Secure Federal File Sharing Act

The Secure Federal File Sharing Act, also known as H.R. 4098, was a bill that has been under review by the United States Senate since March 25, 2010. The legislation originated in the U.S. House of Representatives on November 17, 2009, as a part of the 111th Congress. The bill sought to impose additional restrictions and requirements regarding the use of peer-to-peer filesharing by employees of and contractors to the United States government.

The bill passed in the House of Representatives by a roll call vote on March 24, 2010, and has been referred to the Committee on Homeland Security and Governmental Affairs. It was not approved by the Senate and died with the sine die adjournment of the 111th Congress.

Purpose and description
The Secure Federal File Sharing Act was proposed in response to leaks of highly sensitive United States government information (which includes a list of ongoing House Ethics Committee investigation, information about U.S. military programs and troops, and wiring schematics for a Marine One helicopter ) found on various filesharing programs in early 2009.

The proposed act sought to limit the use of open-network peer-to-peer filesharing by government employees and contractors by official permission. Restrictions would not only apply to federal computer systems and networks but also to home and personal computers of employees. Under the Act, the heads or chief information officers of agencies must request and receive permission before employees can use specific peer-to-peer filesharing programs for job-related tasks.

The proposed Secure Federal File Sharing Act sought to establish a policy that would require, within 180 days of its enactment, the Director of the Office of Management and Budget must update agency policies to comply with the act (which includes the implementation of security controls to prevent, detect, and remove file sharing software from federal computers, systems, and networks within this time frame). Additionally, the act would require the Director to give annual reports on agencies that use filesharing programs and the justification for each use. The Congressional Budget Office estimated that the administration of the law will cost a total of $10 million dollars over the 2011–2014 U.S. fiscal years, or $0.09 per American citizen over this three-year period.

Process
Introduced in the House by Representative Edolphus Towns (D-NY10) on November 17, 2009, as H.R. 4098, the Secure Federal File Sharing Act was referred to the House Committee on Oversight and Government Reform and placed on the Union Calendar on March 11, 2010. On March 23, 2010, Representative Towns moved to suspend the rules and pass the bill by a roll call vote (House Vote #183 in 2010), which occurred following forty minutes of debate. The results of the vote yielded 408 Ayes, 13 Nays, and 8 Present/Not Voting.

The bill was introduced into the Senate on March 25, 2010, and referred to that chamber's Committee on Homeland Security and Governmental Affairs. On June 14, 2010, Senator Claire McCaskill (D-MO) introduced a companion bill, S.3484, to H.R. 4098. This bill was read and referred to the Senate Committee on Homeland Security and Governmental Affairs.

File sharing report; criticism
On May 10, 2010, MeriTalk, a U.S. government IT network, released a report on federal file sharing in which 200 federal government employees and security officials were interviewed to understand their file transfer practices. Of those interviewed, 58 percent were aware of their agency's policies for secure file transferring, and 43 percent reported that they consistently followed the file sharing policies. Furthermore, 71 percent said they were concerned with the current security of federal file transfers, yet 54 percent admitted to not monitoring their own file transfer protocol. The majority of these federal personnel also admitted to using insecure methods for transferring files between agencies and within the agencies themselves: 66 percent used physical media like USB flash drives, 60 percent used FTP, and 52 percent used personal email accounts like Gmail or Yahoo. The report recommended that organizations should develop and enforce government-wide standards and educate management and users. Only a small portion of the information the government transfers is classified; however, much of it is sensitive because it can contain private information about the public such as medical records and social security numbers.

The Electronic Frontier Foundation stated, prior to the introduction of this bill, that a government-wide restriction on peer-to-peer file sharing would limit the government's ability to take advantage of potentially useful file-sharing software. To support its opinion that peer-to-peer filesharing can be useful, the foundation offered as examples licensed music services and video gaming companies, which use peer-to-peer tools.