The House Committee on Oversight and Government Reform began examining the dangers posed by open network peer-to-peer (P2P) software almost a decade ago. P2P was relatively new then and it offered both tremendous promise and unseen dangers. Since that time, we have been told of numerous security breaches as a result of sensitive data falling into the hands of bad actors. I repeatedly voiced my concerns about the risks of open network P2P software and encouraged Congress to act in order to prevent future incidents involving the unintentional distribution of sensitive and confidential information.
During the last year alone, highly sensitive information was discovered on P2P networks. News reports indicated that information about the electronic wiring for President Obama's "Marine One" helicopter was downloaded in Iran; that financial information belonging to Supreme Court Justice Stephen Breyer was leaked; and plans for President Obama's motorcade route and the location of the First Family's safe house were found on open P2P networks. These news reports prompted the Committee to reopen its investigation into the dangers posed by P2P software.
Our investigation and hearing into P2P networks showed that we could easily find copyrighted music and movies, Federal tax returns, medical records and other sensitive information on these open networks. We were also reminded of the major security and privacy risks associated with P2P file sharing on open networks. Then, just days after the hearing, sensitive information about military programs and our troops were obtained through P2P networks and supplied to the Committee.
In the weeks after our hearing, the Washington Post reported that confidential information related to ongoing House Ethics Committee investigations was inadvertently shared through P2P software. According to the Post, a Committee staff member working from home on their personal computer - which contained P2P software - downloaded confidential Committee documents therefore exposing information critical to congressional investigations. This security breach drew tremendous attention and highlighted the need for legislative action to regulate P2P software. Until now, we have allowed P2P software developers to voluntarily regulate themselves but they have failed to secure their file sharing programs. Therefore, I firmly believe Congress must act now to implement the proper safeguards to protect the American people.
This week the fight to reform P2P software will take a crucial step forward when the Committee I chair, the House Committee on Oversight and Government Reform, marks up H.R. 4098, the "Secure Federal File Sharing Act." The bill, which I introduced in November 2009, makes important progress toward banning the recreational use of P2P software on all Federal computers, computer systems and networks including those belonging to government contractors. The bill would also require the Office of Management and Budget (OMB) to approve legitimate uses of P2P software on Federal computers on a case-by-case basis and provide Congress annually a list of those agencies that are using P2P software and for what purposes.
While there is no doubt that if used legally to share files that are not copyrighted, P2P technology has great potential. However, we can no longer ignore the threat to sensitive and confidential Federal government information, our businesses and consumers that insecure peer-to-peer networks pose. According to a recent article in the Washington Post, many experts believe that the United States is more vulnerable to a cyberattack than any other nation in the world and that the risk is growing daily. H.R. 4098 will protect the American people from a future attack and help prevent the types of inadvertent security breaches that have become all too common.