Following alarming reports of confidential data being leaked, often unintentionally, by employees on Peer-to-Peer (PPP) network, two US Senators have introduced legislation prohibiting use of PPP software in government agencies and protect sensitive data.
"In this age of information technology, it is critical that the federal government take the next step in ensuring that their data is fully protected," said Senator Claire McCaskill, who along with Bob Bennett introduced the legislation in this regard in the US Senate yesterday.
"It's important that our government and our citizens' confidential information is no longer vulnerable to exposure from the use of insecure peer-to-peer networks," he said.
"We need to close the security hole that has allowed the breach of highly-sensitive information for far too long," said
"Open peer-to-peer networks pose a continued risk to our country's safety. This legislation closes that gap and increases awareness amongst government employees and contractors alike of the security threats they continually face," he said.
The Secure Federal File Sharing Act, introduced as a way to protect government information critical to citizens' privacy or America's national security, prohibits government employees and government contractors from installing dangerous file-sharing software on their government computers, a media release said.
In October 2009, security firm Tiversa notified the House Oversight and Government Reform Committee that almost 200 sensitive military documents had been inadvertently made public because of PPP software, they said.
"These documents, which included details on sensitive military projects and defense contracts, were being downloaded onto computers in China and Pakistan. Separately, the Social Security numbers and other personal information of 463 soldiers at Ft. Bragg was mistakenly released due to PPP software," the statement said.
In order to prevent similar leaks in the future, this legislation would require the Office of Management and Budget (OMB) to issue guidance prohibiting installation and use of PPP software by government employees and contractors on all federal computers, systems, and networks.
In rare instances, should a computer system require such software, this bill would require agency heads to request special clearance, it said.