[Congressional Record Volume 156, Number 45 (Tuesday, March 23, 2010)]
[House]
[Pages H2237-H2239]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                    SECURE FEDERAL FILE SHARING ACT

  Mr. TOWNS. Mr. Speaker, I move to suspend the rules and pass the bill 
(H.R. 4098) to require the Director of the Office of Management and 
Budget to issue guidance on the use of peer-to-peer file sharing 
software to prohibit the personal use of such software by government 
employees, and for other purposes, as amended.
  The Clerk read the title of the bill.
  The text of the bill is as follows:

                               H.R. 4098

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Secure Federal File Sharing 
     Act''.

     SEC. 2. REQUIREMENTS.

       (a) Updated Guidance on Use of Certain Software Programs.--
     Not later than 90 days after the date of the enactment of 
     this Act, the Director of the Office of Management and 
     Budget, after consultation with the Federal Chief Information 
     Officers Council, shall issue guidance on the use of peer-to-
     peer file sharing software--
       (1) to prohibit the download, installation, or use by 
     Government employees and contractors of open-network peer-to-
     peer file sharing software on all Federal computers, computer 
     systems, and networks, including those operated by 
     contractors on the Government's behalf, unless such software 
     is approved in accordance with procedures under subsection 
     (b); and

[[Page H2238]]

       (2) to address the download, installation, or use by 
     Government employees and contractors of such software on home 
     or personal computers as it relates to telework and remotely 
     accessing Federal computers, computer systems, and networks, 
     including those operated by contractors on the Government's 
     behalf.
       (b) Approval Process for Certain Software Programs.--Not 
     later than 90 days after the date of the enactment of this 
     Act, the Director of the Office of Management and Budget 
     shall develop a procedure by which the Director, in 
     consultation with the Chief Information Officer, may receive 
     requests from heads of agencies or chief information officers 
     of agencies for approval for use by Government employees and 
     contractors of specific open-network peer-to-peer file 
     sharing software programs that are--
       (1) necessary for the day-to-day business operations of the 
     agency;
       (2) instrumental in completing a particular task or project 
     that directly supports the agency's overall mission;
       (3) necessary for use between, among, or within Federal, 
     State, or local government agencies in order to perform 
     official agency business; or
       (4) necessary for use during the course of a law 
     enforcement investigation.
       (c) Agency Responsibilities.--Not later than 180 days after 
     the date of enactment of this Act, the Director of the Office 
     of Management and Budget shall--
       (1) direct agencies to establish or update personal use 
     policies of the agency to be consistent with the guidance 
     issued pursuant to subsection (a);
       (2) direct agencies to require any contract awarded by the 
     agency to include a requirement that the contractor comply 
     with the guidance issued pursuant to subsection (a) in the 
     performance of the contract;
       (3) direct agencies to update their information technology 
     security or ethics training policies to ensure that all 
     employees, including those working for contractors on the 
     Government's behalf, are aware of the requirements of the 
     guidance required by subsection (a) and the consequences of 
     engaging in prohibited conduct; and
       (4) direct agencies to ensure that proper security controls 
     are in place to prevent, detect, and remove file sharing 
     software that is prohibited by the guidance issued pursuant 
     to subsection (a) from all Federal computers, computer 
     systems, and networks, including those operated by 
     contractors on the Government's behalf.

     SEC. 3. ANNUAL REPORT.

       Not later than one year after the date of the enactment of 
     this Act, and annually thereafter, the Director of the Office 
     of Management and Budget shall submit to the Committee on 
     Oversight and Government Reform of the House of 
     Representatives and the Committee on Homeland Security and 
     Governmental Affairs of the Senate a report on the 
     implementation of this Act, including--
       (1) a justification for each open-network peer-to-peer file 
     sharing software program that is approved pursuant to 
     subsection (b); and
       (2) an inventory of the agencies where such programs are 
     being used.

     SEC. 4. DEFINITIONS.

       In this Act:
       (1) Agency.--The term ``agency'' has the meaning provided 
     the term ``Executive agency'' by section 105 of title 5, 
     United States Code.
       (2) Open-network.--The term ``open-network'', with respect 
     to software, means a network in which--
       (A) access is granted freely, without limitation or 
     restriction; or
       (B) there are little or no security measures in place.
       (3) Peer-to-peer file sharing software.--The term ``peer-
     to-peer file sharing software''--
       (A) means a program, application, or software that is 
     commercially marketed or distributed to the public and that 
     enables--
       (i) a file or files on the computer on which such program 
     is installed to be designated as available for searching and 
     copying to one or more other computers;
       (ii) the searching of files on the computer on which such 
     program is installed and the copying of any such file to 
     another computer--

       (I) at the initiative of such other computer and without 
     requiring any action by an owner or authorized user of the 
     computer on which such program is installed; and
       (II) without requiring an owner or authorized user of the 
     computer on which such program is installed to have selected 
     or designated another computer as the recipient of any such 
     file; and

       (iii) an owner or authorized user of the computer on which 
     such program is installed to search files on one or more 
     other computers using the same or a compatible program, 
     application, or software, and copy such files to such owner 
     or user's computer; and
       (B) does not include a program, application, or software 
     designed primarily--
       (i) to operate as a server that is accessible over the 
     Internet using the Internet Domain Name system;
       (ii) to transmit or receive email messages, instant 
     messaging, real-time audio or video communications, or real-
     time voice communications; or
       (iii) to provide network or computer security (including 
     the detection or prevention of fraudulent activities), 
     network management, maintenance, diagnostics, or technical 
     support or repair.
       (4) Contractor.--The term ``contractor'' means a prime 
     contractor or a subcontractor, as defined by the Federal 
     Acquisition Regulation.

     SEC. 5. BUDGETARY EFFECTS OF PAYGO LEGISLATION FOR THIS ACT.

       The budgetary effects of this Act, for the purpose of 
     complying with the Statutory Pay-As-You-Go-Act of 2010, shall 
     be determined by reference to the latest statement titled 
     ``Budgetary Effects of PAYGO Legislation'' for this Act, 
     submitted for printing in the Congressional Record by the 
     Chairman of the House Budget Committee, provided that such 
     statement has been submitted prior to the vote on passage.

  The SPEAKER pro tempore. Pursuant to the rule, the gentleman from New 
York (Mr. Towns) and the gentleman from California (Mr. Issa) each will 
control 20 minutes.
  The Chair recognizes the gentleman from New York.


                             General Leave

  Mr. TOWNS. Mr. Speaker, I ask unanimous consent that all Members may 
have 5 legislative days in which to revise and to extend their remarks.
  The SPEAKER pro tempore. Is there objection to the request of the 
gentleman from New York?
  There was no objection.
  Mr. TOWNS. Mr. Speaker, I yield myself as much time as I may consume.
  The bill we are now considering, H.R. 4098, the Secure Federal File 
Sharing Act, is intended to improve the cybersecurity of Federal 
systems in response to a series of troubling breaches of confidential 
information. It requires the director of the Office of Management and 
Budget to issue new guidance prohibiting the use of open network peer-
to-peer file sharing software on all Federal computers and networks, 
including those of contractors working on the government's behalf.
  Peer-to-peer file sharing software allows users to instantly connect 
with each other to search and copy electronic files, most commonly 
music and movies. The committee has been investigating the dangers of 
peer-to-peer file sharing software for 9 years. During that time, we 
discovered a frightening amount of child pornography, thousands of 
personal tax filings, medical records, and highly sensitive government 
information, including the location of a Secret Service safe house for 
the first family and an electronic schematic for Marine One, all 
available on open peer-to-peer networks to millions of users around the 
world.
  What's clear is that as the popularity of file sharing has grown, so 
have the privacy and security risks. For the Federal Government, those 
risks are simply too great to ignore. H.R. 4098 would codify an 
existing OMB memorandum prohibiting Federal employees from using 
certain peer-to-peer file sharing programs and strengthen that policy 
by extending it to include Federal contractors working on the 
government's behalf. This is a good bill, and I strongly encourage my 
colleagues to join me in supporting this good bill.
  Mr. Speaker, I reserve the balance of my time.
  Mr. ISSA. Mr. Speaker, I yield myself such time as I may consume.
  I join with the chairman on a bipartisan basis to support this 
important legislation. As the chairman said--who, quite frankly, has 
done an inordinate amount of work on this, including multiple hearings 
over a period of time--although we have succeeded in some limited way 
in addressing this problem, when we revisited it after more than a 
year, we discovered some of the examples the chairman gave us, 
including the First Family's safe house being made vulnerable.
  Mr. Speaker, as you can imagine, everything we do in government, 
everything we order in government has a cost. The CBO has scored this 
one at $10 million over its life, about $2 million to $3 million a 
year. What is the cost of the loss of the President? What is the cost 
of a soldier's orders to deploy being made public? What is the cost of 
your tax returns being made public? What is the cost to sensitive 
national defense information or, in fact, the leaking of people who are 
in the clandestine service? All of that has been shown to be at risk as 
long as peer-to-peer continues to operate on the Federal system.
  Mr. Speaker, directing the Office of Management and Budget to create 
the guidance for prohibiting download or installation by government 
employees

[[Page H2239]]

of these pieces of software, which are essentially spy software, spy 
software on behalf of those who sell this information and sell access 
to this information is, in fact, essential. File sharing within the 
Federal workforce and within Congress is closely monitored. We do have 
the ability to do file transfer protocol in a secure way. Clearly, 
though, as our hearings have shown, those who market this software to 
the public, usually for free, do so with backdoors deliberately there 
that make it enticing to those who want access, and that's how their 
revenue comes.

  Our hearings have shown that the very players who will provide you 
peer-to-peer for free so that you can get thousands of videos, plenty 
of music, and exchange pictures often do so specifically so that you 
unwittingly open up all of your information.
  Mr. Speaker, the American people deserve to have the information 
entrusted to us, their private information, kept private. Without this 
important legislation, that private information is consistently being 
made public through backdoor software installed by well-meaning 
individuals who only intended to share their summer pictures and not 
release the information on soldiers in harm's way. I urge strongly 
support for this legislation.
  I reserve the balance of my time.
  Mr. TOWNS. Mr. Speaker, I want to commend the staff of the committee. 
I want to commend the ranking member of the full committee, Congressman 
Issa, who has worked very closely with us to get us to this point. I 
also want to point out how important it is when you work together that 
you can pull things together and get them to the floor. I want to 
salute him for his work on this as well, and again, to all the staff 
members who have participated in helping us to get here today.
  I reserve the balance of my time.
  Mr. ISSA. I yield myself such time as I may consume.
  Mr. Chairman, it is you that we owe a great debt of thanks to. You've 
championed this. You've made sure both at the subcommittee and the full 
committee that we've had a thorough evaluation. We've given the 
companies who claim that they are well-meaning opportunity repeatedly 
to show that they could fix or would fix their software, only to 
discover they did not fix their software. So I join with you in 
commending our staff on both sides of the aisle for the hard work they 
did, for the individual research, and for some of the other 
organizations who were concerned about the safety of the American 
people's vital information for helping us shed light on this. I know 
this is a good piece of legislation. I know we're going to have to work 
to get it through the Senate. I look forward to doing that with you, 
Mr. Chairman.
  I yield back the balance of my time.
  Mr. TOWNS. I thank the gentleman from California, the ranking member, 
for his kind words.
  Ms. CLARKE. Mr. Speaker, I rise today in support of House Resolution 
4098, the Secure Federal File Sharing Act. As Chairwoman of the 
Committee on Homeland Security Subcommittee on Emerging Threats, 
Cybersecurity, and Science and Technology, I regularly deal with 
cybersecurity issues related to Federal civilian agencies and am happy 
to see this effort moving forward.
  The Secure Federal File sharing Act directs the Office of Management 
and Budget to issue guidance that would prohibit the use of peer-to-
peer software on Federal computer systems, on home computers of 
government employees who telecommute, and by Federal contractors. This 
bill will help improve our government's cyber-security in a number of 
ways.
  First, and most importantly, this bill reduces the risk to our 
government computer systems of downloading malicious software that 
could infect other systems within the government. It is well documented 
that peer-to-peer applications are regularly used by hackers to 
incorporate spyware, viruses, Trojan horses, or worms onto the 
downloader's computer. Not only does this expose a person's personal 
information to exploitation, but could put sensitive information about 
our government resources into unfriendly hands.
  Secondly, peer-to-peer software is frequently used to illegally 
download software or documents that are otherwise protected by 
intellectual property laws. Allowing Federal employees to use this 
software to download pirated materials not only puts them at risk of 
prosecution, but puts the Federal government in a precarious position 
of having passively supported illegal acts.
  Finally, peer-to-peer software is costly to the U.S. taxpayer. 
Because of the high risk nature of the software, its use only increases 
the amount we must spend to secure our computer systems from the cyber 
attacks it inevitably leads to.
  This legislation helps close a security hole among Federal civilian 
agencies, and I urge my colleagues to join me in passing House 
Resolution 4098.
  Mr. TOWNS. I yield back the balance of my time.
  The SPEAKER pro tempore. The question is on the motion offered by the 
gentleman from New York (Mr. Towns) that the House suspend the rules 
and agree to the resolution, H.R. 4098, as amended.
  The question was taken.
  The SPEAKER pro tempore. In the opinion of the Chair, two-thirds 
being in the affirmative, the ayes have it.
  Mr. BROUN of Georgia. Mr. Speaker, on that I demand the yeas and 
nays.
  The yeas and nays were ordered.
  The SPEAKER pro tempore. Pursuant to clause 8 of rule XX and the 
Chair's prior announcement, further proceedings on this motion will be 
postponed.

                          ____________________