[Congressional Record (Bound Edition), Volume 156 (2010), Part 4]
[House]
[Pages 4588-4590]
[From the U.S. Government Publishing Office, www.gpo.gov]




                    SECURE FEDERAL FILE SHARING ACT

  Mr. TOWNS. Mr. Speaker, I move to suspend the rules and pass the bill 
(H.R. 4098) to require the Director of the Office of Management and 
Budget to issue guidance on the use of peer-to-peer file sharing 
software to prohibit the personal use of such software by government 
employees, and for other purposes, as amended.
  The Clerk read the title of the bill.
  The text of the bill is as follows:

                               H.R. 4098

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Secure Federal File Sharing 
     Act''.

     SEC. 2. REQUIREMENTS.

       (a) Updated Guidance on Use of Certain Software Programs.--
     Not later than 90 days after the date of the enactment of 
     this Act, the Director of the Office of Management and 
     Budget, after consultation with the Federal Chief Information 
     Officers Council, shall issue guidance on the use of peer-to-
     peer file sharing software--
       (1) to prohibit the download, installation, or use by 
     Government employees and contractors of open-network peer-to-
     peer file sharing software on all Federal computers, computer 
     systems, and networks, including those operated by 
     contractors on the Government's behalf, unless such software 
     is approved in accordance with procedures under subsection 
     (b); and
       (2) to address the download, installation, or use by 
     Government employees and contractors of such software on home 
     or personal computers as it relates to telework and remotely 
     accessing Federal computers, computer systems, and networks, 
     including those operated by contractors on the Government's 
     behalf.
       (b) Approval Process for Certain Software Programs.--Not 
     later than 90 days after the date of the enactment of this 
     Act, the Director of the Office of Management and Budget 
     shall develop a procedure by which the Director, in 
     consultation with the Chief Information Officer, may receive 
     requests from heads of agencies or chief information officers 
     of agencies for approval for use by Government employees and 
     contractors of specific open-network peer-to-peer file 
     sharing software programs that are--
       (1) necessary for the day-to-day business operations of the 
     agency;
       (2) instrumental in completing a particular task or project 
     that directly supports the agency's overall mission;
       (3) necessary for use between, among, or within Federal, 
     State, or local government agencies in order to perform 
     official agency business; or
       (4) necessary for use during the course of a law 
     enforcement investigation.
       (c) Agency Responsibilities.--Not later than 180 days after 
     the date of enactment of this Act, the Director of the Office 
     of Management and Budget shall--
       (1) direct agencies to establish or update personal use 
     policies of the agency to be consistent with the guidance 
     issued pursuant to subsection (a);
       (2) direct agencies to require any contract awarded by the 
     agency to include a requirement that the contractor comply 
     with the guidance issued pursuant to subsection (a) in the 
     performance of the contract;
       (3) direct agencies to update their information technology 
     security or ethics training policies to ensure that all 
     employees, including those working for contractors on the 
     Government's behalf, are aware of the requirements of the 
     guidance required by subsection (a) and the consequences of 
     engaging in prohibited conduct; and
       (4) direct agencies to ensure that proper security controls 
     are in place to prevent, detect, and remove file sharing 
     software that is prohibited by the guidance issued pursuant 
     to subsection (a) from all Federal computers, computer 
     systems, and networks, including those operated by 
     contractors on the Government's behalf.

     SEC. 3. ANNUAL REPORT.

       Not later than one year after the date of the enactment of 
     this Act, and annually thereafter, the Director of the Office 
     of Management and Budget shall submit to the Committee on 
     Oversight and Government Reform of the House of 
     Representatives and the Committee on Homeland Security and 
     Governmental Affairs of the Senate a report on the 
     implementation of this Act, including--

[[Page 4589]]

       (1) a justification for each open-network peer-to-peer file 
     sharing software program that is approved pursuant to 
     subsection (b); and
       (2) an inventory of the agencies where such programs are 
     being used.

     SEC. 4. DEFINITIONS.

       In this Act:
       (1) Agency.--The term ``agency'' has the meaning provided 
     the term ``Executive agency'' by section 105 of title 5, 
     United States Code.
       (2) Open-network.--The term ``open-network'', with respect 
     to software, means a network in which--
       (A) access is granted freely, without limitation or 
     restriction; or
       (B) there are little or no security measures in place.
       (3) Peer-to-peer file sharing software.--The term ``peer-
     to-peer file sharing software''--
       (A) means a program, application, or software that is 
     commercially marketed or distributed to the public and that 
     enables--
       (i) a file or files on the computer on which such program 
     is installed to be designated as available for searching and 
     copying to one or more other computers;
       (ii) the searching of files on the computer on which such 
     program is installed and the copying of any such file to 
     another computer--

       (I) at the initiative of such other computer and without 
     requiring any action by an owner or authorized user of the 
     computer on which such program is installed; and
       (II) without requiring an owner or authorized user of the 
     computer on which such program is installed to have selected 
     or designated another computer as the recipient of any such 
     file; and

       (iii) an owner or authorized user of the computer on which 
     such program is installed to search files on one or more 
     other computers using the same or a compatible program, 
     application, or software, and copy such files to such owner 
     or user's computer; and
       (B) does not include a program, application, or software 
     designed primarily--
       (i) to operate as a server that is accessible over the 
     Internet using the Internet Domain Name system;
       (ii) to transmit or receive email messages, instant 
     messaging, real-time audio or video communications, or real-
     time voice communications; or
       (iii) to provide network or computer security (including 
     the detection or prevention of fraudulent activities), 
     network management, maintenance, diagnostics, or technical 
     support or repair.
       (4) Contractor.--The term ``contractor'' means a prime 
     contractor or a subcontractor, as defined by the Federal 
     Acquisition Regulation.

     SEC. 5. BUDGETARY EFFECTS OF PAYGO LEGISLATION FOR THIS ACT.

       The budgetary effects of this Act, for the purpose of 
     complying with the Statutory Pay-As-You-Go-Act of 2010, shall 
     be determined by reference to the latest statement titled 
     ``Budgetary Effects of PAYGO Legislation'' for this Act, 
     submitted for printing in the Congressional Record by the 
     Chairman of the House Budget Committee, provided that such 
     statement has been submitted prior to the vote on passage.

  The SPEAKER pro tempore. Pursuant to the rule, the gentleman from New 
York (Mr. Towns) and the gentleman from California (Mr. Issa) each will 
control 20 minutes.
  The Chair recognizes the gentleman from New York.


                             General Leave

  Mr. TOWNS. Mr. Speaker, I ask unanimous consent that all Members may 
have 5 legislative days in which to revise and to extend their remarks.
  The SPEAKER pro tempore. Is there objection to the request of the 
gentleman from New York?
  There was no objection.
  Mr. TOWNS. Mr. Speaker, I yield myself as much time as I may consume.
  The bill we are now considering, H.R. 4098, the Secure Federal File 
Sharing Act, is intended to improve the cybersecurity of Federal 
systems in response to a series of troubling breaches of confidential 
information. It requires the director of the Office of Management and 
Budget to issue new guidance prohibiting the use of open network peer-
to-peer file sharing software on all Federal computers and networks, 
including those of contractors working on the government's behalf.
  Peer-to-peer file sharing software allows users to instantly connect 
with each other to search and copy electronic files, most commonly 
music and movies. The committee has been investigating the dangers of 
peer-to-peer file sharing software for 9 years. During that time, we 
discovered a frightening amount of child pornography, thousands of 
personal tax filings, medical records, and highly sensitive government 
information, including the location of a Secret Service safe house for 
the first family and an electronic schematic for Marine One, all 
available on open peer-to-peer networks to millions of users around the 
world.
  What's clear is that as the popularity of file sharing has grown, so 
have the privacy and security risks. For the Federal Government, those 
risks are simply too great to ignore. H.R. 4098 would codify an 
existing OMB memorandum prohibiting Federal employees from using 
certain peer-to-peer file sharing programs and strengthen that policy 
by extending it to include Federal contractors working on the 
government's behalf. This is a good bill, and I strongly encourage my 
colleagues to join me in supporting this good bill.
  Mr. Speaker, I reserve the balance of my time.
  Mr. ISSA. Mr. Speaker, I yield myself such time as I may consume.
  I join with the chairman on a bipartisan basis to support this 
important legislation. As the chairman said--who, quite frankly, has 
done an inordinate amount of work on this, including multiple hearings 
over a period of time--although we have succeeded in some limited way 
in addressing this problem, when we revisited it after more than a 
year, we discovered some of the examples the chairman gave us, 
including the First Family's safe house being made vulnerable.
  Mr. Speaker, as you can imagine, everything we do in government, 
everything we order in government has a cost. The CBO has scored this 
one at $10 million over its life, about $2 million to $3 million a 
year. What is the cost of the loss of the President? What is the cost 
of a soldier's orders to deploy being made public? What is the cost of 
your tax returns being made public? What is the cost to sensitive 
national defense information or, in fact, the leaking of people who are 
in the clandestine service? All of that has been shown to be at risk as 
long as peer-to-peer continues to operate on the Federal system.
  Mr. Speaker, directing the Office of Management and Budget to create 
the guidance for prohibiting download or installation by government 
employees of these pieces of software, which are essentially spy 
software, spy software on behalf of those who sell this information and 
sell access to this information is, in fact, essential. File sharing 
within the Federal workforce and within Congress is closely monitored. 
We do have the ability to do file transfer protocol in a secure way. 
Clearly, though, as our hearings have shown, those who market this 
software to the public, usually for free, do so with backdoors 
deliberately there that make it enticing to those who want access, and 
that's how their revenue comes.
  Our hearings have shown that the very players who will provide you 
peer-to-peer for free so that you can get thousands of videos, plenty 
of music, and exchange pictures often do so specifically so that you 
unwittingly open up all of your information.
  Mr. Speaker, the American people deserve to have the information 
entrusted to us, their private information, kept private. Without this 
important legislation, that private information is consistently being 
made public through backdoor software installed by well-meaning 
individuals who only intended to share their summer pictures and not 
release the information on soldiers in harm's way. I urge strongly 
support for this legislation.
  I reserve the balance of my time.
  Mr. TOWNS. Mr. Speaker, I want to commend the staff of the committee. 
I want to commend the ranking member of the full committee, Congressman 
Issa, who has worked very closely with us to get us to this point. I 
also want to point out how important it is when you work together that 
you can pull things together and get them to the floor. I want to 
salute him for his work on this as well, and again, to all the staff 
members who have participated in helping us to get here today.
  I reserve the balance of my time.
  Mr. ISSA. I yield myself such time as I may consume.
  Mr. Chairman, it is you that we owe a great debt of thanks to. You've 
championed this. You've made sure both at the subcommittee and the full 
committee that we've had a thorough

[[Page 4590]]

evaluation. We've given the companies who claim that they are well-
meaning opportunity repeatedly to show that they could fix or would fix 
their software, only to discover they did not fix their software. So I 
join with you in commending our staff on both sides of the aisle for 
the hard work they did, for the individual research, and for some of 
the other organizations who were concerned about the safety of the 
American people's vital information for helping us shed light on this. 
I know this is a good piece of legislation. I know we're going to have 
to work to get it through the Senate. I look forward to doing that with 
you, Mr. Chairman.
  I yield back the balance of my time.
  Mr. TOWNS. I thank the gentleman from California, the ranking member, 
for his kind words.
  Ms. CLARKE. Mr. Speaker, I rise today in support of House Resolution 
4098, the Secure Federal File Sharing Act. As Chairwoman of the 
Committee on Homeland Security Subcommittee on Emerging Threats, 
Cybersecurity, and Science and Technology, I regularly deal with 
cybersecurity issues related to Federal civilian agencies and am happy 
to see this effort moving forward.
  The Secure Federal File sharing Act directs the Office of Management 
and Budget to issue guidance that would prohibit the use of peer-to-
peer software on Federal computer systems, on home computers of 
government employees who telecommute, and by Federal contractors. This 
bill will help improve our government's cyber-security in a number of 
ways.
  First, and most importantly, this bill reduces the risk to our 
government computer systems of downloading malicious software that 
could infect other systems within the government. It is well documented 
that peer-to-peer applications are regularly used by hackers to 
incorporate spyware, viruses, Trojan horses, or worms onto the 
downloader's computer. Not only does this expose a person's personal 
information to exploitation, but could put sensitive information about 
our government resources into unfriendly hands.
  Secondly, peer-to-peer software is frequently used to illegally 
download software or documents that are otherwise protected by 
intellectual property laws. Allowing Federal employees to use this 
software to download pirated materials not only puts them at risk of 
prosecution, but puts the Federal government in a precarious position 
of having passively supported illegal acts.
  Finally, peer-to-peer software is costly to the U.S. taxpayer. 
Because of the high risk nature of the software, its use only increases 
the amount we must spend to secure our computer systems from the cyber 
attacks it inevitably leads to.
  This legislation helps close a security hole among Federal civilian 
agencies, and I urge my colleagues to join me in passing House 
Resolution 4098.
  Mr. WELCH. Mr. Speaker and Chairman Towns, thank you for bringing 
this important legislation before the House today.
  Less than a year ago, Chairman Towns and his staff worked to convene 
an Oversight and Government Reform hearing that I requested about the 
dangers posed by inadvertent file-sharing over open-network peer-to-
peer file sharing software. I think it's safe to say we were all 
shocked by what we heard and saw at that hearing: information on the 
United States Secret Service safe house for first lady Michelle Obama; 
the names, addresses, and, in some cases, private information like 
Social Security numbers for men and women deploying to Afghanistan; as 
well as tax information for countless individuals. All of this 
information was on display for the world to see and all of it had been 
leaked as a result of inadvertent file sharing or theft over open-
network peer-to-peer file sharing software.
  Passing this bill is an important step in enacting common sense 
information security protections. This legislation will prohibit the 
software that has facilitated inadvertent file sharing and information 
theft from computers that have access to sensitive government 
information.
  Not only important, this legislation is also timely. Last month, the 
Federal Trade Commission released findings from their investigation 
into inadvertent file sharing. Their conclusion supports this 
legislation and reaffirms what many of us have learned as a result of 
the committee's work: peer-to-peer file sharing software subjects 
millions of users to identity theft and other serious hazards.
  The FTC is fulfilling its important role of protecting consumers by 
alerting consumers about stolen information, but I am concerned that 
their report does not pursue the one thing that all of the victims of 
inadvertent peer-to-peer file sharing have in common: the software 
itself. I urge the FTC to continue its work in this area and to look 
specifically at the providers of peer-to-peer software. The FTC has 
gone after those who use the software for harm, but they haven't spent 
enough time addressing those who develop this software--replete with 
security risks--for material gain. I look forward to future FTC 
investigation and possible action to address this ongoing problem.
  Chairman Towns, thank you for working so hard to address this issue.
  Mr. TOWNS. I yield back the balance of my time.
  The SPEAKER pro tempore. The question is on the motion offered by the 
gentleman from New York (Mr. Towns) that the House suspend the rules 
and agree to the resolution, H.R. 4098, as amended.
  The question was taken.
  The SPEAKER pro tempore. In the opinion of the Chair, two-thirds 
being in the affirmative, the ayes have it.
  Mr. BROUN of Georgia. Mr. Speaker, on that I demand the yeas and 
nays.
  The yeas and nays were ordered.
  The SPEAKER pro tempore. Pursuant to clause 8 of rule XX and the 
Chair's prior announcement, further proceedings on this motion will be 
postponed.

                          ____________________