< Back to S. 3484 (111th Congress, 2009–2010)

Text of the Secure Federal File Sharing Act

This bill was introduced on June 14, 2010, in a previous session of Congress, but was not enacted. The text of the bill below is as of Jun 14, 2010 (Introduced).

Source: GPO

II

111th CONGRESS

2d Session

S. 3484

IN THE SENATE OF THE UNITED STATES

June 14, 2010

(for herself and Mr. Bennett) introduced the following bill; which was read twice and referred to the Committee on Homeland Security and Governmental Affairs

A BILL

To require the Director of the Office of Management and Budget to issue guidance on the use of peer-to-peer file sharing software to prohibit the personal use of such software by Government employees, and for other purposes.

1.

Short title

This Act may be cited as the Secure Federal File Sharing Act.

2.

Requirements

(a)

Updated guidance on use of certain software programs

Not later than 90 days after the date of the enactment of this Act, the Director of the Office of Management and Budget, after consultation with the Federal Chief Information Officers Council, shall issue guidance on the use of peer-to-peer file sharing software—

(1)

to prohibit the download, installation, or use by Government employees and contractors of open-network peer-to-peer file sharing software on all Federal computers, computer systems, and networks, including those operated by contractors of the Government, unless such software is approved in accordance with procedures under subsection (b); and

(2)

to address the download, installation, or use by Government employees and contractors of such software on home or personal computers as it relates to telework and remotely accessing Federal computers, computer systems, and networks, including those operated by contractors of the Government.

(b)

Approval process for certain software programs

Not later than 90 days after the date of the enactment of this Act, the Director of the Office of Management and Budget shall develop a procedure by which the Director, in consultation with the Chief Information Officer, may receive requests from heads of agencies or chief information officers of agencies for approval for use by Government employees and contractors of specific open-network peer-to-peer file sharing software programs that are—

(1)

necessary for the day-to-day business operations of the agency;

(2)

instrumental in completing a particular task or project that directly supports the agency’s overall mission;

(3)

necessary for use between, among, or within Federal, State, or local government agencies in order to perform official agency business; or

(4)

necessary for use during the course of a law enforcement investigation.

(c)

Agency responsibilities

Not later than 180 days after the date of enactment of this Act, the Director of the Office of Management and Budget shall—

(1)

direct agencies to establish or update personal use policies of the agency to be consistent with the guidance issued pursuant to subsection (a);

(2)

direct agencies to require any contract awarded by the agency to include a requirement that the contractor comply with the guidance issued pursuant to subsection (a) in the performance of the contract;

(3)

direct agencies to update their information technology security or ethics training policies to ensure that all employees, including those working for contractors of the Government, are aware of the requirements of the guidance required by subsection (a) and the consequences of engaging in prohibited conduct; and

(4)

direct agencies to ensure that proper security controls are in place to prevent, detect, and remove file sharing software that is prohibited by the guidance issued pursuant to subsection (a) from all Federal computers, computer systems, and networks, including those operated by contractors of the Government.

3.

Annual report

(a)

In general

Not later than 1 year after the date of enactment of this Act, and annually thereafter, the Director of the Office of Management and Budget shall submit to the Committee on Oversight and Government Reform of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate a report on the implementation of this Act, including—

(1)

a justification for each open-network peer-to-peer file sharing software program that is approved under subsection (b); and

(2)

an inventory of the agencies where such programs are being used.

(b)

Rule of construction

Nothing in this section shall be construed to require the disclosure of any information relating to any confidential Government operation or investigation, including any law enforcement, national security, or terrorism investigation.

4.

Definitions

In this Act:

(1)

Agency

The term agency

(A)

means any executive department, military department, Government corporation, Government-controlled corporation, or other establishment in the executive branch of the Government (including the Executive Office of the President), or any independent regulatory agency, the governments of the District of Columbia and of the territories and possessions of the United States, and their various subdivisions; and

(B)

includes Government-owned contractor-operated facilities, including laboratories engaged in national defense research and production activities.

(2)

Open-network

The term open-network, with respect to software, means a network in which—

(A)

access is granted freely, without limitation or restriction; or

(B)

there are little or no security measures in place.

(3)

Peer-to-peer file sharing software

The term peer-to-peer file sharing software

(A)

means a program, application, or software that is commercially marketed or distributed to the public and that enables—

(i)

a file or files on the computer on which such program is installed to be designated as available for searching and copying to one or more other computers;

(ii)

the searching of files on the computer on which such program is installed and the copying of any such file to another computer—

(I)

at the initiative of such other computer and without requiring any action by an owner or authorized user of the computer on which such program is installed; and

(II)

without requiring an owner or authorized user of the computer on which such program is installed to have selected or designated another computer as the recipient of any such file; and

(iii)

an owner or authorized user of the computer on which such program is installed to search files on one or more other computers using the same or a compatible program, application, or software, and copy such files to such owner or user’s computer; and

(B)

does not include a program, application, or software designed primarily—

(i)

to operate as a server that is accessible over the Internet using the Internet Domain Name system;

(ii)

to transmit or receive email messages, instant messaging, real-time audio or video communications, or real-time voice communications; or

(iii)

to provide network or computer security (including the detection or prevention of fraudulent activities), network management, maintenance, diagnostics, or technical support or repair.

(4)

Contractor

The term contractor means a prime contractor or a subcontractor, as defined by the Federal Acquisition Regulation.