[Congressional Bills 108th Congress]
[From the U.S. Government Publishing Office]
[H.R. 3159 Reported in Senate (RS)]






                                                       Calendar No. 384
108th CONGRESS
  1st Session
                                H. R. 3159


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                            October 14, 2003

  Received; read twice and referred to the Committee on Governmental 
                                Affairs

                           November 10, 2003

               Reported by Ms. Collins, without amendment

_______________________________________________________________________

                                 AN ACT


 
 To require Federal agencies to develop and implement plans to protect 
the security and privacy of government computer systems from the risks 
                  posed by peer-to-peer file sharing.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Government Network Security Act of 
2003''.

SEC. 2. FINDINGS.

    Congress finds the following:
            (1) Peer-to-peer file sharing can pose security and privacy 
        threats to computers and networks by--
                     (A) exposing classified and sensitive information 
                that are stored on computers or networks;
                    (B) acting as a point of entry for viruses and 
                other malicious programs;
                    (C) consuming network resources, which may result 
                in a degradation of network performance; and
                    (D) exposing identifying information about host 
                computers that can be used by hackers to select 
                potential targets.
            (2) The computers and networks of the Federal Government 
        use and store a wide variety of classified and sensitive 
        information, including--
                    (A) information vital to national security, 
                defense, law enforcement, economic markets, public 
                health, and the environment; and
                    (B) personal and financial information of citizens 
                and businesses that has been entrusted to the Federal 
                Government.
            (3) Use of peer-to-peer file sharing on government 
        computers and networks can threaten the security and privacy of 
        the information on those computers and networks by exposing the 
        information to others using peer-to-peer file sharing.
            (4) The House of Representatives and the Senate are using 
        methods to protect the security and privacy of congressional 
        computers and networks from the risks posed by peer-to-peer 
        file sharing.
            (5) Innovations in peer-to-peer technology for government 
        applications can be pursued on intragovernmental networks that 
        do not pose risks to network security.
            (6) In light of these considerations, Federal agencies need 
        to take prompt action to address the security and privacy risks 
        posed by peer-to-peer file sharing.

SEC. 3. PROTECTION OF GOVERNMENT COMPUTERS FROM RISKS OF PEER-TO-PEER 
              FILE SHARING.

    (a) Plans Required.--As part of the Federal agency responsibilities 
set forth in sections 3544 and 3545 of title 44, United States Code, 
the head of each agency shall develop and implement a plan to protect 
the security and privacy of computers and networks of the Federal 
Government from the risks posed by peer-to-peer file sharing.
    (b) Contents of Plans.--Such plans shall set forth appropriate 
methods, including both technological (such as the use of software and 
hardware) and nontechnological methods (such as employee policies and 
user training), to achieve the goal of protecting the security and 
privacy of computers and networks of the Federal Government from the 
risks posed by peer-to-peer file sharing.
    (c) Implementation of Plans.--The head of each agency shall--
            (1) develop and implement the plan required under this 
        section as expeditiously as possible, but in no event later 
        than six months after the date of the enactment of this Act; 
        and
            (2) review and revise the plan periodically as necessary.
    (d) Review of Plans.--Not later than 18 months after the date of 
the enactment of this Act, the Comptroller General shall--
            (1) review the adequacy of the agency plans required by 
        this section; and
            (2) submit to the Committee on Government Reform of the 
        House of Representatives and the Committee on Governmental 
        Affairs of the Senate a report on the results of the review, 
        together with any recommendations the Comptroller General 
        considers appropriate.

SEC. 4. DEFINITIONS.

     In this Act:
            (1) Peer-to-peer file sharing.--The term ``peer-to-peer 
        file sharing'' means the use of computer software, other than 
        computer and network operating systems, that has as its primary 
        function the capability to allow the computer on which such 
        software is used to designate files available for transmission 
        to another computer using such software, to transmit files 
        directly to another such computer, and to request the 
        transmission of files from another such computer. The term does 
        not include the use of such software for file sharing between, 
        among, or within Federal, State, or local government agencies.
            (2) Agency.--The term ``agency'' has the meaning provided 
        by section 3502 of title 44, United States Code.




                                                       Calendar No. 384

108th CONGRESS

  1st Session

                               H. R. 3159

_______________________________________________________________________

                                 AN ACT

 To require Federal agencies to develop and implement plans to protect 
the security and privacy of government computer systems from the risks 
                  posed by peer-to-peer file sharing.

_______________________________________________________________________

                           November 10, 2003

                       Reported without amendment