[Congressional Bills 108th Congress]
[From the U.S. Government Publishing Office]
[H.R. 3159 Introduced in House (IH)]






108th CONGRESS
  1st Session
                                H. R. 3159

 To require Federal agencies to develop and implement plans to protect 
the security and privacy of government computer systems from the risks 
                  posed by peer-to-peer file sharing.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                           September 24, 2003

  Mr. Waxman (for himself, Mr. Tom Davis of Virginia, Mr. Shays, Mr. 
   McHugh, Mr. Clay, Mr. Towns, Mr. Carter, Mr. Van Hollen, Ms. Ros-
Lehtinen, Mr. Bell, Mr. Souder, Mrs. Miller of Michigan, Mr. Burton of 
  Indiana, Mr. Schrock, Mr. Lynch, Mr. Ruppersberger, Mr. Putnam, Mr. 
Cummings, Ms. Linda T. Sanchez of California, Mr. Lantos, Mrs. Maloney, 
 Mr. Owens, Ms. Watson, Mr. Ose, Mr. Cooper, Ms. Norton, Mr. Davis of 
   Illinois, Mrs. Jo Ann Davis of Virginia, and Mr. Turner of Ohio) 
 introduced the following bill; which was referred to the Committee on 
                           Government Reform

_______________________________________________________________________

                                 A BILL


 
 To require Federal agencies to develop and implement plans to protect 
the security and privacy of government computer systems from the risks 
                  posed by peer-to-peer file sharing.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Government Network Security Act of 
2003''.

SEC. 2. FINDINGS.

    Congress finds the following:
            (1) Peer-to-peer file sharing can pose security and privacy 
        threats to computers and networks by--
                     (A) exposing classified and sensitive information 
                that are stored on computers or networks;
                    (B) acting as a point of entry for viruses and 
                other malicious programs;
                    (C) consuming network resources, which may result 
                in a degradation of network performance; and
                    (D) exposing identifying information about host 
                computers that can be used by hackers to select 
                potential targets.
            (2) The computers and networks of the Federal Government 
        use and store a wide variety of classified and sensitive 
        information, including--
                    (A) information vital to national security, 
                defense, law enforcement, economic markets, public 
                health, and the environment; and
                    (B) personal and financial information of citizens 
                and businesses that has been entrusted to the Federal 
                Government.
            (3) Use of peer-to-peer file sharing on government 
        computers and networks can threaten the security and privacy of 
        the information on those computers and networks by exposing the 
        information to others using peer-to-peer file sharing.
            (4) The House of Representatives and the Senate are using 
        methods to protect the security and privacy of congressional 
        computers and networks from the risks posed by peer-to-peer 
        file sharing.
            (5) Innovations in peer-to-peer technology for government 
        applications can be pursued on intragovernmental networks that 
        do not pose risks to network security.
            (6) In light of these considerations, Federal agencies need 
        to take prompt action to address the security and privacy risks 
        posed by peer-to-peer file sharing.

SEC. 3. PROTECTION OF GOVERNMENT COMPUTERS FROM RISKS OF PEER-TO-PEER 
              FILE SHARING.

    (a) Plans Required.--As part of the Federal agency responsibilities 
set forth in sections 3544 and 3545 of title 44, United States Code, 
the head of each agency shall develop and implement a plan to protect 
the security and privacy of computers and networks of the Federal 
Government from the risks posed by peer-to-peer file sharing.
    (b) Contents of Plans.--Such plans shall set forth appropriate 
methods, including both technological (such as the use of software and 
hardware) and nontechnological methods (such as employee policies and 
user training), to achieve the goal of protecting the security and 
privacy of computers and networks of the Federal Government from the 
risks posed by peer-to-peer file sharing.
    (c) Implementation of Plans.--The head of each agency shall--
            (1) develop and implement the plan required under this 
        section as expeditiously as possible, but in no event later 
        than six months after the date of the enactment of this Act; 
        and
            (2) review and revise the plan periodically as necessary.
    (d) Review of Plans.--Not later than 18 months after the date of 
the enactment of this Act, the Comptroller General shall--
            (1) review the adequacy of the agency plans required by 
        this section; and
            (2) submit to the Committee on Government Reform of the 
        House of Representatives and the Committee on Governmental 
        Affairs of the Senate a report on the results of the review, 
        together with any recommendations the Comptroller General 
        considers appropriate.

SEC. 4. DEFINITIONS.

     In this Act:
            (1) Peer-to-peer file sharing.--The term ``peer-to-peer 
        file sharing'' means the use of computer software, other than 
        network operating systems, that has as its primary function the 
        capability to allow the computer on which such software is used 
        to designate files available for transmission to another 
        computer using such software, to transmit files to another such 
        computer, and to request the transmission of files from another 
        such computer. The term does not include the use of such 
        software wholly on intragovernmental networks.
            (2) Agency.--The term ``agency'' has the meaning provided 
        by section 3502 of title 44, United States Code.
                                 <all>