[Congressional Bills 111th Congress]
[From the U.S. Government Publishing Office]
[S. 3484 Introduced in Senate (IS)]

111th CONGRESS
  2d Session
                                S. 3484

To require the Director of the Office of Management and Budget to issue 
 guidance on the use of peer-to-peer file sharing software to prohibit 
  the personal use of such software by Government employees, and for 
                            other purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                             June 14, 2010

 Mrs. McCaskill (for herself and Mr. Bennett) introduced the following 
 bill; which was read twice and referred to the Committee on Homeland 
                   Security and Governmental Affairs

_______________________________________________________________________

                                 A BILL


 
To require the Director of the Office of Management and Budget to issue 
 guidance on the use of peer-to-peer file sharing software to prohibit 
  the personal use of such software by Government employees, and for 
                            other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Secure Federal File Sharing Act''.

SEC. 2. REQUIREMENTS.

    (a) Updated Guidance on Use of Certain Software Programs.--Not 
later than 90 days after the date of the enactment of this Act, the 
Director of the Office of Management and Budget, after consultation 
with the Federal Chief Information Officers Council, shall issue 
guidance on the use of peer-to-peer file sharing software--
            (1) to prohibit the download, installation, or use by 
        Government employees and contractors of open-network peer-to-
        peer file sharing software on all Federal computers, computer 
        systems, and networks, including those operated by contractors 
        of the Government, unless such software is approved in 
        accordance with procedures under subsection (b); and
            (2) to address the download, installation, or use by 
        Government employees and contractors of such software on home 
        or personal computers as it relates to telework and remotely 
        accessing Federal computers, computer systems, and networks, 
        including those operated by contractors of the Government.
    (b) Approval Process for Certain Software Programs.--Not later than 
90 days after the date of the enactment of this Act, the Director of 
the Office of Management and Budget shall develop a procedure by which 
the Director, in consultation with the Chief Information Officer, may 
receive requests from heads of agencies or chief information officers 
of agencies for approval for use by Government employees and 
contractors of specific open-network peer-to-peer file sharing software 
programs that are--
            (1) necessary for the day-to-day business operations of the 
        agency;
            (2) instrumental in completing a particular task or project 
        that directly supports the agency's overall mission;
            (3) necessary for use between, among, or within Federal, 
        State, or local government agencies in order to perform 
        official agency business; or
            (4) necessary for use during the course of a law 
        enforcement investigation.
    (c) Agency Responsibilities.--Not later than 180 days after the 
date of enactment of this Act, the Director of the Office of Management 
and Budget shall--
            (1) direct agencies to establish or update personal use 
        policies of the agency to be consistent with the guidance 
        issued pursuant to subsection (a);
            (2) direct agencies to require any contract awarded by the 
        agency to include a requirement that the contractor comply with 
        the guidance issued pursuant to subsection (a) in the 
        performance of the contract;
            (3) direct agencies to update their information technology 
        security or ethics training policies to ensure that all 
        employees, including those working for contractors of the 
        Government, are aware of the requirements of the guidance 
        required by subsection (a) and the consequences of engaging in 
        prohibited conduct; and
            (4) direct agencies to ensure that proper security controls 
        are in place to prevent, detect, and remove file sharing 
        software that is prohibited by the guidance issued pursuant to 
        subsection (a) from all Federal computers, computer systems, 
        and networks, including those operated by contractors of the 
        Government.

SEC. 3. ANNUAL REPORT.

    (a) In General.--Not later than 1 year after the date of enactment 
of this Act, and annually thereafter, the Director of the Office of 
Management and Budget shall submit to the Committee on Oversight and 
Government Reform of the House of Representatives and the Committee on 
Homeland Security and Governmental Affairs of the Senate a report on 
the implementation of this Act, including--
            (1) a justification for each open-network peer-to-peer file 
        sharing software program that is approved under subsection (b); 
        and
            (2) an inventory of the agencies where such programs are 
        being used.
    (b) Rule of Construction.--Nothing in this section shall be 
construed to require the disclosure of any information relating to any 
confidential Government operation or investigation, including any law 
enforcement, national security, or terrorism investigation.

SEC. 4. DEFINITIONS.

    In this Act:
            (1) Agency.--The term ``agency''--
                    (A) means any executive department, military 
                department, Government corporation, Government-
                controlled corporation, or other establishment in the 
                executive branch of the Government (including the 
                Executive Office of the President), or any independent 
                regulatory agency, the governments of the District of 
                Columbia and of the territories and possessions of the 
                United States, and their various subdivisions; and
                    (B) includes Government-owned contractor-operated 
                facilities, including laboratories engaged in national 
                defense research and production activities.
            (2) Open-network.--The term ``open-network'', with respect 
        to software, means a network in which--
                    (A) access is granted freely, without limitation or 
                restriction; or
                    (B) there are little or no security measures in 
                place.
            (3) Peer-to-peer file sharing software.--The term ``peer-
        to-peer file sharing software''--
                    (A) means a program, application, or software that 
                is commercially marketed or distributed to the public 
                and that enables--
                            (i) a file or files on the computer on 
                        which such program is installed to be 
                        designated as available for searching and 
                        copying to one or more other computers;
                            (ii) the searching of files on the computer 
                        on which such program is installed and the 
                        copying of any such file to another computer--
                                    (I) at the initiative of such other 
                                computer and without requiring any 
                                action by an owner or authorized user 
                                of the computer on which such program 
                                is installed; and
                                    (II) without requiring an owner or 
                                authorized user of the computer on 
                                which such program is installed to have 
                                selected or designated another computer 
                                as the recipient of any such file; and
                            (iii) an owner or authorized user of the 
                        computer on which such program is installed to 
                        search files on one or more other computers 
                        using the same or a compatible program, 
                        application, or software, and copy such files 
                        to such owner or user's computer; and
                    (B) does not include a program, application, or 
                software designed primarily--
                            (i) to operate as a server that is 
                        accessible over the Internet using the Internet 
                        Domain Name system;
                            (ii) to transmit or receive email messages, 
                        instant messaging, real-time audio or video 
                        communications, or real-time voice 
                        communications; or
                            (iii) to provide network or computer 
                        security (including the detection or prevention 
                        of fraudulent activities), network management, 
                        maintenance, diagnostics, or technical support 
                        or repair.
            (4) Contractor.--The term ``contractor'' means a prime 
        contractor or a subcontractor, as defined by the Federal 
        Acquisition Regulation.
                                 <all>