House bill calls for file-sharing security
- By William Jackson
- Oct 10, 2003
Rep Tom Davis
Henrik G. de Gyor
The House Government Reform Committee last month gave overnight approval to a bill requiring agencies to safeguard their systems against peer-to-peer networking abuse.
Peer-to-peer networking lets users share files via common software, in effect turning each computer into a server.
'File-sharing technology is not inherently bad, and it may turn out to have a variety of beneficial applications,' although there are risks associated, committee chairman and co-sponsor Rep. Tom Davis (R-Va.) said.
Rep. Henry A. Waxman (D-Calif.) introduced HR 3159, the Government Network Security Act, on Sept. 24. Davis' committee approved it the next day.
Within six months of enactment, the bill would require each agency to implement a policy, a plan and training to protect its systems from file-sharing misuse. The comptroller general would have to report the results to the House and Senate within 18 months of enactment.
Peer-to-peer sharing faces various legal threats for its use in unauthorized distribution of copyrighted music, but the technology can be used to access and distribute any digital materials. The bill focuses on stopping the potential exposure of sensitive and classified government information.
The committee held hearings on peer-to-peer networking in April and May. At one session, committee staff reported accessing tax and medical records and other sensitive information on government computers via file sharing.
House and Senate committees have made their own plans to combat online security risks, committee spokesman David Marin said.
The plans include 'everything from better technology, such as firewalls, to education and training,' Marin said. 'Each committee has forged its own rules, from outright prohibition to enlightened use.'
The purpose of the Davis-Waxman bill is not to outlaw peer-to-peer file sharing but control its use within government.
'Innovations in peer-to-peer technology for government applications can be pursued on intragovernmental networks that do not pose risks to network security,' it said.
William Jackson is freelance writer and the author of the CyberEye blog.