Over the past year, there have been several embarrassing incidents where private government documents have leaked because employees didn't know how to properly configure P2P client software. For the US House of Representatives, the last straw came when ethics documents were leaked. A bill has been introduced to ban the use of P2P apps by federal employees.
Peer-to-peer filesharing applications have been wildly popular, especially among those interested in accessing pirated software, music, and media. But not everyone who operates a P2P client knows how to properly configure the software, and some clients may share entire directories unless explicitly directed not to. Apparently, some government employees have exhibited this sort of carelessness, as private and secret government documents have shown up on P2P networks. Now, at least one Congressman has had enough, and has introduced a bill that would ban the use of P2P software by government employees.
The Congressman in question is Edolphus Towns of New York, who chairs the Committee on Oversight and Government Reform. In a statement announcing the bill's introduction, Towns highlights a number of embarrassing incidents in which sensitive government files showed up on P2P networks. These include schematics for the Presidential helicopter and the location of a first-family safe house, as well as the financial records of a Supreme Court Justice.
But the cynic would suggest that the real spur to action was the leak of a whole series of documents related to ethics investigations of Towns' fellow House members, which he also cited in the announcement. This included a full list of ongoing investigations and details on a number of them. The committee that suffered the leak issued a statement (PDF) at the end of October which indicated that P2P software was involved in the leak, so this appears to involve a relatively quick response.
The bill itself, termed the Secure Federal File Sharing Act, calls on the Director of the Office of Management and Budget to issue guidance on the use of P2P software, and provides the Director some guidance on what it should be: P2P software will be banned on government-owned computers. The OMB Director will have 90 days to come up with rules for government workers and contractors that have access to documents at home. Procedures will also be put in place for government agencies that have legitimate need for P2P software, in order to grant them exceptions.
By 180 days after the bill's passage, the OMB will have to specify procedures to detect and purge P2P use from within the government's networks. After the procedures are in place, the OMB will need to provide Congress with an annual report detailing all the exemptions that are in place.
Although it's tempting to snicker at the ethics leaks being the primary event that spurred Congress to action, it wouldn't be at all surprising if some of the complaints that leaked are the result of misunderstandings or political disagreements; all of them will almost certainly be used (and abused) in future political campaigns. In any case, the other leaks are certainly more severe, and there's no reason to think that the average government employee is ever going to be more technically savvy or security-literate than the general computer using population, so the law addresses a real issue.
Given that P2P software does have a number of legitimate uses, however, blanket restrictions and a formal approval process may turn out to be a hindrance. Assuming the bill passes, the real challenge is likely to be crafting a quick and effective exemption process.
By John Timmer
No comments:
Post a Comment