Under a measure passed overwhelmingly by the U.S. House of Representatives (408-13), federal contractors would be required to adopt measures established by the Office of Management and Budget to limit open network peer-to-peer file sharing software (P2P Software). Likely a response to the leakage of House and Senate ethics investigations, if the “Secure Federal File Sharing Act” (H.R. 4098) (pdf) becomes law it would be the first widespread federal statute regulating P2P Software.
Under the law, federal government employees and contractors would be prohibited from downloading, installing, or using P2P Software on federal computers without government approval. Federal agencies would be required to take steps to find and remove P2P Software from such computers, including those government computers operated by contractors. In particular, the Act requires OMB guidelines to:
to address the download, installation, or use by Government employees and contractors of such software on home or personal computers as it relates to telework and remotely accessing Federal computers, computer systems, and networks, including those operated by contractors on the Government’s behalf.
Within 90 days of enactment, OMB will need to set up a procedure for approving the use of P2P Software. Within 180 days of enactment, with respect to contractors, agencies will need to
- require any contract awarded by the agency to include a requirement that the contractor comply with OMB guidance in the performance of the contract;
- update their information technology security or ethics training policies to ensure that all employees working for contractors on the government’s behalf are aware of the requirements of OMB guidance and the consequences of engaging in prohibited conduct; and
- ensure that proper security controls are in place to prevent, detect, and remove file sharing software that is prohibited by the OMB guidance from all federal computers, computer systems, and networks operated by contractors on the government’s behalf.
Numerous examples of data leaks caused by irresponsible use of P2P Software should push all businesses to take steps to use this potentially valuable technology more carefully.