[Congressional Bills 111th Congress]
[From the U.S. Government Publishing Office]
[H.R. 4098 Referred in Senate (RFS)]

111th CONGRESS
  2d Session
                                H. R. 4098


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                             March 25, 2010

     Received; read twice and referred to the Committee on Homeland 
                   Security and Governmental Affairs

_______________________________________________________________________

                                 AN ACT


 
To require the Director of the Office of Management and Budget to issue 
 guidance on the use of peer-to-peer file sharing software to prohibit 
  the personal use of such software by Government employees, and for 
                            other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Secure Federal File Sharing Act''.

SEC. 2. REQUIREMENTS.

    (a) Updated Guidance on Use of Certain Software Programs.--Not 
later than 90 days after the date of the enactment of this Act, the 
Director of the Office of Management and Budget, after consultation 
with the Federal Chief Information Officers Council, shall issue 
guidance on the use of peer-to-peer file sharing software--
            (1) to prohibit the download, installation, or use by 
        Government employees and contractors of open-network peer-to-
        peer file sharing software on all Federal computers, computer 
        systems, and networks, including those operated by contractors 
        on the Government's behalf, unless such software is approved in 
        accordance with procedures under subsection (b); and
            (2) to address the download, installation, or use by 
        Government employees and contractors of such software on home 
        or personal computers as it relates to telework and remotely 
        accessing Federal computers, computer systems, and networks, 
        including those operated by contractors on the Government's 
        behalf.
    (b) Approval Process for Certain Software Programs.--Not later than 
90 days after the date of the enactment of this Act, the Director of 
the Office of Management and Budget shall develop a procedure by which 
the Director, in consultation with the Chief Information Officer, may 
receive requests from heads of agencies or chief information officers 
of agencies for approval for use by Government employees and 
contractors of specific open-network peer-to-peer file sharing software 
programs that are--
            (1) necessary for the day-to-day business operations of the 
        agency;
            (2) instrumental in completing a particular task or project 
        that directly supports the agency's overall mission;
            (3) necessary for use between, among, or within Federal, 
        State, or local government agencies in order to perform 
        official agency business; or
            (4) necessary for use during the course of a law 
        enforcement investigation.
    (c) Agency Responsibilities.--Not later than 180 days after the 
date of enactment of this Act, the Director of the Office of Management 
and Budget shall--
            (1) direct agencies to establish or update personal use 
        policies of the agency to be consistent with the guidance 
        issued pursuant to subsection (a);
            (2) direct agencies to require any contract awarded by the 
        agency to include a requirement that the contractor comply with 
        the guidance issued pursuant to subsection (a) in the 
        performance of the contract;
            (3) direct agencies to update their information technology 
        security or ethics training policies to ensure that all 
        employees, including those working for contractors on the 
        Government's behalf, are aware of the requirements of the 
        guidance required by subsection (a) and the consequences of 
        engaging in prohibited conduct; and
            (4) direct agencies to ensure that proper security controls 
        are in place to prevent, detect, and remove file sharing 
        software that is prohibited by the guidance issued pursuant to 
        subsection (a) from all Federal computers, computer systems, 
        and networks, including those operated by contractors on the 
        Government's behalf.

SEC. 3. ANNUAL REPORT.

    Not later than 1 year after the date of the enactment of this Act, 
and annually thereafter, the Director of the Office of Management and 
Budget shall submit to the Committee on Oversight and Government Reform 
of the House of Representatives and the Committee on Homeland Security 
and Governmental Affairs of the Senate a report on the implementation 
of this Act, including--
            (1) a justification for each open-network peer-to-peer file 
        sharing software program that is approved pursuant to 
        subsection (b); and
            (2) an inventory of the agencies where such programs are 
        being used.

SEC. 4. DEFINITIONS.

    In this Act:
            (1) Agency.--The term ``agency'' has the meaning provided 
        the term ``Executive agency'' by section 105 of title 5, United 
        States Code.
            (2) Open-network.--The term ``open-network'', with respect 
        to software, means a network in which--
                    (A) access is granted freely, without limitation or 
                restriction; or
                    (B) there are little or no security measures in 
                place.
            (3) Peer-to-peer file sharing software.--The term ``peer-
        to-peer file sharing software''--
                    (A) means a program, application, or software that 
                is commercially marketed or distributed to the public 
                and that enables--
                            (i) a file or files on the computer on 
                        which such program is installed to be 
                        designated as available for searching and 
                        copying to one or more other computers;
                            (ii) the searching of files on the computer 
                        on which such program is installed and the 
                        copying of any such file to another computer--
                                    (I) at the initiative of such other 
                                computer and without requiring any 
                                action by an owner or authorized user 
                                of the computer on which such program 
                                is installed; and
                                    (II) without requiring an owner or 
                                authorized user of the computer on 
                                which such program is installed to have 
                                selected or designated another computer 
                                as the recipient of any such file; and
                            (iii) an owner or authorized user of the 
                        computer on which such program is installed to 
                        search files on one or more other computers 
                        using the same or a compatible program, 
                        application, or software, and copy such files 
                        to such owner or user's computer; and
                    (B) does not include a program, application, or 
                software designed primarily--
                            (i) to operate as a server that is 
                        accessible over the Internet using the Internet 
                        Domain Name system;
                            (ii) to transmit or receive email messages, 
                        instant messaging, real-time audio or video 
                        communications, or real-time voice 
                        communications; or
                            (iii) to provide network or computer 
                        security (including the detection or prevention 
                        of fraudulent activities), network management, 
                        maintenance, diagnostics, or technical support 
                        or repair.
            (4) Contractor.--The term ``contractor'' means a prime 
        contractor or a subcontractor, as defined by the Federal 
        Acquisition Regulation.

SEC. 5. BUDGETARY EFFECTS OF PAYGO LEGISLATION FOR THIS ACT.

    The budgetary effects of this Act, for the purpose of complying 
with the Statutory Pay-As-You-Go Act of 2010, shall be determined by 
reference to the latest statement titled ``Budgetary Effects of PAYGO 
Legislation'' for this Act, submitted for printing in the Congressional 
Record by the Chairman of the House Budget Committee, provided that 
such statement has been submitted prior to the vote on passage.

            Passed the House of Representatives March 24, 2010.

            Attest:

                                            LORRAINE C. MILLER,

                                                                 Clerk.