Secure Federal File Sharing Act
Encyclopedia
The Secure Federal File Sharing Act, also known as H.R. 4098, is a bill that has been under review by the United States Senate
since March 25, 2010. The legislation originated in the U.S. House of Representatives on November 17, 2009 as a part of the 111th Congress. The bill seeks to impose additional restrictions and requirements regarding the use of peer-to-peer filesharing by employees and contractors of the United States government.
The bill passed in the House of Representatives by a roll call vote on March 24, 2010 and has been referred to the Committee on Homeland Security and Governmental Affairs
. If the bill passes through the Senate, it will have to be signed by the President or otherwise promulgated before becoming a law. The Congressional Budget Office
estimated that the administration of the law will cost $10 million dollars over the 2011–2014 U.S fiscal years.
investigation, information about U.S. military programs and troops, and wiring schematics for a Marine One
helicopter) found on various filesharing programs in early 2009.
The act aims to eliminate the ease with which open-network peer-to-peer filesharing software can be installed and used by government employees and contractors. Restrictions would not only apply to federal
computer systems and networks
but also to home and personal computers of employees. Under the Act, the heads or chief information officers
of agencies must request and receive permission before employees can use specific peer-to-peer filesharing programs for job-related tasks.
The Secure Federal File Sharing Act would also require that, within 180 days of the its enactment, the Director of the Office of Management and Budget must update agency policies to comply with the act (which includes the implementation of security controls to prevent, detect, and remove file sharing software from federal computers, systems, and networks within this time frame). Additionally, the act would require the Director to give annual reports on agencies that use filesharing programs and the justification for each use. The Congressional Budget Office
estimated that the administration of the law will cost a total of $10 million dollars over the 2011–2014 U.S fiscal years, or $0.09 per American citizen over this three-year period.
) on November 17, 2009 as H.R. 4098, the Secure Federal File Sharing Act was referred to the House Committee on Oversight and Government Reform and placed on the Union Calendar
on March 11, 2010. On March 23, 2010, Representative Towns moved to suspend the rules and pass the bill by a roll call vote (House Vote #183 in 2010), which occurred following forty minutes of debate. The results of the vote yielded 408 Ayes, 13 Nays, and 8 Present/Not Voting.
The bill was received by the Senate on March 25, 2010 and referred to that chamber's Committee on Homeland Security and Governmental Affairs
. On June 14, 2010, sponsored by Senator Claire McCaskill
(D-MO
), the Senate introduced a companion bill, S.3484, to H.R. 4098. This bill was read and referred to the Senate Committee on Homeland Security and Governmental Affairs. If it passes through the Senate, it will have to be signed by the President or otherwise promulgated before becoming a law.
. The majority of these federal personnel also admitted to using insecure methods for transferring files between agencies and within the agencies themselves: 66 percent used physical media like USB flash drives
, 60 percent used FTP, and 52 percent used personal email
accounts like Gmail
or Yahoo. The report recommended that organizations should develop and enforce government-wide standards and educate management and users. Only a small portion of the information the government transfers is classified
; however, much of it is sensitive because it contains private information about citizens such as medical records and social security numbers.
The Electronic Frontier Foundation
stated, prior to the introduction of this bill, that a government-wide restriction on peer-to-peer file sharing would limit the government's ability to take advantage of potentially useful file-sharing software. To support its opinion that peer-to-peer filesharing can be useful, the foundation offered as examples licensed music services and video gaming companies, which use peer-to-peer tools.
United States Senate
The United States Senate is the upper house of the bicameral legislature of the United States, and together with the United States House of Representatives comprises the United States Congress. The composition and powers of the Senate are established in Article One of the U.S. Constitution. Each...
since March 25, 2010. The legislation originated in the U.S. House of Representatives on November 17, 2009 as a part of the 111th Congress. The bill seeks to impose additional restrictions and requirements regarding the use of peer-to-peer filesharing by employees and contractors of the United States government.
The bill passed in the House of Representatives by a roll call vote on March 24, 2010 and has been referred to the Committee on Homeland Security and Governmental Affairs
United States Senate Committee on Homeland Security and Governmental Affairs
The United States Senate Committee on Homeland Security and Governmental Affairs has jurisdiction over matters related to the Department of Homeland Security and other homeland security concerns, as well as the functioning of the government itself, including the National Archives, budget and...
. If the bill passes through the Senate, it will have to be signed by the President or otherwise promulgated before becoming a law. The Congressional Budget Office
Congressional Budget Office
The Congressional Budget Office is a federal agency within the legislative branch of the United States government that provides economic data to Congress....
estimated that the administration of the law will cost $10 million dollars over the 2011–2014 U.S fiscal years.
Purpose and description
The Secure Federal File Sharing Act was proposed in response to leaks of highly sensitive United States government information (which includes a list of ongoing House Ethics CommitteeUnited States House Committee on Standards of Official Conduct
The Committee on Ethics, often known simply as the Ethics Committee, is one of the committees of the United States House of Representatives. Prior to the 112th Congress it was known as the Committee on Standards of Official Conduct....
investigation, information about U.S. military programs and troops, and wiring schematics for a Marine One
Marine One
Marine One is the call sign of any United States Marine Corps aircraft carrying the President of the United States. It usually denotes a helicopter operated by the HMX-1 "Nighthawks" squadron, either the large VH-3D Sea King or the newer, smaller VH-60N "WhiteHawk", both due to be replaced by the...
helicopter) found on various filesharing programs in early 2009.
The act aims to eliminate the ease with which open-network peer-to-peer filesharing software can be installed and used by government employees and contractors. Restrictions would not only apply to federal
Federal government of the United States
The federal government of the United States is the national government of the constitutional republic of fifty states that is the United States of America. The federal government comprises three distinct branches of government: a legislative, an executive and a judiciary. These branches and...
computer systems and networks
Computer network
A computer network, often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information....
but also to home and personal computers of employees. Under the Act, the heads or chief information officers
Chief information officer
Chief information officer , or information technology director, is a job title commonly given to the most senior executive in an enterprise responsible for the information technology and computer systems that support enterprise goals...
of agencies must request and receive permission before employees can use specific peer-to-peer filesharing programs for job-related tasks.
The Secure Federal File Sharing Act would also require that, within 180 days of the its enactment, the Director of the Office of Management and Budget must update agency policies to comply with the act (which includes the implementation of security controls to prevent, detect, and remove file sharing software from federal computers, systems, and networks within this time frame). Additionally, the act would require the Director to give annual reports on agencies that use filesharing programs and the justification for each use. The Congressional Budget Office
Congressional Budget Office
The Congressional Budget Office is a federal agency within the legislative branch of the United States government that provides economic data to Congress....
estimated that the administration of the law will cost a total of $10 million dollars over the 2011–2014 U.S fiscal years, or $0.09 per American citizen over this three-year period.
Process
Introduced in the House by Representative Edolphus Towns (D-NY10New York's 10th congressional district
New York's 10th Congressional District is a congressional district for the United States House of Representatives located in Brooklyn, New York City. It includes the neighborhoods of Bedford-Stuyvesant, Brooklyn Heights, Brownsville, Canarsie, East New York and Ocean Hill, as well as parts of Fort...
) on November 17, 2009 as H.R. 4098, the Secure Federal File Sharing Act was referred to the House Committee on Oversight and Government Reform and placed on the Union Calendar
Union Calendar
Union Calendar is a separate calendar in the United States House of Representatives that schedules bills involving money issues. It arose from the requirement in Article One of the United States Constitution that all revenue bills originate in the House of Representatives...
on March 11, 2010. On March 23, 2010, Representative Towns moved to suspend the rules and pass the bill by a roll call vote (House Vote #183 in 2010), which occurred following forty minutes of debate. The results of the vote yielded 408 Ayes, 13 Nays, and 8 Present/Not Voting.
The bill was received by the Senate on March 25, 2010 and referred to that chamber's Committee on Homeland Security and Governmental Affairs
United States Senate Committee on Homeland Security and Governmental Affairs
The United States Senate Committee on Homeland Security and Governmental Affairs has jurisdiction over matters related to the Department of Homeland Security and other homeland security concerns, as well as the functioning of the government itself, including the National Archives, budget and...
. On June 14, 2010, sponsored by Senator Claire McCaskill
Claire McCaskill
Claire Conner McCaskill is the senior United States Senator from Missouri and a member of the Democratic Party. She defeated Republican incumbent Jim Talent in the 2006 U.S. Senate election, by a margin of 49.6% to 47.3%. She is the first woman elected to the U.S. Senate from Missouri in her own...
(D-MO
Missouri
Missouri is a US state located in the Midwestern United States, bordered by Iowa, Illinois, Kentucky, Tennessee, Arkansas, Oklahoma, Kansas and Nebraska. With a 2010 population of 5,988,927, Missouri is the 18th most populous state in the nation and the fifth most populous in the Midwest. It...
), the Senate introduced a companion bill, S.3484, to H.R. 4098. This bill was read and referred to the Senate Committee on Homeland Security and Governmental Affairs. If it passes through the Senate, it will have to be signed by the President or otherwise promulgated before becoming a law.
File sharing report; criticism
On May 10, 2010, MeriTalk, a U.S. government IT network, released a report on federal file sharing in which 200 federal government employees and security officials were interviewed to understand their file transfer practices. Of those interviewed, 58 percent were aware of their agency's policies for secure file transferring, and 43 percent reported that they consistently followed the file sharing policies. Furthermore, 71 percent said they were concerned with the current security of federal file transfers, yet 54 percent admitted to not monitoring their own file transfer protocolFile Transfer Protocol
File Transfer Protocol is a standard network protocol used to transfer files from one host to another host over a TCP-based network, such as the Internet. FTP is built on a client-server architecture and utilizes separate control and data connections between the client and server...
. The majority of these federal personnel also admitted to using insecure methods for transferring files between agencies and within the agencies themselves: 66 percent used physical media like USB flash drives
USB flash drive
A flash drive is a data storage device that consists of flash memory with an integrated Universal Serial Bus interface. flash drives are typically removable and rewritable, and physically much smaller than a floppy disk. Most weigh less than 30 g...
, 60 percent used FTP, and 52 percent used personal email
Email
Electronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...
accounts like Gmail
Gmail
Gmail is a free, advertising-supported email service provided by Google. Users may access Gmail as secure webmail, as well via POP3 or IMAP protocols. Gmail was launched as an invitation-only beta release on April 1, 2004 and it became available to the general public on February 7, 2007, though...
or Yahoo. The report recommended that organizations should develop and enforce government-wide standards and educate management and users. Only a small portion of the information the government transfers is classified
Classified information
Classified information is sensitive information to which access is restricted by law or regulation to particular groups of persons. A formal security clearance is required to handle classified documents or access classified data. The clearance process requires a satisfactory background investigation...
; however, much of it is sensitive because it contains private information about citizens such as medical records and social security numbers.
The Electronic Frontier Foundation
Electronic Frontier Foundation
The Electronic Frontier Foundation is an international non-profit digital rights advocacy and legal organization based in the United States...
stated, prior to the introduction of this bill, that a government-wide restriction on peer-to-peer file sharing would limit the government's ability to take advantage of potentially useful file-sharing software. To support its opinion that peer-to-peer filesharing can be useful, the foundation offered as examples licensed music services and video gaming companies, which use peer-to-peer tools.