To require Federal agencies to develop and implement plans to protect the security and privacy of government computer systems from the risks posed by peer-to-peer file sharing.

September 24, 2003

Mr. WAXMAN (for himself, Mr. TOM DAVIS of Virginia, Mr. SHAYS, Mr. MCHUGH, Mr. CLAY, Mr. TOWNS, Mr. CARTER, Mr. VAN HOLLEN, Ms. ROS-LEHTINEN, Mr. BELL, Mr. SOUDER, Mrs. MILLER of Michigan, Mr. BURTON of Indiana, Mr. SCHROCK, Mr. LYNCH, Mr. RUPPERSBERGER, Mr. PUTNAM, Mr. CUMMINGS, Ms. LINDA T. SANCHEZ of California, Mr. LANTOS, Mrs. MALONEY, Mr. OWENS, Ms. WATSON, Mr. OSE, Mr. COOPER, Ms. NORTON, Mr. DAVIS of Illinois, Mrs. JO ANN DAVIS of Virginia, and Mr. TURNER of Ohio) introduced the following bill; which was referred to the Committee on Government Reform

To require Federal agencies to develop and implement plans to protect the security and privacy of government computer systems from the risks posed by peer-to-peer file sharing.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

This Act may be cited as the `Government Network Security Act of 2003'.

SEC. 2. FINDINGS.

Congress finds the following:

(1) Peer-to-peer file sharing can pose security and privacy threats to computers and networks by--

(A) exposing classified and sensitive information that are stored on computers or networks;

(B) acting as a point of entry for viruses and other malicious programs;

(C) consuming network resources, which may result in a degradation of network performance; and

(D) exposing identifying information about host computers that can be used by hackers to select potential targets.

(2) The computers and networks of the Federal Government use and store a wide variety of classified and sensitive information, including--

(A) information vital to national security, defense, law enforcement, economic markets, public health, and the environment; and

(B) personal and financial information of citizens and businesses that has been entrusted to the Federal Government.

(3) Use of peer-to-peer file sharing on government computers and networks can threaten the security and privacy of the information on those computers and networks by exposing the information to others using peer-to-peer file sharing.

(4) The House of Representatives and the Senate are using methods to protect the security and privacy of congressional computers and networks from the risks posed by peer-to-peer file sharing.

(5) Innovations in peer-to-peer technology for government applications can be pursued on intragovernmental networks that do not pose risks to network security.

(6) In light of these considerations, Federal agencies need to take prompt action to address the security and privacy risks posed by peer-to-peer file sharing.

SEC. 3. PROTECTION OF GOVERNMENT COMPUTERS FROM RISKS OF PEER-TO-PEER FILE SHARING.

(a) PLANS REQUIRED- As part of the Federal agency responsibilities set forth in sections 3544 and 3545 of title 44, United States Code, the head of each agency shall develop and implement a plan to protect the security and privacy of computers and networks of the Federal Government from the risks posed by peer-to-peer file sharing.

(b) CONTENTS OF PLANS- Such plans shall set forth appropriate methods, including both technological (such as the use of software and hardware) and nontechnological methods (such as employee policies and user training), to achieve the goal of protecting the security and privacy of computers and networks of the Federal Government from the risks posed by peer-to-peer file sharing.

(c) IMPLEMENTATION OF PLANS- The head of each agency shall--

(1) develop and implement the plan required under this section as expeditiously as possible, but in no event later than six months after the date of the enactment of this Act; and

(2) review and revise the plan periodically as necessary.

(d) REVIEW OF PLANS- Not later than 18 months after the date of the enactment of this Act, the Comptroller General shall--

(1) review the adequacy of the agency plans required by this section; and

(2) submit to the Committee on Government Reform of the House of Representatives and the Committee on Governmental Affairs of the Senate a report on the results of the review, together with any recommendations the Comptroller General considers appropriate.

SEC. 4. DEFINITIONS.

In this Act:

(1) PEER-TO-PEER FILE SHARING- The term `peer-to-peer file sharing' means the use of computer software, other than network operating systems, that has as its primary function the capability to allow the computer on which such software is used to designate files available for transmission to another computer using such software, to transmit files to another such computer, and to request the transmission of files from another such computer. The term does not include the use of such software wholly on intragovernmental networks.

(2) AGENCY- The term `agency' has the meaning provided by section 3502 of title 44, United States Code.

END