyone on the P2P network. (See "Your Data And The P2P Peril.")

Under the bill, in order to use file-sharing networks, an agency head or CIO would have to make a special request to use P2P software. The bill would ban software that accesses P2P networks in which "access is granted freely, without limitation or restriction, or there are little or no security measures in place."

Agencies will have to establish P2P use policies, require that employees and contractors comply with them, and create security mechanisms to detect and remove prohibited software. OMB will be required to inventory P2P use in government and justify every use to Congress.

The possibility of a bill banning federal government use of public P2P networks has been building. The House last year passed a bill that would have required agencies to set security policies around P2P use, but the bill was never passed by the Senate. Towns first called for a ban this summer, after P2P monitoring company Tiversa testified that it discovered the location of a Secret Service safe house for the First Family on Limewire.

In October, Tiversa provided the House Oversight and Government Reform committee with evidence that secret military documents on P2P networks had been downloaded in China and Pakistan and that personally identifiable information on U.S. soldiers was widely available. Earlier this year, Tiversa discovered the electronic schematics of Marine One, the President's helicopter, on computers in Iran, after being leaked over P2P by a defense contractor. Tiversa and others testified to similar findings, including leaks of classified and secret data, in a hearing in 2007.

The risks of file sharing over P2P resurfaced last month when a source provided the Washington Post with a confidential House ethics committee report that had been exposed on a P2P network by a staffer who has since been fired. Late last month, Speaker Nancy Pelosi, D-Calif., and House Minority Leader John Boehner, R-Ohio, ordered a review on Congressional storage of confidential data.

"We can no longer ignore the threat to sensitive government information that insecure peer-to-peer networks pose," Towns said in a statement. "Voluntary self-regulations have failed, so now is the time for Congress to act."


Better late than never....

No comments:

Post a Comment