Secure Federal File Sharing Act Explained

Short Title:Secure Federal File Sharing Act
Legislature:United States Congress
Enacted By:House of Representatives
Enacted By2:Senate
Bill Date:November 17, 2009, 111th United States Congress
Introduced By:Representative Edolphus Towns (D-NY10)
Committee Report:H. Report 111-431

The Secure Federal File Sharing Act, also known as H.R. 4098, was a bill that has been under review by the United States Senate since March 25, 2010. The legislation originated in the U.S. House of Representatives on November 17, 2009, as a part of the 111th Congress. The bill sought to impose additional restrictions and requirements regarding the use of peer-to-peer filesharing by employees of and contractors to the United States government.

The bill passed in the House of Representatives by a roll call vote on March 24, 2010, and has been referred to the Committee on Homeland Security and Governmental Affairs.[1] It was not approved by the Senate and died with the sine die adjournment of the 111th Congress.

Purpose and description

The Secure Federal File Sharing Act was proposed in response to leaks of highly sensitive United States government information (which includes a list of ongoing House Ethics Committee investigation, information about U.S. military programs and troops, and wiring schematics for a Marine One helicopter[2]) found on various filesharing programs in early 2009.[3] [4]

The proposed act sought to limit the use of open-network peer-to-peer filesharing by government employees and contractors by official permission.[5] Restrictions would not only apply to federal computer systems and networks but also to home and personal computers of employees. Under the Act, the heads or chief information officers of agencies must request and receive permission before employees can use specific peer-to-peer filesharing programs for job-related tasks.[6]

The proposed Secure Federal File Sharing Act sought to establish a policy that would require, within 180 days of its enactment, the Director of the Office of Management and Budget must update agency policies to comply with the act (which includes the implementation of security controls to prevent, detect, and remove file sharing software from federal computers, systems, and networks within this time frame). Additionally, the act would require the Director to give annual reports on agencies that use filesharing programs and the justification for each use.[6] The Congressional Budget Office estimated that the administration of the law will cost a total of $10 million dollars over the 2011–2014 U.S. fiscal years,[7] or $0.09 per American citizen over this three-year period.[8]

Process

Introduced in the House by Representative Edolphus Towns (D-NY10) on November 17, 2009, as H.R. 4098, the Secure Federal File Sharing Act was referred to the House Committee on Oversight and Government Reform and placed on the Union Calendar on March 11, 2010. On March 23, 2010, Representative Towns moved to suspend the rules and pass the bill by a roll call vote (House Vote #183 in 2010), which occurred following forty minutes of debate.[9] The results of the vote yielded 408 Ayes, 13 Nays, and 8 Present/Not Voting.[10]

The bill was introduced into the Senate on March 25, 2010, and referred to that chamber's Committee on Homeland Security and Governmental Affairs. On June 14, 2010, Senator Claire McCaskill (D-MO) introduced a companion bill, S.3484, to H.R. 4098. This bill was read and referred to the Senate Committee on Homeland Security and Governmental Affairs.[11]

File sharing report; criticism

On May 10, 2010, MeriTalk, a U.S. government IT network, released a report on federal file sharing in which 200 federal government employees and security officials were interviewed to understand their file transfer practices. Of those interviewed, 58 percent were aware of their agency's policies for secure file transferring, and 43 percent reported that they consistently followed the file sharing policies. Furthermore, 71 percent said they were concerned with the current security of federal file transfers, yet 54 percent admitted to not monitoring their own file transfer protocol. The majority of these federal personnel also admitted to using insecure methods for transferring files between agencies and within the agencies themselves: 66 percent used physical media like USB flash drives, 60 percent used FTP, and 52 percent used personal email accounts like Gmail or Yahoo.[12] The report recommended that organizations should develop and enforce government-wide standards and educate management and users.[13] Only a small portion of the information the government transfers is classified; however, much of it is sensitive because it can contain private information about the public such as medical records and social security numbers.[14]

The Electronic Frontier Foundation stated, prior to the introduction of this bill, that a government-wide restriction on peer-to-peer file sharing would limit the government's ability to take advantage of potentially useful file-sharing software. To support its opinion that peer-to-peer filesharing can be useful, the foundation offered as examples licensed music services and video gaming companies, which use peer-to-peer tools.[15]

Notes and References

  1. Web site: Secure Federal File Sharing Act. GovTrack.us. November 14, 2010.
  2. Web site: House Bill Bans Government Employee File Sharing. eweek.com. 6 December 2010.
  3. News: Towns Introduces Legislation to Prevent Inadvertent File Sharing . November 18, 2010. November 17, 2009.
  4. Web site: Leaked House Ethics document spreads on the Net via P2P. Computerworld.com. 30 October 2009 . November 23, 2010.
  5. Web site: H.R.4098 - Secure Federal File Sharing Act. OpenCongress. November 19, 2010.
  6. Web site: Bill Text. Thomas.loc.gov. November 14, 2010. October 4, 2014. https://web.archive.org/web/20141004175150/http://thomas.loc.gov/cgi-bin/query/z?c111:H.R.4098:. dead.
  7. Web site: H.R. 4098. LegislativeDigest. 25 November 2010.
  8. Web site: H.R. 4098, The Secure Federal File Sharing Act. WashingtonWatch. 25 November 2010.
  9. Web site: Major Actions in the House of Representatives. Thomas.loc.gov. November 14, 2010. July 4, 2016. https://web.archive.org/web/20160704234055/http://thomas.loc.gov/cgi-bin/bdquery/z?d111:HR04098:@@@L&summ2=m&. dead.
  10. Web site: Roll Call Vote Results. Office of the Clerk of the House of Representatives. November 14, 2010.
  11. Web site: S.3484, The Secure Federal File Sharing Act. Thomas.loc.gov. 25 November 2010. 4 July 2016. https://web.archive.org/web/20160704101820/http://thomas.loc.gov/cgi-bin/bdquery/z?d111:S.3484:. dead.
  12. Web site: Why Encrypt? Federal File Transfer Report. MeriTalk research. November 23, 2010.
  13. Web site: Federal File Sharing Practices Need Some Work. afcea.org/signal. AFCEA. November 23, 2010.
  14. Web site: Army Special Forces document leaked on P2P network. SCmagazine. 24 November 2010.
  15. Web site: Bill would restrict P2P use on government networks. ComputerWorld. 18 November 2009 . 24 November 2010.